The University of Massachusetts Amherst
Categories
Operating System

Phone Data Encryption

Data Encryption on phone is not a new concept, however in recent years there have been some issues regarding how it affects phone performance and its use as required by operating system manufacturers.

The two main phone operating systems, iOS from Apple and Android from Google, use a device address for encryption. Each device has a unique address based on the hardware part number (similar to a MAC address), and the encryption for the phone is based on that number. Google and Apple don’t have access to those numbers and therefor don’t have any way to access your information. New phones currently have device encryption enabled by default, in contrast with their old standard which provided it as an encryption but left it disabled by default.

In addition to the default encryption, there are numerous apps dedicated to phone encryption. Most general purpose security apps, such as those offered by Kaspersky, AVG and Norton, also provide data encryption. Sometime text message and password encryption is a available too.

Windows phones also have device encryption available. The main difference Microsoft’s encryption method is that it is software based as opposed to hardware based. Unfortunately, since the encryption is employed via EAS (Exchange ActiveSync) the only way to employ this is through a Microsoft email account. And since encryption is determine by information Microsoft has access to, they also have access to the encryption key on the phone.

There are a few downsides to the hardware based encryption, at least as far as Android’s recent update to Lollipop is concerned. First, data encryption is only enabled automatically if a new phone is bought with Lollipop on it. However if an old phone is updated to Lollipop, encryption remains disabled by default. Also, for those using SD cards, Android can’t guarantee that data stored on the card will be encrypted as some phones allow this and some don’t.

So while data encryption is important there are many different options depending on native OS and various apps available for the phones. Above all though, device encryption is a moot point if the device doesn’t have a password.

Categories
Operating System

Android App Permissions

 

The nice thing about downloading apps from the Google Play store is that you are shown explicitly what permissions an app asks for before you accept a download.  However, this is only a list of permission types, and not what an app can or will actually do.  There are 124 different types of permissions an Android app can ask for, and it’s wise to gain knowledge around what they actually mean, especially considering that apps in Google Play are not subject to the same level of security and prescreening as those in the Apple Store.

33% of Android apps request more permissions than they need, according to a study in 2012 by the UC Berkley Electrical Engineering and Computer Sciences department.  After surveying users as part of the same study, researchers found that 97% of the users were not able to correctly state the purpose and functions of all the app permissions.

Why should you pay special attention to the permissions?

 

With the different Android app permissions someone can:

Control your outgoing calls

Monitor/record your screen while you text, view pictures, enter personal information

Record conversations in the room when not on a call

 

These are only to name a few.  So what is there to do?

There are quite a few ways you can take precaution when it comes to Android app security:

-Do your research, read reviews, pay attention to app ratings before you hit install

-Only download apps from well-known, trusted app stores (Google Play)

-Pay close attention to the app permissions.  If something looks fishy, say you can’t think of why a music app would need your location, don’t download the app.

-Use mobile security to ensure apps aren’t acting suspicious

 

If you do really need an app that has sketchy permissions, there are some trusted apps that may help protect your privacy:

PDroid Privacy Protection – monitors the types of app permissions for each app you have installed, and you can either allow or reject the permissions without breaking the app

LBE Privacy Guard – notifies you when an app is trying to access information and you can either allow or block that action.  Depending on what permission you block, the app may crash.

PermissionDog – makes up a list of how dangerous your apps are

Pocket Permissions – an information guide for the different types of app permissions.  Good for researching the permissions and learning exactly what you’re being asked

 

 

Sources:

http://readwrite.com/2012/08/20/infographic-pay-attention-to-mobile-app-permissions

https://support.google.com/googleplay/answer/6014972?hl=en

http://lifehacker.com/5991099/why-does-this-android-app-need-so-many-permissions

 

 

 

Categories
Operating System

Mobile App Privacy: How much are we really sharing?

privacy-lock

When you install apps on your phone they gain access to a lot of your personal information stored on your phone. If you examine each step of app installation nowadays even very simple apps will be requesting access to nearly everything on your phone from contact lists to phone logs to GPS location data. A recent study conducted by researchers at Carnegie Mellon showed just how much of this data is being requested and how most people will limit access when confronted with the sheer volume of these requests.

The research was done on Android phones (but the same issues apply to iOS devices) using an app called App Ops (this app requires your phone to be rooted, which is a complicated process for those not familiar with phone modding) that allows you to control the individual permissions that are granted to individual apps. When first given the ability to control permissions on average the participants in the study restricted 262 permissions across 72 apps. Later in the study however, the participants were given notifications of “privacy nudges” that let them know whenever an app was requesting private data from them. Even after the first round of limiting access, the results were astounding. One participant had their location requested by apps 5,398 times in the course of just two weeks.

Since the study was finished, Google has actually removed the ability to control app permissions individually without modding your phone. While Android has generally been more open to user control and modification, iOS now has the better privacy manager by far, with actual user control available from the start. The best option for either system however is to just avoid installing apps that are serious privacy offenders. The website privacygrade.org ranks apps based on how much unnecessary data they reque31st from your phone and by which ad networks they sell that data too. Oftentimes developers have to sell this data in order to keep their apps cheap or free, but it should be up to you how much you’re willing to sacrifice for that free app.

Categories
Operating System

Windows 10 newest build

It’s been a few months since my last post about the Windows 10 announcement, and Microsoft released build 10041 (FBL_impressive) last week, so it’s about time to take another look.

In some general news, Microsoft announced that windows 10 will be a free upgrade for current Windows 7 and Windows 8 users for the first year.  This is pretty good news, except that there is no word about what happens after that first year.  Since Microsoft is giving so many things for free now, some people are speculating that Microsoft will charge yearly for updates, which is a major departure from their current “buy it once” scheme.  As someone who absolutely loathes subscription charges, this would be a massive deal breaker, so I hope that it’s nothing more than speculation.

Here are a couple pictures of my experience with the latest build.

Basics & Start Menu

win10 start
The Windows 10 Desktop

The start menu has a very nice sliding animation and I think it does a good job of mixing elements of the traditional Windows 7-style menu and Windows 8 live tiles.  If you’ve grown partial to the full screen start screen, pressing the arrow in the top right corner causes the start menu to use the whole screen.

Cortana

win10 search

The first thing I noticed was the giant search bar next to the start button.  Meet Cortana, the Microsoft equivalent of Siri.  Click the little mic button, and ask her a question. She can open programs, perform searches (only with Bing, though), and banter around.  I asked “What’s up?”, to which she responded “4 out of 5 five-year-olds agree, the sky!”  When asked “should I wear a raincoat tomorrow”, Cortana responded “It’s hard to say for sure Joe, Here’s the forecast” and displayed the following:

win10 cortana weather
“Should I wear a raincoat tomorrow?”

It’s still pretty early and there’s a lot of work to do.  Asking to “open paint” opens up a bing search of literally “open paint” and asking “What’s the weather going to be like tomorrow” just crashes the program.  But it’s a pretty promising feature, and I’m looking forward to what it will become.

Multiple Desktops

Microsoft has refined their virtual desktops, adding a the key command “ctrl + win + arrow” to switch between desktops.  “win+tab” brings up the screen below showing all the windows open on the current desktop.  Dragging the window to a different desktop on the bottom moves the window to the other desktop.  The biggest problem is there is no key command to move a window to a new desktop without the win+tab screen.  This feature has developed quite nicely since the first build, so I’m pretty optimistic about what it will become.

Win + Tab key command brings this up.  I quite like it
Win + Tab key command brings this up. I quite like it

Other Comments

Beyond the obvious, Microsoft has made some other visual changes.  There are a number of pretty classy new animations for opening windows and switching between maximized and minimized modes.  Open windows no longer have borders which is a strange departure from previous versions, but it does not affect being able to resize the windows.  Finally, the window titles are justified to the left like the old days instead of being centered like Windows 8.

Microsoft has announced a new browser called “Spartan” to replace Internet Explorer.  Beyond the announcement, not much is known about the new browser, and it doesn’t show up in the current build.

