Turk Telekom says internet access restored after cyber attack – Security – Telco/ISP- Tempemail – Blog – 10 minute

Turk Telekom has restored internet access after a cyber attack caused connectivity problems, the company said on Monday, adding that it was working to limit any ongoing impact of the issue on users.
Turkey’s largest telecoms group said earlier on Monday it had been hit by a cyber attack that led to problems with internet access, but did not specify who was carrying out the attack. It said the strike had targeted its DNS addresses.
In a separate statement later on Monday, Turk Telekom said internet access had been restored to normal as of 1545 GMT.
“The problem caused by an operator abroad has been solved, with domestic and international internet traffic returning to its normal flow,” the company said.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack – Tempemail – Blog – 10 minute

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, “better late than never,” but since hackers don’t waste time or miss any opportunity to exploit vulnerable systems, even a short window of time resulted in the compromise of hundreds of Internet exposed Citrix ADC and Gateway systems.
As explained earlier on The Hacker News, the vulnerability, tracked as CVE-2019-19781, is a path traversal issue that could allow unauthenticated remote attackers to execute arbitrary code on several versions of Citrix ADC and Gateway products, as well as on the two older versions of Citrix SD-WAN WANOP.
Rated critical with CVSS v3.1 base score 9.8, the issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, who responsibly reported it to Citrix in early December.

The vulnerability is actively being exploited in the wild since last week by dozens of hacking groups and individual attackers—thanks to the public release of multiple proofs-of-concept exploit code.
According to cyber security experts, as of today, there are over 15,000 publicly accessible vulnerable Citrix ADC and Gateway servers that attackers can exploit overnight to target potential enterprise networks.
FireEye experts found an attack campaign where someone was compromising vulnerable Citrix ADCs to install a previously-unseen payload, dubbed “NotRobin,” that scans systems for cryptominers and malware deployed by other potential attackers and removes them to maintain exclusive backdoor access.
“This actor exploits NetScaler devices using CVE-2019-19781 to execute shell commands on the compromised device,” FireEye said.
“FireEye believes that the actor behind NOTROBIN has been opportunistically compromising NetScaler devices, possibly to prepare for an upcoming campaign. They remove other known malware, potentially to avoid detection by administrators.”

Citrix Patch Timeline: Stay Tuned for More Software Updates!

Last week Citrix announced a timeline, promising to release patched firmware updates for all supported versions of ADC and Gateway software before the end of January 2020, as shown in the chart.

As part of its first batch of updates, Citrix today released permanent patches for ADC versions 11.1 and 12.0 that also apply to “ADC and Gateway VPX hosted on ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or on a Citrix ADC Service Delivery Appliance (SDX).”
“It is necessary to upgrade all Citrix ADC and Citrix Gateway 11.1 instances (MPX or VPX) to build 11.1.63.15 to install the security vulnerability fixes. It is necessary to upgrade all Citrix ADC and Citrix Gateway 12.0 instances (MPX or VPX) to build 12.0.63.13 to install the security vulnerability fixes,” Citrix said in its advisory.

“We urge customers to install these fixes immediately,” the company said. “If you have not already done so, you need to apply the previously supplied mitigation to ADC versions 12.1, 13, 10.5, and SD-WAN WANOP versions 10.2.6 and 11.0.3 until the fixes for those versions are available.”
The company also warned that customers with multiple ADC versions in production must apply the correct version of patch to each system separately.
Besides installing available patches for supported versions and applying the recommended mitigation for unpatched systems, Citrix ADC administrators are also advised to monitor their device logs for attacks.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Standstill At Picanol An Alert For Companies. What Is A Ransomware Attack?- Tempemail – Blog – 10 minute

