Tag Archives: Security

Malaysia Total Lockdown SOP : What Was Announced So Far!

MCO 3.0 Total Lockdown SOP : 3 June 2021 Update!

Here is the 3 June 2021 update of the MCO 3.0 total lockdown SOP of Malaysia, which many are calling FMCO (Full MCO)!

We will keep updating this guide, as and when they issue new SOPs!

Updated @ 2021-06-03 : Added the 2 June 2021 MCO 3.0 SOP video and list.
Updated @ 2021-05-31 : Added the full lockdown SOP list of PERMITTED and FORBIDDEN activities.
Originally posted @ 2021-05-30

 

MCO 3.0 Total Lockdown : Phase 1 SOP Starts 1 June 2021!

On 29 May 2021, the Malaysia Prime Minister’s Department announced that the National Security Council (MKN) decided to order Total Lockdown Phase 1.

From 1 June until 14 June 2021, there will be a complete lockdown of the social and economic sectors across the country.

This new lockdown SOP will apply ACROSS Malaysia – no states are exempted.

Recommended : Malaysia To Undergo TOTAL LOCKDOWN Phase 1!

 

MCO 3.0 Total Lockdown SOP : 2 June 2021 Edition!

Here is a video showing the 2 June 2021 edition of the total lockdown SOP for MCO 3.0, which people are calling Full MCO or FMCO.

 

MCO 3.0 Total Lockdown SOP : Essential Services

All social and economic activities are FORBIDDEN, except for these 17 essential services :

  1. Food and beverages, including for animals
  2. Healthcare and medical services, including dietary supplements, veterinarian services, etc.
  3. Water supply
  4. Energy supply
  5. Security and safety, defence, emergency, social and humanitarian services
  6. Waste disposal and public sanitisation and sewerage
  7. Land, water and air transportation
  8. Port, shipyard, airport services and operations, including loading, unloading, cargo handling and piloting, storage or transportation of commodities
  9. Communications including media, telecommunications and Internet, post and courier, as well as broadcasting (for the purpose of conveying information, news and the like.
  10. Banking, insurance, takaful and capital markets
  11. Community credit services (mortgage and Ar-rahnu)
  12. E-commerce and information technology
  13. Production, distillation, storage, supply and distribution of fuels and lubricants
  14. Hotels and accommodation (only for quarantine purposes, segregation, employment for essential services and not for tourism).
  15. Critical construction, maintenance and repair
  16. Forestry services (limited to enforcement) and wildlife
  17. Logistics limited to delivery of essential services

 

MCO 3.0 Total Lockdown SOP : Essential Industries

All industries are FORBIDDEN, except for the following sectors :

Manufacturing (60% employee capacity)

  1. Aerospace (components and maintenance, repair and overhaul – MRO)
  2. Food and beverage
  3. Packaging and printing materials, only related to food and health
  4. Personal care and cleaning products
  5. Healthcare and medical products, including dietary supplements
  6. Personal care items, personal protective equipment (PPE), including rubber gloves and fire safety equipment
  7. Components for medical devices.
  8. Electrical and electronics of global economic chain importance
  9. Oil and gas, including petrochemicals and petrochemical products
  10. Chemical products
  11. Machinery and equipment for health and food products
  12. Textiles for PPE production only
  13. Production, distillation, storage, supply and distribution of fuels and lubricants

Agriculture, Fisheries, Livestock, Plantation and Commodities (“optimal” employee capacity)

  1. Agriculture, fisheries and livestock and their supply chains – for example, shops selling fertilisers and pesticides, or oil palm fruit processing factories are allowed to operate
  2. Oil palm, rubber, pepper and cocoa plantation and commodities including their supply chains

Construction (“optimal” employee capacity)

  1. Critical maintenance and repair works
  2. Major public infrastructure and construction works
  3. Building construction works that provide complete employee accommodation at construction sites, or workers that are housed in Centralised Workers Quarters (CLQ).

Trade + Distribution (8 AM until 8 PM daily)

  1. Shopping malls must be CLOSED, except for supermarkets, hypermarkets, departmental stores and premises selling food and beverages, essential items, pharmacy, personal care, convenience store, mini mart, and restaurants for takeaway and home delivery.
  2. Supermarkets, hypermarkets, pharmacies, personal care stores, convenience stores, mini marts and grocery stores, as well as departmental stores are allowed to open, but RESTRICTED to their food, beverage and essential item sections only.
  3. Restaurants, stalls and food outlets – only for takeaways, drive-through or food delivery
  4. Laundry services, including self-service laundromats
  5. Pet care and pet food stores
  6. Eyewear and optical goods stores
  7. Hardware stores
  8. Vehicle workshops, maintenance and spare parts
  9. E-commerce – all product categories
  10. Wholesale and distribution – for all essential products only

 

MCO 3.0 Total Lockdown SOP : The Full List

Note : Any activity NOT mentioned in this SOP is FORBIDDEN.

Travel Restrictions

  1. Interstate or inter-district travel is FORBIDDEN.
  2. Up to two (2) people from each household are allowed to go out to purchase food, medicine, dietary supplements and other daily essentials.
  3. Up to three (3) people, including the patient, are allowed to go out from each household to seek medical treatment, healthcare, screening test, security assistance or other emergencies within a radius of no more than 10 kilometres from their home, or the nearest available service (if there are none within 10 km).
  4. Up to two (2) people are allowed in each taxi or e-hailing ride, including the driver. The passenger must be seated in the rear compartment.
  5. Commercial vehicles carrying essential goods are allowed to carry people up to the licensed limit.
  6. Official government vehicles are allowed to carry up to their maximum capacity.
  7. All airports and ports are allowed to operate as usual.
  8. Sea and land public transportation services, like employee transportation, public buses, express buses, LRT, MRT, ERL, monorail and ferry are allowed to operate at 50% of vehicle capacity.
  9. Travel for funerals and natural disasters are allowed with police permission.
  10. NGOs travelling to assist with natural or humanitarian disasters must obtain permission from the State / District Disaster Management Committee, and the aid must be funnelled through the Disaster Operations Control Centre (PKOB).
  11. Interstate / inter-district travel for the purpose of COVID-19 vaccination is ALLOWED with the display of vaccine appointment on MySejahtera, website or SMS.
  12. Members of Parliament or State Assembly are ALLOWED to cross state or district lines.
  13. Interstate travel is FORBIDDEN for couples in long-distance relationships.
  14. Short-term business visitors are ALLOWED for official or business purposes under the One Stop Centre (OSC) Initiative, with police permission

General Health Protocols

  1. Premise owners and business licence holders must ensure that customers enter and leave the premises with a minimum physical distance of 1 metre.
  2. Premise owners and business licence holders are OBLIGATED to provide the MySejahtera QR Code and a logbook to register visits by their customers.
  3. Hand sanitisers must be provided at entry points, and customers must use them before entering the premise.
  4. The use of MySejahtera is MANDATORY in areas with good Internet connectivity. The use of a logbook is only allowed in areas with no Internet connectivity or reasonable excuses (senior citizens, no smartphone, etc.)
  5. Premise owners and business licence holders must ensure that customers check in using MySejahtera, or writing their name and telephone number manually if there is no Internet connectivity.
  6. In shopping malls, customers only need to scan their body temperatures ONCE at the mall entry point. It is not necessary to scan their body temperature at every premise in the mall.
  7. Those with body temperatures exceeding 37.5 degrees Celsius are NOT ALLOWED to enter.
  8. Malls and premise owners must ensure that only customers with Low Risk or Casual Contact Low Risk in MySejahtera are allowed to enter.
  9. Children 12 years or younger are NOT allowed in public places and facilities, EXCEPT in emergencies, treatment, education or exercise.
  10. Premise owners and business licence holders must restrict the number of customers within their premises to ensure at least 1 metre physical distancing.
  11. Every premise must publicly display the limit of customers allowed inside at any one time. The use of a numbered queue system is encouraged to control the number of customers.
  12. All building owners must provide QR Codes for each floor / level.
  13. It is MANDATORY for employees, suppliers and customers to properly wear face masks while within the premise.
  14. There must be good ventilation and aeration at the premise.
  15. It is MANDATORY to wear a face mask, especially in crowded public areas, EXCEPT in these places or situations :
    a) hotel room or paid accommodation, alone or with your own family
    b) Personal working space
    c) Sporting activities and outdoor recreation
    d) Personal vehicle, alone or with your own family
    e) Indoor or outdoor public areas, when there are no other individuals
    f) While eating or drinking in public areas, when there are no other individuals (except in restaurants or other food & beverage premises)

Civil + Private Employees 

  1. Civil servants must work from home (WFH) completely, except for frontliners, security, defence and enforcement.
  2. Office attendance for essential services in the civil service must not exceed 20% at any one time, and must emphasise work that cannot be performed at home, like payment, maintenance, security, technical management, online meetings and ministerial documentation.
  3. Civil servants going to office must receive official attendance order and worker’s pass.
  4. Employee capacity for the private sector (essential services only) is limited to 60%, including both operations and management.
  5. Approved essential services must have official approval from 1 June 2021 onwards. Employee travel is limited to approved operations letter or worker’s pass or employer’s letter of authority.
  6. Meetings must be conducted via video conferencing.
  7. Seminars, workshops, courses, training and talks are FORBIDDEN, except through online methods or in-service training through Camp-Based Training.

Allowed Business + Services

  1. Restaurants, food shops, food stalls, food trucks, hawkers, food courts, hawker centres. food kiosks are ALLOWED to operate from 8 AM until 8 PM for takeaway, drive-through or delivery.
  2. Dine-in and park & dine services, and picnics are FORBIDDEN.
  3. Grocers and convenience stores are ALLOWED to operate from 8 AM until 8 PM.
  4. Hardware stores, vehicle workshops, childcare stores and religious stores are ALLOWED to operate from 8 AM until 8 PM.
  5. Healthcare services like hospitals, clinics and medical laboratories are ALLOWED to operate 24 hours, or up to their licensed operating hours.
  6. Pharmacies can operate from 8 AM until 8 PM.
  7. Petrol stations can operate from 6 AM until 8 PM, except for those on tolled highways which can operate 24 hours.
  8. Supermarkets, shopping malls, pharmacies, personal care stores, convenience stores, mini markets and departmental stores can only open sections limited to food, drinks and essential items, from 8 AM until 8 PM.
  9. Veterinarian clinics and pet food stores are ALLOWED to open from 8 AM until 8 PM.
  10. Laundry services and optical stores are allowed to operate from 8 AM until 8 PM. Self-service laundromats must ensure an employee is present on-premise.
  11. Daily and public markets are ALLOWED to open from 6 AM until 2 PM, subject to the local authorities, proper SOP and under RELA / PBT supervision.
  12. Controlled Fresh Produce Market (PST) are ALLOWED to open from 7 AM until 12 noon.
  13. Permanent Farm Market (PTK), MyFarm Outlet (MFO) and Local Farmer’s Association Complex (PPK) are ALLOWED to open from 6 AM until 4 PM.
  14. Wholesale markets are ALLOWED to open from 12:01 AM until 6 AM, and from 11 AM until 4 PM, subject to the local authorities, proper SOP and under RELA / PBT supervision.
  15. Night markets, farmer’s market, weekly markets and guest markets are FORBIDDEN
  16. Fishing for livelihood is ALLOWED.