There’s also a notification panel now, so the little message bubbles show up here now instead.  Also, while the Control Panel still exists, Microsoft defaults to the “Settings” app, which, unlike the Windows 8 version, is actually pretty useful.

win10 snap
Dragging windows to the side now not only splits the screen, but gives you the options for what goes next to it

Pressing “win + (left/right) arrow” still snaps windows to the side, and now gives a list of options to put in the empty space.  Once a window is snapped to the side, pressing “win+ (down/up) arrow” snaps the window to the corner.  Window snapping is a little smarter than before, so if a window isn’t exactly half the screen area, snapping another window to the other side fills any remaining space

Windows 8 style Modern apps launch in a window, but pressing an arrow in the title bar makes it fill the screen.  My biggest gripe here though is that the program does not stay full screen when switching between desktops.  This severely detracts from the usefulness, in my opinion.

Final Thoughts

Windows 10 is shaping up quite nicely as the open beta continues on.  Periodically the OS asks for feedback about certain elements ranging from “is the transition between desktops smooth?” or “how helpful is the settings app”.  So far, Microsoft has been really good at listening to the feedback and making changes accordingly.  I am looking forward to see how the OS changes as we approach the late summer / early fall release date.

Categories
Operating System Security Virus/Malware Windows

How to get rid of Superfish

Superfish
Superfish

As you may be aware, it was recently revealed that many Lenovo computers shipped between October 2014 and December 2014 were pre-loaded with a piece of AdWare called “Superfish.” In addition to being annoying, Superfish introduces a serious security hole in the way your computer uses HTTPS on the internet. It’s gotten bad enough that the Department of Homeland Security had to advise people to remove the software. Lenovo has since gone on full damage-control, and is no longer shipping computers with Superfish pre-installed. The following is everything you need to know about this piece of AdWare.

What is Superfish?

Superfish is your typical piece of AdWare. It runs in the background on your computer and when you go to a webpage Superfish injects pop-up ads in to the page you’re looking at. It does this on all pages, regardless of whether they use HTTPS.

Why is it bad?

First of all, no one likes ads. If you happen to be someone who does enjoy pop-up ads you may want to remove Superfish anyway, and here’s why: in order to make sure that it can show you ads even on encrypted secure webpages, Superfish has to break your computer’s encryption. It does this by installing its own “root certificate.” The way that HTTPS works is that each website needs a certificate to verify its identity. If you’re interested, Wikipedia explains the details behind HTTPS and certificates fairly well. These certificates must be signed by a trusted authority such as VeriSign or InCommon. Because Superfish installs its own certificate on your computer it can pretend to be one of these trusted authorities and thus it can pretend to be any website it wants. This is what is called a “man-in-the-middle attack.”
In addition to being annoying and malicious, this was also poorly done. Superfish installed all of its root certificates using the same password, which this man figured out in 3 hours. That means that if your computer has Superfish installed, you could be vulnerable to a phishing attack or anything similar since anyone can take Superfish’s certificate and pretend to be a website they aren’t.

How do I fix this?

First of all, let’s find out whether you have Superfish or not. A nice, white-hat citizen of the internet built this website to help you figure it out. If you do have Superfish installed, Lenovo was nice enough to put out a handy uninstall guide, along with a nice automatic tool. The steps are written for Windows 8, but they should be similar if you are on Windows 7. Here’s the synopsis:

1. First, open up Control Panel and go to “Uninstall a program.” Then find Superfish in the list, select it and hit “Uninstall”
2. Go to Window’s search function and look for “Manage Computer Certificates.” Go into Trusted Root Certification Authorities, and delete the Superfish cert.
3. Finally, Firefox and Thunderbird also need to have the certificate removed manually. See the Lenovo article for instructions on how to do this.

You’re done! Remember to keep all your software up to date, and always feel free to come to UMass IT for help with security or anything else you might need.

