Students do what Social Giants drag ass on

While Facebook, Google, Yahoo and other Social Media Giants debate on whether blocking fake news on their services will be bad enough for their bottom line (because they make revenue for clicks on their sites and traffic flow) instead of focusing on the greater good for their users and society on a whole, a group of college Students have stepped up on done their job for them. Continue reading Students do what Social Giants drag ass on

Advertisements

Using Google Public DNS

Most people connect to the internet via their ISP’s DNS servers which more than likely are not the best and more than likely is slowing down your browsing. Using a 3rd party service not only speeds up your experience online. A while ago we wrote about OpenDNS, today we’re going over Google’s DNS service.

Important:
Make sure to write down your ISP’s DNS servers.

Google Public DNS IP addresses

IPv4 addresses are as follows:

  • 8.8.8.8
  • 8.8.4.4

IPv6 addresses are as follows:

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

Making the changes

Windows

  • Start the Network and Sharing Center (this process varies by windows version)
  • Click Change adadpter settings
  • Right-click Local Area Connection or Wireless Network Connection slelect Properties
  • Type in your administrator password if you are promted for it.
  • Click the Networking tab
  • Under the Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and click Properties
  • Click Advanced and select the DNS tab, write down any IP’s that are listed here for future reference in case you want to revert later on.
  • Select Use the following DNS server addresses
  • Enter the IP’s from above
  • Restart your computer

Mac OS

  • Click the Apple menu ()
  • Click System Preferences and click the Network logo.
  • Select the connection you want to configure (Thunderbolt Ethernet or Wi-Fi or Display Ethernet) then click Advanced
  • Select the DNS tab
  • Click the + icon to enter the IP Addresses (repeat for each address)
  • Click Apply then click OK

Linux

I will go over doing this in Ubuntu since that is one of the more common flavors.

  • Start System Preferences and click Network Connections
  • Select the connection you want to configure Wired or Wireless tab, then select the appropriate network.
  • Click Edit, and in the window that appears, select the IPv4 Settings or IPv6 Settings tab.
  • If the selected method is Automatic (DHCP), open the dropdown and select Automatic (STATIC) addresses only instead.
  • If the method is set to something else, do not change it.
  • In the DNS servers field, enter the IP addresses, separated by a space:
  • Click Apply
  • If you are prompted for a password or confirmation, type the password or provide confirmation.

If your distribution doesn’t use Network Manager, your DNS settings are specified in /etc/resolv.conf.

Edit resolv.conf:

sudo vi /etc/resolv.conf

If any nameserver lines appear, write down the IP addresses for future reference. Replace or add, the following lines:

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

Save and exit

:wq

Restart any Internet clients you are using.

sudo /etc/init.d/networking restart

Routers

Every router uses a different user interface for configuring DNS server settings; we provide only a generic procedure below. For more information, please consult your router documentation.

Note:
Some ISPs hard-code their DNS servers into the equipment they provide; if you are using such a device, you will not be able to configure it. Instead, you can configure each of the computers connected to the router, as described above.
  • In your browser, enter the IP address to access the router’s administration console.
  • When prompted, enter the password to access network settings.
  • Find the screen in which DNS server settings are specified.
  • If there are IP addresses specified in the fields for the primary and seconday DNS servers, write them down for future reference.
  • Replace those addresses with the IP addresses from above
  • Save and exit.
  • Restart your browser.

Most Common Internet Acronyms

#

  • 143 – I love you
  • 2 – To
  • 20 – Location
  • 24/7 – Twenty-four hours a day, seven days a week
  • 411 – Information

A

  • AFAIK – As far as I know
  • AFK – Away from keyboard
  • AIM – AOL Instant Messenger
  • AKA – Also known as
  • AM – Antemeridian
  • AOL – America Online
  • ASAP – As soon as possible
  • ASL – Age, sex, location
  • ATM – At the moment

B

  • b/c – Because
  • b/w – Between
  • b4 – Before
  • BBIAB – Be back in a bit
  • BBL – Be back later
  • BCC – Blind carbon copy
  • bf – Boyfriend
  • BFF – Best friends forever
  • Bling – Overly flashy jewelry
  • blog – Web log
  • BRB – Be right back
  • BTW – By the way
  • Buck – Dollar

