Geek News Central is the technical site for Geeks. We Spin tech for the common man. With a Family of Tech Shows and Content.


How To Hack Mobile Phone Voicemail

Posted by Andrew at 2:44 PM on July 11, 2011

As the fall-out from the News of the World scandal continues, many sources continue to inaccurately refer to “mobile phone hacking”. The truth (as far as is known) was that it was the voicemail of the mobile phone that was hacked rather than the phone itself. There are two ways to do this – the first is to simply guess the PIN of the voicemail and the second is to use Caller ID spoofing.

In the mid-2000s, most mobile phone voicemail systems were poorly protected as they typically came with a default PIN which was often easily guessed and only varied  according to the mobile phone company. Most users didn’t bother to change the PIN. Say the phone was on Orange, then the default PIN was 1234. If it was Vodafone, then 0000.  Typically, the villain then makes two simultaneous calls to the victim. One will be picked up, the other will go to voicemail.   By then pressing “*” or “#” while listening to the voicemail prompts, the individual can gain access to the voicemail system using the default PIN. Computeractive has article covering this scenario and how, in theory, it would be harder (but not impossible) to take this approach today.

As for Caller ID spoofing, this technique makes a call look like it’s coming from a different number than it actually is. It can be used legally to make someone calling from a mobile to actually appear to be coming from a company office, so that the person’s mobile number is not divulged. However, in some instances it has been used to gain access to voicemail boxes as many voicemail systems do not ask for further identification if the system recognises the inbound Caller ID as one of its own. PC Mag and c|net have short articles on how this is done and worryingly, this is still a threat. The Wall Street Journal covered the problem in 2010 before the current scandal broke.

It would appear that the best protection to both these attacks is (a) to change your PIN on your voicemail and (b) require your PIN even when calling from your own mobile phone. That way, even if your Caller ID is spoofed, the caller can’t get in without knowing your PIN.

Tags: , , , ,

Posted in Crime, Hacker, mobile, Security

Comments Comments Off

Security: The Weakest Link

Posted by KL Tech Muse at 7:32 PM on July 1, 2011

In one of my more paranoid moments  last month I started using Google’s 2 step verification. Now anytime I want to connect an application or Web site with my Google account I not only have to enter my user name and password, but also a code that is sent to my iPhone. For those applications that don’t take the codes, Google generates application specific passwords. Having listen to Security Now for over 306 episodes I have no doubt this method is more secure then just a user name and password. Well, it would be if I was willing to stick with it, but to be honest I probably will not. It would be all right if I was using it on sites that I thought needed extra security on like shopping, bank and other similar sites. However do I really need two step verification for a site like Goodreads, at that point it just becomes annoying. I have a choice to make I can be secure but constantly annoyed or less secure but happier. I sure you can guess which road I am headed down. I do not think I am unique either I think I am pretty normal. Lets face it most of us want to be secure on-line, we just do not want to work to hard at it.

The problem with most security methods is the better they are the more difficult they are to use.  I do not care how great your security system is, if it is not easy for people to use it is useless. It needs to be as effortless as possible. The more effort it takes to use it the less likely users are to stick with it. Unfortunately the more human friendly security is the more likely it is to be insecure. Security and ease of use tend to work against each other. Somehow we need to find the middle ground between security and ease of use, and as more of our information resides in the clouds this becomes more and more important.

Tags: ,

Posted in Information, Security

Comments Comments Off

Competition Time – G Data AntiVirus 2012

Posted by Andrew at 4:59 PM on June 21, 2011

G Data have kindly supplied a copy of their AntiVirus 2012 to give away to Geek News Central’s loyal UK members. I reviewed the next product up in the range, InternetSecurity 2012, a couple of weeks ago and was quietly impressed. AntiVirus 2012 comes with antivirus (obviously) plus phishing, spyware and rootkit protection for a year on the PC and on Android smartphones or tablets.

To be in with a chance of winning, simply leave a comment below saying how you think GNC could be more relevant to a British audience. Don’t forget to leave your email address and I’ll draw at random from the comments in a week’s time. Remember, this is only for people with a UK postal address.

Tags: , , ,

Posted in Android, Security, Virus

Comments 3 Comments

G Data InternetSecurity 2012 Review

Posted by Andrew at 1:00 AM on June 9, 2011

G Data’s 2012 range of security products cover basic antivirus through to specialised protection for laptops and notebooks. Depending on the version purchased, the features build-up from antivirus and safe surfing, through firewalls and spam protection, to backup and data recovery, with additional features in the notebook versions.

On test here is InternetSecurity 2012 which sits between AntiVirus and TotalCare and the main features are antivirus, firewall, safe surfing and spam protection. Parental controls and file shredder are included too. The graphic here shows the main differences between each version.

