Welcome to nsane.forums
Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.
- Access special members only forums
- Start new topics and reply to others
- Subscribe to topics and forums to get automatic updates
Search the Community
Showing results for tags 'signal'.
Found 7 results
CrAKeN posted a topic in Security & Privacy NewsEncrypted messaging apps are safe, as long as the CIA doesn't target you There seems to be a bit of an uproar online as people are urging each other to dump the messaging apps they've been using because the CIA can render useless the encryption safeties they set in place. The problem, however, is with the operating systems of the phones, not the apps themselves, Following the Vault 7 revelations from WikiLeaks, many people worry that their privacy is at risk due to the newly exposed capacities of the CIA. Of course, so far, there's been no indication that the CIA is doing anything illegal with its powers, aside from the fact that it really should be sharing the zero-day vulnerabilities it finds with the companies they affect so they can fix them and protect millions of users. Then, there's the fact that, according to the files, the CIA has developed malware that can bypass the encryption layers used by apps such as WhatsApp, Signal, Telegram and so on. This isn't the fault of the apps, however, since the CIA based its malware on vulnerabilities it discovered in iOS and Android, zero-day bugs it chose to keep secret rather than share with Apple and Google, respectively. There's nothing the app can do if the OS is compromised Basically, when the operating system is attacked in such a way, there's very little an app can do to protect the user further. The app itself is made to fit with the operating system; it depends on it to work properly. Once you receive a message, the app will do what it was built to do - decrypt the message. If the operating system has been compromised by malware such as the one built by the CIA, the data is no longer protected. Even regular hackers can compromise your device without that much trouble as bypassing app encryption settings. If, for instance, you tap a link you shouldn't, download a malicious file which then triggers a malware to be downloaded to your device, you can be just as vulnerable. One method many hackers use to get their hands on your data is to take a screenshot every half second, or every second. That alone would expose whatever you are typing, protected by end-to-end encryption or not. The CIA's job Once more, we should point out that there is no indication that CIA is using these tools on the masses. They could very well simply use them on their criminal targets. Of course, given our history with the NSA leaks a few years back, the CIA may very well have overreached too, although mass-spying is less likely with the CIA than the NSA. "The CIA, like any other governmental intelligence agency, uses and will continue using various hacking tools and techniques to obtain any information they need to protect the country. This is their duty. So far, we don't have any evidence that these capacities were used unlawfully, for example, to violate reasonable expectation of privacy of innocent US citizens or for illicit interference with elections," High-Tech Bridge CEO Ilia Kolochenko told Softpedia. At this point, the worst we can accuse the CIA of is collecting zero-day vulnerabilities and exploiting them instead of sharing the data with the companies that could protect millions of users by patching up their systems. Source
vissha posted a topic in Mobile NewsExplained — What's Up With the WhatsApp 'Backdoor' Story? Feature or Bug! What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited What's the Issue: The vulnerability relies on the way WhatsApp behaves when an end user's encryption key changes. WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change. In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding. Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that "we were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." What Experts argued: According to some security experts — "It's not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration." Open Whisper Systems says — "There is no WhatsApp backdoor," "it is how cryptography works," and the MITM attack "is endemic to public key cryptography, not just WhatsApp." A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — "The Guardian's story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor." What's the fact: Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats. What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed. Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, "Even though we are the creators of the encryption protocol supposedly "backdoored" by WhatsApp, we were not asked for comment." What? "...encryption protocol supposedly "backdoored" by WhatsApp…" NO! No one has said it's an "encryption backdoor;" instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption. As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It's one of the most secure encryption protocols if implemented correctly. Then Why Signal is more Secure than WhatsApp? You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — "WhatsApp has no backdoor." It's because there is always room for improvement. The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender. And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered. So, here WhatsApp chose usability over security and privacy. It’s