Family locator app leaked real-time location data of 238,000 individuals

We normally consider family locator app as a blessing because we are able to track our family members conveniently through them. But, what if your private data collected or shared on such an app gets misused by cybercriminals because the app fails to secure it properly? It would instantly become a nuisance...no?

The same has happened in the case of Australian software house React Apps’ Family Locator app. According to security researcher Sanyam Jain’s latest findings, this app has so far leaked sensitive data including real-time location information of about 238,000 individuals.See: Hackers leave ransom note after wiping out MongoDB in 13 seconds

The data exposure has been occurring for several weeks because of the fact that the database wasn’t properly configured to keep the data protected from landing into wrong hands.

The location data exposure is a real issue of concern here because the app has leaked people’s positions from the distance of a few feet and even displayed the names of geofenced areas that are particularly used to alert or notify family members.

Reportedly, the app’s developer didn’t secure the server with a password due to which the data leak occurred. For your information the app allows registered members to track their family members like spouse or children in real-time. With the app’s FollowMe feature, members are able to receive alerts about the current status of their family members such as whether the child has reached school or the spouse has reached the workplace, etc.

The main culprit behind such a massive data leakage is a poorly protected MongoDB database that was hosted on a Cloud server. The database was storing location data in an unencrypted format, so anyone who finds the database through services like Shodan can check the members’ real-time location as well as their profile photos, email IDs, full name, and login credentials including passwords.

This definitely puts members’ families at great risk since the geofenced locations data is also included in the leaked information.

Jain, who is associated with the GDI Foundation, notified TechCrunch about the unsecure database. TechCrunch has verified the information available on the database after downloading the app and registering with a fake email ID. As soon as the signing up process ended, their real-time location appeared on the database with exact location coordinates.

The company contacted one of the registered members chosen randomly and the user was naturally shocked by the findings. The unnamed user also confirmed that the location information about his workplace and his child’s school was completely accurate.

See: Google collects Android location data even if location service is off

TechCrunch’s Zack Whittaker tried to contact React Apps but the company didn’t respond. TechCrunch then contacted the Australian Securities & Investments Commission to get the company’s business records that provided information about React App’s owner Sandip Mann Singh. However, the owner’s contact number wasn’t listed.

Then TechCrunch informed Microsoft, the company responsible for hosting the MongoDB database on its Azure Cloud server. Microsoft tried to contact the developer after which the database was taken offline. It is currently unclear the duration for which the database remained exposed.

Read Original Article...

The History of Email

QWERTYUIOP

— Text of the first email ever sent, 1971

The ARPANET (a precursor to the Internet) was created “to help maintain U.S. technological superiority and guard against unforeseen technological advances by potential adversaries,” in other words, to avert the next Sputnik. Its purpose was to allow scientists to share the products of their work and to make it more likely that the work of any one team could potentially be somewhat usable by others. One thing which was not considered particularly valuable was allowing these scientists to communicate using this network. People were already perfectly capable of communicating by phone, letter, and in-person meeting. The purpose of a computer was to do massive computation, to augment our memories and empower our minds.

Surely we didn’t need a computer, this behemoth of technology and innovation, just to talk to each other.

Computers which sent the first emailThe computers which sent (and received) the first email.

The history of computing moves from massive data processing mainframes, to time sharing where many people share one computer, to the diverse collection of personal computing devices we have today. Messaging was first born in the time sharing era, when users wanted the ability to message other users of the same time shared computer.

Unix machines have a command called write which can be used to send messages to other currently logged-in users. For example, if I want to ask Mark out to lunch:

$ write mark write: mark is logged in more than once; writing to ttys002 Hi, wanna grab lunch? He will see:

Message from This email address is being protected from spambots. You need JavaScript enabled to view it. on ttys003 at 10:36 ... Hi, wanna grab lunch? This is absolutely hilarious if your coworker happens to be using a graphical tool like vim which will not take kindly to random output on the screen.

Persistant Messages

When the mail was being developed, nobody thought at the beginning it was going to be the smash hit that it was. People liked it, they thought it was nice, but nobody imagined it was going to be the explosion of excitement and interest that it became. So it was a surprise to everybody, that it was a big hit.

— Frank Heart, director of the ARPANET infrastructure team

An early alternative to Unix called Tenex took this capability one step further. Tenex included the ability to send a message to another user by writing onto the end of a file which only they could read. This is conceptually very simple, you could implement it yourself by creating a file in everyones home directory which only they can read:

mkdir ~/messages chmod 0442 ~/messages Anyone who wants to send a message just has to append to the file:

echo "

Read Original Article...

