Posts Tagged ‘technology’

tv-pure google

According to The Independent, Google’s voice search function doesn’t just turn on when you ask it to. Rather, it records almost everything.

Feeling unnerved yet? Well, it gets even wilder. You see, you can listen to the recordings Google has stored and associated with your name simply by visiting this webpage.

There’s also this webpage that will show you how much Google knows about your every move on the internet.

Both webpages will contain information from not only computers but any Android device you’ve logged in to your Google account.

How to Delete the Recordings

Luckily, if you’re not too happy about Google having potentially hours of your voice in its database, you can delete those files.

Beside each file’s title you’ll see a checkbox.

google-speach

Just select the three dots top right and select delete    google-voice-delete

How to Stop Google from Recording You Again

Now, as The Independent points out, stopping Google from recording you does result in some limited functionality if you’re using an Android phone or the company’s search.

However, you may be someone whose concern for privacy is much greater than finding what you’re looking for easily. If so, begin by never using Google’s voice search functions again. Follow up by disabling Google’s voice search.

  1. Navigate to Settings
  2. Tap the General tab
  3. Under “Personal” find “Language & keyboard”
  4. Find “Google voice typing” and tap the Settings button
  5. Tap “Ok Google” Detection
  6. Under the “From the Google app” option, move the slider to the left. If Google voice is already enabled move the slider to the left of “From any screen” or “Trusted Voice” and the “From the Google app” will appear.

 

tv pirate

In the wake of recent revelations about NSA surveillance efforts, the co-founder of The Pirate Bay has launched a drive to crowdsource funding for a new mobile messaging app — one so secure that its creators say they couldn’t turn over people’s messages even if they wanted to. Hemlis (it means “secret” in Swedish), is being developed by Peter Sunde, one of the individuals behind The Pirate Bay, along with Linus Olsson and Leif Högberg. It’s described as an easy to use messaging app in the vein of WhatsApp or iMessage, with one important twist: it uses end-to-end encryption to ensure that nobody can monitor your messages. “No one can listen in,” the Hemlis site promises. “Not even us.”

The app won’t use advertising or sell user data, so to help bring the project to fruition the team is trying to raise $100,000 from potential users. The money will be put towards developing the apps themselves — iOS and Android are the targeted platforms — and the infrastructure needed for the system. While there’s no demonstration of a working app on the site, there are several mocked-screens that show off a bright, iOS 7-style design. In an FAQ, the group also says they believe the core app itself should be free, but users will have to pay to unlock additional features like sending images.

Those interested in funding the project early will be able to get a headstart, however. Donations from $5 and up provide customers with multiple codes for the full, unlocked version of the app — one for themselves, and others to share with friends. The Hemlis team states that if they don’t hit their goal all money will be returned, but they seem to be off to a quick start already: as of this writing, Hemlis has already raised over $18,500.

tv crime2

Microsoft Windows contains vulnerability (CVE-2013-3660) that could allow an local attacker to gain elevated privileges on a targeted system. The vulnerability classified as critical has been found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008. This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel. The vulnerability is due to improper handling of certain objects in kernel memory by the affected software. A local attacker with access to a targeted system could exploit this vulnerability by running a malicious program that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the attacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise. Proof of concept code that exploits this vulnerability is publicly available.

CVE: CVE-2013-3660
Remote: No
Local: Yes
Updated: Jul 02 2013 08:21AM
Credit: Tavis Ormandy
Vulnerable: Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows 8 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 for 32-bit Systems SP1

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

http://cvedetails.com/cve/CVE-2013-3660

 

tv-300x2241

 

The de-facto standard in network scanning for many years has been Nmap. Nmap is universally supported by Linux and Windows alike and is free to download > Download Nmap

The only thing I have found is that there are so many commands it makes it difficult to remember what to enter, so here is a quick guide for fast scanning, Also I have created it in a PDF for easy reference > Caintech.co.uk Nmap Cheat

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Discovery Options

Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Advanced Scanning Options

TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Port Scanning Options

Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Version Detection

Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —-> http://www.nmap.org/submit/

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Timing Options

Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Firewall Evasion Techniques

Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Output Options

Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Troubleshooting and debugging

Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Nmap Scripting Engine

Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb

Ndiff

Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

For more excellent FREE security training visit >

http://learnnetsec.com 

http://www.youtube.com/user/NetSecNow

 

 

facebookTV

The BBC reported today

Facebook has rewarded a British man with $20,000 (£13,000) after he found a bug which could have been exploited to hack into users’ accounts.