C

  • Cab – Taxi
  • CC – Carbon copy
  • CTN – Can’t talk now
  • cya – See ya
  • CYE – Check your e-mail

D

  • Dis – Disrespect
  • DIY – Do it yourself
  • dl – Download

E

  • ETA – Estimated time of arrival

F

  • f – Female
  • FAQ – Frequently Asked Questions
  • fb – Facebook
  • FUBAR – Fouled up beyond all recognition
  • fwd – Forward
  • FWIW – For what it’s worth
  • FYI – For your information

G

  • Gamer – Video game player
  • gf – Girlfriend
  • GG – Good game
  • GJ – Good job
  • GL – Good luck
  • GLHF – Good luck have fun
  • GPS – Global positioning system
  • gr8 – Great
  • GTG – Got to go

H

  • HOAS – Hold on a second
  • HTH – Hope this helps
  • hw – Homework

I

  • IAC – In any case
  • IC – I see
  • IDK – I don’t know
  • IIRC – If I remember correctly
  • IKR – I know, right?
  • IM – Instant Message
  • IMO – In my opinion
  • info – Information
  • IRT – In regards to

J

  • J/K – Just kidding

K

  • K – OK

L

  • L8 – Late
  • l8r – Later
  • LAN – Local Area Network
  • LMAO – Laughing my a** off
  • LMK – Let me know
  • LOL – Laughing out loud

M

  • m – Male
  • MIRL – Meet in real life
  • MMB – Message me back
  • MMO – Massively multiplayer online
  • Mooch – Freeload
  • msg – Message
  • MYOB – Mind your own business

N

  • N/A – Not Available
  • NC – No comment
  • ne1 – Anyone
  • NM – Not much
  • noob – Newbie
  • NP – No problem
  • NTN – No thanks needed

O

  • od – Overdose
  • OMG – Oh my gosh
  • OMW – On my way
  • OT – Off topic

P

  • PC – Personal computer
  • PHAT – Pretty hot and tempting
  • PK – Player Kill
  • pls – Please
  • PM – Postmeridian
  • POS – Parent over shoulder
  • ppl – People
  • pwn – Own

Q

  • qt – Cutie

R

  • re – Regarding
  • ROFL – Rolling on floor laughing
  • ROTFL – Rolling on the floor laughing
  • RPG – Role playing game
  • RSVP – Répondez s’il vous plaît
  • RTFM – Read the flippin’ manual

S

  • sec – Second
  • SMH – Shaking my head
  • SMS – Short Message Service
  • SOS – Someone over shoulder
  • Sry – Sorry
  • sup – What’s up

T

  • TBA – To be announced
  • TBC – To be continued
  • TBD – To be determined
  • TC – Take care
  • thx – Thanks
  • TIA – Thanks in advance
  • TLC – Tender love and care
  • TMI – Too much information
  • Troll – Offensive comments poster
  • TTFN – Ta-ta for now
  • TTYL – Talk to you later
  • Tweet – Twitter post
  • txt – Text
  • TY – Thank you

U

  • u – You
  • U2 – You too
  • ugh – Disgusted
  • UR – Your

V

  • VM – Voicemail
  • vs – Versus

W

  • w/ – With
  • w/e – Whatever
  • w/o – Without
  • W8 – Wait
  • WB – Write back
  • Whoa – Expression of surprise
  • WTF – What the f***

X

  • XOXO – Hugs and kisses

Y

  • Y – Why
  • YOLO – You only live once
  • YW – You’re welcome

Z

  • ZZZ – Sleeping

YouTube Music Key

YouTube is launching a subscription music service called YouTube Music Key, with the beta version coming next week. You’ll be able to pay $10 per month for mercifully ad-free music and videos.

It will also include a subscription to Google Play Music, with 30+ million songs, expert-curated playlists, and in the coming days, the ability to watch many YouTube official music videos right from the app.

