Tuesday, October 29, 2019

FACEBOOK EMPLOYEES ARE AGAINST ALL THOSE POLITICIANS WHO WANT TO USE THEPLATFORM BY SPREADING LIES AND SENSELESS POLITICAL PROPAGANDA

FACEBOOK EMPLOYEES ARE  AGAINST ALL THOSE POLITICIANS WHO WANT TO USE THEPLATFORM BY SPREADING  LIES AND SENSELESS POLITICAL PROPAGANDA




I have for a very long time been worried  about politicians here in Africa who predominantly have been using twitter and facebook in spreading  Senseless political lies that even are un realistic,segregative and in real just to promote their political ambitions.In Uganda, we have witnessed  many of them delivering messages full of hatred, am not going to mention some names but, you know them, I know them and we all know  them. This is very dangerous  especially  since it targets the youth who easily can be lured into acts that can put it heir lives to danger. And to facebook, it has promoted mistrust to the extent that per now there is none In Africa  who can easily  trust any information  spread via facebook.
Facebook employees are urging Mark Zuckerberg to rethink his stance on allowing politicians to lie in political ads. In an open letter to company executives obtained by The New York Times, more than 250 people said the policy — which exempts such ads from Facebook’s third-party fact-checking standards — threatens what the company stands for:
Misinformation affects us all. Our current policies on fact checking people in political office, or those running for office, are a threat to what FB stands for. We strongly object to this policy as it stands. It doesn’t protect voices, but instead allows politicians to weaponize our platform by targeting people who believe that content posted by political figures is trustworthy.
They added that it fuels mistrust of the platform and “it communicates that we are OK profiting from deliberate misinformation campaigns by those in or seeking positions of power.”
“IT COMMUNICATES THAT WE ARE OK PROFITING FROM DELIBERATE MISINFORMATION”
Employees urged executives to restrict how politicians are able to target potential voters. Today, they are able to segment users based on how likely they are to vote or how susceptible they might be to a potential message — tactics made infamous by the political consulting firm Cambridge Analytica. “These ads are often so micro-targeted that the conversations on our platforms are much more siloed than on other platforms,” employees said. Facebook already applies such restrictions to ads related to housing, education, or credit, to stop potential discrimination.
Facebook’s ad policy has been under fire since September, when vice president of communications Nick Clegg attempted to explain why the company would no longer “referee political debates” by fact-checking political ads. Elizabeth Warren claimed the move was a clear sign they were taking “deliberate steps to help one candidate intentionally mislead the American people,” then escalated things further by posting an ad claiming
Mark Zuckerberg and Facebook endorsed Trump . “We intentionally made a Facebook ad with false claims and submitted it to Facebook’s ad platform to see if it’d be approved. It got approved quickly and the ad is now running,” she tweeted .
Last week, the company took down an ad that falsely claimed Lindsey Graham (R-SC) supported the Green New Deal. The Really Online Lefty League, a liberal PAC, ran it to test whether Facebook’s policy applied to political organizations. Because the ad was purchased by a third-party group, it was subject to a stricter fact-checking policy than posts by the candidates themselves.
Two weeks ago, Mark Zuckerberg gave a speech at Georgetown University where he tried to crystallize his thoughts on free speech and his company’s role in moderating political conversations. The speech was widely criticized by the left and right; both parties thought Zuckerberg was shirking his responsibility for helping to spread misinformation. Now, it seems  his own employees agree.
Hundreds of Facebook employees  Few days ago signed a letter to Mr. Zuckerberg and other leaders of the social network, decrying the company’s decision to let politicians post any claims they wanted — even false ones — in ads on the site.
Here’s what the letter says:
We are proud to work here.
Facebook stands for people expressing their voice. Creating a place where we can debate, share different opinions, and express our views is what makes our app and technologies meaningful for people all over the world.
We are proud to work for a place that enables that expression, and we believe it is imperative to evolve as societies change. As Chris Cox said, “We know the effects of social media are not neutral, and its history has not yet been written.”
This is our company.
We’re reaching out to you, the leaders of this company, because we’re worried we’re on track to undo the great strides our product teams have made in integrity over the last two years. We work here because we care, because we know that even our smallest choices impact communities at an astounding scale. We want to raise our concerns before it’s too late.
Free speech and paid speech are not the same thing.
Misinformation affects us all. Our current policies on fact checking people in political office, or those running for office, are a threat to what FB stands for. We strongly object to this policy as it stands. It doesn’t protect voices, but instead allows politicians to weaponize our platform by targeting people who believe that content posted by political figures is trustworthy.
Allowing paid civic misinformation to run on the platform in its current state has the potential to:
— Increase distrust in our platform by allowing similar paid and organic content to sit side-by-side — some with third-party fact-checking and some without. Additionally, it communicates that we are OK profiting from deliberate misinformation campaigns by those in or seeking positions of power.
— Undo integrity product work. Currently, integrity teams are working hard to give users more context on the content they see, demote violating content, and more. For the Election 2020 Lockdown, these teams made hard choices on what to support and what not to support, and this policy will undo much of that work by undermining trust in the platform. And after the 2020 Lockdown, this policy has the potential to continue to cause harm in coming elections around the world.
Proposals for improvement
Our goal is to bring awareness to our leadership that a large part of the employee body does not agree with this policy. We want to work with our leadership to develop better solutions that both protect our business and the people who use our products. We know this work is nuanced, but there are many things we can do short of eliminating political ads altogether.
These suggestions are all focused on ad-related content, not organic.
1. Hold political ads to the same standard as other ads.
a. Misinformation shared by political advertisers has an outsized detrimental impact on our community. We should not accept money for political ads without applying the standards that our other ads have to follow.
2. Stronger visual design treatment for political ads.
a. People have trouble distinguishing political ads from organic posts. We should apply a stronger design treatment to political ads that makes it easier for people to establish context.
3. Restrict targeting for political ads.
a. Currently, politicians and political campaigns can use our advanced targeting tools, such as Custom Audiences. It is common for political advertisers to upload voter rolls (which are publicly available in order to reach voters) and then use behavioral tracking tools (such as the FB pixel) and ad engagement to refine ads further. The risk with allowing this is that it’s hard for people in the electorate to participate in the “public scrutiny” that we’re saying comes along with political speech. These ads are often so micro-targeted that the conversations on our platforms are much more siloed than on other platforms. Currently we restrict targeting for housing and education and credit verticals due to a history of discrimination. We should extend similar restrictions to political advertising.
4. Broader observance of the election silence periods
a. Observe election silence in compliance with local laws and regulations. Explore a self-imposed election silence for all elections around the world to act in good faith and as good citizens.
5. Spend caps for individual politicians, regardless of source
a. FB has stated that one of the benefits of running political ads is to help more voices get heard. However, high-profile politicians can out-spend new voices and drown out the competition. To solve for this, if you have a PAC and a politician both running ads, there would be a limit that would apply to both together, rather than to each advertiser individually.
6. Clearer policies for political ads
a. If FB does not change the policies for political ads, we need to update the way they are displayed. For consumers and advertisers, it’s not immediately clear that political ads are exempt from the fact-checking that other ads go through. It should be easily understood by anyone that our advertising policies about misinformation don’t apply to original political content or ads, especially since political misinformation is more destructive than other types of misinformation.
Therefore, the section of the policies should be moved from “prohibited content” (which is not allowed at all) to “restricted content” (which is allowed with restrictions).
We want to have this conversation in an open dialog because we want to see actual change.
We are proud of the work that the integrity teams have done, and we don’t want to see that undermined by policy. Over the coming months, we’ll continue this conversation, and we look forward to working towards solutions together.
This is still our company.