South Africa to develop three more nano-satellites worth R27 million

The Department of Science and Technology (DST), director general, Dr Phil Mjwara, announced earlier this week that the department is committed to support the development of a constellation of satellites through the investment of R27 million.

The director general announced this at a plenary briefing that was hosted by the Cape Peninsula University of Cape Town (CPUT), after the successful launch of the country’s second nano-satellite, ZACUBE-2, which is considered the most advanced on the continent.

“We have contracted CPUT to develop three more nano-satellites to the value of R27 million to be launched by 2020. This investment will allow us to take full advantage of SA’s vast and exclusive economic zone, our oceans, which have the potential to add R177 billion to the country’s gross domestic product and create over 1 million jobs by 2033,” Mjwara told IOL News.

The nano-satellite named ZACUBE-2 is funded by DST in support of Operation Phakisa, to provide cutting edge, high frequency data exchange communication systems to maritime industry and it will monitor the movement of ships along the coastline with its automatic identification system (AIS).

ZACUBE-2 is the predecessor of ZACUBE-1, which was developed by CPUT space programme graduates four years ago, and continues to transmit space weather data.

“Currently South Africa purchases its AIS data at huge cost from outside service providers, and we are now in position to provide our own data but at present only twice. Once we have a constellation of satellites providing a constant flow of data, it will go towards proving SA has the indigenous knowledge to provide this technology for our country,” concluded CPUT head of space programme, Prof Robert Van Zyl.

Read Original Article...

Huawei & Rain announce launch of South Africa’s first commercial 5G network

At MWC 2019 local service provider Rain has announced that it has launched the first 5G commercial network in South Africa in partnership with Huawei.

This move would make South Africa one of the first countries in the world to launch 5G, with Rain slating a rollout of the network by mid-2019, with areas of Johannesburg and Cape Town being the first two metropoles to receive it. 

With Huawei’s end-to-end 5G solutions, Rain will be able to build the 5G network using its 3.6GHz spectrum, the company has explained. In the first phase of rollout, Rain has already deployed a number of new base stations in Johannesburg and Cape Town. 

Huawei and Rain execs following their 5G network announcement at MWC 19. “The network will provide fibre-like speeds without the installation complexities, time delays and cost of laying fibre in under-serviced areas,” notes Rain CEO Willem Roos.

Apart from deploying new base stations, Huawei’s says its solutions will enable Rain to fully leverage its existing LTE network and allocated spectrum for 5G deployment, the Chinese firm says.

“It is an important step working with Rain to build the first 5G network in South Africa. With our solutions, we are committed to working with operators to build future-oriented networks that will give them the maximum value from their investment and give their customers the best user’s experience,” Shi Jilin, president of Huawei Cloud Core Network Product Line.

According to their plan, Rain will continue to cover major areas in South Africa with 5G networks, including Johannesburg, Cape Town, and Durban, with a specific focus on services to homes and enterprises.

In September, Rain expects to release 5G products and plans to further promote 5G-enabled applications in terms of industry video, remote driving and smart manufacturing. For now, there is no precise detail on pricing for packages with the company expected to release more information closer to the mid-2019 rollout.

“Rain is very optimistic about the business prospects of South Africa’s 5G network, and will continue to invest more in 5G networks and better serve users,” concludes Roos.

Read Original Article...

How cryptography is a key weapon in the fight against empire states

The original cypherpunks were mostly Californian libertarians. I was from a different tradition but we all sought to protect individual freedom from state tyranny. Cryptography was our secret weapon. It has been forgotten how subversive this was. Cryptography was then the exclusive property of states, for use in their various wars. By writing our own software and disseminating it far and wide we liberated cryptography, democratised it and spread it through the frontiers of the new internet.

The resulting crackdown, under various "arms trafficking" laws, failed. Cryptography became standardised in web browsers and other software that people now use on a daily basis. Strong cryptography is a vital tool in fighting state oppression. That is the message in my book, Cypherpunks. But the movement for the universal availability of strong cryptography must be made to do more than this. Our future does not lie in the liberty of individuals alone.

