Hi all,
I post a new thread here to list good pratctices when you are using an android/cyanogen smartphone in an active compromised Network.
For exemple (in my case) active Mitm, SSL Strip, Account stealer, spyware, email tracking and other sh****.
For the moment i used :
HTML:
1 - long password
2 - Crypto with second password
3 - usb charging only
4 - VPN only with Certficat (PIA)
5 - Auto disabling Wifi
6 - Private SMS reader
7 - Firefox Browser
8 - LastPass for psw storage & generation
9 - AppNotifier
10 - 2Way Auth when i can
Actually with this configuration my smartphone is able to resist.
Planning to use bt tethering to avoid wifi attack & password change policy.
If you have some ideas or information about that Please feel free to share this with others.
Related
Hey,
I found a software for everyone who daily forget their private information , like mail account passwords or paypal information. The software is called PIN Manager and is developed and distributed by valuephone! This is the link to their website: www.valuephone.com. If anyone wants to use this software, he must create an account at the website. So you can sync and edit your stored data in the portal. That’s extremely easy and no strange typing on a touchscreen to enter information. The data itself is secured with an own pin, so no one else can use the program.
gomac
The plus is it seems to be free, the negative is that you are entrusting all your sensitive data to a third party.
I am currently using SplashID. Whilst it is not free it keeps my data under my control and allows me to edit it all on the PC and then just synch to my Xperia.
You can also use Keypass, which is free and allows you to encrypt all your passwords, usernames, pins, etc using one masterpassword and/or keyfile(s).
Georgeous2008 said:
You can also use Keypass, which is free and allows you to encrypt all your passwords, usernames, pins, etc using one masterpassword and/or keyfile(s).
Click to expand...
Click to collapse
Or the new Cryptowallet for free!
Main Features:
* Strong encryption and password protection ensures the security of all of your information
* User-friendly login panel to eliminate key loggers threat.
* Predefined Templates, Icons gives you more than 30 templates for different kinds of information you may need in your daily life
* Smart Card Fields. There is a number of specific operations you can do with your card directly form Crypto Wallet just by clicking the appropriate card field
o Make a phone call
o Send an Email
o Go to a website
* Compatible with the Pocket PC 2003, Windows Mobile 5, 6 OS
Please read these 5 ideas I have and then make a vote to the app you would love to use the most and would most likely donate towards serious (and opensource!) development. If you are unclear about anything, please ask before voting! Thanks.
1. Better FaceBook Sync - like BookSync, but instead of being restricted to Facebook's ToS it would use the html interface to additionally sync these infos:
* Sync all friends photos with captions tags and comments for offline browsing.
* Phone numbers
* Email addresses (yes, I am aware it's a .gif)
* Addresses
* Facebook Events (and Friends' events)
* as well as profile pics (high res), date of birth (for birthday reminders), name (girls who marry update on your phone instantly)
* option to only silently sync when using wifi (and of course, only updates get pulled down)
2. Better Lock - replace the default WM 6.x security lock feature where you enter a PIN every 24 hours or so, with a much more friendly AND more secure version:
* Incremental Challenge/Response: Have your PIN as 8 or so digits but every 12 hours or so (configurable) it will ask for just 1 digit ("Enter the 4th digit of your PIN"). Enter it wrong and it'll ask for 2 digits now. Wrong again.. 4 digits and so on. Additionally, every 24 hours or so, ask for extra digit.
* While locked, allow for basic functions such as wifi on/off, email/text/call anyone already in address book, turn device off, allow reading of texts that contain a magic password (so owner can communicate with "thief").
* Button to show owner info (incase it's lost) with sub-button to call owners emergency contact number
* 3 invalid attempts = phone texts and calls emergency number and/or integrates with RemoteTracker
3. Better Marketplace - like Microsoft Marketplace and AppToDate merged with improvements
* Microsoft Marketplace requires each dev to upload and maintain thier app (never gonna happen with 100% esp abandoned but still useful apps)
* AppToDate is abandoned? Last update 2008..
* Allow free software only!!!!
* Allow trusted mods to upload apps on behalf of devs, making this BetterMarketplace very comprehensive
* UC compatible & allowing user to record installed apps to our server so after hard reset you can enter user/pass and automagically get all your favourite apps installed
* Compatibility Matrix: only apps that work on your phone are displayed (eg, qvga/vga and wm5/wm6 and so on)
* Popularity Contest: rank apps based on usage in total minutes. This way, only the truly useful apps get to top of list
* Install via web.. using your user account, you can click to install from the Web interface... and your ppc will amazingly start to install it! ppc application interface will exist too ofc.
4. Mobile Proxy - a http proxy on your phone that modifies your web experience via plugins ideas such as:
* Google Maps Mobile - allow supercaching.. which means remember map segments forever on SD card. Perhaps even precaching your area.
* Windows Live Messenger - allow use of MSN when offline. I often turn my phone on/off often and drives friends insane as they see me go offline..online..offline..online. To solve this, this proxy plugin could re-route MSN protocol via our desktop computer so that a) we can sign into multiple locations, something the ppc app doesnt support yet and b) we can receive and view messages we missed while ppc was offline, same for sending msgs could be queued.
* Ad blocker, flash blocker, javascript blocker
* Send custom headers to custom http servers (to fake/force mobile or desktop view per site)
5. Email Redefined - not too sure about my competence to pull this one off though.
Instead of receiving a torrent of email to my device, half of which I don't care about, separate emails into 3 distinct channels:-
1. General crap. When received has no notification, not even a number next to the titanium email plugin.
2. From humans not in my address book. New senders get an instant reply asking them to complete a captcha if they want my mobile to buzz.
