Archive for January 2017

Metadata: Story Of How Whatsapp And Other Chat Apps Collect Data


Who made the protocol that enables encryption of WhatsApp, Allo, Messenger, and other chat services; What does end-to-end encryption mean; What data exactly do you give away when you use WhatsApp, Messenger, Allo; The most secure alternative of all. Here, we’ll discuss all these apps and the “metadata” collected by them.

Everybody knows by now that WhatsApp has enabled end-to-end encryption, for their users. There also have been allegations, speculations, and research about how their end to end encryption has a backdoor that could let third-party people snoop, decrypt and read messages.

But what most of us don’t know, is what information they are already having access to by the pretext of the keyword metadata in their FAQs and public information of details of their information collection phrases.

WhatsApp, Facebook Messenger, Google Allo, and Signal Messaging App uses Signal’s own Protocol by the same name.

Wikipedia says this about Signal Protocol

“The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for instant messaging conversations. — Wikipedia”

The Signal Protocol was built by Open Whisper System, a nonprofit group that was founded in 2013 by the former Twitter head of security Moxie Marlinspike.

End-to-End encryption provides you the surety that your message is encrypted before sending it to the sender, and that only s/he would decode it using the private key s/he has.

So what’s the problem here, you might ask? Facebook and Google Allo are using the same protocol, it’s secure! Well, Facebook Messenger and Google Allo don’t enable end-to-end encryption by default. Facebook Messenger users have to enable “Secret Conversations” and Google Allo users have to enable Incognito Mode, to leverage encryption.

Alright, Alright, so Facebook and Allo don’t default enable it, but Whatsapp and Signal messaging app so, what’s wrong now? Why not stick with WhatsApp then?

The answers lie in WhatsApp’s collection of metadata. 

Metadata has always been a blurry, not so very understood, term simply because it means different things in terms of different applications.

Edward Snowden lights up with what it’s really used for.

Are your readers having trouble understanding the term "metadata"? Replace it with "activity records." That's what they are. 

In this Electronic Frontier Foundation post by Kurt Opsahl, he gives examples of what companies and governments can get hold of by the somewhat disguised use of the word metadata, getting information on basis of it, such as the following excerpts out of this article:
  • They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
  • They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.
  • They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
Even though WhatsApp doesn’t store backups on their servers, Whatsapp can collect data when, where, and with whom you communicate, it’s stated rather really vaguely which gives them freedom of sorts, ain’t it? In their own words:

Usage and Log Information. We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.

Besides this, they collect information about your OS, browser information (think your search history on synced devices!), IP address, mobile network data, and phone number. And if they can’t obtain your phone number, they’ll obtain it when people message you, since WhatsApp has access to your friends’ activity data as well.

We won’t talk about Facebook, since everybody knows what we give them when we use their services.


Google Allo has had its fair share of scrutiny.

Signal App retains only the phone number that you register on it with, and the last logged in time on their server, and only the day and no other minute or second.

When you enable WhatsApp’s feature of notifying you about a change in receiver’s key (which is needed for decryption), WhatsApp says it shouldn’t be a concern since receiver’s key can change on the new installation on device or reinstallation of WhatsApp itself, and suggests to continue using it.

Signal has disappearing messages.

“Any conversation can be configured to delete sent and received messages after a specified interval. The configuration applies to all parties of a conversation, and the clock starts ticking for each recipient once they’ve read their copy of the message.”

And the best part? It’s Open Source! Ah!

Friday, 27 January 2017
Posted by Sivapriya

Why Does 64-Bit Windows Need Two Program Files Folders — Program Files & Program Files (x86)

Ever wondered why 64-bit Windows needs to have two Program Files folders? This is done to separate the 32-bit DLL executables from 64-bit DLLs. It also eliminates the chances of a 32-bit application trying to load a 64-bit DLL, fail, and give an error message.


Back in 2005, Microsoft launched both 32-bit and 64-bit versions of Windows operating system. This was done to support new 64-bit CPUs. The 64-bit CPUs have the ability to work with large numbers and access more memory.
If you’re running 64-bit Windows operating system, you might have noticed that your PC has two Program Files folders. One is the regular Program Files and the other one is Program Files (x86). But, why is it necessary? What’s the difference between these two folders?

