Cyberphunkz Tech Blog
Tech information that you never knew… Now at your fingertips
UAE, Saudi Arabia Might Ban BlackBerry Services :: Will it be banned in India too?
Aug 3rd
Looks like the dark times for RIM and BlackBerry are showing no signs of respite. The TRA (Telecommunications Regulatory Authority) of the UAE, which regulates the telecom industry in the country is contemplating a ban on the e-mail, web browsing and messaging services on BlackBerry smartphones starting October 2010.
The ban, according to officials from UAE, will be issued in public interest. According to them, the current security protocols used in BlackBerry services makes the users of such services to act without any legal accountability, causing judicial, social and national-security concerns .
If you were unaware, unlike most normal phones, any BlackBerry device encrypts data sent using it first through its servers in Canada before it ends up where you intend to send it. This basically means that UAE cannot monitor what is being sent via BlackBerry phones in the country unless Canada and RIM somehow allows access to its data center. RIM was reportedly offered an alternative to open its own server within the UAE which the company rejected. This is believed to be the reason behind the plans to ban the entire bunch of BlackBerry services in the country.
Incidentally, UAE is not the only country that is contemplating a ban or imposing similar measures on RIM. India and now, even Saudi Arabia are talking tough regarding BlackBerry and its servers.
Russian Spies used Wi-Fi and Steganography
Jun 22nd
Some of the details are beginning to emerge about the 10 Russian spies that were captured in the US. According to an article on The Register, the spies communicated with Ad-Hoc Wi-Fi networks and hid messages in pictures using Steganography.
FBI agents monitored 28 year old Russian spy Anna Chapman as she communicated with a Russian government official. Anna would go to a book store and using her laptop, created an Ad-Hoc Wi-Fi connection to a Russian contact who was outside the store:
Surveillance agents nearby used “a commercially available tool that can detect the presence of wireless networks” to witness the creation of the ad hoc networks. NetStumbler is probably the most popular example of such software. Law enforcement agents were able to detect a particular MAC address – MAC address A – at the time that Chapman was observed powering on her laptop computer,” the complaint says. Law enforcement agents were also able to determine that the electronic device associated with MAC address A created the ad hoc network.”
The spies also embedded secret messages in pictures and uploaded them to sites where Russian officials retrieved them, and decoded the messages.
A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images. “These images appear wholly unremarkable to the naked eye,” the complaint explains. “But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files.”
It is interesting to see the tactics used by modern spies. Of course Russia is denying any and all involvement. Kudos to the FBI for taking them down.
10 Facebook Don’ts
Jun 14th
Facebook is more popular than ever. The site frequently goes through changes, but how many people use the same schedule of improvements on their own profile? The new features added to Facebook are opening new windows for vulnerability. A compromised account is a backdoor to more serious attacks on email or banking.
Today I will show you 10 things you should stop doing on Facebook in order to take back your security and close the open door.
-Stop posting your phone numbers. Last week I explored a Facebook attack that harvests the phonebook feature. Remember that your number is exposed to your friends, and therefore you’re relying on their security practices as well as your own to protect you. If a phisher can spoof your number, they have an extra layer of authenticity in convincing your friends you are in trouble and need money fast.
-Put down the games. I know the Mafia can’t take Cuba without you, but it’s time to stop. The top games on Facebook have been hacked, and it’s just a matter of time before the one you play is next. It’s arguable that the damage is already done with the games and applications you’ve already allowed, but don’t sign up for any new ones! Third party apps are not guaranteed to be secure, and you should not trust them with your credentials.
-Don’t trust chat. It shouldn’t take Chris Hansen to tell everyone that the person on the other end of your chat session could be anyone. The chat feature on Facebook should be treated as a public conversation. Never give out any private information, even if you’re positive you are talking to your friend.
-Refresh your personal info. Take a fresh look at your profile from the perspective of a social engineer. Does your profile tell a story about you? What information can you cut out? Many security questions ask about personal details about primary school and pets. Delete any photos or profile details that may relate to those kinds of questions.
-Don’t use the lazy emails. Facebook will fill your email inbox with notifications, and the links to easily respond. Instead of following the links in email, open up a fresh tab and go to facebook.com directly. Facebook and most social networks are targets for email spoofing. Otherwise you’ll be entering your login password at facebock.com!
-Don’t friend acquaintances. Think of the friends list as a circle of trust. If you don’t know the person well enough to trust their
security savvy, than you’re very unlikely to recognize the behavior of a phisher pretending to be them. 500 friends means 500 possible inroads to a social engineering or phishing attack. Tone down the number.
-Don’t keep an old password! Changing your password short circuits many trivial forms of attack. Facebook is a high risk target for Identity Theft, especially if you’re using applications frequently. How about doing it now!
-Photos are forever. Make it clear to your friends and family that you do not want those pictures of you in your birthday suit on anyone’s profile. (As opposed to the one of you in a suit on your birthday!) Pictures give behavioral information to an attacker. Bruce Schneier calls this “incidental data” in his Taxonomy of Social Networking Data. There he makes the assumption that incidental data is information that you did not create about yourself, and therefore do not control. I would add that although much of it is outside your control, there are ways to influence your friend’s posting behavior overall. Also, Facebook gives users the ability to “untag” themselves in pictures. While the damage is already done in the short term, you’ve influenced long term vulnerability.
-Don’t forget @mentions. This new feature brings more incidental data. Be respectful of your neighbor’s privacy. Ask yourself if having a friend’s entire profile pinned to your comment like a big arrow is actually necessary for the joke to be funny.
-Don’t trust other websites. Facebook is everywhere now. The same trust rules apply to the Facebook Login feature that is spreading to other websites. If you don’t trust the website you’re on, then signing in with the Facebook credential does not give you an added layer of protection, but rather hands your password to strangers.
This list may seem counterproductive to the efforts Facebook makes to create a global connected community. While I am interested in being a part of such a community, I go into it with eyes open. Just like wearing a wallet belt when I go to huge tourist destinations, I want to be smart about visiting the hugely popular social networking sites online. It may not be the coolest thing to do, but in the end I found that my friends didn’t even notice I had taken these safety precautions. Now the camera bag I stuffed in my shirt… that was a different matter.
Original source:
http://erratasec.blogspot.com/2009/11/10-facebook-donts.html
