Database

CNERIS.COM

CNERIS.COM

Friday, 11 September 2020 14:12

What is two-factor authentication?

How Does Two-Factor Authentication Work?

When two-factor authentication is enabled, you must go through a second authentication process once you enter your username and password. Depending on how 2FA is set up, you may have to verify your identity using one of the following methods:

  • Something you know such as your mother’s maiden name or a personal identification number;
  • Something you have like your smartphone or credit card;
  • Something you are such as a scan of your fingerprint or the iris of your eye.

Two-factor authentication is more secure because even if your password has been compromised, there’s a good chance the hacker won’t have the second piece of information needed to complete the authentication process. For example, if a website is set up to send a code to your smartphone as the second form of authentication, there’s a good chance the hacker won’t have your smartphone in his or her possession. Therefore, the authentication will fail, preventing an unauthorized user from gaining access to your account.

The use of two-factor authentication helps users avoid the consequences of several password-related problems. Many people now have dozens of online accounts, making it difficult to remember the password to each one. As a result, some people write down their passwords, increasing the risk that an unauthorized individual will be able to access a private account. Password recycling is also a common problem. This occurs when people use the same password for multiple accounts. Hackers take advantage of password recycling by testing stolen usernames and passwords against popular websites. If you use the same username and password for multiple sites, the hacker will be able to use your stolen credentials from one site to log in to multiple accounts.

Types of Two-Factor Authentication

Biometrics

Biometric authentication is one of the most secure forms of 2FA because it relies on something you are. It’s very unlikely that a hacker will be able to capture your fingerprints or voice, and the technology is so new that hackers haven’t had a chance to develop effective methods of bypassing it. Another reason biometric authentication is so secure is because fingerprints, voice prints, hand shape, and other accepted forms of authentication contain many data points. Even if a hacker could replicate one point, it would be extremely difficult to replicate them all. When used by corporations, biometric authentication also reduces costs by eliminating the need for key cards and security passes.

Push Notifications

Push notifications alert you when someone is trying to access one of your accounts. If a website uses push notifications, you’ll receive a notification on your smartphone or other device every time you attempt to log in. When the notification pops up, you’ll be able to approve it immediately, reducing the amount of time it takes to access your account. If an unauthorized person attempts to log in, you’ll be able to deny the attempt. One of the main drawbacks of this type of 2FA is that you may have difficulty receiving the notifications if you’re in an area with a poor internet connection.

SMS Messages or Voice-Based Authentication

SMS and voice-based authentication use your smartphone to control access to your online accounts. For sites using SMS authentication, you enter your username and password as usual. Then, the website sends you a text-message containing a one-time passcode that can be used to complete the second step of the authentication process. Voice-based authentication works much the same way. Instead of sending you a one-time passcode via SMS message, the website automatically calls your smartphone. When you answer the call, you receive a one-time passcode from the automated voice system.

Software Tokens

Software tokens are an alternative to SMS and voice-based authentication. Instead of receiving a one-time passcode via text message or phone call, you must download and install a 2FA application on your computer or mobile device. After entering your username and password, you must check the 2FA application and enter the code that appears. In many cases, the code is valid for only a minute; if you don’t enter it within the allotted time, you’ll need to generate a new code to access the website. A major advantage of using software tokens is that there’s a reduced risk of passcode interception because you use just one device to generate and display the code.

Websites and Apps That Use Two-Factor Authentication

Although many websites still rely on usernames and passwords, two-factor authentication isn’t a new form of technology. In fact, the chip-and-pin technology used to prevent the unauthorized use of debit and credit cards was developed nearly two decades ago. Since then, companies in many industries have implemented two-factor authentication to make their sites more secure. These industries include banking, education, finance, entertainment, gaming, and retail. Several major companies, including Facebook and Google, now offer two-factor authentication to protect your personal information. All you have to do is log in to your account and enable 2FA.

Source: https://www.passwordmanager.com/what-is-two-factor-authentication/

 

Saturday, 25 January 2020 19:17

Convert XML to CSV with PHP

I'm using the following code to convert my XML file to a CSV format. Unfortunately, it seems to not be recognizing each entry in the XML and so the XML file ends up being blank.

<?php
$filexml='test.xml';
if (file_exists($filexml)) {
  echo 'File Exists';
$xml = simplexml_load_file($filexml);
  $f = fopen('test.csv', 'w');
  foreach ($xml->Item as $item) {
        fputcsv($f, get_object_vars($item),',','"');
  }
  fclose($f);
}
?>

An example of my XML file is below...

<Item MaintenanceType="C">
  <HazardousMaterialCode>N</HazardousMaterialCode>
  <ItemLevelGTIN GTINQualifier="UP">090127000380</ItemLevelGTIN>
  <PartNumber>0-1848-1</PartNumber>
  <BrandAAIAID>BBVL</BrandAAIAID>
  <BrandLabel>Holley</BrandLabel>
  <PartTerminologyID>5904</PartTerminologyID>
  <Descriptions>
    <Description MaintenanceType="C" DescriptionCode="DES" LanguageCode="EN">Street Carburetor</Description>
    <Description MaintenanceType="C" DescriptionCode="SHO" LanguageCode="EN">Crb</Description>
  </Descriptions>
  <Prices>
    <Pricing MaintenanceType="C" PriceType="JBR">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">462.4600</Price>
    </Pricing>
    <Pricing MaintenanceType="C" PriceType="RET">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">380.5500</Price>
    </Pricing>
    <Pricing MaintenanceType="C" PriceType="WD1">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">314.4700</Price>
    </Pricing>
  </Prices>
  <ExtendedInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="CTO" LanguageCode="EN">US</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="NPC" LanguageCode="EN">A</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="HTS" LanguageCode="EN">8409914000</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="NAF" LanguageCode="EN">B</ExtendedProductInformation>
  </ExtendedInformation>
  <ProductAttributes>
    <ProductAttribute MaintenanceType="C" AttributeID="SKU" LanguageCode="EN">BBVL0-1848-1</ProductAttribute>
    <ProductAttribute MaintenanceType="C" AttributeID="ModDate" LanguageCode="EN">2012-12-31</ProductAttribute>
  </ProductAttributes>
  <Packages>
    <Package MaintenanceType="C">
      <PackageLevelGTIN>00090127000380</PackageLevelGTIN>
      <PackageUOM>EA</PackageUOM>
      <QuantityofEaches>1</QuantityofEaches>
      <Dimensions UOM="IN">
        <Height>7.5000</Height>
        <Width>11.0000</Width>
        <Length>12.2500</Length>
      </Dimensions>
      <Weights UOM="PG">
        <Weight>13.500</Weight>
        <DimensionalWeight>6.09</DimensionalWeight>
      </Weights>
    </Package>
  </Packages>
</Item>
$filexml='test.xml';

    if (file_exists($filexml)) 
           {
       $xml = simplexml_load_file($filexml);
       $f = fopen('test.csv', 'w');
       createCsv($xml, $f);
       fclose($f);
    }

    function createCsv($xml,$f)
    {

        foreach ($xml->children() as $item) 
        {

           $hasChild = (count($item->children()) > 0)?true:false;

        if( ! $hasChild)
        {
           $put_arr = array($item->getName(),$item); 
           fputcsv($f, $put_arr ,',','"');

        }
        else
        {
         createCsv($item, $f);
        }
     }

    }
Thursday, 19 December 2019 19:38

How to thaw a credit freeze

Freezing your credit is an excellent way to protect yourself against identity theft in a world where data breaches and hacks are becoming more and more common. During the 2017 Equifax data breach, for example, over 140 million Americans had their personal information exposed.

Freezing your credit reports can help prevent identity thieves from using leaked personal information to apply for credit in your name; if a thief did use your information to request credit, the lender would attempt a credit inquiry, learn that the credit reports were frozen, and deny the request.

But credit freezes aren’t designed to last forever. At some point, you’ll need to lift the freeze your credit, maybe because you’re applying for a new credit card or a new apartment.

 

Here’s what you need to know about how to thaw a credit freeze.

How do you thaw a credit freeze?

It’s very easy to thaw a credit freeze online. Visit Equifax, Experian and TransUnion and follow the instructions to complete the process. Here are quick links for each bureau:

Equifax and TransUnion will require you to create an online account before requesting a credit thaw, even if you previously froze your credit without an account. Be prepared to provide basic personal information such as your name, address and Social Security Number.

Experian does not require you to create an account, but you’ll still need to provide personal identifying information — and the PIN you created when you froze your credit — before you can request a credit thaw. (If you forgot or lost your PIN, keep reading; we’ve got options below.)

You can also thaw a credit freeze over the phone or by mail.

How long does it take for your credit report to lift?

If you thaw your credit report online or over the phone, the credit bureaus will unfreeze your credit within one hour of the request—so keep that in mind before beginning a transaction that requires a credit report inquiry.

In other words: if you plan to apply for a credit cardcompare personal loan rates, or do anything that requires a hard or soft pull on your credit—including setting up utilities in a new home, which many people don’t realize includes a credit inquiry—thaw your credit reports at least one hour before submitting the application.

 

If you thaw your credit report via mail, the credit bureaus have three business days to complete the request, as per FTC regulations.

Does it cost money to lift your credit report?

It does not cost money to thaw your credit report—and you can thank the federal government for that. Prior to September 21, 2018, some states allowed the credit bureaus to charge fees to consumers who wanted to freeze or thaw their credit. However, after the massive Equifax data breach, Congress passed a law requiring all credit bureaus to allow consumers to both freeze and lift their freeze credit for free.

Can you lift your credit for a specific time period?

If you only want to thaw your credit for a short period of time, you can request to temporarily lift the freeze on your credit. When you complete the credit thaw process online, you’ll have the option to limit the thaw to a set of dates — starting immediately or starting in the future. Once the selected period of time is over, your credit will automatically freeze again.

You can also request a temporary thaw by mail or over the phone.

What should you do if you lose your credit freeze PIN?

When you freeze your credit with TransUnion or Experian, you’ll be asked to create a unique PIN that you might need to provide in order to thaw your credit in the future. It’s important to write your PIN down after you create it, and to keep that information in a safe place, but it’s also very easy to lose track of where you stored your PIN. (I’ve done it myself!)

If you do lose your credit freeze PIN, visit the appropriate credit bureau and follow the online instructions to retrieve your PIN. Here are quick links to the appropriate section of each bureau’s website:

Be aware that the credit bureaus are starting to phase out the PIN. Equifax is no longer requiring users to provide PINs in order to thaw their credit — so if you’ve lost your Equifax PIN, use the above link to create a MyEquifax account that will let you freeze and thaw your credit PIN-free. TransUnion requires you to provide a PIN to freeze or thaw your credit over the phone, but you don’t need a PIN to freeze or thaw your credit through your TransUnion online account or the TransUnion mobile app.

Protect your personal information

Some consumers prefer to keep their credit reports frozen in order to protect themselves and their finances from identity thieves. However, what gets frozen must get thawed, so knowing how to unfreeze your credit, either on a temporary or permanent basis, is an important part of the process.

Luckily, the three major credit bureaus make it easy to freeze and lift the freeze on your credit reports as often as you need to. Since you no longer have to pay a fee to freeze or thaw your credit, consider making credit freezes and thaws an everyday part of your financial management.

Source: https://www.bankrate.com/credit-cards/lift-credit-freeze/

Friday, 29 November 2019 23:28

Best VPN services in 2019

VPN Reviews last updated on November 18th, 2019

 

"We’ve started reviewing VPN services a few years ago. For today, we already tested more than 70 different VPN providers as there are new ones coming in every week."

There are around 250+ different commercial VPN’s. Each of them should serve for same purpose – keep your online identity secure and private. But  some are great at doing this job, others – do fail miserably and don’t get any love.

Our mission is to put every VPN service provider for serious stress test, review it and to give honest feedback which ones are reliable, safe and trustworthy.

How do you know which VPN is good?