Earlier this week, Belgium based company Picanol was struck with the news of a ransomware attack on their IT systems. It is a malware that locks a company out of its own IT systems with cybercriminals demanding a ransom.
Relying heavily on computers for operating, their production segments in Romania, China, and Belgium came to a standstill. 
This isn’t the only ransomware attack that happened in the year. As 2020 came into being, a ransomware attack was already waiting on a US maritime facility. After an offline period of more than 30 hours, they were back online. Facilities that were affected were cameras, door access control systems, and critical monitoring systems. 
The ransomware was believed to be sent via a malicious email link that an employee clicked on. This isn’t surprising news especially since 2019 saw major ransomware attacks on big enterprises. As per statistics, $1 billion is a ransomware’s minimum annual global revenue and to recover from it is 8 times higher cost for businesses. 
Read: Ransomware-As-A-Service, IoT Attacks And Cryptojacking On A Rise: Report
What exactly is ransomware and how can organizations prepare for it? 
What is ransomware?
If your laptop screen displays “Windows can’t open this file” or you are completely locked out of your system, there is a high chance you have been attacked by ransomware. If you find that one by one all your colleagues have lost access to their computers, then the attack has been targeted to your entire organization. 
A ransomware is a malware that typically locks a person’s access to their computer through a malicious link. The ‘ransom’ in the name is actually a ransom that is demanded by the cybercriminal to give you back access. 
The laptop or computer screen shows ‘how to pay the fee to decrypt’ guide for you to go ahead. 
How does ransomware work?
Most commonly the attack is pursued through a phishing spam i.e baiting the victim with malware attachments in emails for download. You can predict what happens next. Once downloaded, these files take over the computer, leaving no control to the victim. There are more frightening ransomware types too that don’t even need to trick the user into accessing their systems. 
Read: New Ransomware Variants Double In Q2: Kaspersky
How can an organization prevent itself from a ransomware attack?
These are routine procedures that cannot be taken for granted. It will save you a lot of time and money (ransom, in this case) to stay careful with your systems. 
This is how an organization can prevent itself from a ransomware attack: 

Installation of antivirus and security software 

An antivirus software would be extremely helpful in detecting any malicious programs or files that accidentally got onto your system. You can also opt for internet security solutions that are on the watch-out when you are streaming videos or downloading files. 

Always have updated software

It is highly recommended that you should keep your software updated to their newest versions. Why? Older software is more vulnerable to cyber-attacks. With new updates, there are always the latest updates on the security patches. 

Back up your data at regular intervals

Having a back up of your data is the best thing even in small scenarios of human error deleting or big scenarios like ransomware attacks. However, you must do it at regular intervals of time so you don’t fall victim to an attack. An external hard drive and cloud storage are good options that you can consider for backing up your data. 
How should an organization respond to a ransomware attack?
First thing: Never agree to pay to the ransom. A cyber attack situation is similar to real-life attack situations. There is absolutely no guarantee that you will retrieve all your data if you pay the ransom and hence, don’t take up a negotiation with the cybercriminal. 
Another thing you must remember to do is to disconnect from the internet or any other network you are connected to. This will minimize the level of damage that the ransomware attack would otherwise achieve. 
Read: Can Ransomware Attacks Be Fought By Adding ‘Time Travel’ Feature To Drives?
Concluding…
Ransomware attacks are growing with companies’ growing dependence on computer systems and data. To be vigilant of cyber threats and take learnings from misfortunes of other companies would be a smart way forward. The magnitude of a ransomware attack is capable of bringing an entire city on a standstill, so caution is advised to companies. 

If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Travelex restoring electronic services after ransomware attack – Security- Tempemail – Blog – 10 minute

Travelex is restoring operations to process foreign exchange orders electronically, it said on Monday, almost two weeks after cyber hackers took hold of its systems, leading to a global blackout of its online services.
Staff at Travelex were forced to use pen and paper to serve thousands of customers after ransomware forced the company to take all its systems offline, causing chaos for New Year holidaymakers and business travellers seeking online currency services.
“We continue to make good progress with our recovery and have already completed a considerable amount in the background,” Travelex, owned by Finablr Plc, said in an email.
“We are now at the point where we are able to start restoring functionality in our partner and customer service.”
The currency trader said it had restored some of its internal and order processing systems and was providing refunds to customers “where appropriate”.
Travelex also provides forex services for customers of HSBC, Barclays, Virgin Money and the banking arms of British retailers Tesco and Sainsbury.
The company, which has a presence in more than 70 countries, had been forced to serve customers face-to-face at 1200 locations worldwide.
Travelex said on Monday it will continue to communicate with partners about restarting services and “provide a roadmap” setting out its next steps.
The company said it has been able to honour most online orders for collection in store after being hit by ransomware called Sodinokibi and has contacted those affected to make alternative arrangements. 
Travelex said it was working with authorities including the Tempemail Cyber Security Centre and London’s Metropolitan Police. The police have launched a criminal investigation.
“Based on Travelex’s extensive internal assessments and the analyses conducted by its expert partners there, is no evidence to suggest that customer data has been compromised,” the company said.
Companies face an increasing threat from ransom-demanding hackers who cripple technology systems and demand payment to stop.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Travelex offline after ‘software virus’ attack – Security – Finance- Tempemail – Blog – 10 minute

