Archive for the ‘Security’ Category

Google: Street View cars grabbed emails, urls, passwords

1 Comment »

In addition to my previous post “Privacy is dead, People”

Google has publicly acknowledged that the WiFi data collected by its world-roving Street View cars contained entire emails, URLs, and passwords.

On Friday afternoon, with a blog post, senior vice president of engineering Alan Eustace also said – yet again – that most of the data is “fragmentary,” and that the company intends to delete the data “as soon as possible.”

“I would like to apologize again for the fact that we collected it in the first place,” Eustace wrote. “We are mortified by what happened.” The company has always said that the data collection was a “mistake,” saying that code developed by a single engineer was added to its cars although project leaders had no intention of doing so. Independent investigations have said that the data contained emails and passwords as well as home addresses and phone numbers.

In May, it was Eustace who revealed – with another blog post – that Google Street View cars had been collecting data sent over unsecured WiFi networks, contradicting previous claims from the company.

With earlier public statements, Google had said its cars were collecting only the SSIDs that identify WiFi networks and the MAC addresses that identify particular network hardware, including routers. Google uses such data in products that rely on location data, such as Google Maps.

Privacy authorities across the globe launched investigations of Google’s WiFi data collection, and some concluded that the company had violated local laws, including, most recently, Canada privacy commissioner Jennifer Stoddart. Spain has filed a lawsuit against the web giant. Seven investigations have been completed so far, and others are still pending.

When Eustace first revealed the WiFi payload collection, he said the company would review its “procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.” And regulators demanded such reviews as well. So, with Friday’s blog post, Eustace also laid out the company’s new internal policies.

The company has appointed Google researcher Alma Whitten as director of privacy for both engineering and product management. “Her focus will be to ensure that we build effective privacy controls into our products and internal practices,” Eustace wrote.

“She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role.”

Google has also vowed to increase privacy training among its employees. “We’re enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data.”

Beginning in December, all employees will also go through a new information security awareness program, which will include “clear guidance on both security and privacy.”

What’s more, engineering project leaders will keep document detailing the privacy design of each project they work on. “This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team.”

Google has said that its cars collected about 600GB of WiFi payload data across 30 countries. Some of the data has already been deleted at the insistance of regulators in various countries, including Ireland, Denmark, and Austria. But after complaints from a UK-based independent privacy watchdog, it stopped the deletions, which were overseen by a third-party.

Google did not immediately respond when we asked when the deletion would resume. ®

Update

Google has responded. “In some countries where we’ve been instructed to do so by the authorities, we have deleted the data, “a company spokeswoman said. “We want to delete the rest of the payload data as soon as possible and will continue to work with the authorities to determine the best way forward.”

Refrence:


What fingerprints does your browser leave behind as you surf the web ?

4 Comments »

How Unique – How track-able, is your browser

Traditionally, people assume they can prevent a website from identifying them by disabling cookies on their
web browser.  Unfortunately, this is not the whole story.

When you visit a website, you are allowing that site to access a lot of information about your computer’s
configuration. Combined, this information can create a kind of fingerprint — a signature that could be used
to identify you and your computer.
Some companies are already using technology to try to identify individual computers.
But how effective would this kind of online tracking be?

EFF is running an experiment to find out. Read the rest of this entry »


CMOS De-Animator

1 Comment »

CMOS De-Animator is a service utility for your system’s CMOS RAM. Unlike its predecessors, this new version includes a graphical interface and CMOS-backup options along with the “Clear CMOS” procedure, which was the original version’s only purpose. So, you can now backup the main CMOS settings to a file, or restore them later. The application supports all 32-bit and 64-bit Windows operating systems except Windows 95 and Windows NT 3.51; for these old systems, you have to use De-Animator’s previous version. You could possibly use it to reset BIOS Password from Windows itself!

CMOS De-Animator

CMOS De-Animator

CMOS De-Animator is not a tool for regular users but for system administrators or hardware engineers who find users who have forgot their CMOS password. For them, this tool is really helpful. Use it with care if you are a novice user

Downlaod CMOS De-Animator v2.0 here


Privacy is dead, people.

4 Comments »

Many people go online on internet via a wifi routers and typically only the computer directly connected to the device can interrogate it for ID information.  But bad news guys because Google location data can be used to pinpoint exactly where you live 🙁

Google database created when its cars were carrying out surveys for its Street View service.

Google Street View car, Getty The data gathered by Google’s Street View cars

This database links Mac addresses of routers with GPS co-ordinates to help locate them. It can be use to identify someone’s location to within a few meters.

Now the actual issue:

This pin point location can be gathered by some crafted web page without asking your permissions which is possible with bug in most of the wifi routers and it is using Firefox location sharing.

1) Click here to Enter your Wifi Router MAC address and see where you are.

2) Click here to open java applet, collect that information for you and display your location. (not working. I am working on it)

3) Click here Firefox will ask your location.

Sources:

http://www.bbc.co.uk
http://www.computerworld.com
http://www.itworld.com

Recovering a lost Mysql root password

No Comments »

Lost MySQL root password Recovery

/etc/init.d/mysql stop
mysqld_safe --skip-grant-tables &

This stops MySQL and reloads it without the authentication (grant) tables, so we can connect to MySQL without a password. Beware this locks out all of your applications until the password reset process is completed. Now we need to go in an reset the password

su -
mysql -u root -p

It will prompt you for a password, just hit enter. You should now be inside the MySQL terminal and ready to change the root password:

update user set password=PASSWORD(”NEW-PASSWORD”) where User=’root’;

Of course, replace NEW-PASSWORD with your chosen root password. Now all that remains is to restart MySQL in the normal manner in order for it to pick up the authentication tables correctly and let your customers and applications back in

# /etc/init.d/mysql stop
# /etc/init.d/mysql start

How insecure iPhone is !!!

No Comments »

Got an iPhone? Launch Safari and visit Jailbreakme.com, then move the slider to the right; congratulations, your phone is now jailbroken.

iPhone 4

This allows you to do an end run around Apple’s restrictive app store policies. It also lets malicious nogoodniks do an end run around the iPhone and Safari’s security restrictions. Even better, it works on the iPod Touch, iPad, and any other Apple device running the iOS 4.0.1 or later.

Sources:-

http://www.computerworld.com/s/article/9180099/iPhone_jailbreak_exploit_sweet_and_scary_says_researcher?taxonomyId=17&pageNumber=2
http://www.itworld.com/mobile-amp-wireless/112204/why-location-privacy-important
http://www.jailbreakme.com/