Well, to answer these questions, one should understand that 64-bit applications are compiled differently. While a program with 64-bit instructions can’t be read by PCs with 32-bit CPUs, a 32-bit program can be read by 64-bit CPU.

Windows has a separate Program Files (x86) folder, Why?

Whenever you install any program on a computer with 64-bit CPU, its folders are, more or less, intended for 64-bit content. When a 32-bit program tries to use a 64-bit component, it faces some problems.

So, Windows separates the directories of 64-bit and 32-bit programs. The Program Files (x86) is the one for storing 32-bit program. x86 stands for the type of processors — 286, 386, 486, 586(Pentium).

Another reason is that 64-bit software doesn’t act nicely with 32-bit extensions, and vice versa. It increases the chances of a conflict if you happen to install both 64-bit and 32-bit versions of a program on the same system.

Last but not the least, having two separate Program Files folders ensures that 32-bit applications, unaware about a 64-bit system, work. Separating both kinds of applications will eliminate the chances of a 32-bit application trying to load a 64-bit DLL, fail, and give an error message.


Apart from the Program Files, there are some other Windows components that have both 32-bit and 64-bit copies. Some of these are stored in winsxs (stands for windows side by side) and syswow64 (Windows 32 on Windows 64).

Also Browse :

Saturday, 21 January 2017
Posted by Sivapriya
Tag : ,

Your Chrome, Safari, And Opera Browsers Might Be Leaking Your Private Information

The “helpful” autofill feature of your web browser also poses a big risk to your online security. A security researcher has uncovered a simple exploit that uses form fields hidden from the user to steal the personal information. While Chrome, Opera, and Safari are affected by this issue, Firefox remains immune. The users are advised to disable the autofill settings in their web browsers.


We often praise the autofill features of our web browsers for saving us from all the troubles of typing the details like email address, passwords, address, phone numbers, etc. But, these features come along with some serious security risks too.
A web developer and hacker named Viljami Kuosmanen has found a flaw that’s affecting different browsers and plugins. According to his revelation, web browsers like Google Chrome, Apple Safari, and Opera, and plugins like LastPass can be exploited to leak sensitive personal information.

Browser autofill phishing in Chrome, Safari, and Opera

The phishing attack described by the hacker is very simple in application. When you fill your information in text boxes, autofill enters the profile-based information in form fields hidden from the user.

On GitHub, Kuosmanen has shared a live demo page to showcase the attack. You can access it here.

In Google Chrome browser, the attack works as follows:


Mozilla’s Firefox is immune to this problem as it is yet to implement a multi-box autofill system, so, it can’t be tricked into filling text boxes.

Interestingly, this attack is triggered when users enter at least one information in some online form. To avert such attacks, the users are advised to disable the autofill function in their web browser.

Friday, 20 January 2017
Posted by Sivapriya

Best VPN of 2017

The best 10 VPN service providers for anonymity and security – 2017 edition

In order to improve your online privacy and security, using a VPN (Virtual Private Network) service is arguably the most effective measure that one can opt for. VPN is a network technology, which links the private network over internet using encryption methods. It is generally preferred by government agencies, corporates, educational institutions, and private citizens to facilitate easy access of remote users to secured private networks.


In comparison to private networks, VPN is not only economical and flexible, but it also allows VPN users to maintain their anonymity and protect themselves from being snooped. A VPN can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more. However, one should be aware that there is no such thing as a one-stop-shop when it comes to protecting your privacy and staying secure while using the internet. Therefore, VPNs should be considered as an important tool in your internet toolbox.

Basically, VPN works on 4 protocols:

• IP security (IPSec): IPSec utilizes two methods to encrypt its user’s data: a) transport mode or b) tunnelling mode. Encryption of message within the data packet by transport mode is also termed as Payload, whereas inscription of the whole data packet is known as Tunnelling.

• Point-To-Point Tunnelling Protocol (PPTP): This is the most widely used protocol; PPTP uses the tunnelling method wherein PPTP stores data within the PPP packets, which are further stored inside the IP packets and transported to the desired destination.

• Layer 2 Tunnelling Protocol (L2TP): It works on two major features: L2TP Access Concentrator (LAC) and L2TP Network Server (LNS). LAC is a device which terminates the call, whereas LNS authenticates the PPP packets as seen earlier in the PPTP.

• Transport Layer Security (TLS) and Secure Sockets Layer (SSL) i.e. TSL/SSL: This system uses a combination of authentication and encryption, which leads to the sharing of data between the servers and client.