The software can be purchased and downloaded directly from G Data but in this instance, it was the boxed retail product. Not unexpectedly, the main contents of the box are a CD and a user manual, which generally explains the software quite clearly and simply. A bonus for people who aren’t familiar with security software and as the licence key is stuck on the back cover, it’s easier to keep safe.

A further benefit of the boxed copy is that the install disk also doubles as an emergency disk which can be booted from. This is great for those really nasty viruses which block AV software and being able to boot outside of Windows to get at them is great. If you downloaded the software rather than buying the boxed copy, there’s an option in the SecurityCenter application to create a boot disk but it’s an extra step you’ll probably forget to do.

Installation is straightforward and it’s by the numbers with clear prompts. During the install, G Data clearly explains its privacy policy when it requests permission to send data back for analysis: nothing is hidden away in the EULA. As usual, you have to register with G Data, but the software offers a quick registration of just name and email address. There’s still the option to enter fuller details if you want. As you’d expect, the installation finishes with a reboot.

On rebooting, the G Data icon is now sitting pretty in the system tray and initially InternetSecurity contacts its servers and starts downloading fresh AV signatures. This takes a few minutes but once done, you can go into the main SecurityCenter overview to see the status of the main features.

As you might imagine, each section in the SecurityCenter has further actions and settings. For example, in Virus Protection you can request scans for specific folders or drives. Or you can go into the Settings and change which of the two scanning engines are in use. Without going into every section and being thoroughly boring, all I can say is that the options are comprehensive and give the opportunity for tweaking to your particular circumstances. All of the G Data security products are available as trial downloads so you can check whether they fit your needs before buying.

Performance-wise, InternetSecurity did not seem to have a significant impact on the computer. One touch that I did like was that virus signature updates are scheduled for a particular time rather than automatically updating as soon as you log into Windows. On older computers, this allows you to get using your computer faster than you might with other competing AV products.

Not having a set of viruses handy, I wasn’t able to actually test the AV features of the product but when I did a scan of my local disk, it did pick up a trojan that I wasn’t aware of in some downloaded files. With two antivirus engines built into the product, you’d expect it to catch most of the nasty stuff as each engine takes a different approach to detecting viruses

Overall, G Data InternetSecurity is a comprehensive and competent product with lots of features and a couple of value-adds, such as parental controls. I’d be perfectly happy to entrust my on-line security to this tool.

Prices are £30 for AntiVirus, £35 for the version tested here InternetSecurity and £40 for TotalCare. There are also specialised versions for notebooks and if you have an Android phone, you get AV protection for free with any of these products. All the details are on G Data’s website.

 

Tags: , , ,

Posted in application, review, Security, Virus

Comments 1 Comment

G Data MobileSecurity for Android

Posted by Andrew at 3:31 AM on June 4, 2011

Continuing the battle with the bad guys, G Data has released its MobileSecurity product for Android smartphones and tablets. MobileSecurity is designed to protect the data on phone from viruses, malware and spyware. Apps have to gain authorisation from the user before the app can make calls, send text messages or transfer data. Other features include app blacklisting and app checking during installation. Of course, there are regular updates to the software to keep the protection up-to-date.

Eddy Willems, Security Evangelist at G Data commented: “Malware writers are entrepreneurs: always looking for the best return on investment. According to analysts, Gartner and IDC, Android seems to be the market leader in mobile operating systems, so it is logical that cyber criminals will target the platform. Android malware can be easily spread through apps, which is another reason the platform is targeted. Not only did the beginning of 2011 see the emergence of this trend, but it also saw Android take the lead as the most targeted mobile operating systems in terms of malware. So it is the perfect time to introduce a solution for the protection of Android devices, as we expect a large increase in this area.

Marketing puff aside, as we’ve seen in the past few weeks with the Mac malware and the Gmail spearphishing, there are criminals out there working out how to attack every major platform. And f they can’t beat the platform directly, they’ll go after the user, which is often the weakest link.

G Data’s MobileSecurity is available for £9.99 from a range of Android app stores or is free with G Data’s 2012 range of security products.

