Most of us use the cameras built into our smartphones, but many people are not aware that when they snap a picture, personal data may be embedded inside the picture.
This data is referred to as ‘exchangeable image file format‘ (or EXIF) data and can include your exact location using GPS co-ordinates. If that picture is then uploaded to the internet, another person can download the picture and inspect the EXIF image data, pinpointing you.
In a previous post on this topic, I mentioned how EXIF image data was used by the FBI and Australian Federal Police to track down a member of the hacker group ”CabinCr3w”. This occurred again more recently when John McAfee (founder of McAfee Antivirus) was located after a reporter published online a picture of the two, which contained GPS co-ordinates of his (once) secret location. (Source)
While the Location services can be turned off in the settings of your smartphone, they can also be a useful feature.
Another option is to scrub the EXIF data from the image using an app on your smartphone. I have been using an Android app called Photo Editor (Google Play Store link)
EXIF Image Data competition – Can you find me ?
Click on the photo above to view it full size. Download it, View it, Share it.
Can you find my address ?
If you can find the location (street name) stored in this picture, you could win a $25 discount voucher, for use on your next booking.
Email your answer to: firstname.lastname@example.org
The first correct answer received by email will be announced the winner.
On 8th February 2013, a new documentary was released directed by Simon Klose. The documentary “TPB AFK – The Pirate Bay Away From Keyboard” is based on the lives of the three founders of The Pirate Bay – Peter Sunde, Fredrik Neij and Gottfrid Svartholm.
Of course, The Pirate Bay is one of the best known file-sharing brands and the site has a well-earned place in Internet history. Swedish filmmaker Simon Klose has documented part of their struggle as they are targeted by several court cases over the years.
What not many people know is that the three founders of The Pirate Bay often pretended to get along in public, but had some big fallouts in private. This becomes quite apparent in the documentary.
TPB-AFK is the first film to premiere both online and at a major film festival, and can be downloaded and shared for free. The full film is released under a Creative Commons license onto The Pirate Bay and other BitTorrent sites. 3 versions of this documentary are legally available for download from the Pirate Bay website.
The film runs for 122 mins.
YouTube Link: http://www.youtube.com/watch?v=eTOKXCEwo_8
Torrent Link: https://oldpiratebay.org/torrent/6243351/TPB-AFK-2013-720p-h264-SimonKlose
Here is the trailer for the documentary, called TPB AFK.
Why pay for a separate Mobile Internet connection for your laptop, when your phone already includes a Data Allowance ? A few people answer: Because I don’t know how to setup an Android WiFi Hotspot.
This is a short guide on how to setup a Portable Wi-Fi Hotspot on your Android phone, and connect a Windows laptop to it.
You can then cancel your laptops Mobile Internet connection and save a few dollars.
Step 1: Configure Wi-Fi hotspot on Android phone
In the Android phone settings you will need to find the “Tethering and portable hotspots” menu. In this example (using a Samsung Galaxy S2 running Android 4.0.3) it is found by tapping the Android Settings button from the main screen, then tapping “Settings”, then “More” and “Tethering and portable hotspots”.
Initially you will need to configure your Wi-Fi Hotspot by selecting the “Configure Wi-Fi Hotspot” option.
In the following screen (shown right) you will need to enter a Network Name (SSID) and select what Security you want to use, then enter a Password (if applicable).
Remember these details: Later you will locate this network name (SSID) using your laptop and enter the password.
Tap “Save” to return to the “Tethering and portable hotspots” menu.
Step 2: Activate your Wi-Fi Hotspot when required
It is good practice to only activate your Wi-Fi hotspot when you need it.
Using your Android phone, navigate to the “Tethering and Portable Hotspot” menu, then tick the box next to “Portable Wi-Fi Hotspot”.
This will activate your hotspot using the settings you just configured.
The Wi-Fi Hotspot icon will appear in the status bar of your Android phone, as shown below.
If this step seems a little cumbersome to use frequently, there is also a free Android App available, called Portable Wi-Fi Hotspot, that will turn your Wi-Fi Hotspot on/off using a desktop icon, without you having to navigate to the “Tethering and Portable Hotspot” menu.
Google Play Store link:
Step 3: Connect the Windows Laptop
Using your Windows laptop, click the Wireless networks icon in the system tray (next to the clock) and you will see your Android Wi-Fi Hotspot in the list of available networks.
Select the Wi-Fi Hotspot network name and connect to it, using the network password (if applicable). If you select the “Connect Automatically” checkbox, Windows will remember these details and connect automatically whenever the Android Wi-Fi Hotspot is active.
Multiple computers can be connected to the Wi-Fi Hotspot, and can use large amounts of data, quickly. Make sure you keep an eye on your phones monthly data allowance using your ISPs free App (if available).
Android phones come with a built-in file explorer, called “My Files”, but this app can only browse the phones memory card.
