Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Thursday, June 06, 2019

How To Use Notepad To Keep Your Credentials Secure From A Kelogger?

avoid keylogger
Thanks to Dmitry Ratushny
Keylogging is considered one of the most dangerous attack in cyber security because it is hard to detect and it can steal your most valueble information.
Keylogger is a malware which records your keystrokes and send it to the intended person or store it in local storage which can latter be used for any purpose.
It can record your social media account passwords, bank acount PIN, emails you type to your boss, messages you send to you ba, litrally everything you type.
Keyloggers are spread through the same means other malware are distributed. It could be directly installed in a victim's device or sent via the Internet.
Direct installation is hard and could be easily prevented. However, you need to take some security measures in order prevent remote installation. 
There are some useful methds which can keep you secure from keyloggers. Gavin Phillips lists here 5 of them to protect yourself against keyloggers.
But these precautionary measures work only for your own device.
Consider a situation when you need to use someone's else computer or phone for some purpose and you are required to enter your credentials. The task is crutial but you are not sure whether the device is secure or not.
There could possiblly be a spying eye watching you type your PIN and password.

How to avoid keylogger in these conditions?

Act like a magician. Keylogger is your spectator. All you need to do is to distract it.
Open a text editor and type something radom which contains your credentials. If your password contains dictionary words, write a sentence ot having those words. For numerical values, type from 0 to 9. Write extra special characters in combination to those in your password. Then make selctions and copy and paste the required parts of your credentials.
This method is secure because keyloggers record only the things you type. 
You type nothing or you distract it.

Saturday, April 13, 2019

Games on Play Store Which Can Ruin Your Kids' Lives: Be Aware

Young Kids can download and play games packed with Shooting, stabbing, gore and micro transaction gambling on Google's Play Store even when parents turn on controllers to make them toddler-friendly. All these games and programs have something in common: they are marked as being safe for young children. Few examples are given here.

Mad Max Zombies

An Android first-person shooter, full of spurting blood, disturbing imagery of walking corpses and realistic firearms, has been  rated by its creator as Pegi 3 - a rating that is considered appropriate for all age classes, with no sounds or pictures that are very likely to frighten young children and only the lightest, most childlike depictions of violence.

It is just one gory example of a growing problem. The Play Store is filled with apps that withstand Google's era rating policy and filtering tools. A number of those matches have been installed millions of times. After we sent Google a sample of 36 matches with improper content for their ratings and a further 16 with different types of dubious articles and permissions, including a few which tracked the location of users, 16 matches have so far either been entirely removed or re-released with revised ratings and permissions.

The Play Store is big business for Google. The company takes a 30 percent cut of all purchases, subscriptions and microtransaction payments around the store, with its share of subscription fees dropping to 15 percent following 12 months. It also runs on the AdMod advertising positioning portal which allows programmers to monetize free apps. Although it's difficult to split out precisely how far Google makes from the Play Store, Sensor Tower statistics demonstrate that Android cellular game earnings added up to a total of $21.5 billion in 2018.

In contrast to Apple, which has a rigorous age rating policy and acceptance process on all apps, Google seemingly doesn't invest its profits into building a robust, human-monitored method to make certain all age evaluations across its platform are right. In fact, there's very little control whatsoever of evaluations given to games that may be downloaded by children through the Play Store. Behind the scenes, every game's age appropriateness is assigned automatically by means of a questionnaire
filled in by its creator. For anybody downloading a game, the Play Store shows a formal Pegi era rating, despite there being no manual monitoring and rating for individual titles.
You win each level in Mad Max Zombies by gunning down the moaning horde, lining their rotting faces up on your system gun sights and pulling the trigger since blood gouts from the trunk of a walking human corpse. Which wouldn't be out of place in the area of gambling, if it had not been rated as safe and proper content for a three-year-old? Mad Max Zombies was removed from Google  Play before being re-released with a brand new name and a PEGI 12 rating.

Of programs submitted every day by small developers, the evaluations process is automatic via a questionnaire created and administered by the International Age Rating Coalition (IARC), with the cost of issuing ratings borne by the storefront, instead of individual developers.
Developers Have to fill out this questionnaire in good faith when they upload a program or game, however, Google itself not checks the truth of a score unless a game is submitted to its separate, safer, more Designed for Families scheme - an area of the Play Store that is vetted by Google, but can't be used by parents as a locked-down, child-friendly space to download programs and games.
Bacioiu Ciprian, the owner of Bearded Giant Games, recently released the completely age-appropriate endless runner Retro Sail on the Play Store. He says the Play Store's age evaluation questionnaire is"100 percent based on the honor system".