In this article, we bring the top 10 VPN service providers that not only offer privacy but also data security.

1. PureVPN

PureVPN is based in Hong Kong, which has the advantage of being out of view of the prying ‘14-eyes’. It has gained a reputation for being a respected provider with solid encryption, global server coverage, and state-of-the-art software. It uses 256-bit grade encryption and boasts more than 500 servers across 141 countries.

While it does not monitor or record any activity that passes through its servers, but it does acknowledge of keeping a record of connections and bandwidth, which it says is in order to optimally manage its servers. It also offers the more secure OpenVPN protocol and maintains its own DNS servers.

Features include a Kill Switch that ensures that your actual IP is never exposed should the VPN drop. It also has split tunnelling, which routes specific apps to access the internet via their local internet connection and other specific apps via their VPN connection at the same time. You can select a location either by city or by activity, such as online sports streaming, and it will connect you to an optimal server.

PureVPN Pricing is reasonable at $4.99 per month, and you can pay via anonymous payment methods such as MasterCard, Visa, American Express, PayPal, Discover Card, Bitpay, CoinPayments, PaymentWall, Alipay, Cashu, and much more. Further, there is a 7-day money back guarantee, as long as you don’t go beyond 3GB. Additionally, PureVPN offers 24/7 support in case you have technical or other difficulties.

URL: PureVPN

2. Ivacy

Founded in 2007, Ivacy was the first VPN service to offer Split Tunnelling feature. It has recently been revamped and with impressive new features, it is one of the most secure VPN services that are around. One of the newest privacy providers in the world, Ivacy offers robust encrypted tunnelling with an uncompromising Zero Logging Policy. Ivacy VPN secures subscribers’ activities and data using leading edge tunnelling protocols (PPTP, OpenVPN, SSTP and L2TP)& military grade AES-256 bit encryption.

Ivacy VPN Apps have been developed in-house ensuring there is no foreign code or malware injected to deliver advertising and pop-ups. The apps are quality tested to ensure optimal performance on all compatible operating systems.

Ivacy VPN never retains any data the provider ensures nothing is ever available against user accounts. Servers automatically delete all connection time stamps and connection data every 48 hours ensuring you are 100% anonymous and completely safe when using Ivacy VPN.

URL: Ivacy VPN

3. TorGuard

TorGuard will give you “No logging policy” and will also provide you a second layer of data security with IP configuration, which is very tough to find users IP. No logs are monitored. TorGuard VPN has multiple Socks proxy servers and VPN’s around the world. The entire data is wrapped into single packet by encryption via tunnel method through secure servers and then this data is again connected to the BitTorrent cloud, which gives it the second layer of insulation from being attacked.

Currently, TorGuard maintains 1600+ servers in over 50 countries across the world and are in continuous expansion. It retains its control on all hardware though it seeks partnerships with data centers who can adhere to strict security criteria. All servers are arranged and managed exclusively by TorGuard’s in house networking team through a single, secure key. TorGuard advises its clients to use OpenVPN connections only and for encryption use AES256 with 2048bit RSA for better security. It runs OpenVPN and will do so on Windows, MacOS, Linux, Android and iOS.

URL: TorGuard

4. IPVanish

This creates a secure environment for day to day web usage. Before user logs onto the net, it is essential to establish IPVanish VPN connection, which will convert entire online data into encrypted tunnel including emails, data transfers, online banking, instant messaging and all online browsing. The encrypted data cannot be intercepted by any third party including ISP (Internet Service Provider). It supports P2P traffic. It uses OpenVPN, L2TP, and PPTP Protocols for its operations.

URL: IPVanish

5. BTGuard

This service is based on proxy service where the user is able to hide their true IP address from the rest of the world. This is a service specially built for the BitTorrrent users to protect their anonymity. BTGuard was just a basic proxy service that user would need to configure to avail the BitTorrent service. However, now BTGuard is becoming a handy tool with its easy to install software to protect their anonymity. It also has an encryption tunnel software for users who require special security for their data. BTGuard stores username, password and e-mail addresses; however, the IP addresses are never stored.

URL: BTGuard

6. BolehVPN

It hides true location of the user by encrypting and encapsulating the entire data, which passes through the VPN, thereby making it difficult for the snoopers or the third party to intercept or decode the internet traffic. Various features of BolehVPN can be listed such as it protects the user by masking the IP address. Further, the data is encrypted throughout i.e. to and fro when it passes the VPN server, it accelerates the P2P. It also hides the true location of user due to which user appears to hail from a different location. Lastly, it also helps users to bypass certain corporate firewalls. It is based on Open VPN and SSL VPN.

URL: BolehVPN

7. HideIPVPN

It is based on combination of PPTP, SSTP, L2TP, IPSec, OpenVPN and SmartDNS. It is compatible with a huge list of operating systems Windows, Mac, Linux, Routers etc. HideIPVPN offers a very high quality of anonymity to its users on the internet wherein user can access even the blocked websites, surf the web anonymously, hide the IP address and encrypt user’s data. It does not restrict access to any online sites or services. All data going out and coming in via VPN is encrypted, secured and it also hides IP address, which means one can safely access secure websites without anyone intercepting the connections.

The encrypted data is hidden from user’s ISP and network administrator too, which means only user and the destination will be able to see what is being sent. SmartDNS service helps the user to access more than 35 online media services from around the world hence it is ideal for anyone who has limited cable access to TV channels, by using HideIPVPN user can change their DNS name and hence get easy access to the blocked TV/media servers.

URL: HideVPN

8. SlickVPN

An IP address acts as a digital signature which helps to detect the location of the user to any website or to the Internet Service Provider i.e. ISP. SlickVPN hides the true IP address of user by assigning them an anonymous one hence enabling user to hide their location from snoopers. If any user connects to SlickVPN, a connection will be created between user’s computer and our servers.

SlickVPN encrypts any data transmissions or online activity so that user’s presence is anonymous. In addition, the connection is also secured by SlickVPN so that the internet activity, usernames, passwords, emails, instant messages, downloads, uploads, etc. are shielded from third party.

URL: Slick VPN

9. Unspyable

This uses an Off-Shore VPN service wherein VPN encrypts the entire internet connection and creates an encrypted tunnel between the user’s computer and the server chosen by user from the preferred list of servers. Whenever user browses the internet, all the websites which user visited would see the address of the remote server and not the real IP address of the user. Due to the encrypted tunnel between user and server, user’s IP address is now anonymous. Hence, none of user’s information is available on the local network nor to the local ISP or to government censors and monitoring.

For users who want a higher security Unspyable also offers the Multiple Hop VPN wherein just as in Off Shore VPN the data is made to pass through a multiple off shore hops / servers which is very difficult to crack. Major benefits of this VPN are: it provides secure and private offshore email logs which is not saved or monitored, correspondence is secured using hot spots, and anonymity of IP address.


10. NordVPN

This provides a great 256bit AES OpenVPN protection and there are PPTP and L2TP/IPSec connections available. As soon as user connects to the NordVPN, a tunnel is created between user and the server and all the data in this route is encrypted. It is also one of the only VPNs to allow Tor over VPN and has a double-hop encryption system which cannot be cracked. Tor over VPN is an advanced privacy solution provided by NordVPN.

The basic principle here: User first connects to NordVPN server, which then routes all traffic through a widely known Tor network. Here, the data is encrypted within NordVPN layer at the initial stage and later sent to the Tor network. The Tor is more safer for privacy as the encrypted data is made to route through a few Tor hops and finally reach its destination helping in maintaining the anonymity of user’s vital information and also DNS traffic is  routed through the Tor network user’s will be able to access ” .onion websites” or the hidden websites just using NordVPN.

URL: Nord VPN

The VPN services provided above are the best according to us. However, there could be others too that may be better than those given above. If you know of a better VPN service, then drop the name of the provider in the comments section below that can help other readers to stay secure and private.

Also Browse:

Wednesday, 4 January 2017
Posted by Sivapriya

Top 10 Certifications to Begin Your IT Career

Are you just starting out in IT, or looking for a way to begin an IT career? The following certifications will help you verify and learn the skills needed to find a job in IT. Once you have one of these, you can begin to gain the experience and higher certifications that will land you a great IT career.

1.  CompTia A+
At the top of the list, the A+ certification is one of the most popular ways for people to break into the computer biz. The A+ certifies you as a computer technician and covers topics such as hardware, OS, and networking. 6 months of technician experience is recommended and two exams are required. Both exams lend themselves nicely to self study. So get a good book and sign up to get your A+ certification.


