Breaking up (with Facebook) is hard to do: Here’s how

NEW YORK — Every relationship has a breaking point. Even yours with Facebook.

There’s a way out, though the social network will try to win you back with promises to do better. Maybe even flowers.

For some users, though, the past two years of privacy scandals, election manipulation by Russian trolls, executive apologies and even the political disagreements with friends and relatives have become too much.

The latest: an alarming New York Times report detailing the massive trove of user data that the company has shared with such companies as Apple, Netflix and Amazon.

A growing number of people say they are deleting Facebook, or at least considering it.

While Facebook has tried to address some of these problems, it’s not enough for some users.

Hard as it might seem to quit, especially for those entwined with it for years, it can be done.

Mostly.

Goodbye forever

Before deleting your account, rescue your posts and photos.

Facebook lets you download the data you’ve shared with Facebook since you joined. This includes your posts and photos, as well as the “activity log”—the history of everything you’ve done on Facebook, such as likes and comments on posts, use of apps and searches.

The download also includes your profile, messages, list of friends and ads you’ve clicked on.

This process should give you a good—perhaps scary—idea of what Facebook has on you.

What you won’t get are photos other people shared with you, even if you’ve been tagged. You need to save those individually.

And some stuff will remain, including what others have posted about you, your chats with others and your posts in Facebook groups (though your name will be grayed out).

To delete all this, you’ll need to sift through your “activity log,” accessible through your profile page, and delete each item individually.

Once you’ve saved everything and gone through your activity log, sign in one last time. Go to http://bit.ly/198wIoI and click on the blue button. Facebook says the process could take a few days.

Your delete request will be canceled if you log back in during this time. Facebook says it may take up to 90 days for all the data associated with your account to be wiped, but you can’t change your mind after the first few days are up.

If you used your Facebook account for third-party apps and sites, you’ll need new usernames and passwords for each.

Trial separation

If you’re not quite ready for a divorce, deactivating your account is an option. To do this, go to your account settings.

Deactivating means other people won’t be able to see your profile, but if you log back in, the whole thing is canceled and you are “active” again. Ditto if you log into an outside app or site using your Facebook account.

Fomo (Fear of missing out)

Depending on whether you were a full-time Facebook addict or an occasional lurker, the psychological separation could prove harder or easier than the physical one.

Facebook has become a one-stop shop for so many things. You can keep up with friends and family, find out about or create local events, buy and sell stuff, keep up with the news, raise money for a cause or join groups of like-minded people such as parents, porch gardeners and people with a rare disease.

There are other places to do many of these things. There’s Eventbrite for events, Letgo for buying and selling stuff, Peanut for moms to connect, Meetup to find and meet like-minded people, GoFundMe for raising money and Twitter, or, gasp, your local newspaper’s website for the news.

The difference is there’s no single other place to do all these things, and your friends might not be there.

If you find your mind wandering back to Facebook as you go through your day, thinking how you might craft a post about a thought you’ve just had or an article you came across, it’s OK. Let it go. It’s all part of the breakup process.

And while you may not see updates about near-forgotten schoolmates or that random person you met six years ago, the people who matter most will stick around. For them, there’s e-mail, the phone, and meeting in person for coffee.

About those other apps

If your boycott of Facebook has more to do with your view of the company than with tiring of the Facebook service, you might consider deleting Instagram, WhatsApp and Messenger as well—they are all owned by Facebook.

Deleting your Facebook account won’t affect your Instagram or WhatsApp account. If you want to keep using Messenger, you can create an account using your phone number instead of your Facebook profile.

source: technology.inquirer.net

Iran hit by global cyber attack that left US flag on screens

DUBAI - Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a US flag on screens along with a warning "Don't mess with our elections", the Iranian IT ministry said on Saturday.

"The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country," the Communication and Information Technology Ministry said in a statement carried by Iran's official news agency IRNA.

The statement said the attack, which hit internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco which had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian new year holiday.


Cisco did not immediately respond to requests for comment.

A blog published on Thursday by Nick Biasini, a threat researcher at Cisco's Talos Security Intelligence and Research Group, said: "Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol...

"As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths."

Iran's IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter with the image of the US flag and the hackers' message. He said it was not yet clear who had carried out the attack.

