Posted by: thetechieguy | May 21, 2012

Could SPAM bring down Pinterest ?

Pinterest Malware Spam

oh no. It was bound to happen at one point – our dear Spammer friends have discovered yet another frontier to invade with their SPAM. This time is Pinterest.

So here is what happens:

You happily log into Pinterest and do a quick search for your favourite <insert what you want to search for here>. Up pop many images that look amazing and inviting. However when you click on them you wonder how on earth you landed up on a website offering diet pills even though you clicked the picture of a left handed bungee jumping monkey.

Well, spammers got you. What they now do is upload many images and then they edit the link to take you to where ever they want you to. Some use a URL shortening service such as Bit.ly  so you have no idea where on the web you will end up until you click on the link.

Others who are more sophisticated have discovered the redirect method. Ever been to a website that says: You are being redirected in 5 second if not click here ? Spammer have taken advantage of that and use a well known site to redirect you to where they want to.

The famous big brand site is BBC.co.uk – if you saw a link to the BBC website you would think nothing of it and click. It must be safe right ? WRONG. All that spammers do is write a simple line: http://www.bbc.co.uk/go/redirect.shtml?http://www.hotmail.com If you would click on the link it would redirect you to hotmail.com from the BBC.co.uk website. [Note: this has been shut down since the BBC discovered this however there are plenty of others out there].

So why is this an issue ?

Besides the obvious irritation factor of being forced to view Viagra adverts instead of Grandma’s favourite Chocolate Chip Cookies recipe , there are two other real issues:

  1. Security: Spammers and hackers can just as easily redirect to you to their site where they can use it as a point of attack, offer you “free software”, get you to sign up to some service etc. etc. [ read more about this]
  2. Traffic: what is great about Pinterest is that if offers a superb way to get traffic to your website –if people are not clicking because they are nervous about landing up on some suspect website, then we have a problem.

So in summary:

Spam could literally bring down Pineterst – something I am sure Pinterest are well aware of and should be tightening their control.

Just like Twitter deployed protection for its users [bought Dasient], I am sure its a matter of time before Pinterest does the same…

until then – be careful out there !

1 Comment

Posted in Ramblings, Security | Tags: ,

Posted by: thetechieguy | May 21, 2012

How can plastic water bottle be a 50watt light bulb ?

Simple genius ! Here is an ingenious system that can be replicated everywhere with only superb upside.

How can you take a plastic water bottle and make it light up a room ?

Here is how:

 

Besides the obvious of bringing warmth and light into homes, there are other benefits of this system: it creates employment (person installing it), keep earth green (recycling of water bottles don’t land up in the dump),  saves money (no need to switch on lights)

A superb initiative form a Social Entrepreneur

Leave a Comment

Posted in Ramblings

Posted by: thetechieguy | May 20, 2012

Microsoft launches its own Social platform to rival Google + – So.cl

microsoft So.cl

Talk about timing. With the world attention focused on Facebook IPO, another giant has decided that now was the best time to come out of beta. Microsoft has gone all stealth-like and launched So.cl [pronounced “Social”] its own social networking.

So What is it ?

It is the results of an orgy between Twitter (you can follow people), Google + (look and feel), Pinterest (you follow categories) and Facebook (you can SMILE at things just like a Like) but the official description is: “So.cl combines search and social networking for the purpose of learning and is the latest experiment from FUSE Labs”

So basically the site shows you what your friends searched for and what their interests are. You can also watch Videos together with your friends and chat too.

So.cl initially launched at a few college campuses but now it’s open for everyone. Stop me if this sounds familiar…

You can:

  • Share Your Search so that you can help others discover what they might be looking for. Fun commentary & discussions usually follow.
  • Discover New Interests – At So.cl you can find new interests and connect with like-minded people. The topics you care about are waiting for you.
  • Start a Video Party – Doing things with others is a fun part of So.cl. Start a video party on any topic and chat with your friends

Interestingly enough you sign into So.cl with your Windows Live account or your Facebook account (not a typo)

So.cl - login with Facebook

Once you log in, you are told the most honest “Privacy” terms and conditions I have seen. You are specifically told that your searches are viewable by other So.cl users and 3rd parties but nothing will be posted to Facebook or liked unless you choose to and they don’t contact your Facebook friends either. You also have to be 18 years or older (porn anyone ?)

So.cl - Privacy Disclaimer

Next up is the Build your Feed section where you can choose people or interesting topics to follow: (again, sounds familiar ?)

So.cl - Feed

The default Explorer screen :

So.cl - Explore

Once you preform a search, you can add comments to it, share on So.cl with other So.cl - Shareusers, you can tag other users posts and comment on those too. You can also “riff” on the post that is officially  “a new way to interact and improvise with content.” -not really sure what that means as I couldn’t riff anyone or anything.

Video Parties – “Watch videos with your So.cl friends in real time by creating a party in So.cl Note: Video Party allows other users to see the videos that you have posted or viewed”

I joined the Katy Perry party and there were music videos and all the people at the party were chatting on the right hand side. Cool.

So.cl - Video Party

There are lots of configurable settings that you can play with including making So.Cl your default search provider and a decent Privacy setting to delete everything you have done, said, read or participated in.

So.cl - Settings

so in summary:

I am not really sure how I feel about yet another network that I need to invite my friends over. Its hard enough getting them to commit to Googe+ AND LinkedIN.

Saying that, the searches are pretty cool, and everything does flow into everything else making the experience fun to use.  I preformed a search on Bing and used the exact same search terms in So.cl and not surprisingly the exact same results come – just much better presented. I assume that their future plans would be to nuke Bing and just have So.cl as their default search/collaboration/ mail/ Skydrive / Mapping tool…

The problem here is going to be the same problem that Google+ has (or had depending who you speak to). The issue is how to get the masses to join. A Social Network without people is just not social…

Try it  – what do you think ?

web: http://www.so.cl/

3 Comments

Posted in Ramblings | Tags: , , ,

Posted by: thetechieguy | May 20, 2012

Samsung launches its first 4G LTE phone & its running Windows Mobile

Samsung 4G Windows Mobile Focus 2It seems that with very little fanfare Samsung officially launched its first 4G LTE phone. But its not an Android phone as would be expected but a Windows Mobile phone !

“Samsung is the unmatched leader in offering smartphones across a variety of platforms and the Focus 2 is a powerful example of our continued commitment to Windows Phone,” said Dale Sohn, president of Samsung Mobile. “As our first 4G LTE Windows Phone, the Focus 2 is a fast and versatile device for productivity, entertainment and social networking.”

The Focus 2 looks solidly built with all the specs we have come to expect from Samsung:

  • Size: 4.0" WVGA Super AMOLED™
  • Resolution: 480 x 800 Pixel
  • Rear-facing Camera: 5.0 Megapixel
  • Digital Optical Zoom: 4X
  • Camera Features: Auto Focus; Camcorder; HD Recording; HD Playback
  • Video Player; Compatible Video Files, 3GP, H.263, H.264, MPEG4, QCIF, WMV; Video, Streaming
  • Internal Memory: 8GB

(full specs are available here)

The World of Windows Phone

Samsung 4G Windows Mobile Focus 2

  • People Hub lets you immerse yourself in the fully integrated social networking world of Facebook®, Twitter®, LinkedIn® and more.
  • Music + Videos Hub turns your Samsung Focus® 2 into a full-function media player, connecting you with your music, video and podcast library through Zune®.
  • Local Scout recommends nearby restaurants, shopping and activities, wherever you are. And Bing® brings you the rest of the world, with relevant, organized search results, whether you’re exploring the Internet or a new city.

Office Mobile and Microsoft SharePoint

  • Samsung 4G Windows Mobile Focus 2Office Mobile lets you edit all your work documents on the go, thanks to Word Mobile, Excel Mobile, PowerPoint Mobile, OneNote Mobile and Outlook Mobile.
  • Microsoft® SharePoint® makes it easy for you to work with others, whether they’re across the hall or around the world.
  • Desktop compatible: The entire suite is compatible with the desktop versions, and it’s exactly how you’re used to working.

