Well it was just a matter of time before this happened 🙂 a trojan for Android, well I am sure that other threats exist out there for Android phones but this sounds like one of the more ‘professional’ ones.

—- from talkandroid.com —-

Today, mobile security company Lookout released some information regarding a new virus found in the wild, and it’s targeting Android phones. The virus comes to us by way of China, and has been dubbed “Gemini”. The app attaches itself to legitimate applications, such as:

  • Monkey Jump 2
  • Sex Positions
  • President vs. Aliens
  • City Defrense
  • Baseball Superstars 2010

According to Lookout:

The specific information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). At five-minute intervals, Geinimi attempts to connect to a remote server using one of ten embedded domain names. A subset of the domain names includes www.widifu.com, www.udaore.com, www.frijd.com, www.islpast.com and www.piajesj.com. If it connects, Geinimi transmits collected device information to the remote server.

We will say this, however… this isn’t a giant threat. In order to get infected, you would have to install an sideload app from a 3rd party or Chinese Market, meaning the trojan doesn’t come to your phone by way of the official Android Market. So be careful out there, users, and always make sure your apps are coming from a legal, legit source. Lookout Mobile Security, however, has been updated to protect against the malware, so be sure to get it here if you aren’t already using it.

http://www.talkandroid.com/24949-new-android-trojan-virus-discovered-dubbed-gemini/

Just stumbled across something I thought I’d share, it’s an interesting collection of video-clips from Dan Tentler on People hacking and more – quite interesting although I’m somewhat sceptical of the more fantastic parts of the scope – like people just handing over money, phones etc. on the street because you ask them to.. like some sort of instant hypnosis – but hey I may be off here..

Anyway, take a coupple of minutes and have a look;
All videos here; http://www.atenlabs.com/peoplehacking/

Sample here;

Interested in Crypto?  then you should read this interesting blog post on Kryptos (see photo).
http://www.wired.com/threatlevel/2010/11/clue-kryptos/

Kryptos is a legendary “sculpture” with an embedded secret message hidden by the designer that has yet to be uncovered.
Read about Kryptos here; http://en.wikipedia.org/wiki/Kryptos

In a display of just how horrific federal agencies can use the Anti Terror laws etc. to bully or harass people of a different opinion you should read;

Another Hacker’s Laptop, Cellphones Searched at Border
http://www.wired.com/threatlevel/2010/11/hacker-border-search/

The sum of the article is that known and respected computer-security researcher Moxie Marlinspike was detained by federal authorities for 4½ hour when reentering USA, his equipment was confiscated and possibly cloned (returned to him afterwards), all because his name has made it to a federal watch list.

Comment by Mike@Readmydamnblog
This is  just so absolutely absurd, it’s a clear proof on how the new Anti Terror laws etc. are being abused by law enforcement to harass people that do not play by their tune. Information wants to be free, you can’t bully people into submission.

As you may have read I jumped on the Android wagon earlier, it’s a cool phone not quite as stylish as the iPhone but a LOT cheaper and more open.

One annoying thing however is, that applications ALL seem to require obscure access to run – access to geolocation, access to sim card, access to contacts, access to sd card, access to make phonecalls and full access to internet… and it’s not as on the iPhone where you are asked if this is ok, no once you install the software you are informed about the rights the software wants and you then have two options install or not..  strange and annoying, why can’t I select what I want to give access to?

Anyhow, what we need is a firewall for the device, and someone has been kind enough to make one Droidwall 😀  sadly it requires root access 🙁
http://www.appbrain.com/app/droidwall-%28root-required%29/com.googlecode.droidwall

The issue came up today when a coworker told about his Windows 2000 machine he had at home that he had forgotten the password for, now for corporate use we have the Microsoft ERD commander cd (previously Winternals) which works perfectly..  but that is for corporate use (SA license required)..

Anyhow, I remembered there was some strange utility that could do the same thing, it took a little googeling but I quickly found it it’s;
http://pogostick.net/~pnh/ntpasswd/

Free and all 🙂

Another approach would be, find KonBoot (the first version was free, but it has now gone commercial) it may be a bit hard to find the free version but it is out there and works..  Boot with KonBoot, bypass windows logon (password can be bypassed by leaving the field blank), now create a new admin account (eg call it “admin”)- set password – make this new user member of the local administrators group.  Now boot without KonBoot and login with this new account, you can now change the password for the real administrator account…  (it may also be possible to change the password for the administrator account while booted via KonBoot, but I am not 100% on that)..

I managed to find KonBoot here; http://www.darknet.org.uk/2009/06/kon-boot-reset-windows-linux-passwords/ 

Problemo solved 🙂

In these days Internet security is more important than ever, would it not be neat if you could run all your Internet traffic through a big filter to filter out all those nasty viruses, malware and privacy concerns!?   Well, if you happen to have an old PC lying around or as I have a server running MS-Hyper-V then you actually can fairly simple (and free)..

Ok, you may have heard about such solutions as; Smoothwall, monowall and others like them?  These are basically routers/firewalls, and could with a PC (and two nics) replace your broadband router, they contain complex firewall capabilities and maybe even VPN connect possibility.  All very cool and quite easy to setup and use..

Untangle go a step further than this, to the basic router capability is added firewall, vpn, antivirus scanning, privacy filter, ad filter, spam filter, captive page and much much more.  The best part is that most of this is free, you can download a bunch of apps and install these (this is point and click, so no linux knowledge is required).

So how does it work, is it a proxy or is it a gateway or what?  Well once installed you set the LAN nic IP as the default gateway and viola all traffic is now filtered against malware, virus, spam, privacy concerns and what not..

I setup my Untangle box as a Hyper-V machine on my Windows 2008R2 server, gave it 640mb ram and two cpu’s and a 120gb hard drive (of which it is now using aprox 6-7gb).

Once installed you configure everything via the web-interface (not on the box itself if you use Hyper-V, but on you own pc);

So a few notes on installing the app as a hyper-v virtual server;

  • Obvious disadvantages, you will never be able to install the Hyper-V additions into the Linux box, thus no mouse ever which leaves the user interface on the installed box useless.
  • I had to run the installation 4-5 times before I succeded, dont know why it failed but it was as if the installer just stalled during the installation, thus I suggest you take a snapshot once you manage to install the basic system (now you can always revert to here).

Ok, let me just give you the quick tour of installing the thing, it is not a complete guide
(so no screenshots and some obvious steps may be omitted, but if you know a bit of Hyper-v’ing it should not be too hard);

1. Download the Untangled install cd from; http://www.untangle.com/Downloads/Download-ISO

2. Create a new Hyper-V machine (I suggest 640mb ram, 2 cpu’s), replace the NIC with two legacy NIC’s (required to work), an IDE drive – I used a dynamic drive of 120gb but I think performance may be better if you set a static drive of perhaps 20gb, mount the downloaded ISO as the CD rom. Tweaks; you can stick to one legacy NIC if you do not plan to use the box as a firewall (eg. if you have a HW firewall in your ISP router etc), some things will not work with only one nic but most will.

3. Start the system and select the Text based installer (as you have no mouse in hyper-v), I seemed to have better luck with the advanced installer..  You should set static IP’s so decide on two IP’s before getting started.

4. Once the installation is complete switch to your browser and connect to the IP you set as the LAN side during install

5. Take a snapshot of your of your Hyper-V machine.

6. Now download the “open source pack”, on the left of the interface.

7. Configure the different modules, I suggest you disable/turn off the firewall, anti spam, PG, intrusion prevention features (unless you plan on using the device as your main router) as this will speed up performance.

8. Now set the LAN NIC IP as your default gateway on your pc (or on your DHCP server)

You can even set up a captive page, this will require people to have a password in order to access the Internet quite cool – sadly it does not support limiting bandwidth, download ratios etc. but well it’s still cool.

Don’t worry if your first or second install fails, as mentioned I had to do multiple installs before it succeeded, but now it runs fairly smooth.  I have experienced that the web-interface was unavailable (network still worked, but I could not reach the interface), but after a reboot everything was back online.

Read more here; www.untangle.com  –  http://wiki.untangle.com/index.php/Untangle_Server_User’s_Guide

Hopefully you have your Windows machine set to receive updates automatically?  But do you ever check that updates are actually downloaded, and installed and what about third party software?

Well, this tip is an oldie, but still quite good and worth a mention;
Secunia (a very skilled security company) offer several products for evaluating your Software readiness (ranging from corporate products to free online personal scanners).
Check it out at (at the very least do an online scan);
http://secunia.com/vulnerability_scanning/online/

CNet also offers a new product called TechTracker which more or less does the same thing;
http://www.cnet.com/techtracker/?tag=mncol;pm

I have mentioned anti spam methods before (eg. http://www.mailexpire.comand more), these are quite simple methods with witch you can create a forwarding email with a limited lifespan, and thus it does not matter if spammers get hold of the email.

