Category Archives: tech

Google keeps history of voice search records

Google could have a record of everything you have said around it for years, and you can listen to it yourself.

The company quietly records many of the conversations that people have around its products.

The feature works as a way of letting people search with their voice, and storing those recordings presumably lets Google improve its language recognition tools as well as the results that it gives to people.

But it also comes with an easy way of listening to and deleting all of the information that it collects. That’s done through a special page that brings together the information that Google has on you.

It’s found by heading to Google’s history page and looking at the long list of recordings. The company has a specific audio page and another for activity on the web, which will show you everywhere Google has a record of you being on the internet.

The 4 most popular cyber crimes

Phishing – The aim is to trick people into handing over their card details or access to protected systems. Emails are sent out that contain either links or attachments that either take you to a website that looks like your bank’s, or installs malware on your system.

A report by Verizon into data breach investigations has shown that 23% of people open phishing emails.

Identity theft – According to fraud protection agency Cifas, the number of victims rose by 31 per cent to 32,058 in the first three months of 2015. Criminals use online ‘fraud forums’ to buy and sell credit cards, email addresses and passports.

Hacking – In a Verizon study of security breaches there were 285 million data exposures, which works out to about 9 records exposed every second. 26% of these attacks were executed internally within organisations.

It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.

Online harrassment – Over half of adolescents and teens have been bullied online, while 73% of adult users have seen someone harassed in some way online and 40% have experienced it.

German cyber security watchdog raises attack alert level

Germany has raised its alert level against against cyber attacks to “heightened readiness” ahead of parliamentary elections, saying government websites are already subjected to daily assault, according to reports.

“We are noticing attacks against government networks on a daily basis,” Arne Schoenbohm, president of Germany’s Federal Office for Information Security (BSI), told the newspaper Welt am Sonntag.

BSI is in close contact with election officials, political parties and German federal states to discuss how to guard against cyber attacks and stands ready to react to potential attacks ahead of the elections, Mr Schoenbohm said.

The newspaper did not give details of the number and types of alert levels, but said the level has been raised since cyber attacks interfered in the US presidential election.

BSI could not immediately be reached for comment. It is due to hold a press conference in Hanover on Monday at CeBIT, Germany’s largest annual technology conference.

The president of Germany’s BfV domestic intelligence service, Hans-Georg Maassen, warned in late February that industrialised countries were becoming increasingly vulnerable to cyber attacks as industry increases the adoption of digital technologies.

Cyber-security: Open Source Security Tools to secure networks and systems

There are thousands of open source security tools with both defensive and offensive security capabilities.

The following are 10 essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and easy to start getting value from.

1. Nmap – map your network and ports with the number one port scanning tool. Nmap now features powerful NSE scripts that can detect vulnerabilities, misconfiguration and security related information around network services. After you have nmap installed be sure to look at the features of the included ncat – its netcat on steroids.

2. OpenVAS – open source vulnerability scanning suite that grew from a fork of the Nessus engine when it went commercial. Manage all aspects of a security vulnerability management system from web based dashboards. For a fast and easy external scan with OpenVAS try our online OpenVAS scanner.

3. OSSEC – host based intrusion detection system or HIDS, easy to setup and configure. OSSEC has far reaching benefits for both security and operations staff.

4. Security Onion – a network security monitoring distribution that can replace expensive commercial grey boxes with blinking lights. Security Onion is easy to setup and configure. With minimal effort you will start to detect security related events on your network. Detect everything from brute force scanning kids to those nasty APT’s.

5. Metasploit Framework – test all aspects of your security with an offensive focus. Primarily a penetration testing tool, Metasploit has modules that not only include exploits but also scanning and auditing.

6. OpenSSH – secure all your traffic between two points by tunnelling insecure protocols through an SSH tunnel. Includes scp providing easy access to copy files securely. Can be used as poor mans VPN for Open Wireless Access points (airports, coffee shops). Tunnel back through your home computer and the traffic is then secured in transit. Access internal network services through SSH tunnels using only one point of access. From Windows, you will probably want to have putty as a client and winscp for copying files. Under Linux just use the command line ssh and scp.

