A fight for the right to the” happy birthday” song, described on arstechnica.com.
This would be funny if less money was involved in the dispute.
-
Recent Posts
Recent Comments
Archives
The Next Level in Hacking
Hackers have been able to access cars by building a device costing less than $30. The purpose was to be able to tune the car, which cost a lot if done commercially. Since the device needs to be plugged into the car, this is not wireless hacking. However, the device could potentially be used for malicious purposes, such as applying the emergency brakes, turn the headlights on or off and change the power steering controls. Let’s hope they do not add a wireless module to it.
Source:
Hackers Can Take Over Your Car With This Simple $26 Device
Jalopnik, 11th February 2014
If it is free,…
If it is free, there is probably a catch. If you possess an Android device and have installed free apps from Google play, it is interesting to read the warning about what you are authorising the apps to do on your device. Frequently the app collect information about yourself , your location and your contacts. These details are likely to be sold or used for marketing and advertising purpose. There is nothing wrong with people trying to make a living after all.
But can you trust the companies that are collecting the data? Rovio, the company behind the Angry Birds game has decided, according to its chief executive to review its relationship with advertising networks. The Guardian, New York Times and ProPublica have last month revealed that the US and UK spy agencies are collecting data from some smartphone apps. According to the article in the Guardian, the agencies would be able to collect almost every key detail of a user’s life, including
- home country
- current location
- age
- gender
- zip code
- marital status – options included “single”, “married”, “divorced”, “swinger”
- income
- ethnicity
- sexual orientation
- education level
- number of children
It is worth reading the full article, as it also describe the range of tools available to the NSA and GCSQ to spy and access your devices. Spokespeople for the NSA and GCHQ told NBC all programs were carried out in accordance with US and UK law.
Yeah, right!
Alert Online encourages safe online behaviour
Excellent initiative in the Netherlands, attempting to people more aware of cyber safety.
Description on http://www.government.nl/issues/cybercrime/news/2013/10/28/alert-online-encourages-safe-online-behaviour.html, (English)
and the alert on-line site is on https://www.alertonline.nl/ (Dutch)
awareness
Browser Passwords
Passwords Storage
Are you saving passwords for your favourite web sites in your browser? If yes, think twice. If you are using Chrome, this is not a secure at all. Have a look at this article published recently. I am not a frequent user of Internet Explorer or Safari, and am not aware of their password storage strategy used.
How to secure passwords?
The issue is that you have to remember many usernames and passwords for various internet sites.
Solution 1: Use one or two usernames and passwords for everything.
And what happen if one of your password is compromised? The “hackers” will run software that will automatically try those on a great number of sites. This was the issue that prompted Telecom NZ to ask their users to change all their passwords, without really explaining the reason behind it. All what we knew was some accounts were accessed without the knowledge of the users, and were sending spam with links towards websites.
Solution 2 : Stick with saving Credentials within the browser.
The physical security of the equipment is not a problem, and no-one will ever be able to get physically to your PC. However, old fashion desktop PCs also get stolen. Do you really know what happen to your PC when your dispose of it? It is also a bad idea to use this strategy on mobile devices, as they tend to frequently be lost, forgotten or stolen.
Solution 3: Use a Safer Browser
Firefox is safer in that area, at it allows you to protect your database of username and passwords. with a master password. However, do not use a 3 letter password, as it could easily be cracked. It is better to aim for 8 or more letters
Solution 4 : Use a Password Management Software
What is a password management software? It is usually a small application that run on your computer, tablet or phone that enable you to:
- create complex password
- register them, associating them with the web site URL and a username
- sometimes it links with your browser to save you typing anything.
The application create a small file that is either open with a password, a key file or a combination of the two. You can store the file or files on a hard drive or a USB stick. An other possibility is to store them on a network or cloud drive to be able to get access to it from everywhere with multiple devices.
You can afford in that situation to create and memorize a long password, as it is the only one you will have to remember. But don’t go away on holiday and forget it! There will be no way to recover the content of your file. An other bad idea would be to write the password on a Postit note somewhere (by the monitor for example). I have seen people writing their master password on a piece of paper, they sticking it underneath the keyboard.
If you are using a key file, do not forget to back it up somewhere. it is also highly recommended to make a copy of you encrypted database file somewhere. Files can get corrupted. Drives can die, and they tend to do this at the most inconvenient time.
Two recommended password management software can be found on http://keepass.info/ and https://lastpass.com/
Keepass image from http://keepass.info/
Are you using of any password management software? Is there anything else you would recommend?
Why using lastpass?
Comments Off on Browser Passwords
Posted in Mobile Devices, Security
Tagged Browsers, details compromised, identity theft, password, password management, security, stolen laptop
Cisco Academy Netriders
Congratulations to Ratu Rasovanivalu and Rocky Ralifo for reaching third place for New Zealand in the CCNA Cisco Academy Netriders Competition. They represented the Manukau Institute of Technology in the international competition that took place Thursday 12th September 2013.
ACC Personal Details Compromised : Who’s fault is it?
We have learned this week that ACC clients had their personal details compromised after the theft of a laptop. You can find the summary of the incident here.
The laptop was used by a case manager who took the laptop home, in contradiction to the rules set by the organisation.