The phone will be priced at $49.99 which is a decent price for a 4G LTE phone which will be available on the US AT&T Network from 20th May

 

 

For more info: http://www.samsung.com/us/mobile/cell-phones/SGH-I667UWAATT

Leave a Comment

Posted in Ramblings | Tags: , ,

Posted by: thetechieguy | May 18, 2012

Birthdays: Olden Days vs. Facebook Days

Facebook has fundamentally changed every part of our lives. Our community is no longer where we live or where we are, but is made up of friends from around the world.  Technology has influenced every part of our lives – even our Birthdays have changed forever:

The Olden Days: The Facebook Days:

Past vs Facebook

 Past vs Facebook 

Past vs Facebook

 Past vs Facebook
Past vs Facebook Past vs Facebook

 

#justSaying…

Leave a Comment

Posted in Ramblings

Posted by: thetechieguy | May 18, 2012

Android IPTV – a smart box for $74 the size of a USB stick

I have reported on the Raspberry PI computer and now we have

Android4.0 IPTV ,google tv,smart android box,allwinner A10

AllWinner USB computer

Its a sexy littlie all in one full computer that is the size of thumb-drive (that thingie that fits into the USB port).

It has a single-core 1.5GHz ARM CPU, a Mali 400 GPU, and 512MB of RAM, an HDMI port to plug the computer into a television. It outputs at 1080p and is said to be capable of playing high-definition video.

It also has a full-sized USB port with host support for input devices, a conventional micro-USB port, a microSD slot, and an internal 802.11 b/g WiFi antenna.

It boots from a microSD card and is capable of running Android 4.0 and other ARM-compatible Linux platforms.

Other Specs:

  • Graphical processor – 2D/ 3D/ OpenGL ES2.0(AMD Z430)/
    OpenVG1.1(AMD Z160) 27M Tri/sec
  • Expand Memory – Micro TF 2-32GB
  • IO/Ports – Micro 5pin USB/ USB2.0 data, transfer/ OTG and host expand
  • Keyboard – Support virtual keyboard,support 2.4G wireless keyboard, fly mouse
  • Audio – AAC, AAC+, eAAC+, AMR-NB,AMR-WB, QCP, MP3, WMA, WAV, MIDI, M4A
  • Video – WMV/ASF/MP4/3GP/3G2M4V/AVI/MJPEG/RV10/DivX/VC-1/MPEG-2/
    MPEG-4/H.263/H.264/1280*720P HD 30 fps, 1080P/720*480 D1 30fps
  • Andriod APP – Youku, Tudou,QQ,Youtube,Twitter,AngryBird,Office, Gmail,Browse,Skype
  • HDMI – 1080P&2160P
  • Power Input – 5V2A
  • Size- 8.8*3.5*1.2cm
  • Weight – 0.2kg

By the way: did I mention all this was for $74 ?

Unfortunately not being shipped to South Africa..yet : http://www.aliexpress.com/product-fm/563764893-New-released-Android4-0-IPTV-google-tv-smart-android-box-allwinner-A10-Model-MK802–wholesalers.html

1 Comment

Posted in Ramblings | Tags:

Posted by: thetechieguy | May 17, 2012

Ice Cream Sandwich officially in SA

ICS in SA

Samsung has announced the local availability of Android 4.0 (Ice Cream Sandwich) software upgrade for the GALAXY S II, with other models to follow soon.

Samsung Electronics completed upgrading the GALAXY devices to Gingerbread last year by providing software upgrades to both Froyo and Gingerbread. With the ICS upgrade, Samsung Electronics continues to solidify its position as the leader of Android devices.

“This upgrade has been highly anticipated locally and we expect that our South African customers will enjoy an enhanced experience with their GALAXY device through this upgrade,” says Craige Fleischer, Head of Mobile Communications at Samsung Electronics SA.

The software upgrade and specific models upgradable to Android 4.0 via KIES PC client (by downloading the firmware via the KIES application) is immediately available on Vodacom today and will be available tomorrow (18th May) on MTN and Cell C.

