Hacking takes it to phones and SIM Cards have fallen

With all the malware and bad stuff your phone is susceptible to and the snoops that carriers have turned on there was one thing that was still virgin about your phone and that has fallen to evil.

German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud all in just three years of research.

Nohl, who will be presenting his findings at the Black Hat security conference in Las Vegas on July 31, says his is the first hack of its kind in a decade, and comes after he and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud.

Complete Story

 

Mozilla Comes under Attack – and of Age

Published 13:57, 18 July 13

Back in March, I wrote about the odd little attack by the European arm of the Interactive Advertising Bureau (IAB) on Mozilla’s plans to put control of cookies firmly in the hands of users. Alas, the IAB seems not to have come to its senses since then, but has instead doubled down, and launched one of the most bizarre assaults on Mozilla and the open Web that I have ever read. I warmly recommend you to read it – I suspect you will find it as entertaining in its utter absurdity as I do.

It’s entitled “Has Mozilla Lost Its Values?”, which is strange, because what follows is a rambling moan about precisely those values, and Mozilla for daring to adhere to them. As you might expect, Mozilla has not “lost its values”, it’s defending them here just as it has always defended them. Here’s the central argument of the IAB piece.

At first blush, Mozilla’s ideology seems inarguable. “We simply believe that when personal data is collected to deliver these [personalized Internet] services, the collection should be done respectfully and with the consent of the consumer,” the company said on its Mozilla Blog on May 10. Its decision to block third-party cookies by default was made “to strike a better balance between personalized ads and the tracking of users across the Web without their consent.”

Seemingly benign, Mozilla’s ideology is weighted down with counter-historical presumptions. The entire marketing-media ecosystem has subsisted on purchase-behavior data and other forms of research being available without individuals’ consent. R.L. Polk & Co. receives automotive ownership data from some 240 sources, including state governments, auto manufacturers, and financing companies, to create profiles of nearly every vehicle on the road and the people driving them. This data has been central both to the health of the auto industry and to improvements in cars, driving, and auto safety over the years.

Complete Story

How to get a free US iTunes account from anywhere in the world

If you use iTunes, there are several benefits to getting an iTunes Store account, including:

  1. Free singles
  2. The ability to download album artwork
  3. The ability to download iPad / iPhone / iPod Touch apps
  4. The ability to get iTunes Genius results (recommendations of music you might like)

Creating an iTunes account normally requires you to enter your credit card details, but if you don’t have a credit card (or you live in a country the iTunes Store doesn’t support), you can use one of the methods below to get a free account. Continue reading How to get a free US iTunes account from anywhere in the world

Windows Registry Hacks

To get these working open notepad, copy the code you want to use and save it as a reg file, eg: filename.reg

Prevent Windows Update from Forcibly Rebooting Your Computer

You’ll still get the prompts, but it won’t force you to shut down.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
How to Revert
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=-

 

Stop Windows Update from Hijacking the Sleep/Shutdown Button

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAUAsDefaultShutdownOption"=dword:00000001
How to Revert
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAUAsDefaultShutdownOption"=-

 

Add “Open with Notepad” to the Context Menu for All Files

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\Open with Notepad]

[HKEY_CLASSES_ROOT\*\shell\Open with Notepad\command]
@="notepad.exe %1"
How to Revert
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\*\shell\Open with Notepad]

 

Remove “Shortcut” Text From New Shortcuts in Windows 7 or Vista

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
How to Revert
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:1e,00,00,00

 

Disable Windows Mobility Center in Windows 7 or Vista

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter]
"NoMobilityCenter"=dword:00000001
How to Revert
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter]
"NoMobilityCenter"=-

 

Make Aero Peek Display Instantly (or Disable it) in Windows 7

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DesktopLivePreviewHoverTime"=dword:00000000
How to Revert
Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DesktopLivePreviewHoverTime"=dword:000001f4

 

Rearming Microsoft Office 2010 Trial

Note: This procedure will only give you up to 180 days, after that you will need to

In order to rearm Office 2010, just run the OSPPREARM command located at the following folder:

%Program Files%\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\

For example, open a command prompt windows (in Windows 7 or Vista, open an elevated command prompt window), and type the following command:

C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE

Rearm Office 2010

Note: Change the path if necessary, such as when installing 32-bit (x86) Office 2010 on 64-bit OS, where the path may be located at %ProgramFiles(x86)%, i.e. C:\Program Files (x86).

The rearm feature is provided in Office 2010 as a convenience for corporate customers as Microsoft now requires all installed copies of Office 2010 to be activated, including licenses sold through volume licensing. A total of 5 rearms are possible, where after reset, additional 30 days of free usage is allowed without proper activation. When timed correctly to rearm Office 2010 at last day of current cycle’s expiration days, the 5 rearms can extend and prolong the free usage of Office 2010 to half a year long.

According to TechNet, rearm function in Office 2010 is mainly for corporate customers who deploy Office 2010 via KMS activation or MAK activation, as rearm allows grace timer to be reset to 30 days of grace, freezes the grace timer, and resets the client machine ID (CMID). If the deployment image has not been rearmed, users will see notification dialog boxes at the time that the image is deployed, instead of 25-days after deployment. The 25-day grace period allows ample time for a KMS host to be found and activation to succeed. If activation is successful, users do not see notifications to activate.

Creating a secure password

You should follow these guidelines any time you need to set up a new password. No matter how trivial or irrelevant it may seem, the need for a secure password is always of high importance.

Requirements

  • Your password must be at minimum 7 characters and must include at lease three characters from the groups below.
    • Lowercase letters – a, b, c,
    • Uppercase letters – A, B, C,
    • Numerals – 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    • Non-alphanumeric (symbols) – ( ) ` ~ ! @ # $ % ^ & * - + = | \ { } [ ] : ; " ' < > , . ? /
  • Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess.
  • Must not be based on dictionary words
  • Do not use your birth date, SSN, pets name, child’s name or other words that can be easily guessed.
  • Do not keep you password written on a piece of paper under your keyboard, on your monitor or in your drawer. A good hacker can find clues that will eventually lead to him/her breaking most passwords within 5 feet of the computer.
  • Do not share your password with others. Everyone should be issued a password and should be using their own.
  • We strongly suggest using one password per site you have an account on, DO NOT reuse passwords. This is the #1 weakness with passwords.

Examples of Bad Passwords

johnd, dnhoj, johndjohnd, JOHND, ABC123D, The Close, 0123456789, xxxxxx, mouse, truck, lorry, me, you

Examples of Good Passwords

w@Ter55h00t, Si11yb0y

Using a Linux Command Line to auto generate passwords

If you are good at remembering passwords and have access to a Linux machine, you can use a command line utility called pwgen. You can specify the length of the password and the number of passwords you want to generate.

You can install it by typing:

sudo apt-get install pwgen

To generate passwords you type pwgen -y

pwgen -y 15 8

Which will generate 8 15 character passwords like:

eileiShookei@k1 heh)ee1Iofohs3p ueSh"i4rohw"e8v Yahqu;iecie9Thu Ieghus}oo$rua2B eeshoagh0veeR_i laic2oNei8Ae%tu fer&ah9PiShee]S
  • You can check your password here

For WiFi passwords, we suggest using a 64 character one with WPA2, something like:

Ooze6ophai'gh4Chahmo-Mapoh>ng0eeyoosh0soo>g8eerao~l*eide1iex1aex

Time To Crack:
58 quinquatrigintillion years

How do I remember all my passwords?

I use LastPass password manager…. It generates secure passwords and stores them for you so you don’t need to remember but one password, the master one..

Keeping Kids Safe Online – Part 1

As adults we have a responsibility to teach our children how to be safe online and to teach them how to use the WWW; but how do we do that if we ourselves don’t know how? So today’s article will be to educate adults about the internet and how you can keep your kids safe online.

I want to stress that I do not know you or your family and in no way do I want to come across as telling you how to raise your child(ren). If at any point in this article it seems this way, I sincerely apologize. Continue reading Keeping Kids Safe Online – Part 1

Facebook’s Graph Search

In an attempt to keep up with Google and Google+, Facebook is rolling out Graph search to allow users to search through their networks to discover information about family, friends, friends of friends, and complete strangers. While Graph Search doesn’t reveal any new information about users, it does make finding existing information incredibly easy.

To see if you have this feature already or to sign up, go here: https://www.facebook.com/about/graphsearch

While FB is marketing this feature as a way to find movies, places to eat, stay and shop; we know well what it will be really used for.. To search for info on your friends and other people you or anyone else is interested in. The basis of it is what people allows as public and that little thing is what will make this feature either a success or not. The more you leave open, the more anyone can dig up on you.

Let’s say someone posts that they like Belikin, if you run a search for people who like Belikin, they will show up on your list even if you are not tied to them in any way and the same goes the other way around. Searches can be made in many ways and it may just bring up that old picture, song or post you had just about forgotten about.

Continue reading Facebook’s Graph Search

Be safe online

This is a quick walk-through on how to be safe when you are online. This is not a definitive list nor does it guarantee of safety; you are responsible for what you do online, where you browse and what you click on while you’re there. Keep in mind that everyone does things differently and have their own opinions on how to do things. If someone tells you different, it does not make them wrong or right nor does it make us right or wrong.

Just keep in mind to use common sense when online; if you have to second guess something, don’t do it or ask someone who would know. This list is not detailed or complete, is not the only way nor is it OS specific.

Continue reading Be safe online