Jack Whitton, a security researcher, discovered a flaw in the social network’s text messaging system.

Facebook thanked Mr Whitton, 22, who is part of the site’s “responsible disclosure” hall of fame.

The company, like many on the web, encourages experts to report bugs to them rather than cybercriminals.

To make it worth their while, rewards are offered of varying amounts depending on the severity of the flaw.

Such programmes are known as “bug bounties”, with similar schemes being run at the likes of Microsoft, Paypal and Google.

“Facebook’s White Hat programme is designed to catch and eradicate bugs before they cause problems,” Facebook told the BBC.

“Once again, the system worked and we thank Jack for his contribution.”

The bug, which has now been fixed, allowed Mr Whitton to spoof Facebook’s text message verification system into sending a password reset code for an account that was not his.

Using this, he could go to Facebook, reset a target user’s password, and access the account.

Windows TVAhmet Alp Balkan, a 23 year-old software engineer working at Microsoft Windows Azure posted this very interesting insight into life at Microsoft, although it will probably get him fired it makes very compelling reading.

Two years ago today, I started Microsoft Windows Azure as an intern, in the very same team I joined right after college and I am working for last 8 months.

I decided to summarize a few points I learned so far in this job during last 8 months. This may sound like the way things work are crappy, it is not. I learned that one will see this sort of problems in all large scale companies. Most of them are not specific to Microsoft at all. Every company has its own problems. I am not saying that I am unhappy and not complaining. These are purely a few lessons I was not aware of in the college (expectations vs reality sort of article). Read on:

  • Expect no documentation in corporations. I have seen the knowledge inside the company is mostly transferred by talking and hands-on sessions. Some parts of knowledge base generated are only emailed and not saved anywhere permanent. This is not how the information flows in the digital world. There are certain people, if they got hit by a bus, nobody can pick up their work or code. And it is okay. If this would have been my own company there would be tons of wiki pages.
  • It is not what you do, it is what you sell. You can spend days making your codebase a better place, writing more robust code and fix others’ mistakes. As long as it does not have a big business impact and you can’t ship it, it means practically nothing. Nobody will appreciate you for fixing styling or architectural issues in their core, in fact they may get offended. That’s not something I realized when I was a student.
  • Not everybody is passionate for engineering. You don’t always work with people passionate for creating wonderful software. Mostly, people have other things to do (e.g. family and kids) and writing better code is not a priority for the most. And it is okay. I learned not to expect enthusiasm from everybody.
  • 2-3 hours of coding a day is great. Before taking the job, I was able to code 8-10 hours a day on my personal projects. Somehow in this environment it is almost impossible to get 2 hours straight of coding for me. I spend most of my time trying to figure out how others’ uncommented/undocumented code work, debugging strange things and attending daily meetings. Apparently it’s not just me and there can be days no single commits are pushed to the source control in a team. And it is okay.
  • Not giving back to the public domain is a norm. I haven’t met almost any bloggers or open source developers in my organization dedicating some of their time to give back to the community. Everybody loves finding Stack Overflow answers on search results, but nobody contributes those answers. I can understand that.
  • The world outside is not known here a lot. I bet you’re reading what sort of latest technologies and tools are out on blogs, Reddit or Hacker News every day. It’s not common here. I am surprised that no one I met in Windows Azure team heard about Heroku or Rackspace, which are direct competitors. That’s acceptable, not everybody has to know these.
  • It is all about getting shit done in corporations. If your manager asks a button there doing that, nobody cares what sort of mess you created. As long as that functionality is ready, it is okay and can always be fixed later. (I haven’t seen that ever happened, yet.) In college, I learned code quality is as important as the result, turned out wrong.
  • Copy-pasting code can be okay. If somebody sees you doing this outside the corporations, you’ll probably get punched in the face. I’ve seen source files copy pasted across projects. As long as it gets shit done (described above) no one cares if you produced unmaintainable code.
  • Code reviews can be skipped, for the sake of agility. It’s part of the culture in my team, if you are messing with somebody else’s code, you’ll send code reviews. Otherwise it is usually not done and you may wait a lot of time and after a lot of pings to draw some attention, maybe somebody will respond.
  • Latest software, meh. Not everybody is fond of latest versions here. Almost 90% of my colleagues use older versions of Office, Windows, Visual Studio and .NET Framework. There is a common belief that newer versions will break existing workflows. This might be the same reason why some enterprises still run all their software on Java 1.3-1.5. So, I learned not to expect latest software on environments.
  • Your specialties usually do not matter. Thousands get hired every year out of college and usually randomly assigned to a team (which you can’t change for 1.5 years). It does not matter whether you have mastered MongoDB, created iOS apps, been an Apache committer, created your own networking library, designed user interfaces or bootstrapped your own startup. You are hired to do get something needed done. I was not expecting that. It’s hard to find a position in corporations matches what you love to do.
  • At the end, you are working for your manager’s and their managers’ paychecks. I was not aware of this fact in college.

