Researcher. Builder. Hacker. Traveler.

Category: Uncategorized

Facebook Messenger is not spying on you.

Publish Date124 Views

Over the last couple of days I have seen a bunch of people post a link to this blog post about how the new Facebook Messenger “crosses the line” when it comes to the permissions it asks for.  

Yes, the Facebook Messenger app requests these permissions:

  •     Change the state of network connectivity
  •     Call phone numbers and send SMS messages
  •     Record audio, and take pictures and videos, at any time
  •     Read your phone’s call log, including info about incoming and outgoing calls
  •     Read your contact data, including who you call and email and how often
  •     Read personal profile information stored on your device
  •     Access the phone features of the device, like your phone number and device ID
  •     Get a list of accounts known by the phone, or other apps you use.

There are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera so that you can take and send pictures. It needs to access your microphone so that you can use the app to make free phone calls. Etc.

These kinds of sweeping permissions are also extremely common in Android because of the “open” nature of the OS. Even the most vanilla apps collect extraordinary amounts of personal data.  Most weather apps keep a detailed GPS log of everywhere you have been in order to display the local weather (law enforcement agents really like this feature).

My advice to you is dont freak out and delete Facebook messenger and to  audit the rights on your Android using a tool similar to Permission Explorer removing rights that you think  “crosses the line”.

If you are still worried about it you should buy an iPhone. The iPhone security is much more locked down than Android.

Walmart Savings Catcher

Publish Date204 Views

If you do your grocery shopping at WalMart like I do you will want to start using the Walmart Savings Catcher program.

It is extremely easy to use:

On my first time using it I saved $2.35. I am guessing I will save close to about $150 a year using this program that I normally wouldn’t have.

Soooo Tired….

Tags Publish Date172 Views

For the last year my doctors have been worried about my moderately high blood pressure.  A few weeks ago after a bad migraine attack and a huge spike in my blood pressure my doctor decided to put me on blood pressure medicine to lower it.

I have made these handy charts of my average energy level before and after I started taking the blood pressure medicine.

The good news is my blood pressure is in a normal range and I am not going to have a stroke.  The bad news is I feel like 70 year old man and am ready for bed about 8.

I wonder if this is what normal people feel like all the time?

Please Turn On Two Factor Authentication.

Publish Date241 Views

About once a month I will get a call from someone who is upset because their account was hacked and wants to know what they can do to stop it from happening in the future.  The truth is enabling two factor authentication (2FA) is one of the best things you can do to make sure your accounts don’t get hacked.  

Here is a list of popular services where you should enable 2FA:

  • Google/Gmail: Google’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with the Google Authenticator app for Android, iOS, and BlackBerry. You can save each machine for 30 days. You can enable it here.

  • Facebook: Facebook’s two-factor authentication, called “Login Approvals,” sends you a 6-digit code via text message when you attempt to log in from a new machine. It also works with apps like Google Authenticator for Android, iOS, and BlackBerry, as well as the “Code Generator” feature of the Facebook app. You can also authorize a new machine from Facebook.com on a saved machine if you don’t have your phone handy. You can enable it here,
  • Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine. You can enable it here.

  • Twitter: Twitter’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here,

  • Dropbox: Dropbox’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. You can enable it here.

  • PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can read more about it and enable it here.

  • Microsoft Accounts: Microsoft’s two-factor authentication sends you a 7-digit code via text message or email when you attempt to log in from a new machine, though it also works with a number of authenticator apps. You can enable it here.

  • Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.

  • LinkedIn: LinkedIn’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.

You should also check out twofactorauth.org to see if other accounts you use have the ability.

Is the data on your phone worth $400?

Publish Date185 Views

I have a Samsung S3 that decided it wouldn’t boot on Wednesday.  After talking to the very helpful people at Samsung they decided that they can replace my phone for me but I need to send them my broken phone.

Awesome!

But…

All my data is on my phone. All my email. All my passwords. All my texts. All my pictures. I have backups and I have a password on my phone but I still have to send my phone back to a company who could access it if they wanted to. 

So what is a security professional to do?  Normally I would just wipe my phone and send it in but since that isn’t an option I am stuck with either keeping a $400 brick or possibly exposing my data to Samsung.

I guess I have a $400 brick.

Activate “GodMode” in Windows

Publish Date197 Views

GodMode is a control panel In (Windows 7 and Windows 8) that brings together all of the customization settings to one place.

To activate “GodMode” do the following:

Step 1: Right click on the desktop

Step 2: Click create folder.

Step 3: Name the new folder: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  and press enter.

Step 4: The folder changes form a folder icon to a control panel icon.

Step 5: Open the folder and you have your god mode control panel.

How to protect your social media accounts.

Publish Date191 Views

Earlier today I was asked to come up with the best way to keep your social media accounts secure.  Here are 5 easy ways to protect your social media accounts:

Update accounts with unique, complex passwords.
Complex passwords will contain a combination of upper and lower case letters, symbols and numbers, and have at least ten characters.

Change your password often.
No matter how complex your password is it is necessary to change it regularly.  Normally I suggest changing your social media passwords two times a year.

Enable Two Factor Authentication.
Google, Facebook and Twitter all offer two factor authentication.  Enabling it allows these services to know that it is you logging into your account and not someone else.

Review apps and add-ons regularly.
Review all apps and add-ons associated with your social media accounts at regular intervals. Remove apps and add-ons you no longer use or post to your social media accounts without your permission.

Log out.
Remember to log out when you are finished using it. It is an easy and highly effective step to protect your account.

Older Posts
Newer Posts

Site Footer