Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#hacking’

privacy-coins-and-bitcoin-dominance-guide

9 Important Privacy Settings for Windows 10

June 3, 2019

Matt Powell On Jun 3, 2019

At first glance, the Digital Age may seem like a wonderful thing. And in many ways, it is. Advances in technology have provided humanity with many qualities of life changes in various aspects of our lives from optimization in commercial operations to an AI reminding you to take the lasagna out the oven because you’re occupied with your three kids.
However, unfortunately, the Digital Age is a double-edged sword. Just as technology has made life easier for us, it has also diminished personal privacy to an all-time low and made digital crimes easier to commit.

Hacking is becoming a more prominent problem with every passing year. Don’t believe me? Ask the Marriott hotel chain that had the personal information of up to 500 million customers compromised in a data breach last year. Or Equifax, a credit bureau that was the victim of a cyber attack that may have compromised the data of around 140 million Americans. Or ask any of the 12 countries that were the victim of cyber attacks by a Chinese hacker group. Cyber attacks that affected hundreds of companies and organizations, and went on for years. Scared yet?

Cybercriminals are getting smarter, and everyone needs to start taking measures to protect themselves online from malicious cyber attackers. It is 2019. VPNs were once highly recommended, but now they are all but mandatory for Internet use. Ad blockers are also a huge defense for consumers online. Amongst younger people, the use of ad blocks is typically to combat against the constant and annoying ads they see attached to YouTube videos. But that’s not all they do. You know how when you go to a website to read an article and your screen gets bombarded with a bunch of pop up ads? You try to exit out of them or go back to a previous page but keep getting redirected to the same ads? Ad blockers can help with that. Standard ad blockers don’t work on Hulu video ads, but hey, we can’t have everything right?

And don’t think for a second that it’s just the standard cybercriminal who is out to invade your privacy. The big tech companies who provide you with the technology you know and love have also gotten really nosy too. At the rate they are going, tech companies like Amazon will know your breathing and eating patterns. No one knows for sure what they do with our data (aside from selling it to third-parties for advertisement purposes), but they kind of want all our data and it’s really unnerving.

Luckily, the companies who try to invade your privacy also provide you with the means of maintaining your privacy, and it is important for you to know how to make your technology truly work for you.

Key privacy settings for Windows 10
Windows 10 was not well-received upon release for a number of reasons. One of those reasons that Windows 10 invades your privacy. By default. For this reason alone, people in the tech community put off upgrading to Windows 10 for years. But casual users likely have no idea how invasive Windows 10 is. That’s where we come in.

Windows 10 is (unfortunately) the best Microsoft operating system so far right now, so users are going to need to use it sooner or later. And if you don’t know how to keep yourself protected while using Windows 10, that’s where we come in.

Here’s how to keep your privacy intact and your data safe from cybercriminals and nosy tech companies.

1. Don’t choose the Express Settings Installation option when installing Windows 10
This point actually applies to all technology moving forward. Taking advantage of express options that take care of the process for you, strips you of your agency and can make you complacent. Tech companies cannot be trusted, and you have no idea what you’re agreeing to because you’re too busy enjoying not having to do anything. As stated earlier, Windows by default is looking to invade your privacy and harvest your data. When you install Windows 10, be sure to select Custom Settings and do everything yourself.

The next step is heading into your Privacy settings. You can do so by simultaneously pressing the Windows key and the I key. One thing to keep in mind here is that the following tips apply to general Windows 10 settings, but for apps, you will have to adjust a lot of the privacy settings individually. Keep that in mind before you download a bunch of apps or you’ll be in the settings more than the apps themselves!

2. Get rid of Cortana. Or at least restrict her.
Cortana from the Halo series of video games is pretty cool. Microsoft’s Cortana? Not so much. If you don’t want Cortana knowing all of your business, then you need to adjust her settings. If you want to shut Cortana out entirely, head into the Cortana Settings of your PC and select the ‘Clear Cortana Data’ option to leave Cortana completely in the dark.

If you’d like to have Cortana around in a limited capacity, simply uncheck the information that you don’t want her to know such as your contacts, location, communication history, and Internet history.

3. Turn off your location
Windows 10 automatically tracks your location at all times. They keep this information for up to 24 hours and can share this information with any third-party app that has location permission (Remember to adjust the privacy of your apps!) That’s a little too uncomfortable for my part, and for a lot of other people. You can prevent this by turning your location off in the privacy settings.
4. Get rid of ad tracking
By default, every Windows user has an advertising ID that tracks your browsing/shopping history. Windows sends this data over to their advertising partners and said partners use this data to personalize the ad campaigns directed towards you.

Sound kind of weird? You can turn off ad tracking by checking off for the option that says “Let apps use my advertising ID”.