Technically, it's the job of the regional evaluations agencies, for example, Pegi, to monitor precision utilizing the tools IARC provides them. "Given the large volume of published games and programs, engaging rating authorities aren't able to monitor each and every launch," an IARC spokesperson says.
This means that lots of ratings aren't checked by anybody in any way. A number of program publication guides suggest answering'no' to all of the questions so as to find an E for Everyone or Pegi 3 rating. Tick a few boxes, affirm that what you have said is accurate, and your game is
automatically assigned an age rating based on your responses.

The Worldwide regulators Involved in IARC work together to run human tests on programs that are submitted. But because of around 10,000 IARC-rated programs are published every day, it's not feasible for them to monitor every single one. "The authorities focus their efforts by checking the top downloaded programs and by performing targeted hunts," says a spokesperson from the UK's Pegi-affiliated Video Standards Council.

But, even games that get plenty of downloads over a long interval, such as Drive Die Duplicate - Zombie Game, Released in 2016 and with over 100,000 installs, still had a Pegi 7 evaluation to go with gameplay which has the player mowing down zombies using their car in an explosive spatter of blood. Since we increased it with Google and Pegi, it has been updated to Pegi 12. The game has
always needed a 12+ score on iOS.

The IARC poll is utilized by many online shops, including the Nintendo eShop along with the Microsoft Store for Windows and Xbox. But rogue apps boosting adult gameplay to children aren't a conspicuous problem for Nintendo, which manually testimonials every name submitted to the eShop. Apple runs its strictly enforced age rating system. Google, by comparison, has opted to rely almost entirely on IARC, despite the massive size and reach the Play Store.

Apple's App Store also uses a questionnaire to give apps an age rating however, unlike Google Play, Apple includes a review procedure that typically requires a day or two. Apple doesn't comment on its
program approval procedure and the way it's implemented and declined to tell us how much human involvement there's when it comes to approving programs. But, Apple is quite clear about its era rating categories and requires developers to trace them so as to release anything on the App Store.

Developers Are asked to classify how often content including a variety of sorts of violence, adult themes, simulated or real gaming, and sexual content seems in their programs. "The default is four plus," says programmer Tom Royal.  "Some settings give you an immediate notice which you just can't print that on iOS, and it warns you if the settings you have chosen will protect against the book in [certain states ]."

Google And Pegi were fast to eliminate or re-rate the many concerning apps when presented with our research, although a number, such as realistic depictions of guns and gambling-style microtransaction matches, were abandoned with Pegi 3 evaluations because of a lack of proper classification standards.

"When we find that an app has violated our policies we remove it from the Google Play,"a Google spokesperson says. "We want kids to be safe on the internet and we work hard to help safeguard them." But, thanks to an easily gameable rating method, it's content filtering programs are next to useless.

Baby Panda Dental Care

The improper games we discovered - which are mostly free to download - are not anything
particularly unusual, and many would be OK if they had been suitably rated for teenagers or adults. However, they generally make their money on a per-view or even per-click foundation by displaying ads either onscreen or between levels. And by providing the answers that lead to the broadest
rating, a developer ensures that their program can be seen and installed by the broadest possible audience - which makes them money.

"The volume of games being Uploaded shouldn't be used as an excuse for enabling games to be rated," says Anne Longfield, the Children's Commissioner for England. She says that "although it's the duty of game developers to ensure that they protect kids," any system that depends wholly on game developers rating their own games will sometimes fail, given firms want as many individuals as
possible to play with their games."

There are plenty of games available on the Play Store which aren't correctly rated for children. (Pegi 3) begins as a slice-of-life sim in which you feed and tidy up after your stony-faced loved ones and, three levels later, have you awakened to deliver bloody headshots to disguised criminals holding up a bank.

Is a Pegi 3 rated gun and firing range simulator with over 50 million installs, a wide variety of weapons, and just a camera style that superimposes bullet holes over anyone or anything that you care to put in the frame when you pull on the digital trigger. There's no gore, but the sounds and images of guns are realistic and detailed, and the program also lets you pick photos from your
cellphone to hang in its digital firing range. Similar matches on iOS are typically rated 12+ or perhaps 17+, as an issue of Apple's coverage. By James Temperton.

Augmented reality games

Augmented reality game FPS Gun Camera 3D (Pegi 7) has an even more involved camera-based real-world shooting attribute. When you tip your phone camera at the world around you, the match superimposes a first-person shooter style gun and heads-up screen. When you shoot things, bullet holes and blood spatters seem.

The Problem with most games of this kind, explains Pegi director of operations Dirk Bosmans, is that they don't fit into any of Pegi's classification categories. He highlighted other problematic grey areas, such as cosmetic surgery simulators, that could represent content that's not suitable for kids in a broad cultural and societal context, but don't meet classification standards to give them a rating above
 Pegi 3.

Pegi has a professional group that looks into is Standards to make certain they're current. "But for the moment," Bosmans states, "our position is that when there is no explicit violence or perhaps suggested violence in these games, there's nothing to give them a higher age rating."

Meanwhile, with strobing screen and camera flash effects, taser simulators such as Electric Stun gun
(Pegi 3), set up by more than five million people, not only emulate firearms but also come with no kind of warning for those who have photosensitive epilepsy - Google does not need those apps with strobing lights to carry such warnings. Apple doesn't do much better on that front, with Prank Stun Gun App rated 4+.

There is also a whole ecosystem of slot machines and video poker programs rated as suitable for children. While these are technically not real cash gambling - in that there is no payout - they include expensive microtransactions to buy virtual coins to gamble when you operate out of your free allowance.

Most are Pegi 12, but there are plenty with Ratings which allow younger kids to install them Pegi's simulated gaming criteria now only cover names that just replicate real-world casino games. These include Slingo Shuffle - Bingo & Slots and Pirate Master: Coin Raid Island Battle Adventure, both graded Pegi 3, emblazoned with adorable cartoon characters and packaged with microtransaction systems that encourage players to purchase virtual coins when they run out of free spins. Rated suitable for seven-year-olds, FPS Gun Camera 3D enables you to flip a Digital weapon on your environment

The UK's Gambling Commission is currently monitoring using social casino games among young men and women. Its most recent Young People and Betting poll revealed that 13 percent of 11 to 16-year-olds have played online gambling-themed games. As with loot boxes, winnings cannot be cashed outside as actual money and in its own 2017 virtual monies paper, The Commission states that it won't pursue greater regulation if the industry maintains a"proactive and credible socially responsible approach". But it's among several European regulators that, in September 2018, issued a statement of intention to analyze and explore social casino gaming.

We downloaded knife-and-finger matches rated Pegi 3, all-ages first-person-shooter style gun games with virtual environments to games rated for three-year-olds and forcing games in which the
objective is to mow down zombies. While Zombie Crime's (Pegi 7) simple 3D urban driving
environment and auto controls aren't too different to dozens of kid-friendly games, the zombies here burst into flying body parts which you kick and shoot. The majority of these titles have been eliminated or re-rated.

Although the very Goriest games we turned up needed install numbers in the low thousands, we watched hundreds of thousands of installs on kid-rated zombie games with realistic - rather than cartoon-style - blood and dismemberment, in addition to microtransaction slot machines, along with scores of the fanciful knife and gun simulators.

Other programs we discovered, though obviously designed and meant for younger kids, rather than being completely unsuitable, featured content which has been nonetheless potentially disturbing, like pulling out a baby panda's broken teeth or curing distressing looking bruises and cuts to a mermaid.

The panda game (Dentist Games - Baby Doctor) had over 500,000 installs and has been eliminated from Google; while Mermaid Mommy - New Ocean Baby had 100,000+ matches, has been rated Pegi 3 and has been eliminated. We separately cataloged and reported several matches for young kids that demanded excessive permissions like location and identity tracking.

Research To the well-worn controversy over video game violence has found that older teens' pleasure of these content is not likely to affect their real-world behavior. But there is proof that violent media can be distressing for younger children, making a belief that their world is much more dangerous than it really is.

"Early Childhood exposure to violent films and television programmes is connected with a number of adverse cognitive, emotional, and behavioral consequences," states Caroline Fitzpatrick, assistant professor of psychology at the Université Sainte-Anne in Nova Scotia, Canada. "Video games which reward players for violent behavior, as is the case with first-person shooter games, are likely to have an especially pronounced impact on young children's development."

Clinical psychologist Abigael San adds that while a child will not automatically do something
dangerous just because they watched it in a game, it's important not to surround children with examples of matters that we do not desire them to mimic or take emotional cues from. "Whilst not all children are going to directly copy what they see, they could absorb the emotional tone of it," she says. "And that may be a concern because then play could be a bit more aggression-fuelled."

Bosmans emphasizes that ratings Are just 1 tool to help parents avoid exposing their children to unsuitable content. But, when using evaluations "will probably shield your child from stuff that you really do not desire," he states, "it doesn't stop there." He adds that parents will need to invest more time in understanding and engaging with the games their children play.

