Aplicații

E-mail 984 Solutii

Why SMS Text Messages Aren’t Private or Secure

You might think that switching from Facebook Messenger to old-fashioned text messages would help protect your privacy. But standard SMS text messages aren’t very private or secure. SMS is like fax—an old, outdated standard that refuses to go away.

Your Cellular Carrier Can See Your SMS Messages

With SMS, messages you send are not end-to-end encrypted. Your cellular provider can see the contents of messages you send and receive. Those messages are stored on your cellular provider’s systems—so, instead of a tech company like Facebook seeing your messages, your cellular provider can see your messages.

Cellular carriers store the contents of those messages for various amounts of time. Messages are often only retained for several days, but they store metadata (which number sent a message to which number, and at what time) for even longer. These records could be subject to subpoena in legal proceedings—for example, text message records are a common form of evidence in divorce cases.

Compare this to an end-to-end encrypted chat app like Signal. Signal doesn’t have the contents of your communications. Signal doesn’t even know who you’re talking to. Your conversation data is only stored on your device and the device of the person you’re talking to—that’s it. That aside, should you trust your cellular provider with your conversations? Well, back in 2019, AT&T, Sprint, and T-Mobile were all revealed to be selling customer location data to aggregators. It was used by everyone from bail bondsmen to rogue bounty hunters. (After this was reported in the news, the cellular carriers promised to stop.)

Do you want those companies to see all the contents of your personal conversations?

SMS Messages Can Be Intercepted by Criminals
Cellular towers in front of a sunset background.

But SMS messages are used for security, right? There’s a reason every bank and financial institution relies on SMS messages to verify your identity—right?

Well, yes, there is a reason. But that reason isn’t because of security. It’s just that everyone has a phone number. Requiring confirmation via SMS adds some additional security. Even if SMS isn’t particularly secure, it at least ensures that an attacker has to intercept an SMS message in addition to typing in your password.

SMS messages can be intercepted. Mobile phone networks around the world are connected to each other through the Signaling System No 7 (SS7) protocol. This is how your phone can connect to a cellular network and make and receive calls, even when you’re in another country on the other side of the world. The SS7 system has been repeatedly attacked by hackers who have snooped on SMS messages or intercepted them. This is particularly useful when compromising bank accounts, for example—the attackers can snoop on the verification codes that are generally sent via SMS, use them to access bank accounts, and drain them.

This is why security professionals have recommended against using SMS for two-factor authentication. An app that generates codes on your device or a physical security key is much more bulletproof. (However, if SMS is the only option you have available, SMS is better than nothing).

SMS Messages Can Be Monitored by Authorities

Governments around the world have access to “stingrays,” devices that essentially impersonate a cellular tower. When placed near your physical location, these trick your phone into connecting to them (as your phone would connect to a normal cellular tower). The stingray device can then track your movements and see your SMS text messages—just like your cellular carrier can.

Beyond local monitoring, SMS messages can also be swept up in larger surveillance systems. According to documents released by Edward Snowden back in 2014, the NSA was, at the time, collecting over 200 million text messages a day from around the globe.

Other countries’ intelligence services also have access to stingrays and SMS-monitoring technology, so it’s clear why encrypted communication apps like Signal and Telegram are especially popular among activists living under repressive regimes. For example, Telegram and Signal are banned in Iran.

Your Phone Number Is Surprisingly Easy to Hijack

Beyond SMS, phone numbers actually have very poor security—at the carrier level. A scammer can call your cellular carrier or go into a store and impersonate you. If the scammer has enough details and can trick your carrier’s customer service representatives, they can get control over your phone number. They may have the carrier “port out” your phone number to a different cellular carrier—just as you’d do if you were switching to another cellular provider. Or, they may have the carrier issue a new SIM card tied to your phone number and deactivate your existing SIM card, removing access to your phone number.

Now the attacker would have your phone number. With that, they can get access to accounts protected by SMS-based two-factor authentication. For an individual scammer, tricking a customer service person is easier than hacking SS7, after all. This is called a “port-out scam” or “SIM swapping attack.” You can often protect your phone number by adding extra PINs and security features with your cellular provider. Check with your cellular provider to see what security features they offer to protect against port-out scams.

This has happened to quite a few people—enough that the FCC and Better Business Bureau have put out advisories warning about this scam.

iMessage and RCS: Better Than SMS?

An iMessage conversation with blue bubbles on iPhone.

The Messages app on iPhone supports both SMS and Apple’s own iMessage service. On Android, more and more Android phones are gaining support for the more modern Rich Communication Services (RCS) standard. Both are designed to silently “upgrade” text message conversations to more modern, secure ones when both people are using devices that support them. So how do they compare to SMS?

Apple’s iMessage piggy-backs on SMS in a sense, using phone numbers as identifiers. If both you and the person you want to text have iPhones and have enabled iMessage, any text you send will be sent as an iMessage instead. These are end-to-end encrypted and sent through Apple’s servers. You’ll know iMessage is being used because the messages will have blue bubbles. If you see green bubbles instead, the Messages app is using SMS instead—because you’re messaging someone without iMessage, likely a person who is an Android user.

The RCS standard being pushed for Android users—think of it as the Google/Android equivalent to Apple’s iMessage—did not support end-to-end encryption as of January 2021. As of November 2020, Google was working on adding end-to-end encryption to RCS. That means, even with that fancy new RCS system on your Android phone, your cellular carrier can still see the contents of the messages you send, just like with SMS.

The Problems With SMS, Summarized

Let’s quickly summarize the problems with SMS, and compare it to a secure, end-to-end encrypted chat app like Signal.

With SMS:

  • Your cellular carrier can see the contents of the messages you’re sending and receiving. Any collected records could be subpoenaed in legal proceedings.
  • SMS messages can be intercepted by hackers due to weaknesses in the rickety old protocol that powers them. This puts financial and other accounts at risk.
  • Authorities can deploy stingrays to snoop on the contents of text messages in an area.
  • Scammers can try to steal your cell phone number by tricking your cellular provider’s customer service staff.

With Signal, for example:

  • Your cellular carrier can’t see the contents of your messages. Not even Signal can see the contents of your messages or who you’re contacting—that remains a secret. Signal doesn’t collect this data. If forced by subpoena, Signal can reveal almost nothing about your usage of the service.
  • Signal messages can’t realistically be hijacked by hackers. They would have to compromise the Signal encryption protocol, which security experts consider excellent. (In contrast, SS7 has been repeatedly compromised.)
  • Stingrays can’t see your conversations. Authorities can’t snoop on the content of Signal messages—not without getting their hands on a phone that contains them. All they can see is encrypted traffic being sent back and forth to Signal’s servers.
  • A port-out scam that captures your phone number wouldn’t grant access to your Signal account. You can protect your Signal account with a PIN, so a scammer can’t just access your Signal account. Even if the scammer could somehow guess your PIN and access your Signal account, your Signal messages are stored on your phone and wouldn’t be synced to any new devices that gain access to your account.

What You Should Use Instead

Signal apps showing the conversation list and conversation.
Signal

We used Signal as the example here as the contrast is so stark—Signal is the most widely recommended private chat app, with always-on end-to-end encryption.

If you have an iPhone, communicating with iMessage is much more private and secure than using plain old SMS. Hopefully, Android users will one day have secure end-to-end encrypted messages built into their devices after improvements are made to RCS. Unfortunately, iMessage and RCS aren’t compatible with each other, so iPhones and Android phones will have to communicate over SMS—or switch to different chat apps that aren’t built-in.

Other chat apps are an option, too. Telegram is popular, although it doesn’t use end-to-end encryption by default. WhatsApp at least uses end-to-end encryption by default, unlike Facebook Messenger—if you trust a Facebook-operated chat app. But even Facebook Messenger is arguably more secure than SMS—you’re trusting Facebook with your messages, but at least you don’t have to worry about the problems in the ancient, creaky old SS7 protocol.