(This post made it to the top of Hacker News and /r/programming. Thanks everyone for comments and support. There are over 1,000 comments on HN, Reddit and below, I did not have a chance to read them all, sorry if I missed yours.)

source: http://ahmetalpbalkan.com/blog/8-months-microsoft

tv crime2

You might want to be a little more careful the next time you pick up a cheap knock-off accessory for your device to save a few bucks because new hardware hacks could be the next big thing among cyber criminals.

Researchers say they’ve built a custom iPhone wall charger that can install malware in any iOS device using a custom made malicious chargers called Mactans, which are in turn controlled by a Raspberry-Pi like computer called a BeagleBoard.BeagleBoard

Mactans, which is named after the black widow spider’s Latin taxonomy, will be demonstrated by Billy Lau, Yeongjin Jang, and Chengyu Song at the Black Hat 2013 conference in July and they said all users were vulnerable to attacks over the charger.

They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. In order for the malicious software to remain installed and unseen, the trio will show how an attacker can hide their software in the same way Apple hides its own built-in applications.

Researchers wanted to show just how easy and cheap it can be to cause a lot of virtual destruction in an innocent package. The security researchers have disclosed the vulnerability to Apple, but presumably Apple hasn’t fixed the hole yet as the researchers are refusing to give out exact details until the conference.

It doesn’t even matter what version of Apple iOS an iPhone or iPad the user is running, the hack doesn’t discriminate again any Apple platform.

Caintech.co.uk

Wireless data transmission has just got faster after a team of German researchers achieved a record 40 Gbps transmission rate. This is the biggest wireless transmission rate ever demonstrated and it matches the data transmission speed for fiber optic.

The project was conducted by a joint team of German scientists from applied physics and technology institutes. The researchers achieved the 40 Gbps wireless data transmission record rate at a frequency of 240 GHz over a one-kilometer distance.

The 240 GHz transceiver chip, measuring only 1.5 x 4 mm.

This speed means that data off a complete DVD can be transmitted in less than a second. For comparison, some of the fastest Wi-Fi connectivity solutions on the market at the moment have a top data transmission speed of 300 Mbps.

The team developed a 240 GHz transmitter and receiver chip that only measures 4×1.5mm and is based on semi-conductor technology which uses high carrier mobility transistors. This technology makes it possible to use frequencies up to 300 GHz with receivers and transmitters that are actually compact and integrated circuits.

German scientists say that in this high frequency range, the atmosphere shows low attenuation and this actually enables directional broadband radio links. This makes the entire wireless data transmission system easier to set up and the signal more resistant to bad weather conditions, they said.

The project may also mark another first in the field of data transmission: having radio links transmit glass fiber data rates. The glass fiber signal would be fed into a radio link without any transcoding and then be transmitted and redirected to glass fiber.

Scientists say the 40Gbps transmission rate may be only the beginning, as higher frequency data rates are likely to be achieved over the following years. In the near future, this radio link system can be used to provide broadband Internet connections to rural areas and other places that are difficult to access by traditional optical fiber networks.

tv-IE9

THE UK GOVERNMENT has shown it’s at the forefront of modern technology and online services with its latest form for claiming benefits online.

