Posts Tagged ‘technology’

tv-pure google

According to The Independent, Google’s voice search function doesn’t just turn on when you ask it to. Rather, it records almost everything.

Feeling unnerved yet? Well, it gets even wilder. You see, you can listen to the recordings Google has stored and associated with your name simply by visiting this webpage.

There’s also this webpage that will show you how much Google knows about your every move on the internet.

Both webpages will contain information from not only computers but any Android device you’ve logged in to your Google account.

How to Delete the Recordings

Luckily, if you’re not too happy about Google having potentially hours of your voice in its database, you can delete those files.

Beside each file’s title you’ll see a checkbox.

google-speach

Just select the three dots top right and select delete    google-voice-delete

How to Stop Google from Recording You Again

Now, as The Independent points out, stopping Google from recording you does result in some limited functionality if you’re using an Android phone or the company’s search.

However, you may be someone whose concern for privacy is much greater than finding what you’re looking for easily. If so, begin by never using Google’s voice search functions again. Follow up by disabling Google’s voice search.

  1. Navigate to Settings
  2. Tap the General tab
  3. Under “Personal” find “Language & keyboard”
  4. Find “Google voice typing” and tap the Settings button
  5. Tap “Ok Google” Detection
  6. Under the “From the Google app” option, move the slider to the left. If Google voice is already enabled move the slider to the left of “From any screen” or “Trusted Voice” and the “From the Google app” will appear.

 

Advertisements

tv pirate

In the wake of recent revelations about NSA surveillance efforts, the co-founder of The Pirate Bay has launched a drive to crowdsource funding for a new mobile messaging app — one so secure that its creators say they couldn’t turn over people’s messages even if they wanted to. Hemlis (it means “secret” in Swedish), is being developed by Peter Sunde, one of the individuals behind The Pirate Bay, along with Linus Olsson and Leif Högberg. It’s described as an easy to use messaging app in the vein of WhatsApp or iMessage, with one important twist: it uses end-to-end encryption to ensure that nobody can monitor your messages. “No one can listen in,” the Hemlis site promises. “Not even us.”

The app won’t use advertising or sell user data, so to help bring the project to fruition the team is trying to raise $100,000 from potential users. The money will be put towards developing the apps themselves — iOS and Android are the targeted platforms — and the infrastructure needed for the system. While there’s no demonstration of a working app on the site, there are several mocked-screens that show off a bright, iOS 7-style design. In an FAQ, the group also says they believe the core app itself should be free, but users will have to pay to unlock additional features like sending images.

Those interested in funding the project early will be able to get a headstart, however. Donations from $5 and up provide customers with multiple codes for the full, unlocked version of the app — one for themselves, and others to share with friends. The Hemlis team states that if they don’t hit their goal all money will be returned, but they seem to be off to a quick start already: as of this writing, Hemlis has already raised over $18,500.

tv crime2

Microsoft Windows contains vulnerability (CVE-2013-3660) that could allow an local attacker to gain elevated privileges on a targeted system. The vulnerability classified as critical has been found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008. This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel. The vulnerability is due to improper handling of certain objects in kernel memory by the affected software. A local attacker with access to a targeted system could exploit this vulnerability by running a malicious program that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the attacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise. Proof of concept code that exploits this vulnerability is publicly available.

CVE: CVE-2013-3660
Remote: No
Local: Yes
Updated: Jul 02 2013 08:21AM
Credit: Tavis Ormandy
Vulnerable: Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows 8 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 for 32-bit Systems SP1

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

http://cvedetails.com/cve/CVE-2013-3660

 

tv-300x2241

 

The de-facto standard in network scanning for many years has been Nmap. Nmap is universally supported by Linux and Windows alike and is free to download > Download Nmap

The only thing I have found is that there are so many commands it makes it difficult to remember what to enter, so here is a quick guide for fast scanning, Also I have created it in a PDF for easy reference > Caintech.co.uk Nmap Cheat

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Discovery Options

Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Advanced Scanning Options

TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Port Scanning Options

Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Version Detection

Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —-> http://www.nmap.org/submit/

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Timing Options

Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Firewall Evasion Techniques

Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Output Options

Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Troubleshooting and debugging

Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Nmap Scripting Engine

Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb

Ndiff

Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

For more excellent FREE security training visit >

http://learnnetsec.com 

http://www.youtube.com/user/NetSecNow

 

 

facebookTV

The BBC reported today

Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users’ accounts.

Jack Whitton, a security researcher, discovered a flaw in the social network’s text messaging system.

Facebook thanked Mr Whitton, 22, who is part of the site’s “responsible disclosure” hall of fame.

The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.

To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.

Such programmes are known as “bug bounties”, with similar schemes being run at the likes of Microsoft, Paypal and Google.

“Facebook’s White Hat programme is designed to catch and eradicate bugs before they cause problems,” Facebook told the BBC.

“Once again, the system worked and we thank Jack for his contribution.”

The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook’s text message verification system into sending a password reset code for an account that was not his.

Using this, he could go to Facebook, reset a target user’s password, and access the account.

Windows TVAhmet Alp Balkan, a 23 year-old software engineer working at Microsoft Windows Azure posted this very interesting insight into life at Microsoft, although it will probably get him fired it makes very compelling reading.

