Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks

Create a One Time Email Using Gli.ph

Posted by KL Tech Muse at 10:10 AM on August 15, 2012

Gli.ph There is a good chance that you have read about the problem of Matt Honan who was hacked by individuals who used social engineering to do it. One of the things that Matt admitted was he used the same email address for everything and in terms of security that might not have been a good idea. Are there times when you are purchasing something from someone, maybe on Craigslist or through a site you are not familiar with and they ask for your email address. You are reluctant to give it too them, perhaps you give them what I call a junk email address, an email address that you specifically set up to give to online merchants. That is what I do, this works until you forget that is the email you gave them and you are wondering why you didn’t get that package you ordered and there is an email sitting in your alternative folder saying the item is out of stock. Wouldn’t it be nice to be able to give out a fake email so you could get the information you need and then delete that email address and never worry about hearing from them again. That is one of the ideas behind Gli.ph

The first thing that you will need to do is sign up on the Gli.ph service and download the app on your iPhone. If you are using an Android phone you will have to use the mobile web app  for creating the cloaked email address. At the upper left hand corner of the app or mobile Web site you will see a figure that looks like a wizard, click on it. If you haven’t already done so you will need to confirm your email address. At that point you will be given a cloaked email address. When you are ready to send someone an email, just click on send cloaked email. There is the space for recipient, subject and message. To start off with there is no way to add an attachment, you earn that right by getting five of your friends to join Gli.ph. Ones you are done, hit the send button. The receiver will see your cloaked email address. Their reply will first go to the cloaked email address and then be forward to your real email address. This is where the real magic comes in now you can reply to their email through your actual email client and address and the recipient will only see your cloaked email address. Gli.ph will strip out all information that gives away your real email address from the header. Once you are finished communicating with the person or site, simply delete the cloaked email address. Now when they try to send you an email through that address it simply disappears into space. Gli.ph uses HMAC-SHA1 hashes, and stores cloaked Email addresses encrypted using the same AES–256 encryption. They do not store or see the email when it goes through them. It lives only in memory during the time it is passing through.

Right now the biggest complaint I have against Gli.ph is that on Android you have to use the mobile Web site to create a cloaked email address. On iOs you can do it directly on the application. Other than that I really like Gli.ph, their have been several times when I have been reluctant to give someone my real email address and now I don’t have to.

Tags: , ,

Posted in application, Information, Security

Comments 1 Comment

Nothing to Hide, Nothing to Fear?

Posted by Andrew at 9:45 AM on July 16, 2012

Interception of Communications Commissioner“If you’ve nothing to hide then you’ve nothing to fear” is often trotted out in the debate around privacy and secrecy. Superficially it seems reasonable but even with a modicum of critical thinking, the adage becomes trite and flawed. However, even if you did believe that “nothing to hide, nothing to fear” was reasonable, then the latest report from the British 2011 Annual Report of the Interception of Communications Commissioner (.pdf) ought to give food for thought.

The report covers the Regulation of Investigatory Powers Act (RIPA) which includes the postal service, telephony and electronic forms of communication, and can be carried out for both law enforcement and national security purposes. There are two distinct areas, the first being the interception of communications and the second being the acquisition of communications data. Simplistically, the first area is about directly listening in on a communication and the second is about who, when and where a communication took place.

In 2011, the total number of lawful interception warrants for the UK was 2911, and this all seems quite reasonable, given the population of the UK (60-odd million). However, in amongst the successful security operations, we also find that the security and associated agencies made 42 mistakes (1.4%), usually through typographic errors. In all instances, the error was discovered before the intercept took place or else all the material associated with intercept was destroyed.

Communication data requests cover information about communications, mainly subscriber data, service use data and traffic data, rather than the content of the communication itself. There were 494 078 communication data requests in 2011, an 11% decrease on the previous year. As you might guess, there were a few errors there too, with 895 mistakes being reported. Although this represents an error rate of only 0.18%, I’m sure it will be of little comfort to the two wholly innocent individuals who were arrested by the police because of these mistakes. Again typographic errors in the transcriptions of phone numbers or IP addresses were largely to blame but of additional concern was that nearly 100 of the errors were identified by auditors and weren’t recognised at the time of the requests.

If you think that because you’ve nothing to hide then you’ve nothing to fear, think again. You’ve everything to fear from the transposed digit, the wrong post code look-up and the minimum-wage flunky copying and pasting from the wrong records.

Probably not what you were worried about at all.