Tags: , , , , , ,

Posted in Android, application, Security, smartphone, Virus

Comments 2 Comments

Avast! Antivirus for the Mac

Posted by KL Tech Muse at 4:30 AM on June 3, 2011

If  you have a Mac, you are mostly likely aware of the malware MacDefender. Which is a fake antivirus program created specifically to attack the Mac. For more details I recommend The Mac Security Blog.  Unfortunately as the Macs become more popular these kind of attacks will become more common, which will make installing antivirus and anti-malware software on a Mac as necessary as it is on Windows. If you are looking for antivirus software for the Mac now you may want to try the antivirus software from Avast! Software Avast Software is based in Prague, Czech Republic and has been stopping virus and malware on the Window’s platform since before Windows 95 was out. They are now making a free antivirus program available for Intel Mac 10.5 and above. It is in beta and available thru the Avast user forum for download.  Avast for the Mac was created specifically for the Mac and not something ported over from Windows. It has three separate shields; one for mail, web and file system. You can also scan your system or a part of it at anytime. The Web Shield is a new build and it actually filters all HTTP material before it reaches the browser. This is key since as Ondrej Vicek, CTO of Avast Software so rightly puts it “The discussion on Mac security has centered perhaps too long on individual operating systems,” added Mr. Vlcek. “There is already a lot of internet-distributed malware out there based on JavaScript which works across various operating system platforms and this beta protects against.”

I am a Mac user and am still not totally convince I need a product like this. However I decided it is better to be safe then sorry so I downloaded avast! Mac beta. The download and install went without any problems. You may lose connection to the Internet for a short time, during the installation. Once installed I had it scan my Home folder and it did it with no problem. When I did a full scan of my computer, I did notice that processes did slowed down. I was running several applications at the time so the slow down was not unexpected. Fortunately nothing was found. I have had it running for two days in the background and the only reason I know is the icon on the menu bar. Whether you need an antivirus software on your Mac is something only you can decide. If you do decide you need one Avast! for the Mac is not a bad choice.

 

Tags: , ,

Posted in Information, mac, Security

Comments Comments Off

G Data Offers Free Fake Antivirus Removal Tool

Posted by Andrew at 3:19 PM on May 16, 2011

If you or a friend have been conned into installing one of the fake anti-virus tools that has been doing the round recently, you’ll be delighted to hear that G Data are offering a free tool to remove the most prevalent type of scareware, “System Tool”.

Many of us will have seen those pop-ups claiming that our PCs have been infected and most of us will have dismissed them for the scams that they are. However, some people are taken in and G Data has seen an increase of 35% over the past 15 months in this type of fake AV. And if you are taken in, it’s a double whammy, with the criminals getting your credit card details while your PC remains under their control for further malicious activity.

The development and deployment of scareware has become a highly profitable business. Fake antivirus programs have a double benefit for cyber criminals: they receive money from users who purchased a ‘full version’ of their useless tools and they get hold of the victims’ credit card data. To make matters worse: the fake AV programs often also put online criminals in a position that allows them to download additional malware onto their victims’ computers”, explains Eddy Willems, Security Evangelist at G Data.

The instructions for running the cleaner program is:
1. Download G Data FakeAV Cleaner from the G Data website: http://www.gdatasoftware.co.uk/support/downloads/tools.html. It’s down at the bottom of the page.
2. Run the G Data FakeAV Cleaner setup file. The G Data FakeAVCleaner “System Tool” has to be executed with the Windows user account that is infected. As the FakeAV “System Tool” shuts down all user initiated programs which do not have any kind of reserved name, like explorer.exe, winlogon.exe or svchost.exe and many more, the file name for the G Data FakeAVCleaner is svchost.exe
3. Reboot the computer to finalise the installation.

If you are interested in the background to this kind of threat, G Data have a complementary blog post discussing some of the issues and demonstrates a scareware infection.

Tags: , ,

Posted in Security, Software, Virus

Comments Comments Off

ACS Law Boss Fined By ICO

Posted by Andrew at 11:16 AM on May 10, 2011

The UK’s Information Commissioner’s Office today announced that it was fining Andrew Crossley of the now defunct ACS Law £1,000 for failing to keep secure sensitive personal information about 6,000 people.

The Information Commissioner, Christopher Graham, was particularly critical saying, “The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”

If ACS Law had still been trading, the fine could have been as high as £200,000. As Andrew Crossley was trading as a sole trader under the name ACS Law, it falls on him to pay as an individual.

Previously, ACS Law had been pursuing alleged copyright infringers on behalf copyright holders, including some from the adult entertainment industry. Its main tactic had been to send out letters to the alleged infringers, “encouraging” them to settle outside of court. Apparently over £1 million was raised through this tactic with 65% of the money going to ACS Law and only 35% going to the copyright holders (as reported by the BBC.)

Last year ACS Law’s IT systems were attacked by a distributed denial of service attack (DDoS) which brought down their website. When the site was restored, for a short time a backup file was easily available for download by anyone. This file contained Excel spreadsheets with information on around 13,000 alleged file sharers, including those accused of downloading pornography.

