'The Last Guardian' Soundtrack is Getting a Vinyl Release Sony will also release a music app for PS4, and a special audio mode for headsets. Pumped for The Last Guardian? Yeah, we are too. The long-awaited follow-up to Ico and Shadow of the Colossus stars a young boy and a giant feathered creature called Trico as they explore a world filled with broken, temple-like structures. The emotional puzzle-platformer has an equally distinctive soundtrack -- the work of composer Takeshi Furukawa -- and Sony has dropped a few extra pieces of news about audio in The Last Guardian. Sony will release a special app for the game's launch, inspiringly titled "The Last Guardian Composer's Choice PS4 Music App." It'll feature 17 tracks from the game's soundtrack, support stereo and surround sound, and allow gamers to export tracks as stereo MP3s to a USB drive. There's no word on how much this app will cost, but Sony says the album will also go on sale through iTunes at a later date. Additionally, if you buy The Last Guardian and happen to own a PlayStation headset that's compatible with the Headset Companion App, Sony says there's a "special mode" just for you. You'll be able to activate a "custom audio mode" in-game for a "fine-tuned audio experience engineered for maximum immersion." We have no idea what that means, but maybe it'll be great. Unsurprisingly -- what game doesn't have one at this point -- there's a vinyl collection in the works too. Produced by iam8bit, the collection boasts two LPs and an "epic tri-fold design" stretching more than 36 inches. It'll cost $35 and ship in early 2017. For super-fans with a love of vinyl, it looks to be a price worth paying. Just check out that album art: http://i.imgur.com/EBRC9ij.jpg

There are persistent rumors going around that some file-sharers are doing everything they can to fly under the radar but when ruining privacy is so much easier, why bother? For those who couldn't care less about online security and have a burning desire to turn their online lives into a public free for all, here's our essential guide. Every single day one can hear do-gooders banging on endlessly about staying private on the Internet. It’s all encryption this and Edward Snowden that. Ignore them. They’re lunatics involved in a joint Illuminati / Scientologist conspiracy. No, what Internet users need is a more care-free approach to online surveillance, one that allows them to relax into a zen-like state of blissful ignorance, free from the “Five Eyes†rantings of Kim Dotcom. And there are plenty of real people already following this advice. Real events reported here on TF (and investigated by us over the past few months) have shown us that while operating in the world of file-sharing (especially if that involves releasing content or running a tracker) it is absolutely vital to lay down an easily followed trail of information. Here are some golden rules for doing just that. Naming convention If at all possible, file-sharers should incorporate their real-life names into their online nickname. Dave Mark Robinson should become DaveR at a minimum, but for greater effect DaveMR should be used. As adding in a date of birth allows significant narrowing down of identities, DaveMR1982 would be a near perfect choice. This secret codename can then be used on any torrent site, but for best effect it should be used across multiple trackers at once so the user is more easily identified. But let’s not think too narrowly here. As an added bonus, Dave should also ensure that the same nickname is used on sites that have absolutely nothing to do with his file-sharing. EBay profiles and YouTube accounts are perfect candidates, with the latter carrying some personally identifying videos, if at all possible. That said, Dave would be selling himself short if he didn’t also use the same names on….. Social media If Dave doesn’t have an active Facebook account which is easily linked to his file-sharing accounts, he is really missing out. Twitter is particularly useful when choosing the naming convention highlighted above since nicknames can often be cross-referenced with real names on Facebook, especially given the effort made in the previous section. In addition to all the regular personal and family information readily input by people like Dave, file-sharing Facebook users really need to make sure they put up clear pictures of themselves and then ‘like’ content most closely related to the stuff they’re uploading. ‘Liking’ file-sharing related tools such as uTorrent is always recommended. File-sharing sites When DaveMR1982 signs up to (or even starts to run) a torrent site it’s really important that he uses an easy to remember password, ideally one used on several other sites. This could be a pet’s name, for example, but only if that pet gets a prominent mention on Facebook. Remember: make it easy for people, it saves so much time! Dave’s participation in site forums is a must too. Ideally he will speak a lot about where he lives and his close family, as with the right care these can be easily cross-referenced with the information he previously input into Facebook. Interests and hobbies are always great topics for public discussion as these can be matched against items for sale on eBay, complete with item locations for added ease. Also, Dave should never use a VPN if he wants his privacy shattered, with the no-log type a particular no-go. In the event he decides to use a seedbox he should pay for it himself using his own PayPal account, but only if that’s linked to his home address and personal bank account. Remember, bonus points for using the same nickname as earlier when signing up at the seedbox company! Make friends and then turn them into enemies Great friendships can be built on file-sharing sites but in order to maximize the risks of a major privacy invasion, personal information must be given freely to these almost complete strangers whenever possible. In an ideal world, trusting relationships should be fostered with online ‘friends’ and then allowed to deteriorate into chaos amid a petty squabble, something often referred to in the torrent scene as a “tracker dramaâ€. With any luck these people will discard friendships in an instant and spill the beans on a whim. Domain registration Under no circumstances should Dave register his domains with a protected WHOIS as although they can be circumvented, they do offer some level of protection. Instead (and to comply with necessary regulations) Dave should include his real home address and telephone number so he is easily identified. If for some crazy reason that isn’t possible and Dave is forced to WHOIS-protect his domain, having other non-filesharing sites on the same server as his file-sharing site is always good for laying down breadcrumbs for the anti-privacy police. If the domains of those other sites don’t have a protected WHOIS, so much the better. Remember, make sure the address matches the home location mentioned on Facebook and the items for sale on eBay! Conclusion As the above shows, with practice it’s easy to completely compromise one’s privacy, whether participating in the file-sharing space or elsewhere. In the above guide we’ve simply cited some genuine real-life techniques used by people reported in previous TF articles published during the last year, but if you have better ideas at ruining privacy online, please feel free to add them in the comments. Torrentfreak

Security Guide The new branch of PHPBB - PHPBB 3 is quite secure. After some major security flaws in PHPBB 2 the PHPBB developers have paid great attention to the security of their product's new branch - PHPBB 3. According to the script's changelog and the users' reports there have been just several minor security issues. They have been resolved quite fast. Still, in this article we will list useful practices that will additionally improve the security of your PHPBB 3 forum. TIPS Keep your software up--to-date This rule is valid for all the applications that you use. Keep your local computer software (OS, anti-virus program, firewall, web browsers, etc.) and web applications (scripts, extensions, components, modules,plugins) upgraded to the corresponding latest stable versions. Custom Database tables prefix A wise solution is to set a custom database tables prefix during the PHPBB 3 installation. If your hosting provider supports an auto-installer like Softaculous just enter the new value in the "Table Prefix" field. The manual phpBB3 installation also allows to enter the chosen table prefix in the "Prefix for tables in database:" field. The change of the tables prefix in an existing phpBB 3 installation is more difficult. First, you should edit the config.php file and replace the new prefix in the following field: $table_prefix = 'phpbb_'; If you have custom modules integrated in your forum check whether they have additional configuration files. You might need to complete the same change in them. Next, you should rename all the tables in the database. You can run the queries through a tool like phpMyAdmin. The query for each table should be: RENAME TABLE phpbb_table_name TO newprefix_table_name; Additional admin login page To add a new layer of security to your admin login functionality you should password protect the admin folder. In PHPBB 3 the default admin folder is called "adm". Usually the hosting providers have a password protection tool embedded in their control panels. If your hosting provider uses cPanel you can password protect the folder through the Password Protect Directories tool. The tool will create a .htaccess file under the "adm" folder. Make sure that the used password is different from the one set during the initial PHPBB 3 installation Always use strong passwords that contain random sequence of letters, numbers and special characters. Restrict the admin folder access If you are using a computer with static IP to access your forum you can restrict the access to the admin area. Enter the code listed below in the .htaccess file under the "adm" folder. It will allow access only from your local computer. Order Deny, Allow Deny from all Allow from 123.123.123.123 Instead of 123.123.123.123 use your IP. It can be checked at: http://whatismyipaddress.com/ The file can be edited either with FTP or with cPanel->File Manager. You can add more IPs to the list, separated with blank spaces. Backup your forum Often, keeping backups of your script will allow you fast and easy to restore the stable functionality of your web site. It