Azari-Jahromi said the attack mainly affected Europe, India and the United States, state television reported.

"Some 55,000 devices were affected in the United States and 14,000 in China, and Iran's share of affected devices was 2 percent," Azari-Jahromi was quoted as saying.

In a tweet, Azari-Jahromi said the state computer emergency response body MAHER had shown "weaknesses in providing information to (affected) companies" after the attack which was detected late on Friday in Iran.

Hadi Sajadi, deputy head of the state-run Information Technology Organization of Iran, said the attack was neutralized within hours and no data was lost. — Reuters

ISPs Can Now Sell Your Data: How to Protect Yourself

This spring, Congress and then President Trump rolled back protections for consumers that previously prevented Internet Service Providers (ISP) from collecting and selling personal data. While consumers grumbled, advertisers have celebrated. ISPs can now profit from the sales of data they weren’t previously allowed to collect and personal marketing profiles can be created to boost online sales.

How ISPs can Collect Data

There are several ways that ISPs can now collect data for profit. From basic monitoring of internet activities, ISPs can accumulated data on websites that users visits, how much time they spend there, which links they click, and which products they ultimately buy. To bolster demographic information on potential customers, ISPs can use deep packet inspection to uncover personal information that is often grouped together, like name, age, and location. ISPs can also use beacons, found within mobile data, to pinpoint the exact location of users. You might have noticed that some services have already used this data. Apps can remind us to use a coupon or take advantage of a sale when we’re in close proximity to the store. The difference lies in user opt-in for these services. Under these new regulations, users don’t opt-in and they can’t opt-out. Finally, ISPs can now respond to government requests for personal data. These requests could be used for positive purposes, like stopping a potential terrorist attack, or they could be utilized as yet another source of profit for ISPs.

Will ISPs Sell My Data?

While many people have doubts that ISPs will stick to promises to honor their customer’s privacy, Brian Dietz from the Internet and Television Association told the Washington Post, “"Regardless of the legal status of the FCC’s broadband privacy rules, we remain committed to protecting our customers’ privacy and safeguarding their information because we value their trust.” Time will tell whether ISPs will give in to the temptation to sell out customers’ data for potentially massive profits.

What Can I Do to Protect my Data?

It will be important than ever for users to pay more attention to their online behavior. Whenever possible, use the secure version of websites (HTTPS). ISPs will still be able to collect some data but not as much. A Chrome app can help users remember to use HTTPs whenever possible. VPNs are another way to protect user data. This solution isn’t without problems though because some sites, like Netflix, block VPNs. Many suspect fewer VPNs will be available with China’s demands to pull them from the App Store.

With fewer ways to protect your data online, it’s even more important to guard your offline data. Practice regular backups. If you experience data loss, trust Secure Data’s commitment to complete confidentiality throughout the entire recovery process.

source: securedatarecovery.com

How to Remove a Trojan Virus and Recover Lost Files

Anyone who uses a computer understands that Trojan viruses or other malware can release a storm of problems on your PC. Here are some quick tips on removing a Trojan virus and other malware to recover lost files on your computer. 



What Can Malware do to your Computer? 


To understand how to remove malware, you first have to understand how they work. There are a number of different malware categories, including:


Adware
Backdoor
Hijackers
Dialers
Spyware
Virus
Worm

Malware typically comes from corrupted downloads. Specifically, a Trojan virus appears innocent on the surface, but has been designed to unleash havoc on your system. Sometimes, it provides a backdoor entry to your computer system, or download more dangerous software on your hard drive in the future.

Removing a Trojan Virus

Typical computer Viruses, on the other hand, self-replicate themselves and infect other files or programs on your computer. Whether or not you can eliminate a Trojan virus will depend on the severity. In this case, when removing a Trojan virus, it’s always recommended taking it to a data recovery professional. There are anti-malware programs, however, that prevent and eliminate these attacks from occurring. We recommend Autoruns from Sysinternals. The software is free, and it provides you with a detailed report of potential malware threats and how to get rid of them. For the most part, the programs that run through Autoruns will be safe from cyber-threats. But remember, before you delete anything, first examine the files that are currently being scanned from Autoruns. Once you determine that those files are corrupt or safe to delete, you can use an anti-virus program to safely remove them.

