Tag Archives: security

“Dirty” devices…fresh out the box!

Android devices, after being unpacked, have been found to have malware. The devices were not sold via retail outlets. But this is an example of why no device can be considered absolutely safe…anyone can be vulnerable when it pertains to issues of security.


“The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.

“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”

Preinstalled Malware Targeting Mobile Users

Maxthon browser bad?

(Thanks to Justin for warning us…OK, me…about this.)

“…users of the browser…were reassured by the manufacturer that this type of content will not be transferred anywhere without their explicit consent.

“…information transmitted without the user’s knowledge between the Browser and the Maxthon server…about the user’s website browsing preferences, information about his Google searches as well as the complete list of software installed on the user’s computer…

“…the Maxthon browser is not secure.

“It is also worth emphasising that the Exatel’s SOC got in touch with the creators of the Maxthon browser, sending a detailed technical report, with a request for Maxthon to respond, either in the form of a notice sent to the users about the type of data transmitted from their browsers to the Maxthon servers in Beijing, or in the form of a Maxthon browser software patch which would enable the alarmed users to deactivate effectively the transmission of the UEIP files to their servers. This request was ignored.”

https://exatel.pl/advisory/maxthonreporten.pdf

=================================

Our Promise to Users

We at Maxthon take users’ privacy and information security seriously. We keep our users’ information secure and private…

Jeff Chen (CEO of Maxthon)

11:00pm EST, July 14, 2016

http://forum.maxthon.com/index.php?/topic/20208-security-and-privacy-are-top-priorities-at-maxthon/

 

“Overclocking Andy”…(sounds like the title to a movie)

Some televisions sales occur before the Super Bowl. We discussed the availability of 4K televisions, and services which can provide 4K content…

A “4K Ultra HD Blu-ray Player” has been available for sale: the UBD-K8500/ZA from Samsung:  “Stream the latest 4K movies…from online providers such as Netflix and Amazon…play all the old music CDs, DVDs and Blu-ray discs that you have collected…”

According to the user manual:  “Playback may not work for some types of discs, or when you use specific functions…”

————————————————————————————

While talking about e-mail security, Tutanota was mentioned because they promote their service as one of the most secure:

“…While unencrypted emails can be intercepted and analysed with one click, your end-to-end encrypted information can not. With Tutanota we want to protect you from mass surveillance. Now private data remains private!”

In an episode of MR. ROBOT, ProtonMail was used…so I thought to also mention them.  Per their website:

“All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.

“…By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

——————————————————————————-

To read more about the “ENCRYPT Act of 2016” (H.R.4528), go to https://www.congress.gov/bill/114th-congress/house-bill/4528 …its intent is to disallow states the authority to minimize security measures.

——————————————————————————-

Andy dials-it-up about overclocking…

Also from Andy: “If you can’t hear the sounds that announce incoming calls and other alerts, you can have iPhone flash its LED (next to the camera lens on the back of iPhone)…”

And notifications on iOS can be in the form of “banners”, “badges”, and “interactive alerts”…you can learn about their differences at https://support.apple.com/en-us/HT201925

Logi Circle camera, Intel processors, and Cobra dash cams

Andy interviews:

Vincent Borel of Logitech describes their Logi Circle “home security and connection camera”. It has a rechargeable battery and can stream three hours of video for up to three hours, “2-Way Talk” capability (with audio monitoring), and free 24-hr cloud storage for recorded video that can be downloaded…

Karen Regis of Intel talks about the 6th Gen Intel Core processors which “have been optimized to best run Windows 10, enabling new experiences…and providing more secure computing.”

And Chris Kooistra of Cobra discusses Dash Cams that can “automatically save and protect clips if an impact is detected”.

(i)Phones and security…

During our September 12 show, Justin mentioned an incident when an iPhone was hacked by a guy…I think this may be what he was referring to:

“Watch John McAfee hack a Fox News host’s phone live on air”


Relating to the issue of iPhone security, from an article in the New York Times:

…the Justice Department is engaged in a court dispute with another tech company, Microsoft…the company refused to comply…because the emails were stored on servers in Dublin.

