Archive for the ‘Tech-Software’ Category

Paybacks are hell: Parental spying prompts infiltration of German police system

Wednesday, January 11th, 2012

Der Spiegel published a story in yesterday’s edition of their magazine that the hack on the German police surveillance system “Patras” was prompted by a senior officer spying on his daughter’s internet activities.

The Patras system is used by the police to track suspects using so-called “silent” SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter’s computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father’s computer.

Upon invading her dad’s system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

The worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

– To the original…

 

Why is it not good to use proprietary Software or Formats?

Monday, October 31st, 2011

Proprietary Software can include back doors – see Skype and Microsoft.

Proprietary formats can include metadata. This is data, which you can’t see but it can lead to your identity. They caught a Greek anonymous activist, because he uploaded a word document with his real name in the metadata.

If you are no computer expert don’t upload anything else then plain TXT files to the Internet. You can use copy and past as well to post it in web services. Even graphic formats like JPEG or TIFF can include data like GPS coordinates, the used camera, user and software name.

It’s very difficult for beginners to find this metadata. So if you are a good designer like the poor Greek one, send your PDF files to a computer expert. He can clean the metadata before the upload.

These programms can show you the metadata:

PDF – BeCyPDFMetaEdit
Viewer for many formats: http://regex.info/exif.cgi

[UPDATE]
The metadata can be useful to locate the author of a document in real life, if you have questions for example. Open source programs like Libre Office uses metadata too. The trick is not to fill in your real name during installation and don’t use your real name for login.

You can use a Linux live system (like TAILS) to produce anonymous documents.

Comments:

The UK government has its problems with PDF formats too:

http://news.slashdot.org/story/11/04/17/0831204/MoDs-Error-Leaks-Secrets-of-UK-Nuclear-Submarine

“UK’s Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake.

and

FOCA is a good program to show meta data for windows. You have to give an email adr. to dowload the program …

http://www.informatica64.com/DownloadFOCA/

– To the original…

 

QR Tags Can Be Rigged to Attack Smartphones

Tuesday, September 13th, 2011

A blogger has demonstrated how these innocuous tags can be made into cybercrime weapons

The one to the side here says, “Samadhisoft Blog” and is harmless.

You’ve probably seen QR tags thousands of times, from advertisements in the subway to coupon flyer in the mail to products in the supermarket. They look like stamp-size bar codes, a grid of small black-and-white rectangles and squares, usually with bigger black squares in the corners.

A marketer’s dream-come-true, these tiny images are capable of storing and transmitting loads of data directly to the smartphones of interested customers. When a person scans a QR tag with a smartphone, the tag can do any number of things, including taking the user right to the product’s website.

But like any technology, they can also be manipulated to bite the hands — or phones — that feed them. On the mobile security blog Kaotico Neutral, researcher Augusto Pereyra demonstrated how these innocuous QR tags can be made into cybercrime weapons.

In his proof-of-concept hack, Pereyra took a QR tag he created from a free online tag creator and embedded in it the URL for an attack server called evilsite.dyndns.org. When the target smartphone scanned the tag, the browser was directed to the spoofed site and fed malware.

QR tags are touted for their convenience, but it’s that same convenience — coupled with their increasing prevalence — that Pereyra believes could allow them to becomedangerous attack vectors. Popular QR tag-scanning software, such as ScanLife, automatically takes mobile browsers to the site embedded within the tag, and while it makes the process quick, it does nothing for its safety.

“This is a serious problem since this is the equivalent of clicking a link with your eyes closed,” Pereyra wrote.

– More…

Trojan virus steals banking info

Thursday, November 6th, 2008

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as “one of the most advanced pieces of crimeware ever created”.

The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.

RSA said the trojan virus has infected computers all over the planet.

“The effect has been really global with over 2000 domains compromised,” said Sean Brady of RSA’s security division.

He told the BBC: “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada.”

The RSA’s Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.

Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.

Security companies recommend that PC owners keep anti-virus programs up to date and regularly scan their machine for malicious software.

The lab said no Russian accounts were hit by Sinowal.

“Drive-by downloads”

RSA described Sinowal as “one of the most serious threats to anyone with an internet connection” because it works behind the scenes using a common infection method known as “drive-by downloads”.”

Users can get infected without knowing if they visit a website that has been booby-trapped with the Sinowal malicious code.

More…

070105 – Friday – Technical doo-dah

Thursday, January 4th, 2007

If you’re developing software with Microsoft’s Embedded VC++ 4.0 IDE and you’ve received the following error message:

There is no device installed. Please go to Configure Platform Manager to add a device.

then follow this link:

If none of that means anything to you, please excuse it as the ravings of a tech-weenie who’s had too much coffee and more than a few problems with this error messages this morning.