7. Wireshark – view traffic in as much detail as you want. Use Wireshark to follow network streams and find problems. Tcpdump and Tshark are command line alternatives. Wireshark runs on Windows, Linux, FreeBSD or OSX based systems.

8. BackTrack – an Ubuntu based Linux distribution that is configured with hundreds of security testing tools and scripts. Backtrack is well known with penetration testers and hobbyists alike.

9. Nikto – a web server testing tool that has been kicking around for over 10 years. Nikto is great for firing at a web server to find known vulnerable scripts, configuration mistakes and related security problems. It won’t find your XSS and SQL web application bugs, but it does find many things that other tools miss. To get started try the Nikto Tutorial or the online hosted version.

10. Truecrypt – encrypt all the things. Truecrypt is a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. Use Truecrypt to protect your flash drives. If it gets lost, even the NSA will have trouble reading the data.

CloudPets teddy bears’ database exposed

CloudPets (a brand owned by Spiral Toys)data has leaked exposing kids’ recordings.

The data that was stored in a MongoDB was publicly facing network segment without any authentication required and had been indexed by Shodan (a popular search engine for finding connected things).

Unfortunately, things only went downhill from there. People found the exposed database online.

CloudPets had left their database exposed publicly to the web without so much as a password to protect it.

How a typo took down Amazon’s S3

Earlier this week, much of the internet ground to a halt when the servers that power them suddenly vanished. The servers were part of S3, Amazon’s popular web hosting service, and when they went down they took several big services with them. Quora, Trello, and IFTTT were among the sites affected by the disruption. The servers came back online more than four hours later.

In a note posted to customers, Amazon revealed the cause of the problem: a typo. On Tuesday morning, members of the S3 team were debugging the billing system. As part of that, the team needed to take a small number of servers offline. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended,” Amazon said. “The servers that were inadvertently removed supported two other S3 subsystems.”

The subsystems were important. One of them “manages the metadata and location information of all S3 objects in the region,” Amazon said. Without it, services that depend on it couldn’t perform basic data retrieval and storage tasks.

After accidentally taking the servers offline, the various systems had to do “a full restart,” which apparently takes longer than it does on your laptop. While S3 was down, a variety of other Amazon web services stopped functioning, including Amazon’s Elastic Compute Cloud (EC2), which is also popular with internet companies that need to rapidly expand their storage.

Amazon said S3 was designed to be able to handle losing a few servers. What it had more trouble handling was the massive restart. “S3 has experienced massive growth over the last several years and the process of restarting these services and running the necessary safety checks to validate the integrity of the metadata took longer than expected,” the company said.

As a result, Amazon said it is making changes to S3 to enable its systems to recover more quickly. It’s also declaring war on typos. In the future, the company said, engineers will no longer be able to remove capacity from S3 if it would take subsystems below a certain threshold of server capacity.

It’s also making a change to the AWS Service Health Dashboard. During the outage, the dashboard embarrassingly showed all services running green, because the dashboard itself was dependent on S3. The next time S3 goes down, the dashboard should function properly, the company said.

“We want to apologize for the impact this event caused for our customers,” the company said. “We will do everything we can to learn from this event and use it to improve our availability even further.”

Phones supporting Windows 10 Mobile

  • Alcatel OneTouch Fierce XL

  • BLU Win HD LTE x150e

  • BLU Win HD W510U

  • BLU Win HD LTE X150Q

  • BLU Win JR x130e

  • Lumia 430

  • Lumia 435

  • Lumia 532

  • Lumia 535

  • Lumia 540

  • Lumia 550

  • Lumia 635 (1GB)

  • Lumia 636 (1GB)

  • Lumia 638 (1GB)

  • Lumia 640

  • Lumia 640 XL

  • Lumia 650

  • Lumia 730

  • Lumia 735

  • Lumia 830

  • Lumia 929 (ICON)

  • Lumia 930

  • Lumia 950

  • Lumia 950 XL

  • Lumia 1520

  • Mouse Computer Madosma Q501

  • Xiaomi Mi4

DevGuard Privacy Policy

This privacy policy governs use of DevGuard mobile application on your mobile device.