2.  Microsoft Certified Professional
To get any Microsoft certification, this will be the first stepping stone. You will be an MCP once you take your first exam and until you complete the exams needed for any other Microsoft certification (MCSD, MCSE, etc.)

3.  Microsoft Certified Desktop Service Technician
If you like to troubleshoot, then this certification is for you. You'll take two exams and then be able to support end user desktop systems.

4.  CompTia Security+
Two years of networking experience is recommended for this certification so the true IT newbie might be in over their head with this one. However, security is a big issue and if you have the familiarity to take the one exam required, the Security+ cert works as a prerequisite for the MCSA and CNE

5.  Certified Information Systems Security Professional (CISSP)
The CISSP certification demonstrates knowledge of IT security across a number of domains, covering everything from network security to application security to formation and management of security policies for the enterprise. The CISSP also requires more than simply passing a test to maintain the certification - those who hold the certification are required to demonstrate on-going experience and education in the field of IT security over time.

6.  Red Hat Certified Engineer (RHCE)
According to a recent survey by jobs site Dice.com, 8 out of 10 respondents indicated that hiring Linux talent was a priority for 2012, and Red Hat Linux continues to make serious headway in the enterprise. The RHCE is a challenging certification to obtain, and requires advanced knowledge of a range of Red Hat systems administration tasks. The RHCE becomes even more valuable with the completion of any of a number of optional Certificates of Expertise, which cover a range of topics such as system clustering and virtualization.

7.  CCNA or CCDA
Both of these certifications will require some dedicated training if you are new to IT. These will be tough for those considering a career change, but well worth the effort. Cisco certifications are popular and respected. Once you have the experience to back up the cert, you will be able to move on to the advanced Cisco certifications.

8.  Cisco Certified Internetwork Expert (CCIE)
The CCIE continues to be the gold standard of networking certifications, and its value is demonstrated in the continuing demand for CCIE professionals. The CCIE certification process is tough – the test consists of both a written exam and a practical lab-based exam, and only a very small percentage of applicants pass both tests the first time, with the average candidate requiring 2.5 attempts before they pass. Because of that, employers value those who do successfully complete the certification, and are willing to pay a premium for their services.

8.  Microsoft Office Specialist
If you have experience with Microsoft Office products, you can achieve a Microsoft Office Specialist certification on any one product such as Word, or Excel by taking a single exam. A Master designation requires several exams and comprehensive knowledge of multiple products.

9.  Information Technology Infrastructure Library (ITIL) v3 Foundation
The Information Technology Infrastructure Library (ITIL) Foundation certification demonstrates knowledge of the ITIL framework, which has evolved into the de facto standard for IT management in many enterprises. Companies are on the lookout for those who can demonstrate knowledge of ITIL and IT service management, especially as corporate IT organizations begin to treat IT more like a business by introducing service management standards and practices.

10.  Project Management Professional (PMP)
Demand for project management skills continues to increase, especially as IT projects continue to increase in complexity. The PMP has emerged as one of the most in-demand certifications today, precisely because it demonstrates proficiency in managing those complex projects. The PMP test itself is rigorous, and maintaining the certification requires ongoing testing and effort, which makes the PMP certification all the more valuable to potential employers.

Related search terms: Ethical hacking course in Vellore, kanchipuram, Chittor, Gudiyatham, Chennai, Ethical hacking course, Hacking course in Vellore, kanchipuram, Chittor, Gudiyatham, Chennai, Ethical hacker course in Vellore, kanchipuram, Chittor, Gudiyatham,Chennai, Ethical hacking training in Chennai, Ethical hacker training in Chennai, Ethical hacking course in Vellore, kanchipuram, Chittor, Gudiyatham,Chennai, Best ethical hacking institute in Vellore,kanchipuram, Chittor, Gudiyatham,Chennai, Ethical hacking training center in Vellore, kanchipuram,Chittor, Gudiyatham,Chennai, Ethical hacking training institutes in Vellore,kanchipuram,Chittor,Gudiyatham,Chennai, Ethical Hacking Course in Vellore,kanchipuram,Chittor,Gudiyatham,Chennai, Ethical Hacking Course in Chennai, Ethical Hacking Course in vellore.

Tuesday, 3 January 2017
Posted by Sivapriya

widget

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -