As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."
 |
| The old fashioned way. |
Showing posts with label Internet. Show all posts
Showing posts with label Internet. Show all posts
Tuesday, December 23, 2014
Skype for Android App - Eavesdropping - Feature or Flaw
The Skype for Android app reportedly features a flaw that allows other users to eavesdrop without any real effort.
As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."
As Ponkers explains, first it requires two devices signed into Skype account Android phone (device 1) and desktop (device 2). Now, if the user calls the target Android device (device 3) with the Android phone (device 1) and then disconnects from Internet while the target Android phone (device 3) has answered, it results in a call back from the target Android phone (device 3) to the user on desktop (device 2), and an automatic connection without the owner of the device necessarily knowing. (more)
As discovered by a Reddit user Ponkers (via Android Police), the security bug in Android app can "can force the Android version of Skype to answer, allowing you to eavesdrop."
Thursday, December 18, 2014
How to Spy on Your Competition...
...by keeping tabs on their Internet presence. (And, how they may be spying on you!)
Friday, November 28, 2014
The Bug Heard Round the World
Katana FT-1 is a miniature voice recorder with built-in Wi-Fi transmitter.
It records high quality audio on a MicroSD card. Yet to listen to the records you don’t even have to touch the voice recorder. All the collected data can be downloaded to an FTP server or host computer using ad-hoc Wi-Fi connection or via Internet.
To ensure high quality sound and fast upload Katana FT-1 exploits a dedicated audio processor with sophisticated voice compression algorithms (like Vorbis Ogg) and hi-speed Wi-Fi module. So 1 hour of high quality audio recording can be uploaded in just about 14 seconds. (more)
Why do I mention it?
So you will know what you're up against.
To ensure high quality sound and fast upload Katana FT-1 exploits a dedicated audio processor with sophisticated voice compression algorithms (like Vorbis Ogg) and hi-speed Wi-Fi module. So 1 hour of high quality audio recording can be uploaded in just about 14 seconds. (more)
Why do I mention it?
So you will know what you're up against.
Wednesday, October 22, 2014
Wednesday, September 17, 2014
FBI Seeks Expansion of Internet Investigation Powers
A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into computers of people attempting to protect their anonymity on the Internet. The DOJ has explicitly stated that the amendment is not meant to give courts the power to issue warrants that authorize searches in foreign countries—but the practical reality of the underlying technology means doing so is almost unavoidable...
As for extraterritorial hacking, the DOJ commentary explicitly states that the proposal does not seek power to extend search authority beyond the United States:
The latter standard seems to be a significant loophole in the DOJ’s own formulation of the approach, particularly given the global nature of the Internet. For instance, over 85% of computers directly connecting to the Tor network are located outside the United States. (more)
As for extraterritorial hacking, the DOJ commentary explicitly states that the proposal does not seek power to extend search authority beyond the United States:
- In light of the presumption against international extraterritorial application, and consistent with the existing language of Rule 41(b)(3), this amendment does not purport to authorize courts to issue warrants that authorize the search of electronic storage media located in a foreign country or countries. AUSA Mythili Raman, Letter to Committee.
The latter standard seems to be a significant loophole in the DOJ’s own formulation of the approach, particularly given the global nature of the Internet. For instance, over 85% of computers directly connecting to the Tor network are located outside the United States. (more)
Sunday, July 27, 2014
The Easy Fix to About 70% of Data Hacks
You never know when malware will bite. Even browsing an online restaurant menu can download malicious code, put there by hackers.
Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few. If just one of these systems can be busted into, the hacker can crack ‘em all...
One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity. (more)
Much has been said that Target’s hackers accessed the giant’s records via its heating and cooling system. They’ve even infiltrated thermostats and printers among the “Internet of Things”.
It doesn’t help that swarms of third parties are routinely given access to corporate systems. A company relies upon software to control all sorts of things like A/C, heating, billing, graphics, health insurance providers, to name a few. If just one of these systems can be busted into, the hacker can crack ‘em all...
One way to strengthen security seems too simple: Keep the networks for vending machines, heating and cooling, printers, etc., separate from the networks leading to H.R. data, credit card information and other critical information. Access to sensitive data should require super strong passwords and be set up with a set of security protocols that can detect suspicious activity. (more)
Friday, July 25, 2014
What Cats Can Teach You About Personal Privacy
Ever posted a picture of your cat online?
Unless your privacy settings avoid making APIs publicly available on sites like Flickr, Twitpic, Instagram or the like, there's a cat stalker who knows where your liddl' puddin' lives, and he's totally pwned your pussy by geolocating it.
Mundy, a data analyst, artist, and Associate Professor in the Department of Art at Florida State University, has been working on the data visualization project, which is called I Know Where Your Cat Lives.
It's a data experiment that takes advantage of a furry monolith: some 15 million images currently tagged with the word "cat" on public image hosting sites, with more being uploaded at a rate of thousands more per day.
Mundy isn't even particularly a cat person. He could just have easily called the project "I know where your kid sleeps". Creepy? Oh yeah - much worse than kitty-stalking creepy. That is, of course, the point of the project... (more) (The Map)
Tip: Go tighten up your privacy settings. Better yet, turn off geo-location when taking photos. Ultimate better, stop posting.
Unless your privacy settings avoid making APIs publicly available on sites like Flickr, Twitpic, Instagram or the like, there's a cat stalker who knows where your liddl' puddin' lives, and he's totally pwned your pussy by geolocating it.
Mundy, a data analyst, artist, and Associate Professor in the Department of Art at Florida State University, has been working on the data visualization project, which is called I Know Where Your Cat Lives.
Mundy isn't even particularly a cat person. He could just have easily called the project "I know where your kid sleeps". Creepy? Oh yeah - much worse than kitty-stalking creepy. That is, of course, the point of the project... (more) (The Map)
Tip: Go tighten up your privacy settings. Better yet, turn off geo-location when taking photos. Ultimate better, stop posting.
Sunday, July 20, 2014
Leaked British Spy Catalog Reveals Tools to Manipulate Online Information
No online communication is for your eyes only in the age of Internet surveillance by government spy agencies. But a leaked British spy catalog has revealed a wide array of online tools designed to also control online communication by doing everything from hacking online polls to artificially boosting online traffic to a particular website.
The spy catalog information developed by the British spy agency GCHQ comes from documents leaked by former NSA contractor Edward Snowden, according to The Intercept. Such documents don't contain much in the way of technical information about how the online spy tools work, but they do reveal a colorful array of code names for methods aimed at both collecting information and manipulating online information seen on websites such as Facebook and YouTube. (more)
Thursday, May 22, 2014
Facebook Grows Ears
A new feature in Facebook's mobile app is a timely reminder of the eavesdropping potential of smartphones.
The feature uses the built-in microphones in mobile devices to determine what music a user is listening to or what television show or movie they are watching. The company unveiled the feature Wednesday and said it would be available for Android and iOS users in the United States in coming weeks.
The feature doesn't operate automatically, and the user must turn it on for it to work, said Facebook product manager Aryeh Selekman. But if a user leaves the feature turned on, it will listen as they use the Facebook app to write status updates, upload photos or respond to messages from friends.
However, "no sound is stored and you’ll always get to choose whether you post to your friends," Selekman said in a blog post. (more)
Friends, maybe. But what about hackers, law enforcement and determined enemies?
I can't imagine how this feature could work without the sound being stored for some amount of time. FutureWatch: You'll be hearing more about this.
The feature uses the built-in microphones in mobile devices to determine what music a user is listening to or what television show or movie they are watching. The company unveiled the feature Wednesday and said it would be available for Android and iOS users in the United States in coming weeks.
However, "no sound is stored and you’ll always get to choose whether you post to your friends," Selekman said in a blog post. (more)
Friends, maybe. But what about hackers, law enforcement and determined enemies?
I can't imagine how this feature could work without the sound being stored for some amount of time. FutureWatch: You'll be hearing more about this.
What Your Competitors are Being Told to Use... to Spy on You
Knowledge is power and in the internet age, knowledge is easily
accessible. There are many tools available to scope out the competition
in order to make your business or service the most successful it can be.
Below are the top ten websites you can use “spy” on the competition and
see what they’re up to.
The quick list...
1. Google Alerts
2. Similar Web
3. SpyFu
4. Moat
5. Compete
6. Flippa
7. Social Searcher
8. SeoBook
9. InfiniGraph
10. iSpionage
(more)
The quick list...
1. Google Alerts
2. Similar Web
3. SpyFu
4. Moat
5. Compete
6. Flippa
7. Social Searcher
8. SeoBook
9. InfiniGraph
10. iSpionage
(more)
Thursday, April 3, 2014
Privacy: On-line Search Privacy Options
Explore services that allow you to search online without compromising your privacy.
Wednesday, March 12, 2014
The Comprehensive Guide to Facebook Privacy Settings
via techlicious.com...
The first thing you have to realize about Facebook: Nothing you put there is truly private.
Yes, you can control how users see or don’t see your profile. But every time you like a product or even look at a page, the company itself is taking note. This doesn’t mean that some day Facebook will malevolently release your every click to the world. But it does mean that Facebook is not your private diary, and what you do on the website gets collected and catalogued. That's worth keeping in mind whenever you use the service.
So let’s go over the various settings you can change to ensure pictures of your wacky jaunt to Vegas don’t end up at the top of your boss's news feed... (more)
The first thing you have to realize about Facebook: Nothing you put there is truly private.
So let’s go over the various settings you can change to ensure pictures of your wacky jaunt to Vegas don’t end up at the top of your boss's news feed... (more)
Sunday, March 2, 2014
If Your are Calling the FBI or Secret Service, ...
...don't get the phone number from a Google Maps listing.
Don't trust Google Maps, warns former map-jacker after he was ironically called a 'hero' by the feds he wiretapped.
The incident in question involves an individual posting their own phone number as a Secret Service field office phone number on
Google Maps. When unsuspecting citizens utilize this incorrect third party phone number to contact the Secret Service the call is directed through the third party system and recorded. This is not a vulnerability or compromise of our phone system. Virtually any phone number that appears on a crowdsourcing platform could be manipulated in this way.
The Secret Service encourages the general public to visit their website at www.secretservice.gov to obtain accurate contact information for our field offices. (more) (video)
Don't trust Google Maps, warns former map-jacker after he was ironically called a 'hero' by the feds he wiretapped.
The Secret Service encourages the general public to visit their website at www.secretservice.gov to obtain accurate contact information for our field offices. (more) (video)
Anonymous Instant Messaging - Coming Soon
The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, the tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor’s hidden network.
In planning since last July—as news of the National Security Agency’s broad surveillance of instant messaging traffic emerged—the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a roadmap published in conjunction with the Tor Project’s Winter Dev meeting in Iceland.
TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet. (more)
TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet. (more)
Sunday, January 26, 2014
How to Stop Websites from Eavesdropping Via Google Chrome
...review the sites you've allowed to access your microphone and camera in Chrome.
1. Open Chrome, and type chrome://settings/contentExceptions#media-stream into the Omnibar.
2. You'll see the Media Exceptions screen, where you can see which host names have permissions to your microphone and camera, and which of those two each site has access to.
3. Highlight any site you want to remove, and click the "x" on the right side of the line.
4. Save your changed by clicking Done.
PCWorld also notes that if you prefer, you can just go to: chrome://settings/content Scroll down to Media, and instead of "Ask me when a site wants to use a plug-in to access my camera and microphone" (which is the default setting), select "Do not allow any sites to access my camera and microphone," which is kind of the nuclear option.