Cheers!

Skype – software you should know about

Thursday, August 17th, 2006

With my upcoming trips to New Zealand, I’ve developed an interest in how I might communicate between here (Seattle) and there (Christchurch) economically. I’d heard about Voice Over Internet Protocol (VoIP) sometime ago but back then it had a bad rap. Poor sound quality, drops, stuttering, delays, echos. All of the sorts of problems you might imagine when your voice is broken up onto many discrete packets and each sent out over the Internet to all find their independent paths to the destination computer. Well, apparently the technology has gotten a lot better in the last year or two.

I’m going to tell you about a VoIP program named Skype which is given away for free in its basic form. Its basic form allows any two people with Skype, a computer, and a high-speed Internet connection to communicate with each other free from anywhere in the world. Yes, free – utterly and completely free.

Now, you might wonder how they make any money doing this. Well, these are idealistic people but they do have some money making options which, if you add them onto the basic Skype, will cost you a bit. These are called SkypeIn and SkypeOut.

So, what do you need? A high-speed Internet connection (I suspect it will work with slow-speed modems as well but I doubt the quality would be as good), a computer, a set of head-phones and a microphone – and, of course, the Skype software.

You can download Skype here:

Installing it is dead easy. The only problems and confusion I ran into had to do with getting it to talk to my sound card. Basically, you have to make Skype and Windows agree on which Sound Device they are sharing and you’ll need to make sure that Windows is ‘listening’ to your microphone.

You can find your Windows settings at Control Panel > Sounds and Audio Devices.

You can find Skype’s settings at Skype > Tools > Options.

You can enable the microphone by double-clicking the tiny speaker at the lower right of your Windows screen and then choosing Options > Properties > Recording and then make sure that the microphone is checked so it is ‘on’.

You mileage may vary if you are running a different version of Windows but it should be basically the same. FYI, I’m running Microsoft Server 2003 here.

I’ve got the Skype program up and running now and it shows 4,059,740 users on-line. Sound like a lot of folks figured this out before I got here, eh?

So, everyone on Skype has a handle or a name. Mine is ‘gallymon’. Yours can be whatever you want. The program has a lot of fun stuff you can do like setup a profile and a photo of yourself. But, you can figure all of that out yourself.

I’ve talked to Eugene, Oregon and Mumbai, India so far and the signal and clarity has been fine. I’m pretty confident that this is going to work for my wife and I when I’m down in New Zealand this November, December and January.

So, SkypeIn and SkypeOut. They charge for these. What do they bring to the party?

Well, SkypeIn means that people on real physical phones can call you on Skype. That also means that you’ll need a phone number. You can sign up for SkypeIn for $38 a year and that gets you a real phone number. And you can decide where it is local to. Want a local number in Paris? $38. Want a local number in Rio? $38. Me, I opted for one in the 360 area code where I live. That way all my local friends can just call the number toll free and, if I’m on-line and on-Skype, they’ll connect to me on my computer – where ever I am in the world. And, the best is, that if I’m not on-line and on-Skype, it takes VoiceMail for me for no extra charge. Next time I log on, my messages will be waiting.

SkypeOut is for going the other way. If you are on Skype and you want to call out to a physical phone, this is what you will need. I haven’t signed up for this so I don’t know the ins and outs of it nor the costs. You’ll have to noodle all of that out from their web site at www.skype.com

Skype does a few other things that are pretty cool. First off, it does instant messaging which meas that if you don’t want to talk, you can simply type messages back and forth real-time. Might be fun if you are too busy to talk but you can handle the bandwidth requirements of typing something inane every few minutes just to keep up a slow banter.

Skype also supports transmitting and receiving files while you are connected to someone. And, and this is big, it allows you to each have a webcam and it’ll fire your moment to moment pictures back and forth as well.

And then it support conference calls also. I don’t know if there’s an upper limit on how many folk can join in on a call though.

And, finally, it does something with SMS messages like folks send back and forth on cell phones. I couldn’t tell you just what though.

Have you got a long lost college friend that’s moved to Japan? Well, you can stay in touch daily now for free. Do you work at a computer all day and your friends do as well? Well, you can establish a group on Skype and all chit chat back and forth as the mood strikes you. Have a team working on a technical project that is geographically spread-out? You can maintain a moment to moment capability to speak to any of them as the need arises. Want to move some files from here to there? Well, you know what I’m going to say.

That’s it. Skype. If you fire it up and you’re jumping up and down to try it out and you’ve suddenly realized that you are the geekiest of all of your friends so that none of them will be up for trying it out with you, well, drop me a call at ‘gallymon’. I’ve got my headphones on most evenings.