Categories
Operating System Windows

My Jump to a Windows Phone

A couple of weeks ago I decided that it was time to advance to the modern era, and migrate from the trusty old flip phone I’d been using for years to a modern smartphone. Thus, the all-important question came up: what phone should I get? Nowadays there is a vast array of smartphone options for me to choose from. I could get an iPhone, a phone that seemingly everyone around me had. I could get an Android phone, whether it was a Sony Xperia, a Google Nexus, a Samsung Galaxy, or any one of the other infinite amount of Android devices. Most people could pick from one of those two categories, an iPhone or an Android phone, and be completely satisfied.

I looked a bit further.

Categories
Android Hardware Operating System

Samsung Galaxy S5 Review

Recently I dropped my phone ansamsung-galaxy-s5d ended up having to get a new one. After a few hours of research and looking through the Black Friday discounts I settled on the Samsung Galaxy S5.

Categories
Operating System

These figurines are better than you

A simple, yet extremely complex, stand up figurine has been released by Nintendo, showcasing some incredible artificial intelligence for their new game title to the existing series: Super Smash Brothers 4 for Wii U, a crossover fighting game, meant to all-star Nintendo’s many iconic characters, as well as 3rd party characters. These figurines have been labelled as “Amiibo”, a statuette of the characters within the game.

A set of Amiibos juxtaposed.
A set of Amiibos juxtaposed. From the left, the characters and their game of first appearance are Marth (Fire Emblem), Donkey Kong (Donkey Kong), Yoshi (Super Mario World), Link (Legend of Zelda), Pikachu (Pokemon), Zelda (Legend of Zelda), Fox McCloud (Star Fox), Mario (Donkey Kong), Samus Aran (Metriod), Villager (Animal Crossing), Princess Peach (Super Mario Bros.), Kirby (Kirby’s Dream Land), Pit (Kid Icarus), Wii Fit Trainer (Wii Fit).
Categories
Android Apps iOS Linux Mac OSX Web Windows

Stream services for TV and Movies

From cable-cutters to college students, nearly everybody is interested in video streaming services. You may be tempted to use torrenting software to get your TV shows and movies, but this software is notorious for landing people with copyright violation notices and occasionally some hefty fines. There are many legal alternatives to torrenting software, and I will discuss them here.

Categories
Operating System

Android File Managers

android-file

If you have a droid and have needed to move or edit files on it, you know that this is one of the things droid does not do well. Fortunately, as with most other parts of droid that need improving, there’s an app for that! Several dozen to be precise, but I’ve picked a couple of the most popular to address in this post.

Categories
Operating System

Introduction to Adobe Illustrator: The Basics

Adobe Illustrator contains a wide variety of tools and features, and has somewhat of a steep learning curve. The best way to learn Illustrator is to start at the very beginning.

Start a new workspace by going to File > New

Here, you will choose the size of your document, the number of art boards, and other options such as color mode; all of which can be revised later. Common screen sizes for mobile devices can easily be found through a quick search, as well as dimensions and guidelines for Facebook cover photos.

Screen Shot 2014-08-04 at 11.37.03 AM

Categories
Linux Mac OSX

Getting Started with ZSH

If you’ve ever used a system shell before (the Terminal application on Mac’s and most Linux OS’s), you know how powerful they can be. If you haven’t, the system shell (also called the command line), is basically another method of controlling a computer. Just as you normally open programs, edit documents and manage files, the same can be done in a shell. However, all will be done using only text called commands. The simplicity and elegance of the shell is why it’s loved by many.

Bash

Categories
Operating System

I am thankful for the Reddit Enhancement Suite!

images

Reddit.com is one of the most useful sites on the internet. It contains subreddits(or topics) where anyone who registers a login can post and comment on any topic of there choice. Chances are if something is on the internet it is on Reddit or will be on Reddit. Topics range from funny gifs to world politics and everything in between.

Categories
Operating System

TurkeyBytes – Open Source

This thanksgiving, I am thankful for Open Source.  For those who are not familiarity with the term, open source allows developers to publish the source code for their programs to the public, allowing anyone to download, edit, and share the program.  It’s great because it allows people from around the world to collaborate and work on making a particular program.  Each person adds to the program in their own time according to their strengths, building on each others work.  The result is a program distributed to people all over the world developed by people who thoroughly enjoy writing software for people.  But best of all is the resulting culture of openness and information sharing.

Categories
Operating System

I’m Thankful for Old Thinkpads!

I just worked on a client’s ancient Thinkpad, and as I was carrying out this crazy mission to clear as many infections as possible, I couldn’t help my gushing over this beautiful machine.

Categories
Operating System Security

Passwords, Security, and Beyond: Creating a Password

Passwords are nothing new. The provide a secure way to access information that only one person should have access to.  Under normal circumstances, this shouldn’t be a problem, but when the human condition of greed and evil are taken into consideration, passwords suddenly become a big deal: they are a bunch of characters that provide access to your entire life. But a lot of passwords aren’t taken seriously, like those that are only used on one account, or that are protecting things that aren’t really worth anything. These passwords are usually easy to guess, are not stored properly. This is exactly what you want to avoid. So in this two part blog, I’ll go over two of the most essentials things know about passwords: how to make a secure password that you will remember, and how to keep it that way.

Categories
Operating System

File Navigation with Windows Command Prompt

Although the file explorer in windows works well, occasionally it becomes necessary to create, execute, delete and move files using command prompt. This could be necessary due to a specific issue with the windows file explorer or a more deep rooted problem with windows itself. Regardless of the issue, there are a few basic commands that can help when using command prompt in this capacity.

Categories
Operating System

3D Printing Basics

In primitive forms, 3D printing has actually been around since the early 1980s, but has only recently been a viable option for the average consumer. 3D printing works by extruding a small amount of melted plastic material from a printing head, effectively “drawing” a layer of material in the shape of a part. The printing head will sketch out multiple thin layers of plastic, moving up one vertical step after each layer is printed. This can be used to create complex geometry that is not possible to make using milling, casting, and other traditional manufacturing processes.

Categories
Operating System

Smart… cars?!

smart-car
A SmartCar

Lately the adjective smart has been used to describe a lot of items that we interact with on a day to day basis such as phones, TVs, buildings, and now cars. When I say smart cars I don’t mean the super-compact cars manufactured by Mercedes, I’m talking about cars like the Tesla Model-S that implement computers and other technology to improve and enhance their functionality.

Categories
Operating System

Get Microsoft Office 365 for Free!

Students and teachers may now be eligible to get Office 365 for free directly from Microsoft.

Categories
Operating System Windows

Windows 10 is here! Well, almost…

If you follow the fun-filled world of computing, you’ve probably heard that Microsoft announced the next version of Windows on September 30th. During their event, Microsoft showed off a few of their biggest features, and released a public beta.  If you’re a Windows fanboy like me, you can download in install it through Microsoft from here.

Categories
Adobe Operating System Software

Adobe Illustrator Basics – Pencil Tool

The pencil tool is a great tool for creating freeform shapes and lines in Adobe Illustrator.

Categories
Operating System

Choosing the right editor

Microsoft Word and its open source counterparts are excellent at creating nice looking documents. No one wants to give potential employers a resume written in raw ASCII. However, sometimes you need to work on files at a much lower level than office programs will allow. For that reason, there are a number of text editors out there that are worth looking into depending on what you want to do.

Nano
Categories
Library Linux Mac OSX Operating System Software Web Windows

Zotero Citation Software

Have you had trouble finding a good site to help you create a bibliography? Tired of hunting down pieces of information about your source? Or maybe you’re not sure if you have enough information in your citations. Now there is an answer to all of your questions and that answer is Zotero. Zotero creates citations for you at the click of a button! It allows you to store your citations in folders or libraries for organization and upon registering with an email and password(for free) you can access your citations across multiple devices!

Categories
Operating System

Encryption: How to Keep Your Private Data Private

Encryption is the process of using a code to change a message into something that only the intended receiver can decode back into the original message. This was originally done with manual methods such as a Caesar Cipher, with tactics gradually becoming more and more advanced until World War II when the first computers were used to first break, and in later years make, codes so advanced no human could decode them alone. Now, encryption isn’t just reserved for military use but is instead used to keep our data safe every day online.