Doing this will also disable features like Google's Conversational Search, which can be pretty useful, likely break any voice integration with Google Now (which will arrive in Chrome any day now), and disable any other voice-activated features in Chrome or elsewhere on the web. (more) (background)
1. Open Chrome, and type chrome://settings/contentExceptions#media-stream into the Omnibar.
2. You'll see the Media Exceptions screen, where you can see which host names have permissions to your microphone and camera, and which of those two each site has access to.
3. Highlight any site you want to remove, and click the "x" on the right side of the line.
4. Save your changed by clicking Done.
PCWorld also notes that if you prefer, you can just go to: chrome://settings/content Scroll down to Media, and instead of "Ask me when a site wants to use a plug-in to access my camera and microphone" (which is the default setting), select "Do not allow any sites to access my camera and microphone," which is kind of the nuclear option.
Doing this will also disable features like Google's Conversational Search, which can be pretty useful, likely break any voice integration with Google Now (which will arrive in Chrome any day now), and disable any other voice-activated features in Chrome or elsewhere on the web. (more) (background)
Friday, January 24, 2014
Spybusters Tip #873 - Eavesdropping on Foscam IP Video Cameras
The following Foscam MJPEG based video cameras (firmware version .54) can be accessed without a password: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, FI8919W
Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it.
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem.
Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).
Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it.
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem.
Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).
Wednesday, January 22, 2014
Security Alert - Eavesdropping via the Chrome Browser
Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
Monday, November 25, 2013
Smart TVs Lie to You
So-called "smart TVs" have hit the marketplace, essentially turning TVs into computers that let watchers search for videos, install applications or interact with ads. But that connectivity may be a two-way street, as manufacturer LG investigates claims that its line of smart TVs is collecting data on its customers.
According to an LG corporate video, "LG Smart Ad analyses users' favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men or alluring cosmetics and fragrances to women."
But what happens when your online behavior trends just a bit naughtier than clothes or cosmetics? Meghan Lopez talks to RT web producer Andrew Blake about spying smart TVs and other trending tech topics in this week's Tech Report. (more)
In other news...
LG has admitted it continued collecting data on viewing habits even after users had activated a privacy setting designed to prevent it.
The TV manufacturer has apologized to its customers and said it would issue an update to correct the problem. (more)
But what happens when your online behavior trends just a bit naughtier than clothes or cosmetics? Meghan Lopez talks to RT web producer Andrew Blake about spying smart TVs and other trending tech topics in this week's Tech Report. (more)
In other news...
LG has admitted it continued collecting data on viewing habits even after users had activated a privacy setting designed to prevent it.
The TV manufacturer has apologized to its customers and said it would issue an update to correct the problem. (more)
Not to be Out-Spooked by the NSA...
The FBI is expected to reveal Thursday that because of the rise of Web-based e-mail and social networks, it's "increasingly unable" to conduct certain types of surveillance that would be possible on cellular and traditional telephones.
FBI general counsel Valerie Caproni will outline what the bureau is calling the "Going Dark" problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren't required to build in backdoors in advance, or because technology doesn't permit it.
Any solution, according to a copy of Caproni's prepared comments obtained by CNET, should include a way for police armed with wiretap orders to conduct surveillance of "Web-based e-mail, social networking sites, and peer-to-peer communications technology." (more)
FBI general counsel Valerie Caproni will outline what the bureau is calling the "Going Dark" problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren't required to build in backdoors in advance, or because technology doesn't permit it.
Any solution, according to a copy of Caproni's prepared comments obtained by CNET, should include a way for police armed with wiretap orders to conduct surveillance of "Web-based e-mail, social networking sites, and peer-to-peer communications technology." (more)
Thursday, November 7, 2013
The Current State of Cyber Security in Latin America
Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.
Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
Subscribe to:
Posts (Atom)