31 October 2014

Android hardening - secure handling of personal data - local storage YES - cloud NO - Options and solutions

Android hardening - secure handling of personal data - local storage YES - cloud NO - Options and solutions

Nowadays, when software developers sell "their products to the consumers" and "themselves to government agencies", it's essential to safeguard personal data of any kind.
Not because you are breaking the law in your country and are afraid for authorities.
But for respect of your private integrity and personal data.
Even more when you have your own business and government agencies use your private data for economical espionage and give your private company data to your competitors. That explains how various big companies from North America have won contracts against competitors from Europe, or viceversa.

So here come few advices for owners of Android smartphones.

1. Use a decent firewall with detailed logging capability: ukanth AFWall+, JTScholl Android Firewall.
   Authorise only programs which you are well-informed what they do and where they go.

2. Use a good permissions logger/filtering program in interractive mode: Marcel Bokhorst XPrivacy.
   Grant permissions only in interactive mode and use your knowledge and common sense to understand  which program asks for a certain permission.
   If you need a good program, but it asks for strange or anormal permissions thinking of what that progarm is suppose to do (use your thinking), simply grant only permissions that you think are acceptable, in interactive mode, and check the logg of XPrivacy and of your firewall for all the communications. Block anything which looks suspicious.

The above tools are essential, does not matter you are from USA, Russia, China, Iran.

3. The security suite. Depending on your country and relations in respect to world powers, choose accordingly.
   Are you from USA, hard to trust a chinese or russian product.
   Are you from Russia, best protection comes from a russian product. Never trust a product made in USA or UK.
   Are you from the 3rd world (Brazil, India, Indonesia, Iran - be well informed who are the enemies of your country - and never trust products from them).
   It would be total inconscience for Iran to use USA or UK or Israel products.
   Are you an international corporation spread, use at least double-layered security gateways with products from both USA and Russia or China, you'll see how  they react against detected malware, according to its country of origin.
   Don't be surprised if Symantec or McAfee or Comodo don't detect Stuxnet derivates.

4. Protection of own passwords, sensitive personal data, and so on.
   NEVER use cloud solutions and any product with included cloud functionality and no local import/export of data.
   On the list of shame comes almost all known products in category: Password Managers and Browsers.

   Only exceptions: KeePassDroid, Keepass2Android Offline. (we'll see how long the Germany government will let the authors develop without introducing backdoors :) .
   The only secure information managers which really can assure a minimal level of security for your private data.
   Both freewares.
   All other commercial products use only cloud for import/export/sync, and your private data is directly accessible to known government agencies.

   Only browser with local import/export of bookmarks/passwords is Habit Browser (we'll see how long the Japan government will let the author develop without  introducing backdoors :) .
   All other browsers do not allow local import/export of bookmarks/passwords, only sync via cloud and your privacy is gone.

5. Regarding to anti-theft software. Same rules apply as at 3. (all depends on your country). Best, take well care of your device. The anti-theft has a double-face: depending on your software and most of your phone operator, it is not always to recommend to track your device. Many operators, even in foreign countries, give total access to government agencies into their infrastructure.

6. Email. Encrypt it, save it only locally on device and avoid sync to cloud or email apps doing that.
   A good email program is MailDroid, but still not totally secure, due to its juridical placement on USA territory.
   For better safety, use a browser and encrypted webmail.
   Pity for AquaMail, a good but like Siber Systems Roboform Password Manager, pays its "tribute" to government agencies :) no local storage of    individual emails. If we would make a joke, it seems that NSA pays better than all sold licenses :) for AquaMail, same as for Roboform Password Manager.
   What is funny is that the author is living in Russia.

The list of big deceptions, products claiming respect your privacy and helping you doing it, but only empty words.

Mozilla Firefox browser and Siber Systems Roboform Password Manager. More than a year ago I contacted their managers and developers, they promised local import/export/sync.  Nothing yet. Well, both being under USA jurisdictions, it's not a surprise, the USA government dictates (sorry NSA :) ).

With respect,
Zeno Sloim

28 October 2014

VPN and Politics - how secure is it

VPN and Politics - how secure is it


The miracle solution for corporate users on-the-go.
The solution for political disidents and street movements or "freedom fighters".
The solution for watching what Holywood bosses decided you may not see in Europe or somewhere else.
The solution for downloading what you are not allowed to.

And the fancy list continues.

But have you ever thought that everything has a price, nobody gives something for free without thinking of own profit and that physically, you connection and data must pass a certain server somewhere?

But ...who has access to that server?
Which land host it and how the policy and government of that country affects you?

Well... let's take few examples:

1. Chinese disidents in Hong Kong. Well, if they use F-Secure Freedom VPN, it could be quite good.
F-Secure is locate din Finland, it's a pro NATO and USA partner.
For the chinese disident does not matter if american NSA watches them.

2. Islamists in Europe or somewhere else.
Now F-Secure Freedom VPN could be their capital mistake and last program to use before NSA reacts and ...a ticket to Guantanamo is paid by the USA tax-payers.

3. Normal Europe citizen wanting to watch Country music... well, Nashville and Hollywood bosses are quite restrictive and aware of money losses. Now a good VPN program comes handy, but beware for BSA catching you if your VPN goes via an "ally" of USA. Perhaps vpn servers outside Europe are better... :)
But beware of own personal data if VPN program comes from East or Far East and your traffic goes same way...

Conclusion: based on who you are, how you are politically situated in respect to major powers of the world, what you want to do..
Then choose you VPN program and with a good firewall and sniffer watch out what the VPN program wants to access more on your device.

Never trust a VPN program, based on its adverts from producer or comments from internet.
Investigate yourself first, and never trust without deep checking.

With respect,

Zeno Sloim

24 October 2014

Nokia Mediamaster 9800S - details you never knew about it - how an abandoned product was revived only once

Nokia Mediamaster 9800S - details you never knew about it - how an abandoned product was revived only once

Nokia Mediamaster 9800S was a legendary DVB-S receiver which dominated the satellite market between 1997-2004.
It was designed first by Nokia Multimedia Terminals in Motala Sweden.
Then updated by Nokia Multimedia Terminals in Linköping Sweden.

Latest released firmware version was MA 1.3 from 2001-03-07, then Nokia stopped updating it and informed officially it will no longer update it.
In 2002, I bought a Nokia Mediamaster 9800S and soon discovered that despite official data from Nokia which stated it was capable of driving a Nokia Satscan motor and a standard DiSEqC 1.2 motor (like Stab Italia HH-100 or HH-120), reality was another.

Nokia has included in firmware hidden code which made the receiver behaving erroneously or moving 2 times slowlier compared to Nokia Satscan, an antenna with a non-Satscan motor.
In other words, Nokia "blacklisted" any kind of DiSEqC 1.2 motor.
Why? Simple, Nokia Satscan motor was almost twice more expensive than a standard DiSEqC 1.2 motor.
Irony was that Nokia Satscan was manufacturated by same Stab Italia who also made the well-known HH-100 or HH-120 standard DiSEqC 1.2 motors.

I took contact with a russian software developer (Mikhail Simonov), also passionated by satellite technique, working in Italy.
He was the author of "Nokia Mediamaster MM9800 utilities, software remote control and settings editor - MSE9800", a popular software in 2002 for Nokia enthusiasts.
Together we reversed engineered the firmware MA 1.3 and documented my supposition.

Then came the juridical aspect. Living in Linköping, Sweden, I contacted directly Nokia Multimedia Terminals in Linköping Sweden via phone and fax, and presented my discoveries regarding firmware MA 1.3.
I was invited to their building situated in Mjärdevi Science Park in Linköping, Sweden.
Here were present Nokia Research and Development Manager, 2 development engineers and representative from the swedish police.
I was asked who is behind me and if I/we intend to blackmail Nokia.
I presented myself and explained that I was only an individual person, passionated by satellite technique, I bought the Nokia 9800S receiver in good trust and wanted to use it with a normal DiSEqC 1.2 motor, as Nokia stated in the commercial datasheet of their product.
But I encountered a lot of trouble and problems when steering the antenna.

That made me investigate the firmware MA 1.3 and I discovered that it was "with intent" made to behave eratically with non-Satscan motors.
Because all Nokia advertising material stated that 9800S was fully DiSEqC 1.2 compatible, I said that it's Nokia's duty to release a new firmware which should eliminate the hidden blacklists of DiSEqC 1.2 motors and also Nokia should withdraw any existent advertising material which was not correct regarding to info about 9800S and its actual capabilities to drive correctly a DiSEqC 1.2 motor.

Nokias representatives denied totally my claims saying that their firmware was "clean".
I replied that I can prove my discoveries and I said I will sue them at the Swedish Consumer Board for false marketing and information about their product Nokia Mediamaster 9800S.

I did that.
After about 1 month, I was called by representative from the Swedish Consumer Board which asked me if I agree to achieve an agreement with Nokia and take back my sue against Nokia.
In exchange, Nokia should do the following: release a new firmware fully compatible with DiSEqC 1.2 motors, their present info about Nokia 9800S should be withdrawn and corrected with actualised correct info.
I replied yes and the rest is history: on 2002-11-07, Nokia released a new firmware 2.0.9, which worked ok with all motors.
As a revenge against Sweden, Nokia abandoned and closed its new build center Nokia Multimedia Terminals in Linköping Sweden, the new building being abandoned only after one month from inauguration, then Nokia Multimedia Terminals moved completely to Finland.

So, all satellite enthusiasts frustrated over firmware MA 1.3, must say thank you mainly to the russian software developer Mikhail Simonov, the person who helped me to reverse-engineer Nokia Mediamaster 9800S.
The firmware MA 2.0.9 has "three parents": Mikhail Simonov and Zeno Sloim, and of course... :) the Swedish Consumer Board.

Otherwise, Nokia would never have released an update to an already abandoned product.

And now some practical info to all users complaining about the error code "A2.0"


Here is how to restore the receiver:
1. Take out the mains cable
2. Push and hold the on-off button
3. Connect the mains cable
4. When 4 horisontal ---- appear on the display, release the on-off button
5. In max 5 seconds, push and hold the arrow-up and simultanously push on arrow-down button
6. The display will show "C.U.S.t" for a short time and then "Pull the cord"
7. Take out the mains cable and connect it again after few seconds
8. The receiver is now factory-resetted
9. The welcome menu is shown on the tv-screen

Your receiver is again new and ready to be programmed.

Those laughing on a faulty 11 years old Nokia 9800S should excuse themselves, I have a 13 years old and works as new, good quality receiver made in Motala Sweden, updated in Linköping Sweden.