Author - mttqatar

HOW TO ENCRYPT FILES OFFLINE USING BROWSER?

This article covers how to encrypt files offline using browser? That simply means your file is not uploaded anywhere. Everything related to encryption is done within your browser in offline mode. Later, you can decrypt the same file in offline mode using the same decryption key that you created before the encryption. For this, I am using a free service called “Hat.sh“.

The encryption process is also fast. Moreover, you can add any type of file regardless its size for offline encryption. Still, during my testing, I found that the file up to 6 GB took a lot of time for encryption. So, you can try it with some lesser size file.

In the screenshot below, you can see that I encrypted a file offline using Chrome browser and this service.

file encrypted in offline mode using browser with this service

How to Encrypt Files Offline using Browser?

Step 1: Open homepage of this offline file encryption service. The link to open its homepage is given at the end of this tutorial.

Step 2: Use Browse button and then you can add a file for encryption. After that, enter the decryption key of your choice. Decryption key is visible in plain text, so you must be careful while entering the decryption key.

Step 3: Press Encrypt button and it will begin the encryption process. It should not take much time and you will get the encrypted output quickly.

enter file and set decryption key

That’s it! Save the encrypted file to PC in any location of your choice.

To decrypt the encrypted file, add that file using the available option. After that, enter the decryption key, and use Decrypt button. You will get the decrypted file that you can save to PC easily.

The Conclusion:

There are so many file encryption software and online tools already available. But, those who want to encrypt files in offline mode using a browser, this service is pretty good. Encryption and decryption processes are very simple.

Try this service.

Read more...

OS Command Injection in WP-Database-Backup

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to get full control of affected websites — with over 70,000 reported active installs.

Are you Affected?

This vulnerability was patched with version 5.2, which was released on April 30th. If any of your websites use an older version, it is vulnerable.

The bug can be exploited in two steps. First, the attacker needs to store a malicious shell command in the wp_db_exclude_table option using an arbitrary option update vulnerability. When this is done, the shell command saved on the site will be executed whenever the plugin creates a new database backup.

This can either happen by waiting for an administrator to manually create one, or if the Auto-Backup functionality is enabled, waiting until the next run to get access to the server.

Indicator of Compromise

If you see requests to either /wp-admin/admin-ajax.php?page=wp-database-backup or /wp-admin/admin-post.php?page=wp-database-backup, you site may have already been targeted by hackers.

Attacks in the Wild

We are not aware of attacks targeting this specific vulnerability yet. We will keep an eye open for those.

Update as Soon as Possible

If you’re using a vulnerable version of this plugin, update as soon as possible. In the event where you cannot do this, we strongly recommend leveraging the Sucuri website firewall or equivalent technology to have the vulnerability patched virtually.

 

Read more...

Open source to become a ‘best practice’

There are many magic rings in this world… and none of them should be used lightly. This is true.

It is also true that organisations in every vertical are now having to work hard and find automation streams that they can digitise (on the road to *yawn* digital transformation, obviously) and start to apply AI and machine learning to.

Another key truth lies in the amount of codified best practices that organisations now have the opportunity to lay down.

One we can denote a particular set of workflows in a particular department (or team, or group, or any other collective) to be deemed to be as efficient as possible, then we can lay that process down as a best practice.

Obfuscation

These best practices are often now taken forward as templates for other firms to be able to use (once any user data is appropriately obfuscated and anonymised), especially when the best practice itself is identified under the stewardship of some higher level platform provider.

But there is another way we should think about best practice i.e. we should think about its existence as a necessary part of open business in the digital age.

The existence of open source projects (and the use of open platform technologies) could be regarded as a piece of corporate best practice i.e. firms should directly identify that they do engage with open source, because life in a proprietary-only technology world would always be more restrictive.

This is part of the suggestion that comes out of a new survey undertaken by  The New Stack and The Linux Foundation (via the TODO Group).

According to the report, “By implementing open source best practices, organisations are helping developers become both more productive and more structured in how they manage the often abundant open source software their businesses rely on.”

Almost 800 people were surveyed and around half we developers.

Wot no open source?

We’re not quite at the stage where people will refuse to take a job at a particular company based upon whether or not an organisation can evidence a substantial use of open source technologies — but we do know that that type of ethical concern is right up there for millennials and the Generation-Z workers just starting work now at the end of the current decade — so this could (and arguably should) be a trend to look out for.

Read more...

Biometric Time Attendance System

Fingerprint time attendance system plays a vital role for recording in and out timing of employees for overtime and attendance calculation. The sensor for fingerprint have to be in a high quality and read the difficult fingers of employee which is typically oily, dirty or some employees also have dry and sweaty fingers naturally. The fingerprints readers are integrated with advanced quality optical-sensors which are capable to read swelled, cut, dry, and wet fingers. Our fingerprint time attendance systems are completely verified and performing good in Manufacturing, Engineering, Marine, and Construction industries. It proves the reliability and quality of our system

Read more...

Android’s Built-in Security Key Now Works With iOS Devices For Secure Login

android-security-key-ios

In April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification.

The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a Yubico’s YubiKey or Google’s Titan key.

“FIDO security keys provide the strongest protection against automated bots, bulk phishing, and targeted attacks by leveraging public key cryptography to verify your identity and URL of the login page, so that an attacker can’t access your account even if you are tricked into providing your username and password,” Google said.

Android’s security key feature until now was only compatible with Bluetooth-enabled Chrome OS, macOS, or Windows 10 devices over the Chrome browser.

However, the latest update from Google now allows users to verify their sign-in on Apple iOS-powered iPad and iPhone devices as well.

“Until now, there were limited options for using FIDO2 security keys on iOS devices. Now, you can get the strongest 2SV method with the convenience of an Android phone that’s always in your pocket at no additional cost, Google said.”

To enable this feature on iOS devices running iOS version 10.0 or up, users have to separately install Google’s Smart Lock app from Apple’s app store.

Read more...
Call us Now!