Tags: , , , , , ,

Posted in Law, Security

Comments Comments Off

Formspring Had a Security Breach

Posted by JenThorpe at 8:20 PM on July 10, 2012

Those of you who have a Formspring account might want to take a minute to go and check on it. Formspring announced today, July 10, 2012, that it has had a security breach. and that some user passwords may have been accessed.

They are taking a precautionary measure and asking all Formspring members to change their passwords now. The same blog post that announces the security breach has advice about some guidelines that they recommend you use in order to create a strong password.

I found out about this just a few minutes ago when Formspring sent me an ominous sounding email.

At first, I wasn’t sure if this email was legitimate, or if it was some sort of phishing scheme. So, I opened up a new window in my browser and attempted to log in to my Formspring account. The result wasn’t good.

Since I was getting nowhere, I decided to click the word “resend”, in the hopes that this would help me to recover my Formspring account. I rarely use it, but even so, I didn’t like the idea of it potentially being accessible by someone other than myself. It took a few tries, but I was, eventually, sent an email that gave me a link to click on so that I could reset my Formspring password.

I was able to click on the new link that I was sent. However, this did not enable me to achieve a desirable result.

Uh-oh! I ended up having Formspring resend another email, with a new link inside it. That one worked, and I was able to successfully access my Formspring account, and change the password to something completely different than what it was before the security breach. I figured it was worth it to send out this little “heads up” to other people out there who are using Formspring. Hopefully, after reading this, you won’t panic if Formspring sends you an email like the one it sent me.

Tags:

Posted in Security, Social Media

Comments Comments Off

Has DNSChanger Infected Your Computer

Posted by KL Tech Muse at 4:06 PM on July 8, 2012

Back in November 2011 a group of Estonian and Russian hackers were arrested for creating and running a botnet called DNSChanger. DNSChanger was true to its name, it changed the DNS address of the computer it controlled and directed it to  rogue DNS servers. These rogue DNS servers were shut down by the FBI and the Internet Systems Consortium, a nonprofit company was assigned to run the replacement DNS servers so those who had effected machines wouldn’t lose their connection to the Internet. That was over eight months ago and the time that the court assigned the Internet Systems Consortium to run the replacement DNS servers has run out. So on Monday, July 9, these replacement DNS servers will be shut down. The computers that are still connected to these DNS servers will no longer be able to connect to the Internet. There are an estimate 300,000 computers that are still effected. These are not only personal computers, but also computers run by Fortune 500 companies.

The FBI has set up a site where you can check to see if your system has been effected and what to do if it has been. Most likely if you have kept your computer updated and have run your anti-malware and virus programs you will be ok. However we all know someone who never updates their system either because they are too lazy or for some reason believe they are invulnerable. If you know someone like that, suggest they go to the site the FBI set up. If they decide not too, you may get a call Monday morning if you are the computer “expert” of the family, with them screaming they can’t connect to the Google.

The most interest part of this story of course was not the DNSChanger bot, itself, but how the FBI and the court handled it. They could have shut it down immediate and the results would have been the same for those 300,000 plus 270,00 more. By delaying the shut down they did allow those 270,000 to recover. However it seems to me they dropped the ball in getting the word out. This didn’t become big news until the past week. I am not sure if the court and the FBI is to be blamed for this, or is it the media’s fault for not getting the word out. Whose ever fault it is, communication was lacking.

Tags: , , ,

Posted in Information, Security

Comments Comments Off

Hijacking a Drone

Posted by KL Tech Muse at 1:09 PM on June 30, 2012

droneDrones are unmanned flying vehicles which are controlled by operators from thousands of miles away. They are used extensively in Afghanistan to track the Taliban’s activities. There has been increase talk among law enforcement in the United States that using drones might be useful in fighting crime. There is a Federal mandate that would permit drones to be used in US airspace. There are many questions involving the use of drones including privacy rights, lack of search warrants …. There are also technical questions. Right now the biggest problem that the DHS and the FAA are facing involving drones are jammers which don’t control the drones but simply jam the signal. This is the way the Iranians insist they were able to bring down a drone in 2011. Although that is still disputed by the US who insist it was operator error and not Iranian jamming that caused the drone to land off course.

However solving the jamming problem maybe easy compared to the problem of spoofing. Spoofing is where the drone is actually controlled by a third-party. In order for spoofing to be successful the drones GPS system must be hacked. That is what the University of Texas, Cockrell School of Engineering did under Assistant Professor Todd Humphreys when it hijacked a drone using $1,000 worth of equipment and custom software. These drones were using unencrypted software that the University of Texas team was able to hack. Their signal was more powerful than the GPS signal that the drone was receiving from the satellite that was originally controlling it. They were able to over ride that GPS signal sending the drone where they wanted to. As you can image this is a huge potential problem. Imagine what would happen if a terrorist group was able to hack a drone and send it where ever they wanted it to. They could control it from anywhere and sending it crashing into buildings with no risk to themselves.