Global forex giant Travelex has suffered what it is calling a “software virus” infection, forcing the company to take its IT systems offline during the busy holiday period.
Travelex confirmed a virus was discovered on New Year’s Eve, which it said had compromised some of its services.
While Travelex did not specify which of its services were compromised, the company’s network of branches are continuing to exchange foreign currency manually.
Travelex Australia apologised to customers, and said online services could not be delivered via the web or the company’s mobile app.

Hi Rebecca, we’re having IT issues and are very sorry for the inconvenience. We’re unable to give our usual services on the website or through the app. Please visit https://t.co/LbfwamPOfK, or https://t.co/pTzLpMbFMQ to top up and call 1800303297 for balance updates. ^Oliver
— Travelex Australia (@Travelex_AUS) January 2, 2020
The incident has similarly affected digital operations in other countries where Travelex maintains a presence.
An investigation by Travelex has so far found no evidence of personal and customer data being compromised.
Teams of IT specialists and external security consultants are working to isolate the unspecified virus, and to restore affected systems.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Wikipedia blames malicious DDOS attack after site goes down across Europe, Middle East – gpgmail


Wikipedia was forced offline in several countries Friday after a cyber attack hit the global encyclopedia.

Users across Europe and parts of the Middle East experienced outages shortly before 7pm, BST, according to downdetector.com.

Wikimedia’s German Twitter account posted: “The Wikimedia server…is currently being paralysed by a massive and very broad DDOS [distributed denial of service] attack.”

The site issued the following statement:

Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site.

As one of the world’s most popular sites, Wikipedia sometimes attracts “bad faith” actors. Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving. Because of this, the Wikimedia communities and Wikimedia Foundation have created dedicated systems and staff to regularly monitor and address risks. If a problem occurs, we learn, we improve, and we prepare to be better for next time.

We condemn these sorts of attacks. They’re not just about taking Wikipedia offline. Takedown attacks threaten everyone’s fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone.

Right now, we’re continuing to work to restore access wherever you might be reading Wikipedia in the world. We’ll keep you posted.”

The site was reported to be down in large parts of the UK as well as Poland, France, Germany and Italy.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

The Untold Story Behind the World’s First Major Internet Attack: The Morris Worm


This site may earn affiliate commissions from the links on this page. Terms of use.

Our connected world comes with countless risks. Viruses, worms, spyware, ransomware, backdoors, trojans: The language of cybersecurity is relatively new, but we have quickly become fluent. The misuse of technology has become the darkest danger of the digital age. Bad actors, emboldened by our inability to properly secure crucial systems and networks, are launching increasingly sophisticated attacks. No system is safe.

But in the beginning — the very, very beginning — computers inspired utopian visions of a better future, a world in which we were all digitally connected to one another and living in harmony.

Then came the Morris Worm.

At Xerox’s Palo Alto Research Center, programmers were developing high-speed networks and the means by which computers could communicate with one another. This was the birth of the internet, and programmers’ ambitions pushed the limits of the imagination. But no one in Palo Alto could’ve imagined how bringing computers together would allow one bad actor to tear the system apart.

In this premiere episode of Kernel Panic, ExtremeTech’s sibling sites Mashable and PCMag take viewers back to the moment everything changed: 1988, when groundbreaking malware known as the Morris Worm spread across global networks, causing significant outages and worldwide panic. The Morris Worm opened the world’s eyes to unforeseen vulnerabilities, planting the seeds of public mistrust that have steadily grown for decades and, today, are flourishing.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Privacy researchers devise a noise-exploitation attack that defeats dynamic anonymity – gpgmail


Privacy researchers in Europe believe they have the first proof that a long-theorised vulnerability in systems designed to protect privacy by aggregating and adding noise to data to mask individual identities is no longer just a theory.