Those who want to claim Attendance Allowance, Disability Living Allowance or Overseas State Pension can simply visit the Gov.UK website, where they are then pointed to the Department of Work and Pensions (DWP) website to fill out a form online.

So far, so impressive, in that the government is allowing citizens to apply for benefits over the web, rather than having to fill out forms and send them in via the post or visit offices in person.

However, it seems that many of those claimants could fall at the first hurdle due to some rather outdated stipulations about the computer systems supported by the DWP.

“This service doesn’t work with some modern browsers and operating systems,” the DWP notes. “We are considering how best to provide this service in future. You may want to claim in another way.”

That is putting it mildly. Normally, we’d take the time to go through these system requirements and highlight only the most interesting points, but in this case we’ve decided to make an exception and post them here in their full glory, as we couldn’t word them better than the DWP.

“The service does not work properly with Macs or other Unix-based systems even though you may be able to input information.

“You are likely to have problems if you use Internet Explorer 7, 8, 9 and 10, Windows Vista or a smartphone. Clearing temporary internet files may help but you may wish to claim in another way.

“There is also a high risk that if you use browsers not listed below, including Chrome, Safari or Firefox, the service will not display all the questions you need to answer. This is likely to prevent you from successfully completing or submitting the form. You may wish to claim in another way.”

And now on to the much more restricted list of what your computer needs to be running if you actually want to claim a benefit online.

“The service was designed to work with the following operating systems and browsers. Many of these are no longer available:

  • Microsoft Windows 98: Internet Explorer versions 5.0.1, 5.5 and 6.0, Netscape 7.2
  • Microsoft Windows ME: Internet Explorer version 5.5 and 6.0, Netscape 7.2
  • Microsoft Windows 2000: Internet Explorer version 5.0.1, 5.5 and 6.0, Netscape 7.2, Firefox 1.0.3, Mozilla 1.7.7
  • Microsoft Windows XP: Internet Explorer 6.0, Netscape 7.2, Firefox 1.0.3, Mozilla 1.7.7.”

For the few of you out there wanting to claim benefits online who manage to dig out some old Windows machine from a basement or loft running an old enough version of IE or Firefox, there are further obstacles to getting any money out of the government.

“This service is not available on Monday, Wednesday and Friday mornings from 1.00am to 1.30am because of essential maintenance work. We apologise for any inconvenience,” warns the DWP.

Perhaps that’s when their hamsters change shifts – you know, the ones that run inside wheels keeping government IT systems up and running.

We often speculate here at The INQUIRER that the government favours proprietary systems, and doesn’t do enough to open up bid tenders to smaller suppliers and open source outfits. On the basis of the above evidence, we’re concerned that the government is taking its mission to extremes.

tv-pure google

An “inside source” has told Digital Trends that Google and WhatsApp are close to making a deal. The source says that Google want to buy the very successful WhatsApp multi-platform messaging service but the WhatsApp team are “playing hardball” and trying to squeeze more cash out of the Mountain View search giant.

WhatsApp is available for all the major, and minor, mobile platforms including Android, iOS, Windows Phone and BlackBerry. If Google could acquire it then build it into its existing services to unify its messaging options it could achieve a big user boost. WhatsApp is extremely popular; it’s the most popular mobile app in over 100 countries and on New Year’s Eve 2012 a record 18 billion WhatsApp messages were sent and received by users.

Will Google make it free but ad sponsored?

WhatsApp’s monetization scheme is different to Google’s ads and sponsored search approach. The popular messaging app is currently supported by a $0.99 yearly fee and also generates revenue through partnerships with mobile telcos who offer WhatsApp usage add-ons to mobile tariffs. It will be interesting to see if a Google acquisition would change this model drastically.

Facebook has recently initiated a push into mobile with Facebook Home. Mr Zuckerberg also realises the importance of messaging to engage users and the Chat Heads application is probably the most important part of the launcher/suite after the Facebook Cover Feed home screen itself. Incidentally both Facebook and Google have reportedly approached WhatsApp before, late in 2012.

Google has been rumoured to be getting ready to launch a messaging service called Babel to tie together all its communications services into a unified hub. Could a WhatsApp acquisition and integration be an almost off-the-peg solution with the advantage of a huge existing user base? We should find out more about these plans by the time Google I/O takes place in May or earlier if the deal is sealed.