5. Disable your camera access
For those of you who have played Grand Theft Auto 5, you remember the scene where Lester says he is going to reverse engineer a webcam and spy on those sorority girls again? That’s a real thing that can actually happen. It’s not hard to highjack a simple camera. Up until now, we have been discussing the invasion of your privacy online, but here, someone could actually see you personally if they wanted to. That’s terrifying.

Even Mark Zuckerberg tapes up his camera just as a safety precaution. You don’t need to go that far (Unless you want to), but you can at least turn camera access off for your device and apps in the privacy settings. A lot of people don’t even use their camera, so there’s no need to take on an unnecessary privacy risk. And if you ever need to turn it back on, that’s easy to do.

6. Disable microphone access
In case you were wondering, Mark Zuckerberg tapes up his microphone too. Now granted most people aside from politicians, secret agents, and business executives probably don’t need to go this far, more safety never hurt anyone right? If you don’t want to be an unintentional radio show host, turn off your microphone in your privacy settings to keep anyone from tuning in.

7. Manage your App Access
Head into the ‘Account Info’ tab of your privacy settings, and you’ll see that by default apps are allowed access to your name, picture, and other account info. Other account info being intentionally vague to keep users in the dark and as many exploitable loopholes open as possible. Do yourself a huge favor and close these holes up by turning this default setting off. As is standard, you can select individual apps to have access to your account info.

8. Get rid of Timeline tracking
Timeline tracking is Windows recording all of the websites that you have visited. Turn off timeline tracking in your privacy settings to keep this from happening. You obviously won’t browse the internet once and then never do so again, so you will have to do this regularly. You also need to manually delete your browsing history, but I am sure this is something most people are used to doing.

9. Fix your privacy settings after every major update. You have no choice.
What if I told you that after all the work you did on customizing your privacy settings, that you will have to do it all over again from time to time? Well, I am telling you.

Whenever there is a major update, Microsoft resets all privacy settings to default and it’s back to data harvesting they go. Sounds very consumer friendly right? Despite constant complaints about this, Microsoft has not fixed this annoyance.

What’s worse, is you probably have automatic updates turned on, which means a major update could occur, your privacy settings have been reset, and you will have no idea. Microsoft keeps users in the dark about all of this because of course, they do.

So, unfortunately, this process will not be a one-time thing. You can, however, fight back a little. There is a way to prevent automatic updates from occurring which means you can decide when you want to start this rodeo all over again.

Conclusion
Technology is a wonderful thing, but it’s also a huge pain. If you want to stay safe online, you will have to take a very active role in maintaining your privacy. It’s unfortunate that we cannot trust tech companies to behave themselves, but that’s just the way it is. It’s a nasty game, but now that you know the rules, you can beat them at it. Stay safe!

Tags: , ,

ethereum-11-796x431

Researcher demonstrates how vulnerable Ledger Nano S wallets are to hacking

March 21, 2018

Cryptocurrency hardware wallet manufacturer Ledger can’t seem to catch a break.

Weeks after the company confirmed a flaw in its wallets which makes them susceptible to man-in-the-middle-attacks, independent security researcher Saleem Rashid has demonstrated a new attack vector hackers can employ to break your Ledger Nano S and steal your precious coins – both physically and remotely.
“The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element,” Rashid explains in a blog post. “An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.”

The researcher has outlined at least three separate attack vectors, but his report focuses on the case of “supply chain attacks” which do not require infecting target computers with additional malware, nor do they insist on the user to confirm any transactions.

As Rashid notes, the Nano S is equipped with two separate microcontroller units. One of the microcontrollers stores the private key and other confidential data, while the other one acts as its proxy to support its display function, buttons, and USB interface.

In the current setup, the former microcontroller can only communicate directly to the second unit, but the latter unit can communicate with peripherals on behalf of the former.

The problem, according to Rashid, is that unlike the former microcontroller which can perform cryptographic attestation to determine whether the device is running genuine Ledger firmware, the latter microcontroller has no way of confirming such information since it is non-secure.

The researcher points out the company has indeed implemented some mechanisms against hardware and software spoofing, but is quick to note that due to the non-secure nature of the latter microcontroller, the verification process is practically futile from the start.

This means that non-technical users are stuck with a device susceptible to attacks, but have no easy way of confirming their device hasn’t been tampered with. What is worse is that Ledger does not provide tamper-proof packaging because its devices are built to prevent any such interception or spoofing.

“Since the attacker controls the trusted display and hardware buttons, it is astonishingly difficult to detect and remove a well-written exploit from the device,” he wrote.

While CEO Eric Larchevêque has downplayed the severity of the vulnerability in comments on Reddit, Ledger has since released a firmware update (1.4.1) that mitigates the architecture shortcomings of the Nano S. You can grab the patch here.