You will find tools to create Google Play safer, such as the company's very own Family Link device management support. But although it is possible to limit a few of the data Google stores about your kid, using Family Link comes in the cost of creating an account for them and allowing their activities to be tracked.

Sunday, December 23, 2018

How to break through Android Face Lock: An Experiment

Photo by Nicolas Hirajeta on Unsplash

After creating a fake master fingerprint to unlock most fingerprint protected devices, Thomas Brewster at Forbes made an attempt to use a fake 3D printed version of his real head to unlock a bunch of phones.

The reporter printed a 3D model of his head at Backface in Birmingham, U.K. An image of his head was taken using 50 cameras. After some preprocessing, the model was printed using a 3D printer. The final product was ready after some post processing (coloring and other final touches) in a few days. The entire process cost just over £300. (I tried to be super quick at describing the process. Tell me how I did.)

For the tests, he used 4 Android devices (LG G7 ThinQ, Samsung S9, Samsung Note8, OnePlus 6) and iPhoneX. He used his real head, I mean the head he is born with, to activate face lock on all devices and then tried to unlock them with his fake 3D printed head. According to his report, only the iPhone X was successful to keep its inside data secure.

OnePlus 6 offered no resistance at all and gently welcomed the fake 3D Thomas Brewster. The other 3 Android phones, however, made a considerable effort to keep its user’s privacy but… you know what could have happened. They did the same as OnePlus 6 did but at least they resisted to the attack. Although, their facial recognition system failed to keep them secure but it earned them some respect.

Samsung and LG (idk about other brands) have explicitly told their users to use the face recognition lock as a secondary option as it is less secure than password/pin/pattern lock. The devices also show a warning message to its users when the face lock is activated and encourage them to use primary lock only or dual lock system (both primary lock and secondary lock).

In 2017, Apple's Schiller confirmed in a keynote that Apple’s face recognition cannot be spoofed by fake FaceIDs. He showed some photographs, created by Hollywood special effects consultants with great details, that he said were used to test the face recognition technology of Apple. However, he didn’t specified that whether the tests were successful or not.

I am myself an Android user for long and I know it is less secure than Apple but it does not mean that this experiment abruptly made me a fan of Apple. Android offers more freedom than Apple does (personal opinion). I always use dual lock system and I put an administrative lock on my phone whenever I go to sleep or I feel that my phone could be unlocked by using my face/fingers forcibly. I will suggest you to do the same if you are using Android.

Friday, December 21, 2018

THEFT ALERTS! SnapChat has been found stealing from TikTok

SnapChat Lens Challenge

Last year we read that Facebook stole the well-known, widely used story feature from SnapChat. The theft was well received by Facebook users. According to TechCrunch, about 150M FB users are using the story feature daily. WhatsApp stories get even more users, up to 450M per day. We can say that the big fishes are always there keeping an eye on the trends by either spying on their users or using some cool techs or whatever. The same happened in the last couple of days but this time the big fish is SnapChat.

SnapChat launches its “new feature” called Lens Challenge where its users can participate in different challenges like they do in TikTok’s lip syncing challenges. Users can select to participate in challenges by creating a snap with a Lens that is themed to a particular song or a melody etc. The company offers official challenges where the users can select any Lens from the Lens Explorer section of the App, select a song and lip sync with it and send it to one of the official challenges to be featured on the app. However, there are other challenges which are created by the community members.

Disappear” is a challenge created by a SnapChat user Jye Trudinger. In this challenge, users are asked to take two photos which are layered over each other in order to make the photo’s subject to disappear. If you are interested to find more challenges, you can go to the Lens Challenge section.
Although it seems like a theft but the company hopes to get more user engagement by creating more challenges. SnapChat is trying to save its sinking ship as it has lost its 2M users in Q3. That’s enough motivation even to steal a single feature from someone. All it is, is just a damn feature. It won’t bring any catastrophe to the world. Right? It is just a feature. As Facebook have stolen its trending story feature, I think SnapChat has the right to do the same to take its revenge.

Anyhow, SnapChat has made an effort to bring us something “new”. It’s worth a try.

Wednesday, November 29, 2017

WARNING: Android Spyware Detected Which Spies on Skype, Whatsapp Calls

In order to protect Android users from malware and suspicious apps, Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service.
Google Play Protect-- a security feature that uses machine learning and app usage analysis to check devices for possibly harmful apps-- recently helped Google researchers to recognize a new deceptive family of Android spyware that was stealing a whole lot of information on users.
Found on targeted devices in African countries, Tizi is a fully-featured Android backdoor with rooting capabilities that installs spyware apps on victims' devices to steal supersensitive data from popular social media apps like WhatsApp, Twitter, Facebook, Linkedin, Skype, Viber, and Telegram.
" The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities," Google said in a blog post. "The team used this app to locate more applications in the Tizi family, the oldest of which is from October 2015."
Most Tizi-infected apps are being advertised on social media websites and 3rd-party app stores, deceiving users into installing them.
Once installed, the innocent looking app acquires root access of the infected device to install spyware, which then first contacts its command-and-control servers by sending an SMS text message with the GPS coordinates of the infected device to a specific number.

Here is How Tizi Gets Root Access On Infected Devices:

For gaining root access, the backdoor exploits previously disclosed vulnerabilities in older chipsets, devices, and Android versions, including CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE-2015-1805, cve-2014-3153, and cve-2015-3636.
If the backdoor not able to get root access on the infected device due to all the listed vulnerabilities being patched, "it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls," Google said.
Tizi spyware also been developed to communicate with its command-and-control servers over normal HTTPS or using MQTT messaging protocol to receive commands from the attackers and uploading stolen data.
The Tizi backdoor contains various abilities common to commercial spyware, such as

  • Stealing data from popular social media platforms including Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
  • Recording calls from WhatsApp, Viber, and Skype.
  • Receiving and sending SMS messages.
  • Gain access to calendar events, call log, contacts, images, and list of installed apps
  • Stealing Wi-Fi encryption keys.
  • Recording ambient audio and taking pictures without displaying the image on the device's screen.

Far Google has identified 1,300 Android devices infected by Tizi and removed it.
Majority of which were located in African countries, specifically Kenya, Nigeria, and Tanzania.

How to Protect your Android device from Hackers?

Such Android spyware can be used to target your devices as well, so you if own an Android device, you are strongly encouraged to follow these simple steps in order to secure yourself:

  • Ensure that you have already opted for Google Play Protect.
  • Download and install apps only from the official Play Store, and always check permissions for each app.
  • Enable 'verify apps' feature from settings.
  • When remains unattended, protect your devices with pin or password lock so that nobody can gain unauthorized access to your device.
  • Keep "unknown sources" disabled while not using it.
  • Keep your device always up-to-date with the latest security patches.

Tuesday, August 15, 2017

Who made Facebook decide to buy WhatsApp and to steal SnapChat Stories feature? 'You'

img spying facebook
A fresh report claims that Facebook is spying on its users. It knows what millions of people do on their phones. It knows what do you browse, what apps do you use, how frequently and for how long. It is gathering all the information and detailed insights of your online behavior and habits.
This information has been used to shape Facebook's product roadmap. Facebook perceived from its data analysis that its users are using WhatsApp much more frequently and for a long time so it will be a big deal to buy it. It also led Facebook to rip Snapchat's stories feature.
It's so precise that it allowed Facebook keep tabs on how many Snapchat posts users sent each day, the Wall Street Journal reports.
Onavo Protect, a free VPN app that claims to help "keep you and your data safe when you go online", has been the spying tool for Facebook for all this time. It was created by a company which is now owned by Facebook.
The app is very popular among Android and iOS users and has reportedly been downloaded by around 24 million users.
According to people familiar with the system, when Onavo Protect users browse a website or open an app, Onavo redirects the traffic to Facebook servers where the details are pushed to databases. The Facebook's product team then analyze this big data and make such big decisions.
Facebook is not alone in this spying business. Google and Apple are also keeping an open eye on its users but it is unclear that they have been using the data to improve their own product. Hmmm, they seem less selfish than FB.
However, Onavo claims that it "analyzes information about your mobile data and app use" and may share the data with "affiliates" for targeted advertising.
This setup reportedly allowed Facebook to figure out just 'how devastating an impact the rollout of Stories on Instagram has on Snapchat' popularity and growth, long before Snapchat released any of the details itself and to add Stories clones to Facebook Messenger and Whatsapp.

Reference: Wall Street Journal

Wednesday, April 19, 2017

How To Protect Your Online Privacy? Try To Keep Your Private Things Private

Being online is part of the life now. People are online from home, school, library, roads and washrooms. Sitting on a toilet and chatting with a buddy or playing games is a habit of many. Do you know what you actually do when you browse the Internet? Yes ? No ? Alright, Lemme tell you. You just access someone's else computer. But the same can happen with you. Once you get on a network, you raise a security risk for your digital life as well as your real life events. Are you sure that you are the only one in authority who can use your resources? (By resources I meant PC, Smartphone, Webcam, Mic or anything that can be on the Internet). Are you really sure that nobody is spying on you? Do you have someone or something which can tell you 'Watch out'? If you have, is it trustworthy?
Hmmm, So what to do? Here