The research has implications for the immediate field of differential privacy and beyond — raising wide-ranging questions about how privacy is regulated if anonymization only works until a determined attacker figures out how to reverse the method that’s being used to dynamically fuzz the data.

Current EU law doesn’t recognise anonymous data as personal data. Although it does treat pseudoanonymized data as personal data because of the risk of re-identification.

Yet a growing body of research suggests the risk of de-anonymization on high dimension data sets is persistent. Even — per this latest research — when a database system has been very carefully designed with privacy protection in mind.

It suggests the entire business of protecting privacy needs to get a whole lot more dynamic to respond to the risk of perpetually evolving attacks.

Academics from Imperial College London and Université Catholique de Louvain are behind the new research.

This week, at the 28th USENIX Security Symposium, they presented a paper detailing a new class of noise-exploitation attacks on a query-based database that uses aggregation and noise injection to dynamically mask personal data.

The product they were looking at is a database querying framework, called Diffix — jointly developed by a German startup called Aircloak and the Max Planck Institute for Software Systems.

On its website Aircloak bills the technology as “the first GDPR-grade anonymization” — aka Europe’s General Data Protection Regulation, which began being applied last year, raising the bar for privacy compliance by introducing a data protection regime that includes fines that can scale up to 4% of a data processor’s global annual turnover.

What Aircloak is essentially offering is to manage GDPR risk by providing anonymity as a commercial service — allowing queries to be run on a data-set that let analysts gain valuable insights without accessing the data itself. The promise being it’s privacy (and GDPR) ‘safe’ because it’s designed to mask individual identities by returning anonymized results.

The problem is personal data that’s re-identifiable isn’t anonymous data. And the researchers were able to craft attacks that undo Diffix’s dynamic anonymity.

“What we did here is we studied the system and we showed that actually there is a vulnerability that exists in their system that allows us to use their system and to send carefully created queries that allow us to extract — to exfiltrate — information from the data-set that the system is supposed to protect,” explains Imperial College’s Yves-Alexandre de Montjoye, one of five co-authors of the paper.

“Differential privacy really shows that every time you answer one of my questions you’re giving me information and at some point — to the extreme — if you keep answering every single one of my questions I will ask you so many questions that at some point I will have figured out every single thing that exists in the database because every time you give me a bit more information,” he says of the premise behind the attack. “Something didn’t feel right… It was a bit too good to be true. That’s where we started.”

The researchers chose to focus on Diffix as they were responding to a bug bounty attack challenge put out by Aircloak.

“We start from one query and then we do a variation of it and by studying the differences between the queries we know that some of the noise will disappear, some of the noise will not disappear and by studying noise that does not disappear basically we figure out the sensitive information,” he explains.

“What a lot of people will do is try to cancel out the noise and recover the piece of information. What we’re doing with this attack is we’re taking it the other way round and we’re studying the noise… and by studying the noise we manage to infer the information that the noise was meant to protect.

“So instead of removing the noise we study statistically the noise sent back that we receive when we send carefully crafted queries — that’s how we attack the system.”

A vulnerability exists because the dynamically injected noise is data-dependent. Meaning it remains linked to the underlying information — and the researchers were able to show that carefully crafted queries can be devised to cross-reference responses that enable an attacker to reveal information the noise is intended to protect.

Or, to put it another way, a well designed attack can accurately infer personal data from fuzzy (‘anonymized’) responses.

This despite the system in question being “quite good,” as de Montjoye puts it of Diffix. “It’s well designed — they really put a lot of thought into this and what they do is they add quite a bit of noise to every answer that they send back to you to prevent attacks”.

“It’s what’s supposed to be protecting the system but it does leak information because the noise depends on the data that they’re trying to protect. And that’s really the property that we use to attack the system.”

The researchers were able to demonstrate the attack working with very high accuracy across four real-world data-sets. “We tried US censor data, we tried credit card data, we tried location,” he says. “What we showed for different data-sets is that this attack works very well.

“What we showed is our attack identified 93% of the people in the data-set to be at risk. And I think more importantly the method actually is very high accuracy — between 93% and 97% accuracy on a binary variable. So if it’s a true or false we would guess correctly between 93-97% of the time.”

