Monthly Archives : September 2016

Do this and not that – Mobile Malware

mobile-malware1

The three best practices to avoid mobile malware is to use an official app store, resist temptation to jailbreak your device, and keep updates current. Apple and Google app stores remain the most vigilant about mobile malware concerns. Google uses Verify Apps that runs in the background of modern Android systems to scan for spyware, ransomware, and fraudulent apps. The company also checks mobile apps that are submitted to the Google Play Store. Less than one out of every 10,000 devices that only downloads from the Google Play Store has a program in the malicious category.

Jailbreaking your device undermines much of the already pre-installed security on the phone. In addition to this, the ability to restrict applications from accessing personal data on the phone as well as validate applications is disabled. Basically, if you jailbreak your device you better have a pretty good understanding of technology, because you just became the sole provider of security for that device.

This may be a surprise to most, but vulnerabilities actually do not increase the likelihood on malware on mobile devices. Symantec’s Internet Security Threat Report released Apple iOS had nearly 8 times as many vulnerabilities as Android in 2014, but near all malware for that year were targeted at Android devices.

The reliance and increased functionality of mobile devices leads developers to push out updates and bug fixes as fast as possible. Users should pay attention to this and keep their applications and software updates current. Android users often wait to update because of the lengthy process involved, but the benefits usually out whey this inconvenience, especially considering Android devices are most susceptible for malware.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.pcworld.com 

Cisco PIX firewall and IOS software security vulnerabilities

security

Cisco has released reports that a high priority security hole in its IOS software could have allowed hackers access to memory contents, and therefore confidential information, from more than one product in their lineup.

Cisco has pinpointed cause of the vulnerability to  “insufficient condition checks in the part of the code that handles [Internet Key Exchange] IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests.”

Network World 

IKEv1 is used in VPN applications such as LAN-to-LAN VPN, remote access VPN, Dynamic Multipoint VPN, and Group Doman of Interpretation. To address the vulnerability Cisco plans to release software updates and currently there is no workaround available.

The list of Cisco products is as follows:

  • Cisco IOS XR Software versions 4.3.x through 5.2.x.  are affected

  • Cisco IOS XR Software released 5.3.x and newer are not affected

  • PIX versions 6.x and prior are affected

  • PIX versions 7.0 and after are unaffected

Back in August Cisco was alerted to information posted on the internet that had been exploited from firewall products from multiple vendors. The potential for exploitation of Cisco PIX firewalls was considered, and Cisco began an investigation into reports of the “BENIGNCERTAIN” exploit.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: www.networkworld.com 

 

Teenage hacker grabs massive data from 800,000 open FTP servers

hacker

Not all teenagers are sneaking out in the middle of the night, one is sneaking into nearly 800,000 open FTP servers. The story begins with a security researcher, Minxomat, scanning IPv4 addresses to find nearly a million open FTP servers needing no authentication for access. This scan revealed that not only is no authentication needed but that 4.32 percent of all FTP servers in the IPv4 space can be accessed by an anonymous user login with no password. Seriously!!

Shortly there after this report was released, reports surfaced that a young teen hacker by the name of “Fear” had gained access to and downloaded massive amounts of data from every state with a domain on .us, as well as some .gov domains. (In a report to Network World)

“I gained access to an FTP server that listed access to all the FTPs on .us domains, and those .us domains were hosted along with .gov, so I was able to access everything they hosted, such as public data, private data, source codes etc.,” Fear told DataBreaches.net. It was “very simple,” he said, “to gain access to the first box that listed all the .us domains and their FTP server logins.”

Network World

He later added to this claim, stating that the attack was a SQL injection (poorly coded web database that leaks information). Fear gained access to credit card information, social security numbers, email address, home addresses, phone numbers, and web-banking transactions. Fear claims there was no encryption to protect the data and that he could “read all of it in plain text form”

His message to those responsible for securing state and government FTP servers is: “5 char passwords won’t save your boxes.”

On Sunday, someone in Florida attempted to secure the data, taking down the FTP server before password-protecting it and bringing it back up, but Fear said, “Too bad they don’t know its backdoored LOL…. they legit suck at security.”