Similarly, the upgrade via Over The air is in the roll out process and will be available by the end of tomorrow (18 May 2012).

So kids,  who wants Ice Scream ???

1 Comment

Posted in Ramblings | Tags: ,

Posted by: thetechieguy | May 16, 2012

Not snakes but Phone calls and SMS on a plane–a Virgin Plane

imageNever mind making Skype calls whilst sitting on a plane, Sir Richard Brandson has taken it one step further than just internet in the air. Passengers on Virgin Atlantic will be able to make and receive phone calls while in the air.You will also be able to send and receive SMS messages

This will be available initially on Virgin’s new Airbus A330 aircraft, flying from London to New York. It will also be available on the airline’s Boeing 747 planes, which are undergoing a £50 million refurbishment and by the end of 2012, nearly 20 aircraft will provide the service.

Virgin Atlantic chief operating officer Steve Griffiths said: “We have listened to what customers want, and connectivity in the air is always on the wish list.”

More info: http://www.independent.co.uk/life-style/gadgets-and-tech/news/virgin-atlantic-passengers-will-be-able-to-make-and-receive-phone-calls-while-in-the-air-7745465.html

Leave a Comment

Posted in Mobile | Tags: , , ,

Posted by: thetechieguy | May 16, 2012

I made you click – my Social Engineering trick revealed @ ITWeb Security Summit [Part 2]

ITWeb Security Summit

The line up of both local and international speakers at the ITWeb Security Summit was world class [see Part 1]. These ranged from Tech, to Business, to Vendors, to Politics, to Analysis and everything in between.

Raj SamaniOne speaker that I was really looking forward to hearing was Raj Samani, CTO of McAfee EMEA. Raj’s topic is something that I have been preaching about for a long time – Social engineering

Not only was I fortunate enough to listen to his keynote presentation, but I also managed to get a one on one interview with Raj to discuss all things Social Engineering and share some Party Tricks too !

What is Social Engineering ?

Raj describes Social Engineering as a “Deliberate application of deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the release of that information”

This basically means that the Attacker uses compliance tendencies techniques  to extract information from their target in such a way that the target is not even aware that they are doing anything wrong when being targeted.

How does the Attacker extract information ?

There are six compliance tendencies that are used to extract info:

  1. Authority: People comply when a request comes from a figure of authority eg. someone flashing an official looking badge or wearing a uniform
  2. Liking: People tend to give information freely to people that they get on with & like.
  3. Reciprocation: Creating a situation where somebody feels indebted as if they should do a favour for the Adversary.
  4. Consistency: People want to seem trustworthy and so will keep their word of a promise to assist.
  5. Social Validation: People don’t want to stand out and so will comply if others are doing the same thing.
  6. Scarcity: Creating a situation where the target believes that there is a short supply of an item they need or want and therefore will help in order to get that item.

What is the Attack Lifecycle ?

Attack lifecycle

The attack lifecycle is made up of 4 components:

  1. Research – this is where the the attacker looks for the right hook, how to approach the target, which angle to use.
  2. Hook – this is where the attacker engages with the target and begins to build a rapport
  3. Play – this is where the attacker extracts the information from the target
  4. Exit – this is where the attacker ends the relationship in a non-suspicious way

The lifecycle can be executed over a short period (known as hunting) or long time (known as Farming). It all depends on what the attacker is trying to achieve and what they want. The attacker usually targets the individual for specific information however random almost opportunities information can be gleamed anytime and anywhere. Raj recalls being on a train hearing sensitive information being discussed between employees of a large firm.  I had a similar situation where I waited outside a closed boardroom meeting & whilst the employees were leaving they were discussing the new confidential prototype they just saw – loud enough for everyone to hear.

Why would someone do this ?

Companies hire attackers to get information form their competitors and they employ the services of professionals to get this information. Since Information Technology has advanced, it is not always feasible to “hack in” and steal the information and therefore the attacker uses Social Engineering as a much easier method to gain the required info.

There are “information brokers” who earn 50 000 pounds per month just from one client ! There is a going rate of 35 pounds per records supplied….