does not matter if the script has been compromised by hackers or it has been broken by a custom code modification performed from your end. The backup restore will bring the web site to its normal state. Usually the hosting providers create daily or weekly backups of your account. Still, you can additionally take care of this task. Detailed instructions can be found in this knowledge base article. Enhance the users registration PHPBB 3 has some useful options which will stop most of the malicious users' registrations attempts. Open your forum's admin area and load the "User registration settings" section. For the "Account activation" option pick "By user (email verification)". During the registration the user will have to provide a valid e-mail account and approve the registration through a confirmation link message delivered to it. For "Password complexity" select "Must contain symbols". In this way the user will have to enter letters, numbers and symbols in the chosen password. Leave the default values of the other options. Forums that follow the above-mentioned tips experience 80% less security problems. If despite the measures taken, your forum gets hacked, you should contact your host for assistance and try to get more specific security tips from the community via the discussions boards. Credits for this materials: http://www.siteground.com/phpbb-security.htm Top 5 Security Mods for phpBB No forum software is fully secure from the onslaught of hackers and spammers, and needs to keep being updated by new modifications and plugins to safeguard against such attacks. The open source nature of phpBB makes it more vulnerable to attacks. phpBB developers are constantly working towards identifying security gaps and trying to fix them. Some of the main features added to provide protection to your forum from being attacked by hackers are: Providing a sophisticated authorization system; Effective encryption which basically helps by ensuring the safety of the passwords in the data base; Proper running of the URL and cookie sessions. 5 Security Mods for phpBB Some helpful security mods for phpBB are: RAC Mod: In this Mod, the administrator defines an auth code which you need to enter while registering. After this, the administrator may ask you a question, the answer to which is the code. The advancements made to this mod are: Language variable being used properly; phpBB templates being used properly; Unnecessary steps have been removed; Instructions are made more detailed. Peoplesign CAPTCHA Plugin: This is a unique and new picture based CAPTCHA which gives its owners millions of different ways to customize and use it as per their liking. It is easy to install. People visiting the forum are given a picture-based text to enter the forum and by this means automated bots can be kept away. Show Password Strength: This mod reflects the strength of the password to its users. It displays a color code to show the password strength which is green for strong and red for weak. Along with this, there is a text indicator such as ‘Very Strong’, ‘Strong’, ‘Good’, ‘Weak’ and ‘Very Weak’ for passwords. The basis on which the password strength is graded are: Mixed case alphabets; Numbers; Special characters; More than 12 characters in the password. Breizh Ajax Checks: This mod is fast and the language can be changed in the ajax on the registration page. Through this mod, checks can be performed in real time in the registration page as well as edit account setting page for email address, password and username. Key CAPTCHA: It is an innovative anti-spam service which is provided free. It provides protection to your website from spam and also works as an instrument for income acquisition. Contrasting other captchas, there is no requirement to type any text here. phpBB is not fully protected from all attacks by hackers and spammers present on the net. While there are people working towards mods to improve the scenario, one should take precautions and be vigilant to ensure that the forum is not attacked. phpBB security does not merely involve protecting your forum from being hacked, but it also involves the security of personal information and data of visitors and the integrity of the member list as well as the community. Some issues that may take up a lot of admin and moderator time may be automated signups, member list abuses, email address harvesting and dropping links. Credits for this materials: http://www.webmasterscafe.com/top-5-security-mods-for-phpbb/

