How to stop sites from automatically playing videos on your desktop

One of the pesky things about surfing the internet is the recent barrage of autoplaying videos on websites.

You might be at work, opening a website to read some news, and suddenly a video will blast through your speakers. Worry not, we’ve got you covered. Here are some nifty ways you stop videos from playing automatically.

1. WEBSITES SETTINGS

Social networks like Twitter and Facebook allow you to turn off autoplay directly from the settings menu. On Twitter, you’d find this option under ‘Setting> Content’.

Meanwhile, Facebook provides this toggle under ‘Setting> Video’.

If you don’t want to do this, browsers now allow you to turn off autoplay videos too.

Chrome

Google has built some autoplay options directly into Chrome. For instance, you can allow your browser to autoplay videos, but mute them at the same time. To do so, you can click on a particular tab to select ‘mute website’.

Alternatively, to turn off autoplaying videos altogether, type ‘chrome://flags/#autoplay-policy’ in the address bar and hit enter. Then select ‘Document user activation is required’. Now, a video will only play when you click on it.

There are plenty of extensions in the Chrome Store to help you out as well. Google said recently that it is working on a simpler solution for this task.

Safari

Apple’s browser doesn’t have a setting to stop autoplay for all sites. But it allows you to choose if you want to stop a particular site from automatically playing videos. Right click on the address bar to select ‘Settings for this website.’ Under that, you can choose either ‘Stop Media with Sound’ or ‘Never Auto-Play.’

Firefox

Firefox allows an easy option to stop autoplay for all the websites that play media with sound automatically. Under ‘Preferences,’ go to ‘Privacy & Security’ tab and select ‘Always Ask’ or ‘Don’t Autoplay’ for a peace of your mind.

Mircosoft Edge

It is pretty simple to turn off videos that autoplay in Edge. Go to ‘Settings> Advanced> Media Autoplay’ and select ‘Limit’ or ‘Block.’

You can change settings for individual websites as well through media autoplay settings for each website by clicking on the certificate icon.

Hope this guide makes your internet experience more enjoyable. We’ll update this post if we find about any other methods to save yourself from the tediousness of autoplay.

Setting up Auto Reply message on whatsapp

WhatsApp has grown to be one of the most widely used instant messaging service. Nowadays even organizations use it to connect with customers. Sometimes customers have frequently asked questions. Due to lack of man power or time, organizations are unable to answer all the queries in real time.

Setting up automated, predefined messages to these common questions on WhatsApp can aid the smooth running of  businesses. Sending an automated reply to WhatsApp message creates a better impression in customer’s mind. Not just organizations but this could also help individuals.

So to set this up, you will need the latest version of gb WhatsApp which was launched earlier this month, which has the " Auto reply" feature.

The latest release version of GB WhatsApp version 6.40 came with auto reply. This means that you can set auto reply messages for both group chat and private chat. The interesting thing is that you can also schedule time to reply back messages and time to stop replying back.

In other to set up auto reply message you may need to download latest GB WhatsApp. After downloading please kindly install and launch it.click on the 3 dots option button then click on GB settings, you will see auto reply message then click on it and enable it.

Click plus button  to create new auto reply message. Click auto reply message and write  your feed back text e.g "I received your message, I will respond to you shortly". Repeat the same method you want your message to be delayed, after which you set receiver. Receiver could be your contact & group chat then set specific start time and end time. After that click add and you are set to go.

Click here to download GB WhatsApp version 6.0

TRADEBITR: World's Most Reliable Digital Currency Auto Trading system

If you are generally interested into cryptocurrency trading, then you should generally be fond of the idea of a software making (hopefully profitable) trades for you. Imagine if you had a fully automated Bitcoin trading software, working for you on autopilot around the clock?, Trading Around The Clock??? , Even on weekends??

Bitcoin is traded around the clock, 24/7, 365 days a year. There are no banks controlling it, meaning we don't have any bank limitations on the trading time, thereby giving you a unique opportunity to profit around the clock, two extra days a week!

Here is the Live trading software that runs completely on autopilot! an everlasting profit machine at your fingertips:

AUTOMATED TRADING SOFTWARE IS THE ANSWER

Well, to start with, if you haven't heard of Tradebitr before today, then you need to get over there, sign up for an account and get familiar with it if you are going to follow along with this automated trading platform. Visit http://www.tradebitr.com/users/sign_up to get an account set up for free.

WELCOME TO TRADEBITR

Tradebitr is huge playground for those who have an interest in digital trading currencies. It is a company dedicated to building software’s based on the block chain Technology. they have come up with an amazing product which can auto-mate crypto-currency trading on its profession assets trading platform .Thanks to our new platform, you can now get a minimum of 1% daily with your investments and 80% as an investor in 60days. 

Just make a deposit and the software takes care of the rest by  either selling or holding currencies based on there  upwards or down-wards rise or fall of either currencies which are selected by the software. Learn more about auto-trading http://www.tradebitr.com/pages/about 

You can use our product now for free. Just follow these simple steps outlined below and be setup in no time:

Step 1: Follow these link to sign -up http://www.tradebitr.com/users/sign_up  

Step 2: After registration you will get an email to verify and activate your account. Click on the email link, the link redirects you to a log in page, login and  create a trade account 

Step 3: Insert Your bitcoin address to create your trade account. Note: incase you don’t have a bitcoin wallet, please follow this link to create one http://www.tradebitr.com/pages/bitcoin 

Step 4: Start earning by making a contract. Please follow the link  http://www.tradebitr.com/pages/How-it-works for further directions on depositing and withdraw.

REMARKS FROM OUR CLIENTS

You can find out more about what auto- trader is and how you can use it to make profits today http://www.tradebitr.com/pages/about

How to Remove Failed DCs from Active Directory Domain in Windows Server 2016

When you promote the server to domain controller and failed, you are still left with its metadata inside Active Directory Domain. Because of this, you may face some of the following issues: 

When you again promote the same server with same NetBIOS name, you will fail because of the same objects reside in active directory

You won’t be able to promote a new server to domain controller because of replication issues and failure of FSMO role owners.

It is advised to clean the AD metadata whenever you fail in promoting DCs. This article can help you with this. 

Open PowerShell with elevated privileges and execute the following commands in sequence.

Step 1. Type ntdsutil and hit enter from keyboard

Step 2. Type metadata cleanup and hit enter from keyboard

Step 3. Type connections and hit enter from keyboard

Step 4. Type connect to server <NetBIOS or DNS name of any domain controller of the domain you would like to delete failed DC from>

Step 5. Type q and hit enter from keyboard

Step 6. Type select operation target and hit enter from keyboard

 Step 7. Type list domains and hit enter from keyboard

Step 8. Type select domain <Domain number in which failed DC is located> and hit enter from keyboard

 Step 9. Type list sites and hit enter from keyboard

Step 10. Type select site <Site number in which failed DC lies > and hit enter from keyboard

 Step 11. Type list servers in site and hit enter from keyboard

 Step 12. Type select server <Server number of failed DC you want to remove> and hit enter from keyboard

 Step 13. Type q and hit enter from keyboard

Step 14. Type remove selected server and hit enter 

Step 15. Ignore the warning and click YES

At point this point the DC should have been removed. Repeat from step 6 if you would like to remove more failed DCs.

WhatsApp ‘backdoor’ turns out to be known design feature

On Friday, The Guardian newspaper accused Facebook’s WhatsApp messaging app of having a “backdoor” security vulnerability on the basis of a security issue revealed to it by researcher, Tobias Boelter of the University of California at Berkeley.

The newspaper has since backed away from the emotive word but the fire had been lit. Was this a fair accusation to throw at WhatsApp?

The report described how the app generates a new key pair for “offline” users, for example when a user loses or changes a phone or phone number and then (after a period of time) reinstalls the app afresh

In the respected Signal app, whose underlying encryption protocol was adopted by WhatsApp in 2016, messages sent to anyone in this situation are deleted and the sender is informed that something has changed. The message can then be re-encrypted and resent after verification that the recipient is still the same person.

In WhatsApp, by apparent contrast, the sending app is simply asked to re-encrypt and re-send the message, something the sender will only be told about if alerting is turned on, after the fact.

The issue is that WhatsApp’s servers could, hypothetically, force the resend of a message using a new key under its control without the sender being able to stop that – a man-in-the-middle (MitM) compromise of sorts.

The first objection with this is that hiding a malicious key reset indefinitely would be difficult on WhatsApp given the software’s “verify security code” feature that ensures both sides are using the same key and no MiTM is taking place.

This also looks more like a design trade-off than a backdoor. As a mass-market product, WhatsApp was designed to make itself as transparent as possible and not to bother users with possibly confusing alerts about key pair changes.

The developer who co-authored the Signal protocol used by WhatsApp, Open Whisper Systems’ Moxie Marlinspike, said the backdoor claim was a misnomer:  “Under no circumstances is it reasonable to call this a ‘backdoor,’ as key changes are immediately detected by the sender and can be verified.”

“It is great that the Guardian thinks privacy is something their readers should be concerned about. However, running a story like this without taking the time to carefully evaluate claims of a ‘backdoor’ will ultimately only hurt their readers.”

For something to be a true “backdoor”, it must simultaneously satisfy two criteria beyond simply compromising security or privacy. First, it must have been put there deliberately, for either benign or villainous reasons. Second, it must be undocumented, which is to say only the people who put it there know about it.

The minute a backdoor  becomes public knowledge, it stops being one and becomes just another security flaw that needs to be fixed if that product wants to hang on to its users.

On that basis, it is inaccurate to describe the WhatsApp issue as a “backdoor” when it is really a known design compromise, and also one that people should be aware of.

Using Security Tools to Compromize a Network

One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox with our favourite tools. Yesterday, I read an interesting blog article about extracting saved credentials from a compromised Nessus system[1]. This in indeed a nice target for the bad guy! Why?

