Sunday, 10 January 2016

Your Location on Windows 10 Phone is Traceable, Here’s How to Disable it

Random Hardware Address Prevents Windows 10 Mobile Phone’s location from being tracked — Here’s how to do it
Tracking users’ location through their Wi-Fi network is not something new however it should be disabled. Here’s a simple image guide on disabling your location tracking on Windows 10 phone.
Microsoft has equipped its Windows 10 mobile phone with numerous new features and the security aspect has also been tweaked a little. In its previous versions, the phone offered reasonable security since at places like shopping malls, public areas and supermarkets your movement could be tracked if the device was connected to a WiFi hotspot.
This used to happen because whenever the device was disconnected from a WiFi network, it continues to try to connect to any nearby accessible wireless network.
These signal-requests may include the device’s unique hardware identifier, called MAC address.
Once the phone finds the connection, the MAC address logs into the wireless network and this information can be used by third parties for tracking your movements whenever you enter the area.
Since large venues have multiple wireless routers, the chances of tracking your location become brighter.
Windows 10, however, offer enhanced privacy on Lumia 950 and Lumia 95- XL through the Random Hardware Access feature.
It randomly generates hardware addresses to make it difficult for third parties to track your mobile phone’s location if it gets connected to a nearby wireless network.
However, this feature is not activated by default on these phones. Therefore, we are providing you the necessary guidelines to enable Random Hardware Addresses to feature in your Win 10 mobile phone.
Activate Random hardware addresses for all Wi-Fi networks
Open the Start screen and bring All Apps by swiping left.
Now locate and open the Settings app and select Network and Wireless and then Wi-Fi.
Now find the Manage button by scrolling down.
Once there, ensure to toggle the Use random hardware addresses option to On position and the feature will be enabled.
Activate Random Hardware addresses on specific WiFi networks.
You may also opt to use this feature on specific networks.
Find the Network & Wireless option in the Settings app.
Select Wi-Fi option.
Select the network that you need to prevent from location tracking and by scrolling down select any one of the following options:
Change Daily
After selecting the option, return to Wi-Fi and by holding the wireless network you are currently connected to and tap on Delete option.
Reconnect your device to the same wireless network so that the new settings could be enabled.
Just tap the name of your deleted network from the Available Wi-Fi Networks list that pops up in the Wi-Fi settings category, and enter the password to complete the connection process.
Another feature of random MAC addresses is that it also hides your device name as it tries to connect to a wi-fi network using random hardware address as the name.
Remember that this feature is not particularly important to be enabled at home or office because at some areas device tracking is important to keep the network secure and in compliance with the policies of the company you work for.

Anonymous Targets Nigerian Government Sites, Wages War Against Corruption


Appalled by Corruption, Theft & Poverty- Anonymous Declares Cyberwar against Nigerian Government
Anonymous, infamous hacktivist group having footprints around the world, has waged a cyber war against the Nigerian government.
On Friday, the group’s Nigeria division announced in an online post that they are ”tired” of the relentless corruption, poverty and theft prevailing in Nigeria and has vowed to fight it out in open.
The hacktivist group also urged its followers to dig out Nigeria’s Federal Capital Territory Administration, Finance, Foreign Affairs and Justice, Ministries websites.
These four abovementioned websites went offline on Friday afternoon. In all caps, the post from Anonymous stated:
“Let them see we have Anonymous Nigeria. They should have expected us.”

The campaign (read cyberwar) dubbed as “Operation Nigeria” is apparently the result of rampant poverty, unemployment, corruption, impunity, poor health care and illiteracy that haunts this country.
The hackers collective stated that this DDoS attack was more of a warning for Nigerian government since the worst was yet to come.
The group threatened the government that it would leak crucial confidential data if officials fail to address the grievances.

Anonymous hasn’t attacked Nigeria for the first time. In 2013, an Irish hacker claiming to be part of the group took down the official government’s website to force it to pass a law sentencing lesbian, gay, bisexual and transgender people for a maximum of 14 years.
In 2012, Nigerian assembly website was also hacked by LulzSec
In 2012, Anonymous’ Nigerian division threatened of cyber assault against the government if its demand to end violence against protestors not met.
Anonymous has always promoted it as a global hacktivist collective crusading for justice. Just a couple of days ago, Anonymous hacked 14 Thai government websites against Thai Police’s flawed murder investigation

GM Asks Friendly Hackers to Report Its Cars’ Security Flaws

GM CEO Mary Barra Holds Press Conference On Ignition Switch Recall 
As automotive cybersecurity has become an increasingly heated concern, security researchers and auto giants have been locked in an uneasy standoff. Now one Detroit mega-carmaker has taken a first baby step toward cooperating with friendly car hackers, asking for their help in identifying and fixing its vehicles’ security bugs.
Earlier this week, General Motors quietly launched a vulnerability submission program that allows security researchers to submit information about hackable vulnerabilities in GM automobiles and rest assured that—as long as they follow a few guidelines—they’ll be thanked rather than hit with a lawsuit. In partnership with HackerOne, a security startup devoted to helping companies coordinate security vulnerability disclosure with independent researchers, GM has created a portal welcoming bug reports from benign hackers, which was first spotted by Ars Technica. “If you have information related to security vulnerabilities of General Motors products and services, we want to hear from you,” the page on HackerOne’s website reads. “We value the positive impact of your work and thank you in advance for your contribution.”
The first step in any vulnerability-handling program is to open the front door. Katie Moussouris
Promising not to sue a helpful hacker may seem like the least a company can offer when it’s given a free security audit. Unlike big tech companies such as Google and Facebook, GM won’t yet pay any monetary rewards for those reports, so called “bug bounties.” But even welcoming outside security research on GM vehicles puts the auto giant a step ahead of other major carmakers. “We’re thrilled that a major automotive manufacturer is stepping up to the plate in terms of providing a way for hackers to get in touch with them if they find a security vulnerability,” says Katie Moussouris, HackerOne’s chief policy officer. “The first step in any vulnerability-handling program is to open the front door.”
According to its terms, GM promises not to sue researchers who submit security-flaw reports as long as they’ve followed a few rules in their car hacking, such as not endangering GM customers, violating their privacy or breaking any law. The last of those may remain a sticking point, as the Digital Millenium Copyright Act has legally prevented hackers from reverse engineering even vehicles they own. But the DMCA’s ban on car hacking will lift later this year due to a ruling last year from the Library of Congress—no thanks to GM, which lobbied against the change. GM didn’t immediately respond to WIRED’s request for comment on its new vulnerability disclosure policy.
GM’s vulnerability disclosure rules also require hackers not to publicly disclose any flaw they report until GM fixes it. That non-disclosure clause could be another sticking point that prevents hackers from submitting. After all, as WIRED reported in September, GM took nearly five years to fully fix a vulnerability that allowed hackers to gain extensive access to its cars through a flaw in its OnStar system, including the ability to engage or disable vehicles’ brakes. GM received reports of that egregious security problem from researchers at the University of California at San Diego and the University of Washington in the spring of 2010, and yet failed to fully fix the problem until the company rolled out an over-the-air update starting in late 2014 through the first months of 2015.
GM has since committed to doing better. When hacker Samy Kamkar alerted the company to a flaw in its OnStar smartphone app that allowed vehicles to be geolocated, unlocked and remotely started, it fixed the problem in just days. “The auto industry as a whole, like many other industries, is focused on applying the appropriate emphasis on cybersecurity,” GM’s chief product cybersecurity officer Jeff Massimilla wrote to WIRED in September. “Five years ago, the organization was not structured optimally to fully address the concern. Today, that’s no longer the case.”
The issue of car hacking gained new urgency for both the security community and automakers over the past summer, starting with the revelation from hackers Charlie Miller and Chris Valasek that they’d found a vulnerability in 2014 Jeep Cherokees that allowed them to be remotely compromised for stunts like disabling transmissions and disabling brakes at low speeds. Chrysler responded with an official recall for 1.4 million vehicles.
With that kind of high-profile hack on their radar, HackerOne’s Katie Moussouris says GM is far from the only automaker considering a move to improve relations with the hacker community. “All of them are thinking about it,” she says. “Those who hadn’t will be thinking about it now.”
Moussouris says carmakers have been hesitant to invite bug disclosures for fear that the invitation would lead to more hacking of their vehicles without the ability to patch the reported flaws—a complicated process in an industry with a supply chain as long and tangled as Detroit’s. GM’s move, she says, shows that the auto industry is getting beyond those hurdles, and taking the threat of car hacking seriously. “It’s a great step for the auto industry in general,” she says. “Even giant corporations have to adapt—especially considering that they’re basically selling computers on wheels.”