Security Guide NOTICE BEFORE READING: This is not a guide to making your forum completely secure and untouchable but this is a guide to the many different things that one can do to tighen up security. I would also like to note that the latest version of MyBB is very secure even out of the box. Also note that i'm no expert on this, I've never even had a public MyBB forum but i'm hoping to start one soon. This is mostly about securing MyBB itself, look elsewhere for information on securing any other web applications that you are hosting The key points #1 Keep your forum as up to date as possible It is very important you keep everything up to date, this includes plugins. Make sure to manually check for updates in the Admin CP often and/or frequent the downloads section of mybb.com #2 Check before installing plugins Plugins have the potential to bring down your whole forum if they are insecure/intentionally backdoor-ed. Google is your friend with plugins so ensure you check through any posts/advisories on the plugin and any other sources of the plugin that could are more likely to be secure. Don't use cracked/nulled plugins. If you can understand PhP then look through the code. If the code is encrypted/obfuscated etc.. and the plugin is not commercial then be very careful. Look into the plugin author and their credibility as well. Using a plugin that is used on HF and made by labrocca for example is a much better idea then some random thing you found dumped on the net. #3 Use secure and unique passwords Ensure the passwords to all powerful accounts are different, unique, long and use a large array of chars. *ndEyd7_-38Dne3dhy3(8ednYe}&yDp2@04(jNPKNBGgdue ^ Is the type of thing you are going to want as a password to any account with powers that could damage the forum. Don't use passwords that you use on other forums because they could be easily tracked down. If you can't remember the password store it in an encrypted vault such as a keepass vault. #3 Deny access to directories There are a number of directories in MyBB that contain files that never need to be accessed from browser. It's a good idea to deny access to these. Directories to protect {root}/inc {root}/install (whenever not needed) {root}/{admincpdir}/inc {root}/{admincpdir}/modules As there is no legit reason to access this stuff it's best to create a .htaccess file in the root of these directories containing the following. deny from all Another way to add to security to the files is the add to/create a .htaccess file in the forum root containing Options -Indexes To stop anyone browsing folders without an index. Another thing one can do is the rename the Admin Directory, to do this open {root}/inc/config.php and edit the $config['admin_dir'] to whatever you want your new directory to be then rename the actual directory from 'admin' to whatever you specified in the config.php. --- This does not give much extra security unless you set the $config['hide_admin_links'] to 1 (note you will need to access the adminCP from a stored link rather than from a link on the front end if this is enabled) #4 Obscure, obscure, obscure It's a great idea to make it as hard as possible for a potential attacker to get correct information on your forum. Change the default table prefix (this can be done easily upon when installing a fresh install of MyBB in the installation wizard) This can also be done in the config.php but only people who know what they are doing should attempt to change it after MyBB has been installed also note that a few plugins are broken by non-default table prefixes. This can make it harder for ub3r el1te SQLI masters to attack your DB Other things you can do include giving your main account (the one you post with) super mod perms and giving super-admin to another extremely secure account that has a normal usergroup as it's primary. #5 Lock down the AdminCP It's very important to implement extra security on the admin cp to prevent unwanted access. Here are a few things you can do. Add extra auth with .htpasswd http://www.htaccesstools.com/htpasswd-generator/ http://www.htaccesstools.com/htaccess-authentication/ ^ The above links can be used to generate the files needed to do this. Once done simple place the .htpasswd and .htaccess files in the adminCP directory for some extra security. Make sure the user/pass is different to the Admin password. Add an ip whitelist to the AdminCP You can use .htaccess to permit only those with a certain ip to access the AdminCP, this is very secure! (It's not a very good idea to do this if you have a dynamic IP though because you might find your self locked out one day. Just put/add to a .htaccess file in the admincp root containing the following. Order Allow,Deny Allow from Your.static.ip.adress Add a pin to the Admin Cp This pretty much does the same thing as .htpasswd but can look a little better. There are plenty of tutorials on this so just make a search. Remove the backup system from the AdminCp If someone was to gain unauthorized access to the admin cp they could easily dump all the SQL info using the built in backup feature. It's a good idea to disable this if you are not going to use it. Simply go to {root}/{admincpdir}/modules/tools/backupdp.php And add a the following after the <?php die('Backups Disabled'); If you want to use this module then simply comment out the addition and uncomment it when you are done. These are the key points. After this i will just put a few simple extra tips and some links for more info Run MyBB with a database user that is not used with anything else on your website to prevent one failure leading to another Restrict the database user that MyBB uses to only be able to do what it needs and nothing more Restrict PHP to only be able to execute functions that are needed and nothing more Remove any features you don't need (don't use the portal?. then remove it, don't use the calendar? then disable it etc) Make sure you don't have scrutinize IP enabled unless you really, really, really know what you are doing Search through forums/exploit DB's for potential exploits often If you are starting a forum from scratch change how passwords are salted and hashed for some extra obscurity in the event your DB is leaked If you've left anything in Areas the public can access such as a plugin zip file or a phpinfo.php then be sure to remove If something is suspicious... CHECK IT OUT! Credits for this materials: http://community.mybb.com/thread-131553.html

Security Guide TIPS In this section of the tutorial you will find several tips how to improve the security of your Invision Power Board. 1. Do not allow HTML for your board except for user groups that you can fully trust. When creating a forum you can choose not to allow HTML code to be posted in various sections for the board. You can disallow HTML code in all of the areas listed below: To disable HTML in signatures and the about me section for members go to System tab-> System Settings -> Members tab -> User Profiles. To disable HTML in personal messages between users go to System tab -> System Settings -> Members tab -> Personal Message Set-up To disable the HTML in posts for specific user groups go to Members tab -> Manage User Groups -> Edit for the group -> Global tab 2. For the lost password recovery it is best to use the email random password option. This option can be altered via the IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy. Note that it is highly advisable to email the new password instead of letting the user enter it manually as it is much less likely that the user account email address is compromised. 3. Setup a limited amount of failed login attempts. If the number is reached the user is locked out of the forum for a set time. This option can be altered via your the IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Brute-force Account Locking section. The other two options below allows you to define if blocked accounts will be automatically unlocked and if so after how many minutes. 4. Use secure mail form for member to member communication. This way it will not be possible to get the emails of your board users and use them for spam and other fraudulent activities. You can enable secure form email for member to member communication via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Use secure mail form for member to member mails 5. Remove the admincp link from your board and modify the name of the administrator directory to something else. The link to the admin panel that is by default included on your forum index can be removed. This is highly advisable along with renaming the admincp folder to something else. The option can be altered via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Remove the ACP link from the board 6. It is highly advisable to manually approve new accounts registration as well as leave the option to verify the registration via email. This option might not be suitable for very popular forums that have lots of new user registrations on a daily basis. However, for closed communities it is best if you have all new user registrations manually approved by forum administrators. This way you can prevent spam bots and unauthorized users from posting on your forum with 100% success. The highest possible security is forcing users to first verify the new account registration via the email address they provided upon registering the new account. Once the new account registration is verified via email it is queued for approval via the board administrator. This option can be chosen via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> New registration email validation. You might want to take some time and also adjust the options below to your convenience. 7. Force user login before the board is viewed. This way only registered users can view and post on your online board. Note that in this case guests on your online board won't be able to view any of the forums. The option is available at IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Force guests to log in before allowing access to the board The alternative is to set specific permissions for each forum and thus allow some general purpose forums to be viewable for Guest users. For example you might want to make news and forum rules viewable for everyone so they can check them prior to registering. To achieve this all you need to do is use the permissions matrix when creating a new forum or category. Do not add permissions for the group that guest users are automatically assigned to. This way none of your forums will be accessible for users that are not registered and logged in except for forums you explicitly add permissions to. It is highly advisable to set only Show Forum and Read Topics permissions in such cases. 