Such security tools deployed inside a network have interesting characteristics:

1. They have credentials stored in configuration files or databases. They just need those credentials to be able to perform their tasks. A vulnerability scanner is a good example. It may have Windows credentials, SSH credentials to connect to the scanned systems and perform a local scan.
2. They contain interesting data to build the topology of the network or to discover all the assets (IP addresses, VLANs, remote sites, etc)
3. They are allowed to connect to ANY hosts in the network (just because they need to scan the network)
4. Their IP addresses might be excluded from the log files (just because they are way too verbose)

The security of security/monitoring tools must be addressed like any other regular asset. Access to them must be restricted, logged and they must be installed with least privileges. 

The worst thing that can happen to us is to have our own security tools used against us

Apple releases iOS 10 today

Apple has just unveiled the iPhone 7 and it proved to be a sensational and controversial update, and among the announcements that were made was the official release date of iOS 10, the newest version of the operating system for iOS devices.

Today 13th September 2016, a new operating system called iOS 10 will be seeded to your iPhones and iPad across the world offering apple fans access to new features.

Eligible iOS devices:-

iOS 10 will be available as a free software update for iPhone 5 and later, all iPad Air and iPad Pro models, iPad 4th generation, iPad mini 2 and later, and iPod touch 6th generation.

Unfortunately, iPhone 4s won’t be getting iOS 10 updates.

Note: If you have been enrolled in Apple’s beta program and have been rocking iOS 10 beta for the past few months, the golden master of iOS 10 should already be rolling to your device.

Also have in mind that certain new iOS 10 features will only be available on select newer devices.

For example, Raise to wake requires and iPhone SE, iPhone 6s, or later the iPhone 5, 5c, as well as iPhone 6 and 6 Plus are not compliant with that feature.

How to protect your Hootsuite account from hackers

We all know that online criminals target the social media accounts of users and businesses around the world to spread spam and malicious links, commit identity theft, or to ruin a business's brand. As a result, social networking users need to do everything they can to protect their accounts.

That's where two-step verification (2SV) can help.

In a recent article series, I've discussed how to protect your LinkedIn account from hackers with two-step verification (2SV)

For the sake of convenience, you might have all of these profiles connected to a third-party app so that you can manage your social networking from one central location. But attackers can hack into those apps, as well, which means we should consider enabling additional layers of security on those accounts, if they are available.

Fortunately, if you're using the third-party social media management app Hootsuite, you can enable 2SV.

Here's how you do it:

1. Sign into your Hootsuite account using a web browser.

2. On your homepage, you will see a thin vertical sidebar on the left. Hover your cursor over the gear icon located about mid-page on the sidebar. This is the "Settings" feature.

A drop-down menu will appear to the right. Hover your cursor over to the top of that drop-down menu and click on "Account."

3. A dialog box for your "Account" settings will open up and display your username, picture, and any other personal information you might have provided to Hootsuite.

At the top of this dialog box, you will see several clickable tabs. The tab "Profile" will be highlighted. Navigate your cursor to the right and click on the "Security" tab.

4. The site's "Security" settings pertain to one feature and one feature only: 2-step verification.

Hootsuite will display a dialog box informing you that you will need to install the Google Authenticator app to set up 2SV. To initiate this process, click on the "Get Started" button.

6. And you're done! If you entered in the mobile code correctly, Hootsuite will let you know that you successfully authenticated yourself using 2SV.

Now Hootsuite will automatically add a third text field for your Google Authenticator code whenever you attempt to sign into your account and after you've typed in your username:

Enter in your password and Google Authenticator code, and you will automatically be redirected to your account homepage.

LinkedIn password change flaw poses a potential threat to all users

A vulnerability in LinkedIn's password change process poses a potential threat to all users, especially those whose accounts might have recently been compromised.

If you've been following the news, you've likely heard about how a hacker named "Peace" is attempting to sell 117 million LinkedIn users' emails and passwords on The Real Deal, a dark web marketplace which traffics primarily in zero-day exploits.

hackers originally stole the data during the LinkedIn breach of 2012. The original hackers posted only 6.5 million usernames and passwords at the time. In reality, it appears that they had access to details of 167 million users' accounts, including 117 for which both passwords and emails were available.

Since news first broke about the true scope of this breach, many LinkedIn users have decided to change their passwords out of caution.

If they weren't careful, however, they might have just exposed their accounts to unauthorised parties regardless.

The vulnerability in LinkedIn's password change process occurs when users are signed into their LinkedIn account on more than one device at a time and decide to change their password on one of them.

To check this vulnerability, i decided to change my password on a LinkedIn's Android mobile device while also being signed into my account on a PC. After changing my password, i discovered something interesting when i went back to my desktop:

"If you go back to your browser from PC and hit refresh, you will notice that you still remain logged in with old credentials. You can do all activities such as post, message, connect, etc but you will not be able to change password, add email addresses, or phone numbers to account. You will be received with password prompt asking for credentials, and you can still go back and perform activities. I have been monitoring this issue and noticed I can stay logged in indefinitely using this method."

With that in mind, if you happened to change your LinkedIn password at home but forgot you had logged into your profile earlier that afternoon on a public computer, an attacker could potentially exploit this bug to assume control of your account.

NOTE: We advise against reusing passwords on different websites, and enable two-step verification (2SV) on their LinkedIn account.