malware: secure a new machine with a compromised network

I have a machine on my network that has been repeatedly compromised and I am trying to understand how it is happening. After the machine was compromised for the last time, I turned off all the parts of the computer with the exception of the SATA DVD drive and the SD card reader. Then I set up a new installation of Ubuntu 18 on the machine, logged into the machine and proceeded to update the computer with a network that was compromised. I assumed that this was not a problem because the machine had already logged in, however, my machine was compromised again soon after and I'm trying to figure out how.

It could be one of two possibilities:

1) There was a hardware malware in the DVD drive or in the SD card reader that infected the new hard drive, which allowed access to the machine after it was connected to the network.

2) It was compromised by a vulnerability in the operating system before the machine was updated, since the attacker already had access to the network from the moment I connected it, before it had the opportunity to protect it.

What are the possibilities in these two scenarios?

How to secure an appointment for the Polish type C Schengen business visa?

I'm struggling to secure an appointment last week. Is there a specific time period in which appointment dates are reserved?

Is there any other way to secure the appointment with the Polish consulate?
enter the description of the image here

Passwords: How secure is this hash combined sha1 / md5?

We have recently outsourced some work for a website. While reviewing this code I found the password hash function.

I am by no means a security expert in addition to some basic knowledge (therefore, outsource this). However, it generated some warning signs in my head and wanted this to be confirmed / discredited.

The complete function (in C #)

Protected static string CreatePasswordHash (string pwd)
{
returns ByteArrayToString (new SHA1CryptoServiceProvider (). ComputeHash (Encoding.ASCII.GetBytes (ByteArrayToString (new MD5CryptoServiceProvider (). ComputeHash (Encoding.ASCII.GetBytes))
}

Public virtual string GetPasswordhash (string password)
{
returns CreatePasswordHash (password);
}

I feel that this has the following problems:

  • Use Md5 (to chop the salt, which I really do not see the use of, This seems to imply that it is not safer either)
  • It uses a salt coded in a static way that is the same for everyone (it will generate the same hashes for users with the same password)
  • Without double salt (joins with the above)
  • Use SHA1 instead of SHA2 (we do not need to stick to sha1 for compatibility reasons or anything)

Now, as far as I know, SHA1 is not really insecure (yet), but it has already had collisions and is no longer completely safe.

Are these security concerns legitimate? Or is this an adequate hashing implementation?

The ability to create an account is public and can be done by anyone visiting the website.


I hope this is the correct SE to ask this, but I hesitated between here and the code review. This seemed the best option. Let me know if I was wrong

Is it important that a cookie has a secure set of indicators if the website runs on HTTP?

I am working on a website and I want to know if a cookie should have a set of indicators safe or not if the website is running on HTTP. In addition, the httponly brand is set in the cookie but there is no secure brand.

Secure cash – Securecash.top

I'm not admin

IPB image

QUOTE

WELCOME TO SECURE CASH REAL ESTATE LIMITED
Our company "Secure Cash Real Estate Limited" helps you to obtain an incredible high yield of your investments. If you do not like to waste your time and if you want to earn a lot of money easily, this program is for you. To participate in our program you only need one thing. All you need is a desire to make you rich. Our professional financial team and financial advisors are always at your service. We help you win easily.

Reverse plans:
242% after 20 minutes, 284% after 1 hour, 316% after 2 hours and more

Amount of investment:
– Minimum $ 10
– Maximum $ 7000

Payment accepted:
– Perfect money
– Payeer
– Bitcoin
– Ethereum

Reference Commission: 5%, 2%, 1%

https://securecash.top/

The amount of 0.25 USD has been deposited into your account. Accounts: U18348771-> U3789391. Memo: API Payment. Remove HYIPIndo from Secure Cash .. Date: 08:35 15.04.19. Lot: 255866988

Virtualization: Can I use a virtual machine to connect to a public WIFI in a secure way to use the Internet? (Isolating the host)

I want to use my laptop to connect to a public WiFi in a library, but …

I have strong security on my Windows host machine (comfortable firewall using a public network configuration and rules, disabled protocols, limited privileges account, GPO rules, disabled services …) and use dnscrypt … but I think this It does not work Is it enough to be totally safe or is it?

I do not have VPN at this time. Can I use the virtual machine to connect a single use to the Internet in a secure way? Isolating the host?

I have a Wifi USB dongle too. So I was thinking about deactivating all the network interfaces on the host (including the VM) and connecting the VM (guest) to that dongle.

What do you recommend, is there a guide to do this with Virtual Box?

It's just to surf the Internet and probably download some documents / programs, not to use my user credentials when logging into a web, but I want to access my projects and documents on my host hard drives, isolating it securely from the Internet .

If I wanted only access to the Internet without a hard drive … I would use Tails and run, but …

authentication – Is the hash without a pass for random passwords secure?

I'm designing an API with token authentication.

I do not want to store tokens as plain text in the database, for the same reason that user passwords are not stored as plain text: if the database is compromised, the attacker should not be able to extract any usable tokens .

My current plan is to generate chips of 40 characters in length, composed in this way:

  • the first 20 characters would be the "ID" token (the primary key in the database)
  • the next 20 characters would be the "password" token

When generating the token, I would send the complete token to the client and store it in my database:

  • the identification of the token
  • a SHA1 hash of the token password

In this way, my database only contains half of the actual token sent to the client, and can only verify tokens, not recover them.

I'm not planning to add a salt: As I understand it, the goal of the salt is to prevent the hash table / rainbow table attacks against common or short passwords, while in my case the passwords are totally random, with enough entropy (67 possible characters, 20 characters) of length = 4 × 1036 combinations). Unless I missed something, adding a salt in this case would be the same as creating a longer random password.

As well, I do not plan to use a face hash technique like Bcrypt, since it would be too expensive: unlike user authentication, where the user authenticates once and then gets a session ID, the token is the only authentication method here and will be sent with each API call; A 50 ms hash method is not acceptable here. I do not consider that an expensive hashing technique is particularly more secure, for the same reason stated in the previous point: the password is random and has enough entropy, so even with a powerful hashing machine, it would still take billions of years to brute force.

Is there a flaw in my approach?

The only one I can think of (provided that someone has access to the database), is if a vulnerability is found in SHA1, so that it is feasible to find an entry that offers a given hash as an exit (this somehow happened to MD5, I heard). But I guess this is the same for all the hashing algorithms, is Bcrypt included?

Secure cash – securecash.top – HYIPs

As a fully registered company based in the United Kingdom, we offer our clients different and appropriate investment plans, adapted to the needs of small and large investors. Secure Cash can help you meet your financial goals and needs.

In Secure Cash we believe in the divergence of real estate investments, therefore, we work in several areas within the real estate market with our team of professional real estate agents working in your specific area. Since we have been able to achieve consistency in these years of work, we have decided to open our online project to offer our beneficial activities to customers around the world. Always following the rules of risk management that aim at the consistency in profits and the preservation of capital, taking advantage of the best possible opportunities. We believe that all investors deserve a high quality investment guide, regardless of the size of the portfolio. Therefore, whether you marry, have a baby, retire, or are just going through some other important life event, we are available to help everyone, so let us answer your questions and help you move towards your future vision. .

Our goal is to obtain high profits, low risk and fast payments. To achieve this, we push the limits in Real Estate and also apply new investment strategies to make possible notable profits. At Secure Cash, we aspire to always create value for our investors and it is true that with the help of our company, investors can obtain more benefits. Have you ever wondered why real estate investors have high liquidity? It is because one of the main benefits of commercial currency is its huge trading volume. We take advantage of this uniqueness of the real estate market and use it for your benefit and at the same time share it with our investors.

Our objective is to reduce the risks and guarantee a stable income for our investors and the reinvestment of the accumulated assets in all our commercial activities. We have a team of experts on board in different fields such as finance, technicians, administration, brokers, analytics and real estate agents, which has allowed our cause to take the investment platform to a higher level. When you partner with Secure Cash, your questions will be encouraged and our answers will be simple. We will help you understand where and how your money is invested, how your investments are performing and how much it is costing you. As an added benefit, you will have access to experience and knowledge that can help you achieve your specific goals. It is a joint approach to wealth management that is about transparency, responsibility and control of your finances.

With our experience and our secure approach to real estate investments, we can manage more capital and offer our investment platform to the public and at the same time guarantee our continued credibility and success in the journey. Great efforts have been made to provide our customers with an easy-to-use interface and an easily understandable and profitable investment platform. Do not forget that we would take more measures to ensure that everyone receives a service of the highest quality.

If you have any questions about Secure Cash services or any questions about real estate investments, do not hesitate to contact us and our competent team will get in touch with you as soon as possible.

Reverse plans:
– 242% after 20 minutes
– 284% in 1 hour
– 316% after 2 hours.
– 346% after 3 hours
– 384% after 4 hours.
– 528% after 5 hours

Characteristics of the program:
– GC HYIP Script
– SSL certified by COMODO RSA
– Secure DDOS Protection Hosting
– Instant withdrawal

Quanta Networks – Telecom compatible with secure Blockchain – Cryptocurrency corner

dkoexyZ.jpg "src =" https://i.imgur.com/dkoexyZ.jpg "/>
</p>
<p>Every day, new blockchain applications continue to emerge. Many companies have taken the clue to implement blockchain and have used the benefits it brings. The blockchain technology deals with the peer-to-peer data connection and provides a decentralized network for all to use. Although it started with cryptocurrencies like Bitcoin, however, industries such as the supply chain, insurance, banking, health and telecommunications can use it to increase its efficiency.
</p>
<p>However, Quanta Networks is oriented to challenge the conventional communications architecture in its place by introducing a Blockchain ecosystem based on telecommunications without facilities, secure and without a tower, while avoiding the insecurity and inefficiencies that exist in the current system.
</p>
<p>
<strong>How does the Quanta work? </strong>
</p>
<p>Quanta is a new telecommunications technology, which works like Uber. Quanta is like Uber, who works in the transportation business but does not own a single vehicle. The business model is based on enabling and making efficient use of surplus or unused resources. Similarly, Quanta creates network connections in areas with available bandwidth by improving some network traffic. It is redirected to improve connectivity and speed while allowing devices to create a communication network on their own through their own available bandwidth. What this means is that Quanta is creating a better network where users do not have to buy any bandwidth like what Uber is doing.
</p>
<p>The objective of the platform is to build a decentralized telecommunications ecosystem. The platform will change and interrupt the telecommunications industry by allowing network users to have a peer-to-peer connection. This allows a more secure, faster and more affordable means of communication between humans and machines.
</p>
<p>
<strong>Characteristics of the Quanta network</strong>
</p>
<p>The Quanta network has amazing features, which include:
</p>
<p>• Compatibility: the network is fully interoperable and compatible with the legacy communication technologies. It should be noted that the network has the ability to integrate seamlessly with specialized network applications, including future network technologies. <br />• Secure: Quanta manages the network route asymmetrically and dynamically. By simultaneously controlling outgoing and incoming routes, it creates "hidden" communication layers within the Quanta network. This makes it impossible to locate, make data invisible, represent critical assets and resist packet sniffer. <br />• Decentralized: the data in Quanta Networks are not controlled by a single entity and it is impossible for someone to manipulate them in their favor. Interestingly, the Quanta Blockchain network provides all the transactions and information stored in the block chain, which is hosted by individual nodes.<br />• Affordable: although people are willing to pay more for their security, this should not be the case, since Quanta Networks is optimizing underutilized bandwidth without buying bandwidth.
</p>
<p>
<strong>Quanta Network – You are the network</strong>
</p>
<p>Quanta Network believes that regardless of who you are and your position, you must have affordable connectivity with security, privacy and the right to access the type of information you need to carry out your daily life. For Quanta Networks, the world is like a connected place where everyone is connected, contributing and playing a vital role in making the world a better, safer and more efficient place for all to live in peace.
</p>
<p>The vision of the platform is to revolutionize the telecommunications industry by building the first communication system compatible with complete decentralized blockchain, which allows users and systems to connect as equals. Quanta Network has more than 5 billion mobile users worldwide with more than 1000 mobile operators.
</p>
<p>
<strong>Details of the Quanta file: </strong>
</p>
<p>The sale of the Quanta Networks token (QN) is scheduled to begin on October 15, 2019, with a limited number of USD 2,000,000,000 to be sold during the ICO. Token sales will end on September 19, 2019. The token is based on the standard block chain of ERC-20 Ethereum and can not be changed. During sales, 1QN will be equivalent to 0.7USD. The ICO distribution of Quanta Network is as follows:
</p>
<p>• ICO / Quanta Project = 67%<br />• Team and Advisors = 15%<br />• Marketing = 13%<br />• Other expenses = 5%
</p>
<p>During this period, there will be special bonuses for large buyers of the QN card. There will be no bonus for those who bought between 1 and 3 ETH. However, those who buy between 4 and 9 ETH can get a bonus of 15%. Finally, those who buy above 10ETH get a huge 25% bonus as part of their incentive to attract buyers. The QN tokens will be credited to the buyer's ETH address.
</p>
<p>
<strong>For any additional information check below:<br />
</strong></p>
<p><strong><br />
</strong></p>
<p><strong><br />
</strong><strong><img class=https://twitter.com/quanta_networks

Github: https://github.com/quantanetworks/quanta-networks