not about 'Do We Trust WhatsApp/Facebook?': WhatsApp says it does not give governments a "backdoor" into its systems. No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users. But what about state-sponsored hackers? Because, technically, there is no such 'reserved' backdoor that only the company can access. Why 'Verifying Keys' Feature Can't Protect You? WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number. But here’s the catch: This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this. WhatsApp Prevention against such MITM Attacks are Incomplete WhatsApp is already offering a "security notifications" feature that notifies users whenever a contact's security code changes, which you need to turn on manually from app settings. But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense. Have you received a notification indicating that your contact's security code has changed? Instead of offering 'Security by Design,' WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually. The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys. What WhatsApp should do? Without panicking all one-billion-plus users, WhatsApp can, at least: Stop regenerating users' encryption keys so frequently (I clearly don't know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users. ...because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it. Source
steven36 posted a topic in Mobile NewsDo you trust your messaging app even though it uses end-to-end encryption? As I previously said end-to-end encryption doesn't mean that your messages are secure enough to hide your trace. It's because most of the messaging apps still record and store a lot of metadata on your calls and messages that could reveal some of your personal information including dates and durations of communication, as well as the participants' phone numbers. Apple's iMessage app is the most recent and best example of this scenario. Just recently it was reported that the company stores a lot of information about its end-to-end encrypted iMessage, that could reveal your contacts and location, and even share this data with law enforcement via court orders. But if you are using open source end-to-end encrypted Signal app, you are on the safer side. Trust me! As we previously reported that the Signal app, which is widely considered the most secure of all other encrypted messaging apps, stores minimum information about its users. This was just recently proved when the app was put to the test earlier this year when an FBI subpoena and gag order demanded a wide range of information on two Signal users, but the authorities got their hands on information that’s less or no use in the investigation. Open Whisper Systems, the makers of Signal, revealed Tuesday that the company had received a federal subpoena earlier this year for records and other details on two of its users as part of a federal grand jury investigation in Virginia. But unfortunately for the government, Signal keeps as little data as possible on its users, and therefore Open Whisper Systems was unable to hand over anything useful to the FBI agents that could help them in their investigation. Here's what the FBI demanded on the two suspects, seeking a subpoena: Subscriber name Payment information Associated IP addresses Email addresses History logs Browser cookie data Other information associated with two phone numbers The request was made in the first half of this year, the court documents unsealed last week showed. And here's what the company turned over to the FBI: "As the documents show, the government's effort did not amount to much—not because OWS refused to comply with the government's subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass)," the ACLU said in a post. "All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal's servers." You can see a number of court filings related to the subpoena published by the American Civil Liberties Union (ACLU), which is representing Open Whisper Systems in the fight. Much information about the subpoena is still secret — including the case number, the date the subpoena was served, and other details of the underlying case — but it's very much clear that the FBI sought detailed information on two suspects who used Signal app. Open Whisper Systems is also the force behind the Signal Protocol that powers the encryption built into WhatsApp, Facebook Messenger, and Google Allo's Incognito mode. Source: http://thehackernews.com/2016/10/signal-messenger-fbi-subpoena.html
WhatsApp Fails to Properly Delete Your Chats The problem is in the way WhatsApp's SQLite DB deletes data The core issue at the heart of this problem is the SQLite database, which WhatsApp and many other more mobile applications use to store data on the phone they are installed. WhatsApp's SQLite database fails to delete data Zdziarski has discovered that, when a user deletes a WhatsApp conversation, SQLite's normal mode of operation is to mark the data as deleted and add it to a "free list" of database entries that can be re-written by other information, instead of actually wiping the data from its index. The developer says that there can be cases where months pass without the data being overwritten with other information. During all this time, the data lingers around on the device and is included as part of the app's database when the user creates backups of their device. Zdziarski says that if the user backs up their device to an iCloud account, because there is no encryption enforced, the WhatsApp SQLite database gets backed up in clear text, and law enforcement can force Apple to hand over the backup files and implicitly the deleted WhatsApp messages, still present in the database. There are several ways to recover deleted WhatsApp messages If the user backs up their device to their own computer, the data is again susceptible to the same process of reverse-engineering and getting the deleted WhatsApp messages. Apple also allows users to create and save backups to computers protected with encryption. If the backup password (encryption key) is short and simple, the researcher says that there are ways to brute-force the password and break the encryption. If the user stores this backup password in the Apple Keychain utility, then there are forensics tools that can leak the content of the Keychain and allow access to the WhatsApp SQLite database. Furthermore, any attacker with access to the user's iOS device can retrieve the SQLite database and recover deleted conversations. iMessage has the same problem, Signal does not Zdziarski says that other apps that use SQLite databases to store data on iOS devices are likely affected by the same problem. The researcher says that iMessage suffers from the same issue but highlights that the Signal messaging app does not. In his blog post, Zdziarski details four ways that app developers and users could mitigate this issue and also recommends four solutions that Facebook could implement to fix WhatsApp's SQLite problem. "Software authors should be sensitive to forensic trace in their coding. The design choices they make when developing a secure messaging app has critical implications for journalists, political dissenters, those in countries that don’t respect free speech, and many others," Zdziarski says. "A poor design choice could quite realistically result in innocent people - sometimes people crucial to liberty - being imprisoned." Source
Batu69 posted a topic in Security & Privacy CenterAlready on mobile, you can now grab Signal — an open-source encrypted messaging app — through the Chrome web store. It employs the same security technology that powers the immensely popular Whatsapp, namely end-to-end encryption. This prevents even the company behind the app’s servers from seeing the messages you’re exchanging, keeping your private conversations out of the hands of unwanted lurkers. The app comes from a group of developers who have historically stood their ground on privacy issues, thereby deeming it by some a less threatening alternative to Facebook’s social messaging behemoth. The Signal beta first came out for desktop to a select crowd of specially invited users eager to try out the software last December. While it doesn’t have nearly the install base as Whatsapp, its developer Open Whisper Systems still claims to be improving the look and feel of the service, resulting in increased traffic. In the app, users can pull up chat windows to communicate in either individual or group settings with the added ability to attach photos and videos, similar to iMessage or Google Hangouts. Unfortunately, while the mobile app boasts an audio calling feature, it’s notably absent on the desktop version. Video calling, meanwhile, is missing from them both. Granted, there’s a solid reason for this. Voice and video calling isn’t as easy to implement securely in a browser. Then again, that doesn’t explain why video calling can be accomplished in the mobile version, or why there isn’t a standalone desktop app independent from a browser. Not everyone uses Chrome, after all. The reason may be that Signal is coming from a small non-profit group, Still, delivering on mass market appeal is essential for the app, since messenger apps lacking an audience don’t tend to get very far. We’ll have to see if the app’s encryption capabilities are enough to attract users. Article source
mona posted a topic in Guides & TutorialsHow to Get a Strong Wi-Fi Signal in Every Room of Your House If you live in a particularly tall or wide house, or one with a complicated layout, then you might have problems with Wi-Fi dead zones where your high-speed wireless broadband connection just can’t reach. That can seriously hamper your Netflix binge-watching or Spotify streaming. You don’t have to settle for patchy coverage though, and there are several ways in which you can extend the reach of your Wi-Fi. Upgrade your router Your available options here are going to depend on ISP you’ve signed up with to provide your internet and the hardware setup that’s currently in place. Some companies are more picky about customers installing their own hardware than others. Your best bet is to check with the ISP or browse through a related support forum to check, and what you can do will depend on where in the world you live too. Comcast, for example, provides a list of hardware its services can work with that you can use as a reference guide. If you’ve been on the same router for a while, your ISP might send you an upgrade free of charge. After all, if you’re paying for a particular speed, then it’s their responsibility to provide you with the equipment that gives you the best chance of getting it. It’s possible to really go to town if you don’t have anything better to spend your money on (and what’s more important than internet access?)—something like the D-Link AC3200 Ultra Wi-Fi Router will set you back around $250 or so, but you don’t necessarily have to break the bank. Check the specifications of your current equipment and see how much difference an upgrade is going to make. Replacing the antennas on your router is another option, though many of the new models from the last couple of years now use internal antennas and don’t have the necessary sockets to add your own. If you do have a compatible model or you buy a router with external sockets—check the supplied documentation with your hardware for details—then you can boost the wireless signal or change its direction. Reposition your router It may sound obvious, but moving your router is one of the most effective ways of improving the signal you can get around the home. Remember that most routers beam signal in all directions at once, so ideally you want your device floating somewhere in the middle of your property. If that’s not practically feasible, just get it as close as you possibly can. Today’s hardware devices do a good job of beaming out Wi-Fi signals, but they’re not perfect. Walls, floor, furniture, mirrors and metal objects all have a detrimental effect on the signal, so make some adjustments to the internal layout of your home if required. The newer your laptops, tablets and smartphones, the better able they will be to work with Wi-Fi at faster speeds over longer distances. Baby monitors, cordless phones and microwaves can cause interference too, and changing the channel used by your router can reduce this (delve into your router’s help documentation if you’re unsure about how to do this). Many routers offer a choice of using 5GHz or 2.4GHz radio bands; the former has more channels, so less chance of interference, but the signal range doesn’t stretch as far. It’s worth recommending a firmware update too. If newer software is available for your router model, then it can make a significant difference to the capabilities of the hardware. Check with the router manufacturer or your Internet Service Provider to see if there are patches available—on most models, applying the update is only going to take a few clicks. Share Wi-Fi with the neighbours How well do you know the people living around you? Are they older residents likely to do the odd spot of web browsing and email checking? Or younger folk who probably love nothing better than getting multiple torrent files downloaded simultaneously? Depending on the answers to those questions, you might find in practical to share an internet connection with those who are living around you. If you’re in terraced housing or apartments, for example, you can have your router on the ground floor and your neighbor’s higher up. Of course there’s an element of trust here—it’s only going to work if you know the people next door well and they’ve signed up for a suitably fast connection speed—but you might consider giving away some of your bandwidth a small price to pay to get web access in the top room in the house. Think of it as having one large family split across two buildings with two routers to utilize and position them accordingly. If you both have speedy enough connection packages then bottlenecks should be rare, and by swapping passwords with each other you can double the chances of getting online at no extra cost. Even if you are best buds with the people living next door, you probably don’t want them sniffing around your files; make sure you keep control over what they can access on your home network once they have access to your router. The network settings on your computer will let you restrict what you share with other people, but this is perhaps not something to try if you suspect there’s a teen hacker living next door. Invest in an extender or two There are two main approaches here: Extenders that simply repeat the original signal over a further distance (usually losing a lot of speed along the way) or powerline devices that use your home’s electrical wiring system to do the job of transferring bytes to and from your router. Of the two options, powerline networking is definitely the way to go if you can. For those of you who absolutely must take the repeater approach, all kinds of kit is available to fit your requirements and budget, and you can even repurpose an old router together with some open source software to do the same job if you want to. After a short setup wizard you’ll be ready to go, and you can use the same positioning tips that we mentioned earlier to minimize interference from other devices. There are also plenty of hardware options to choose from when it comes to Powerline networking. Some plugs provide a wired connection in the room of your choice, while others can create a Wi-Fi hotspot too; you’re going to need to do some research based on the setup you’ve got at home and what you want to be able to do with it. Getting everything up and running is usually very straightforward, and the configuration utilities you’re going to need will be included in the starter kit you buy. Linking two powerline plugs together is typically just a case of pressing two buttons, one on each device, to pair them. For simple web browsing, a repeater should be fine; if you’re streaming HD video and so on then you’re probably going to want to get hold of some powerline kit. As is normally the case, paying extra for decent quality equipment is going to be worth it in the long term, so stick to well-reviewed kit from the better-known manufacturers. Source
2G 3G 4G LTE Network Monitor Donated v2.13.2 IP Tools Premium v6.15 Network Info II (Donate) v0.7.1 SignalCheck Pro v 4.29 Speed Test & QoS 3G 4G WiFi Premium http://www.datafilehost.com/d/1b6d7e2f