The following is an example of how easy it is to steal your identity and commit identity fraud. Remember it’s not identity fraud until a fraudster actually uses your stolen data. All you need to appropriate your good name is your full name, address, date of birth, partners name, directorships of companies etc. This and more is all public information. (UK readers only)
Here is a simple scenario of why you should open your junk mail:
- You arrive home and decide to open your junk mail.
- You notice junk mail from a bank – a bank loan (normally monthly payments for a fixed period) has been taken out in your good name.
- The loan indicates the purchase is for an Apple computer – you might receive an email confirmation from Apple (the fraudster might already have your Apple ID).
How did the fraudster(s) steal your personal information to obtain credit in your good name? Well, it actually depends on the bank. By this I mean no one banks process for authorising credit is the same.
- Identity data is often taken from a mobile phone contract – remember each financial institution does different credit and identity checks.
If you are interested in learning how to download the source of Android, pull an APK (Android application) off a device and then pull the package apart to view the code and work out how it all works, you will need a Java Decompiler. For those of you who read this blog you will know that If you wanted to strip an APK back to Java code, you would have had to use a PC to do this.
Now that has changed thanks to an app called Show Java – A Java Decompiler ready made for Android. This will help you to extract the .java source code from an APK (Android application) or .jar file from your device.
- Download the app from your mobile browser https://play.google.com/store/apps/details?id=com.njlabs.showjava
- Select the .Jar/APK from your SD card or from a list of installed apps
- It will show you the code in a clean-syntax highlighted form
- The decompiled source can be easily copied from the SD card (the source is stored in Show Java on the SD card)
- Includes a simple source browser with a summary of all decompilation errors as well as classes that could not be decompiled
Several people have contacted us with regards having problems trying to run Java applications with Java Version 71 Update 51. This update contains an enhanced security model that makes the user system less vulnerable to external exploits.
This new version of Java does not allow users to run the applications that are not signed (unsigned), self signed (not signed by trusted authority) and the applications that might be missing permission attributes.
Obviously malware would look to exploit unsigned (these are blocked by default) and self signed applications (these are certificates that are not from a trusted authority). Malware will also look to see if the JAR file is missing a Permission Attribute i.e. which means that a hacker could re-deploy the application that is signed with an original certificate and run it at a different privilege level.
It’s up to developers to meet with the Java 7 Update51 specifications. In many instances we’ve found that not to be the case, including Nortel BCM software (that manages your telephone network from a Windows machine or Mac). When attempting to login to our BCM, we noted that “Java applications are blocked by your security settings” prompt appeared. It was to do with the BCM using a self-signed certificate. Using Windows 7, we needed to add the BCM URL to the Exception Site List as follows:
Over the past few weeks we’ve noticed that the Nexus 5/7 (2013) devices running KitKat 4.4.x have been having radio network connection issues. When you look at the notification bar the mobile/Wi-Fi icons are white, but if you pull down the notifications bar and view Quick Settings (see Bootnote), you may see both the mobile and Wi-Fi icons have turned orange.
We’ve found through analysis on KitKat version 4.4.1/2 that the change from white to orange icon in > Settings is because the Nexus 5/7 (2013) devices appear to disconnect to Google Services (they also stop receiving data from Google Services). We stopped Google Play Service runtime services via Settings > Apps > Google Play Service, then restarted. This seemed to do the trick, but the problem then re-appears – either the same day or several days later. Our router and mobile network didn’t report any issues and worked with other Android devices not running Kitkat.
BlackBerry Picture Password is a very useful security enhancement to the BlackBerry 10 system. We have been testing this feature out since it’s launch here in the UK last week. It’s been working well for us, in place of the passcode login we’ve been so accustomed too.
This type of authentication significantly decreases the possibility of someone shoulder surfing you. We challenged some people to guess the number, but they couldn’t even after 5 attempts. This is definitely appears a more secure option than pattern-based authentication.
Picture Password allows a user to unlock the phone using both an image and unique number. When a user tries to unlock the device, the picture will appear along with a grid of random numbers. To unlock the device, you will have to drag the numbers grid so the number selected overlays the correct point on the image.
How to set up Picture Password:
- Go to > Settings > Security and Privacy > Device Password > Enable Picture Password
- You will be asked to enter your password/passcode, click > Next
- Choose a stock image (there are 8 to choose from) then select a number from 0-9