This launches YouTube into direct competition with other streaming services like Spotify, Beats, and Amazon

Thousands of Apple devices being infected with AdThief malware

Security researcher Axelle Apvrille recently published a paper about AdThief, a malware aimed at hijacking ad revenue from a reportedly 75,000 infected devices. First discovered in March 2014, and also known as “spat,” the malware, which comes disguised as a Cydia Substrate extension, was found to replace the publisher ID of publishers with the one of the malware creator, effectively attributing all ad revenue to him.

iOS/AdThief!tr
iOS/AdThief!tr hijacks advertisement revenues and redirects them to accounts owned by the attackers.

A publisher ID is used to identify a publisher’s account on an ad platform, which helps track revenue generated by said publisher. By being able to swap the publisher’s publisher ID with his own, the malware creator was able to hijack revenue from about 22 million ads. In effect, when clicking on an ad, an infected user would generate ad revenue for the attacker instead of the developer of the application or website.

  • Infected devices: ~75k
  • Total activate times: ~22m
  • Daily activate times (around 3/20/2014): ~22k

The malware was designed to target ad kits from 15 ad networks, including Google-owned AdMob and Google Mobile Ads, both representing a large share of mobile advertising at least here in the US. Other American companies targeted by AdThief are AdWhirl, MdotM, and MobClick. The remaining targeted ad networks were all from China or India.

TARGETED ADKITS

A list of mobile adkits targeted by the malware is provided in a report: YouMi, Vpon, MobClick, Umeng, AdSage/MobiSage, MdotM, InMobi, Domob, AdWhirl, AdsMogo, Google Mobile Ads SDK, AderMob, Weibo, MIX SDK and Poly SDK. The majority of these are Chinese, four are based in the US, and two in India.

In his report, Xiao remarks that Weibo is a popular social network in China, but is unable to attribute MIX SDK and Poly SDKmore precisely. In fact, Sina Weibo, introduced in 2013, is an advertisement SDK, so that solves one mystery.

MIX SDK can be attributed to GuoHeAD. It probably refers to the GuoHe MIX platform for cross-promotion of mobile games. This is also backed up by the name of a source file found in the malware: /Volumes/MacOsStore/Project/IOS/SpAd/SpAd/AD_GuoHe.xm.

Finally, Poly SDK is not a new adkit: it corresponds to AderMob. This is confirmed when downloading the AderMob iOS SDK.

Hijacked advertisements in iOS/AdThief

AderMob http://adermob.renren.com/ China
AdMob and Google Mobile Ads http://www.admob.com/ USA
AdsMogo http://www.adsmogo.com/en China
AdSage/MobiSage http://www.adsage.com/mobiSage China
AdWhirl http://www.adwhirl.com USA
Domob http://domob.cn China
GuoHeAD http://www.guohead.com China
InMobi http://www.inmobi.com India
Komli Mobile http://www.komlimobile.com/index India
MdotM http://www.mdotm.com USA
MobClick http://www.mobclix.com USA
UMeng http://www.umeng.com China
Vpon http://vpon.com China
Weibo http://us.weibo.com China
YouMi http://www.youmi.net China

Implementation details of adkit hooks found in iOS/AdThief.A!tr

Adkit source Filename Typical class names
AderMob AD Ader.xm AderSDK*
AdMob and Google Mobile Ads SDK AD AdMob.xm GAD*
AdsMogo AD AdsMongo.xm AdMoGo*
AdSage ? MobiSageAd*
AdWhirl AD Adwhirl.xm AdWhirl*
Domob AD DoMob.xm DM*
GuoHeAD AD GuoHe.xm MIXView*
InMobi AD InMobi.xm IMAd*
Komli Mobile AD KomliMobile.xm APIManager*
MdotM AD MDotM.xm MdotM*
MobClick ? MobClick*
UMeng AD UMeng.xm UMUFP*
Vpon AD Vpon.xm VponAdOn*
Weibo AD Weibo.xml DXAdHWB*_
YouMi AD Youmi.xm YouMi* – delegated to Google Ads

Conclusion

iOS/AdThief is a technical and malicious piece of code which hijacks revenue from 15 different adkits. It is built on top of the Cydia Substrate platform, available for jailbroken devices, which provides it with an easy way to modify advertisement SDKs. With Substrate, the malware needs only to focus on the call and implementation of each hook.

