Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution - You can find them online! The catch? Your contacts are in a publicly accessible place.
If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.
Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.
A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.
Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.
We found log in data inside those entries from countries like Greece, Brazil, and others
The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.“
Avast detects it as Android:DataExposed-B [PUP].
Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.
“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.
If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.
Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.
It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
News broke on Sunday that nude photos of female celebrities were posted on the photo sharing site 4Chan. Along with the news came many theories and discussions as to how the hacker managed to collect intimate photos and videos from a long list of celebrities. While figuring out how the hacker accessed these intimate files will hopefully patch vulnerabilities, there are general steps that everyone should take now to protect their personal data.
Don’t blame the cloud
One of the theories circulating on the Internet is that iCloud was hacked via a vulnerability in Apple’s “Find My iPhone” app. Kirsten Dunst, one of the celebrities whose private photos were hacked tweeted the following: “Thank you iCloud”. Should Kirsten and the other hack victims be blaming the cloud though? The iCloud hack theory is just a theory, the hackers could have gained access to celebrity accounts via phishing mails or gained passwords from celebrity insiders. The hackers could have gained access to celebrity email and password combinations through breaches like the recent eBay breach or Heartbleed, which affected nearly two-thirds of all websites, including Yahoo Mail, OKCupid and WeTransfer. If the celebrities whose photos have been exposed were affected by these breaches and used the same passwords on several accounts, including iCloud, it would have been easy for the hackers to steal their personal photos. Read more…
Looking like an idiot on social networks like Facebook and Twitter is not too difficult. Many people have achieved this state of being without much thought at all. So c’mon! With a little effort and commitment you can lose your job, get arrested, or alienate your friends!
Here are the top 3 ways you can look like a total nincompoop on social media.
- 1. Post rants and other fun messages. Anger is a completely natural, healthy emotion. Some people think it’s a good idea to try to control it so they won’t, for example, drive their fist through the wall or punch their co-worker in the nose. But now, you can release all that pent up emotion by communicating your feelings on social media!
Like this woman: After being passed over for a promotion at work, an Arizona woman posted an angry Facebook message in reaction. How good it must have felt to let her frustration out. Since she was friends with her co-workers, they all saw it. It said,
This place is a joke!!! I wonder if I passed up a good opportunity by being at this place. I absolutely hate fake and lazy ppl!!! Ugh, the ones who actually work are the ones to blame??? WTF? #TwistedMinds.”
Those co-workers of hers, not the fake or lazy ones, were sure to surround her with support and encouragement after reading how distressed she was.
Oh. Oops. They couldn’t encourage her. She was fired shortly after that rant.
Here’s an example of a proud daughter bragging about her father. That’s really sweet, isn’t it? Most teenagers complain about their parents, but this Florida girl took to Facebook right away to express her joy about an $80,000 age-discrimination lawsuit her father won from a former employer, a posh private school. She had plenty of classmates at the school who saw the post. She wrote,
Mama and Papa Snay won the case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.
It’s so nice that a young girl wants to travel in Europe for the summer…all that history and culture…and the food…
Oh. Oops. The school’s administrators and lawyers also got to see her message. The lawyers were not amused, so they invoked the confidentiality order and voided her father’s settlement.
Read more on our blog about dumb things people post.
- Before posting, take a moment to rethink what you just entered in the newsfeed. Re-read what you wrote before hitting the publish button.
- Take advantage of Facebook Groups or Google+ circles to make sure your messages get to the right people.
- 2. Let it all hang out: Ignore your privacy settings. In the excitement of daily life, it’s easy to forget how many people can read your posts. From co-workers to your mom, even strangers; virtually anyone can read your angry rant, your drunken Tweet, or see Selfies of your trip to the mall when you were supposed to be home sick in bed. When I read about this guy, I knew you’d like it too – it’s so cute.
Lately, you may have noticed that when you try to send messages through Facebook’s mobile app on your phone and tablet, you are prompted to download the standalone Facebook Messenger app. It’s a cool app which allows you to message your Facebook friends, send picture and video messages, and call any of your Facebook friends for free using your Wi-Fi connection. It has also stirred up some controversy about all the permissions it requires.
Messenger needs permission to take pictures and videos using your camera, record audio, directly call phone numbers, receive/send/read/edit your text messages, access the internet, look into your address book, and keep track of your precise location. When we take a look at the permissions listed on the Google Play store, there are other creepy, but not really threatening, things like preventing your phone from sleeping and controlling the vibration.
The privacy controversy that is stirring is around the question of what Facebook may do with all that data. For example, do they really need to see your address book? Don’t they already know who your friends are on Facebook?
The thing is – nothing has changed about Facebook Messenger permissions. The previous version required the same access as the standalone app. You can read Facebook’s explanation about the permissions here.
We wrote about the changes in the way Google Play manages permissions earlier this summer, pointing out that most people blindly accept whatever app developers want without question. Each of us needs to decide how much we are willing to give in order to get. But please be aware, dear avast! users, that your smartphone combined with social media is a mecca for hackers. Our lives in data are stored on our mobile devices and without strong security and some common sense, cybercrooks can harvest it and use it as they please.
Make sure you protect your devices with the proper security. avast! Mobile Security is for Android phones and tablets, and it’s free. The Application Shield keeps you safe from malicious apps by scanning them on two levels – on installation and on execution. With App manager you can see your running apps, check their permissions, and if they display ads. Download avast! Mobile Security & Anti-theft from the Google Play store.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ andInstagram. Business owners – check out our business products.
Recode is running a series leading from its “I want it now” piece about people who have grown accustomed to having their desires met on a whim through the aid of savvy entrepreneurs and tech innovators eager to cash in.
We can all relate to “I want it now”.
I feel myself growing impatient in coffee shops when someone has found a spot to connect their laptops or mobile devices to power points – and I have not. As we often spend hours in the one coffee shop sipping from the same latte we ordered more than an hour ago, it’s inevitable from time to time that we’ll want to check our personal affairs.
What’s happening on facebook? I should message my friend. Let’s browse my favorite news and music sites – that concert looks good, I think I’ll buy a ticket. What, my credit card has been rejected? Best do some online banking.
This type of activity in public spaces can be open playing field for the ill-intentioned: The hacker or the “steal your data” money or identity thief.
We would all agree the “I want it now” mentality does not include: ‘I want’ cyber snoops and criminals ‘now’.
We’ve heard the warnings about our mobile devices – the smartphone is a walking computer in your back pocket, and yet one that can easily be lost or stolen. The plethora of text messages, contact lists, photos, online search history – all this information can be found and used against us if it falls into the wrong hands – even when wiped (as our recent blogpost shows).
Hackers are also targeting our mobile devices with malicious malware. Read more…
Google is the most popular Internet search provider worldwide. The name itself has even become a verb: We don’t look online anymore, we Google everything. Moreover, we use plenty of Google products not even realizing how connected they are. Gmail, YouTube, Translator, Google Drive, Photos (the former Picassa), Play, as well as Google+. The integration of Google products has became stronger. Now we access our email, YouTube videos, images, documents, and social networks such as Google+ and YouTube using one log in and credentials. Therefore it is extremely important to ensure that all of accounts are set up correctly. Following our previous articles on Security on Social Media, on Facebook privacy, Graph search or your reputation online, let’s take a closer look at Google products with a special focus on privacy of your social account.
Security and privacy for your Google accounts
Google+ is a very specific social network, very often underestimated by the users. Most Google+ owners don’t even realize that they have an account on the social channel! You might not use it actively, but it is important to have your data and profile under control. So let’s start with the basics.
In the top right corner you can start editing your profile settings.
Go to the privacy section. One of the most important features here is a 2-Step Verification.
Security and privacy on Social Media is a big topic at AVAST. While our antivirus products protect your various devices from malware infection spread on social channels, your privacy is still exposed to the public.
It’s been a while, since we acquired Secure. me and it’s a superb product. Our team worked hard to integrate the privacy solution into our security portfolio. Now we are proud to introduce the result: Beta version of the avast! Facebook Security.
We are very excited to hear your feedback on the product. Experienced users are most welcome to participate in the Beta Testing. We await your feedback on the product features, user interface, bug reporting, your general experience, as well as your suggestions for the final name of the product. Moreover avast! Facebook Security is a part of the new avast! Account look and your feedback on it is more than appreciated.
To make your life easier, we will guide you through all the steps, starting from:
How to participate in beta testing?
1. Log in our new version of the AVAST account.
Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that you take time and help your child with privacy settings on Facebook. Don’t worry, if you have no clue where to start, we will guide you through the labyrinth of sophisticated security and privacy settings settings. Follow our tips to secure yourself and your child on the most popular social network.
Like other Internet giants, Facebook has been especially vulnerable to criticisms about privacy. In particular, critics have complained that even if you deactivate your account, the information can still remain on the network and be subject to web searches.~ comments Mashable in the article on recent Facebook privacy update
Following users’ complaints regarding privacy issues, Facebook decided to change the default settings of your status updates to be the visible for Friends only instead of Public. This however applies to Facebook newbies only! So if you and your children are already users, you still have a job to do!
Facebook regularly updates its settings and as a result your profile settings can be restored to the default. In terms of privacy it means: Everything is PUBLIC. Therefore it’s extremely important to review your profile regularly . You will not be able to influence everything, however there are an advanced number of settings that can be fully controlled by you. The three basic areas that you should focus on are:
- 1. Who can see your posts and images?
- 2. Who can contact you?
- 3. How you can help your child block harassing Facebook friends.
You will find this setting in the right top corner on the blue bar, in the Privacy Shortcuts section. Click on the See More Settings to open the window below and follow our suggestions.
For the last few years, I have used an app on my Android smartphone to log my training runs. It tracks the distance I ran, the route I took, my running pace, and calories burned. If I want to, I can link it with Facebook or other social networks and share my workouts, or I can pay to have my stats broadcast live, so for example, during a race, my family can follow my progress.
Using an app like this is motivating and helps me to organize my training better, but until recently I had never considered the privacy and security issues surrounding fitness tracking devices and apps.
“Privacy advocates warn that consumers aren’t always aware of how sensitive the data the apps collect can be or what privacy protections exist,” reported The Washington Post yesterday.
My smartphone is protected by avast! Mobile Security, so I decided to take a closer look at my apps with the Privacy Advisor feature. Privacy Advisor scans the apps in my device and tells me what kinds of information they collect. Application Management tells me what permissions individual apps require. My fitness app requires me to give these permissions:
- Track GPS location
- Read contact data
- Access accounts
Not too bad; at least when I compare it to the fitness app that came with the phone.
My fitness app respects my privacy, but many health and fitness apps sell personal information like usernames, names and email addresses, and information like medical symptom searches, zip codes, geo-location, gender identifiers, and dietary and workout habits. A Federal Trade Commission (FTC) study revealed that ad companies and data miners are among the third parties that buy this data.
Already some employers are rewarding their workers with cheaper insurance plans for joining fitness programs. But there is worry that the data collected could be pieced together to create profiles that would backfire. It’s fine when you’re healthy for your fitness, health and medical data to determine things like insurance rates or drug pricing, but what if your health declines?
The FTC “is concerned consumers could be penalized based on health data; for instance, a financial institution might adjust credit ratings based on the fact someone has a disease.”
“Information about consumers most intimate health conditions is going to be sold to the highest bidder,” Jeffrey Chester, the executive director of the Center for Digital Democracy, told the Washington Post. “Employers might get access to it, insurers might get access to it, or mortgage lenders — which could lead to a vast array of negative discriminatory practices.”
Know what your apps want
Check what the apps that you have allowed on your smartphone require with avast! Mobile Security. Install it free on Android devices from the Google Play store.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our avast! Business Solutions.