More from the press release…The ICO’s investigation found serious flaws in ACS Law’s IT security system. Mr Crossley did not seek professional advice when setting up and developing the IT system which did not include basic elements such as a firewall and access control. In addition ACS Law’s web-hosting package was only intended for domestic use. Mr Crossley had received no assurances from the web-host that information would be kept secure. While the firm should have been aware of their obligations under the Data Protection Act, they continued to act negligently and failed to ensure that appropriate technical and organisational measures were in place to keep personal information secure.

Overall, a pretty damning report. However, even if ACS Law is no longer trading, one can’t help feel that Andrew Crossley’s £1,000 fine is too small given that around £650,000 was raised by ACS Law by threatening alleged copyright infringers with legal action. I wonder what the average cost to settle was in comparison?

Tags: , , , , ,

Posted in File Sharing, Security

Comments Comments Off

Guilty of Carelessness

Posted by Andrew at 1:43 PM on May 8, 2011

As Todd discussed on his last podcast, LastPass have been very open regarding a possible data breach in their systems. I think they did the right thing but their servers were simply crushed by the rush of people changing their master passwords. But I’m not writing to chastise LastPass. On the contrary, I’m here to admit to being guilty of being careless with my data.

It was probably at least a year ago, if not longer, that I decided to try out LastPass and a couple of other online password storage sites, some of which Todd also mentioned in the podcast. Most of them didn’t work out and while LastPass lasted the longest, even then it finally fell out of favour. Partly it didn’t work all the time but mostly, I just didn’t see the point. Either you want to be secure and type a username / password in every time or else be unsecure and let the browser remember between sessions.

I reverted back to storing passwords in my smartphone in SplashID and it works for me. If I can’t remember a username / password combo for a given site, it takes me a few seconds to look it up on my Pre 2 and I have my Pre 2 with me all the time. All was well until…

When I read that LastPass had an issue…
0 seconds…I don’t use that anymore…
15 seconds….I never deleted the account at LastPass!!!
30 seconds…I never deleted my accounts at any of the online password sites!!!
45 seconds…what were all the sites I tried???

Fortunately, it probably wasn’t as bad as I thought. To start with, most of the online systems I tried only stored a few passwords before I junked them. Secondly, I do change my passwords on a semi-regular basis and finally I was able to track down all the sites and delete my accounts.

However, it’s taught me a valuable lesson – don’t be careless with your information. The fewer places it exists, the less likely it will be to go astray. To back this up, once a year I’m going to sit down and go through all the entries in SplashID. For any websites that I don’t use anymore, I will log on one final time and delete the account or registration.

I suspect these data leaks will get worse before they get better so it’s time to get proactive about controlling your data. Don’t suffer ID theft through your own carelessness. How are you going to make sure that your data isn’t just lying around, waiting to be lost?

Tags: , ,

Posted in Security

Comments 1 Comment

iPhone Tracking: Much Ado about Nothing?

Posted by KL Tech Muse at 5:16 PM on April 22, 2011

If you are into technology or not you couldn’t have missed the out cry over the story that the iPhone is capturing your location data and storing it on both the phone and the computer it is sync to. There have been many articles written on the subject, many which were written to clearly capture the reader attention, like Your iPhone is tracking Your Every Move or a the Huffington Post article The Scary Implications of the iPhone Tracking Everywhere You Go or Got an iPhone or 3G iPad? Apple is recording your moves. Although all of these are true, they are over simplified. The fact that the iPhone and 3G iPad was capturing and storing location information on both the gadget and the computer it is sync to has been known for awhile by the forensic community, Alex LeVinson of Katana Forensic published a paper on the subject for the Hawaii International Conference for System Science 44 in 2010 A book was published in December 2010, called  iOS Forensic Analysis for iPhone, iPad and iPod Touch which has a whole chapter on the issue. The information is not hidden, although the file has moved over the various versions. (Just because something is not announce doesn’t mean it is hidden.) Finally, there is no indication that Apple is pulling any location information into their own server, other then what is permitted under the User Agreement

According to most sources the information that is being collected is the triangulation of the location of the two nearest cell towers plus the direction the phone is headed. It can tell you where the person generally was; ie what city they are in, but not a [specific location][7]. There are indications that many Android phones collect the same information if the location service is turned on.

There are still are still several questions that need to be answer. First why is the information being collected and why is the file kept so long in the backup folder. The second problem is the information is unencrypted, which means anyone who has access to the phone including the police can get to the information. Which bring up the question of how information that is stored on a cell phone or a tablet falls under the Fourth Amendment. The final answer to this question is still to be determine. These are all important question. However in my opinion the sky is falling cry that came out of much of the blogging and social media community was over done and misleading.

 

Tags: ,

Posted in Apple, Information, iPhone, Security

Comments Comments Off

« Older Entries
Newer Entries »