Mar 31, 2017

Verizon set to royally screw over their customers with spyware now that Congress voted to repeal privacy restrictions

Congress recently moved to screw over all American's by voting to repeal broadband privacy restrictions allowing internet service providers to actively spy on their customer's internet usage and sell that information to the highest bidder. A few days later Verizon made it known that they plan to step up their douche-baggery by also installing spyware on their customer's smart phones!

From EFF:
Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app. 
Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices.
Isn't that just lovely? Don't worry though, you should be able to stop douchey big brother Verizon from watching all of your phone activity. There are a couple of ways you can disable Verizon's AppFlash.

From The Hacker News:
How to Get Rid of ‘AppFlash’ on Your Verizon Android Phone 
Users can get rid of this bloatware in two ways: you can either root your device and remove the app in question, or only disable the app.
  1. Root to remove AppFlash from Android: Since the company has made AppFlash a default app on the home screen of its Android handsets to help users search content and browse the internet, the app can not be uninstalled.

    So, in order to uninstall AppFlash, you are required to root your Android device and then delete the app from your storage memory.
  2. Disable AppFlash without Root: Since rooting is a dangerous process that void your device warranty, you can simply disable AppFlash.

    Disabling bloatware apps on newer phones is easy, as Android has a built-in way to do this, which doesn't require any root access.

    Just head on to Settings → Apps (or 'Applications' on some phones) → AppFlash. Now open it and click 'Disable,' 'Force Stop' and then 'Clear Data' as well.

I'm not sure how the folks at Hacker News got the above information, but on my Google Pixel I don't have AppFlash installed (Yet) so I can't test disabling it myself. If it's like most bloatware that comes on phones these days, I'm sure they are right though. Let's hope... for privacy purposes anyway.

What do you think about this? Are you ticked off? Don't care? Let us know in the comments!

Mar 30, 2017

How to fix WinEvtLog: Security: AUDIT_FAILURE(4625) caused by Windows Defender

I've written in the past about how I really like the built in Windows Defender as my antivirus of choice in Windows 10 and above. More specifically, I wrote about how to configure it for regular updates and scheduled scans. Well, I recently went back to it on my main laptop and when it kicked off it's first quick scan all of a sudden I noticed a lot of alerts coming from one of my work servers!

The alerts I was seeing were WinEvtLog: Security: AUDIT_FAILURE(4625) coming from our host based intrusion detection monitor.  Our log monitor was also sending alerts saying Microsoft-Windows-Security-Auditing: An account failed to log on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: S-1-0-0. All of the alerts listed my computer's host name as the account that was failing the audit!

Well, it turns out that by default Windows Defender wants to scan network files and network file shares. That's honestly pretty annoying since we have antivirus on those servers already, and I don't need Windows Defender to scan anything except what's on my local machine. It's also annoying because it kicked off all of the alerts!

Well, to disable network scanning is fairly simple. You just need to open powershell as an administrator and run the following:
  • set-mppreference -DisableScanningNetworkFiles 1
  • set-mppreference -DisableScanningMappedNetworkDrivesForFullScan 1
To see what settings you have enabled or disabled you can run the following from powershell to get a list:
  • get-mppreference

As you can see above, network scanning has been disabled. Now when I run a scan, it stays local to my computer only and doesn't kick off anymore alerts!

Did you find this helpful? Let us know in the comments!

Mar 28, 2017

Man possibly jailed forever for not giving up his encryption password

Cryptographically secure pseudorandom number g...
(Photo credit: Wikipedia)
I am a huge proponent for encryption. I'm also a huge proponent for the 5th Amendment which protects you from self incrimination through testimony. Apparently a judge in Philadelphia as well as the 3rd US Circuit court of appeals says the 5th Amendment doesn't apply in this particular case.

You see, Francis Rawls was charged with possession of child porn which is a horrendous crime. The issue here is that in order to make the case against him the police seized a number of devices including some encrypted hard drives. Without the contents of those drives, the prosecution doesn't really have a good enough case to really throw the book at him. Rawls apparently won't give up the passphrase for the drives citing the 5th Amendment despite the court's order, so Rawls is being held indefinitely until he coughs up his passphrase.

From Ars Technica:
On Monday, a US federal appeals court sided against a former Philadelphia police officer who has been in jail 17 months because he invoked his Fifth Amendment right against compelled self-incrimination. He had refused to comply with a court order commanding him to unlock two hard drives the authorities say contain child porn. 
The 3-0 decision (PDF) by the 3rd US Circuit Court of Appeals means that the suspect, Francis Rawls, likely will remain jailed indefinitely or until the order (PDF) finding him in contempt of court is lifted or overturned. However, he still can comply with the order and unlock two FileVault encrypted drives connected to his Apple Mac Pro. Using a warrant, authorities seized those drives from his residence in 2015. While Rawls could get out from under the contempt order by unlocking those drives, doing so might expose him to other legal troubles. 
In deciding against Rawls, the court of appeals found that the constitutional rights against being compelled to testify against oneself were not being breached. That's because the appeals court, like the police, agreed that the presence of child porn on his drives was a "foregone conclusion." The Fifth Amendment, at its most basic level, protects suspects from being forced to disclose incriminating evidence. In this instance, however, the authorities said they already know there's child porn on the drives, so Rawls' constitutional rights aren't compromised.
I'm no lawyer, but from what I can understand from the law surrounding the 5th Amendment and encryption is that it only applies if the police have no idea what's on your encrypted drive, and the only way to find out is by asking you for a password. In this case, they had eye witness testimony that child porn was indeed on the drive, as well as other system logs showing that illegal files were saved on those drives.

Another way the 5th Amendment doesn't apply to encryption is when there is a physical mechanism like a key to unlock the drive. A physical key does not require testimony, and therefore does not require you to testify against yourself to hand that key over.

There is a nice video explaining this here from the EFF:

I certainly don't condone Rawls' actions here, if he indeed does have child porn, but there is a lesson to be learned here for those of you that value your privacy and your rights. Number one, if you want to be able to use the 5th Amendment to protect your passphrase, then you can't have any other un-encrypted "tracks" pointing to what's on your encrypted devices.

What do you think about this? Let us know in the comments.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam