Related
hello,
anyone else a bit paranoid using third party software to store passwords and bank information? what keeps the program from sending over the pw/login file to someplace and have it hacked?
therefore, im looking for an encryption program and found secubox. however, id like something like truecrypt. anyone know of better?
thanks
Encryption for Passwords
Try keepass, can be found at http://keepass.info open source. The download section also contains link to a PPC and smartphone version.
Not had any problems so far and been using it for about 7 months.
you can also go to your settings > systems > and encyption.
to only allow your device to see whats in the storage card
Solution
koloa said:
therefore, im looking for an encryption program and found secubox. however, id like something like truecrypt. anyone know of better?thanks
Click to expand...
Click to collapse
It sounds like you're looking for FreeOTFE4PDA and FreeOTFE, which works on both PCs and Windows Mobile (see: www.FreeOTFE.org)
I read on the Tech blogs that Samsung put keyloggers on their notebook computers.
I am wondering, do they do that on their tablets too?
Read more. Samsung has already explained how it's false.
mbazdell said:
Read more. Samsung has already explained how it's false.
Click to expand...
Click to collapse
The admitted doing it...... Check slashdot...
-Sno
Snocrash7 said:
The admitted doing it...... Check slashdot...
-Sno
Click to expand...
Click to collapse
No, the guy who made the allegations *claims* that they admitted it.
It has since been shown to be false!
Regards,
Dave
So some "independent" security consultant runs his software to see about spyware or whatever, gets a false positive, news runs rampant and then Samsung gets an independent body to buy product from a retailer and test. The independent body confirms it is a false positive but I don't see any "breaking news" with apologies.
That pisses me off.
fragdagain said:
So some "independent" security consultant
Click to expand...
Click to collapse
This "so called" consultant ran an off the shelf virus checker, known to produce a false positive, and published his "results" without even a modicum of research into the cause.
He looks incredibly retarded and incompetant now, and I can't see why anyone would ever again utilize his services.
Regards,
Dave
well samsung might not be putting keyloggers. But they sure install rootkits for drm purposes (i have known that since i first got my samsung mp3 and installed media studio as a syncing program).
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
As our great spacemoose dev said why does samsung have to do everything in backwards ass possible.
DarkPal said:
Dont believe me? Open your kies folder or program files folder on your hard drive. You will find it. Its called content safer.
Click to expand...
Click to collapse
I don't have such a folder, but the existence of a folder doesn't imply the existence of a rootkit. I've tried googling "samsung kies rootkit" and found nothing.
Regards,
Dave
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
DarkPal said:
Its there. Contentsafer folder search it and google. A nosy intrusive piece of software. Search program x86 folder. Came with kies.
www.bleepingcomputer.com/forums/topic77076.html
Click to expand...
Click to collapse
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
I hate this malware bundled in Samsung softwares
foxmeister said:
OK, I have it under "C:\Program Files (x86)\MarkAny\ContentSafer".
However, I wouldn't exactly call it a rootkit - it's just installed as part of the Kies installation, doesn't try to hide itself and when you remove Kies it is uninstalled.
To me, that doesn't meet the definition of a rootkit.
Regards,
Dave
Click to expand...
Click to collapse
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
Such silent modification of media files is stupid, it breaks applications and it adds supplementary trafic to the internet each time a media file is checked (and reported to companies trying to track illegal copies, even if YOUR copies are perfectly legit).
Blame Samsung from installing this component silently (now it is no longer installed in a separate program, but directly within the installation of Kies, and it is extremely difficult to remove from there, and if it's not running, Kies will not even recognize correctly your Samsung Smartphone (and you won't be able to perform a legal firmware update to the current version for your Samsung smartphone or tablet).
I cannot understand why antimalwares do not classify this "MarkAny ContenSAFER" software as a real rootkit, it is really one because it silently modify your files, corrupts them, and logs to Korea any new media files you would have even created yourself, sending some extracts of them on request from the Korean server, so that they can check what it is. MarkAny is effectively monitoring ALL your media files (and this is also a severe privacy breach).
We should campaign immediately against Samsung for delivering MarkAny contentSafer and installing it WITHOUT your permission and for spying on every media files you use (MarkAny contentSAFER is effectively running as a DLL linked to ALL applications that start, and it will activate itself if it detects this is a known media player, including the basic Media player built in Windows with the Sound applet when you logon and a sound is played, or when your PC just wants to play a "beep" sound with the associated sound file (visibly, MarkANY ContentSAFER is silently modifying a LOT of media formats, including MP3, WMA, WMV, RA, Flash video, MPEG4, and even the most basic WAV files, if ever its file size or play diuration is above some threshold; it also alters your own JPEG photos or videoa taken with your OWN cameran, and ALL photos and videos taken with YOUR Smasung smartphone or tablet, as soon as you synchronize them to your PC, and sometimes this causes the modified media file to be corrupted and unplayable or showing some extra "garbage" pixels along the image borders) !
You can easily detect that the media files are corrupted if you start Windows in safe mode, and attempt to compute their checksum with a strong secure hash algorithm (at least MD5 or SHA1) : they no longer match the data signatures you find when running Windows in normal mode, even if their filesize is apparently unchanged.
We cannot tolerate silent watermarking of media files (notably when their security is asserted, for example for default sound files that are part of the standard Windows distribution and which are digitally signed by Microsoft, but that Markany sometimes will alter as well, when it should NEVER modify any media file which is already digitically signed : it's not the job of Samsung to verify the authentificty of Windows components, only Microsoft has a right to do that to check "genuine" Windows installations).
Let's ban MarkAny, it is a malware, causing system corruptions, and a spyware, and a software which also has its own bugs (causing other programs to hang, and even some system drivers to fail and Windows stopping with BSOD, for example when performing system backups, because it also corrupts some SCSI commands needed to control I/O access to your drives within filesystem drivers like NTFS).
I hate those illegal spiers.
Thanks!
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.........
Click to expand...
Click to collapse
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Boot into Safe Mode, Make sure if the program has icon in the System Tray by the clock that is disabled. Use the CCleaner/Tools/Uninstall option to uninstall the program. Once it is completed, boot into Safe Mode again and in CCleaner Search for ContentSafer. Delete any instances of the file. Then do another search for MarkAny. Delete any instances of the file
Click to expand...
Click to collapse
acuxda said:
Thanks for the full explanation, verdy_p. Much appreciated:good:
---------- Post added at 07:19 PM ---------- Previous post was at 07:13 PM ----------
Found a suggestion on how to remove this. I'm going to try this method - but if anyone can suggest a better way, please describe?
Click to expand...
Click to collapse
wow thank you for that explanation. that is pure evil time to boot into safe mode and eradicate this plague.
JeremySeven said:
How to remove mobile spy without losing the data?
Click to expand...
Click to collapse
I have since redone my system and flat out refused to install Kies. you can install the usb drivers separately and not get this spyware installed on your systems. as to removing it once you installed it it's just a matter of booting your desktop/laptop into safemode finding it renaming it and running a reg cleaner like ccleaner. you will however lose the ability to use Kies to install signed firmware updates etc but it's a small price to pay for peace of mind. after all your could always use Odin for flashing. the data is not actually encrypted etc just watermarked so you will not lose access to any files it touched but if you did a bit for bit comparison on them you might see the changes the watermarking did to them in a hex editor. what worry's me most about this spywear is it digitally watermarks every single media file on your computer and talls some random server in god knows what country the checksum in short nasty nasty nasty form a privacy perspective.
so, is it true that they place keylogger in KIES?
fauzanfirefox said:
so, is it true that they place keylogger in KIES?
Click to expand...
Click to collapse
Keylogger no root kit yes.
Sent from my SAMSUNG-SGH-I547 using xda app-developers app
verdy_p said:
I can now confirm that this is effectively acting as a rootkit. I noted that this malware was actually monitoring ALL your media files that are in some known formats (MPEG, OGG... and even JPEG images), in order to MODIFY them on the fly, storing a personnally identifiable tracking ID in them, within some obscure extension subtags permitted in these formats.
MarkAny describes this process as "watermarking". This behaves like a rootkit because once the malware is running, it then attempts to HIDE this watermark to the normal OS I/O operations, in order for these files to appears as if they were still clean of any alternation.
BUT....
This watermarking process not only has a very intrusive effect (no this is not a keylogger process, but a process that will report to some internet server in Korea all media files that contain any other watermark inserted by "MarkAny ContentSAFER" from another PC/user. The watermark is personnally identifiable because MarkAny ContentSafer is installed SILENTLY as a REQUIRED bundle with other softwares requiring an online registration (for example when installing Samsung Kies, you need to register an account at Samsung, and this registration includes this personal data which is sent SILENTLY to MarkAny to associate your generated UUID which will be stored in YOUR media files, with YOUR identity).
Later, if ever you use a media shared LEGALLY on your local network (suppose you have several PCs including for backups, or several virtual OS installations) and you play the shared media file, as it will not match your current personal UUID in the currently running instance of "MarkAny Content SAFER", the two UUIDs will be sent and compared online (as soon as you get an internet connection), to track how you use that media file. In addition, the existing remote watermark will be replaced by the new one (or added) in your media file.
And here comes the effect of the ROOTKIT ! This silent modification of your mediafiles is completely stupid. It effectively alter these files even if they are in fact NOT true media files.
One bad effect: you legally download a new ISO for installing Windows, and want to copy the content of tyhe mounted ISO to an USB key in order to install a PC. The installer will FAIL (missing or corrupted files), just because it runs WITHOUT the MarkAny rootkit being active to restore the expected content that the OS should see.
I had a lot of troubles just trying to figure out why all my attempts to create a bootable USB key for installing Windows on another PC constantly failed (the USB key refused to boot), until I cleaned my PC from this spyware BEFORE attempting to create the USB key (no my ISO download was NOT corrupted, but all files copied from the ISO to the USB key were immediately corrupted on the fly by this malware during the copy, if I was not connected to the Internet when creating the USB key as the watermarks supposed to be there temporarily were not in fact removed before they were checked online with the spying Korean server).
.......
Click to expand...
Click to collapse
Thanks for the information, but can you provide some proof, please? I'm interested in seeing the connection to the server in particular. Do you by chance have a wireshark capture of this?
Because I have such a large library, and a 60 GB max per month, I started uploading my library manually. I think next month I can switch it to use my iTunes library to finish off the rest. Does anyone know if the service is smart enough to know that the stuff I uploaded manually is the same as what I have in iTunes??
Why not just stream directly from your PC, with Audio Galaxy, or similar?
Well, I don't love the idea of leaving my desktop on all the time, and I like how you can manage your entire library from anywhere. I have used audiogalaxy so I know it has many of the similar capabilities. Also, I just like to try out new services, and I would imagine Google will only get better and better, and I am interested in getting started now. I have really come to prefer cloud based services over server based, I see more potential in this than audiogalaxy (personally).
I can respect that - I'm giving Googles music cloud a try at the moment also, but there are drawbacks with the file management.
For example:
If I notice an error in one of the file names on my PC and correct it, Google appears to think it's a new file, and uploads a new copy - keeping the old file, also...
If I notice an error in the id3 tags and correct that, Google thinks it's the same file, and does nothing...
Either way, I have to manually track all changes. It would be nice if there was a more intelligent interface...
Yeah, I haven't experienced that, but that's what I was afraid of. I have enough faith that Google will fix and improve all those things, and probably fairly quickly since it's Android related.
Would making some of those changes on the web interface help?
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
proch said:
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
Click to expand...
Click to collapse
Another question would be - if something like intune can enforce lock screen password policies, shouldn't I be able to do it the same way that intune does it? If so, how? If not - why not?
It's not possible to check if user enabled lock screen password or not as far as I know
but if you want to made your app secure (because it may include important data)
you can create a password for your own application !
I did it in a little notepad app my password page allow user to set a password with all English and Persian Characters , numbers and special Chars like [email protected]#$ and etc.
Sent from my RM-994_eu_poland_1183 using Tapatalk
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
GoodDayToDie said:
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
Click to expand...
Click to collapse
Thanks for this great and detailed information. See, that's exactly what I'd do if I were developing a desktop app - since i know that intune does it, I'd figure out how intune does it and voila. I'm finally getting over the idea that the same methodologies apply to windows phone development.
For my own educational purposes (since I want to understand this platform better), I would really like to know specifically how you go about accessing the registry APIs (for example). If there's any way for you to describe any number of these methods, I'd greatly appreciate it. Thanks again!
My NativeAccess libraries (check my signature, or search on the forum or on Codeplex) contain an example of one way to access the registry. The code is open-source; you may use the libraries as-is (don't expect to get them into the store, though I won't stop you from trying), use the source code as a reference, or modify/build them yourself; the license is very liberal (MS Permissive). The functions I use are generally documented on MSDN, in the desktop APIs section; the phone has the same functions, although the DLL names are changed and the header files hide them.
Hi,
So, Android has a permission system which albeit somewhat flawed (malware can gain permissions not intended for it) and not very suitable for laymen (non rooted phones have to either accept all permissions or be denied from the app. In many programs people don't have the luxury of not using them) theoretically has merit. IOS has...well actually I'm not sure how it works security wise but I pressume it creates sandboxes for each app, layman wise it is reasonable since you (theoretically) can deny access for all programs to certain components (no need to jailbreak).