Dolphins Systems is committed to protecting your privacy and safety rights while using its mobile applications. In order to protect your privacy, the firm maintains the following privacy practices:

Personal information

DevGuard application collects telephony data upon installation and on receiving locate command requests from the user. This information is key for performance of the application in locating a lost mobile device. The information is only shared with one person whom the user selects as recipient of all tracking information.

Messaging

The application reads incoming SMS to only detect DevGuard commands that the user may send. Incoming messages are neither stored nor shared with a third party. The application sends SMS messages upon receiving locate command requests from the user. The SMS that contains personal information is only send to the Guard mobile number that the user inserted upon opening DevGuard application.

Location Data

The application requires location data to track a lost mobile device, upon installation and on receiving locate command requests from the user. The information is only shared with the Guard mobile number that the user inserted upon opening DevGuard application.

Contact

Any questions or concerns relating to privacy, should be communicated via email at devguardke [at] gmail [dot] com . Once your e-mail is received, we will review it to ensure that the privacy practices provided herein are enforced

Effective March 17, 2016

DevGuard

devguard

An Android mobile application that helps users track their lost mobile devices in Kenya. [Get from Google Play] [] []

DevGuard uses cutting edge features to increase the chances of the phone owner finding a lost phone and also preventing leakage of sensitive data to a third party.

Top Features:

• Receive fraudster alerts

• Detect SIM Card replacement

• Remotely locate lost mobile device using “locate” or “track” commands

• Remotely check telephony information

• Remotely set mobile device password using “reset password ****” command

• Remotely lock mobile device using “lock device” command

• Remotely wipe mobile device data using “wipe device” command

Note: Care should be taken when using “wipe device” command. The command should be used as a last resort because it will erase all device’s data.

DevGuard_Screenshot_1        DevGuard_Screenshot_3

Operations:

To be able to Lock the mobile device and wipe device data remotely, enable the device as Device Administrator upon installation.

A password is required to prevent unauthorized access to the mobile application.

Set up guard mobile number that will be used to remotely command the device when the mobile device is lost.

The mobile number will also receive all tracking information.

The guard mobile number should be of a trusted relative or friend because all tracking information will be send to the guard number when the device is lost.

On receiving the location coordinates, copy and paste the coordinates in https://maps.google.co.ke/ to see device’s current location.

You can search “Route” TO coordinates as “destination” to determine the path to your device.

NOTE: One should not retrieve a lost mobile device from the person in possession of the device without proper security. For your own security, liaise with a policeman to retrieve the device for you.

When a device is stolen, try as much as possible to locate the device within 15 minutes to prevent further damages your mobile device.

If the device cannot be located, send an email of the IMEI and scanned purchase receipt (for authenticity purposes) to devguardke [at] gmail [dot] com for further assistance.

googleplay

 

Free Kaspersky Tools and Utilities

  1. Kaspersky Virus Removal Tool 

    Virus Removal Tool is a utility designed to remove all types of infections from your computer. It employs the effective detection algorithms used by Kaspersky Anti-Virus and AVZ. It cannot substitute a resident antivirus application. Download

  2. Kaspersky Security Scan 

    Download the free, easy-to-use scanner that rapidly finds malware & threats that may be hidden on your PC – even if you already have an antivirus product or firewall installed. You’ll get a detailed report on your PC’s security status – plus tips on improving your PC’s protection. Download

  3. Kaspersky Rescue Disk 10 

    Kaspersky Rescue Disk is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system. Download