There are many VPN and cybersecurity review related websites and each of them have different opinions.

vpnroom.com specialists did detailed reviews with their own hands using constant software and hardware settings. With each VPN provider, we’ll give you quick product overviews, main features, speed tests, and final verdicts.

Reviewing criteria:

  • Log policies/jurisdiction
  • Connection speeds
  • Customer support
  • Ease of use
  • Cost of the product

A good VPN service has to.

As we know, a VPN app should not just change your public IP address. Premium VPN providers should encrypt your cyber identity, allow you streaming services such as Netflix US and it should provide you complete privacy on the web.

Below you will find our TOP VPN list:

NordVPN – #1 VPN overall

NordVPN is one of the most known VPN providers in the market. With their headquarters in Panama, it falls behind the 14 eyes jurisdiction and offers complete privacy and anonymity to their users.

NordVPN offers nearby 6000 servers in 60 countries around the World. That is the biggest number of offered servers among all VPN providers. Also, some of the countries have “Connect to a specific city” feature, which is quite a nice option.

NordVPN is compatible with all major operating systems and devices, such as Windows (from Windows 7 and up), macOS, iOs, Android and Linux. They also have two nice extensions for Google Chrome and Firefox browsers.

While connected to NordVPN, you can use Double VPN or Onion over VPN features. Onion over VPN gives you all the advantages of The Onion Router combined with the extra security of a VPN tunnel. Double VPN simply means that your internet connection and history goes through two different servers.

NordVPN has a brilliant customer support not only in English but in German and French languages as well. Their support team can be reached 24/7 through live chat or email.

NordVPN pricing starts from $3.49 a month for a 3 year plan. We think that the pricing is truly decent for quality service like NordVPN.

 

 

#2 ExpressVPN – still one of the best

ExpressVPN is one of the oldest and most known names in cybersecurity field. Based in British Virgin Islands, it also falls behind 14 eyes jurisdiction.

In our opinion, ExpressVPN is the main competitor for NordVPN and it truly is a great VPN service for beginners and advanced users.

We spent big loads of time trying to see if ExpressVPN has any IP or DNS leaks, but fortunately this provider is reliable when the question comes to data logging or IP/DNS leaks.

ExpressVPN offers 3000 servers in 94 locations – an incredible amount of countries available. These numbers will guarantee you incredible speeds and what our tests showed – it is the fastest VPN in the market.

ExpressVPN does allow torrenting and their services gives you access to all popular streaming platforms – you can watch US Netflix, Amazon Prime or stream any sports from such platforms as DAZN.

ExpressVPN has apps for all operating systems and devices – it supports Windows (from Windows XP & up), Mac, Linux, Android, iOs. ExpressVPN also offers Chrome and Firefox extensions, as well as VPN encryptions for users (home or office networks).

It is a perfect product but in our opinion, it is quite expensive. 1 month plan can be purchased for $12.95, while their 1-year plan is $8.32/mo ($99.95/y). 

 

 

#3 Surfshark – best budget option

Although Surfshark is a VPN market newcomer (founded in 2018), it truly is a premium service for a very good price. In our opinion, it is a great budget deal for new and advanced internet users.

Surfshark as well as ExpressVPN is registered in British Virgin Islands – that means no data logging and great privacy features.

Surfshark has some really good features which are not available in other VPN clients such as the Whitelister (you can exclude specific websites and connect to them with your normal IP). They also offer HackLock™ and BlindSearch™ for users to be fully aware about their email and personal data leaks on the internet.

Surfshark completely bypasses geo restrictions and works with all major streaming services including US Netflix. However, their variety of servers and countries (800 servers in 50 countries) is a little bit poor and some of the servers are virtual.

Surfshark is working on every popular device and OS: Windows, macOS, iOs, Android, Linux and FireTV. As well as NordVPN and ExpressVPN, they do offer extensions for Chrome and Firefox.

Surfshark is great once question comes to pricing. Their cheapest plan starts from $1.99 USD/mo ($47.76 billed every two years), while their 1-month plans are at the same pricing level as NordVPN – $11.95 USD/mo. 

 

 

#4 Cyberghost – worth considering option

CyberghostVPN is definitely a TOP5 VPN provider in the world. However, after a deep research and testing, we found slightly more cons than our TOP3 ranked VPN’s.

Cyberghost has 4000 servers in 60 countries and a big part of countries have a cool “Connect to specific city” feature.

Cyberghost works with a big amount of operating systems and devices: desktop apps for Windows, macOS, Linux. Mobile apps for iOs and Android. As well as NordVPN, they offer browser extensions for Chrome and Firefox. On top of that they developed TV Apps for Amazon FireSticks and Android TV’S.

We were also okay with their pricing – if you do want to save on this deal, we’d recommend choosing their 3Y plan for as low as $2.75 a month. However, if you’d just like to test their service with a 1-month plan, that would cost you $12.99. It is worth to mention that they have a “no question 45 days money back guarantee”, so you will have plenty of time to decide whether you should commit to becoming a long term Cyberghost user.

 

 

#5 Perfect Privacy – expensive, but decent service

Perfecr Privacy VPN is a Swiss-founded VPN that was developed by Vectura Data management Limited and launched in 2014. It is a viable option for newcomers and experienced VPN users. This is because it has a simple interface that newcomers can quickly adapt to. On the other hand, experienced users will appreciate its ability to meet their higher demands.

It is easy to use and minimalist VPN that newcomers can quickly adapt to. It lacks the flashy interface that comes with leading VPNs and instead employs an old school look. Let’s be honest you are not going to use a VPN because it has a good looking interface.

Perfect Privacy VPN offers all-round device compatibility. They offer various tutorials to set up a wide range of devices including Macs, Routers, iOS, Linux, IPTV, Smart TVs, gaming consoles, and Android. However, still, more can be done. Sure they may have made apps for Androids and iOS devices but they have not taken into account things like setting up the Open VPN first before you can manually connect. In summary, they have achieved a lot but still have a long way to go.

This Perfect Privacy VPN has multiple payment options. There is the option of paying 12.99$ a month. This is actually the most expensive option as it has no discount, but it’s a monthly plan. There is the most popular option where you pay 119$ for a whole year. This comes with a 23% discount. Finally, you may choose the more costly 214$ for a 2-year option. In a real sense, this ends up being the cheapest option as it has a 31% discount.

 

#6 Hotspot Shield – excellent if you don’t mind about privacy

Hotspot Shield VPN product family is one of those companies that do not hide their identities like NordVPN or ExpressVPN. In fact, I’ve met the founder of the company a year ago in their office in the Bay Area. It is an amazing company with a superb atmosphere. Most of the team is in the US but there is also a tech team in Ukraine.

Hotspot Shield is available for Windows, Android, Mac, and iOS. 

Furthermore, this VPN also has a Chrome browser extension yet I would not recommend it since there is a slight chance of DNS leaking.

If you are an advanced user and would like to set-up Hotspot Shield on devices such as Linux, routers or SmartTV – sadly, it’s not possible since there are no manual install guides.

Hotspot Shield VPN uses AES 265-bit encryption which is an industry-standard to secure your web traffic. Also, to secure your data, it uses a key-agreement protocol that continuously switched your encryption key. This means that even if your encryption key gets discovered, your data will remain secure after that.

 

The most popular 1-year plan will cost you almost 7.99 EUR per month which is way above the competition. Even if you are getting 2-year plan, one month still costs 6.99 EUR. And I must say that’s a lot when you consider using a VPN which is based in the US, it partially logs your records.

 

 

#7 IPVanish – Not The Best Service For Complete Privacy

Before going into an in-depth IPVanish review, it is worth to mention that it is a US based VPN provider. That immediately raises the question of how reliable the service is?

IPVanish is working on all major operating systems including Windows (Windows 7 or higher), macOS, iOS, Android, Linux, Windows Phone, FireTV and Routers. It is worth to mention that IPVanish does not provide Firefox extension. It is quite a disadvantage, as all of our higher ranked VPN providers to have a Firefox extension.

One of the few reasons why IPVanish received a pretty high ranking on our site was the speeds. Usually VPN users suffer a drastic internet speed drop when using a VPN, but with IPVanish the download/upload speed decreased just a bit.

IPVanish pricing is not so cheap. Their prices vary from $6.49/mo (billed $77.99 annually) to $10.00/mo for a one-month plan.

 

#8 Windscribe – far from premium VPN playground

Windscribe is a rather new name in VPN market but they quickly cought momentum. Currently, Windscribe has over 900 000 users worldwide – most of them chose this VPN service for their free Chrome browser extension.

Also, Windscribe is offering a free version with 10 GB monthly data cap, this is a great way to get started with VPN products.

Our review have unveiled that this virtual private network is highly secure, does not leak DNS or user true IP address and does not log any records.

BUT. Windscribe is based in Canada which is a member of 5-eye alliance making this VPN not the favorite amongst privacy obsessed users.

Windscribe pricing hardly justifies slow speed of the service – monthly price is around $4 when getting a yearly plan.

 

#9 Private Internet Access – good speeds, but based in the US

Private Internet Access is an American company owned by London Trust Media. The company itself was founded back in 2010 August and the service is named as one of the best VPN’s available in the market. However, we had different assumptions about the quality of the service. It is cheap, but would you want to rely your data and privacy on it? 

 

Private Internet Access have quite a big number of servers (3380 in total). However, their location selection is pretty poor as there are only 32 countries you can connect to.

In our Private Internet Access review, the provider received a big plus for it’s pricing. They do offer a -67% discount for their yearly subscription, which would cost you $3.33 per month (billed 39.95 USD yearly). PIA also offers 6 months and 1 month subscriptions. You can get the half year subscription for $35.95 ($5.99/mo) or one month for $6.95. It is definitely affordable, but don’t hurry and read our final verdict.

 

 

#10 PureVPN – cheap and unreliable

PureVPN (parent company is called GZ Systems) is registered and based in Hong Kong – This is quite unusual, because Hong Kong is often juxtaposed with China, which is not the most VPN and privacy friendly country.

PureVPN offers more than 2000 servers in 140+ countries and 180+ locations in total. Although they have a pretty decent amount of servers, we still saw lots of complains about connection time-outs and slow internet speeds.

It is also worth to mention that PureVPN is using a lot of virtual servers. Most of them are in super exotic places such as Barbados, Brunei, or even Cape Verde.

In our opinion, PureVPN is way below the TOP5 VPN providers list because of few simple reasons: privacy, security, encryption, logging and incompability with Netflix (it simply does not work with it). Also – very poor customer support and sketchy reviews on Trustpilot.

 

source: https://vpnroom.com/

Wednesday, 23 October 2019 07:28

What to Do if Your Identity Is Stolen

Source: https://www.adt.com/resources/what-to-do-if-identity-stolen

If this headline made your heart skip a beat, then you already have some insight into the damage that identity theft can do to your finances, credit standing and stress level. Knowing how to prevent identity theft is equally as important as understanding what to do if it actually happens. Keep in mind that even if identity theft doesn’t directly affect you, being aware of the recovery steps can help your kids, family and friends.

 

4 Types of Identity Theft

Identity theft isn’t one-size-fits-all. Fraud comes in a variety of shapes and sizes that may surprise you — and require different tactics to manage. Here are some common identity theft situations you could encounter.

  • Social Identity Theft: This involves stealing and using personal information, like your name and photos, to create a fake social media account.
  • Medical Identity Theft: Sometimes fraudsters will use your medical ID number to access medical services or try to get medical reimbursement from your healthcare provider.
  • Tax Identity Theft: This happens when an identity thief uses your Social Security number to steal your tax refund.
  • Child Identity Theft: Some thieves will even use a child’s personal information, like name and social security number, to open credit cards or other accounts.

 

How to Protect Yourself from Identity Theft

Now that you’ve got some intel into what types of personal information identity thieves are targeting, it’s time to take practical steps to protect your accounts, passwords and identifying details.

