All posts by admin_GVR132

Facebook privacy policy for itracker app

Facebook privacy policy for itracker app

In using our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

We collect information on Facebook public feed and our own posts to better understand what is trending.

Any additional information collected related to a user account will need user’s approval for authorization.

We do not store any collected information and we do not sell or share your information with Third Parties.

 

 

Google keeps history of voice search records

Google could have a record of everything you have said around it for years, and you can listen to it yourself.

The company quietly records many of the conversations that people have around its products.

The feature works as a way of letting people search with their voice, and storing those recordings presumably lets Google improve its language recognition tools as well as the results that it gives to people.

But it also comes with an easy way of listening to and deleting all of the information that it collects. That’s done through a special page that brings together the information that Google has on you.

It’s found by heading to Google’s history page and looking at the long list of recordings. The company has a specific audio page and another for activity on the web, which will show you everywhere Google has a record of you being on the internet.

The 4 most popular cyber crimes

Phishing – The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank’s, or installs malware on your system.

A report by Verizon into data breach investigations has shown that 23% of people open phishing emails.

Identity theft – According to fraud protection agency Cifas, the number of victims rose by 31 per cent to 32,058 in the first three months of 2015. Criminals use online ‘fraud forums’ to buy and sell credit cards, email addresses and passports.

Hacking – In a Verizon study of security breaches there were 285 million data exposures, which works out to about 9 records exposed every second. 26% of these attacks were executed internally within organisations.

It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.

Online harrassment – Over half of adolescents and teens have been bullied online, while 73% of adult users have seen someone harassed in some way online and 40% have experienced it.

German cyber security watchdog raises attack alert level

Germany has raised its alert level against against cyber attacks to “heightened readiness” ahead of parliamentary elections, saying government websites are already subjected to daily assault, according to reports.

“We are noticing attacks against government networks on a daily basis,” Arne Schoenbohm, president of Germany’s Federal Office for Information Security (BSI), told the newspaper Welt am Sonntag.

BSI is in close contact with election officials, political parties and German federal states to discuss how to guard against cyber attacks and stands ready to react to potential attacks ahead of the elections, Mr Schoenbohm said.

The newspaper did not give details of the number and types of alert levels, but said the level has been raised since cyber attacks interfered in the US presidential election.

BSI could not immediately be reached for comment. It is due to hold a press conference in Hanover on Monday at CeBIT, Germany’s largest annual technology conference.

The president of Germany’s BfV domestic intelligence service, Hans-Georg Maassen, warned in late February that industrialised countries were becoming increasingly vulnerable to cyber attacks as industry increases the adoption of digital technologies.

Simple ways an SME can guard itself from cybercrimes

1. Get secure office hardware.

“In the scramble to secure the cloud, hardware is often overlooked,” says Christoph Schell, president, Americas, HP Inc. “The truth is, if you have 500 employees, it is easier to have one secure cloud structure than it is to secure 500 laptops. Reduce your risk through security-centered device management and proactive practices and policies to engage each employee in the security process.”

In addition to creating a secure network, small businesses must select secure hardware and adopt secure protocols to really protect themselves. HP Inc., has developed security software Touchpoint Manager to help companies streamline their protection policy, minimize security vulnerabilities and monitor protected systems.

2. Keep spies out of your email.

Marketers, lawyers and sales people are widely using email tracking solutions to improve sales and better engage with prospects and current clients. Those solutions are popular in CRM systems as well. But cybercriminals are also using these tools to track the date and time emails are opened, where they are opened, where they are forwarded and so forth.

MailControl allows companies to block spymail from hitting their inbox. It is an especially effective tool in preventing targeted phishing attacks from reaching your business.

3. Stop ransomware.

The most prevalent cyber security risk to small businesses today is ransomware. The FBI estimates that over 4,000 U.S. businesses are infected by ransomware every day.  Ransomware takes control of the files on small business networks by encrypting them and holding them for ransom. The existing tools, like anti-virus, are not effective against the rapidly changing variants.

WatchPoint has an easy to use tool, called CryptoStopper, which small businesses can download and install to protect their network. CryptoStopper deploys bait files throughout a network. When these bait files are encrypted, the infected user is isolated, and the ransomware is stopped before doing damage. This is a new and unique approach to stopping ransomware.

4. Train your employees.

One of the most common, and preventable, attacks on small businesses is a social-engineering attack triggered by phishing attempts, improper web use or incoming phone calls. The most current training systems on the market are designed for large enterprises, but some companies set up our solution to help any size business, from those with just a few employees to those with thousands.

Security Awareness Training — Security Mentor: Employees aren’t always ready to combat a cyberattack or know when they are being baited into one. Security Mentor has created 10-minute lessons with its Security Awareness Training program. Small businesses will be able to train employees to be aware and alert, while making the right choices in a potential cyber crisis through these brief, online lessons.

5. Get SLL for your website.

Traditionally, companies have used SSL/TLS certificates (displayed as “https”) only on shopping carts or login pages. This can help, as it encrypts the data being sent between the customer’s computer and the SMB’s web server. Also, if companies use an Extended Validation (EV) certificate, the web browser will display a green padlock and website-address bar, as well as the company’s name next to the website address.

Today, though, companies are encouraged to follow what’s known as Always on SSL. This means that the entire website is protected by https, instead of just a couple of pages. This helps protect against modern attacks that seek to steal information when a site visitor browses between secure and not-secure pages.

Finally, Dan Hubbard, product CTO of Cloud Security, Cisco Systems, shared some advice. “There are a few things small businesses can do,” he said. First, make sure you have security solutions in place that are proven to detect and stop the majority of malware — and make sure they are deployed at critical points within the company.

“Second, in terms of ransomware: Back up your data. If you have a copy of your information that the attackers can’t get to, you are not at their mercy.”

Cyber-security: Open Source Security Tools to secure networks and systems

There are thousands of open source security tools with both defensive and offensive security capabilities.

The following are 10 essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and easy to start getting value from.

1. Nmap – map your network and ports with the number one port scanning tool. Nmap now features powerful NSE scripts that can detect vulnerabilities, misconfiguration and security related information around network services. After you have nmap installed be sure to look at the features of the included ncat – its netcat on steroids.

2. OpenVAS – open source vulnerability scanning suite that grew from a fork of the Nessus engine when it went commercial. Manage all aspects of a security vulnerability management system from web based dashboards. For a fast and easy external scan with OpenVAS try our online OpenVAS scanner.

3. OSSEC – host based intrusion detection system or HIDS, easy to setup and configure. OSSEC has far reaching benefits for both security and operations staff.

4. Security Onion – a network security monitoring distribution that can replace expensive commercial grey boxes with blinking lights. Security Onion is easy to setup and configure. With minimal effort you will start to detect security related events on your network. Detect everything from brute force scanning kids to those nasty APT’s.

5. Metasploit Framework – test all aspects of your security with an offensive focus. Primarily a penetration testing tool, Metasploit has modules that not only include exploits but also scanning and auditing.

6. OpenSSH – secure all your traffic between two points by tunnelling insecure protocols through an SSH tunnel. Includes scp providing easy access to copy files securely. Can be used as poor mans VPN for Open Wireless Access points (airports, coffee shops). Tunnel back through your home computer and the traffic is then secured in transit. Access internal network services through SSH tunnels using only one point of access. From Windows, you will probably want to have putty as a client and winscp for copying files. Under Linux just use the command line ssh and scp.

7. Wireshark – view traffic in as much detail as you want. Use Wireshark to follow network streams and find problems. Tcpdump and Tshark are command line alternatives. Wireshark runs on Windows, Linux, FreeBSD or OSX based systems.

8. BackTrack – an Ubuntu based Linux distribution that is configured with hundreds of security testing tools and scripts. Backtrack is well known with penetration testers and hobbyists alike.

9. Nikto – a web server testing tool that has been kicking around for over 10 years. Nikto is great for firing at a web server to find known vulnerable scripts, configuration mistakes and related security problems. It won’t find your XSS and SQL web application bugs, but it does find many things that other tools miss. To get started try the Nikto Tutorial or the online hosted version.

10. Truecrypt – encrypt all the things. Truecrypt is a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. Use Truecrypt to protect your flash drives. If it gets lost, even the NSA will have trouble reading the data.

CloudPets teddy bears’ database exposed

CloudPets (a brand owned by Spiral Toys)data has leaked exposing kids’ recordings.

The data that was stored in a MongoDB was publicly facing network segment without any authentication required and had been indexed by Shodan (a popular search engine for finding connected things).

Unfortunately, things only went downhill from there. People found the exposed database online.

CloudPets had left their database exposed publicly to the web without so much as a password to protect it.

How a typo took down Amazon’s S3

Earlier this week, much of the internet ground to a halt when the servers that power them suddenly vanished. The servers were part of S3, Amazon’s popular web hosting service, and when they went down they took several big services with them. Quora, Trello, and IFTTT were among the sites affected by the disruption. The servers came back online more than four hours later.

In a note posted to customers, Amazon revealed the cause of the problem: a typo. On Tuesday morning, members of the S3 team were debugging the billing system. As part of that, the team needed to take a small number of servers offline. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended,” Amazon said. “The servers that were inadvertently removed supported two other S3 subsystems.”

The subsystems were important. One of them “manages the metadata and location information of all S3 objects in the region,” Amazon said. Without it, services that depend on it couldn’t perform basic data retrieval and storage tasks.

After accidentally taking the servers offline, the various systems had to do “a full restart,” which apparently takes longer than it does on your laptop. While S3 was down, a variety of other Amazon web services stopped functioning, including Amazon’s Elastic Compute Cloud (EC2), which is also popular with internet companies that need to rapidly expand their storage.

Amazon said S3 was designed to be able to handle losing a few servers. What it had more trouble handling was the massive restart. “S3 has experienced massive growth over the last several years and the process of restarting these services and running the necessary safety checks to validate the integrity of the metadata took longer than expected,” the company said.

As a result, Amazon said it is making changes to S3 to enable its systems to recover more quickly. It’s also declaring war on typos. In the future, the company said, engineers will no longer be able to remove capacity from S3 if it would take subsystems below a certain threshold of server capacity.

It’s also making a change to the AWS Service Health Dashboard. During the outage, the dashboard embarrassingly showed all services running green, because the dashboard itself was dependent on S3. The next time S3 goes down, the dashboard should function properly, the company said.

“We want to apologize for the impact this event caused for our customers,” the company said. “We will do everything we can to learn from this event and use it to improve our availability even further.”

Soka

The word “soka” is a Swahili translation for the English word “soccer”.

Soka mobile applications features fixtures and live cores of the most popular football leagues in the world.

A mobile user can select matches that he / she will be notified of when the matches are about to start.

The mobile apps support push notification to receive updates on fixtures availability.