Who would fall for this ?

One would be forgiven for thinking that we are all well educated not to click on links we don’t recognise, not speak in public about sensitive information and not to divulge information to an external person – but you would be wrong.

Raj recalls a case study where Cadets at West Point in the USA received 4 hour security awareness training. Later, these same Cadets received this email:

Cadet training in security false email

90% of the cadets clicked on the link even though there were errors in it that they were just trained to spot [there is no 7th Floor in an area that they visit often and there is no Col Robert Melville]

So even after 4 hour security awareness, these Cadets were tricked into clicking on a link.

This was a once-off right ? Well not exactly. During Raj keynote presentation, I sent the following Tweet:

Liron_Segev Tweet Experiment to see how many people would click blindly

When people clicked on the URL it took them to this web page that I knocked up in 30 seconds which displayed all their information:

Experiment to see how many people would click blindly

I was being kind. I could have captured information secretly and rerouted them to the ITWeb conference page and they would have been non-the-wiser.

Now bearing in mind we are at a SECURITY conference  it was astounding at just how many people blindly clicked on this link !  [side note: I look forward to reading Raj’s Blog post on my little experiment…]

So if a hall full of security trained experts clicked on this link what can we expect from our users in our organisations ?  We are all susceptible to this kind of attack.

So what can be done ?

Raj sites two main items: Raise awareness and stop the blame culture.

We have IT policy documents that each employee signs and if they were manipulated into divulging information they are not going to own up to it as they will be fired.

We need to change this perception and encourage user participation to report in anything suspicious without fear. Raj say that when a system is put in place the amount of incidents should RISE – this is a sign that the system is working as users are not afraid to report in.

So in Summary:

The threat is real and not movie-stuff. There is a very profitable underground industry that trades in information. Information can literally be converted to currency.

I am particularly passionate about this type of attack as this is the ONLY attack that can bypass all the technology methods that are put in place. In our organisation we have full and legitimate access to information and at the end of the day we are all human susceptible to this type of attack. In a lot of circumstances the victim doesn’t even know that they were even played.

Its just genius play on human emotions. Simple and Effective.

Links: Raj’s Blog, McAfee.com (its not just ant anti virus tool ie not Dr Solomon anymore)

Book to read:  The Art of Deception by Kevin Mitnick

2 Comments

Posted in ITWeb Security Summit, Mobile, Ramblings, Security | Tags: , ,

Posted by: thetechieguy | May 15, 2012

ITWeb Security Summit: Getting it wrong and failing [Part 1]

ITWeb Security Summit

I could feel it. There was something in the air as I made my way through registration and found my seat. I was surrounded by the Best of the Best in the security industry. I just hoped that these guys were on the Good Guys side…

I was at the ITWeb Security Summit and the it was game time.

Chris Gibbons opened the event and throughout the day he expertly made sure that we all knew where we had to be and by when and he kept all the speaker on track ensuring that Day 1 was ran smoothly.

IT Secuirty Summit - CharlCharl van der Walt, Co-Founder and Managing Director at SensePos set the theme for the conference which was How Security Firms have Failed – its times to reinvent Information Security.  Charl then took up through various recent hacking attacks and how they occurred. The one that stood out was the recent attack against Iran’s nuclear power which set them back 2 years. “This attack cost $2 million which is less then the US Air force spend per day.” confirms Charl.
The next big hack company’s name that came up repeatedly throughout the day with various speakers was Comodo. Comodo is an authority that sells secure certificates that ensures that the site is secure and legitimate (SSL). When Comodo was hacked it shook the industry as the hacker managed to issue himself valid SSL certificates in the name of big businesses such as Microsoft, Google to name but a few.

According to a study, 92% of attacks were not difficult, 86% discovered by 3rd party,96% easily avoidable. Mac Maleware has now becomes a reality: “If you been predicting Maleware will come to mobile for the past 10 years, you are finally right” joked Charl.
As technology progresses “The elephant in the room is that Security companies have failed. We have not delivered on info security.” Charl MD of SensePos.