Education

  1. All public and private institutes of tertiary education, tahfiz centres and other educational institutes must CLOSE.
  2. Tertiary education will continue ONLINE.
  3. All public and private schools and education institutes, tuition centres, language centres, skill centres, counselling centres, etc. must CLOSE.
  4. Only international exams at international and expatriate schools are allowed.
  5. All face-to-face learning are FORBIDDEN, except for tertiary education students who require them.
  6. International and professional exams, as well as research activities requiring lab access in tertiary education facilities are ALLOWED.
  7. Students in boarding schools or universities are ALLOWED to continue using hybrid studies.
  8. Private and public kindergartens, kindergartens in private, international and expatriate schools and mind development centres for children 4 to 6 years old are NOT ALLOWED to operate, except for parents who are frontliners or both working.
  9. Home care or rehabilitation centres of children, the disabled (OKU), senior citizens, women and other care facilities are allowed to operate, subject to the SOP.

Religion

  1. Prayer activities are limited to a maximum of 12 mosque and surau committee members only. All other activities are FORBIDDEN.
  2. Islamic wedding ceremony (akad nikah) is ALLOWED only in the Islamic Religious Office / Department with the attendance capacity set by the State Religious Authority.
  3. Burial activities are allowed according to limits set by the State Religion Authority (Islam) or the National Unity Ministry (Non-Muslim).
  4. Non-Muslim houses of worship are limited to 12 committee members only, and congregants are NOT ALLOWED.
  5. Non-Muslim marriage registrations are allowed at the National Registration Department (JPN), houses of worship and religious associations, subject to limits set by JPN.

Sports + Recreation

  1. Individual sports and recreational activities without physical contact in open spaces are LIMITED to jogging and exercise with physical distancing of 2-3 metres within the neighbourhood, from 7 AM until 8 PM.
  2. Centralised training programs, including closed quarantined competitions using Camp Based Training are ALLOWED.
  3. Centralised training programs with quarantine by State Sports Councils using Camp Based Training are ALLOWED.
  4. Centralised training programs including quarantined training competitions for teams in the Malaysian Football League (MFL) using Camp Based Training are ALLOWED.

Creative Industry

  1. Development and broadcasting of creative content through recording or live broadcasts include animation, filming, drama, promotions, sitcoms and the like, including dance, art activities theatre, musical arts, cultural and heritage performances as well as the music are FORBIDDEN, except for individual discussions and live-streaming.

 

MCO 3.0 Total Lockdown SOP : NEGATIVE LIST

These activities are FORBIDDEN.

  1. Spa, reflexology, massage, wellness, beauty, barber and hair saloons, pedicure and manicure
  2. Cybercafes and cybercenters
  3. Driving schools, maritime training centres, flight schools
  4. Photography activities
  5. Gambling, horse racing and casinos
  6. Factory manufacturing alcoholic beverages, and shops selling alcoholic beverages
  7. Night clubs or pubs
  8. Cinemas
  9. Official and unofficial public and private events
  10. Feasts, festivals, weddings, engagements, receptions, aqiqah ceremonies, tahlil, anniversaries, birthdays, reunions, retreats and other social events.
  11. Receiving guests or visitors at home, except in emergencies or for delivery services.
  12. Seminars, workshops, courses, training, conferences, exhibitions, lectures and all MICE (Meetings, Incentives, Conventions and Exhibitions) events that are face-to-face.
  13. Tourist attractions like zoos, farms, aquariums, edutainment centres, extreme parks, adventure parks, nature parks, etc.
  14. Souvenir and craft shops, culture and historical premises like museums, libraries, art galleries, native art and culture, stage performance, etc.
  15. Theme parks, family entertainment centres, indoor playgrounds, karaoke, etc.
  16. Interdistrict and interstate tourism – Overseas travel by citizens, and local travel involving foreigners.
  17. All sports and recreation activities EXCEPT those listed in this SOP.
  18. All sports and recreation premises and facilities, except public pars which are subject to the local authorities. – Sports and recreation that involve groups or physical contact.
  19. International or local championships, competitions, and matches, EXCEPT those organised by the National Sports Council and training matches for teams under the Malaysian Football League (MFL).
  20. Sports or recreational activities that cross district and state lines, EXCEPT with police permission.
  21. Hotel lounge performances
  22. Indoor or outdoor busking
  23. Any activity that involves many people gathering in one place until it is hard to maintain physical distancing, and compliance with the Director General of Health’s orders.
  24. Any other matter that may be decided by the Government from time to time.

 

Help Support My Work!

If you would like to support my work, you can do so via bank transfer /  PayPal / credit card.

Name : Adrian Wong

Credit Card / Paypal : https://paypal.me/techarp
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)

Thank you in advanced! 

 

Recommended Reading

Go Back To > Business | TravelHealth | Tech ARP

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Scam Warning : Public Bank Customers Hit By Fake SMS!

Scammers continue to target Public Bank customers, using many different kinds of fake SMS messages.

Do NOT click or call if you receive any of these fake SMS messages!

 

Public Bank : Fake SMS Scam Warning! Do NOT Click / Call!

Whether you are a Public Bank customer or not, you may receive one of these alarming SMS messages.

Please DO NOT click on the link, or call the number. JUST IGNORE THEM, or delete them.

The safest thing to do is NEVER CLICK ON A LINK in any SMS. If you need to log into your bank account, key in the website address manually.

RM0 PBB/PIBB: Your PBB account will TERMINATED on 02Dec20 01:30:00 AM. Please make verification via http://www.mypbebank.cc to avoid service interruption. Verify now keep on using PBB services.

RM0 Credit Cash out RM3,000 form card ending no 7102 successful on 01 DEC. Information system sending. Call PBB 1800-81-9566 for any query

Warning: Your account is marked as insecure, please click Return PAC immediately to confirm that it is safe to use. (https://pbevip.vip/)

PBe Your account is in a high-risk state PLS log in immediately and return the PAC to protect your account security https://www.pbebanks.top

PBe Warning: Phishing URLs are frequent recently, PLS log in immediately to strengthen account security. 2Mar21 13:14 https://se1.pbevip.top/

PB e Your account is in a high-risk by the system, PLS re-verify your account https://pbbanks.red/ <security reminder is normal>

RM0 PIBB: Thank you for using your card ending 1098@senQ MYR 2899, Pls call 03-56260232 now, if you didn’t use it

RM0 PBB/PIBB: Trx amt MYR2699.00  @LAZADA for card ending 5738. Call PB 1-800-81-2337 now if didn t perform.

PBB: Your account is judged as high risk by the system. PLS re-verify your account https://www.pbebanks.asia/ <security reminder is normal>

PB e Alarm Your banking Suit now is marked as insecure, PLS re-verify your account https://online-pbebank.com <security reminder is normal>

 

Public Bank Fake SMS Scam : What Happens If You Click?

Clicking on the links will often lead you to a phishing website, a fake website designed to look like a Public Bank website.

You will be asked to key in your personal information, including your Public Bank user name and password. DO NOT KEY IN YOUR INFORMATION!

But if you are free and want to help screw these scammers, key in fake information as many times as possible.

Note : These scams do not just affect Public Bank. In fact, all banks are affected :

 

Public Bank : How To Identify Fake SMS Messages

With a little help from Public Bank, let’s show you how to identify fake SMS messages.

If you spot any of these warning signs, BACK OFF and DO NOT PROCEED!

Warning Sign #1 : Grammatical Mistakes

Read the two SMS messages above, and you can easily spot numerous grammatical mistakes. A bank will never send such poorly worded messages to their customers.

Warning Sign #2 : Embedded Links

Banks will NEVER embed links (URLs) into the message. If you see embedded links, always think – SCAM SMS!

Warning Sign #3 : Wrong Links

And always check the link – www.mypbebank.cc is not the correct address for the Public Bank website (www.pbebank.com)

When you see any website with .cc links, be wary because the .CC domains are registered in the Cocos Islands – an Australian territory of only 14 km², with only about 600 inhabitants.

The same goes for generic, top level domains like .TOP, .VIP, .TOP, .RED.ASIA, etc.

Warning Sign #4 : No Personal Login Phrase / Picture

To avoid phishing attacks, banks now give you a secret response (like a picture or a phrase) to confirm that you are visiting their legitimate website.

If the website you are visiting gives you the wrong picture or secret phrase, you have been tricked into visiting a fake website designed to mimic the real bank website.

You should also remember that the bank website must show you secret picture or phrase right after you enter your login, but BEFORE you key in your password.

If you are asked to key in your password without the website displaying the secret phrase or picture, you have been tricked into visiting a fake website designed to mimic the real bank website.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

Apple just rushed out macOS Big Sur 11.2.3, iOS 14.4.1, iPadOS 14.4.1 and Safari 14.0.3 to patch a critical security bug.

Find out what they fix, and why you need to update your MacBook, iPhone and iPad right away!

 

Apple Rushes Out macOS, iOS, iPadOS, Safari Critical Bug Fixes!

Released on 8 March 2021, macOS Big Sur 11.2.3 patches only one bug, which may mislead users into thinking that it’s not very important.

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

On the same day, Apple also released iOS 14.4.1 and iPadOS 14.4.1 – both patching the same CVE-2021-1844 vulnerability.

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Apple also released Safari 14.0.3, which patches the same vulnerability for macOS Catalina and macOS Mojave :

WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

 

Why Install These macOS, iOS, iPadOS, Safari Bug Fixes ASAP?

While they appear to only patch WebKit in macOS Big Sur, iOS, iPadOS and Safari, they are CRITICAL bug fixes that you need to install right away.

They patch the new CVE-2021-1844 vulnerability, which was discovered by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

This vulnerability allows a remote attacker to trigger a buffer overflow when the victim opens a specially-crafted web page, allowing the attacker to execute arbitrary code on the target system.

It is not known if this vulnerability has been exploited yet, but it is critical to install the new updates to prevent that from happening.

 

Recommended Reading

Go Back To > Software | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Ministry of Education Website Uses Plain Text CAPTCHA!

It is unbelievable, but the Malaysia Ministry of Education’s website uses plain text CAPTCHA that can be copied and pasted!

Take a look at this incredulous security lapse, and find out why it could put your data at risk!

 

Ministry of Education Website Uses Plain Text CAPTCHA!

The recent threat by Anonymous Malaysia to attack government websites over their lack of security appears to be well-justified.

Qusyaire Ezwan spotted an incredulous security lapse in the official Malaysia Ministry of Education website – plain text CAPTCHA!

On top of that, the code can actually be copied and pasted!

 

Ministry of Education Plain Text CAPTCHA : A Serious Cybersecurity Risk!

The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test is something most of us are familiar with.

It is a test that helps to identify real humans, and weed out bots, before they are allowed to access a service. This prevents bot fraud and hacking attempts.