How does WP works?
Thank you.
Security is different, apps can't do as much as on android. But iOS is better in this, because capabilities are like in Android: you can see what the apps want prior to installing them, but blocking some of them isn't possible.
I am very saddened to hear this.
Is there an ability in place similar to Androids rooting?
Also, what do you mean by "apps can't do as much as on android"?
Thank you!
@th0mas96's post is technically *mostly* accurate but very confusing and doesn't actually answer your question at all.
The short version is that WP apps use a capability-and-sandbox system much like iOS and Android, with each app getting a sandbox that gives it read-only access to the app-specific install directory and the global system directory, read/write access to the app-specific data directory, and access to whatever other stuff is specified in the capabilities. Capabilities are currently all-or-nothing; you can't reject or disable any capability except by just not installing the app.
I could go into the technical implementation of the system a bit, but the short version is that WP8 apps use fairly standard NT (as in the NT kernel that is at the core of PC Windows versions) security features: each app has a unique token (rather than inheriting the token of the process that crated it, the way it normally works on PC but very much like how Windows Store apps work on Win8) which contains the app-specific Security IDentifier (SID) that gives access to the app directories, plus the SIDs of the various capabilities that the app has.
What @th0mas96 was talking about is that WP capabilities usable by third-party developers are much more restrictive than they are on Android. For example, Android allows an app have full read-write access to your contacts or to send SMS directly. WP8 doesn't allow that unless you use capabilities that are normally neither allowed on the store nor allowed in sideloaded apps (Microsoft's code can have them, of course - that's how the built-in SMS app works - but not Joe Random Dev). The downside of this is obvious; some app behaviors (like a full replacement for the SMS app or phone dialer) are not possible. The upside is that apps are *way* more limited in how malicious they can be; the most common way that Android malware makes money (remember, the vast majority of malware is for profit) is by sending SMS to "premium" numbers. On WP8, an app could *compose* such a message, but it couldn't *send* it for you (unless it had a capability that third-party apps normally can't have) so you'd have a chance to see what the app was doing and decide not to send that message after all.
This means that the ability to disable capabilities is much less important on WP8 than on Android.
Oh, then those restrictions are actually good news.
Aside from from your typical run-of-the-mill malware my main concern was actually privacy. I have a huge displeasure from apps like Whatsapp which on android takes a whole plethora of liberties and was hoping that perhaps some other system may contain their user data voracity and their ability to control the divice their on.
Is there any link in which I could see the full list of those restrictions?
I'm still downhearted from not having a more fine grained control of the system but maybe it still has it uses in some scenarios...
Also, thank you very much for your comprehensive explanation!
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Window phone Security Issues
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
grilledcheesesandwich said:
i found a tiny file stored inside some of the unbranded htc accord RUUs. its call disablewriteprotect.test. the only thing the file contains is a sentence stating write protection will be disabled until this file is removed. followed by a music note and some other symbol. so there you go thats how you make your entire htc 8x read and write. one file less than 1kb in size. ROOT!
but how can we flash this file. im still working on it. this file is located within the efi partition which also houses the ffuloader.efi, and severl other efi executables. check this post http://forum.xda-developers.com/showthread.php?p=53687985#post53687985
you wont find that on google search.
Sent from my Galaxy Nexus using XDA Free mobile app
Click to expand...
Click to collapse
Sounds interesting.
Not something I'd try )) but interesting.
Aman Raien said:
Your Windows Phone is secure by design. Many security features are turned on by default. For example, apps you download from the Windows Phone Store are tested by Microsoft and encrypted to make sure you don't accidentally install malicious software on your Windows phone.
Set a password
Setting up Kid's Corner
If you've ever handed your smartphone to a child, you know that they can quickly get into all sorts of apps and settings they shouldn't. No such worries with Kid's Corner, a place on your phone where your child can play with the games, apps, music and videos
Use the free Find My Phone service
Say yes to updates . check out more at Master Software Solutions - Windows Phone Update
Click to expand...
Click to collapse
I pressume this is an advert for Master Software Solutions, but nevertheless I did google the term you suggested and got nil results. I also browsed the main site of the company itself but haven't found anything related, nor did I find anything on their facebook page.
Regardless, I checked out this Kids corner thing, it's cute but not really security related...
Thx anyway.