Happy Holidays!

Tricks Love: 7 Best Tips to Extend Android Battery Life

Tricks Love: 7 Best Tips to Extend Android Battery Life: Battery life is one of the biggest issues in the Android world today. Take your SIM card out, turn off Wi-Fi and never touch it and it&#39...

Great reason. why you should use Unified Inbox.

http://www.scmagazine.com/linkedin-accounts-can-easily-be-taken-over-if-https-is-not-always-enabled-by-default/article/356754/

Any LinkedIn user not serving all traffic overHTTPS by default could ultimately have their account taken over in a man-in-the-middle (MitM) attack provided they are on the same network as the attacker.

The MitM attack can happen if LinkedIn redirects users to HTTP following a successful login via HTTPS; however, it is "SSL stripping," a technique that changes HTTPS traffic to HTTP traffic, that enables a bad actor to see a user's session, and credentials, in plaintext, Zuk Avraham, founder and CEO of Zimperium, told SCMagazine.com in a Thursday email correspondence.

This enables interception of email addresses, passwords, read and sent messages, and connections, Avraham wrote in a Wednesday post, adding that attackers could take it a step further and edit user profiles, edit job postings, manage company pages, and send invitations to connect with others.

This is a particularly dangerous attack – which also impacts LinkedIn's mobile website, though not its mobile app – because even an unseasoned attacker can carry it out, Avraham said.

Avraham used Zimperium's zANTI penetration testing mobile app, which enables MitM attacks and SSL stripping, but he said that any other toolkit – such as Cain & Abel, Dsploit, Ettercap, and Arpspoof – can be downloaded for free to do essentially the same thing.

“There are several different ways to prevent SSL stripping,” Avraham said. “For example, the website owner can prevent these attacks by ensuring HTTPS is always enabled by default, and not just during login.”

Enabling HTTPS by default is an initiative LinkedIn began undertaking at the end of last year, but the business-oriented social network only began serving it up to U.S. and EU members last week – and Zimperium initially notified LinkedIn about the issue in May 2013, the Zimperium post indicates.

“This issue does not impact the vast majority of LinkedIn members given our ongoing global release of HTTPS by default,” a LinkedIn spokesperson wrote in a statement emailed Thursday to SCMagazine.com.

Expect to see an increase in these types of attacks, particularly as the number of unsecured hotspots continues to rise, Avraham said, adding that a security defense solution should always be used on any device when connecting to public Wi-Fi.

“Too many people think that anti-virus software will protect them, but it won't, not against these types of attacks,” Avraham said. “Unfortunately, there is not an easy manner for an end user to know their device is being compromised.”

can this happen to your company?

http://www.scmagazine.com/code-spaces-shuts-down-following-ddos-extortion-deletion-of-sensitive-data/article/356774/

Code Spaces recently became one of the roughly60 percent of small businesses that fold within six months of experiencing a cyber attack.

It began on Tuesday when the code hosting and project management services provider experienced a “well orchestrated” distributed denial-of-service (DDoS) attack against its servers, according to a post on the website.

Code Spaces then learned that unauthorized access was gained to its Amazon Elastic Compute Cloud (EC2) control panel, according to the post. The attacker left messages behind seeking communications via a Hotmail address.

As with several other recent extortion-based DDoS attacks, the attackers told Code Spaces that a “large fee” would resolve the issue.

Code Spaces moved to change its passwords, but the attacker had created backup logins and began "randomly" deleting artifacts from the panel, including most of Code Spaces' data, backups, machine configurations and offsite backups, according to the post.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of ongoing credibility,” according to the post.

In a Thursday email correspondence, Ofer Hendler, CEO of cloud security company Skyfence, told SCMagazine.com that he believes the attack was made possible because an administrator's credentials were compromised – likely in a phishing attack.

“This incident is a not-so-subtle reminder that security controls to monitor and manage privileged access need to be taken just as seriously in the cloud as they are in the data center,” Hendler said. “That means limiting access to sensitive systems and data, both IT and business applications, to only those that need it.”

Multifactor authentication offers one way to help prevent these types of incidents from occurring, Hendler said, adding that organizations should also use technology that monitors and controls privileged commands executed by administrators in cloud apps.

“This will allow a company to know who made changes, including changes to security settings,” Hendler said. “In addition, some level of separation of duties should be enforced by controlling the actions that individual administrators can perform. This could have helped prevent this type of breach.”

Unified Inbox feature in Channel new asia at CommunicAsia

http://www.channelnewsasia.com/news/video/at-communicasia-how-to/1170208.html

[FULL] Volkswagen Eyes On The Road Cinema Stunt | Shocking Danger of Tex...

Infographic: What Google Wants You to Do

Google is continually updating its parameters for discovery, but what does Google really want?

With murmurs that Google will be updating its Search Engine Optimisation rules sometime in 2014, upgrading from Panda and last year’s Penguin update, the net has become ablaze with worrisome predictions of what the Californian search giant could be planning.

Here at Total Customer we’re a little bit more reserved on what it really wants to throw our way, and we’ve put together this infographic on what Google wants for SEO.

It’s a super-simple infographic that paints a picture of what you currently should be doing in terms of SEO, along with our educated predictions on what the future will hold for SEO. Hint: it’s very author-heavy.

POSB Phishing Site Alert

Security Alerts & News

POSB Phishing Site Alert

Date: 10 January 2014	Alert Level: Amber	Criticality: Low
Description: There is a POSB phishing site found on the Internet which pretends to be the POSB Internet Banking website. The website http://home.e-posbsg.com/index/personal/Pages/default.html is a phishing site posing as the POSB Internet Banking website, designed to steal customer IDs, Pins and one time passwords. Customers are reminded to refrain from providing any confidential information. Remember, POSB will never ask you for your PIN number, via email or phone. Always type in the URL of POSB website directly into the address bar of your browser. Alert us immediately, if you notice unknown transactions appearing on your account. Never reply to unsolicited emails. Customers are also encouraged to use the latest versions of internet browsers available, which may provide advanced security features such as anti-phishing and forged website identification. If such features are available, customers are advised to turn them on.

Spying on you at Home

Televisions may track what you watch. Some LG televisions were found to spy on not only what channels were being watched, but even transmitted back to LG the names of files on USB drives connected to the television. Hackers have also demonstrated that they can hack some models of Samsung TVs and use them as vehicles to capture data from networks to which they are attached, and even watch whatever the cameras built in to the televisions see.

Your Kitchen Appliances

Many recent-generation kitchen appliances come equipped with connectivity that allows for great convenience, but this benefit comes at a price – potential spying and security risks. Information about when you wake up in the morning (as extrapolated from data on your Internet-connected coffee maker) and your shopping habits (as determined by information garnered from your smart fridge) can help robbers target your home. Furthermore, potential vulnerabilities have been reported in smart kitchen devices for quite some time, and less than a month ago a smart refrigerator was found to have been used by hackers in a malicious email attack. You read that correctly – hackers successfully used a refrigerator to send out malicious emails.

Your DVR/Cable-Box/Satellite-TV Receiver

Providers of television programming can easily track what you are watching or recording, and can leverage that information to target advertisements more efficiently. Depending on service agreements, providers could potentially even sell this type of information to others, and, of course, they are likely to furnish this information to the government if so instructed.

Your Modem (and Internet Service Provider)

If it wanted to, or was asked by the government to do so, your ISP could easily compile a list of Internet sites with which you have communicated. Even if the providers themselves declined to spy as such, it may be possible for some of their technical employees to do so. Worse yet, since people often subscribe to Internet service from the same providers as they do television service, a single party may know a lot more about you then you might think.

Your Smartphone

Not only may your cellular provider be tracking information about you – such as with whom you communicate and your location – but it, as well as Google GOOG -1.42% (in the case of Android), Apple AAPL -1.14% (in the case of iPhones), or other providers of software on the device, may be aware of far more detailed actions such as what apps you install and run, when you run them, etc. Some apps sync your contacts list to the providers’ servers by default, and others have been found to ignore privacy settings. Phones may even be capturing pictures or video of you when you do not realize and sending the photos or video to criminals!

Your Webcam or Home Security Cameras

On that note, malware installed on your computer may take control of the machine’s webcam and record you – by taking photos or video – when you think the camera is off. Miss Teen USA was allegedly blackmailed by a hacker who took control of her laptop’s webcam and photographed her naked when she thought the camera was not on. Likewise, malware on computers or hackers operating on those machines could potentially intercept transmissions from security cameras attached to the same network as the devices (some cameras transmit data unencrypted), and copy such videos for their own systems. Such information is invaluable to burglars.

Your Telephone

It is common knowledge that the NSA has been tracking people’s calls, and even the changes proposed by President Obama won’t truly eliminate the spying. Of course, phone companies also track phone calls as they need call information for their billing systems. So, even if you use an old, analog phone your calls may be tracked. If you are receiving phone service from the same provider as you get your Internet and/or television service, phone records are yet another element of information that a single party knows about you.

Your Lights, Home Entertainment System, and Home Alarm System

Various newer lighting, home entertainment, and home security systems can be controlled via Wi-Fi or even across the Internet. Remote control is a great convenience, but it also raises questions as to whether information is reported to outside parties. Does your alarm provider get notified every time you come and go? Is information about your choice of audio entertainment relayed to manufacturers of the equipment on which it is played or the supplier of the music? Could hackers gather information from smart lighting, entertainment, or security devices – or the networks on which they communicate – to determine patterns of when you are home, when you are likely to have company over, and when your house is empty?

Your Thermostat (Heat and/or Air Conditioning)

Various Internet-connected thermostats are now available. They provide great convenience, but might they also be transmitting information about your preferences to others? Google’s acquisition of Nest has raised interest in this issue – but Nest is not the only provider of such technology. There are even products distributed by utilities that raise concerns. In my area, for example, the utility company offers a discount to people who install a thermostat that allows the utility to remotely cycle air conditioning on and off in case of excessive power demand. Might that thermostat – or future generations of it – also report information to the utility company?

Your Laundry Equipment

Like kitchen appliances, washers and dryers that connect to the Internet may report information that users may not realize is being shared, and that if intercepted, or misused, could help criminals identify when you are home and when you are not.

Your Medical Devices

It is not news that pacemakers, insulin pumps, and other medical devices can be hacked. But even normal functioning devices may spy on you. Various pacemakers relay patient status information over the Internet – this may be valuable in some cases, but also creates risks. Could unauthorized parties obtain information from such data in transmit? What if a criminal sent out phony “pacemaker impersonating” messages stating that a patient is in distress in order to have his physician instruct him to go to the hospital – and leave his home vulnerable?

Your iPod or Other Entertainment Devices

Yes, there are still millions of people using specialized non-phone-equipped electronic devices, but these devices are often Wi-Fi enabled and pose similar to risks to smartphones as discussed above. Of course if you are reading books or magazines, watching videos, or listening to audio supplied by an online provider, your choices and preferences are likely being tracked.

Coming Soon… Your Handgun

Millions of Americans keep guns in their homes, so privacy issues surrounding firearms are an issue regardless of one’s position in the perpetual American debate about gun control. In the near future so-called “smartguns” – firearms that contain computers with various safety capabilities intended to prevent accidents and curtail unauthorized use – are expected to enter the market. But, will the embedded computers also spy on the firearms’ owners? Do the guns contain circuitry that might allow law enforcement to track – or even to disable – the weapons? It is hard to imagine that governments would not be interested in adding such “features” to weapons; the US government is alleged to have installed malware onto thousands of networks and placed spy chips into computers, and known to have lost track of weapons it intended to monitor. Would the government really treat firearms as being less worthy of spied upon than telephones?

Vendors may attempt to address some of the aforementioned concerns, but many of the issues are sure to remain for quite some time. So, if you want to take advantage of the benefits of connectivity and smart devices, keep in mind the privacy risks and act accordingly.

The Best and Worst Online Retailers, Ranked by Password Security

the mrbrown show: Who say we smelly? Singapore local favour jokes

Happy 10th Birthday Facebook!

Facebook, the world’s most popular social networking website was born on February 4th 2004. 10 years on and the website is as strong as ever with over 01 Billion users. This number is phenomenal in itself but more so for the fact that the medium of social networking was largely unheard of until the early 2000s. 
While Facebook was not the first social network on the scene, it is certainly the one that all the others emulate in terms of its size. Growing from 01 million users in 2004 to 06 million in 2005 is a notable achievement at the outset of any company. Even Google, the moguls of the online world has tried to foray into social networking in the form of Google+ to a varied reception. 
Over the last 10 years there have been many changes to Facebook; some getting a better reception than others. For example, changes to the Facebook interface have often been met with initial scepticism but such changes have never affected growth or fan base. Additional features such as the ad platform and business pages are now vital ingredients to most marketing companies’ agendas. 
This infographic from Dpfoc explores the fascinating 10 year history of the success story that is Facebook. It covers what the interface looked like at inception stage and also charts the popularity of the social networking medium throughout the world. A closer investigation is taken at the numbers behind the company; addressing the 2012 initial public offering (IPO) and other interesting statistics. Revenue is paramount to all companies and this is examined for Facebook in the infographic also. An interesting comparison is also covered which pitches Mark Zuckerberg’s giant with another social networking power; Twitter.

http://www.businessinsider.com/what-the-chinese-tech-industry-is-like-2014-1

For years, Hugo Barra was one of the most visible executives at Google. He was a product manager for its Android team. Every year at Google's biggest conference, Google I/O, Barra would show off Android's latest new features for the whole world. Then, in August of this year, Barra quit Google to work for a Chinese company. In December, he gave a talk in Paris about how utterly blown away he's been by that place.

The Subway deception

http://www.hangthebankers.com/the-subway-deception/

How to Protect Ourselves from Fake ATM Machines

What Drives Customer Loyalty

This infographic details how customer service can be the difference between keeping your customers, or losing them.

Staff security awareness