Aggregators Attack Info Overload

Saturday, August 5th, 2006

Several times now, I’ve mentioned RSS News Aggregators here. I use one called RSS Bandit but there are many. Here are some articles about the technology. These days, people that get most of their news from the Internet know about these.

Here’s a link to the Wired article:

And here’s one from the BBC:

And here’s the Wikipedia entry on RSS:

And here’s a link to what I’ve written before about news aggregators (this includes a mini-tutorial):

RSS – a simple tutorial

Monday, June 26th, 2006

RSS BandiIf you are like me on the computer, you have one or more websites you like to visit most times you sit down at the screen. For me, it’s CNN for news. For my wife, it’s EBay for various treasures.

Of late, the number of sites I’ve been visiting has expanded and it’s become tedious to move from one to the other though my Favorites list or using icons I’ve dropped on the screen. But I’ve discovered a real time saver technology called RSS.

RSS is generally accepted to stand for Really Simple Syndication. If you are a techno-weenie and would like to read an in-depth piece on RSS, try this Wikipedia article. Here, I’m going to tell you in simple terms what RSS can do for you and how to set it up on your system.

There are many RSS programs available. I run RSS Bandit here and because it is the one I’m familiar with, I’m going to talk about it. You can download a free copy of RSS Bandit here.

RSS programs like Bandit, are often referred to as ‘news aggregators’. You give them a list of websites and blogs you are interested in and the program will watch these sites for you automatically and note when ever new content appears on any of them. On my system, a small box appears at the lower right of my screen periodically saying something like ’10 new postings on 5 sites”. I can dismiss or ignore this box if I want (it goes away automatically in a minute or so) or I can click on it and RSS Bandit will expand onto my screen and show me a list of all of my sites of interest and which ones have new content. And, I can read the new content right there within Bandit without having to actually go to the website or blog which is really convenient. Or, if I’m too busy to look at the new stuff now, it will hang onto it and continue to accumulate it until I’m ready. RSS Bandit runs silently in the background and puts a negligible load on your system so you never know it is there until you need it.

Unless you’ve been paying attention to RSS technology, you may not know that many websites and blogs these days provide RSS feeds. To link a web site or a blog to RSS Bandit, you simply give Bandit the URL (the web address – something like http://www.ccn.com) once and ask it to locate and connect to any RSS feeds on that site. That’s it. From then on, it will watch that site and as many others as you like for you automatically.

Now, here’s the shameless plug in all of this. If you download and install a copy of RSS Bandit on your system and you want to test it, well why not use my blog to do so?

Directions: (asumes RSS Bandit is installed – those directions are further down)

– In RSS Bandit, pull the File menu down and choose ‘New Subscription’
– The Add Subscription Wizard will appear – click ‘Next’
– Click ‘I will enter the URL of the web feed or page’ if it is not already checked – click ‘Next’
– Enter ‘samadhisoft.com‘ without the quotes and make sure the ‘Auto discover’ box is checked – click ‘Next’
– RSS Bandit will search for an RSS feed and then show you its title and category – click ‘Next’
– It will offer you the opportunity to enter a username and Password. This is not necessary here – click ‘Finish’
– Next, it offers you some configuration choices. Just leave these and click ‘Finish’
– You are done.

You can manually run RSS Bandit each time you fire up your computer. I prefer, however, to add RSS Bandit to my Startup folder so it will run each time I start my system so that it is always there scanning the sites I am interested in automatically.

Before you know it, you will have added 10 or 15 different websites and blogs to RSS Bandit and be able to scan what’s new and interesting in a matter of seconds rather than minutes. That’s great news – it leaves more time in the day to hang out at Starbucks.

Directions for installing RSS Bandit:

Now, explaining how to download and install RSS Bandit gets a bit more complicated and I could write for a very long time here explaining how to do it if you are not a computer literate type. But, a better plan is to find someone you know who is a bit computer literate and have them do it for you. Just about any 12 to 18 year old should be up to the task of following the simplified instructions just below. If you’ve ever passed the ‘program your VCR’ test successfully, you could try it yourself.

Basically, they have to go to the RSS Bandit website here and look around until they find the download area. Make sure they get the latest and greatest version. My copy is version 1.3.0.42. Anything equal to or later than that should be fine. They should download the installation package to your system and place it into a folder of its own. Then they will Unzip it into the same folder and this will generate a file named RSSBandit Installer.msi. Once they have RSSBandit Installer.msi, they should right mouse click on it and choose ‘Install’. When the Installer asks questions, the default answers should be just fine. When they are done, a nice little RSS Bandit Icon should be sitting out on your desktop. If you want Bandit to run automatically each time you start your system, ask them to copy this Icon into your Startup folder.

Happy RSS’ing.