To improve your Android Windows Networking and copy files easily across the network, download and install a free app such as ES File Explorer, available from the Google Play Store.
First, lets setup a Network Share folder in Windows, which will be visible on the network, and to the phone. Once set, Windows will remember this share setting.
On your PC, using Windows Explorer, browse to the folder you want to share. In the example picture shown below, I am using the ‘New Folder’ on the desktop. (Click on the image below to zoom in)
Windows 8 Network Share Folder
To setup a folder as a Networked Shared Folder in Windows:
- Right-click on the folder you want to share.
- Choose ‘Properties’, and then the ‘Sharing’ Tab.
- Click on the “Advanced Sharing’ button.
- Select the “Share this folder” checkbox, and enter a name.
- Click the ‘Permissions’ button.
- Select ‘Full Control’.
- Click ‘Ok’, ‘Ok’ and ‘Close’.
This folder is now visible on the network and you can access (read and write) this folder from other network devices. You can repeat this process for multiple folders on multiple devices.
Now to the Android phone: To transfer files wirelessly using ES File Explorer on the Android phone, you will need to be connected to your network Wi-Fi, and download and install ES File Explorer from the Google Play Store.
Left: Android Phone, Middle: Network Devices, Right: Share Folders
When starting ES File Explorer, the ‘Local’ phone memory card is displayed, and you can swipe to the right to see the devices on your network.
Alternatively you can tap on the ‘Local’ button to bring up this menu (right), where you would select ‘LAN’.
Initially you will need to add your PC. To do this tap the Android Settings button, then tap “New” and “Server”. Enter the IP Address of your PC and a friendly name in the “Display As” box. Depending on your networking you may need to enter Login and Password details for that PC too.
Tapping on the PC (Eg: WIN8-AMD) displays a list of the shared folders within it, and tapping on those shared folders will navigate you to the shared files.
ES File Explorer also uses a handy toolbar featuring buttons for common tasks such as selecting, cutting, copying, pasting, and deleting files.
ES File Explorer can also connect to nearby devices via Bluetooth, and Web / FTP Servers on the internet. Here’s a short YouTube video demonstrating these and some additional features:
ES File Explorer lets you copy files to/from your Android phone and your PC.
Google Play Store link:
After a long wait for delivery, I finally received my Raspberry Pi just before Christmas. Although the Raspberry Pi is being used for all sorts of interesting projects, my first project is to set the Raspberry Pi up as a networked media centre pc, with remote control from a smart phone. This will essentially turn an old, dumb TV into a smart TV.
Existing Media Server
I already have a Windows 8 Media Centre PC, connected to a 42″ Kogan TV, which handles Live TV and recording, plus storage of movies, TV and music files. Live TV signals are handled using a Winfast DTV200DS dual digital TV tuner.
This Windows 8 PC runs XBMC 11 (Eden) with PVR support, and is called AMD-XBMC. It has a static IP address of 192.168.1.3
I setup AMD-XBMC to allow remote control using port 9999.
Installed MediaPortal TV Server to stream Live TV to other instances of XBMC.
The Raspberry Pi comes with 2x USB ports, which will be populated with a TP-Link WN821N 300M Wireless adapter, a Logitech MK320 Wireless KB/Mouse dongle.
After installing Raspbmc, I inserted the SD Card into the Raspberry Pi and booted it. After the normal Raspbmc setup procedure, XBMC started and I renamed this instance of XBMC to Pi-XBMC.
I assigned a static IP address to the Pi-XBMC of 192.168.1.4 using the Router administration page, and setup network details inside XBMC.
I purchased licence keys for MPG and WMV codecs from Raspberry Pi store, which cost AU$4.85. I input the codec details into the Raspbmc settings inside XBMC, which updates the Raspberry Pi’s config.txt file.
I setup Pi-XBMC to allow remote control using port 9999.
Toshiba L650 Laptop
I also have a Toshiba L650 Laptop running Ubuntu 12.04 which will be used to display media at times.
I downloaded and installed XBMC (Frodo) and named this instance of XBMC as Toshy-XBMC.
I assigned a static IP address to the Toshy-XBMC of 192.168.1.5 using the Router administration page.
I setup Toshy-XBMC to allow remote control using port 9999.
Samsung Galaxy S2
Within the XBMC Remote app, I setup AMD-XBMC on 192.168.1.3, the Pi-XBMC on 192.168.1.4, and the TOSHY-XBMC on 192.168.1.5 – with all 3 using port 9999.
I note that the XBMC Remote app is still in Beta form and therefore has a few error messages popping up on screen from time to time, but remote control functionality is perfect.
Currently streaming media from AMD-XBMC to Pi-XBMC, using the smart phone as a remote control.
[Project in progress – updates to come]
Quick Tip: If you need to check the batteries on your remote control, you can do it easily with a smar phone camera.