  • Monitor your account activity frequently. Check your monthly statements for anything that looks strange. Think beyond bank accounts and credit cards — also monitor transactions on healthcare records and cell phone accounts.
  • Set up online account alerts. Make monitoring easy by signing up for email or text alerts to get notified about unexpected account activity. Account balance threshold alerts are a great way to stay on the lookout for sudden dips in your balance or unusually large transactions.
  • Use a credit monitoring service. These kinds of services monitor your credit report automatically and will alert you if someone has opened a new account in your name.
  • Know the latest scams. Being aware is half the battle. The FTC Scam Alert has an updated list of common scams that have been recently reported.
  • Verify any calls or emails you get about your finances. Don’t respond to any suspicious emails or calls. Instead, contact your financial institution directly by using the contact information listed on their website or on your monthly statements. Ask if these inquiries are legitimate or fraudulent. They’ll appreciate your caution, because you may help alert them to a fraudster.

For even more fraud prevention tips, check out the FTC Onguard Online site for the most up-to-date details to help guard against online fraud and identity theft.


Signs of Identity Theft

No matter how safe you play it, identity theft happens and sometimes it’s hard to notice. The good news is there are some signs you can watch for. If any of these happen, you should dig a little deeper and check your accounts for possible fraud.

  • Your monthly bills or statements stop being delivered to your mail
  • You get bills for cell phones, credit cards, utilities, student loans, medical services, government benefits or other accounts you didn’t open
  • You receive phone calls from debt collectors about debts that aren’t yours
  • You notice unrecognizable accounts or inaccurate information on your credit report
  • You get denied for credit that you didn’t apply for or you’re denied for unexpected reasons
  • You’re notified about password, address or other personal information changes you didn’t make
  • You have an account frozen unexpectedly
  • You get paid by an employer you don’t recognize
  • You are notified about a bankruptcy motion filed in your name

 

What to Do If Your Identity is Stolen

It’s happened. Your identity has been compromised. Now what? Taking quick action is essential to protecting your accounts and financial health. This checklist can make it easier to stay on track while you get your credit and personal information back on track. Be sure to document any communications you have with the agencies and companies you work with during the recovery process.

 

  • File an identity theft report with the Federal Trade Commission (FTC) at IdentityTheft.gov.
  • File a police report and keep a copy of it. Your police report can help with removing fraudulent debt from your accounts.
  • Report the suspected fraud to the company or companies where it happened. Be clear that you think your identity was stolen.
  • Freeze or close any fraudulent accounts that were opened.
  • Place an identity fraud alert with one of the big three credit bureaus — Experian, Equifax and TransUnion. You only need to contact one, because they are required to contact the other two.
  • Check your credit report. You can do this with the three credit bureaus or one-stop service apps.
  • Change passwords and PINs for all your key accounts.
  • If you experienced tax identity or child identity theft, fill out the IRS 14039 Form (Identity Theft Affidavit).
  • Contact the Social Security Administration if you think your Social Security number was used for fraudulent activities.

Keep checking your credit reports for the first year to make sure no new fraud has occurred. The three national consumer reporting companies are required to provide you with a free copy of your credit report once every 12 months at your request.

Preventing and reporting identity theft can feel overwhelming. If you need help managing protection and recovery, ADT Identity Protection services can assist with everything from monitoring to incident resolution — for a low monthly fee. A little peace of mind for you and your loved ones goes a long way, when you’re faced with the possibility of having to recover from an identity theft experience.

Wednesday, 24 April 2019 10:17

Best Password Managers

In the digital world, we can all agree that passwords are a constant source of stress. Different sites often require all sorts of seemingly random password conditions. Some will ask for at least one uppercase letter and a number; others will need a minimum of 8 characters, including one particular symbol, such as $ or &.

Remembering all the variations of your password is neither easy nor secure. Once hackers crack one of your passwords, they will gain access to some of your other accounts. Worst-case scenario, they will get into your email account. From there, they can request a password reset to every single account linked to that email.

Until I started using a password manager, I fell into the mistake of using very similar passwords myself. Even then, it was not uncommon that I forgot whether I set my password with an e, E, € or 3. By the time I figured out, I was already locked out of the account.

Luckily, today we have access to password managers and password apps. First, let's have a look at the best password managers, and then we'll discuss them in detail.


Best Password Managers

The competition is fierce on the password manager market. We have collected the best services and evaluated them so that you can choose the one best suited for you! The prices for these password managers range from $11 to $40 per year. This is a small amount if you consider the financial and emotional implications of your accounts falling in the wrong hands.

 

1Password

Available: Windows Mac iOS Android ChromeOS
One-year subscription: $36

1Password is a pricier password manager, and it doesn’t provide a free plan. However, it does have a trial version though, which could help the user to get to know 1Password’s features before deciding on subscribing

Listing all the features of 1Password would be pretty time-consuming. In short, it's easy to use, has great cross-compatibility, and has fantastic security. However, what really makes 1Password special is that Apple has hired them to provide password management for all 123,000 of its employees. Now, we like to do our research, but we're sure that Apple examined a lot more factors and competitors before choosing 1Password.

It might not be the cheapest on the list but 1Password is the best password manager around in 2019.

 

Dashlane

Available: Windows Mac iOS Android Linux
One-year subscription: $40

Dashlane is the most expensive option from the list, but it offers a free plan and 30-day money-back guarantee. The free plan may not be viable in the long term as it only allows a maximum of 50 passwords to store and it can only be used on one device.

Dashlane premium includes a limited VPN service, which justifies its relatively high price tag. This grants the user extra security when connected to public wifi. On the whole, Dashlane is very impressive, with a clear dedication to security, a solid runner up.

 

StickyPassword

Available: Windows Mac iOS Android
One-year subscription: $30 ($170 lifetime subscription)

StickyPassword stands out from the password manager crowd for a number of reasons. They offer free, annual premium and a special lifetime premium plan. Even its free plan has biometric authentication as long as the device is equipped with fingerprint scanning.

If you're an animal lover, Sticky Password has started a charitable campaign to save endangered manatees. Unfortunately, this doesn't mean that its service couldn't be improved. On the whole though, it's a decent password manager - though we're always wary of companies that offer lifetime subscriptions.

 

Zoho Vault

Available: Windows Mac iOS Android Linux
One-year subscription: $11

Zoho Vault is a relatively new password manager (or should we say password vault). It has a 15 day trial on its enterprise plan and if it runs out, they simply move you onto their free plan. No underhanded automatic billing after your trial is over.

There is no limitation how many passwords you can store with Zoho Vault, even in its free version. One of its drawback though is that you can’t manage two-page logins, which might be a minor inconvenience when logging in to Gmail. Another downside is its lack of web-form filling features.

Zoho Vault’s enterprise plan is cheaper than most other password managers’ standard version. It offers, among other things, notification on password events and user group management. Zoho Vault has stepped up its game lately, so you might want to get their annual plan now before they raise their prices.

 

Roboform

Available: Windows Mac iOS Android
One-year subscription: $23.88

Roboform is perhaps the longest player in the password manager game, which is an attest to their long-term viability. However, its age also shows in terms of features compared to its competitors.

Due to its age, Roboform has a lot of form and functionality. Unfortunately, they very much seem to be lagging behind when it comes to modernizing. This doesn't mean that they are bad in any way, it's just we're not hopeful for their future. However, while they are around, they're a great password app.

 

Free Password Managers

As they say "nothing worth paying for is ever free". This is generally the case with password managers as well. Yes, some companies offer a Freemium model, but we all know that those are teasers to get you hooked onto their service.

The one exception for password managers is KeePass. It offers extensive customizability and encryption. Plus, the only limit to how many passwords it can store is your own hard drive! Although you have to download KeePass to use it, it doesn’t necessarily require installation. It is highly portable, meaning you can put it on a USB stick and use it anywhere without having to install it.

Unfortunately, where it fails, is that cross-device syncing is troublesome. You can also achieve additional functionality and utilities but you'll need to install add-ons for anything and everything extra you wish to use.

So yes, it's free, but as a day-to-day tool, it's cumbersome. You can find out more about it in our KeePass guide.

 

How Password Managers Work

Password managers work by storing all of your different passwords behind one master password. This one password is the only one you need to remember. Both your passwords and your master password is encrypted to ensure absolute safety.

Most password managers offer browser extensions and mobile apps, which auto-fill passwords for you. This is very convenient, especially when using public wifi. here is always the danger of somebody gaining access to your credit card information when you enter it in a public space.

Password managers can also synchronize your passwords across all of your devices. Whether you want to enter your account through your desktop, mobile or tablet device, your trusty password manager will be ready to fill them out for you.

 

Cost

Password managers can be laughably cheap despite being an exceptionally useful tool. The price of a coffee per month really ($1-3). Furthermore, most password managers also offer a trial or a free version. This can be useful when users want to try out the product before placing their money down the table.

 

Features

Password managers come with a lot of useful features. Here are just a few of the important ones to look out for when deciding on which password vault to use.

 

Password Generator

A built-in customizable password generator is just one of the many useful features of password managers. After all, free online password generators may not be nearly as trustworthy. Some sites don’t allow special characters in passwords. To get a password without any special characters, all you need to do is to just untick a box before generating.

 

Device Cross-Compatibility

Most password managers are compatible with all sorts of devices. Smartphones, tablets, laptops you name it! They also sync your passwords and personal data across all devices, saving a lot of trouble and failed logins. Most will also allow you to share passwords between users in your family or company.

 

Autofill

Password managers automatically fill in the password for websites. This is a really useful feature, especially for applications that sign you out after a certain period e.g., your bank.

 

Biometric Security

Many password apps now allow you to use your fingerprint or FaceID as the master password. Therefore, when you're using your mobile or tablet, logging into apps and websites is absolutely seamless.

 

Security

The purpose of password managers isn’t just for convenience - they also provide a great deal of security to its users to keep their password safe.

TFA - Two Factor Authentication

One of the security measures is two-factor authentication. This requires the user to confirm his access on his phone. Even if by some miracle an outsider got a hold of your master password, he still won’t be able to gain access. He would need your phone and be able to unlock it in order to enter.

Encryption

Encryption also plays a huge role in ensuring that your passwords are safe. It is one of the reasons why you need a strong password. Obviously, besides the obvious fact that it’s harder to guess it.

The stronger the master password is, the more impenetrable is its encryption. A simple 4 digit birth date cannot be encrypted as complexly as a string of 16 random characters. Of course, you need to make sure that the password manager uses strong encryption. If the encryption is weak and hackable, then there's no point to it.

 

Public Security

The greatest issue with password security is that you might need to enter them while you are out in public. This can be problematic for a number of reasons. Hackers could inject keyloggers to your laptop or mobile phone through public wifi. People could also simply look over your shoulder in a crowded café while you are entering your password.

Password managers completely fix this problem by auto-filling your details. Keyloggers track your key hits, which is useless if your passwords are automatically filled in. It is also extremely convenient as you won’t need to look up and enter any of your complicated passwords.Conclusion

 

Conclusion

All in all, password managers are essential in today’s cyber environment. Both due to security concerns and for convenience. They are so much more than just a digital sticky note for your passwords. Combine that with its low price, there is no good reason not to sue one.

 

Written by: Peter Selmeczy

Peter is a full-time tech enthusiast and gadget geek. When not working, you'll find him playing with Lego or tinkering away on an RPi.

Source: https://www.bestvpn.com/guides/best-password-managers/

 

This guide discusses how to Install and Use WPScan WordPress Vulnerability Scanner Ubuntu 18.04. WPScan, which is an acronym for WordPress Security Scanner, is a free black box vulnerability scanner written on Ruby programming language to help security professionals and blog maintainers to test the vulnerabilities on their WordPress sites. It helps unearth any vulnerability associated with WordPress themes, plugins, or any other security threat harbored on a WordPress site.

Installing WPScan Ubuntu 18.04

Prerequisites

Before you can install WordPress Security Scanner (WPScan), ensure that the following dependencies are installed.Also ensure that your system is up-to-date. This can be done by running the commands below;

sudo apt update
sudo apt upgrade
sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev -y

WPScan can either be installed fron RubyGem repositories or from sources. The former is simpler as it involves a one line command.