8. Do not display the version of IPB you are running. Otherwise it will be much easier to search for possible exploits for the specific version if one is trying to compromise your board. Displaying the IPBoard version can be turned off via IPBoard admincp -> System -> System Settings -> System Tab -> Security and Privacy -> Privacy section -> Display IPB version on your site. There are various options you can manage for your IPBoard. Most of the other features that can be a security issue are set to the highest possible security by default. Bear in mind that you should carefully read and understand what each option does prior to making changes in order to avoid any issues with your online board. Thanks for this valuable material goes to: http://www.siteground.com/tutorials/ipb/ipb-security.htm HACKS I want to show you a few important things, that many of you may know, but others wont. So lets start with the server and permissions: Never - and really never - set 777 permission on ANY directory/file. That would allow malicious users to execute/delete/move/edit your files easily. Do not make .htaccess files readable - they could leak important data. How to set permissions: chmod xxx -R /dir/to/files Secure phpmyadmin - there are several ways to do so, but a simple .htaccess file should be enough. The htaccess file can look like this (i use it like this): AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/passwords/.htpasswd Require valid-user add a file called .htaccess (it must have the . before htaccess and it needs to be in the directory you want to secure. For phpmyadmin its usually /usr/share/phpmyadmin) Do not run apache as root - if you do so, a malicious user could use exploits to gain access to the apache2 user - that could lead to a real disaster. use this tutorial to change your user for apache2: http://ubuntuforums....ad.php?t=927142 Secure php - turn off unnecessary features and set up open_basedir, it could save your server. This should help with turning off features for php: http://stackoverflow...erous-functions If you use apache, use mod_antiloris What does mod_antiloris do? Well its easy: There is a tool called slowloris. People use it to DoS a server - that means, they attack it, so the server shuts down. How does mod_antiloris do this? It opens a lot of apache processes so the apache server simply cant get enough ram anymore and shuts down automatically. Why do they use that tool? Because it uses so little resources that it makes it really easy to bring a server down. What does mod_antiloris do now? Well a server understands requests like this: SYN - ACK - SYN - ACK Well slowloris does this: ACK - ACK - ACK - ACK The server opens processes and never closes them since no SYN is coming back. mod_antiloris detects those malicious requests and closes them itself. Note: To install mod_antiloris, you need to look for it on google, I can not go indepth with the setup, since I only use Ubuntu as my server. Turn off php error reporting. No one needs to see php errors on the page. They could cause to a leak of data and in this case, there is a Full path disclosure script out there that could tell an attacker what your directory is called. To disable it you can add: error_reporting(0); @ini_set('display_errors', 0); to the end of your index file. Now to the IPB Setup and file Setup: Use .htaccess for the admin directory. (Refer to the Security center for this) Rename the admin directory. (Referr to the Security center) Remove dav.php if it isnt necessary. (In terminal: rm /path/to/dav.php) Use hooks like StopForumSpam to prevent fraud on your forum. (Use the StopForumSpam website for more info, they have in-depth tutorials for this on their site) Before you install a skin, check it. The skin "Glare by Tom Christian" reveals your admin directory in the source code for example, no matter what you set it up to do. You can do so by simply opening your source code on the index page of your forum and searching for your ACP link. Then when you found it you can easily referr to the CSS files (Look and Feel - Edit Skin CSS - globalTemplate) Change your display name. Users can use bruteforce to get your password, but what if they don't know what your username is called? They can´t brute it. You can do so in the members tab in the ACP. Do not allow signatures which are too big (I know its not security related but it can slow down your site dramatically) This can be done within the IPB ACP (resize images) Follow the things written in your Security Center, IPB knows what they write. Use the Checkers (Whitespace Checker and so on) weekly so you see if something goes wrong. Remove users using odd usernames. What do I mean with odd? <script>alert(blabla)</script> is surely odd and it shows that the user tried to do an XSS attack. XSS can be used for attacks to get sensitive data or deface your website. Other things you can do is on files that really should not be viewable via php as regardless of the request placing: if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } After: <?php Result: <?php if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } Also adding blocks via the htaccess is also wise for things such as conf_global.php, initdata.php, and constants.php <Files conf_global.php> deny from all </Files> <Files initdata.php> deny from all </Files> <Files constants.php> deny from all </Files> Or, you can also do this and it will work. Rename your conf_global.php to w/e you want, make a new conf_global.php and place this in it: <?php if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { exit('Denied.'); } @include('yournewconfigname.php'); ?> Thanks for this valuable material goes to: http://invision-virus.com/forum/index.php/topic/530-how-to-secure-your-ipb-version-properly/