One drawback to this method however has been that you actively need to create this antispam email address in advance or when you need it, with mailexpire.com this requires you to create a new account and validate it before it can be used.  This in some cases can be an inconvenience as you just need a ‘quick’ address here and now.

Well now there is a new player on the marked, and this service has a few very nice advantages.

The new service is called;
www.spamgourmet.com

What is cool about this service is that once you have setup your account you can create new aliases on the fly without logging in or other time consuming steps.  How you ask, well it’s quite easy actually but requires a bit of explaining.

Here is a brief description of the process;

You create an account with www.spamgourmet.com,

to this effect you choose/create your own private alias – as an example we will choose “LUNAR”.  Now you have actually done most of the work and can create new aliases on the fly, this is how;

You visit a site that requires your email to download whatnot software, lets say the site is called www.downloadme.com.  Now you need to create a new disposable email on the fly, and you can do so simply by making up a new sub email address in this format;

<SOMETHING>.<YOUR ALIAS>@SPAMGOURMET.COM

in our example where the site is www.downloadme.com and our alias is LUNAR this address could be;

downloadme.lunar@spamgourmet.com

Let’s say that later you goto a new site www.uploadme.com and again you need a new disposable email address.  This could be;

uploadme.lunar@spamgourmet.com

As you can see is pretty simple to use once it is setup.

What is even more engenius is that the email account you create on the fly will ‘selfdistruct’, it does so by stopping to work after 3 mails have been received (you can via advanced options set it to a different number, but 3 is the default).  Thus if: Downloadme.lunar@spamgourmet.com is suddenly spammed you will receive a maximum of 3 emails, quite clever.

Of cause there are advanced settings, here you can change the default number of emails, setup advanced security and add trusted hosts (plus a lot more), some settings can even be set on the fly aswell – you can thus set the number of mails you want to recieve as part of the email (example. upload.10.lunar@spamgourmet.com will allow 10 emails to be recieved, the maximum number is 20)..

The service appear to be fast and forwards mails within 1-2 minutes, although I have experienced a slight delay from a download page – but this could just as easy be caused by the download site and not spamgourmet.com

Alternatives;
There are numerous alternatives as described in a previous post, I have used MailExpire.com quite a number of times – here you can create accounts with a limited lifespan which you can shorten or extend on the fly.

Spamgourmet.com is however as far as I know the only service that offers dynamically created emails. 

Well this is actually not true as such, there exists another type of service eg. Dispose-A-Mail www.disposeamail.com (there are many services similar to this) – DisposeAMail however works quite differently from Spamgourmet.com.  To use DisposeAMail.com you simply invent an email when ever you need it eg. I-JUST-INVENTED-THIS-MAIL@disposeamail.com and give this to whomever/whatever site requires your email, then you can goto www.disposeamail.com and enter I-JUST-INVENTED-THIS-MAIL@disposeamail.com (or what ever you decided on) in the “Check inbox” and click go..  You can now see whatever mail is received by “I-JUST-INVENTED-THIS-MAIL@disposeamail.com“…  One obvious drawback here is,  everyone else can do this too – there is absolutely NO SECURITY if people can guess the email address you invented they can check it – so OBVIOUSLY you should never use a DisposeAMail for something that involves password or private/personal data etc.

If you run an older version of Mdaemon 10.x (email server) then you may find this “error message” in the SMTP logs; “The date is grossly in the future”, this is caused by a bug in Spamassassin one of the antispam solutions used by Mdaemon, the problem is that this caused the spam score to get rather high and may cause Mdaemon to discard legitimate mails as spam.

You can ofcause upgrade your Mdaemon installation, but if for some reason you prefer not to do so this is the workaround;

The workaround(besides paying for updates), is to edit the rule-set.

C:\MDaemon\SpamAssassin\rules\local.cf

Add the following line score

FH_DATE_PAST_20XX 0.0

Restart Spam Engine

Curtesy of; http://www.ninjahdev.com/node/8

Just found another tip, change the end of this line to the latter (both solutions should work);

MDaemon\SpamAssasin\default_rules\72_active.cf:

{ FH_DATE_PAST_20XX header FH_DATE_PAST_20XX Date =
~ /20[1-9][0-9]/ [if-unset: 2006]

Change to;

 /20[2-9][0-9]