In the Ministry of Education website, the plain text CAPTCHA was used to “secure” the retrieval of forgotten passwords for their Student Management Module.

A real CAPTCHA uses distorted images to prevent a bot from “reading” the numbers or letters, thereby ensuring that only a real human being would be able to key in the correct code.

As this screenshot shows, the CAPTCHA used in the Ministry of Education website just uses random sequences of letters and numbers in PLAIN TEXT!

This means a bot can easily copy and paste the plain text code, and bypass the CAPTCHA test.

Frankly, this doesn’t even qualify as a CAPTCHA test, because it cannot differentiate between humans and bots.

Now, the password is still sent to the registered email accounts, not to the hackers or bots. So your data is not in immediate danger.

However, this is still a SERIOUS cybersecurity risk, because a hacker can pair this design flaw with compromised email accounts.

It would allow their bots to easily and quickly make password retrieval requests for compromised email accounts, and then retrieve your Ministry of Education password.

Having access to the Student Management Module would give hackers access to a ton of information on children and their parents :

  • child : name, date of birth, telephone number, home address
  • school : location, class name, teacher’s name,
  • parent : name, occupation, workplace address, contact number, declared salary

On top of that, many people reuse their passwords, so hackers will use the password retrieved from the Ministry of Education website on other websites and online services you may use.

If you use the same password for your banking account, for example, that would expose your banking account to the hacker.

That is why CAPTCHA is important. It doesn’t prevent hacking attempts, but it greatly slows it down by blocking bots from making mass requests.

The use of plain text CAPTCHA in an official government website is a fiasco. A basic cybersecurity checklist would have prevented software vendors from using plain text CAPTCHA in government websites.

The Malaysian government needs to take the security of official websites seriously. This is a disgrace.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Telegram : How To Move Chat History From Other Apps

Telegram just introduced the ability to import chat history from other messaging apps.

Find out how to move your chat history from other messaging apps to Telegram!

 

Telegram Now Lets You Move Chat History From Other Apps

Telegram has been very active trying to encourage disgruntled WhatsApp users to migrate to their messaging app.

On 28 January 2021, Telegram introduced the ability to import chat history from other messaging apps like WhatsApp, Line and KakaoTalk.

This feature works for both individual chats and chat groups, and leverages the export function already available in those messaging apps for years now.

Before you proceed, we should warn you about the security risks of moving your chats to Telegram :

  • it lacks end-to-end encryption for all chats, except Secret Chat
  • your data – chats and files – are all stored in their cloud servers
  • your data is encrypted in storage, but Telegram has the encryption keys

You can read more about the risks in Why You Should NOT Move WhatsApp Chats To Telegram!

 

Telegram : How To Move Chat History From Other Apps

This video example demonstrates how to migrate your chats and files from WhatsApp to Telegram on iOS (left), and Android (right). It should work the same way for the other apps.

Moving Chats On iOS

  1. Make sure you have the latest versions of WhatsApp and Telegram.
  2. Open WhatsApp.
  3. Open Contact Info or Group Info.
  4. Tap Export Chat.
  5. Choose to Include Media or export Without Media.
  6. Select Telegram in the Share menu.

Moving Chats On Android

  1. Make sure you have the latest versions of WhatsApp and Telegram.
  2. Open WhatsApp.
  3. Tap on the ⋮ icon.
  4. Select More > Export Chat.
  5. Choose to Include Media or export Without Media.
  6. Select Telegram in the Share menu.

As you can see, it’s pretty simple. But you have to do it for every chat or chat group.

You cannot do a mass export and import of all chats from WhatsApp (or other messaging apps) to Telegram.

 

Recommended Reading

Go Back To > Software | MobileHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Beware Of AirAsia X Scam On WhatsApp!

AirAsia X is warning about a scam on WhatsApp that is trying to trick people into making payments.

Please watch out for this scam, and WARN your family and friends!

 

Beware Of AirAsia X Scam On WhatsApp!

There is a new scam on WhatsApp involving AirAsia A.

Scammers pretending to be AirAsia X are sending messages on WhatsApp, asking people to make a payment into an account allegedly belonging to a credit management company.

AirAsia X announced that neither they nor their employees are involved with that scam.

Just like banks, AirAsia X will NOT engage with customers, or solicit payments through any instant messaging apps like WhatsApp.

All official AirAsia X announcements are made through the mass media, or these official channels on social media :

Twitter: www.twitter.com/airasia
Instagram: www.instagram.com/airasia
Facebook: www.facebook.com/airasia

 

Other Scams To Watch Out For

Other than this new AirAsia X scam on WhatsApp, please watch out for these scams too :

Go Back To > Cybersecurity | TravelHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Is WhatsApp Forcing Us To Share Data With Facebook In February 2021?

Many websites are claiming that WhatsApp is forcing us to share our data with Facebook in February 2021.

Find out what’s going on, and what the FACTS really are!

 

WhatsApp Sharing Data With Facebook : What’s Going On?

We wrote about this earlier, but it looks like many websites (including very influential ones) are still peddling the claim that WhatsApp is going to force us to share data with Facebook in February 2021.

It all started with this pop-up alert that started appearing on WhatsApp a few days ago, alerting us to a change in its terms and privacy policy.

You must accept this new privacy policy to continue using WhatsApp from 8 February 2021 onwards. Otherwise, the alert subtly suggests, you should “delete your account”.

Since then, numerous articles have been written about how this new privacy policy is forcing us to share our WhatsApp data with Facebook.

This has led to many people switching to alternatives like Telegram and Signal, in fear that the new privacy policy would allow Facebook to access and read all of their WhatsApp messages.

 

No, WhatsApp Is Not Forcing You To Share Data With Facebook

As we shared earlier, NO, the new WhatsApp privacy policy does not force you to share data with Facebook, because…

Fact #1 : It Has Been A Requirement Since September 2016!

It is perplexing why so many websites claim that this new privacy policy forces us to let WhatsApp share data with Facebook. After all, this has been a requirement since September 2016!

Back in August 2016, WhatsApp announced that they would start sharing data with Facebook. At that time, they gave existing users 30 days to opt-out.

This was a one-time offer that has never been repeated. Since then, every new and current user MUST agree to let WhatsApp share data with Facebook.

Fact #2 : WhatsApp Will Still Honour The Opt-Out

If you are a WhatsApp veteran who opted out of data sharing in August 2016, WhatsApp will still honour that opt-out.

You can safely agree to the new privacy policy – your data opt-out will remain active.

Fact #3 : WhatsApp Will Share MORE Information With Facebook

The new WhatsApp privacy policy is mainly focused on enabling Businesses on WhatsApp.

So while they DO NOT need your permission to continue sharing data with Facebook, they still need your permission to SHARE MORE data with Facebook.

This is the list of additional data that we must agree to let WhatsApp share with Facebook :

  • Status Information. You may provide us your status if you choose to include one on your account. Learn how to use status on Android, iPhone, or KaiOS.
  • Transactions And Payments Data. If you use our payments services, or use our Services meant for purchases or other financial transactions, we process additional information about you, including payment account and transaction information. Payment account and transaction information includes information needed to complete the transaction (for example, information about your payment method, shipping details and transaction amount). If you use our payments services available in your country or territory, our privacy practices are described in the applicable payments privacy policy.
  • Location Information. We collect and use precise location information from your device with your permission when you choose to use location-related features, like when you decide to share your location with your contacts or view locations nearby or locations others have shared with you. There are certain settings relating to location-related information which you can find in your device settings or the in-app settings, such as location sharing. Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country). We also use your location information for diagnostics and troubleshooting purposes.
  • User Reports. Just as you can report other users, other users or third parties may also choose to report to us your interactions and your messages with them or others on our Services; for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and reported user.
  • Businesses On WhatsApp. Businesses you interact with using our Services may provide us with information about their interactions with you. We require each of these businesses to act in accordance with applicable law when providing any information to us.When you message with a business on WhatsApp, keep in mind that the content you share may be visible to several people in that business. In addition, some businesses might be working with third-party service providers (which may include Facebook) to help manage their communications with their customers. For example, a business may give such third-party service provider access to its communications to send, store, read, manage, or otherwise process them for the business. To understand how a business processes your information, including how it might share your information with third parties or Facebook, you should review that business’ privacy policy or contact the business directly.

Fact #4 : WhatsApp + Facebook Cannot Read Your Messages

WhatsApp finished implementing end-to-end encryption on 5 April 2016, about 4.5 months before instituting the requirement to share data with Facebook.

Since then, WhatsApp nor Facebook can no longer read your messages, as they are encrypted. Only the sender and receiver(s) can read them.

WhatsApp shares a considerable amount of data and metadata that Facebook can use to identify and track your movements and activities. But not the content of your messages.

Fact #5 : Telegram Is Less Secure!

For those who are fleeing to Telegram, you should note that Telegram does not encrypt messages (only Secret Chats).

In fact, all of your data – messages, photos, videos, documents – are stored in Telegram servers. Even though they are encrypted in storage, Telegram holds the encryption keys, NOT YOU.

In contrast, WhatsApp data is only stored in your devices. WhatsApp also does not retain messages in their servers after they are delivered, and will only store files (like photos and videos) and undelivered messages for 30 days.

WhatsApp will, however, store the time and date of the messages you send and receive.

Fact #6 : Signal Is The Most Secure Alternative

Those who want a more private and secure messenger should opt for Signal, instead of Telegram.

It offers end-to-end encryption using the open-source Signal protocol, the same protocol which WhatsApp uses in its own proprietary format.

On top of that, it offers a Sealed Sender feature which prevents everyone – including Signal – from knowing the sender and recipient of a message.

But best of all, Signal does not share your data with any third-party company. In fact, the only metadata it collects is your phone number, and even that is not linked to your identity.

That said, Signal lacks features found in WhatsApp and Telegram, so we cannot call it the best alternative, only the most secure alternative.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

WD NAS Can’t Be Seen In Windows? Here Are The Solutions!

You may be wondering why your WD NAS is no longer visible in Windows 10.

Where did it go? How do you get it back?

Find out why your WD NAS cannot no longer be seen in Windows, and what are the solutions!

 

WD NAS Can’t Be Seen In Windows : What Happened?

You may have been using your WD NAS for some time, but one day, its network share – the “drive” that you directly access – can no longer be seen in Windows 10.

The NAS links in Windows File Explorer will only lead you to the login page for the WD NAS management page, not the actual drive where you can directly read, copy, write or edit your files.

All these NAS issues are happening because Microsoft disabled the Network Browse function from Windows 10 v1709 onwards.

The problems started after Windows 10 Fall Creators Update 1709, which :

The Computer Browser service relies on the SMB 1.0 protocol to discover network devices and display them in the Windows Network Neighbourhood.

Disabling SMB 1.0 breaks the Computer Browser service, so it is automatically uninstalled and your NAS drives “disappear” from Network Neighbourhood.

Disabling guest access prevents guest or public access to your NAS drives, even to folders you specifically set to allow for public access. Hence, the Public folder they had access to earlier “disappears”.