Right now the DHS is still working on the jamming problem through the Patriot Watch and the Patriot Shield programs but the programs are underfunded and haven’t even started looking into the spoofing problem. Before we allow drones to fly above US cities we might want to find a solution to both jamming and spoofing first.

Tags: , , , ,

Posted in Information, Security

Comments 1 Comment

Microsoft Issued Emergency Patch Against the Flame Malware

Posted by KL Tech Muse at 6:07 PM on June 4, 2012

Flame is a malware that was discovered recently by researcher at Kaspersky Lab. Flame is a malicious program that embeds itself in a system and steal data from that system by watching keystrokes It can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversation. It has hit the Middle East and Northern Africa , especially Iran hard.   If you want to learn more about Flame, Kaspersky has a great article about it.

Today it was reported that one of the paths that was used by the Flame malware was a vulnerability in one of Microsoft’s Windows digital signatures. The digital signature that was exploited was the one used for the Terminal Server. The Terminal Server Licensing Services uses an older cryptography algorithm was is what the malware exploited. This is a services that many businesses use to allow remote access by their employees. The attackers created rogue intermediate certificate authorities that were able to trick end users and administrators into thinking they were issued from Microsoft.

On Sunday Microsoft released an emergency update on Sunday. The update blacklisted three intermediate certificate authorities tied to Microsoft’s root authority. They also stopped issuing certificates that can be used for code signing with the Terminal services activation and licensing process. Some are questioning why Microsoft allowed the licensing mechanism to sign untrusted code and then link to Microsoft root authority.

All indications are that the Flame malware was released by a nation-state. Especially after it was recently [unofficially confirmed] that Stuxnet was authorized by the United States under the Bush administration and released during the Obama administration with the cooperation of Israel. At this point it is not clear who released the Flame malware. But it is obvious that both Stuxnet and Flame are just the vanguard of the next frontier of warfare, which is spreading from the battlefield to cyberspace. Whether those who released it had thought through all possible consequences isn’t clear.

Tags: , , , ,

Posted in Information, Microsoft, Security

Comments Comments Off

Battle For The Internet Looms

Posted by AndrewH at 1:39 PM on April 10, 2012

Image - BigStockPhoto.com

With the perpetually refreshed glut of information available on the Web, it’s rare to find a thoroughly researched, thoughtful and meaningful piece on – of all things – the State of The Internet. In the May issue of Vanity Fair, contributing editor Michael Joseph Gross writes a captivating article, “World War 3.0,” that is both rich with history and chilling in his description of the challenges facing a tough-to-tame digital behemoth.

In this lengthy (by Web standards, anyway) piece leading up to a December conference in Dubai where the world will meet to discuss and renegotiate a UN treaty – International Telecommunications Regulations – as it relates to the Internet, Gross pens a somber outlook on where things are headed with the Web. Crisis, Gross asserts, is in store for the Internet and its users because of four main issues:

Sovereignty – the Internet was created and has developed specifically to exist outside or above the worldly territories we’ve mapped out

Piracy and Intellectual Property – the battle between freedom of information and folks wanting to protect their work and, more importantly, get paid

Privacy – the incomprehensible mass of information on the Internet and our ability to contribute and participate with relative anonymity is great for creativity and freedom, but it’s also awesome for criminals and folks who want to use your information for nefarious purposes.

Security – Code written is code hacked. It’s all just a matter of time and effort. With so much at stake and with so much money being made from the Web, how on Earth do we protect it all?

Four main issues – each extremely difficult to solve. In most cases, it’s damn near impossible to get consensus on the terms of each of these issues. You’ll have to read the article to see how Gross places this all in a context that makes the battle over the Internet one of the most important showdowns we might ever see.

The chill-factor for me comes from the last paragraph of his article – discussing the options for achieving security in such a connected world:

Aside from wealth or arcane knowledge, the only other guarantor of security will be isolation. Some people will pioneer new ways of life that minimize their involvement online. Still others will opt out altogether—to find or create a little corner of the planet where the Internet does not reach. Depending on how things go, that little corner could become a very crowded place. And you’d be surprised at how many of the best-informed people about the Internet have already started preparing for the trip.