Recovering Lost Files on your Hard Drive

To recover a lost file, we normally recommend taking the proactive approach and backing up your data. It’s much easier to use a backup than it is to try to recover your information after a malware-attack. You can also check the recycling bin for deleted files. Getting into the habit of creating backups could save you a lot of headache and frustration later. You could also consider using file recovery software to restore data that has been emptied from the recycling bin. We recommend Recuva Portable because it’s free, easy to use for beginners, and it has an impressive success rate. It will even give you a preview of the images that you can recover. Whether you need to recover lost files or figure out how to remove a Trojan virus, contact the experts at Secure Data Recover for help you can trust!

source:  securedatarecovery.com

Encrypted passwords among stolen in 2012 breach, Dropbox says

Security breaches are nothing new, but it has been growing in frequency and boldness as of late. Back in 2012 Dropbox was targeted by an attack, but it is only now that the company revealed most of the stolen credentials are still floating around in the dark web.

The 2012 breach compromised more than 60 million accounts and it all became possible because hackers managed to locate a personal password that was reused by an employee on the corporate account. Apart from the usual stored data, TechCrunch reports that user passwords were also acquired in the theft.


Fortunately, Dropbox passwords are encrypted and secured with salt–these are random data strings that are added to strengthen encryption. Despite the data being made available online, it would seem that the encryption has not been cracked yet.

The company has also taken measures to ensure that employees do not reuse passwords by having password management service 1Password available for their employees. They are also currently requiring a two-factor authentication for all internal systems.

Because online cloud storage services play host to all kinds of data, they become frequent targets for hackers. However, since 2012 the Dropbox has not reported any major security compromises. This bodes well for the company and to its millions of users, who have grown to 500 million.  Alfred Bayle

source: technology.inquirer.net

Apple gives preview of unencrypted iOS 10

In a shocking move, Apple has released the preview for the iOS 10 to developers with its kernel completely unencrypted.

In a statement, an Apple spokesperson said the kernel was left open to better optimize performance without compromising security since the kernel cache does not have any user information.

The kernel is basically responsible for things like how apps access the device’s hardware and security protocols. This unencrypted preview will allow developers to examine the kernel’s code in full detail to find security flaws. In turn, it will help Apple to patch up security holes faster.

A report from 9to5Mac states that Apple’s recent battle with the FBI is one of the reasons for opening the kernel to developers.

While it may be too early to predict the ramifications of Apple’s decision, it does make sense that more eyes will help to find security issues and fix them up faster. Alfred Bayle

source: technology.inquirer.net

How Much Does Data Recovery Cost?

Almost all reputable data recovery companies will charge for individual scenarios, and that has sometimes led to confusion about the rate for professional services. To put it simply, in most cases you are not given a single flat rate. This is because the average data recovery cost comes with hidden fees. In a lot of cases, a data recovery company you contact will give you a broad-ranging quote that makes it impossible to know how much you will actually pay. Once you hand your device or PC over, you are in a weaker position, so that’s why you get a quote up front.

Different Way To Charge For Data Recovery Services
 
When you visit a quality data recovery company, you should know what to expect early on in the transaction. Transparency is important and can be based on a few factors: • Size of the drive • Problem with your device • Whether previous attempts to recover have worked In most cases, problems will fall into the following categories: Basic, Firmware or Mechanical. Basic looks at bad sectors, deleted data and data corruption. Firmware address damage or corruption to components that needs repairing. If there is a mechanical problem, that sometimes cost extra. This happens because technicians have to slowly go through every part of your computer to see where it’s going wrong and there are replacement costs. A well-regarded company describes any pricing options with its customers before starting any work.

Data recovery questions and answers
 
We get a ton of questions about the cost of data recovery services. Here are a few answers to those frequently asked questions.

How much do data recovery services cost upfront?

In all but the rarest of circumstances, you do not need to pay a fee for our services before we do any work. You will only pay after we successfully recover your missing data. Should you decide you need it, we offer prepaid shipping so that you can send us your device for an evaluation.

Will you give an estimate?
 