 

Why Did Microsoft Disable Those Network Features?

The SMB1 network protocol was first implemented in Windows back in 1992, so it’s old… very old.

It’s so old that it lacks encryption. Everything transmitted via SMB1 can be captured and read, and even modified, by any attacker who gains access to the network.

Guest logins even on SMB2 do not support standard security features like signing and encryption. This makes them vulnerable to man-in-the-middle attacks.

That’s why Microsoft (finally) disabled them both, starting with the Windows 10 Fall Creators Update 1709.

 

WD NAS Can’t Be Seen In Windows : Before We Start…

Preliminary Step #1 : Update Your NAS

Before you do anything, you should log into your WD NAS management system and update its firmware, in case it’s not already set to automatically update.

Updating its firmware will ensure that your NAS supports at least SMB 2, if not SMB 3 as well.

WD NAS Windows URL macOS URL
My Cloud EX2100 http://wdmycloudex2100 http://wdmycloudex2100.local
My Cloud DL2100 http://wdmyclouddl2100 http://wdmyclouddl2100.local
My Cloud EX4100 http://wdmycloudex4100 http://wdmycloudex4100.local
My Cloud DL4100 http://wdmyclouddl4100 http://wdmyclouddl4100.local

Preliminary Step #2 : Use A Higher SMB Protocol

Then, enable the highest SMB protocol your WD NAS supports (Settings > Network). Set it to SMB 3 if possible.

This will ensure that both your WD NAS and your network support the most secure network protocol possible, for your security.

 

WD NAS Can’t Be Seen In Windows : The Solutions!

Best Solution : Map Your WD NAS By Device Name

The best way is to manually map your WD NAS by its device name. This lets you use the more secure SMB2 or SMB3 network protocols, with direct access to your files as usual.

  1. Determine your WD NAS network path, which is based on the device name.If you changed your WD NAS device name to TechARPCloud (for example), the network name will be \\TechARPCloudHere is a list of default network paths for different WD NAS :
WD NAS Default Network Path
My Cloud Home \\MYCLOUD-last 6 digits of serial number
Example : \\MYCLOUD-123456
My Cloud Home Duo
My Cloud \\WDMYCLOUD
My Cloud Mirror \\WDMYCLOUDMIRROR
My Cloud Mirror Gen 2
My Cloud EX2 \\WDMYCLOUDEX2
My Cloud EX2 Ultra \\MYCLOUDEX2ULTRA
My Cloud EX4 \\WDMYCLOUDEX4
My Cloud EX2100 \\WDMYCLOUDEX2100
My Cloud EX4100 \\WDMYCLOUDEX4100
My Cloud DL2100 \\WDMYCLOUDDL2100
My Cloud DL4100 \\WDMYCLOUDDL4100
My Cloud PR2100 \\MYCLOUDPR2100
My Cloud PR4100 \\MYCLOUDPR2100
  1. Open Windows File Explorer and click on Network on the left pane.
  2. Key in the network path of the WD NAS, which is based on its device name. Make sure you include \\ before the network path.

  1. You will be asked to key in a user name and password.
    This can be the administrator’s login, or the login of any registered user of your WD NAS.
    Remember – Windows 10 no longer allows guest logins or public access. So you will need to create a password-protected account even for guests to use.

  1. Once you successfully authenticate your user name and password, the network shares of your WD NAS will become visible in File Explorer under Network!You can stop here, but you will need to keep keying in the network path and login to access your NAS every time you boot into Windows.

  1. For more convenience, you can create a password-protected Private Share.Start by right-clicking on a network share from your WD NAS and select Map network drive…

  1. Select a drive letter for the network share.
    Check Reconnect at sign-in if you don’t want to automatically log into the drive.
    Then click Finish to map the drive.

That’s it! If you expand This PC in Windows File Explorer, you should now see that the WD NAS network drive has now been mapped by its device name!

 

Alternate Solution : Enable Network Discovery Without SMB1

This Windows 10 workaround can be used if your WD NAS supports SMB2 or SMB3 and you prefer not to map the network drives.

  1. Go to Windows Services.
  2. Start these two services :
    Function Discovery Provider Host
    Function Discovery Resource Publication
  3. Set the Startup type for both those services to Automatic (Delayed Start).
  4. Open Windows File Explorer and go to Network.
  5. When prompted, enable Network Discovery.

Your WD NAS shares should now be visible in Windows File Explorer.

 

Worst Case Solution : Enable Network Discovery Without SMB1

This should only be attempted if your WD NAS simply cannot support SMB2 or SMB3, and can only use SMB1.

  1. Go to Control Panel > Programs.
  2. Click on Turn Windows features on or off.
  3. Expand the SMB 1.0/CIFS File Sharing Support option.
  4. Check the SMB 1.0/CIFS Client option.
  5. Click the OK button.
  6. Restart Windows 10

After Windows 10 restarts, your WD NAS shares should now be visible in Windows File Explorer.

 

Recommended Reading

Go Back To > Computer Hardware | Home

Support Tech ARP!

If you like this review, please support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Mac Camera Cover Guide : Why Apple Is Wrong!

Apple recently advised everyone not to cover the camera of their Mac laptops, and rely instead on the camera indicator light.

Find out why Apple is WRONG, and why you need to physically cover your Mac computer’s camera!

 

Mac Camera Cover : What Is It For?

Cybersecurity specialists have long advocated covering the built-in camera of your computers, not just MacBook laptops or Mac desktops, with a camera cover of some sort.

This prevents hackers from taking over that camera, and secretly recording you. This has implications beyond just recording your embarrassing moments for blackmail.

With access to your laptop camera, hackers can determine when you are away from home, who lives at your home, who you are working with, and even where you currently are.

 

Apple : Don’t Use A Camera Cover For Your Mac

In their recent HT211148 tech advisory, they asked Mac laptop (MacBook, MacBook Air, MacBook Pro) users not to use any camera cover.

Recommended : Warning : Using A Camera Cover Can Damage Your MacBook!

Instead, they recommended that you use these two built-in features for your privacy :

A. The Green Camera Indicator Light

Apple points out that your Mac computer has a camera indicator light that glows green whenever the camera is active.

They also claimed that the camera is designed not to activate unless its indicator light is also turned on.

B. The Camera Access Control

As an additional measure built into macOS Mojave or later, you must give an app permission before it can use your Mac computer’s camera.

To view which apps has access to your Mac computer’s camera, and to revoke any app’s access :

  1. On your Mac, choose Apple menu  > System Preferences, click Security & Privacy, then click Privacy.
  2. Select Camera.
  3. Select the tickbox next to an app to allow it to access your camera.Deselect the tickbox to turn off access for that app.If you turn off access for an app, you’re asked to turn it on again the next time that app tries to use your camera.

 

Why Apple Is Wrong, And You Need To Cover Your Mac Camera!

Apple fans may hate us for this, but they are wrong. You must physically cover your Mac computer’s camera to protect yourself.

Hackers Always Disable The Indicator Light

Mac computers are not the only ones to feature an indicator light for their built-in cameras. Most computers with a built-in webcam have such an indicator light.

It is, therefore, SOP for hackers to disable the indicator light after gaining control of the camera. Camfecting attacks won’t work if you are aware that the camera is turned on…

Apple asserts that the camera and its indicator light on Mac computers are wired in series, so the camera won’t work if the indicator light is turned off.

However, a 2013 Johns Hopkins University paper showed how it was possible to disable the indicator light of a Mac computer’s webcam, even though the camera module had a “hardware interlock”.

This isn’t just an obscure research subject. The FBI has the capability to covertly activate a computer’s camera without triggering the indicator light, according to Marcus Thomas, the former assistant director of FBI’s Operational Technology Division.

The only ways to prevent such attacks would be to either turn off your computer, or physically cover the camera.

Hackers Won’t Ask You For Permission

Security researcher Ryan Pickren showed in April 2020 how seven flaws in Apple Safari can let malicious websites hijack your camera and microphone to spy on you.

All you have to do is click on a link, and it lets the malicious website gain access to your webcam without asking for permission.

So much for the Mac Camera Access Control feature…

You May Not Notice The Light

Even if the camera indicator light is not disabled, it doesn’t mean you will immediately realise when the light turns on.

By the time you realise the green light is actually glowing, it may already be too late.

This is partly because it emits a steady glow, and doesn’t blink. Of course, a blinking light is bloody irritating, but we are more likely to notice it than a static green glow.

The only way to prevent that is to physically cover the camera.

Hackers Can Turn On Sleeping Or Hibernating Computers

Don’t assume that just because your Mac computer is sleeping or hibernating, hackers cannot access its camera.

They can potentially wake your computer, turn on the camera and record from it, with the indicator light turned off.

Security researcher Pedro Vilaça showed in 2015 how it was possible to remotely “root” and take over a Mac computer after it wakes up from sleep mode of 30 seconds or longer.

Irrespective of the method used, once hackers gain control of your computer, they can turn on its Wake On LAN (WOL) feature to remotely wake up your computer, like what the Ryuk ransomware does.

The only way to prevent that is to turn off your computer, or physically cover the camera.

Cybercriminals Can Trick You With A Fake Blackmail

Even if cybercriminals are unable to access your camera, they can still trick you into believing they somehow took compromising photos or videos from it.

They send out thousands of spam emails every day to trick people into believing they have been caught on camera.

People who don’t use a camera cover can be convinced into believing that their webcams were somehow compromised, and tricked into paying up to avoid exposure.

The only way to prevent that is to physically cover the camera.

 

The Best Way To Cover Your Mac Computer Camera

While we strongly advise you to cover your Mac computer camera, that does not mean you should risk damaging your display.

Laptop Computers (MacBook, MacBook Air, MacBook Pro)

According to Apple, we should not use any camera cover that is more than 0.1 mm thick. That basically rules out any camera cover, because it is impossible to make one that thin.

They also advise again using anything that leaves an adhesive residue. So that means cellophane tape (Scotch tape) and packaging tape should be avoided.

So here are the best options for you to consider, based on your requirements :

  1. If you don’t intend to use the camera at all
    a) Use your laptop in clamshell mode, with a separate monitor, keyboard and mouse
    b) Cover the camera with masking tape, which is gentle and leaves no residue
  2. If you plan to use the camera
    – Cut a small piece of sticky note, so that there is an adhesive part and a non-adhesive part.
    – Alternatively, cut a piece of masking tape, and fold part of it to create a non-adhesive portion.
    – Cover the camera with the adhesive part
    – You can then use the non-adhesive portion to pull it off whenever you need to use the camera

Desktop Computers (iMac, iMac Pro)

Desktop computers like the iMac or iMac Pro don’t have to worry about damaging their displays with camera covers of any thickness.

We therefore recommend using a proper camera cover that slides to let you use the camera whenever you want to, and physically cover it whenever you don’t.

Just make sure the camera cover does not use excessively strong adhesive, or leaves a residue that will require using solvent to remove, which could damage the display coating!

 

Recommended Reading

Go Back To > Computer | Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Phone Hack Fact Check : Argentina Is Doing It?

Warnings about a new phone hack called Argentina Is Doing It are circulating on social media.

Find out what the Argentina Is Doing It phone hack is all about, and if it’s really true!

 

Argentina Is Doing It : A Video Phone Hack?

Messages about this new phone hack, called Argentina Is Doing It, started circulating today on WhatsApp and Twitter :

Just a heads up….They are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do not open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends.

Now they also said it on CNN

Hackers are going to start circulating a video on WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do not open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. Pass the information on to your family and friends.

Now they also said it on CNN

There is a video circulating WhatsApp that shows how the Covid19 curve is flattening in Argentina. The file is called “Argentina is doing it”, do NOT open it or see it, it hacks your phone in 10 seconds and it cannot be stopped in any way. RT!!

 

Argentina Is Doing It Phone Hack : Complete Bullshit

As you may surmise from the HOAX overlay we placed on the screenshots, there is no such phone hack that uses a COVID-19 video called Argentina Is Doing It. Here are the reasons why…

Reason #1 : There Is No Such Video

There is no COVID-19 video called Argentina Is Doing It. It simply does not exist.

Reason #2 : Argentina Is Far From Flattening The Curve

And such a video on Argentina flattening the curve is unlikely to be created for some time to come, because Argentina is FAR from flattening the curve.

As this graph shows, the number of new cases are increasing weekly. On 16 July, over 3600 new cases were detected, bringing the total of COVID-19 cases to just under 115,000.

Reason #3 : The Story Is Illogical

Consider this for a second – how would anyone know what hackers are planning to do? Or what they are calling it?

If hackers actually created such a malware, they would have released it. Why wait?

Reason #4 : A Video Cannot Hack Your Phone Just Like That

While not completely impossible, it would be impossible for a video to hack phones that easily.

It is plausible for a video to be created to exploit a bug in a specific video player or operating system, just like how the Android wallpaper malware worked.

Such a malware would only be able to attack specific operating systems (Android or iOS), or a specific media player. It cannot just work on every phone – that only happens in movies.

Reason #5 : CNN Never Reported On Such A Video

While the hoax claims that CNN reported on this video, they did no such thing. There is no CNN report on a phone hack using a video called Argentina Is Doing It.

The most recent post on CNN about Argentina’s COVID-19 situation was a report on 26 June 2020, about the reimposition of the Buenos Aires lockdown, due to accelerated COVID-19 spread.

 

Recommended Reading

Go Back To > CybersecurityMobile | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Google Cloud Confidential VM With 2nd Gen AMD EPYC!

Google recently introduced Confidential Computing, with Confidential VM as the first product, and it’s powered by 2nd Gen AMD EPYC!

Here’s an overview of Confidential Computing and Confidential VM, and how they leverage the 2nd Gen AMD EPYC processor!

 

Google Cloud Confidential Computing : What Is It?

Google Cloud encrypts customer data while it’s “at-rest” and “in-transit“. But that data must be decrypted because it can be processed.

Confidential Computing addresses that problem by encrypting data in-use – while it’s being processed. This ensures that data is kept encrypted while in memory and outside the CPU.

 

Google Cloud Confidential VM, Powered By 2nd Gen AMD EPYC

The first product that Google is unveiling under its Confidential Computing portfolio is Confidential VM, now in beta.

Confidential VM basically adds memory encryption to the existing suite of isolation and sandboxing techniques Google Cloud uses to keep their virtual machines secure and isolated.

This will help customers, especially those in regulated industries, to better protect sensitive data by further isolating their workloads in the cloud.

Google Cloud Confidential VM : Key Features

Powered By 2nd Gen AMD EPYC

Google Cloud Confidential VM runs on N2D series virtual machines powered by the 2nd Gen AMD EPYC processors.

It leverages the Secure Encrypted Virtualisation (SEV) feature in 2nd Gen AMD EPYC processors to keep VM memory encrypted with a dedicated per-VM instance key.

These keys are generated and managed by the AMD Secure Processor inside the EPYC processor, during VM creation and reside only inside the VM – making them inaccessible to Google, or any other virtual machines running on the host.

Your data will stay encrypted while it’s being used, indexed, queried, or trained on. Encryption keys are generated in hardware, per virtual machine and are not exportable.

Confidential VM Performance

Google Cloud worked together with the AMD Cloud Solution team to minimise the performance impact of memory encryption on workloads.

They added support for new OSS drivers (name and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols, thus ensuring that Confidential VM will perform almost as fast as non-confidential VM.

Easy Transition

According to Google, transitioning to Confidential VM is easy – all Google Cloud Platform (GCP) workloads can readily run as a Confidential VM whenever you want to.

Available OS Images

In addition to the hardware-based inline memory encryption, Google built Confidential VM on top of Shielded VM, to harden your OS image and verify the integrity of your firmware, kernel binaries and drivers.

Google currently offers images of Ubuntu v18.094, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2.

They are currently working with CentOS, Debian and other distributors to offer additional OS images for Confidential VM.

 

Recommended Reading

Go Back To > Computer | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Galaxy S20 Secure Processor : How It Protects Your Data!

Samsung Galaxy S20 smartphones are amongst the most secure devices in the world, thanks to their built-in Secure Processor. Find out how the Galaxy S20 Secure Processor protects your data!

 

Galaxy S20 Secure Processor : What Is It?

Every Samsung Galaxy S20 smartphone has a slew of security features designed to protect confidential data.

At the heart of the Samsung Knox security system is the Secure Processor, a physical chip that provides an isolated and secure space to store confidential data.

 

Galaxy S20 Secure Processor : How It Protects Your Data!

This short video gives you a quick overview of the Samsung Galaxy S20 Secure Processor’s key features :

Enhanced Hardware Security

Hackers can manipulate components (physical attacks), provoke hardware errors (fault attacks), or analyze heat and electromagnetic emissions (side-channel attacks) to breach smartphone security.

These hardware attacks can only happen if the hacker gets hold of the device physically. But with Galaxy S20 smartphones, their Secure Processor provides a physical shield against such attacks.

The Galaxy S20 Secure Processor continuously scrambles and encrypts the confidential data it stores. It also detects invalid voltage or temperature changes, and is equipped with security algorithms to thwart side-channel attacks.

Extra Level Of Protection

Security at the user level is also critical. To that end, the Galaxy S20 Secure Processor ensures that your lock screen PIN, pattern and password are not susceptible to guesses.

It accomplishes this by making it almost impossible for attackers to reset the error counter, which monitors the number of failed unlock attempts.

Support For Private Keys

The Galaxy S20 Secure Processor can also process blockchain private keys, which are similar to banking passwords for crypto-currency wallets.

It even supports Strongbox Keymaster, which allows it to provide hardware protection for private keys or sensitive data on third-party apps.

 

Samsung Galaxy S20 Smartphones : Where To Buy?

Here are the online purchase options for the Samsung Galaxy S20 smartphones :

Malaysia

Singapore

United States

United Kingdom

Australia

 

Recommended Reading

Go Back To > Mobile Devices | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How AMD CPUs Work In A Secured-core PC Device!

Microsoft just announced their partnership with AMD, Intel and Qualcomm to protect the PC’s firmware and operating system through the Secured-core PC initiative.

With help from Akash Malhotra, AMD Director of Security Product Management, here is everything you need to know about how AMD CPUs work in a Secured-core PC device!

 

What Is A Secured-core PC Device?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices are targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

Recommended : The Microsoft Secured-core PC Initiative Explained!

 

What Security Features Are Already In AMD CPUs?

Before we look at how AMD CPUs work in a Secured-core PC device, let’s take a look at what security features they ship with :

SKINIT: The SKINIT instruction helps create a “root of trust” starting with an initially untrusted operating mode. SKINIT reinitializes the processor to establish a secure execution environment for a software component called the secure loader (SL) and starts execution of the SL in a way to help prevent tampering SKINIT extends the hardware-based root of trust to the secure loader.

Secure Loader (SL): The AMD Secure Loader (SL) is responsible for validating the platform configuration by interrogating the hardware and requesting configuration information from the DRTM Service.

AMD Secure Processor (ASP): AMD Secure Processor is dedicated hardware available in each SOC which helps enable secure boot up from BIOS level into the Trusted Execution Environment (TEE). Trusted applications can leverage industry-standard APIs to take advantage of the TEE’s secure execution environment.

AMD-V with GMET: AMD-V is set of hardware extensions to enable virtualization on AMD platforms. Guest Mode Execute Trap (GMET) is a silicon performance acceleration feature added in next gen Ryzen which enables hypervisor to efficiently handle code integrity check and help protect against malware.

 

How AMD CPUs Work In A Secured-core PC Device

In a Secured-core PC powered by an AMD CPU, the firmware and bootloader will initialise, and shortly after, the system will transition into a trusted state with the hardware forcing the firmware down a well-known and measured code path.

That means the firmware is authenticated and measured by the security block in the AMD CPU, and that measurement is stored securely in TPM for verification and attestation by the operating system.

At any point after that, the operating system can request that the AMD security block remeasure and compare the firmware against the old values, before executing further operations. This way, the operating system can help verify the integrity of the system over time.

In AMD processors, the firmware protection is handled by the AMD Dynamic Root of Trust Measurement (DRTM) Service Block that is made up of SKINIT CPU instruction, ASP and the AMD Secure Loader (SL).

This block is responsible for creating and maintain a chain of trust between components by performing these functions:

  • Measure and authenticate firmware and bootloader
  • Gather the following system configuration for the OS, which will in turn validate them against its security requirements and store information for future verification.
    • Physical memory map
    • PCI configuration space location
    • Local APIC configuration
    • I/O APIC configuration
    • IOMMU configuration / TMR Configuration
    • Power management configuration

 

AMD SMM Supervisor

Although the method above protects the firmware, AMD points out that the System Management Mode (SMM) also needs to be protected.

SMM is a special-purpose x86 CPU mode that handles power management, hardware configuration, thermal monitoring, etc. Because SMM code executes in the highest privilege level and is invisible to the operating system, it is an attractive target for attackers.

To help isolate SMM, AMD introduced a security module called AMD SMM Supervisor that will :

  • Block SMM from being able to modify Hypervisor or OS memory. An exception is a small coordinate communication buffer between the two.
  • Prevent SMM from introducing new SMM code at run time
  • Block SMM from accessing DMA, I/O, or registers that can compromise the Hypervisor or OS

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The Microsoft Secured-core PC Initiative Explained!

Microsoft and their hardware partners just announced the Secured-core PC initiative to combat threats that target the PC’s firmware and operating system.

With help from David Weston, Partner Director of Microsoft OS Security, here is everything you need to know about the Secured-core PC initiative!

 

What Is The Secured-core PC Initiative?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices will be targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

 

Is There A Need For Secured-core PC?

As more protection is built into the operating system and connected services, attackers are exploring other methods with firmware emerging as a top target.

The NIST’s National Vulnerability Database shows a near 5X increase in the number of firmware vulnerabilities in the last 3 years :

In late 2018, security researchers discovered that the hacking group Strontium targeted systems in the wild with malware that made use of firmware vulnerabilities.

Because it targeted firmware, the malicious code was hard to detect, and difficult to remove. It even persists after the operating system is reinstalled, or the storage drive replaced!

 

Why Is Firmware The New Target?

Firmware is used to initialise the hardware and software when a device is started up. It therefore has a higher level of access and privileges than the hypervisor and operating system kernel.

This means firmware attacks that succeed can undermine protective mechanisms like Secure Boot that the hypervisor or operating system use to protect against malware.

Firmware attacks can more easily evade endpoint protection and detection solutions, because the latter run under the operating system layer, and therefore have limited visibility of the firmware layer.

 

What Is A Secured-core PC Made Up Of?

Secured-core PCs will combine multiple layers of protection – identity, virtualisation, operating system, hardware and firmware – to prevent attacks, rather than simply detecting them.

They all ensure that the device will boot securely and is protected against firmware vulnerabilities, shielding the operating system from attacks and preventing unauthorised access to the device and data.

Recommended : How AMD CPUs Work In A Secured-core PC Device

System Guard Secure Launch

Microsoft is now implementing System Guard Secure Launch in Windows 10 as a key Secured-core PC requirement.

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities built into the latest processors from AMD, Intel and Qualcomm, to protect the boot process from firmware attacks.

The firmware is used to start the hardware, and then shortly after, re-initialise the system into a trusted state. This helps to limit the trust assigned to the firmware, greatly mitigating against firmware attacks.

This method also helps protect the integrity of the Virtualisation-Based Security (VBS) feature in the hypervisor against firmware vulnerabilities. This is critical because VBS is used for important OS security functions like Windows Defender Credential Guard and Hypervisor-protected Code Integrity (HVCI).

Trusted Platform Module 2.0

Microsoft is also implementing Trusted Platform Module 2.0 (TPM) as a device requirement for Secured-core PCs.

It is used to measure the components that are used during the secure launch process, allowing for zero trust networks using System Guard runtime attestation.

 

Secured-core PC Availability

Secured-core PC devices are available from Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft’s own Surface brand.

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Why AI Digital Intuition Will Deliver Cyberimmunity By 2050!

In his first prediction for Earth 2050, Eugene Kaspersky believes that AI digital intuition will deliver cyberimmunity by 2050. Do YOU agree?

 

What Is Earth 2050

Earth 2050 is a Kaspersky social media project – an open crowdsourced platform, where everyone can share their visions of the future.

So far, there are nearly 400 predictions from 70+ visionaries, from futurologist Ian Pearson, astrophysicist Martin Rees, venture capitalist Steven Hoffman, architect-engineer Carlo Ratti, writer James Kunstler and sci-fi writer David Brin.

Eugene himself dabbles in cyberdivination, and shares with us, a future of cyberimmunity created by AI digital intuition!

 

Eugene Kaspersky : From Digital Intuition To Cyberimmunity!

In recent years, digital systems have moved up to a whole new level. No longer assistants making life easier for us mere mortals, they’ve become the basis of civilization — the very framework keeping the world functioning properly in 2050.

This quantum leap forward has generated new requirements for the reliability and stability of artificial intelligence. Although some cyberthreats still haven’t become extinct since the romantic era around the turn of the century, they’re now dangerous only to outliers who for some reason reject modern standards of digital immunity.

The situation in many ways resembles the fight against human diseases. Thanks to the success of vaccines, the terrible epidemics that once devastated entire cities in the twentieth century are a thing of the past.

 

However, that’s where the resemblance ends. For humans, diseases like the plague or smallpox have been replaced by new, highly resistant “post-vaccination” diseases; but for the machines, things have turned out much better.

This is largely because the initial designers of digital immunity made all the right preparations for it in advance. In doing so, what helped them in particular was borrowing the systemic approaches of living systems and humans.

One of the pillars of cyber-immunity today is digital intuition, the ability of AI systems to make the right decisions in conditions where the source data are clearly insufficient to make a rational choice.

But there’s no mysticism here: Digital intuition is merely the logical continuation of the idea of machine learning. When the number and complexity of related self-learning systems exceeds a certain threshold, the quality of decision-making rises to a whole new level — a level that’s completely elusive to rational understanding.

An “intuitive solution” results from the superimposition of the experience of a huge number of machine-learning models, much like the result of the calculations of a quantum computer.

So, as you can see, it has been digital intuition, with its ability to instantly, correctly respond to unknown challenges that has helped build the digital security standards of this new era.

 

Recommended Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


AMD RyzenFall, MasterKey, Fallout, Chimera Mitigation Guide

The recently-discovered RyzenFall, MasterKey, Fallout and Chimera security flaws affecting AMD’s latest processor platforms are ruining the AMD Ryzen 2 pre-launch vibes. So it’s no surprise to see AMD working hard to fix the vulnerabilities.

In this article, we will share with you the latest AMD mitigation options for the RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities.

 

What’s Really Affected?

While it is accurate to say that the AMD Ryzen and AMD EPYC processors are affected by RyzenFall, MasterKey, Fallout and Chimera, these vulnerabilities do not affect the actual processor cores. Neither are they related to the Zen microarchitecture.

This makes them completely different from the Meltdown and Spectre vulnerabilities that have been “built into” over 2,800 CPU models!

Instead, the new RyzenFall, MasterKey, Fallout and Chimera security vulnerabilities are found in:

  • the AMD Secure Processor (integrated into the new Ryzen and EPYC processors), and
  • the AMD Promontory chipsets that are paired with Ryzen and Ryzen Pro desktop processors.

The AMD Promontory chipset is used in many Socket AM4 desktop, and Socket TR4 high-end desktop (HEDT) platforms.

AMD EPYC, Ryzen Embedded, and Ryzen Mobile platforms do not use the Promontory chipset.

 

The AMD RyzenFall, MasterKey, Fallout + Chimera Mitigations

RyzenFall + Fallout

Issue : An attacker with administrative access can write to the AMD Secure Processor (PSP registers to exploit vulnerabilities in the interface between the x86 processor core and AMD Secure Processor.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware in the x86 System Management Mode (SMM). The access is not persistent across reboots.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

MasterKey (PSP Privilege Escalation)

Issue : An attacker with administrative access can write malicious firmware updates, without the AMD Secure Processor (PSP) detecting the “corruption”.

Impact : The attacker can circumvent security controls to install difficult-to-detect malware. These changes are persistent, even following a system reboot.

Planned Mitigations : AMD will issue AMD Secure Processor firmware patches through BIOS updates in coming weeks. No performance impact is expected.

Chimera

Issue : An attacker with administrative access can install a malicious driver to access certain features in the AMD Promontory chipset.

Impact : The attacker can access physical memory through the Promontory chipset. The attacker can also install difficult-to-detect malware in the chipset, but this is not persistent across reboots.

Planned Mitigations : AMD will issue chipset patches through BIOS updates in coming weeks. No performance impact is expected.

 

Reading Suggestions

[adrotate group=”2″]

Go Back To > Guides | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Apple Rushed Out macOS Root Bug Fix & It Shows…

Lemi Orhan Ergin did not give Apple any forewarning when he publicly revealed the massive macOS root bug on Twitter. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushed on a bug fix. The good news is Apple just issued the root bug fix in Security Update 2017-001.

This is really fast work, but it also showed their sloppiness. Hopefully, the bug fix does not introduce additional bugs!

 

macOS Security Update 2017-001

[adrotate group=”2″]

Apple released macOS Security Update 2017-001 just a day after the macOS root bug was revealed. They also gave us more information on the bug that caused so much ruckus around the world (and rightly so).

  • The bug only affected macOS High Sierra 10.13.1.
  • The bug did not affect computers running macOS Sierra 10.12.6 or earlier.
  • They confirmed that it allowed an attacker to “bypass administrator authentication without supplying the administrator’s password“.

You can get more details on the root bug in our dedicated article – The macOS High Sierra Root Bug Explained!

 

How Do I Download The Root Bug Fix?

The macOS root bug fix is now available for download via the App Store. If it doesn’t appear yet, just click on the Updates icon to refresh.

Please note that this bug fix will reset and disable the root user account.  If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.

 

Terminal Users, Watch Out!

If you’re using Terminal to update though, you may face some complications due to Apple’s sloppiness. Chai discovered that Apple accidentally used a space instead of the version number.

This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.

softwareupdate -i “Security Update 2017-001- “

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The macOS High Sierra Root Bug Explained! Rev. 2.0

The Internet is abuzz with the shocking revelation that now everyone can hack an Apple computer… as long as it’s using the latest macOS High Sierra operating system. Let us explain what’s going on, and share with you the workaround for the macOS High Sierra root bug.

Updated @ 2017-11-30 : Added a new section on the Apple bug fix (Security Update 2017-001) [1], and additional information on the root bug [2].

Originally posted @ 2017-11-29

 

What Is Root User?

If you are the primary user of a MacOS X system, you have an administrator account with administrator privileges. This gives you more privileges and access than a standard user account. However, that is not the highest access level possible.

There is a Mac superuser account called “root” that gives you elevated read and write privileges to hidden or protected areas of the system. With the Mac root user account, you can even access files in other user accounts.

In fact, it gives you such God-like powers, you can modify or even delete critical system files. In fact, a Mac root user can use the rm -rf * command to delete the contents of every mounted drive in the computer, until macOS crashes when a crucial file or folder is deleted.

So this Mac root user account should only remain disabled unless you really, REALLY need to use it.

Suggested Reading : The Mac Root User Login & Password Guide

 

The macOS High Sierra Root Bug Updated!

On Tuesday, 28 November 2017, Turkish software developer Lemi Orhan Ergin revealed the macOS High Sierra root bug. With a few simple steps, anyone can gain elevated root user privileges in any computer running macOS High Sierra! Here is a summary of what we know about the root bug :

  1. The root bug exploit requires a computer running macOS High Sierra, with multiple user accounts.
  2. When prompted for a username and password, use these steps to gain root user access without any password :
    • Type “root” as the username and leave the password field blank.
    • Just click “Unlock” twice.
  3. The root bug cannot be exploited remotely, unless screen sharing is enabled.
  4. The root bug was introduced in macOS High Sierra 10.13.1. Earlier versions of macOS were not affected.
  5. Apple confirmed that the bug was due to “a logic error… in the validation of credentials“.
  6. Apple also confirmed that the bug would allow an attacker to “bypass administrator authentication without supplying the administrator’s password“.
  7. Several security researchers successfully replicated the bug.

 

How Serious Is This Root Bug?

The macOS High Sierra root bug is EXTREMELY serious, because it allows a hacker to easily bypass all of the macOS operating system’s security protections.

It doesn’t matter if you encrypted your computer, and secured it with an extremely long and complex password. Anyone who gains root user privileges using this bug can access (read, copy or move) the files in any user account (even those of an administrator) without knowing the password.

What’s even more troubling is that the root bug works even with a disabled root user account. This means the vast majority of Apple computers running on High Sierra are compromised, as the root user account is disabled by default.

 

How To Fix The Root Bug?

Unlike other security researchers, Lemi Orhan Ergin did not forewarn Apple before publicly revealing the bug, on Twitter no less. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushes to fix the bug.

1. Install macOS Security Update 2017-001 New!

Apple just released Security Update 2017-001. This update will remove the root bug and improve credential validation. INSTALL THIS UPDATE NOW!

Note : This bug fix will reset and disable the root user account.  If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.

Note : Apple rushed out this update so quickly that they accidentally used a space instead of the version number. You can read more about this in our article – Apple Rushed Out macOS Root Bug Fix & It Shows…

This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.

softwareupdate -i “Security Update 2017-001- “

2. Enable Root User With Your Own Password

[adrotate group=”2″]

If you cannot apply Apple’s bug fix yet, you can block this root bug by enabling the root user account, and setting a password for it.

It’s not so straightforward, so we created a step-by-step guide for you – The Mac Root User Login & Password Guide.

3. Use Additional Encryption

Alternatively, you can opt to move your sensitive data to encrypted containers or drives using third-party encryption utilities like VeraCrypt. Hackers may use the High Sierra root bug to gain access to the encrypted containers or drives, but without the correct password, the actual data won’t be accessible.

4. Physically Protect Your Apple Computer

The good news is the High Sierra root bug generally requires physical access to your Apple computer. Until this bug is fixed, you should make sure your Apple computer is never left unsupervised.

Keep it in a locked room or bag, whenever you are not using it. If no one can get to it, they cannot use the bug to gain root access.

5. Disable Screen Sharing

The High Sierra root bug can be exploited remotely if Screen Sharing is enabled. So make sure you disable Screen Sharing.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Mac Root User Login & Password Guide

Want to have elevated God-like privileges to your Mac OS X system? Then you need to be a Mac root user. In this guide, we will teach you how to enable the root user account in OS X, change the password, and disable it.

For experienced users or power users, you can use Terminal to quickly make these changes :

[adrotate group=”2″]

If you are an inexperienced user, you can use the GUI method, which has more steps but does not require keying in commands.

 

What Is The Mac Root User?

If you are the primary user of a MacOS X system, you have an administrator account with administrator privileges. This gives you more privileges and access than a standard user account. However, that is not the highest access level possible.

There is a Mac superuser account called “root” that gives you elevated read and write privileges to hidden or protected areas of the system. With the Mac root user account, you can even access files in other user accounts.

In fact, it gives you such God-like powers, you can modify or even delete critical system files. So this Mac root account should only remain disabled unless you really, REALLY need to use it.

OS X High Sierra currently has a root bug that allows practically root access in a few simple steps. Therefore, Apple advises you to enable the Mac root account, with your own password, until they fix the bug.

Suggested Reading : The macOS High Sierra Root Bug Explained

 

How To Enable The Mac Root User / Change Password (Terminal Method)

Requisite : You need to be logged into an administrator account.

Please note this method is used to both enable the root account, and to change its password. The single command line of sudo passwd root both changes its password, while enabling the root account.

Step 1 : Click on the Apple () menu, and select System Preferences.

Step 2 : Click on Utilities, and select Terminal.

Step 3 : Type sudo passwd root and press Enter.

sudo passwd root

Step 4 : You will be asked for your administrator password, not the new root password. Key in your administrator password and hit Enter.

Step 5 : Now key in the new root password, and hit Enter. Then retype the new root password for verification, and hit Enter.

That’s it! You have successfully enabled the Mac root account, with a password of your choice. To use it, you need to log off your administrator account.

[adrotate group=”1″]

 

How To Disable The Mac Root User (Terminal Method)

Requisite : You need to be logged into an administrator account.

Step 1 : In Terminal, type dsenableroot -d and press Enter.

dsenableroot -d

Step 2 : Key in your administrator password (not the root user password), and hit Enter.

If you succeed, you will see the notification : ***Successfully disabled root user.

Next Page > How To Enable The Mac Root User Account (GUI Method)

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How To Enable The Mac Root User Account (GUI Method)

Requisite : You need to be logged into an administrator account.

Step 1 : Click on the Apple () menu, and select System Preferences.

Step 2 : Click on Users & Groups.

Step 3 : In the Users & Groups screen, click on the lock and key in your administrator name and password.

Step 4 : Click on Login Options.

[adrotate group=”1″]

Step 5 : Click on the Join… (or Edit…) button next to Network Account Server.

Step 6 : Click on the Open Director Utility… button.

Step 7 : Click on the lock, and key in your administrator name and password.

Step 8 : In the Directory Utility menu bar, select Edit and click on Enable Root User.

Step 9 : Now, key in the password you want, and a second time for verification, and click OK.

That’s it! You have successfully enabled the Mac root user account, with a password of your choice. To use it, you need to log off your administrator account.

Next Page > How To Change The Mac Root User Password

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How To Change The Mac Root User Password (GUI Method)

Requisite : You need to be logged into an administrator account, and have the root user account enabled.

If you have just enabled the root user account, and are still in the Directory Utility screen, skip ahead to Step 8.

Step 1 : Click on the Apple () menu, and select System Preferences.

Step 2 : Click on Users & Groups.

Step 3 : In the Users & Groups screen, click on the lock and key in your administrator name and password.

Step 4 : Click on Login Options.

Step 5 : Click on the Join… (or Edit…) button next to Network Account Server.

[adrotate group=”1″]

Step 6 : Click on the Open Director Utility… button.

Step 7 : Click on the lock, and key in your administrator name and password.

Step 8 : In the Directory Utility menu bar, select Edit and click on Change Root Password.

Step 9 : Now, key in the new password you want, and a second time for verification, and click OK.

That’s it! You have successfully changed the Mac root user password. To use it, you need to log off your administrator account.

Next Page > How To Disable The Mac Root User Account

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

How To Disable The Mac Root User Account (GUI Method)

Requisite : You need to be logged into an administrator account, and have the root user account enabled.

If you have just enabled the root user account, and are still in the Directory Utility screen, skip ahead to Step 8.

Step 1 : Click on the Apple () menu, and select System Preferences.

Step 2 : Click on Users & Groups.

Step 3 : In the Users & Groups screen, click on the lock and key in your administrator user name and password.

Step 4 : Click on Login Options.

[adrotate group=”1″]

Step 5 : Click on the Join… (or Edit…) button next to Network Account Server.

Step 6 : Click on the Open Director Utility… button.

Step 7 : Click on the lock, and key in your administrator name and password.

Step 8 : In the Directory Utility menu bar, select Edit and click on Disable Root User.

That’s it! You have successfully disabled the Mac root user account.

Go Back To > First PageGuides | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

iOS 11 Has A New Secret Ability To Quickly Disable Touch ID

Apple just released iOS 11, and hidden amongst its many new features is a new secret ability to quickly disable Touch ID. We will share with you the details of this new feature, and why you should learn how to use it.

 

How To Quickly Disable Touch ID

Note : This method only works with iOS 11. If you are using an older iPhone, you must upgrade to iOS 11 first.

To quickly disable Touch ID, rapidly tap the Power button five times.

This temporarily disables Touch ID, and displays the Emergency Services screen, where you can dial 911 / 999 without unlocking the iPhone.

Touch ID is disabled only until you enter your Passcode. Authenticating yourself using the Passcode re-enables Touch ID.

This new method beats the previous methods that include using five different fingers on Touch ID to lock it out, or disabling it in the settings.

 

Why Should You Learn How To Disable Touch ID?

[adrotate group=”2″]

Everyone should learn how to use this method to quickly disable Touch ID. Why?

First of all, it is a great security feature. It prevents someone from forcibly using your fingerprint to gain access to your iPhone.

The most obvious candidates of such a dastardly act would be oppressive governments and law enforcement officers who don’t care for civil rights. But it could also be a robber or a suspicious spouse.

If you can quickly disable Touch ID, they will need you to key in your Passcode. No amount of forcing you to touch your fingers against the Touch ID sensor will gain them access to your iPhone.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

I/O Interface Security from The Tech ARP BIOS Guide

I/O Interface Security

Common Options : Locked, Unlocked

 

Quick Review of I/O Interface Security

The I/O Interface Security BIOS feature is mainly found in mobile PCs like laptops and netbooks. It gives you direct control over the availability of various interfaces in the computer.

The interfaces you can control with this BIOS feature include :

  • Audio Interface – when locked, it disables the onboard audio interface and prevents the use of microphones or earphones.
  • Modem Interface – enables or disables the onboard modem
  • LAN Network Interface – enables or disables the onboard LAN functionality
  • Wireless Network Interface – enables or disables the onboard WLAN functionality
  • SATA ODD – when locked, prevents data from being burned into CD/DVD (using a CD/DVD writer)
  • eSATA Port – when locked, prevents data from being copied out to an external eSATA hard disk drive or an external CD/DVD writer.
  • Express Card Interface – enables or disables the built-in Express Card interface
  • Card Reader Interface – enables or disables the built-in flash memory card reader
  • 1394 Interface – enables or disables the built-in IEEE1394a (Firewire) interface
  • USB Interface – enables or disables the built-in USB ports

To enable or disable those interfaces, you can select between the Locked or Unlocked options. By default, all available interfaces are unlocked. Of course, the BIOS must be secured using a password for the locks to work. Otherwise, anyone can simply unlock these interfaces using the same BIOS feature.

In addition, the I/O Interface Security BIOS feature can only lock onboard devices. It cannot lock external devices. In the case of a desktop PC, this BIOS feature cannot be used to lock extra interfaces provided by add-on cards.

 

Details of I/O Interface Security

The I/O Interface Security BIOS feature is mainly found in mobile PCs like laptops and netbooks. It gives you direct control over the availability of various interfaces in the computer. The interfaces you can control with this BIOS feature include :

  • Audio Interface – when locked, it disables the onboard audio interface and prevents the use of microphones or earphones.
  • Modem Interface – enables or disables the onboard modem
  • LAN Network Interface – enables or disables the onboard LAN functionality
  • Wireless Network Interface – enables or disables the onboard WLAN functionality
  • SATA ODD – when locked, prevents data from being burned into CD/DVD (using a CD/DVD writer)
  • eSATA Port – when locked, prevents data from being copied out to an external eSATA hard disk drive or an external CD/DVD writer.
  • Express Card Interface – enables or disables the built-in Express Card interface
  • Card Reader Interface – enables or disables the built-in flash memory card reader
  • 1394 Interface – enables or disables the built-in IEEE1394a (Firewire) interface
  • USB Interface – enables or disables the built-in USB ports

To enable or disable those interfaces, you can select between the Locked or Unlocked options. By default, all available interfaces are unlocked.

[adrotate group=”1″]

The I/O Interface Security BIOS feature is useful in many ways. For example, the USB, SATA ODD, eSATA, Express Card and card reader interfaces can be locked to prevent users from copying out any data from the notebook. Companies that wish to prevent their employees from surfing the Internet can use this BIOS feature to lock the WLAN, LAN and modem interfaces.

Of course, the BIOS must be secured using a password for the locks to work. Otherwise, anyone can simply unlock these interfaces using the same BIOS feature.

In addition, the I/O Interface Security BIOS feature can only lock onboard devices. It cannot lock external devices. For example, if you do not lock the Express Card interface, it would be possible to insert a flash card reader into the Express Card slot and use it to copy out data even if you had already disabled the card reader interface.

In the case of a desktop PC, this BIOS feature cannot be used to lock extra interfaces provided by add-on cards. For example, locking the USB interface will not disable the USB ports provided by an add-on PCI USB card. It will only disable the motherboard’s built-in USB ports and headers.

For those who are wondering what SATA ODD means, ODD is short for Optical Disk Drive. It refers to any SATA optical disk drives that uses the ATAPI command set. This includes both read-only and writeable optical disk drives.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Samsung Galaxy Note7 Knox Security Features Explained

On August 25, 2016, Samsung Malaysia hosted an exclusive Samsung Galaxy Note7 Enterprise Business Showcase at the Marriott Putrajaya. At this event, Samsung focused on the enterprise and business aspects of the Samsung Galaxy Note7, focusing on the new Samsung Knox 2.7 security features.  

Samsung Galaxy Note7 Knox Security Explained

Mr. Young Kim, Vice President of Samsung’s Global B2B Service Group, flew in to give a detailed explanation of the new Galaxy Note7 Knox security features. Check it out :

 

Five New Security Solutions

Thanks to its Samsung Knox security features, iris scanning capability, S-Pen and IP68 water-resistance, the Samsung Galaxy Note7 is designed to address the business and security needs of enterprise users in the field. They help enable the five new security solutions introduced by Samsung at the same event. [adrotate banner=”4″] The new Samsung Cloud Document Solution will benefit corporate professionals and government officials by providing them secured access to classified documents stored in the cloud. Knox Customization allows for software customization on the Galaxy Note7 where corporate IT administrators can add corporate boot image and wallpaper, preload certain applications, and pre-set the device settings. For officers on the field, Incident Report Solution allows them to report incidents and document cases to the system and track progress. Konnected Patrol, on the other hand, authenticates the security officers actual check-in to the sites assigned by the headquarters and identifies the right personnel at the premises. Finally, Secure Document Delivery works specifically to ensure that important parcels are delivered and signed by authorised personnel. These include military delivery of goods and food, weapons real-time monitoring, and security firms’ delivery of cash.  

Samsung Galaxy Note7 Key Features Revealed

For those who have not read up on the cool features introduced in the Samsung Galaxy Note7, don’t worry. In this video, Mr. Julian Thean, Senior Product Manager, Samsung Malaysia, goes through the new features in the Samsung Galaxy Note7.

[adrotate banner=”5″]  

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

The Galaxy Note7 Iris Scanner Explained

In a world that is more digitally connected than ever before, keeping your personal data safe is essential. That’s why the Galaxy Note7 provides best-in-class security features, like the new iris scanning technology, familiar fingerprint scanning capabilities and Samsung’s trusted Knox security platform.

Samsung’s fingerprint scanning technology has been widely used to ensure device security and protection of data, such as mobile payment information on services like Samsung Pay. But with the Galaxy Note7, new iris scanning technology has been integrated to provide users with an additional form of authentication to reinforce security.

With this innovative, highly-secure technology, users don’t even need to touch their phone to verify their identity; they simply need to look at the device’s screen to complete the scanning process.

 

Note7 Iris Scanner

For Your Eyes Only

Iris scanning is an automated method of biometric identification that uses mathematical pattern recognition of images of an individual’s iris, either from one or both eyes.

To obtain these images, an authentication device scans the iris—which is the thin, colored ring of the eye that opens and shuts the pupil like a camera shutter, thus regulating the amount of light that reaches the retina.

 

 

Each individual has a uniquely different and highly intricate iris pattern in each eye, which is completely developed at a very young age and remains unchanged throughout one’s lifetime. This, combined with the fact that iris patterns are almost impossible to replicate, makes iris scanning one of the most secure and reliable biometric techniques available.

As a result, it is widely being used for access control in pharmaceutical dispensing, border control and airport security. Samsung has had success with this technology with the Galaxy Tab Iris, a highly secure biometric device created for government organizations and enterprises in India.

Bringing Biometrics to the Smartphone

Once a user registers his or her iris information on the Galaxy Note7, it is stored as an encrypted code. When a user attempts to access content, such as a protected app, the infrared (IR) LED and Iris camera work together to capture the iris pattern for recognition, extract and digitize the pattern, and compare the digitized pattern with the encrypted code to verify access.

 

Samsung was able to apply two new components to enable iris recognition without sacrificing the design of the Galaxy Note7. To do so, the device was equipped with a dedicated iris camera, which utilizes a special image filter to receive and recognize the reflected images of the irises with a red IR LED light.

This red light allows for the best range for iris scanning. Furthermore, unlike traditional visible (or RGB) images, which can be affected by iris color or ambient light, infrared images display clear patterns and have low light reflection.

Samsung’s proprietary technology also makes use of the light emitted from the Galaxy Note7’s display so the scanner can receive data even in low light environments.

Together, these components ensure that iris readings are accurate and speedy. In fact, iris scanning requires fewer registration trials and results in fewer false acceptances than fingerprint scanning.

And with the Galaxy Note7, users get the peace of mind knowing that their iris data is encrypted and stored safely in the hardware by the Knox platform, just as fingerprint data has been stored in the past. Furthermore, only one person can register his or her iris information, which means that even if the device is stolen or lost and someone else is able to gain access to the smartphone, the user’s iris information won’t be compromised.

The IR LED of the Galaxy Note7 is also safe to use with no health implications associated with the technology, and received the highest International Electrotechnical Commission (IEC) 62471 (photo biological stability) certification level. In addition, the device will automatically switch off if it detects that the human eye is too close or exposed too long to the IR LED sensor.

[adrotate banner=”5″]

 

All Eyes on Mobile Security

Leveraging this iris scanning technology, the Galaxy Note7 offers newly added services to provide an additional layer of security.

The first is Secure Folder, a separate folder that lets users manage private apps and files securely via fingerprint, iris scanner, pattern or PIN.

Users may leverage this service to keep private and personal data, such as banking information, completely separate on their smartphone. It’s also a great tool for parents who want to block access to specific games or content from their children. Secure Folder is easy to use and has few restrictions for content storing or app sharing on the device.

Another added security feature, Samsung Pass, enables users to quickly log into websites on the Samsung Internet Browser using biometric authentication. Because users don’t have to waste time constantly inputting a username or password, Samsung Pass adds an element of convenience to the latest addition of the Galaxy Note lineup.

In addition to secure storing and faster access, Samsung is also establishing partnerships with major financial institutions such as Bank of America, Citibank and U.S. Bank to explore the integration of the iris scanner into mobile banking apps.

But mobile banking is only the beginning. As developers start to make use of the device’s onboard iris scanner to enable the verification of transactions and other activities, Samsung’s iris scanning technology will expand to various industries.

As we continue to store and have access to more private and highly sensitive information on our phones, the Galaxy Note7 delivers the security users trust and the privacy they rely on.

For enterprise, iris scanning technology can also be used to authenticate access to Knox Workspace container that is a trusted by many of our enterprise customers to reinforce security via their corporate EMM solution of choice.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

F-Secure Offers Journalists Free Freedome Privacy & Security App

May 3, 2016 – Today is World Press Freedom Day – an event designed to highlight the importance of free speech as a human right. Having free speech lets journalists investigate problems happening all over the globe, often at the expense of their own privacy, or even personal safety. So F-Secure, a Finnish cyber security company, is taking steps to help journalists safeguard their right to free speech by offering them free VPN subscriptions.

According to Reporters without Borders’ 2016 World Press Freedom Index, Finland has the freest media in the world, making it fitting that this year’s World Press Freedom Day event is being held in the Finnish capital of Helsinki. However, the report also noted the overall freedom of press is in a global decline, and dropped by 13.6 percent since 2013.

“Free speech is something nurtured by some governments, but many see it as a threat when mobilized in an institution like the media,” says F-Secure Cyber Security Advisor Erka Koivunen. “And even though technology has given governments unprecedented surveillance capabilities, it’s also given people ways to protect themselves. Encryption is probably the best tool available to journalists if they want to conduct investigatory work without suffering reprisals from oppressive governments and institutions.”

Journalists can use VPNs such as F-Secure Freedome to encrypt their communications, change their virtual location, and block malicious websites and online tracking attempts. And to help make using encryption more accessible for journalists, F-Secure is offering free 12-month subscriptions for Freedome to journalists until May 15.

[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!

Trend Micro 2015 Security Roundup Details

9 March 2016 – Today, Trend Micro Incorporated released its 2015 security roundup report, “Setting the Stage: Landscape Shifts Dictate Future Threat Response Strategies,” which dissects the most significant security incidents from 2015. The research confirms attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis.

“Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security,” said Raimund Genes, CTO, Trend Micro. “The prevalence and sophistication of extortion, cyberespionage and expanding targeted attacks now dictate that organizational security strategies must be prepared to defend against a potentially greater onslaught in 2016. This realization can help the security community better anticipate and respond to what attackers are trying to accomplish.”

Online extortion and cyberattacks were a top concern in 2015, with several high-profile organizations being victimized. Ashley Madison, Hacking Team, the Office of Personal Management and Anthem were a few of these high-profile attacks that left millions of employees and customers exposed. A majority of data breaches in the U.S. in 2015 (41 percent) were caused by device loss, followed by malware and hacking.
Additional report highlights include:

  • Pawn Storm and Zero-Days – In 2015 there were more than 100 zero-days discovered in addition to the long-running cyberespionage campaign Pawn Storm utilized several zero-day exploits to target high-profile organizations, including a U.S. defense organization, the armed forces of a NATO country and several foreign affairs ministries.
  • Deep Web and Underground Explorations – In 2015, cybercriminal markets began to penetrate the recesses of the Deep Web. Each underground market mirrors the culture in which it resides, offering specific wares most profitable in each region.
  • Smart Technology Nightmares – Attacks against connected devices accelerated in 2015, proving their susceptibility. Smart cars and businesses, seen in Trend Micro’s GasPot experiment, were among a few of the new concerns brought by IoT technologies.
  • Angler, the ‘King of Exploit Kits’ – From malvertising to Adobe Flash, Angler Exploit Kit gained notoriety in 2015 as the most used exploit. Accounting for 57.3 percent of overall exploit kit usage. Japan, the U.S. and Australia were among the most impacted countries for this attack.
  • Data Held Hostage – Crypto-ransomware rose to 83 percent of overall ransomware use in 2015. Cryptowall was the most frequently used variant, arriving on users’ computers via email or malicious downloads.
  • Takedowns versus DRIDEX – The seizure and takedown of the notorious DRIDEX botnet contributed to a significant decrease in detections within the U.S. However, this led to a resurgence due to the Command and Control infrastructure being hosted on a bulletproof hosting provider, making it virtually impossible to eradicate altogether.
[adrotate banner=”5″]

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!