Image: Blue Digital Background by BigStock

Tags: ,

Posted in ICANN, internet, Security

Comments Comments Off

CISPA: The Next SOPA? Maybe Not

Posted by KL Tech Muse at 4:10 PM on April 9, 2012

CISPA One of the biggest threats to both businesses and governments in today’s world are cyber attacks not only by lone attackers but also by state sponsored attacks especially from China. The CISPA (Cyber Intelligence Sharing and Protection Act) is a bill being proposed in Congress to help fight such attacks. The Act allows businesses and federal agency to share information about cyber threats they have received. The bill would allow them to share this information between each other without informing the public or in the case of businesses their stockholders. The Director of Nationals Intelligence would be in charge of setting up how the information would be shared. All participating companies would have to pass a security clearance and the information would be shared on a need to know basis. The information that is shared cannot be used to gain an advantage. Cyber threats are defined in the bill as any “effort to degrade, disrupt or destroy vital networks or ” to threat or misappropriation“ of information owned by the government or private business” such as intellectual property

Although everyone agrees that cyber attacks are a major problem in today’s world the opponents of this bill including the EFF believe this bill’s definition of cyber attacks is too broad. They are especially concerned that the bill could be used to dampen free speech and to go after sites such as Wikileaks or NY Times under the misappropriation of information owned by the government or private businesses part of the act. Opponents of the bill also think that the Director of National Intelligence is the wrong person to head the effort, that it should be under a civilian agency.

Although there is some comparison between this act and SOPA, there is also a key difference. While SOPA was opposed by major tech companies, many companies including Facebook, Microsoft, Intel have already sent a letter supporting CISPA. Under this bill they would be protected from being sued when they share our information with the government if under good faith they share the information under the CISPA. That means the passage of the bill is to their advantage. Also unlike SOPA, CISPA opponents don’t have any bogeyman like the MPAA to attack. In other words unlike SOPA the money is behind the passage of this bill instead of against it. Hopefully between now and passage, the definitions can be made more narrow. There needs to a balance between the fight against cyber attacks and individual rights.

Tags: , , ,

Posted in Information, Security

Comments 2 Comments

Rocstor AES 256-bit Enctypted Hard Drive

Posted by Alan Buckingham at 11:59 AM on February 26, 2012

Rocstor has unveiled a new portable external hard drive that practically guarantees that your data won’t be stolen.  The hard drive, which comes in capacities up to 1 TB, has a slot for a smart card.  Enter the card, punch in your code (which you choose), and you unlock the drive and all of the data you have stored on it.  The drives are FIP certified and ship with multiple cards.  For users that need additional cards, they can be purchased blank and inserted into a unit to be programmed to work with it.  PIN Numbers can be changed an unlimited number of times as well.

These hard drives are probably not for average consumers, but more for business and government.  They are designed to protect highly-sensitive data and eliminate those stories that are always in the news these days about stolen laptops filled with account and credit card information.  The drives retail in the $400-600 range and are available now from Rocstor.

Interview by Todd Cochrane of Geek News Central for the TechPodcast Network.

Sponsored by:
On new orders get 35% Off your GoDaddy Order use Promo Code:go35off2
GoDaddy Promo Codes always save you money, check out my Promo Codes Today
PlayPlay

Podcast (specmedia): Play in new window | Download | Embed

Tags: , , , ,

Posted in ces, Hard Drive, Security, Special Media

Comments Comments Off

Yale Locks Brings High Tech to the Common Door

Posted by Alan Buckingham at 11:39 AM on February 26, 2012

Yale has new home door locks that bring a high-tech flare to your house.  These aren’t your average doorsets – they have touch-screens and smartphone apps.  You can buy the locks alone from many retailers, like Amazon,  however, they are big with custom installers of home security systems. Now they have introduced NFC (near field communication) to their locks.  That means you don’t need a key or a code.  Your phone alone can unlock the door just by being close to it.  If you are worried about your phone being lost or stolen then you can set up a secondary line of security such as a pass code.  You can also revoke a mobile key via the web site if a phone gets lost.  In addition, you can assign a separate code to each person in your home and even have the lock send you a text when someone passes through the door.  Yale Locks are available on the market today, and the ones with NFC technology will be arriving soon.  Prices and availability have not yet been determined.

You can find out more at Yale. Interview by Todd Cochrane of Geek News Central for the TechPodcast Network.

Sponsored by:
On new orders get 35% Off your GoDaddy Order use Promo Code:go35off2
GoDaddy Promo Codes always save you money, check out my Promo Codes Today
PlayPlay

Podcast (specmedia): Play in new window | Download | Embed

Tags: , , ,

Posted in ces, Security, Special Media

Comments Comments Off

« Older Entries
Newer Entries »