…two types of encoding…end-to-end encryption, which Apple uses in its iMessage system and FaceTime, the video conversation system…

With Apple, the encryption and decryption is done by the phones at either end of the conversation; Apple does not keep copies of the message unless one of the users loads it into iCloud, where it is not encrypted…

The second type of encoding involves sophisticated encryption software on Apple and Android phones, which makes it all but impossible for anyone except the user of the phone to open stored content — pictures, contacts, saved text messages and more — without an access code…

 

Reach-out to your stolen phone

Your electronic device has been stolen…are you able to recover it?  Maybe…

—————————————————————-

There was an incident where an Apple MacBook was stolen, but it was able to be returned to it’s owner because of an application named Hidden:

“Hidden tracks your computer’s location, takes real time photos of the thief and screenshots of them using your computer…

“Hidden is a small application which sits idle on your computer until you need it. When your computer gets stolen simply login to your online Tracking Control Panel and mark your computer as stolen. Hidden will kick into action and locate your stolen computer anywhere on the planet, collect photos of the thief and screen shots of the computer in use.”

——————————————————————-

If your phone is stolen, you might be able to get it back.

Kaspersky Mobile Security is a service for Android devices.  It now has a feature called “Mugshot”:  the front-facing camera can now be activated remotely.  Images can be sent to an e-mail account, or viewed from the web-based control center.

Through the new web-based control center, owners can also:
Remotely lock their missing smartphone to secure personal information
Remotely wipe sensitive information from their missing smartphone
Remotely locate their lost or stolen smartphone using GPS, GSM or Wi-Fi, and Google Maps
Review logs of recent activities, such as their status and the results of any commands sent to the phone, or the installation of a new SIM card

Kaspersky Mobile Security also includes protection from spam, viruses, and spyware.

The link for the product is http://usa.kaspersky.com/products-services/home-computer-security/mobile-security?domain=kaspersky.com

 

The 64-bit version of Windows (7) is more secure

Below are some excerpts from The Microsoft Security Intelligence Report.  I thought some of the information in it might help in understanding what types of protection are available for computers (that use the Windows disk operating system).

Note that the 64-bit version of Windows 7 is the most secure of the Windows operating systems, for the reasons that I have been stating in defense of Microsoft:  third-party developers and manufacturers who do not build to the design specifications requested by Microsoft…risk causing the operating system to be unstable.

===================================

The Microsoft Security Intelligence Report (SIR) focuses on software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches. Past reports and related resources are available for download at http://www.microsoft.com/sir

Infection rates for the 64-bit versions of Windows Vista and Windows 7 are lower than for the corresponding 32-bit versions of those operating systems….Kernel Patch Protection (KPP), a feature of 64-bit versions of Windows that protects the kernel from unauthorized modification, may also contribute…

Windows Defender is a program that is available at no cost to licensed users of Windows that provides real-time protection against pop-ups, slow performance, and security threats caused by spyware and other potentially unwanted software. Windows Defender runs on more than 100 million computers worldwide.

The Malicious Software Removal Tool (MSRT) is a free tool that Microsoft designed to help identify and remove prevalent malware families from customer computers. MSRT is primarily released as an important update through Windows Update, Microsoft Update, and Automatic Updates. A version of the tool is also available from the Microsoft Download Center…MSRT is not a replacement for an up-to-date antivirus solution…

The Windows Live OneCare safety scanner (http://safety.live.com) is a free online tool that uses the same definition database as the Microsoft desktop anti-malware products to detect and remove malware and potentially unwanted software. The Windows Live OneCare safety scanner is not a replacement for an up-to-date antivirus solution…

Microsoft Security Essentials is a basic, consumer-oriented anti-malware product, offered at no charge to licensed users of Windows, which provides real-time protection against viruses, spyware, and other harmful software.

The SmartScreen filter in Internet Explorer 8 and 9 offers Internet Explorer users protection against phishing sites and sites that host malware…When a user attempts to visit a site in the database with the filter enabled, Internet Explorer displays a warning and blocks navigation to the page.

 

CyberSecurity month


This month, October, is the 7th Annual National Cyber Security Awareness Month.  It is to remind us that we need to focus on improving online safety and security awareness.

Some of the ways to do so is to:
regularly back-up files and data…
update software (operating systems, programs, drivers, etcetera)…
use anti-virus, firewall, anti-spyware, and anti-spam software…
and use connections that are secure (those that require passwords, and use passwords that are very strong).

For more information on the campaign go to http://StaySafeOnline.org