You do not have to walk into our data recovery services blindly. Yes, we give our customers free data recovery evaluations. We also have a risk-free data recovery evaluation for almost every technological device. Some of the components we often work with include: • RAID Arrays • Hard Drives • Servers • Systems Our evaluation includes a diagnostics report with detailed information about whether our services will be the best choice for you. The report includes a list of the recoverable files, an accurate price estimate and an estimated turnaround time for your issue. What if there is no way to recover my files? Because we have top-of-the-line technology with qualified and reputable experts, we can help you to stop losing information from almost all devices. Unfortunately, there are cases where we cannot recover the data. When that happens, we do not charge fees. We understand. We would not want to pay for services that didn’t work, either.

How much does data recovery cost?

That depends on who you use and what type of services you need. Get a quote in advance and don’t work with anyone who won’t do that for you. You want to entrust your data recovery efforts to an expert who will not just take your money.

source: securedatarecovery.com

5 Ways Small Businesses Must Protect their Data

Cyber security is a new concern for all businesses. Big hacks, like the Target, Home Depot, and Sony attacks, have only emphasized how much small businesses need to protect themselves. Large businesses have a lot of resources to do this, but small businesses often do not have the budget or knowledge to perform due diligence against cyber security attacks. Here are 5 ways a small business can protect itself from data threats.

Protecting Small Business Data: Backup
The new threat on the block is ransomware. Symantec estimates that 60% of small businesses face significant financial hardships after being attacked by ransomware. Some of these businesses even discontinue service or go out of business as a result of the attacks. Ransomware encrypts important files, like documents, pictures, and CAD files, on a PC. The local PC isn’t the only victim either. Ransomware will also attempt to reach out to other PCs on the network, especially mapped network drives. Once the ransomware finishes encrypting files and drives, the software demands money to un-encrypt the data that the business can no longer access. The ransom can be expensive.

Small business can’t afford that kind of monetary hit. However, if a system gets attacked by ransomware and the business has a quality backup, the business can simply wipe the PC and start over. Re-imaging a PC and restoring data only takes a day or two and saves the business thousands of dollars. Backing up and protecting small business data is easy. There are a lot of good, online services that automate this process for an affordable yearly fee. Likewise, it’s easy enough to setup on your own. The important thing is to keep 3 different backups for the 3 different time periods for each PC. Each backup set needs to be kept on-site, off-site but local, and not local. This ensures that data is saved in case a business goes up in flames or the offsite backup is hit by a natural or man-made disaster. Data storage is cheap today so there’s a backup is an easy choice..

Protecting Small Business Data: Switch to the Cloud
The cloud is still a scary thing for businesses. I understand why. Using a cloud infrastructure means that businesses have to hand over control of their IT systems and depend on another business to stay in business. Think of it this way, though, cloud businesses build their business on reliability, speed, and security. Microsoft’s Azure and Amazon’s S3 services are incredibly powerful. They both have over a 99% uptime guarantee in their Service Level Agreements. Both replicate data in servers throughout the country. Both backup data. Microsoft has the advantage of adding their entire Office Suite in the cloud, too. Best of all, cloud services can lower ownership expenses.

Protecting Small Business Data: Purchase, Update Quality AV
Antivirus protection is still needed in today’s environment. By now we shouldn’t have to warn anyone to install a quality antivirus program and keep it up-to-date. So many businesses still don’t follow this basic rule, though. This is something that any small business can implement in a few hours and automate.

Protecting Small Business Data: Restrict Admin Accounts
Most small businesses buy a few PCs and attach them to a small local area network. They don’t use domain services or group policies. That’s okay. It’s not always appropriate for a small business to utilize these kinds of services. It is important to make sure that employees aren’t using admin accounts on their PCs, though. Admin accounts are setup by default. Changing a user’s profile from being an admin to a standard user eliminates 90% of virus and attack-ware threats. Employees can always elevate privileges on the PC when they need to install software.