IT Secuirty Summit - EddieEddie Schwartz, CISO at RSA, The Security Division of EMC explained how there are only “2 categories: Breached or Not breached- the latter haven’t looked hard enough”. Eddie explained how the adversary has changed. It is no longer obvious what “Bad Guys” look like. They are not the one with the ski mask and the flash light coming in at night. The bas guys hide amongst the masses and look like everyone else. ”We need to understand what “Bad” looks like & look for similarities” confirms Eddie.  The threat is continuously changing and depends on what business are doing at any stage  “if you take a stand on any issue you might get into someone’s cross hairs”
The old way of thinking about the Risk Based equation is : Risk = Threats x Assets x Vulnerability. However this is the wrong approach as this equation is not solvable and is meaningless.
Quoting the Art of War: “When the trees move the enemy is advancing” Eddie explains that we cant wait to start investigating we need to be constantly analysing Big Data so we can predict movement.”worst case scenario is that the hackers are in your network and are flicking switches on and off”.

Eddie is a believer that we need to this strategically about Big Data – we need to think about handling and analysing “hundreds of terabytes of data.” so when it “hits the fan you can fix it” he asserts. Eddie also suggests building a team made up not just of Administrators but also a variety of skill sets in security including everything from coders to game theorists. Right team and process is critical.

IT Secuirty Summit - MoxieMoxie Marlinspike a Whitehat hacker and security researcher and fellow of the Institute for Disruptive Studies was up next for his keynote.

Moxie was on a mission – an important mission. Moxie message was that the so called Security Authority that is responsible for “securing” the internet has failed as is out-dated.

Moxie focused on the Comodo attack which was officially explained as a state sponsored attack from Iran. However, upon closer investigation it seemed that the attack came from an IP address that was on Moxie’s server for his SSLSnif tool. What was more surprising was that this same IP address came from a introduction “how to” hack Video Clip. So it seems like the attacker was simply following video clip and managed to take down a major player.

When SSL was created the “Main in middle attack” was only theoretical. “We threw it in at the end. It was a bit of a hand wave” said Kip the person who wrote SSL at Netscape ! “another 4am decision” as Moxie calls it.

What was most surprising is that Comodo, the company that suppose to protect us from getting hacked, it itself got hacked no less than 4 times. With NO repercussion. No lawsuits.

So why did nothing happen to Comodo ? Why didnt people block its services when they got hacked ? The reason is that is that was done, then a quarter of the internet will not be able to visit your website. The way SSL certificates currently work is that you are locked in to trust those Certificate organisations forever. Can never change and so don’t have ability to move. EVER.

Moxie has created a solution for this problem called Convergence. More info is available at http://convergence.io/

IT Secuirty Summit - Haroon Meer

Haroon Meer Founder of Thinks started his keynote by asserting that “Hope is not a strategy. You cant hope that you wont get hacked.”. Haroon stated that security has become very complex and the security firms have put the onus onto the user to be responsible for security. Why would people still click on links that they don’t recognise ? “You never see the true meaning of Phishing issue until you get your mother to do internet banking !”  Haroon then recalls all the items you have to explain to mom. Don’t click on links, only open website that have a padlock for security, don’t use WiFi, only use your own computer etc. etc. etc. TOO HARD !

The security industry can not fall back on user’s lack of education. “Its not a crutch that we can use anymore”

Security experts make the users life very awkward by clamping on internet usage and email usage “for security reasons”. Users cant access certain files via email but can access Google Doc, Facebook file sharing, Dropbox. So why make it awkward for user?

Haroon is critical of the Antivirus companies. Whilst having an antivirus is important (calls is “Virus Tax”), these companies have failed the industry as they don’t stop Maleware until something bypasses their system and they are made aware of it and then the dissect it.  “Opponent gets to see the whole chess board. I can get the same antivirus as you & tweak my Maleware to bypass it.” concludes Haroon.

1 Comment

Posted in Events, ITWeb Security Summit, Mobile, Ramblings, Security | Tags: , , , ,

« Newer Posts - Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.

Join 55 other followers