Many households have 5 or 6 remote controls lying around the house. Sometimes, they stop working and you don’t know what happened.
Most remote controls use infrared light to transmit the signal. The human eye cannot see this light, however a camera can.
Simply open your smartphone camera and point it at the business end of the remote control. Press a few buttons on the remote and you should see a light emitting from the remote control.
If you fail to see a light emitting from the remote, then swap the batteries and repeat the test.
Human eyes can’t see infra-red colour, but our phone cameras can.
Browser Autocomplete is a feature in most modern web browsers. It’s a handy feature which saves time by storing passwords for later use.
Firefox Browser Autocomplete
In this short example, I’ll use Internet Explorer to log into a Google account. As you can see, Internet Explorer asks if I want it to remember this password.
Internet Explorer Browser Autocomplete
While this feature can be handy, it does present a security issue as a freely available hackers tool will mine these stored passwords and display them.
Hacker tool displays stored passwords
Disabling Browser Autocomplete is a simple process, which is shown below.
Turning off the Auto-Complete feature:
The Internet Explorer Auto-Complete feature can be disabled by following these steps.
- Open Microsoft Internet Explorer.
- Click Tools and then Internet Options.
- In the Internet Options window click the Content tab.
- Click the Auto-Complete Settings button.
- Uncheck the option User names and passwords on forms.
The Firefox Auto-Complete feature can be disabled by following these steps.
- Open Mozilla Firefox.
- Click Firefox/Tools and then Options.
- In the Firefox Options window click the Security tab.
- Click Saved passwords to view and clear history.
- Uncheck the Remember passwords for sites option.
Avoiding dodgy emails
Phishing is an attack used by hackers to gain access to private information such as credit card numbers and user passwords.
Phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft.
Pictured is a screenshot from a phishing email I recently received from a client who was suspicious.
What would the natural reaction from an account holder be?
“I never sent Nickolas Sims $498 – I’d better click the link and put a stop to this” Of course that sense of emergency may mean you get flustered and click the link and fall for the fake PayPal site. Enter your details and the bad guys have it.
So let’s have a look at the warning signs:
Incorrect recipient address information
The email is addressed to multiple recipients, as if this payment was made by you AND all your friends (I’ve obscured the email addresses for privacy)
The email says “Dear PayPal Customer” – Phishing scams rarely know the real names of its targets and tend to rely on general greetings like Dear user. PayPal know your name and use it when emailing you.
Hyperlinks in email messages should be distrusted in general, but long and convoluted hyperlinks like the one below should cause heightened suspicion.
Normally PayPal resides at the URL PayPal.com. If you hover over one of the links (as shown below) you will notice the link actually goes to a website in .com.ar – that’s Argentina.
No offer of additional information
There is a “Help Centre” link but that link goes to the same website address based in Argentina. In fact ALL links go to exactly the same address!
Warnings from email client
A well-designed email client may detect many of the irregularities listed as well as check for suspicious points of origin (e.g. spoofed emails) and links to insecure servers.
Warnings from web browser
If for some reason you actually clicked on the URL, your web browser might give another warning, alerting you that the URL has already been reported as a forgery, or is not secure.
Most phishing email messages wont contain all of the above characteristics and probably will contain other defining characteristics not mentioned. Phishing is an evolving practice due to its lucrativeness and increased usage by organized crime.
If you receive an email that contains one of the above characteristics then be extremely cautious. If the email is threatening the termination of a service, simply let it happen. No company worth doing business with is going to maintain its records by firing off thousands of email messages to various Hotmail and Yahoo accounts in hopes of reconciling its financials.
How can I protect myself from a phishing attack?
There are several steps you can take to protect your computer from today’s cyber threats. Following the simple guidelines below will help minimise the risk of attack.
- Be very wary of any email messages asking for personal information. It’s highly unlikely that your bank will request such information by email. If in doubt, call them to check!
- Don’t complete a form in an email message asking for personal information. Only enter such information using a secure website. Check that the URL starts with ‘https://’, rather than just ‘http://’. Look for the lock symbol on the lower right-hand corner of the web browser and double-click it to check the validity of the digital certificate. Or, alternatively, use the telephone to conduct your banking and report anything suspicious to your bank immediately.
- Don’t use links in an email message to load a web page. Instead, type the URL into your web browser.
- Check if your anti-virus program blocks phishing sites, or consider installing Kaspersky Internet Security (links below) or other antivirus software that alerts you to known phishing attacks.
- Check your bank accounts regularly (including debit and credit cards, bank statements, etc.), to make sure that listed transactions are legitimate.
- Make sure that you use the latest version of your web browser and that any security patches have been applied.
Protect your identity from phishing attacks
Prevent cybercriminals from stealing your digital identity thanks to anti-phishing protection technologies inside Kaspersky Lab’s Internet security software which leverage lists of known phishing websites, proactive anti-phishing technologies and the latest information from the cloud.