Friday, October 18, 2019

Security issues!!!! Let us be vigilant

Regards from the Uganda Police and the entire Security fraternity. As earlier communicated by His Excellency the President and Commander in chief, I take this opportunity to relay our reviewed security plan to tackle the current wave of violent crime, especially in the KMP policing area- that is- Kampala, Mukono, Wakiso, Entebbe as well as other areas where it manifests. The detailed plan shall be given to the implementers i.e. the Joint security apparatus. What we shall share with the public is the following:
[ Background]
This reviewed plan sits within the 12 wider measures announced last year by the President. I want to report that a lot of strides have been made in this regard, including the aspects of installation of cameras, finger printing of fire arms, improving the police Forensics capacity,
as well as improving the Crime Intelligence and Criminal Investigations Directorates, all of which are ongoing.
This notwithstanding, the KMP area has encountered a new wave of violent crime, which compelled us to review our plan in order to enhance better effect in decisively handling this prevalent crime. The revised approach is premised on five measures:
(1) Linkage with and effective communication with the public,as well as public awareness. Each family in a zoned area of responsibility, shall be given a telephone line of the nearest station or post.
The public is encouraged to share all relevant information on all matters of security including distress calls. We shall put suggestion boxes at the stations and LC offices. Messages will only be accessed by a select team and all the messages will be treated with confidentiality. The public can also deliver text messages or whatsapp messages on 0707114114
We also appeal and encourage the public to have community based security approaches such as employment of village scouts, vetting and registration of those that work at homes- plumbers, casual labourers, house helps, etc.; installation of cameras in their premises and vehicles (taxis, public and private transport), to boost our surveillance and investigation capacities. Public vigilance and cooperation is very crucial in the effort to eliminate crime.
(2) Quick and effective response. In this regard, the KMP area is going to be divided into policing zones or security constituencies for each station or post, with attendant published call lines, reaction forces and linkage to all stations and posts as well as cameras, when there is a distress call. Other enablers include:
Registration and marking of streets and residences to enhance quick response Lighting of streets and or individual premises or residences where affordable.
(3) Effective investigations and prosecution of culprits. To this end, we require a more robust and dedicated prosecution and judicial set up to handle this violent variant of crime. Government will discuss modalities with the Judiciary and the DPP.
(4) Profiling and pursuit of known repeat offenders. This is already an ongoing process and the hunt is on.
(5) The above mentioned measures mainly address the security of residences. However, we realize that violent crime also manifests in non-residential locations affecting especially vulnerable pedestrians or motorists. In this regard, security will ensure more visibility,
accompanied by camera surveillance (where available) to respond to
incidents.
• However, the public can also play a critical role here. We therefore mobilise the public to be extremely vigilant and security conscious. Avoid moving with lots of money without the requisite security precautions. If you have to move late, make the necessary security contingencies, including not moving alone and update those concerned in case of need of
help. Do not expose those that are most vulnerable to unnecessary risk especially young children and ladies, moving alone late in the night.
If we step up individual and group/communal vigilance and consciousness, the risk to individuals can also be largely mitigated. We shall keep updating you as we proceed with implementation of
these added measures.
Thank you very much.
For God and my country
Maj Gen Sabiiti Muzeyi psc, ndc
FOR: Inspector General of Police

Saturday, October 12, 2019

Is your web site secure?




Securing your site has never been more critical, and this entails keeping up with the latest security options. But what does securing a website mean? It means writing modern and secure code and applying server patches regularly, as well as defending against external attacks the server can’t control. That’s where security headers come in. The server sends security headers to the client, and the browser evaluates them, protecting users against a myriad of attacks. I should note here that the ability to receive security headers is dependent on browser support.

HTTP Strict Transport Security (HSTS)

In 2019 all websites had to be secured by HTTPS. As HTTPS certificates have been freely available for a while now, there are no longer any valid excuses for not using them. HTTPS adds an encryption layer, so messages cannot be read by a man in the middle between the server and client.
If a user requests the HTTP version of a page, there are multiple approaches to handling these requests, the most common being responding with a 301 Moved Permanently status. In addition to allowing eavesdropping on requests, HTTP also allows malicious actors tampering responses, meaning users may never be redirected to the secure version of the site. Users may instead be redirected to a malicious website, which is just one example of many bad outcomes that could result from using HTTP.

No STS header HTTP request

Strict Transport Security (STS) header solves many of the problems created by using HTTP. This header tells the browser that it should only use the HTTPS version of the site. But we’ve already seen that one HTTP request is enough for an attack. How is this header the solution then?
By default, an STS header works on the principle of “trust on first use”. This requires an initial secure connection to be able to include an STS header in the response. After there has been a secure connection with STS, then for an amount of time specified by the max-age STS directive the browser will not allow HTTP for the same domain. If there’s an attempt to request the unsecured (HTTP) version of the page, the browser will automatically redirect the request using a 307 Internal Redirect. This redirect occurs before the request reaches the network, thus attackers cannot see or modify the request. This capability also extends to subdomains with the includeSubDomains directive.
Some issues: we still need a successful secured connection before all this can work, and max-age is not infinite. These leave a smaller, but nevertheless existing hole in our defences. Luckily, there’s a third directive preloadwhich enables the HSTS header user to have this policy shipped with the browser itself.
How? Any site wanting to use this option must register to a HSTS preload list. Chromium’s list is used by Chrome and all major browsers, so is the best option. There are certain rules for applying to the list, e.g. having the preloaddirective in the header. Once a domain is accepted, the next version of each browser will include the domain in their list. This is great, because now the browser knows that before any request is made to the site it must use HTTPS. There is no need to “trust on first use”. All major browsers currently support HSTS.