Two years ago today, I started Microsoft Windows Azure as an intern, in the very same team I joined right after college and I am working for last 8 months.

I decided to summarize a few points I learned so far in this job during last 8 months. This may sound like the way things work are crappy, it is not. I learned that one will see this sort of problems in all large scale companies. Most of them are not specific to Microsoft at all. Every company has its own problems. I am not saying that I am unhappy and not complaining. These are purely a few lessons I was not aware of in the college (expectations vs reality sort of article). Read on:

  • Expect no documentation in corporations. I have seen the knowledge inside the company is mostly transferred by talking and hands-on sessions. Some parts of knowledge base generated are only emailed and not saved anywhere permanent. This is not how the information flows in the digital world. There are certain people, if they got hit by a bus, nobody can pick up their work or code. And it is okay. If this would have been my own company there would be tons of wiki pages.
  • It is not what you do, it is what you sell. You can spend days making your codebase a better place, writing more robust code and fix others’ mistakes. As long as it does not have a big business impact and you can’t ship it, it means practically nothing. Nobody will appreciate you for fixing styling or architectural issues in their core, in fact they may get offended. That’s not something I realized when I was a student.
  • Not everybody is passionate for engineering. You don’t always work with people passionate for creating wonderful software. Mostly, people have other things to do (e.g. family and kids) and writing better code is not a priority for the most. And it is okay. I learned not to expect enthusiasm from everybody.
  • 2-3 hours of coding a day is great. Before taking the job, I was able to code 8-10 hours a day on my personal projects. Somehow in this environment it is almost impossible to get 2 hours straight of coding for me. I spend most of my time trying to figure out how others’ uncommented/undocumented code work, debugging strange things and attending daily meetings. Apparently it’s not just me and there can be days no single commits are pushed to the source control in a team. And it is okay.
  • Not giving back to the public domain is a norm. I haven’t met almost any bloggers or open source developers in my organization dedicating some of their time to give back to the community. Everybody loves finding Stack Overflow answers on search results, but nobody contributes those answers. I can understand that.
  • The world outside is not known here a lot. I bet you’re reading what sort of latest technologies and tools are out on blogs, Reddit or Hacker News every day. It’s not common here. I am surprised that no one I met in Windows Azure team heard about Heroku or Rackspace, which are direct competitors. That’s acceptable, not everybody has to know these.
  • It is all about getting shit done in corporations. If your manager asks a button there doing that, nobody cares what sort of mess you created. As long as that functionality is ready, it is okay and can always be fixed later. (I haven’t seen that ever happened, yet.) In college, I learned code quality is as important as the result, turned out wrong.
  • Copy-pasting code can be okay. If somebody sees you doing this outside the corporations, you’ll probably get punched in the face. I’ve seen source files copy pasted across projects. As long as it gets shit done (described above) no one cares if you produced unmaintainable code.
  • Code reviews can be skipped, for the sake of agility. It’s part of the culture in my team, if you are messing with somebody else’s code, you’ll send code reviews. Otherwise it is usually not done and you may wait a lot of time and after a lot of pings to draw some attention, maybe somebody will respond.
  • Latest software, meh. Not everybody is fond of latest versions here. Almost 90% of my colleagues use older versions of Office, Windows, Visual Studio and .NET Framework. There is a common belief that newer versions will break existing workflows. This might be the same reason why some enterprises still run all their software on Java 1.3-1.5. So, I learned not to expect latest software on environments.
  • Your specialties usually do not matter. Thousands get hired every year out of college and usually randomly assigned to a team (which you can’t change for 1.5 years). It does not matter whether you have mastered MongoDB, created iOS apps, been an Apache committer, created your own networking library, designed user interfaces or bootstrapped your own startup. You are hired to do get something needed done. I was not expecting that. It’s hard to find a position in corporations matches what you love to do.
  • At the end, you are working for your manager’s and their managers’ paychecks. I was not aware of this fact in college.

(This post made it to the top of Hacker News and /r/programming. Thanks everyone for comments and support. There are over 1,000 comments on HN, Reddit and below, I did not have a chance to read them all, sorry if I missed yours.)

source: http://ahmetalpbalkan.com/blog/8-months-microsoft

tv crime2

You might want to be a little more careful the next time you pick up a cheap knock-off accessory for your device to save a few bucks because new hardware hacks could be the next big thing among cyber criminals.

Researchers say they’ve built a custom iPhone wall charger that can install malware in any iOS device using a custom made malicious chargers called Mactans, which are in turn controlled by a Raspberry-Pi like computer called a BeagleBoard.BeagleBoard

Mactans, which is named after the black widow spider’s Latin taxonomy, will be demonstrated by Billy Lau, Yeongjin Jang, and Chengyu Song at the Black Hat 2013 conference in July and they said all users were vulnerable to attacks over the charger.

They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. In order for the malicious software to remain installed and unseen, the trio will show how an attacker can hide their software in the same way Apple hides its own built-in applications.

Researchers wanted to show just how easy and cheap it can be to cause a lot of virtual destruction in an innocent package. The security researchers have disclosed the vulnerability to Apple, but presumably Apple hasn’t fixed the hole yet as the researchers are refusing to give out exact details until the conference.

It doesn’t even matter what version of Apple iOS an iPhone or iPad the user is running, the hack doesn’t discriminate again any Apple platform.