Protecting Small Business Data: Education
Nothing is more important than education. Employee education can significantly reduce the threat of cyber attacks. Even simple reminders to avoid opening links or attachments in email will significantly reduce the chances of an attack. Hold monthly education meetings or assign a “security guru” to send out weekly or monthly newsletters for employees to read and act on. These are basic steps but speaking to the last point, awareness and education is a significant part of the battle against data breach and data corruption. Please let us know if you have other questions. The needs of our customers frequently grow in one area or the other, such as the recent spike in ransomware. We might bring your concerns to the blog to help others, as well.

source: securedatarecovery.com

Microsoft sues US over secret demands for customer data

SAN FRANCISCO — Microsoft is suing the government over a federal law that lets authorities examine its users’ email or online files without their knowledge.

It’s the latest conflict between the tech industry and U.S. officials over individual privacy rights. Law enforcement officials want freedom to view a treasure trove of information — including emails, photos and financial records — that customers are storing on electronic gadgets and in so-called “cloud” computing centers.

Microsoft says the U.S. Justice Department is abusing the 1986 Electronic Communications Privacy Act, which allows authorities to obtain court orders requiring it to turn over customer files stored on its servers, while in some cases prohibiting the company from notifying the customer. Microsoft says those “non-disclosure” orders violate its constitutional right to free speech, as well as its customers’ protection against unreasonable searches.

A Justice Department spokeswoman said the government is reviewing the lawsuit, which was filed Thursday in Seattle federal court.

One former federal official was critical of Microsoft’s position, saying it could lead to warning “child molesters, domestic abusers, violent criminals and terrorists that they’re being investigated.”

The non-disclosure orders must be granted by a judge who has concluded that “notifying these individuals will have an adverse result, which could include messing up an investigation or even endangering the life or safety of individuals,” said Daniel “D.J.” Rosenthal, a former National Security Council and Justice Department attorney.

But Microsoft argues the law sets a vague standard for granting secrecy around digital searches. Authorities are required to disclose most search warrants for information stored in filing cabinets, safes or other physical locations, the company noted in its court filing.

“At the end of the day, when you are being investigated by the government, you should know about the investigation so you can prepare a defense,” said Mark Jaycox of the Electronic Frontier Foundation, a digital rights group.

Microsoft said government demands under the ECPA law are increasing in number for a variety of investigations, including white-collar cases.

“We appreciate that there are times when secrecy around a government warrant is needed,” Microsoft Corp. President Brad Smith said in a statement. “But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.”

The Redmond, Washington-based company says authorities used the law to demand customer information more than 5,600 times in the last 18 months. In nearly half those cases, a court ordered the company to keep the demand secret.

Although some orders expired after a period of time, Microsoft said the gag orders were indefinite in about 1,750 cases, “meaning that Microsoft could forever be barred from telling the affected customer about the government’s intrusion.”

As more people store data online, Microsoft argued in its lawsuit that the government is exploiting that trend “as a means of expanding its power to conduct secret investigations.”

In an interview, Smith said the company decided to sue the Justice Department after a case where authorities threatened to hold Microsoft in contempt when it sought to contest a particular secrecy order.

“That caused us to step back and take a look at what was going on more broadly,” he said. “We were very disconcerted when we added up the large number of secrecy orders we’ve been receiving.”

While the lawsuit specifically challenges ECPA’s secrecy provision, Congress has been debating a number of reforms in response to criticism that it’s outdated in various ways.

The House Judiciary Committee this week approved a bill to amend the law so authorities would need a warrant to see email and other digital files that have been stored online for more than 180 days. Currently the law allows access with a subpoena, which can be obtained more easily by satisfying a weaker legal standard.

But a recent amendment to the bill would still allow non-disclosure orders lasting up to six months, which could potentially be extended. Microsoft’s Smith said he’s not optimistic that Congress will pass any reforms this year.

Microsoft rival Apple has been waging a high-profile legal battle over the FBI’s attempt to compel that company’s help in obtaining data stored on iPhones.

“It’s part of the same trend,” said Alex Abdo, a staff attorney at the American Civil Liberties Union. He said tech companies “have gotten the message loud and clear from the American public, that privacy matters.”

source: technology.inquirer.net

Amazon confirms encryption change

NEW YORK — Amazon has removed the ability to encrypt locally stored data on its Fire tablets, saying that customers weren’t using the service.

The change comes as Apple squares off against the FBI over access to an encrypted iPhone. Apple says giving the government access would make all other iPhones more vulnerable to hacks.