For two-factor security, it’s best to avoid SMS for really critical tasks. Unfortunately, some services will fall back to SMS authentication anyway—for convenience. There are sometimes alternatives. For example, Google offers Advanced Protection for journalists, activists, business leaders, and politicians who need maximum security for their accounts, and it requires the use of a physical security key. That said, SMS-based two-factor security is still better than nothing.

The Future of SMS: Will It Ever Be Fixed?

SMS is just outdated technology. It clearly was not built with privacy and security in mind, and those design decisions are still with it today. Hopefully, this will be fixed in the future. If RCS becomes more mature, gains end-to-end encryption, and is available in all Android phones—well, then all Apple would have to do is agree to make RCS compatible with iMessage in some way. Then all modern smartphones would have secure messaging that doesn’t depend on ancient protocols built-in.

For now, it’s best to avoid text messages if you’re concerned about your privacy or the security of your accounts.

[mai mult...]

Cum vezi cate FPS-uri ai in jocurile de pe Steam

Steam are o functie incorporata care va afisa cadrele pe secunda (FPS) in timp ce va jucati anumite jocuri pe PC.

  • Iata cum puteti vedea FPS-urile in jocurile Steam pe Windows 10:

Intrati pe Steam / Settings ( stanga sus )

In fereastra Settings faceti click pe ,,In-Game’’. Aici veti gasiti functia ,,In-game FPS counter” care in mod normal va fi pe Off. De aici puteti alege una din cele patru optiuni, depinde in ce colt al ecranului doriti sa fie afisate FPS-urile.

In plus, exista si functia ,,High contrast color” care, o data bifata va face ca FPS-urile sa apara intr-un verde neon stralucitor, mult mai vizibil.

[mai mult...]

Procedura si softuri/scripturi utile pentru devirusare sisteme cu Windows

  • Soft-uri utile pentru scanare antivirus:
  1. Malwarebytes’ Anti-Malwarehttp://www.malwarebytes.org/mbam.php – descarcati versiunea free, o instalati, obligatoriu updatati la zi dupa care efectuati scanarea. Este unul din cele mai bune programe AntiMalware, se completeaza cu SUPERAntiSpyware. Este free ca scanner, versiunea cu plata permite si folosirea ca modul rezident pentru scanare in timp real si update automat.
  2. SUPERAntiSpyware Free Editionhttp://www.superanti…m/download.html – descarcati versiunea free, o instalati, obligatoriu updatati la zi dupa care efectuati scanarea.
  3. Avira AntiVir Rescue System http://www.avira.com…r-rescue-system – o imagine bootabila actualizata de cateva ori pe zi. O descarcati si o scrieti pe un CD. Dupa care puteti boota de pe ea si rula o scanare. Una din cele mai bune solutii antivirus, pusa pe un CD Bootabil. Permite o scanare a sistemului ruland direct de pe CD. Din acest motiv pot ramane urme ale virusilor in registrii. Este recomandat ca dupa rularea sa, sa se efectueze o rulare a unui antivirus ( posibil tot Avira ) de data asta din sistemul de operare.
  4. Dr.Web CureIthttp://www.freedrweb…/cureit/?lng=en este un antivirus/antimalware free ce permite scanarea si eliminarea unui anumit numar de virusi. Cum nu include modul de update, va trebui descarcat si instalat de fiecare data cand este necesara o scanare.
  5. Kaspersky Virus Removal Toolhttp://support.kaspe…ool2010?level=2 este un antivirus/antimalware free, ca si Dr. Web, ce permite scanarea si eliminarea unui anumit numar de virusi. Cum nu include modul de update, va trebui descarcat si instalat de fiecare data cand este necesara o scanare.
  6. Combofixhttp://www.combofix.org/ – downloadati si rulati. La final dupa dezinfectare va genera si un log util pt. identificarea eventualelor probleme nerezolvate. Permite eliminarea unui numar ridicat e malware/spyware precum si identificarea altor infectii din sistem, prin logul generat.
  7. SmitFraudFixhttp://siri.geekstog…mitfraudFix.php – Dupa descarcare, porniti calculatorul in Safe Mode si rulati executabilul pt. curatare/dezinfectare.Permite eliminarea unui numar destul de important de malware – in principiu cei mai cunoscuti, dar si eliminarea modificarilor efectuate asupra DNS-urilor de catre unii virusi.
  8. Panda Autorun Vaccinehttp://research.pand…utoRun-Vaccine/ – Previne infectarea calculatorului de pe medii portabile tip memory card, stick USB, etc. Prin vaccinarea calculatorului functia autorun va fi dezactivata. Ptr mediile de stocare va fi scris un fisier autorun.inf ce nu mai poate fi suprascris de virusi. Nota – eliminarea acestui fiser se mai poate face numai prin formatare.
  9. SMFixer – Safe Mode Fixer – http://www.sergiwa.c…s…id=2&lid=26 – Restaureaza modul Safe Mode in cazul in care in urma virusarii acesta nu mai poate fi accesat.
  10. Unhidehttp://www.softpedia…us/unhide.shtml – face exact ce spune in denumire – face sa reapara fisierele ascunse de unii virusi pe hard sau stick.
  11. Microsoft Fix-ItRestore exe – ptr Vista si 7 – http://support.micro…m/kb/2688326/ro
  • Scripturi Utile pentru devirusare / mentenanță:

Important:
– cu exceptia Emergency Utils, celelalte vor restaura setarile numai dupa ce calculatorul  fost in prealabil devirusat. Altfel nu vor avea nici un efect.
– Exceptand asocierea fisierelor care este doar ptr XP, celelalte scripturi pot merge si in Vista.

Restore all – Restaureaza Task Managerul, Regedit si Command Prompt.
Attached File  Restore_all.zip   393bytes   599 downloads

Restore Exe – Restaureaza asocierea executabilelor atunci cand in urma unei virusari nu mai pot fi deschise ( apare intrebarea “cu ce program doriti sa deschideti fisierul” ). Sunt doua fisiere – incercati intai cu cel mic – Exefile. Daca nu rezolva, folositi Exefix.

Attached File  Exefix.zip   1.78K   236 downloads
Restore Associations – Restaureaza asocierea fisierelor in XP.

Attached File  xp_fileassoc.zip   2.1K   141 downloads
Restore Task Manager – Restaureaza task managerul.

Attached File  xp_taskmgrenab.zip   5.22K   161 downloads
Emergency utils – Creaza copii functionale ptr Task Manager, Regedit si MsConfig.
Util in cazul in care celelalte metode de restaurare nu sunt eficiente.

Attached File  xp_emergencyutil.zip   7.69K   119 downloads
Ultimele 3 fisiere – Copyright Doug Knox – http://www.dougknox.com/index.html

Nota – unele programe sau scripturi pot fi identificate ca malware de unii antivirusi.

Important: Inainte de a rula programe de dezinfectare este recomandat sa faceti urmatoarele:
– Updatati aceste programe la zi.
– Dezactivati System Restore.
– Stergeti toate fisierele Temporare. Le gasiti in C:\Windows\Temp si in C:\Documents and Settings\ *user* \Local Settings\Temp. Unde *user* este numele utilizatorului. Este indicat sa faceti acest lucru din Safe Mode.

[mai mult...]

How to Make Outlook to Spellcheck Emails Before They’re Sent

If perfect spelling is not your area of expertise, professional-looking emails can be something of a minefield. Nobody wants their communications to have spelling errors left in, so let Microsoft Outlook help by automatically spellchecking emails before they’re sent.

The best way to deal with spelling errors in an email is not to make them in the first place, and toward that end, Outlook can help. The Microsoft Outlook client has a setting that forces spellcheck to take place after you click the “Send” button. If no errors are found, the email is sent like normal. If a spelling error is found, Outlook gives you the option to correct it before the email is sent.

[mai mult...]