HTTP Public Key Pinning (HPKP)

Using HTTPS is nice, and in most cases it is trustworthy. But what happens if malicious actor uses a valid certificate, which is not the site’s own? This is called a rogue certificate, and gives the attacker the same level of access as if using HTTP. Hijacking HTTPS with this method is far more complicated than hijacking HTTP, so HTTPS is still the best bet for keeping communication secure. HPKP would’ve been another option for tackling this issue. It provides a whitelist of valid certificates (hashes of certificates) for a site. Some instances of real world attacks as well as research by security experts show that HPKP is both a solution and a source of new vulnerabilities, so most major browsers have now dropped support for it.

Content Security Policy (CSP)

Do you want to tell the browser what content (scripts, styles, etc.) can load and how can they behave on your site? CSP lets you do just that. You can whitelist resources so that they can be run or be embedded on your site. CSP has more than 30 directives, each with its own browser compatibility. Most of these directives are supported by major browsers, but it’s worth checking the MDN support list before using a new one. If you don’t want to add a CSP directive manually, you can use a CSP header generator tool which automates the process.

Before highlighting some of the best directives, note that CSP has two major modes to be used in: first there’s CSP which blocks everything not on the whitelist, as expected. This mode while provides safety, can also be the source of much headache when you try to enable your third-party sources one by one, and have a broken site the meantime. CSP-Report-Only on the other hand does all the things CSP can, except it does not block resources, only report any violations found. This comes very handy both when creating the CSP rules, and also when you kind of want a directive, but not too sure if you’d risk to break something if the environment changes.

Fetch directives

These directives define where the specified resources can be loaded from. Resource types include images, fonts, scripts, and many others. The most important resource is default-src which serves as a fallback for all other fetch directives. In case any resource directive is absent, the value provided in default-src will be used. A good start for using fetch directives is to use self as value which disallows cross-domain resources, and then add custom fetch directives for any exceptions. These rules should be the minimum for CSP-Report-Only.

Scripts and styles

Using inline styles (the “style” HTML attribute) is cited as a bad practice, so using style-src self;is a better practice. We can add exceptions here as well, for example use a hash or a nonce.
script-src is also a fetch directive and is one of the most important directives to set correctly. This needs to be strict, but also needs to allow some third parties — Google Analytics for example — to bypass. In this case, using “self” is virtually impossible. An alternative is using a hash, but a hash needs to be updated every time the script changes, which is frequent for third party scripts. Using a nonce (number used once) is probably the best solution. A nonce must be a globally unique cryptographic number, which should be generated and sent every time the server sends a CSP header to the browser. This guarantees the same level of protection as a hash(if we use a nonce that’s hard to guess), but because it is a dynamic number it does not need manual updates.

Thursday, October 10, 2019

Web traffic via chrome and Firefox in danger








Two user favorite browsers are commonly known to be Google Chrome and Mozilla Firefox. Exploiting their demand, a Russian group by the handle of Turla has been attempting to track encrypted traffic of both browsers. With targets identified in Russia and Belarus; they do so by attacking the systems through a remote access trojan (RAT) which stealthily allows them to modify the browsers.
These trojans are believed to be downloaded from both legitimate sites and those that distribute pirated software. However, it is interesting to note that the websites in actuality never had any malicious files to download in the first place. Instead, when the user-initiated a legitimate download, the files were modified during transmission as the connection was being run on HTTP which makes it all the more easier.
Yet another dilemma arises here. How could they sniff all the traffic? To this, they must have compromised an Internet Service Provider (ISP) which given that the group is suspected to be supported by the Russian government is no big feat. To add to this, it is on record that Turla has compromised several ISPs in the past.
Once infected, they install their own digital certificates and then by analyzing the code of both browsers, they patch the pseudo-random number generation function in the memory by adding unique hardware & software based identifiers allowing them to follow the victim’s footsteps all over the internet as shown in the code snippets below.









The malware has been named Reductor and is believed to be a successor of the COMPfun trojan which was discovered in 2014 by Kaspersky Security. Elaborating, they explain “that the original COMpfun Trojan most probably is used as a downloader in one of the distribution schemes. Based on these similarities, we’re quite sure the new malware was developed by the COMPfun authors.”

What makes this attack so mind-blowing is the capabilities that they have exhibited with the infecting files on the fly, something that “places the actor in a very exclusive club”. To swoop in a word of advice, stop downloading files through HTTP and you may just be saved.

This, however, is not the first time when Chrome and Firefox browsers have been targeted in one attack altogether. Last year, Vega Stealer malware was caught stealing saved passwords and credit/debit card data from Chrome and Firefox users.

In another incident, cyber criminals used fake Chrome and Firefox browser update to infect computers of unsuspected Windows users with malware and steal banking/payment card credentials.

Friday, October 4, 2019

Is it China using Uganda to spy on opposition or it is CIA and MOSSAD?Are opposition leaders safe with their technology devices???








CIA,FBI and MOSAD are capable of everything when it comes to spying
Last week ,I talked about VPNs and how they can leak our data but now am gonna discuss on some few principles concerning the above mentioned intelligence bodies.It is in America,that a news paper wrote that opposition politicians in Uganda are being spied on by the gorvenment with the help of and from Chinese?now the question is ,Does it mean that opposition politicians should trust USA more than Uganda? The answer is no!! It would be very stupid for any politician to have trust in USA.with that claim,I also anticipated a jelousy fight between USA and China so as to dirten  China's growing reputation in Africa.It is and should not be a surprise to us that it is these foreign bodies that are carrying out espionage directly and indirectly on us.USA through it's bodies like NASA,NSA and FBI can even with near exactness estimate the total crop production in the world.
Let us first look at Google,many of us stupidly turn on too Google just because it is popular and seemingly user friendly,but do we really know the main sponsors and reason behind why Google came to existence?The USA intelligence community nurtured and funded the venture,it is CIA that nurtured Google with the main aim of making US  dominate the world the control of information that cuts across from various Nations.Yes,it was seed funded by NSA and CIA being among the first plethora of private sector start-ups copted by USA intelligence community mainly to retain information superiority.This information superiority strategy was engineered by  a secret pentagon sponsored group which for the last two decades has fucntioned as a bridge between the USA gorvenment and the elite communities  across all the economic sectors all over the world.Thus we should not always look at Google as a mere friendly technology firm but see reality and know that  it is the smokescreen lurks the USA military complex.
NSA which is said be running over 23 intelligence agencies,with it's ICREACH has ability to perform surveillance on individuals who use phones manufactured from USA and even others manufactured in the rest of the world.They can easily identify whom one talks to more oftenly,places one regularly goes to,mainly to observe their habits and behavior,this ICREACH runs many programs ,and some of them are of top most secrecy.
US has also the well known  PRISM that collects all internet communication from various internet companies like Google LLC.This PRISM program operates under FIS (Foreign intelligence surveillance) and it is number one  source of raw intelligence used for NSA analytic reports.And it should be noted that much of the world electronic information passes via USA since it has the world's the biggest chunk of the world's internet infrastructure.Now you can start asking your self,why is USA interested in allegging China of helping Uganda to spy on opposition.It is technology war to demonise all Chinese gadgets that are mostly used here.i know you politicians are big,with alot of money and you buy expensive things from USA and thus you are directly under the monitor of the USA intelligence and no doubt on that!!! If they were not spying on You,how did they know of Chinese gadgets making you fall prey to surveillance??? Just think about that!
You even own smart TVs, Radios,music systems,...but do you know that CIA developed tools to turn all these into devices that can spy on you,they own a tool named "weeping angel" which can remotely turn your TV into a device that can listen to what you say, observe what you are doing .,etc!!! I know you can't understand this or accept it,but first think of where these micro chips or Socs that run such devices are manufactured from?
MOSSAD an Israeli intelligence service that also works closely with USA cannot be exonerated from all sorts of sophisticated espionage here in East Africa more especially with the interest on the notorious alshabab.Here am going to look at the recent and most notorious spyware created by Israeli veteran spies,This malware  called pergusus was even a key infuelnce in the assassination of the well known Saud Arabia dissident name Khashoggi.
This malware was developed by NSO a firm which were run by the former memi of the Unitb8200 of Israel intelligence mainly responsible for collecting signals intelligence and code decryption.Pergusus is designed to hack iPhones, Android and other mobile devices remotely  and allow the attacker to  text messages, emails, WhatsApp,user location, microphone,camera,etc.It can take over  and hideously interrupt communication on any gadgets with any Telecom companies and I actually call upon all Telecom companies to do surveillance and testing if they re under pergusus threat since it is know that pergusus is operational here in the great lakes region.It should be noted that Israel sponsors many technology programmes mainly to develop techniques of spying.

Here is a table that shows Pergusus infectious operations in Africa.

Did you know the history of the most popular mobile phone operating system,ANDROID

Sometimes it feels like we’ve been running Google’s mobile OS on our Android devices forever. However, it’s actually been less than 10 years since the first official Android phone made its debut for consumers to buy in stores. Google’s decision to make Android an open source OS allowed it to become highly popular with third-party phone makers.
Just a few years after the launch of Android 1.0, Smartphones that had the OS installed were everywhere. Now it has become the most popular mobile OS in the world, defeating its many competitors like Symbian, BlackBerry, Palm OS, webOS, and Windows Phone. Apple’s iOS is the only platform still standing as a serious competitor to Android, and that situation doesn’t look like it will change anytime soon.
The founding of Android
In October 2003, well before the term “smartphone” was used by most of the public, and several years before Apple announced its first iPhone and its iOS, the company Android Inc was founded in Palo Alto, California. Its four founders were Rich Miner, Nick Sears, Chris White, and Andy Rubin. At the time of its public founding, Rubin was quoted as saying that Android Inc was going to develop “smarter mobile devices that are more aware of its owner’s location and preferences.”
While that sounds like the basic description of a smartphone, Rubin revealed in a 2013 speech in Tokyo that Android OS was originally meant to improve the operating systems of digital cameras, as reported by PC World . The company made pitches to investors in 2004 that showed how Android, installed on a camera, would connect wirelessly to a PC. That PC would then connect to an “Android Datacenter,” where camera owners could store their photos online on a cloud server.
Obviously, the team at Android didn’t think at first about creating an OS that would serve as the heart of a complete mobile computing system on its own. But even back then, the market for stand-alone digital cameras was declining, and a few months later, Android Inc decided to shift gears towards using the OS inside mobile phones. As Rubin said in 2013, “The exact same platform, the exact same operating system we built for cameras, that became Android for cellphones.”
In 2005, the next big chapter in Android’s history was made when the original company was acquired by Google. Rubin and other founding members stayed on to continue to develop the OS under their new owners. The decision was made to use Linux as the basis for the Android OS, and that also meant that Android itself could be offered to third-party mobile phone manufacturers for free. Google and the Android team felt the company could make money offering other services that used the OS, including apps.
Rubin stayed at Google as head of the Android team until 2013, when Google announced he would be leaving that division. In late 2014, Rubin left Google altogether and launched a startup business incubator. Earlier in 2017, Rubin officially revealed his return to the smartphone industry with his company’s announcement of the
Android-based Essential Phone.
Preparing for the launch of Android 1.0
In 2007, Apple launched the first iPhone and ushered in a new era in mobile computing. At the time, Google was still working on Android in secret, but in November of that year, the company slowly started to reveal its plans to combat Apple and other mobile platforms. It used the formation of what was called the Open Handset Alliance , which included phone makers like HTC and Motorola, chip manufacturers such as Qualcomm and Texas Instruments, and carriers including T-Mobile.
Then Google Chairman and CEO Eric Schmidt was quoted as saying, “Today’s announcement is more ambitious than any single ‘Google Phone’ that the press has been speculating about over the past few weeks. Our vision is that the powerful platform we’re unveiling will power thousands of different phone models.”
Google reportedly had at least two alpha builds of Android released internally before the company launched the public beta of version 1.0 for developers Nov. 5, 2007, around the same time it announced the Open Handset Alliance. It also developed its own internal reference handset, code-named “Sooner,” that was never released to the public. Several years later, developer Steven Troughton-Smith got his hands on one of these early reference phones and posted images and his own impressions of “Sooner.” As you can see, the overall look of this phone was more like BlackBerry’s handsets than the iPhone, at a time when many people were skeptical of “touchscreen only” devices.
In Sept. 2008, the very first Android smartphone was announced, the T-Mobile G1, also known as the HTC Dream in other parts of the world. It went on sale in the U.S. Oct. of that year. The phone, with its pop-up 3.2-inch touchscreen combined with a QWERTY physical keyboard, wasn’t exactly a design marvel. Indeed, the phone got bad reviews overall from technology media outlets. The device didn’t even have a standard 3.5 mm headphone jack, which unlike today, was pretty much a de facto phone feature among Android’s competition.
However, the Android 1.0 OS inside already had the trademarks of Google’s business plan for the OS. It integrated a number of the company’s other products and services, including Google Maps, YouTube, and an HTML browser (pre-Chrome) that, of course, used Google’s search services. It also had the first version of Android Market, the app store that Google proudly stated would have “dozens of unique, first-of-a-kind Android applications.” All of these features sound pretty primitive now, but this was just the beginning of Android’s rise in the mobile device market.
What’s with those sweet code names?
While most Android releases have candy or dessert-style code names, the first version of the OS (1.0) that was publicly released in Sept. 2008 did not have a code name at all, either internally or publicly, according to what Android engineer Jean-Baptiste Queru told Android Police in 2012. Android 1.1, released in Feb. 2009, didn’t have a public code name. However, it reportedly used the internal name “Petit four” while it was in development at Google. The name refers to a French dessert.
It was not until the launch of Android 1.5, just a few months later in April 2009, that the OS version got its first public code name: “Cupcake.” The credit for naming Android versions after sweet candy and desserts has traditionally gone to its project manager at Google, Ryan Gibson, but his specific reasons for using such a name remain unknown. When Google released Android 4.4 KitKat, it offered an”official” statement on their various code names for versions of the OS, saying, “Since these devices make our lives so sweet, each Android version is named after a dessert.”
The Android logo
The now-familiar logo for the Android OS, which looks like a combination of a robot and a green bug, was created by Irina Blok while she was employed by Google. In a chat with The New York Times in 2013, Blok said that the only directive that was given to her design team by Google was to make the logo look like a robot. She claims that the final design was inspired in part by looking at the familiar restroom logos representing “Men” and “Women.”
One thing that Blok and Google decided to do was to make the Android robot itself an open source project. Nearly every other huge company would protect such a logo or mascot from being redesigned and used by others. However, the Android robot has now been modified and used by tons of people, all because Google allows such changes under the Creative Commons 3.0 Attribution License.
Why use statues to symbolize new Android releases?
As we said previously, Cupcake was the first version of Android with a “tasty treat” public code name. When Google finally reveals its code name every year, it also places a new statue with that code name on the lawn in front of the company’s Visitor Center building in Mountain View, California.
In 2015, the Nat and Friends YouTube channel revealed that a small art team in New Jersey created the first Android statue, featuring the main mascot, along with all of the other statues that represent the various versions of Android from Cupcake to the current version, Oreo. The statues themselves are made of Styrofoam, and are then sculpted, given a hard coat of plastic, and then painted before they are shipped 3,000 miles to California for their official unveiling.
Android 1.5 Cupcake
The first official public code name for Android didn’t appear until version 1.5 Cupcake was released in April 2009 . It added quite a few new features and improvements compared to the first two public versions, including things that we now take for granted, such as the ability to upload videos to YouTube, a way for a phone’s screen display to automatically rotate to the right positions, and support for third-party keyboards.
Some of the phones that were released with Cupcake installed out of the box included the first Samsung Galaxy phone, along with the HTC Hero.
Android 1.6 Donut
Google quickly launched Android 1.6 Donut in Sept. 2009. The new features included support for carriers that used CDMA-based networks. This allowed Android phones to be sold by all carriers around the world.
Other features included the introduction of the Quick Search Box, and quick toggling between the Camera, Camcorder, and Gallery to streamline the media-capture experience. Donut also introduced the Power Control widget for managing Wi-Fi, Bluetooth, GPS, etc.
One of the phones that was sold with Donut installed was the ill-fated Dell Streak, which had a huge (at the time) 5-inch screen, and was described at the time on our own site as a
“smartphone/tablet.” These days, a 5-inch display is considered to be average sized for a smartphone.
Android 2.0-2.1 Eclair
In Oct. 2009, about a year after the launch of Android 1.0, Google released version 2.0 of the OS, with the official code name Eclair. This version was the first to add text-to-speech support, and also introduced live wallpapers, multiple account support, and Google Maps navigation, among many other new features and improvements.
The Motorola Droid was the first phone that included Android 2.0 out of the box. The phone was also the first Android-based phone that was sold by Verizon Wireless. While Google was safe to use Android as the name for its OS, the term “Droid” was trademarked at the time by Lucasfilm, in reference to the robots of the Star Wars franchise. Motorola had to get permission and pay some money to Lucasfilm, to use Droid as the name for its phone. Motorola continued to use the Droid brand for many of its phones as late as 2016.
Android 2.2 Froyo
Launched in May 2010, Android 2.2 Froyo (short for “frozen yogurt”) was officially launched. Smartphones with Froyo installed could take advantage of several new features, including Wi-Fi mobile hotspot functions, push notifications via Android Cloud to Device Messaging (C2DM) service, flash support, and more.
The first smartphone that carried Google’s Nexus branding, the Nexus One , launched with Android 2.1 out of the box earlier in 2010, but quickly received an over-the-air update to Froyo later that year. This marked a new approach for Google, with the company working closer than ever before with hardware manufacturer HTC to showcase pure Android.
Android 2.3 Gingerbread
Android 2.3 Gingerbread, launched in Sept. 2010, is currently the oldest version of the OS that Google still lists in its monthly platform version update page. As of Sept. 13 2017, Google indicated that only 0.6 percent of all Android devices are currently running some version of Gingerbread.
The OS received a user interface refresh under Gingerbread. It added support for using near field communication (NFC) functions for smartphones that had the required hardware. The first phone to add both Gingerbread and NFC hardware was the Nexus S, which was co-developed by Google and Samsung. Gingerbread also laid the groundwork for the selfie, by adding in support for multiple cameras and video chat support within Google Talk.
Android 3.0 Honeycomb
This version of the OS is perhaps the oddball of the bunch. Honeycomb was released by Google for installation only on tablets and other mobile devices with larger displays than current smartphones. It was first introduced in Feb. 2011, along with the first Motorola Xoom tablet, and included features such as a redesigned UI specifically for large screens, along with a notification bar placed on the bottom of a tablet’s display.
The idea was that Honeycomb would offer specific features that could not be handled by the smaller displays found on smartphones at the time. It was also a response by Google and its third-party partners to the 2010 release of Apple’s iPad. Even though Honeycomb was available, some tablets were still released with the smartphone-based Android 2.x versions. In the end, Honeycomb ended up being a version of Android that was not really needed, as Google decided to integrate most of its features in its next major 4.0 version, Ice Cream Sandwich.
Android 4.0 Ice Cream Sandwich
Released in Oct. 2011, the Ice Cream Sandwich version of Android brought a number of new features for users. It combined many of the features of the tablet-only Honeycomb version with the smartphone-oriented Gingerbread. It also included a “favorites tray” on the home screen, along with the first support for unlocking a phone by using its camera to take a picture of its owner’s face. That kind of biometric sign-in support has evolved and improved considerably since then.
As of July 6, Google indicates that 0.7 percent of all Android devices are currently running some version of Android 4.0, which is only marginally more than Gingerbread.
Other notable changes with ICS included support for all on-screen buttons, swipe gestures to dismiss notifications and browser tabs, and the ability to monitor your data usage over mobile and Wi-Fi.
Android 4.1-4.3 Jelly Bean
The Jelly Bean era of Android began in June 2012 with the release of Android 4.1. Google quickly released versions 4.2 and 4.3, both under the Jelly Bean label, in Oct. 2012 and July 2013 respectively.
Some of the new features in these software updates included new notification features that showed more content or action buttons, along with full support for the Android version of Google’s Chrome web browser, which was included in Android 4.2. Google Now also made an appearance as part of Search, and “Project Butter” was introduced to speed up animations and improve Android’s touch responsiveness. External Displays and Miracast also gained support, as did HDR photography.
If you attended Google I/O in 2012, you likely got the company’s Nexus 7 tablet with Android 4.1 Jelly Bean pre-installed as a gift. Versions of Jelly Bean are still very much active on many Android phones and devices. At the moment, about 6.9 percent of all Android products use Jelly Bean.
Android 4.4 KitKat
The name of Android 4.4 is the first version of the OS that actually uses a previously trademarked name for a piece of candy. Before it officially was launched in Sept. 2013, the company released hints at its Google I/O conference that year, as well as other places, that the codename for Android 4.4 would actually be “Key Lime Pie.” Indeed, most of Google’s Android team thought that was going to be the case as well.
As it turned out, Google’s director of Android global partnerships, John Lagerling, thought that “Key Lime Pie” would not be a familiar enough name to use for Android 4.4 worldwide. Instead, he decided to do something different. He contacted Nestle, the creators of the KitKat bar, and asked them if they could use the name for Android 4.4. Nestle agreed, and even released versions of its KitKat bar shaped like the Android robot mascot as part of a co-branding agreement with Google. It was an experiment in marketing that Google didn’t rekindle until the latest launch of Oreo .
KitKat didn’t have a huge number of new features, but it did have one thing that really helped to expand the overall Android market. It was optimized to run on smartphones that had as little as 512 MB of RAM. This allowed phone makers to get the latest version of Android and have it installed on much cheaper handsets.
Google’s Nexus 5 smartphone was the first with Android 4.4 pre-installed. Even though KitKat launched nearly four years ago, there are still plenty of devices that are still using it. Google’s current platform version update page states that 15.1 percent of all Android devices are running some versions of Android 4.4 KitKat.
Android 5.0 Lollipop
First launched in the fall of 2014, Android 5.0 Lollipop was a major shakeup in the overall look of the operating system. It was the first version of the OS that used Google’s new Material Design language, which made liberal use of lighting and shadow effects, among other things, to simulate a paper-like look for the Android user interface. The UI also got some other changes for Lollipop, including a revamped navigation bar, rich notifications for the lockscreen and much more.
The subsequent Android 5.1 update made a few more under-the-hood changes. This included official support for dual-SIM, HD Voice calls, and Device Protection to keep thieves locked out of your phone even after a factory reset.
Google’s Nexus 6 smartphone, along with its Nexus 9 tablet, were the first devices to have Lollipop pre-installed. At the moment, Android 5.0 Lollipop is installed and in use by about 29 percent of all active Android devices, according to Google’s platform version stats. Fun fact: Google used the code name “Lemon Meringue Pie” internally as it developed Android 5.0 before settling on the candy treat Lollipop as the official public name of the OS.
Android 6.0 Marshmallow
Released in the fall of 2015, Android 6.0 Marshmallow used the sweet treat favored by campers over a fire as its main symbol. Internally, Google used “Macadamia Nut Cookie” to describe Android 6.0 before the official Marshmallow announcement. It included features such a new vertically scrolling app drawer, along with Google Now on Tap, native support for fingerprint biometric unlocking of a smartphone, USB Type-C support, the introduction of Android Pay, and much more.
The first devices that shipped with Marshmallow pre-installed were Google’s Nexus 6P and Nexus 5X smartphones, along with its Pixel C tablet. The current stats on Android platform use shows that Marshmallow has just marginally overtaken Lollipop as the most installed OS version, accounting for 32.2 percent of all Android-based devices.
Android 7.0 Nougat
Version 7.0 of Google’s mobile operating system launched in the fall of 2016. Before Nougat was revealed “Android N” was referred to internally by Google as “New York Cheesecake.” Nougat’s many new features included better multi-tasking functions for the growing number of smartphones that have bigger displays, such as split-screen mode , along with quick switching between apps.
Google made a number of big changes behind the scenes too, like switching to a new JIT compiler to speed up apps, supported the Vulkan API for faster 3D rendering, and enabled OEMs to support its DayDream Virtual Reality platform.
Google also used the release to make a bold push into the premium smartphone market. The company’s own branded smartphones, the Pixel, and Pixel XL , along with the LG V20 , were the first to be released with Nougat pre-installed.
Android 8.0 Oreo
In March 2017, Google officially announced and released the first developer preview for Android O, also known as Android 8.0. Even before that release, Hiroshi Lockheimer, the senior vice president of Android at Google, posted a GIF of an Oreo cake on his Twitter account in Feb. 2017 . That was the first solid hint that Oreo, the popular cookie made of two chocolate wafers with a creme filling in between, would indeed be the official code name for Android 8.0.
In August, Google confirmed that Oreo would indeed be the public name for Android 8.0. It is the second time that Google chose a trademarked name for Android (Oreo is owned by Nabisco). In a break from its tradition, Google showed off the Android Oreo mascot statue for the first time in a press event in New York City, rather than showing the statue first at its Googleplex headquarters. The statue also depicts the Android mascot itself as a flying superhero, complete with a cape. A second statue was put in place at Google’s main headquarters later that day
As far as its features, Android Oreo packs in lots of visual changes to the Settings menu, along with native support for picture-in-picture mode,
notification channels , new autofill APIs for better management of passwords and fill data, and much more. Android Oreo is available as a download via Google’s Android Open Source Project, and is also available as an over-the-air update for Google’s older (and supported) Nexus and Pixel devices, along as an update for many older Android phones. Android Oreo also comes with Google’s own Pixel 2 models, as well as many other newer phones that have hit the market.
Android 9.0 Pie
Google launched the first developer preview of the next major Android update, Android 9.0 P on March 7, 2018 . On August 6, 2018, the company officially launched the final version of Android 9.0, and gave it the official code name of “Pie . It included a number of major new features and changes. One of them ditches the traditional navigation buttons in favor of one elongated button in the center, which is the new home button. Swiping up from that button brings up Overview, with your most recently used apps, a search bar, and five app suggestions at the bottom. You can swipe left to see all your recently opened apps, or you can drag the home button to the right to quickly scroll through your apps.
Android 9.0 Pie also included some new features designed to help extend your smartphone’s battery life, including the use of in-device machine learning to predict which apps you will use now, and which apps you won’t use until later. Pie also has Shush, a feature that automatically puts your phone in Do Not Disturb mode when you turn your phone screen-down on a flat surface. There’s also Slices, which provides a smaller version of an installed app inside Google Search, offering certain app functions without opening the full application
As usual, Android 9.0 Pie was available first officially for Google’s Pixel phones, but it also launched for the Essential Phone as well at the same time. It has since rolled out as an update to many other Android phones over the past several months and has been available out of the box in many new Android phones.
Refreshing the brand: Android 10
Google launched the first official developer preview of the next version of Android, which it called Android Q,
on March 13, 2019 . On August 22, 2019, Google announced a major refresh of the Android brand. That includes a new logo and, more importantly, the decision to ditch the traditional dessert name for the next version. As a result, Android Q officially is known just as Android 10 . Android 10 was officially launched on September 3, 2019 for Google’s Pixel devices, and it will roll out for other phones soon.
EDITOR'S PICK
As usual with any new Android release, Android 10 has a number of new features and improvements and a number of new APIs . That includes new support for the upcoming rush of
foldable phones with flexible displays . Android 10 also has a system-wide dark mode, along with new gesture-navigation controls, a more efficient sharing menu , smart reply features for all messaging apps, and more control over app-based permissions.
The future of Android?
Android has come a long way from its humble beginnings, as the product of a small start up, all the way to becoming the leading mobile operating system worldwide. There are hints that Google is in the very early stages of developing an all-new OS, called Fuchsia , that may support everything from smartphones to tablets, and even to notebook and desktop PCs. However, the company has said almost nothing about its plans for Fuchsia, and it’s more than possible that it may cancel its development.
This just shows that Google is still extremely committed to furthering the development of Android, and has even tried to extend the mobile and tablet OS to other devices, including Android TV , Android Auto, and WearOS . Depending on which research firm you believe, Android’s worldwide smartphone market share is currently between 85 and 86 percent, with iOS a distant second at between 14 and 15 percent. All other mobile operating systems (Windows Phone/Windows 10 Mobile, BlackBerry, Tizen, and the rest) now have less than 0.1 percent of the phone market. In May 2017, during Google I/O, the company said there are now over two billion active devices running some version of the Android OS.
One challenge for Android device owners that has been an issue for the OS ever since it launched is updating it with the latest security patches, to say nothing of over-the-air rollouts for major feature updates for the OS. Google’s supported Nexus and Pixel devices consistently receive regular monthly security updates, and the latest version of the OS. Third party phones are a lot more hit and miss with new security patches and often quickly drop off seeing new OS updates. A few phones, especially unlocked ones that are in the budget category, may not receive any updates at all. Google’s introduction of Project Treble in Android Oreo should make it easier for phone makers to update their devices faster, but it remains to be seen if those efforts will be effective in the long run.
Conclusion
Unless Apple decides to start selling new iPhones that are much cheaper than its current models, it would seem reasonable to predict that Android will continue to dominate the mobile OS market, even with its problems providing swift updates. The OS is being installed on phones that are sold for far less than $100, all the way to expensive flagship devices like the current champion: the Samsung Galaxy S10 Plus. That flexibility, combined with yearly updates, will ensure Android will remain the leader in this industry for years to come.

Sunday, September 29, 2019

Can we edit an update on WhatsApp?

Is there anyway one can edit an already posted WhatsApp update?....is it officially there?Think about it WhatsApp

The dangers of using some VPNs ..The quest to know whether the gorvenment of Uganda spying on opposition chiefs...PART ONe!







Some couple of weeks ago,one politician was complaining of the gorvenment spying on him using Chinese technology gadgets,and all of you know that it was even written in the news paper in America.To me as a cyber security enthusiast,I had to laugh!!! The biggest issue with most of us is that we don't understand the term spying and we knew what is really behind our phones and where they come from then we must know who spying on us.First of all,the Socs of these phones we use are made from foreign countries and some of these gorvenments pattern or sponsor some these projects to come up with Socs or the mobile operating systems.Am sure most of you do use Android Is and it is a fact that CIA ,the USA's spy masters are behind it's commencement and if you are using Android it is just very easy for CIA,FBI,NSA to get any information from and about you.Since the writting of that story the Uganda is using Chinese gadgets and technology to spy on opposition,I have been trying to write a more simple document so that everyone will understand the privacy leakages we are subjective to if we continue using these tech gadgets.And another thing people should understand is that military intelligence is meant to extract information majorly to avoid incidences that may harm the citzens but some individuals want to make it look a devil to the society, actually citzens must work and help them to get such information.
Let me get to these VPNs,at the bringing of the OTT many Ugandans rushed to the use of VPNs and most of them are not aware that they are a security threat to their privacy and general communication.I want every one to read this and take care especially you politicians, business men especially in crypto currency,mobile money,mobile banking etc...!! I was totally shocked when I saw some of you in excitement when you saw a photo of his excellence Yoweri kaguta Museveni using an small old Nokia phone,am sure he read the dangers of over hanging on these smart phones!!!!
What you must know about these VPNs...
The reason people have Virtual private networks (VPNs) is that they protect our online privacy, however, privacy is essentially non-existent if you live in a place where the government is allowed to track your online activities. This is why you need to get a good VPN, the goal is to make sure that you don’t have to worry about third-parties keeping an eye on you. However, while using a VPN, it is important to know if it is in a 14 Eyes country. – Now, that being said, you are probably asking what is a 14 Eyes country.
Before you decide to use a VPN, it is important to have a good amount of background information on the VPN company. In terms of the 14 Eyes countries, they all have entered into the UKUSA Agreement which basically allows countries to share information about international communications between two parties. This is obviously something that would bother VPN users because why should anyone be allowed to access your online activities especially when it does not involve anything illegal such as terrorism or explicit content involving children or animals?
How is the UKUSA Agreement Utilized?
In the United States, it is “illegal” for the government to spy on its citizens. There have to be warrants and lots of other legal proceedings done for the government can surveil its citizens. The United Kingdom, for example, doesn’t have any of the same limitations that the United States has on surveillance of the same American citizen. This could allow the United States under the UKUSA Agreement to give a nudge to UK authorities to look at different folks and see exactly what they are up to.
Naturally, there are certain rights that folks have in different countries that protect their privacy, but in the world of online communications, the legal rulings in these areas are, at best murky. Because there is an evolving legal precedent, it’s difficult for users to know exactly where their rights to privacy in online communications and visits begin and end. That’s why many turn to VPNs since a reliable VPN doesn’t track what you do online.
What are the 14 Eyes Countries?
14 Eyes refer to the countries who have signed the UKUSA Agreement. Obviously, the UK and the USA are part of the 14 countries. The other twelve are:

Italy
Canada,
Australia
Denmark
France
Netherlands
Norway
Germany
Belgium
Sweden
Spain
New Zealand
Additionally, other countries that are believed to be part of the 14 Eyes but not officially are Israel and Japan. After the Snowden leak, it was confirmed that Singapore and South Korea are also taking part in the agreement.
Many countries – especially the United States – can get your internet history and worse yet, they can do so without notifying you. The VPN that is located in a 14 Eyes country is subject to laws that essentially allow the legal system to compel the private entity (a VPN) to surrender information about a user’s web habits.
Furthermore, VPNs in these countries are forced to keep logs of exactly what someone browses and what they do on the Internet. Therefore, if you are going to use a VPN, it is extremely wise to get a VPN that is not based in any of the 14 eyes countries and be wary of any VPN based in Singapore, South Korea, Israel, and Japan.
How do I Find Out Where a VPN is Located?
It is actually not too difficult to find out which VPNs are not based within the 14 Eyes countries. The easiest way to find this out is to do a Google Search, but when you look at a VPN’s landing page you will notice the address at the bottom will probably tell you where it is based. If you are still not sure, look at the billing information.
Some countries where you may find great VPNs in are Hong Kong, Taiwan, and several Eastern European nations that are part of the EU and NATO. These countries allow you to have the technical savvy of one of the 14 Eyes countries while not having to deal with the different issues that plague VPN usage such as a lack of privacy.
Selecting a Good VPN
The key to selecting a good VPN is first understanding the purpose. There are different VPNs for gaming and others that are great for streaming. However, when looking generally at a VPN, the key is having a few really solid features. Understand that you’ll have to pay for a VPN, but what they offer makes it worth it.
The first feature to look for is a large number of servers. This will allow you to select the server closest to you. A close server allows for a better connection, especially in terms of gaming. Another important factor is that the VPN doesn’t track your data. This is why many people trust VPNs, and when you have a VPN from a place that isn’t part of the 14 Eyes nations, then you have a VPN that you can trust.
Another important consideration is the ease of use of a VPN. When you get one that doesn’t make it too complicated to log on and get to work, then you will have no problem using the VPN for all of your purposes.
Conclusion
Unfortunately, such governments that sponsors such tech programmes,software,gadgets,system,etc always try to overreach into what you do in the privacy of your home. While you are working at getting a VPN that’s not based in one of the 14 Eyes countries, be sure that your information is not being tracked by free VPNs since such providers are known for selling browsing data to third-parties.

Nevertheless, VPNs provide great security and protect your privacy very well, so be sure you get a VPN that keeps your information away from overreaching governments.

Saturday, September 21, 2019

Are you aware of your web camera's leakage of your data
Every cybersecurity article you’ll find will include some sort of reminder emphasizing the use of strong passwords, good antivirus software and the related usual. However, there is less care taken to ensure the hardware components of our computers are secure.

In the wake of this, Avishai Efrat, a white hat hacker from Wizcase has found 15,000 webcams globally that can be accessed unauthorizedly with the only pre-requisite being an Internet connection. Many of these webcams can also be tinkered with by malicious users editing their settings which is made easier by the fact that most users do not bother changing the default credentials of such devices.
Some of the manufacturers include:
AXIS net cameras
Cisco Linksys webcam
IP Camera Logo Server
IP WebCam
IQ Invision web camera Mega-Pixel IP Camera,
Mobotix
WebCamXP 5
Yawcam.
These have been found installed both for home and business use in different countries with the following ones being the most popular as reported by Wizcase:
Argentina
Australia
Austria
Brazil
Canada
France
Germany
Italy
Japan
Pakistan
Russia
Spain
Switzerland
UK
USA
Vietnam
 While webcams at homes would be expected to mostly have revealed personal sensitive information in developing countries where the trend of remote working is less, this is untrue for economies based particularly in Europe and the Americas where important business data may have also been compromised.

But that’s not where it ends. Potential uses of webcams also extend to places of worship, museums, sports areas and parking lots which could be deemed as an invasion to the privacy of users.

Here, it’s noteworthy that since 2014, a website called “Insecam” has been showing live footages from over 100,000 insecure private security cameras from all over the world. The site claim to be “The world biggest directory of online surveillance security cameras.”
Some of the consequences of these are that indecent footage of people could be used for blackmailing them, IP theft could become easier for unethical businesses who may utilize such feeds, surveillance becomes easier for both government and foreign government agencies, camera loops could be set to coordinate physical attacks and much more – the list is endless to say.
The golden question is, why was such a flaw overlooked by several manufacturers despite the implications? To answer this, we must look at how webcams work. Every time one is installed, users need some remote way in order to access its footage either in real-time or later for play-back. This is important to realize as not all webcams are used for video networking communication and many of them are utilized for security purposes.
The access mechanisms can be divided into two networking protocols, namely port forwarding and peer to peer(P2p). In port forwarding through the use of Universal Plug and Play (UPnP) technology, the camera can be accessed by a port on the external IP address.

If there is no authentication method, anyone who knows the IP address of the device can access the footage and other privileges depending on the manufacturer’s setup. Secondly, in P2P, the device itself communicates with the manufacturer’s servers for administration and other functions without port forwarding leaving no need for port forwarding.However, this can again be insecure if the manufacturer doesn’t take the basic precautions mentioned above. To solve these security issues, Chase from Wiscase offers some insight along the lines of,

“Many devices aren’t put behind firewalls, VPNs, or whitelisted IP access – any of which would deny scanners and arbitrary connections. If these devices have open network services, then they could be exposed. wrote Chase.” “The device’s security posture might depend on different things but a recommended way to set up a secure web camera would be to use a local VPN network, so that any open port would remain within the limits of the encrypted communication of the VPN. The app would connect to the VPN which would then access the port using an internal IP, thus avoiding the open port & call home potential problems and removing accessible ports from your external IP,” Chase concluded.




Furthermore, one can also add other measures such as whitelisting only one’s own device’s MAC addresses, choosing vendors with a focus on security, enabling two-factor authentication and finally using an encrypted connection to access the admin panel.
Finally, If you’re not a technically interested user, checking if your public IP address is compromised through a search engine like Shodan can also help for the immediate time being helping you decide your next course of action.


Friday, September 13, 2019

The joker malaware

Another day, another Android malware – This time; The Joker malware is here not to creep you out but steal from you.

While “The Joker” might be your favorite villain fighting the dark knight, a new malware that goes by the name of it may not entertain you.
It has been recently discovered by researcher Aleksejs Kuprins, that The Joker malware infected 24 apps on the Google Play Storewhich had over 472,000 installations.
After successfully being deployed, the malware tricks and scams users by signing them up for premium subscription services all without their knowledge. It does so by using the background component and stealthily clicking on advertisements and other processes intended to reach its final goal.
Finally, since an authorization code would be required usually for confirming payments, it accesses the user’s SMS messages and copies any code needed.
However unlike most malwares, it only targets users in specific countries. This is evident as the apps infected contain mobile country codes from which the sim should belong to for it to receive the payload.
For example, in Denmark, Joker can silently sign the victim up for a 50 DKK/week service (roughly ~6,71 EUR). This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions. Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription, wrote Kuprins in his blog"