 

Install from RubyGem

To install WPScan from RubyGem repositories, run the command below;

gem install wpscan

You can at the same time uninstall WPScan by running the command;

gem uninstall wpscan

Install WPScan Sources

To install WPScan from sources, you first need to its Github repository.

git clone https:gem//github.com/wpscanteam/wpscan.git

Once the cloning is done, navigate to WPScan directory and run the commands below to do the installation.

cd wpscan/
bundle install
sudo rake install

Do you have patience? If you don’t, this is where might have to learn to have a little since it may take some few mins to complete the installation. If the installation is successful, you should see such an output.

...
  48) WPScan::Vulnerability behaves like WPScan::References references when references provided as array 
     # Temporarily skipped with xit
     # ./spec/shared_examples/references.rb:45


Finished in 8 minutes 54 seconds (files took 15.12 seconds to load)
17914 examples, 0 failures, 48 pending

Coverage report generated for RSpec to $HOME/wpscan/coverage. 1709 / 2006 LOC (85.19%) covered.
wpscan 3.4.0 built to pkg/wpscan-3.4.0.gem.
wpscan (3.4.0) installed.

Well, WPScan is successfully installed on Ubuntu 18.04. To obtain a description of various command line options used with WPScan, run wpscan command with -h/--help option;

wpscan -h
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 3.4.0
          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

Usage: wpscan [options]
        --url URL                                 The URL of the blog to scan
                                                  Allowed Protocols: http, https
                                                  Default Protocol if none provided: http
                                                  This option is mandatory unless update or help or hh or version is/are supplied
    -h, --help                                    Display the simple help and exit
        --hh                                      Display the full help and exit
        --version                                 Display the version and exit
    -v, --verbose                                 Verbose mode
        --[no-]banner                             Whether or not to display the banner
                                                  Default: true
    -o, --output FILE                             Output to FILE
    -f, --format FORMAT                           Output results in the format supplied
                                                  Available choices: cli-no-color, json, cli, cli-no-colour
        --detection-mode MODE                     Default: mixed
                                                  Available choices: mixed, passive, aggressive
        --user-agent, --ua VALUE
        --random-user-agent, --rua                Use a random user-agent for each scan
        --http-auth login:password
<output cut>

Go through the whole output to see various options that can be used with wpscancommand.

Scanning for Vulnerabilities

In this guide, we are going to show you a few examples on how to perform WordPress blog vulnerability scanning. Ensure that you run the examples below against your OWN blog. It is illegal to scan other people’s sites.

Scan the whole WordPress blog

wpscan --url wordpress.example.com

WPScan can scan both http and https protocols. If not specified, it will scan http by default.

If you want to save the scanner output results in a file, use the -o/--output option.

wpscan --url http://wordpress.example.com -o scan-test

There are three detection modes in which wpscan can run against a WordPress site; passiveaggressivemixed(default).

  • The passive mode runs a non-intrusive detection i.e it sents a few requests to the server. It commonly scans the home page for any vulnerability. The passive mode is less likely to be detected by IDS/IPS solutions.
  • The aggressive mode on the other hand performs a more intrusive scan as it sents a thousand request to the server. It tries all the possible plugins even if the plugin has no known vulnerabilities linked to it. This may result in an increased load on the target server.
  • The mixed(default) mode uses a mixture of both aggressive and passive.

To specify detection mode;

wpscan --url wordpress.example.com -o test --detection-mode aggressive

Check for Vulnerable Plugins

To scan for vulnerable plugins on your WordPress blog, pass the -e/--enumerate [OPTS]option to the wpscan command where [OPTS] can be; vp (vulnerable plugins)ap(all plugins)(plugins). For example to scan for every plugin which has vulnerabilities linked to it,

wpscan --url wordpress.example.com -e vp

Check for Vulnerable Themes

Just like we used the -e/--enumerate [OPTS] option to check for vulnerable plugins, the same can be done when checking for vulnerable themes with the [OPTS] being any of the following; vt (Vulnerable themes)at (All themes)(Themes). For example to scan for themes with known vulnerabilities;

wpscan --url wordpress.example.com -e vt

Enumerate WordPress Users

To find out the users that can login to WordPress site, you would pass the -e/--enumerate u option to wpscan where u basically means the user IDs.

wpscan --url wordpress.example.com -e u

Test for Password Strength/Bruteforce Attack against a WordPress User

Once you have enumerated the usernames, you can try to perform a brute-force attack again them as shown below. This process may be a bit slower depending on the number of passwords specified in the password file (-P, --passwords FILE-PATH) and number of threads (-t, --max-threads VALUE) you are using. For example to brute-force an admin,

wpscan --url wordpress.example.com -P password-file.txt -U admin -t 50

To test for password strength for multiple users, you would use the same command above this time round without the specific username specified.

wpscan --url wordpress.example.com -P password-file.txt -t 50

Run WordPress scan in undetectable mode

To run wpscan in a stealthy mode which basically means (--random-user-agent --detection-mode passive --plugins-version-detection passive), specify the --stealthyoption.

wpscan --url wordpress.example.com --stealthy

That is all about WPScan. Feel free to explore this useful tool.  We hope this article was helpful.

SOURCE: https://kifarunix.com/install-use-wpscan-wordpress-vulnerability-scanner-ubuntu-18-04/

Disabling directory browsing in WordPress or any other CMS or website for that matter requires access to the base directory via FTP or some file manager like cPanel.

There are various free FTP clients that will help you here, a good option is FileZilla.

You simply need to create an .htaccess file with the following line of code in it:

Options All -Indexes

Then upload the file back to the respective folder. This is a very general overview of the process. In most cases, you might already have a .htaccess file present inside your WordPress installation directory. It is created when you had changed the permalink settings.

Be very careful – do not overwrite this file, or else you’ll lose all your permalink and other security settings.

If you already have a .htaccess file present, first create a backup. Then, open it in Notepad (or any plain text editor) and paste the following line in the end:

Options All -Indexes

In general, most .htaccess files contain the following code:

 

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

The modified code will look like:

 

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

Options All -Indexes

Save the file, and upload it back in the same directory you downloaded it from, this time overwriting the file. If anything breaks, replace it with your backup file and try the process again.