They were also able to optimise the attack method so they could exfiltrate information with a relatively low level of queries per user — up to 32.

“Our goal was how low can we get that number so it would not look like abnormal behaviour,” he says. “We managed to decrease it in some cases up to 32 queries — which is very very little compared to what an analyst would do.”

After disclosing the attack to Aircloak, de Montjoye says it has developed a patch — and is describing the vulnerability as very low risk — but he points out it has yet to publish details of the patch so it’s not been possible to independently assess its effectiveness. 

“It’s a bit unfortunate,” he adds. “Basically they acknowledge the vulnerability [but] they don’t say it’s an issue. On the website they classify it as low risk. It’s a bit disappointing on that front. I think they felt attacked and that was really not our goal.”

For the researchers the key takeaway from the work is that a change of mindset is needed around privacy protection akin to the shift the security industry underwent in moving from sitting behind a firewall waiting to be attacked to adopting a pro-active, adversarial approach that’s intended to out-smart hackers.

“As a community to really move to something closer to adversarial privacy,” he tells gpgmail. “We need to start adopting the red team, blue team penetration testing that have become standard in security.

“At this point it’s unlikely that we’ll ever find like a perfect system so I think what we need to do is how do we find ways to see those vulnerabilities, patch those systems and really try to test those systems that are being deployed — and how do we ensure that those systems are truly secure?”

“What we take from this is really — it’s on the one hand we need the security, what can we learn from security including open systems, verification mechanism, we need a lot of pen testing that happens in security — how do we bring some of that to privacy?”

“If your system releases aggregated data and you added some noise this is not sufficient to make it anonymous and attacks probably exist,” he adds.

“This is much better than what people are doing when you take the dataset and you try to add noise directly to the data. You can see why intuitively it’s already much better.  But even these systems are still are likely to have vulnerabilities. So the question is how do we find a balance, what is the role of the regulator, how do we move forward, and really how do we really learn from the security community?

“We need more than some ad hoc solutions and only limiting queries. Again limiting queries would be what differential privacy would do — but then in a practical setting it’s quite difficult.

“The last bit — again in security — is defence in depth. It’s basically a layered approach — it’s like we know the system is not perfect so on top of this we will add other protection.”

The research raises questions about the role of data protection authorities too.

During Diffix’s development, Aircloak writes on its website that it worked with France’s DPA, the CNIL, and a private company that certifies data protection products and services — saying: “In both cases we were successful in so far as we received essentially the strongest endorsement that each organization offers.”

Although it also says that experience “convinced us that no certification organization or DPA is really in a position to assert with high confidence that Diffix, or for that matter any complex anonymization technology, is anonymous”, adding: “These organizations either don’t have the expertise, or they don’t have the time and resources to devote to the problem.”

The researchers’ noise exploitation attack demonstrates how even a level of regulatory “endorsement” can look problematic. Even well designed, complex privacy systems can contain vulnerabilities and cannot offer perfect protection. 

“It raises a tonne of questions,” says de Montjoye. “It is difficult. It fundamentally asks even the question of what is the role of the regulator here?

When you look at security my feeling is it’s kind of the regulator is setting standards and then really the role of the company is to ensure that you meet those standards. That’s kind of what happens in data breaches.

“At some point it’s really a question of — when something [bad] happens — whether or not this was sufficient or not as a [privacy] defence, what is the industry standard? It is a very difficult one.”

“Anonymization is baked in the law — it is not personal data anymore so there are really a lot of implications,” he adds. “Again from security we learn a lot of things on transparency. Good security and good encryption relies on open protocol and mechanisms that everyone can go and look and try to attack so there’s really a lot at this moment we need to learn from security.

“There’s no going to be any perfect system. Vulnerability will keep being discovered so the question is how do we make sure things are still ok moving forward and really learning from security — how do we quickly patch them, how do we make sure there is a lot of research around the system to limit the risk, to make sure vulnerabilities are discovered by the good guys, these are patched and really [what is] the role of the regulator?

“Data can have bad applications and a lot of really good applications so I think to me it’s really about how to try to get as much of the good while limiting as much as possible the privacy risk.”


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something