Network World

Security professions are questioning the reliability of the claim.

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen,” said Neustar Senior Vice President Rodney Joffee.

But as Fear states “It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen,”

The Hill 


If you would like to learn more about the infomration presented in this blog post please visit: www.networkworld.com  www.thehill.com 

 

Take Back Privacy with Windows 10

maxresdefault-4Windows 10 offers an option to help protect third parties from tracking your movements based on your connections to Wi-Fi networks. Under Settings > Network & Internet > Wi-Fi, turn on the Use random hardware addresses setting. This will keep third parties from matching your Wi-Fi adapter’s hardware address with your personal information, and therefore much more difficult to track your location.

The internet is full of third party ad networks and analytics companies that use cookies and tracking technology to record web movements. This information is usually used to correlate online actions and movements to the things you do away from the internet. Sometimes this can be as harmless as the ads on the bottom of a webpage being that of the product you just googled, or the implications can be be used to discover your offline identity. Regardless, one should be cautious of where all these internet movements lead. Third-party anti-tracking software such as Abine’s Blur will limit the amount of information that such ads can gather. Ad-blocking software can limit such information as well in addition to its purpose of blocking unnecessary ads. Although many advise against leaning on ad-blocking alone, due to the usual close ties between some ad-blocking third-parties and the ads they block. Employ an ad-in to limit your digital footprint however is better than running free range around the internet. Even if it is just a chrome plug in.

Windows 10 Operating System houses information that can be easily used to discover your location. Within Settings > Privacy > Location you will find access to preferences concerning location information. You can use the master toggle at the top of the screen to turn off all location features for all users of the machine. I personally would clear the location history that is saved within this window, if nothing else.

Windows 10 will log a small amount of your information to provide Cortana with a solid knowledge of your preferences so that she may generate suggestions. If you rather take care of yourself without Cortana studying you, you can easily turn her off completely. or navigate her settings.

Under Settings > Privacy > General, click Info about how I write and turn it off so that your typos aren’t used to improve things like the built-in spell checker.

Under Settings > Privacy > Speech, inking, & typing, under the Getting to know you heading, click Stop getting to know me to turn off personalization.

Lastly, Settings > Privacy > General. Advertising ID controls whether Microsoft serves personalized ads to ad-supported apps. If you turn this option off, you still get ads, but they’re not personalized. In any case, your information is not shared with advertisers.

A few tricks to give you more of your privacy back.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Top 3 Identity Management Solution Recommendations

 Identity-Management-as-a-Service (IDaaS) provider aids with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.

okta

Okta Identity Management

Okta comes highly rated for identity management, and for good reason. Rated best-in-class for support of integrating multiple directories, as it allows for multiple identity providers without compromising data quality, support providers such as AD, Google Apps, and Workday. Beginning at $2 per user, per month and ranging up to $8 for the most advanced tier. Installation and set up of Okta is fairly easy. One of the first steps of set up involves connecting to an existing AD domain, which Okta offers an AD agent that will synchronize user and security group objects to the software’s cloud based Universal Directory. After downloading the installer and going through the basic wizard motions, you can start using the Okta Agent Manager to dabble with basic maintenacne tasks, adding domains, and configuring a proxy server. You can use Okta to make your life easier by configuring the software to pull employee information from a SaaS application, configured as master attricutes, fed back to AD, and therefore enabling changes to the group to be automatically populated. The functionality possibilities are really to whatever degree you decide to take it. Okta offers more than any other Identity Management in the game.

 

onelogin  OneLogin

OneLogin is another great Identity Management tool. It offers support for multiple security policies and roles and mapping functionality provide flexible management. OneLogin offers a free entry-level proving that makes it the ideal choice for small businesses. Their four tier model ranges from the free level offer to an $8 per user, per month option similar to that of Okta. The directory integration sets OneLogin apart in the enterprise, alomg with other expected features of a quality IDaaS, such as multiple security policies, mobile functionality for users, multifactor authentication, and SAML authentication. Some found OneLogin’s dependence on mappings to be confusing, so that is something to consider.

azureWindows Azure Active Directory

Best-in-class integration with both Active Directory (AD) and Office 365, as well as the most cost-effective option for multifactor authentication (MFA). Azure gets a significant boost up due to the tight integration with Microsoft Windows Server Active Directory (AD) and Office 365. Azure AD encompasses advanced toolsets for managing identities and identifying the Software-as-a-Service (SaaS) applications used within an organization. Microsoft has been a top industry leader for decades, which is why they have such a significant leg up in on-premise network directories. Azure AD’s pricing is very competitive compared to other IDaaS, offering a free tier, a Basic tier for $.50 per user per month, and a Premium tier that runs $6 per month.

 


 

If you would like to educate yourself in more detail about the information presented in this blog post, please click on the linked titles above.

 

Keep Conversations Private with End-to-End Encryption Messaging

facebook-messenger-encryption1

Messaging is one technological advance that most cannot live without. But most of us would like to rest assured that what we type will be for the eyes of the receiver only, and not a mysterious third party. Regardless of paranoia or worry about hacking, encryption is a sure fire way to protect messages as they leave your finger tips. End-to-end encryption ensures that only the sender and the recipient can read the message. The message is first encrypted on your phone, then sent, and decrypted on the receiving side. Telecom providers, government agencies, and the company that hosts the service itself, cannot read your messages. The provider couldn’t even hand over messages if subpoenaed, because the provider would not have the ability. Hackers that infiltrate the service platform still would not be able to read your encrypted messages.

This sounds almost too good to be true, and not all encryption services are created equal. Encrypted, does not imply end-to-end encryption. Services that encrypt messages between endpoints of transmission, means that conversations are stored encrypted on the platform’s servers, which is not entirely bad. However, since the platform encrypted them they can also decrypt them.

The best end-to-end encryption services on the market today are as follows:

Telegram – Has been around for a while now, which might aid with the biggest hang up on the app, inviting all your friends to join. This over-the-top service does not have the ubiquity of SMS messaging. The app does allow for individual messaging, group messaging for an unlimited number of users, or even public group messaging for a social network feel.

Signal – This is one of the easier applications to set up, automatically authenticating your phone number. It can be used as your default SMS application as well, eliminating hurdles found with over-the-top services. The color custimization for conversations helps with communication clarity, aka not sending the wrong text to the wrong conversation. In addition to private conversations and group conversations with unlimited users, this application also makes calls.

Wire – Wire is a cool alternative for the user that wants message encryption and creative license. The application allows for doodling, location sharing, image sending, and video recording. Despite the feature initiatives, the application doesn’t support some of the escalated group messaging features, and is best used for private one-on-one conversations.

WhatsApp – By far the most popular, this application offers end-to-end encryption and the lure of over a billion users. Hopefully meaning less people you have to convince to install and use a different messaging service. The application is owned by Facebook, which just recently announced they would be using phone numbers and some other account information from  WhatsApp. Hmm. Despite worry, the application proves to be a user friendly messaging alternative.


If you would like to learn more about the information presented in this blog post please visit: www.networkworld.com

iOS 10 Wants to Help you Get More Beauty Rest

bedtime-2bedtime

You’ll find the new bedtime feature offered in iOS 10 in the Clock application. The first time you use the feature you will be walked through the functions. You may notice the application is now in dark mode, finally realizing most of us set alarms when we are already in bed or near sleep.

Begin by setting your wake up time, and tap “Next”. Hit the days of the week you would like the alarm to function. Set the number of hours you need to get each night (don’t worry this can be changed). After you have decided how many hours of precious beauty rest you would like, the application would like to know when you would prefer your nightly bedtime reminders, which can range from the bedtime itself to 15 minutes before or 1 hour before. The new bedtime feature comes with new sounds as well to jazz up bedtime and wake time alarms. Once you have saved your preferences, you will be able to see a short seven day history of your sleep. If you tap “More History” you will be brought into the Health app where you can explore your sleep history by day, week, month or even year.

For those users that use iOS as an alarm clock, consider this to be a major upgrade. It isn’t a full blown sleep tracker as many fitness trackers offer, but it is an easy way to track sleep hours and set up bedtime reminders. How great would this be for kid bedtimes??