Several questions remain unanswered :
1.Why was the laptop hard drive not encrypted, if used out of the organisation?
2.Why did the case manager felt she had to records the personal detail of claimants on the laptop? If the details are needed in the day-to-day business, having a secure connection to the work network seems to be more logical.
3. Why did the case managed take the laptop home? Ignorance of the rules? Not enough time to complete the work during normal hour?
The press and ACC seem to blame the case manager, but unless she deliberately ignored the rules, this incident looks like a failure of the institution to secure its IT equipment properly.
I hope that we will learn more details about this case in the near future.
Have you got any more information about the case?
Comments Off on ACC Personal Details Compromised : Who’s fault is it?
Posted in Security
Another hacker caught
The verdict
A former student from the University of Central Missouri has been jailed for 3 years and $61,500 in restitution for his role into the theft of information from the institution
What did he do?
With an accomplice,
- viewed and downloaded the large databases of faculty, staff, Alumni and student information
- transferred money to their student account
- attempted to change their grades
- intimidated potential witnesses
How did they proceed?
They created their own computer virus, distracted an administrator, allowing them to infect his computer with a thumb drive.
The installed virus monitored the administrator network activity, and captured the username and password used. It was also able to take over the computer, using the webcam and downloading his email.
They obtained, may be through the database, the username and password of a residence hall manager and use this to complete financial transactions in their favour.
They also stole and used the identity of other students to access various portions of the network. They also used this to mask their activities, having other students blamed for their actions.
They installed their virus on several other computers in labs and the library, gaining control of them and stealing more data in the process.
They accessed an affidavit used in support on a search warrant, and went on attempting intimidating potential witnesses against them
The full story can be found here
This always happen to others, right?
When is the last time when you click on an email with a link? Do you know the sender of the email? Does the target URL look unusual?
When is the last time you downloaded and installed free software ?
These are 2 methods commonly used to infect computers with the same type of computer virus or malware. Have you checked your bank statements recently?
What can you do?
Don’t do what is described in the previous paragraph! You could use as a browser Firefox, associated with the plugin no script. However, No Script can get in the way of browsing some sites, and forces you to make decision about what you want to accept as page content.
How to avoid computer viruses?
Make sure that you have an up-to-date antivirus software, and complete regular scans.
If you are a Windows user, you can also used windows defender, a good program available as a standard in Win 7 and 8. This program does not replace antivirus software, and detect other type of threats. Start with an in depth scan and then on with regular scan. You should be able to find Defender in the control panel of your PC.
Apple users
If you are an Apple user, let us know if they is a similar program available.
Word of warning:
If you suspect your PC is infected with a computer virus, even if your antivirus software and Defender find nothing, ask a professional to examine it.
Better safe than sorry!
Comments Off on Another hacker caught
Posted in Security
Tagged anti-virus, Defender, hackers, virus
UpskillsTo The New CCNA (200-120)
Progress in networking technologies have meant that the CCNA 640-802 certification was becoming outdated. Proof of that there were less and less jobs advertised just for CCNA. Most positions now require CCNP as a baseline. Cisco has therefore changed the scope of the certification, and a lot of new technologies are now on board.
How to get ready for CCNA 200-120?
The course ” Network Engineering 4 ” available from July 2013 at the Engineering Faculty of Manukau Institute of Technology will this contain a considerable section about upskilling to the new CCNA (200-120).
The CCNA certification has considerably changed this year, and the ‘old’ version 640-802 is only available up to the end of September.
To reflect this, Network Engineering 4 will this year contains the topics of IPv6, Multi-Area OSPF, Layer 3 redundancy, EtherChannel technology, IOS15 and network management tools.
Details to enrol on this course – and the other CCNA courses- are available on http://www.technologysecurity.org/cisco-networking-auckland/.
Alternatively, you could use the contact page.
Catalyst 3560
Comments Off on UpskillsTo The New CCNA (200-120)
Posted in CCNA, Certifications, Cisco
Tagged CCNA, Certification, Cisco
Unsecured WiFi Mapped Out.
Buying a wireless router for your home WiFi network, or having it sent to you free of charge by your ISP should guarantee a secure network.
Unfortunately, this is not the case and the list of default passwords for each brand of equipment is well known. If you have a wireless PC or laptop, you just need to look at the list of available networks in the area, and the type of encryption used. The first piece of information is giving you the manufacturer of the router. Few people know how to change the SSID from the default settings, never mind the authentication of the encryption on the network. This means that in a lot of cases, the wireless network can be access by anyone with little or no effort.
In most countries wardriving is legal( looking for open networks). What is illegal is to use the discovered network.
Why is the problem with open WiFi? You could be sharing the data on your computer, reveal your credential for internet banking (for example), and be legally liable for anything illegal taking place from your network .
When are manufacturers and ISPs going to start producing or supplying equipment that can either properly secure itself ? May be what is needed is equipment with a proper set of instructions usable by the general public.
NetSafe has been wardriving in the suburbs of Wellington, and the results are sobering. Have a look at this article describing the results.
NEWTOWN’S WiFi NETWORKS
Comments Off on Unsecured WiFi Mapped Out.
Posted in Wireless
Tagged authentication, encryption, security, wardriving, Wireless, wireless router