3. From friends who are in my address book. I would get a sound played, much like a 'new SMS' sound, and titanium would show "1" next to email.
* If possible with Mobile Outlook, treat facebook inbox-messages as emails.. so buzz, play a sound, and allow reply (via fb).
* If possible (might cost the user), add email push facility whereby the phone receives a hidden SMS text when you have a new email worthy of a beep/buzz, wakes up (but with screen still off and device locked), connects to data (wifi/3g, as configured), gets the email, then beeps/buzzes.
Better Facebook and Marketplace definitely! Those are a must!
Can't decide between Marketplace and Proxy. I LOVE your ideas for marketplace, but I've been wanting to sign into multiple locations since I've had IM on my phone. I hardly ever sign into my IM's because of it. I think I'm going with Marketplace with Proxy being a close second.
Bump (1 of 2).
It would be useful if some of you could post a reply like the above 2 people did too.. as it seems voting in a poll does not bump this thread.. (a forum bug imho). Also useful if anyone can point out competition (free or payware) to each and any of my ideas, unless already mentioned. Thanks!
Bump (2 of 2)
Facebook !
Ciao
I've started on the most popular idea, any alpha testers PM me (your msn address preferred)
facebook sync at http://forum.xda-developers.com/showthread.php?t=621538
Better FaceBook Sync all the way......
Does anyone else have any problems using the native mail client with Exchange?
Our company have (finally) enabled ActiveSync, with Android formally 'supported'
However, when I enter the details, it tells me the 'Server requires unsupported security features'
Indeed, we have to assign a 4-digit PIN to our account, but whilst it works fine for my fellow colleagues on Android, it doesn't for me!
But... if I use, say Moxier Mail, it works fine - I'd just rather use the native client!
I even read somewhere than having apps installed from sources other than PLAY could cause this, but I've uninstalled the only such app with it making no difference
Could it have anything to do with the fact I manually upgraded to ICS rather than OTA - or is it really as basic as Sony's implementation doesn't cater for the requirement to have a pin code?
Edit:
Ok, so I have the same issue with my Sony tablet. But, with my wife's Samsung Galaxy Ace + it's works perfectly.
So it's either a Sony thing, or maybe an ICS thing?
When I load up the Security Policies option from Touchdown (yep, works here too!), it gives the below - is there really anything in there is out of the ordinary?
- Allow Simple Password? No
- Alphanumeric Password
- Min Complex 1
- Password/PIN required
- Failed Attempts 4
- Min Length 4
- Timeout 120 sec.
- Expires 90 days
- History 8 entries
- Password Recovery
- Max Email download Size - 5120
- Email History 7 days
- Calendar history 30 days
Disclaimer: I know nothing on how to configure firewalls except for adding apps to the whitelist/blacklist.
Tried using NRFW and I noticed a few things:
1. I've consumed 12.54GB and 9.77GB was by NRFW. What's happening please.
2. I've tagged some apps that can only connect when I'm on wifi, yet I'm still getting notifications when I'm on mobile data. For example, the Facebook app and some games.
3. How do I determine which IP address should be allowed or blocked? For example, I see IP addresses pointing to Akamai and my ISP.
4. Is it a good idea to turn off background data? I restricted it on mobile data and allowed it when on wifi but some apps would not load properly even when I'm connected to a wifi network.
Thanks in advance! And please excuse me if I posted this in the wrong forum.
EDIT: I'm referring to Grey Shirt's NoRoot Firewall.
I read up a bit and learned that 1e100.net are Google's servers. I understand that these point to ads too. I also noticed my ISP's name shows up under these.
Do I allow these or do I block them?
First of all: sorry for answering so late ;-) ...:
- in my opinion, your traffic from internet is being redirected through this NoRoot Personal Firewall unto your smartphone
- so, the 9.77GB you mentioned were 'routed/directed' through the NRPFW - the rest was not (? - maybe for Android-Updates or anything?)
- as you could most probably see, all of these 9.77GB were allowed to pass through from the internet servers (akamai or google or microsoft or ibm or yahoo or many more..) to your smartphone ('s apps / system apps)
- notifications about your mobile connection(s) MAY simply be wrong (as i found out) - seemingly a bug in the NRPFW-app (?)
- akamai is one of the " intermediate servers" or main server for a couple of websites:
for example, when you open the 'WashingtonPost'-website on your smartphone, (all) contents from their website are upon an akamai-server, because 'WashingtonPost' does not have a server on its own inside their office building maybe big enough to handle all traffic from their website to all readers in the world
- your Internet Service Provider has intermediate servers for (any) web content, too - so, you might want to allow their internet addresses
- furthermore, background data is transferred when you have an email-app and this app (gmail or yahoo-app, e.g.) is transferring data even if you had closed the email-app (so you cannot see it anymore on your launcher) or it's even running in background and checking if there's new mail when auto-started while your smartphone is booting.
Hi all,
I bought myself a new Surface Duo - device a while ago.
I have tried to find a setting on the SD - device where I could configure a multi-user profile, but I haven´t found.
Can anyone advise where to find that settings?
Here's a link to Google's support page, which tells you more about the user profile - setting I'm looking for:
Delete, switch, or add users - Nexus Help
You can share your device with family and friends by creating a user profile for each person. Each user profile has a personal space on the device fo
support.google.com
Thanks!