Amazon made the switch when it introduced its new Fire OS 5 in September 2015 with new Fire tablets. But it was brought to light this week as older versions of the tablets get operating system updates.

Encryption helps protect user data by scrambling it and only allowing access with a password.

Amazon removed some features, including encryption, from Fire OS 5 that “we found customers weren’t using,” said Amazon spokeswoman Robin Handaly.

source: technology.inquirer.net

NY judge: US cannot make Apple provide iPhone data

NEW YORK — The US Justice Department cannot force Apple to provide the FBI with access to locked iPhone data in a routine Brooklyn drug case, a federal judge ruled Monday.

US Magistrate Judge James Orenstein’s written decision gives support to the company’s position in its fight against a California judge’s order that it create specialized software to help the FBI hack into an iPhone linked to the San Bernardino terrorism investigation.

Apple on Thursday formally objected to the order in a brief filed with the court, accusing the federal government of seeking “dangerous power” through the courts and of trampling on the company’s constitutional rights.

The San Bernardino County-owned iPhone 5C was used by Syed Farook, who was a health inspector. He and his wife Tashfeen Malik killed 14 people during a Dec. 2 attack at a county holiday party that was at least partly inspired by the Islamic State group. The couple died later in a gun battle with police.

Apple’s opposition to the government’s tactics has evoked a national debate over digital privacy rights and national security.

Orenstein concluded that Apple is not obligated to assist government investigators against its will and noted that Congress has not adopted legislation that would achieve the result sought by the government. Orenstein’s ruling — while not considered binding or precedent setting for the California case — will likely still have influence on the arguments put forth before Judge Sheri Pym at a hearing next month. The New York case is far less onerous or invasive for Apple and its technology; the extraction technique exists for that older operating system, and it’s been used before to assist investigators.

In California, Pym ordered investigators to create specialized software — which since late 2014 doesn’t exist for newer phones — to help the FBI bypass security protocols to test random passcode combinations in rapid sequence.

Orenstein said he was offering no opinion on whether in the instance of this case or others, “the government’s legitimate interest in ensuring that no door is too strong to resist lawful entry should prevail against the equally legitimate societal interests arrayed against it here.”

He said the interests at stake go beyond expectations of privacy and include the commercial interest in conducting business free of potentially harmful government intrusion and the “far more fundamental and universal interest … in shielding sensitive electronically stored data from the myriad harms, great and small, that unauthorized access and misuse can cause.”

“How best to balance those interests is a matter of critical importance to our society, and the need for an answer becomes more pressing daily, as the tide of technological advance flows ever farther past the boundaries of what seemed possible even a few decades ago,” Orenstein wrote. “But that debate must happen today, and it must take place among legislators who are equipped to consider the technological and cultural realities of a world their predecessors could not begin to conceive.”

The Justice Department said in a statement that it’s disappointed in the ruling and plans to appeal in coming days. It said Apple had previously agreed many times prior to assist the government and “only changed course when the government’s application for assistance was made public by the court.”

A senior Apple executive said the company policy has been to produce information to the government when there is a lawful order to do so, but that in New York the judge never issued the order, and instead asked attorneys to file briefs addressing the constitutionality of the request for Apple to bypass its security protocols under the 1789 All Writs Act. The executive spoke on condition of anonymity to discuss a pending legal matter.

Orenstein invited Apple in October to challenge the government’s use of the catchall law to compel it to help law enforcement recover iPhone data in criminal cases, noting that another law on the books already covered the issue.

The Cupertino, California-based computer maker did, saying in court papers that extracting information from an iPhone “could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.”

It followed up by declining to cooperate in a dozen more instances in four states involving government requests to aid criminal probes by retrieving data from individual iPhones.

In ruling, Orenstein wrote: “I believe Apple has the better argument” because the other law covering wiretaps for telecom companies “explicitly absolves a company like Apple of any responsibility to provide the assistance the government seeks here.”

Federal prosecutors say Apple has stopped short of challenging court orders judicially, except in the cases before Orenstein and the California jurist who ruled about the San Bernardino shooter’s phone.

“Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device; it is instead whether the All Writs Act resolves that issue and many others like it yet to come,” Orenstein wrote. “For the reasons set forth above, I conclude that it does not.”

source: technology.inquirer.net

iOS users warned versus spy app

 

Mobile securit researchers warn of a mobile app that may have been used to collect users' personal data as part of an  "economic and political cyber-espionage operation" targeting military, governments, defense, and media—with civilians unwittingly caught up as collateral damage.

Users of Apple's iPhone, iPad and iPod touch running iOS were warned this week against an espionage app being used in a targeted attack campaign.

 

Trend Micro said the app is used in Operation Pawn Storm, an "economic and political cyber-espionage operation" whose targets include the military, governments, defense and media.

 

"We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems," researchers Lambert Sun, Brooks Hong and Feike Hacquebord said in a blog post.

 

According to the researchers, they found two malicious iOS applications in Operation Pawn Storm.

 

One of the two, IOS_ XAGENT.B, uses the name of a legitimate iOS game "MadCap." The second was identified as XAgent (IOS_XAGENT.A).

 

Both apps are related to SEDNIT, which the researchers said aims to personal data, record audio, make screenshots, and send them to a remote command-and-control server.

 

"As of this publishing, the C&C server contacted by the iOS malware is live," Trend Micro said.

 

XAgent, once installed on iOS 7, hides its icon and runs in the background immediately.

 

"When we try to terminate it by killing the process, it will restart almost immediately," the researchers said.

 

But on iOS 8, the icon is not hidden and it cannot restart automatically.

 

"This suggests that the malware was designed prior to the release of iOS 8 last September 2014," they said.

 

The researchers said the app is designed to collect all kind of information on an iOS device and can:

 

• Collect text messages
• Get contact lists
• Get pictures
• Collect geo-location data
• Start voice recording
• Get a list of installed apps
• Get a list of processes
• Get the Wi-Fi status

 

Even works on un-Jailbroken phones

 

What is potentially dangerous is that the iOS device "doesn’t have to be jailbroken per se," the researchers said.

 

"We have seen one instance wherein a lure involving XAgent simply says 'Tap Here to Install the Application.' The app uses Apple’s ad hoc provisioning, which is a standard distribution method of Apple for iOS App developers," they said.

 

Via ad hoc provisioning, the researchers said the malware can be installed simply by clicking on a link. — Joel Locsin/TJD, GMA News

 

source: gmanetwork.com

Yosemite is watching your online habits and sending them to Apple

Privacy-conscious users of Apple desktops and laptops, beware. The latest version of OS X may send your user location and Safari search results to none other than Apple.

A report on The Hacker News said OS X 10.10 (Yosemite) sends such data to Apple's remote servers by default, when the user sends queries via the Spotlight desktop search tool.

"The same data Apple collects from the users' searched term on Spotlight will also be forwarded to Microsoft's Bing search engine as Apple freely admits in its terms of service," it said.

But it also noted Apple itself had disclosed this on its "About Spotlight and Privacy" document.

It also said that if Location Services is turned on, search queries to Spotlight will send the location of a user's device at that time to Apple.

But The Hacker News said Apple has advised users who don't want their data collected to turn off Spotlight Suggestions and Bing Web searches in System Preferences.

On the other hand, THN said Spotlight does not use a persistent identifier, "so a user's search history can't be created by Apple or anyone else."

It added Apple devices only use a temporary anonymous session ID for a 15-minute period "before the ID is discarded." — Joel Locsin/TJD, GMA News

source: gmanetwork.com

Hackers who hit JPMorgan attacked some 9 other firms – report

About nine other banks and brokerages were infiltrated by the same group of hackers who recently attacked computer systems at JPMorgan Chase & Co, the New York Times reported late on Friday, citing unnamed people briefed on the matter.

The report, which could not be independently verified and did not identify any of the victims beyond JPMorgan, said it was not clear how serious the attacks had been.

JPMorgan said on Thursday that names and contact information for some 83 million household and small business customers were stolen, making it one of the biggest data breaches in history.

The New York Times said the breadth of the attacks and uncertainty about the motives of the hackers are troubling US policymakers and intelligence officials.

Representatives with the US Secret Service could not be reached for comment on Saturday morning. The Secret Service is investigating the attack on JPMorgan. — Reuters