If you would like to learn more about the information presented in this blog post please visit: www.howtogeek.com

 

 

Turn Voicemail into Text with iOS 10

 aptastic

Apple has always had a productive approach to voicemail, first with the visual listing of voicemails with the contact name, date and time attached, making it easy to browse past or go directly to the voicemail you would like to hear. The upgrade to iOS 10 takes this a little further, allowing for voicemail transcription, that can be shared or saved. When you have a voicemail you would like transcribed, open voicemail and select the voicemail you wish to be written. The voicemail should automatically start playing. If the person has just left the message, iOS will start the process automatically, showing a “Transcribing” message, to tell you what is taking place. Once the voicemail is transcribed, the written message will be displayed within the original voicemail, in other words in the visual list of voicemail. This could be helpful in those instances when raising a phone to your ear is not allowed, perhaps during a presentation, work meeting, event, important dinner, etc. The transcription of the voicemail might be a little off, but at least this gives a general idea as to why the person is calling, aka emergency or non emergency. This feature is currently considered a beta feature, therefore after transcription has taken place you will see a tiny typed question asking “Was this helpful?”, which Apple will use to decide if the feature will be a permanent one.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.howtogeek.com 

Turn off read receipts for specific conversations in iOS 10

abbI have my read receipts on and I love the transparency. In a world where we are always accessible, I hope that my read receipts provide my friends and coworkers reassurance that I am not simply ignoring their messages but rather I am not on my phone (which happens!!). I’d like to think this also applies to my family members. Mom, if I haven’t read your texts yet, I am probably not available for a phone call, just saying. But regardless of the read receipts and the reasons behind it, sometimes you don’t want the same features to apply to everyone in your contacts. Perhaps I’ll let you discover that reasoning on your own… 😉

iMessage lets you toggle between showing read receipts and not showing, but that’s as far as the customization goes. In iOS 10 however, users have been given the option to turn off read receipts within each conversation, meaning you can show read receipts to your bff and not your boss. Or vice a versa.

To discover this feature, send read receipts has to be on to start with, meaning if the thought of read receipts alone is too weird for you, you might want to find another iOS 10 feature to play with. First, go to the settings in your iPhone, then messages, and find the send read receipts toggle and implement. So if you are like me, after updating to iOS 10 you can skip this step entirely. Now comes the fun. Begin customizing who will get to see read receipts and who won’t by switching to the Message application in your iPhone. Within each conversation, in the top right corner, tap the information icon. Where you see “send read receipts” with a toggle option, choose how you would like to proceed for that conversation. Proceed with all conversations that you want to not show your read receipts.

As a user, I am torn. I think the accessibility of the feature can be viewed in two ways. Navigating the feature within each conversation could become tiresome if the user is looking to show read receipts for only a few contacts, such as with a significant other or family members. In this regard the user would have to go through every conversation and turn off the feature. What about those contacts that you haven’t texted recently enough to have a conversation to go back to? Will you remember to turn off this feature for each new communication? Probably not. It would be ideal if the feature had better audience control within iMessage settings. In retrospect, for users like myself that already have read receipts in use for all contacts, being able to turn off read receipts for individual conversations is a great bonus.

Nice feature, could have better audience selection.


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.howtogeek.com

Samsung Galaxy Note 7 – no longer voluntary

note 7

Great news for Samsung users that have been using their Note 7 with extreme caution the last few weeks, replacements will be in stores Wednesday, September 21st! The recall transitioned from voluntary to mandatory as the US government’s Consumer Product Safety Commission (CPSC) issued a deathknell due to the lithium-ion battery overheating. According to the CPSC, Samsung received 92 reports of batteries overheating, 26 reports of burns, and 55 reports of property damage including fires in cars and garages. The CPSC recommends powering down the device immediately and seeking a replacement or refund from your wireless carrier, retail store, or Samsung directly. You can get the exact same Note 7 with a new, non-exploding battery, starting Wednesday, September 21st.

The Note 7 was widely successful before the recall, selling a million devices. However, the recall itself is estimated to cost Samsung $1 Billion. Ouch. 


If you would like to learn more about the information presented in this blog post please visit: www.techradar.com