Our work in WikiLeaks imparts a keen understanding of the dynamics of the international order and the logic of empire. During WikiLeaks' rise we have seen evidence of small countries bullied and dominated by larger ones or infiltrated by foreign enterprise and made to act against themselves. We have seen the popular will denied expression, elections bought and sold, and the riches of countries such as Kenya stolen and auctioned off to plutocrats in London and New York.

The struggle for Latin American self-determination is important for many more people than live in Latin America, because it shows the rest of the world that it can be done. But Latin American independence is still in its infancy. Attempts at subversion of Latin American democracy are still happening, including most recently in Honduras, Haiti, Ecuador and Venezuela.

This is why the message of the cypherpunks is of special importance to Latin American audiences. Mass surveillance is not just an issue for democracy and governance – it's a geopolitical issue. The surveillance of a whole population by a foreign power naturally threatens sovereignty. Intervention after intervention in the affairs of Latin American democracy have taught us to be realistic. We know that the old powers will still exploit any advantage to delay or suppress the outbreak of Latin American independence.

Consider simple geography. Everyone knows oil resources drive global geopolitics. The flow of oil determines who is dominant, who is invaded, and who is ostracised from the global community. Physical control over even a segment of an oil pipeline yields great geopolitical power. Governments in this position can extract huge concessions. In a stroke, the Kremlin can sentence eastern Europe and Germany to a winter without heat. And even the prospect of Tehran running a pipeline eastwards to India and China is a pretext for bellicose logic from Washington.

But the new great game is not the war for oil pipelines. It is the war for information pipelines: the control over fibre-optic cable paths that spread undersea and overland. The new global treasure is control over the giant data flows that connect whole continents and civlisations, linking the communications of billions of people and organisations.

It is no secret that, on the internet and on the phone, all roads to and from Latin America lead through the United States. Internet infrastructure directs 99% of the traffic to and from South America over fibre-optic lines that physically traverse US borders. The US government has shown no scruples about breaking its own law to tap into these lines and spy on its own citizens. There are no such laws against spying on foreign citizens. Every day, hundreds of millions of messages from the entire Latin American continent are devoured by US spy agencies, and stored forever in warehouses the size of small cities. The geographical facts about the infrastructure of the internet therefore have consequences for the independence and sovereignty of Latin America.

The problem also transcends geography. Many Latin American governments and militaries secure their secrets with cryptographic hardware. These are boxes and software that scramble messages and then unscramble them on the other end. Governments purchase them to keep their secrets secret – often at great expense to the people – because they are correctly afraid of interception of their communications.

But the companies who sell these expensive devices enjoy close ties with the US intelligence community. Their CEOs and senior employees are often mathematicians and engineers from the NSA capitalising on the inventions they created for the surveillance state. Their devices are often deliberately broken: broken with a purpose. It doesn't matter who is using them or how they are used – US agencies can still unscramble the signal and read the messages.

These devices are sold to Latin American and other countries as a way to protect their secrets but they are really a way of stealing secrets.

Meanwhile, the United States is accelerating the next great arms race. The discoveries of the Stuxnet virus – and then the Duqu and Flame viruses – herald a new era of highly complex weaponised software made by powerful states to attack weaker states. Their aggressive first-strike use on Iran is determined to undermine Iranian efforts at national sovereignty, a prospect that is anathema to US and Israeli interests in the region.

Once upon a time the use of computer viruses as offensive weapons was a plot device in science fiction novels. Now it is a global reality spurred on by the reckless behaviour of the Barack Obama administration in violation of international law. Other states will now follow suit, enhancing their offensive capacity to catch up.

The United States is not the only culprit. In recent years, the internet infrastructure of countries such as Uganda has been enriched by direct Chinese investment. Hefty loans are doled out in return for African contracts to Chinese companies to build internet backbone infrastructure linking schools, government ministries and communities into the global fibre-optic system.

Africa is coming online, but with hardware supplied by an aspirant foreign superpower. Will the African internet be the means by which Africa continues to be subjugated into the 21st century? Is Africa once again becoming a theatre for confrontation between the global powers?

These are just some of the important ways in which the message of the cypherpunks goes beyond the struggle for individual liberty. Cryptography can protect not just the civil liberties and rights of individuals, but the sovereignty and independence of whole countries, solidarity between groups with common cause, and the project of global emancipation. It can be used to fight not just the tyranny of the state over the individual but the tyranny of the empire over smaller states.

The cypherpunks have yet to do their greatest work. Join us.

Read Original Article...
Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted

download