In fact, Rashid himself has urged users to get the update as soon as possible.
Rashid further warns that the new Ledger Blue, which functions identically to the Nano S, has yet to get a firmware update. For what it’s worth, the researcher is first to admit that he hasn’t had a chance to look into Blue’s architecture in depth – so there is a chance the device is not vulnerable to this exploit.

This is at least the second time the French cryptocurrency wallet manufacturer has come under fire for the deficient security of its devices. A few weeks back we wrote about a flaw in Ledger hardware wallets which makes it possible to infect the devices with malware designed to trick users into unknowingly sending their cryptocurrency to hackers.

While the company ultimately confirmed the issue, it added there is “no evidence that anyone in the Ledger community was impacted by this issue.”

It then went on to downplay the severity of the attack vector, arguing that the issue “is an industry wide issue.”

“All hardware wallets are affected,” a Ledger spokesperson told TNW over email back then. “This is not a vulnerability of the device, but a reminder about the fact you cannot trust what you see on the screen of your computer.”

We reached out to Ledger for further comment, but the company could not provide us with a written statement at the time of writing. We will update this piece with their statement as soon as we hear back from them.

In the meantime, those curious about all the little technical details behind the vulnerability disclosure can peruse the full report on Rashid’s official blog here.

Tags: , ,

pr

Data-hucksters beware – online privacy is making a comeback

August 22, 2017

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws.

Second, the purpose of the new regulation is to strengthen and rationalise data protection for all individuals within the EU. It also covers the export of personal data to outside the bloc. Its aims are to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different jurisdictions, companies will effectively be able to obtain a “passport” for the entire region, much as financial services firms have been able to acquire.

Given that the use, abuse and exploitation of personal data has become the core business of the internet, anything that affects this is going to be a big deal. The GDPR extends EU data-protection law to all foreign companies that process the data of EU residents. So even if a company has no premises or presence within the EU, if it processes EU data it will be bound by the regulation. And the penalties for non-compliance or infringement are eye-watering, even by internet standards: fines up to €20m and/or 4% of global turnover.

Advertising Age concludes that the new regulation will ‘rip the global digital ecosystem apart’
The GDPR applies both to data “controllers” (who determine how and why personal data is processed) and “processors” (who handle the data on the controller’s behalf). The obligations on controllers are broadly similar to those imposed by current data-protection law. But if you’re a processor, then the regulation imposes specific legal obligations on you to maintain records of personal data and processing activities and you will have significantly more legal liability if you are responsible for a data breach. And any breach, no matter how small, has to be reported to the authorities within 72 hours.

More significantly, the GDPR extends the concept of “personal data” to bring it into line with the online world. The regulation stipulates, for example, that an online identifier, such as a device’s IP address, can now be personal data. So next year, a wide range of identifiers that had hitherto lain outside the law will be regarded as personal data, reflecting changes in technology and the way organisations collect information about people.

The regulation gives important new rights to citizens over the use of their personal information. They have the right, for example, to contest and fight decisions that have been made about them by algorithms processing their data. Valid consent has to be explicitly obtained for any data collected and for the uses to which it will be put. Consent for children’s data must be given by parents or guardians and data controllers must be able to prove that consent has been obtained.

Citizens will now have the right to request the deletion of personal information related to them – and companies will have to be able to prove that the offending data has been properly wiped (which may be more difficult than it sounds). And so on.

For many traditional companies – the ones that keep HR records, customer lists, contact details etc – the GDPR will probably make little practical difference, except for more onerous compliance requirements. But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.

Facebook and Google should be OK, because they claim to have the “consent” of their users. But the data-broking crowd do not have that consent. As Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.

Not before time, IMHO. In the meantime, three cheers for the EU. And – since you ask – the UK government has decided that the GDPR will apply here even after Brexit.

Tags: , , ,

hacker-coder-developer-software-programmer-alphanumeric-matrix

Hacking capture-the-flag event coming to rAge 2017

February 21, 2017

SecureConekt has announced it is organising a hacking competition for the rAge Johannesburg event in October.

The hacking event’s organiser, Errol Enslin, said rAge has partnered with them to establish the competition for hackers.

Enslin said they are assessing what interest there is for such a competition, which will determine the type of capture-the-flag (CTF) events:

Jeopardy-style CTF: Teams complete tasks in range of categories, such as web, forensic, crypto, and binary. Points are awarded for solving tasks, with complex tasks worth more points. Once a task is complete, the team may progress to the next one.
Attack-Defence: Teams must defend their vulnerable host, or hosts, while attacking the other team.
Mixed competitions: A combination of task-based and versus competitions, with a weighted total score determining the winner.
“CTF games often touch on many other aspects of information security: cryptography, steganography, binary analysis, reverse engineering, mobile security, and others,” said Enslin.

“We will set up a decent prize, so competing will be worth it.”

He said the competition will give South African hackers a way to measure their skill and will help grow the local community.

“Hackathons are a good way for the administrators to witness what [hackers] are facing day to day.”

It will also give corporate security employees a tool to test their abilities within a controlled environment, he said.

Tags: ,

pp

WhatsApp scams: Gold, free money, spying apps and everything else you should worry about

November 4, 2016

Almost everybody uses WhatsApp. That’s what makes it so useful – but it’s also what makes it so dangerous.

As WhatsApp and other chat apps have grown, they’ve also picked up their unfair share of scams. They come in many different forms, and are often very convincing.

But the advice for steering clear and staying safe is the same as it is everywhere else on the internet, really. Just make sure that you stay vigilant and don’t fall for anything that seems too good or too worrying to be true.

Here’s some of the things you should be looking out for.

Voucher scams

This is a tale at least as old as text messages. But it’s lived on into the WhatsApp age and is showing no sign of dying.

It works like this: a message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they’ve found. The deal will usually be good – a voucher for £100 off at Sainsbury’s or TopShop, for instance, usually justified by the fact that the company is changing one of its systems or something.
But it’s barely ever real. The messages usually come with a link that actually takes you to another website and tricks you into giving your personal information over.

Staying safe from these is fairly simple: don’t ever click a link you’re not sure about and certainly don’t ever hand over personal information to a website you haven’t checked.

WhatsApp ending

Other fake messages claim that WhatsApp is going to end, unless enough people share a certain message. It isn’t happening.

The messages often look convincing, claiming to come from the CEO or another official. And they’re written using the right words and phrases, looking like an official statement.

But any official statement wouldn’t need users to send it to everyone like a round robin. If WhatsApp does actually shut down, you’ll either see it in the news or it’ll come up as a proper notification in the app from the actual WhatsApp team.

Or it’s shutting down your account

This is very similar – and a similarly old trick. They will usually say something that looks like an official message that claims that people’s WhatsApp accounts are being shut down for being out of use. Sending the message on will prove that it’s actually being used and

It’s not true. This is the kind of thing that’s been going round the internet for years – and has never actually been the case.

It works very well because it feels like the kind of thing that might happen, and instructs people to share it along.

Or making you pay

This, again, is the same. The only difference is that the message supposedly exempts you from having to pay for your account. It doesn’t, because the company isn’t ever going to force people to pay (and, if it does, it’ll announce it in the normal way).

As with all of these, ignore them and don’t forward them on.

WhatsApp Gold or WhatsApp Premium

This, unlike the other scams, is specific to WhatsApp. But it’s just as wrong.

The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security features.

The problem is that it’s far from secure – and is actually entirely made up. Downloading the app infects people’s phones with malware and helps them get used for crime. And sometimes it will force people to pay for something that not only is dangerous, but certainly won’t actually help make WhatsApp any better at all.

Emails from WhatsApp

Emails are dodgy enough. Emails plus WhatsApp are even dodgier.

There’s a range of scams out there that send people emails that look like they’ve come from WhatsApp, usually looking like a notification for a missed voice call or voicemail. But when people click through, they end up getting scammed – either by being tricked into giving over their information or through other means.

Don’t ever click on an email from a questionable sender. And WhatsApp will never send you emails including information about missed calls or voicemails.

Any you do get should be ignored and send to the junk.

Fake WhatsApp spying apps

It’s just not possible to let people spy on other’s conversations on WhatsApp – or at least it shouldn’t be – because the company has end-to-end encryption enabled, which makes sure that messages can only be read by the phones that send and receive them. But the possibility of reading other people’s chats seems very exciting – so exciting that it’s being used for scams.

The apps at their best encourage people to download something that isn’t actually real. At their worst they encourage people to pay money for fake users, install malware, or actually do read your chats once they’ve got onto your phone.

You won’t be able to read anyone else’s chats, unless you actually have their phone. But the makers of spy apps might be able to read yours.

Intruders on your conversations

And this isn’t so much a hoax as a continual worry. WhatsApp is in fact a very secure platform – that’s why many of these things come as messages rather than viruses or anything else – but there are issues.
Last month, when Amnesty said that the app was the safest chat app, security experts rushed to point out that there is actually a range of security problems. Those include the fact that the company is getting increasingly trigger happy about handing data over to its users, and also that its encryption can be got around in various ways.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more
pr
Coffee with Privacy Pros: Three Constants of Privacy
April 23, 2019

A look behind the career and privacy theology of the law-lovin’ CPO of Uber, Ruby Zefo Jared Cose...

Read more
privacy-coins-and-bitcoin-dominance-guide
We’ve Stopped Talking And Searching About Privacy
April 15, 2019

Kalev Leetaru Contributor AI & Big Data I write about the broad intersection of data and soci...

Read more