ClamAV, an open source antivirus engine for detecting and removing trojans, viruses, malware and other threats can easily be installed on Ubuntu to help protect your systems… You don’t usually hear antivirus and Linux in the same sentence… however, in today’s environments, viruses and malicious threats can live anywhere…

 

This brief tutorial shows students and new users how to install ClamAV on Ubuntu 16.04 / 17.10 and 18.04 systems…

 

ClamAV is by design, versatile…. it supports multiple file formats and multiple signature languages that most viruses use to exploit systems… It performs multi-threaded scans, and include a command-line utility for on demand file scanning and signatures updates..

 

When you’re ready to install ClamAV, continue with the steps below

 

On Uubntu desktop, open your terminal by press the Ctrl — Alt — T keys on your keyboard… this should open the terminal…

 

When the terminal opens, type the commands below to install ClamAV

 

sudo apt install clamav clamav-daemon

 

Now that ClamAV is installed, you can use the command line terminal to scan for viruses and malware…. to test out, run the commands below to scan your home folder…

 

clamscan --infected --remove --recursive /home

 

You should get a summary after a successful scan…

 

----------- SCAN SUMMARY -----------

Known viruses: 6541075

Engine version: 0.99.4

Scanned directories: 136

Scanned files: 401

Infected files: 0

Data scanned: 63.20 MB

Data read: 43.88 MB (ratio 1.44:1)

Time: 23.938 sec (0 m 23 s)

To scan for infected files and folder on the entire sysstem, you can run the commands below

 

sudo clamscan --infected --remove --recursive /

 

For downloading Clamav virus definitions..

sudo freshclam

Advanced Access Manager (aka AAM) is all you need to manage access to your website frontend and backend for any user, role or visitors.

FEW QUICK FACTS

The only plugin that gives you absolute freedom to define the most granular access to any aspect of your website and most of the feature are free;

Bullet-proven plugin that is used on over 100,000 websites where all features are well-tested and documented. Very low amount of support tickets speaks for quality;

It is the only plugin that gives you the ability to manage access to your website content for any role, individual user and visitors or even define the default access to all posts, pages, custom post types, categories and custom hierarchical taxonomies;

AAM is developer oriented plugin. It has dozens of hooks and configurations. It is integrated with WordPress RESTful and XML-RPC APIs and has numerous abstract layers to simplify coding;

No ads or other promotional crap. The UI is clean and well crafted so you can focus only on what matters;

No need to be a “paid” customer to get help. Request support via email or start chat with Google Hangout;

Some features are limited or available only with premium extensions. AAM functionality is transparent and you will absolute know when you need to get a premium extension;

MAIN AREAS OF FOCUS

Access & Security Policy allows you to define who, when, how and under what conditions your website resources can be accessed;

Content access control on frontend, backend and API sides to posts, pages, custom post types, categories, custom hierarchical taxonomies and CPTs for any role, user and visitors;

Roles & capabilities management with ability to create new roles and capabilities, edit, clone or delete existing;

Access control to backend area including backend menu, toolbar, metaboxes & widgets;

Access control to RESTful & XML-RPC APIs;

Developer friendly API so it can be used by other developers to work with AAM core;

And all necessary features to setup smooth user flow during login, logout, access denied even, 404 etc.

THE MOST POPULAR FEATURES

[free] Manage Backend Menu. Manage access to the backend menu for any user or role. Find out more from How to manage WordPress backend menu article;

[free] Manage Roles & Capabilities. Manage all your WordPress role and capabilities.

[free] Create temporary user accounts. Create and manage temporary user accounts. Find out more from How to create temporary WordPress user account;

[limited] Content access. Very granular access to unlimited number of post, page or custom post type (19 different options). With premium Plus Package extension also manage access to hierarchical taxonomies or setup the default access to all post types and taxonomies. Find out more from How to manage access to the WordPress content article;

[free] Manage Admin Toolbar. Filter out unnecessary items from the top admin toolbar for any role or user.

[free] Backend Lockdown. Restrict access to your website backend side for any user or role. Find out more from How to lockdown WordPress backend article;

[free] Secure Login Widget & Shortcode. Drop AJAX login widget or shortcode anywhere on your website. Find out more from How does AAM Secure Login works article;

[free] Ability to enable/disable RESTful and XML-RPC APIs.

[limited] URI Access. Allow or deny access to any page of you website by the page URL as well as how to redirect user when access is denied;

[free] Manage access to RESTful or XML-RPC individual endpoints for any role, user or visitors.

[free] JWT authentication. Authenticate user with WordPress RESTful API and use received JWT token for further requests. Fid out more from Hot to authenticate WordPress user with JWT token

[free] Login with URL. For more information check WordPress: Temporary User Account, Login With URL & JWT Token article.

[free] Content Filter. Filter or replace parts of your content with AAM shortcodes. Find out more from How to filter WordPress post content article;

[free] Login/Logout Redirects. Define custom login and logout redirect for any user or role;

[free] 404 Redirect. Redefine where user should be redirected when page does not exist. Find out more from How to redirect on WordPress 404 error;

[free] Access Denied Redirect. Define custom redirect for any role, user or visitors when access is denied for restricted area on your website;

[free] Manage Metaboxes & Widgets. Filter out restricted or unnecessary metaboxes and widgets on both frontend and backend for any user, role or visitors. Find out more from How to hide WordPress metaboxes & widgets article;

[paid] Manage access based on IP address or referred domain. Manage access to your website for all visitors based on referred host or IP address. Find out more from How to manage access to WordPress website by IP address article;

[paid] Monetize access to you content. Start selling access to your website content with premium E-Commerce extension. Find out more from How to monetize access to the WordPress content article;

[free] Multisite support. Sync access settings across your network or even restrict none-members from accessing one of your sites. Find out more from AAM and WordPress Multisite support;

[free] Multiple role support. Finally AAM supports multiple roles per user WordPress access control for users with multiple roles

[and even more…] Check our help page to learn more about AAM

Page 7 of 9