At first, the identification of every adkit the malware targets was difficult because the code mentions only class names used by each adkit SDK. However, the fact that the malware author did not strip out debugging information helped us to identify all 15 adkits. In particular, this is how support for Komli Mobile and GuoHeAD was detected.

Links

  • Get the bulletin here
  • Read Claud Xiao’s report here

Google Chrome is not battery friendly

This issue has been recorded as being a Windows issue but I have been seeing this on Mac as well. Will have to check on it and see how to test this on my machine.

There is a serious bug in Chrome that causes the browser to wake up the CPU as many as 1,000 times per second even when idle, thanks to the system clock tick rate being set to 1.00ms by Chrome. This is many times more than the 64 times per second usually observed with the Windows default clock tick rate of 15.625ms. Believe it or not, this bug has been known to Google for many years now and they have just recently decided to deal with it.

As noted on code.google.com:

What steps will reproduce the problem?

1. Just open Google Chrome and navigate to a website with any flash content.
2. System clock tick rate is increased to 1ms
3. Close the website or navigate to page without flash content
4. 1ms tick rate is left forever (until browser is closed)

Seems that Goole Chrome has no system clock tick interval management. Just increases it and keeps forever. Keeping tick rate at 1ms is not recommended. See document:

http://msdn.microsoft.com/en-us/windows/hardware/gg463266.aspx

“If the system timer interval is decreased to less than the default, including when an application calls timeBeginPeriod with a resolution of 1 ms, the low-power idle states are ineffective at reducing system power consumption and system battery life suffers. System battery life can be reduced as much as 25 percent, depending on the hardware platform. This is because transitions to and from low-power states incur an energy cost. Therefore, entering and exiting low-power states without spending a minimum amount of time in the low-power states can be more costly than if the system simply remained in the high-power state.”

Currently your options are to star the code tracker here to vote for it’s resolution or use a different browser, we recommend Firefox and check out our fav plugins for it here.

 

Apple Unveils OS X Yosemite and iOS8

OS X Yosemite

Unveiled today is the new OS X named Yosemite.

AirDrop will also now work between iOS and the Mac…finally! This will now let you share a file from an iPhone to someone nearby on a Mac, simply by dragging and dropping the file to the Mac user’s icon.

Apple also talked about a set of features it referred to as Continuity, which lets you start work on one device than use a “handoff” feature to start working on another. You can start writing an email on your iPad and then switch over to your Mac. Your Mac automatically knows you were writing the email on a nearby device, and displays a notification in the lower left hand corner that lets you open the email straight away and continue writing from where you left off.OS X Yosemite
Continue reading Apple Unveils OS X Yosemite and iOS8

DRM in Firefox is The End of Our Digital Security

Mozilla recently decided to add DRM in Firefox even if Mozilla hates it. Almost all video streaming websites use some kind of DRM and as Microsoft, Apple and Google has already implemented DRM in their browsers, Mozilla thinks not adding the DRM in Firefox would make it useless as a product as the user will have to switch to other browser everytime a user visits a website with DRM.

I am not going to either defend Mozilla on the decision of adding DRM in Firefox or write against it, they did what they had to do. In the end its all business, Firefox is of no use to me if I cannot watch Netflix on it. So I can understand the awkward position Mozilla would be in when deciding on the DRM in Firefox, what I don’t understand is How can Mozilla completely ignore the security complications associated with this decision.

In a single line, DRM in Firefox is going to end our digital security as we know it and I’ll explain it how. I don’t care about other browsers as they have already given up on user liberty long ago but Firefox has long stood for our freedom on the web and I respect that, well used to.
For a moment, let’s say we don’t have any problem with the DRM in Firefox and we are actually happy as now we’ll be able to enjoy services like Netflix and others. The problem is that DRM module implemented in Firefox is being developed by Adobe ( Yes, Adobe ), an HTML 5 based DRM implemented in Firefox is being developed by Adobe.

[…]

Mozilla openly admits that there is nothing they can do instead of accepting DRM. Mozilla was one the biggest advocate of Open Source and Free Software on the web. With Mozilla’s recent actions, freedom invading industry practices and continuous enforcements of privacy violating laws, I can image what the future looks like.

Complete Story