How to Setup Two Step Verification In WhatsApp

WhatsApp has introduced new and more fortified security feature to its users. With this new security feature, your account is secure more than ever. This is very helpful for securing the users information and integrity of accounts.

The previous verification process required a phone number to receive OTP. And using this OTP you can setup your account in the new device. But it seems there were loopholes in the verification system of WhatsApp. This was noticed after a few incidences with applications like yahoo and telegram. New verification system is more fortified than preciously.

With the OTP only system of Account Setup, a hijacking can be carried on easily. Even a person with little knowledge of hacking can hijack your account. This loophole is in the account setup procedure itself. Any hacker can redirect your SMS to his system or if your phone gets stolen, your sim card can be used for the purpose. As the hacker gets OTP, your account is theirs. This is a huge threat to all the users, but not anymore.

Introducing Two Step Verification In WhatsApp

In order to face this grave situation that makes the user information most vulnerable, WhatsApp introduced this two-step verification for setting up of your account. This asks for your email id to send a verification link. This changes the way you enter into your account, now you know if someone wants to use your account without permission.

How to Enable Two Step Verification

1 – Launch WhatApp

2 – Go to Settings > Account

set up two step verification img 1

 

3 – Tap Two-Step Verification

set up two step verification img 2

 

4 – Tap Enable > Enter 6-digit code and re-enter to confirm it

set up two step verification img 5

 

5 – Enter Email ID and confirm it on the next screen

set up two step verification img 4

 

6 – Tap on Done

set up two step verification img 6

 

This will make your account secure with the new two-step verification feature. Now you can get a notification on your mail whenever someone tries to alter with your account.

The email id is an optional for the two-step verification process. It is recommended that you enter your email id so that you can recover your password in case you forget. WhatsApp also recommends the same, stating that you would need your email id to recover your password.

So next time when you want to add a new phone number to your WhatsApp account or want to setup in a new device, you will need your 6-digit passcode. WhatsApp requests users to use a valid email id and it does not perform email verification. So if you want your passcode to be sent to your email id, you will be able to get it.

This is one of the best security features for its users as they don’t have to perform extensive settings. This is also useful as there is an additional email id involved in securing your account.

Best Digital Cameras of 2017

If you are thinking of buying digital camera in this year, just go through this article as you will get information related to whatever is suitable for your requirement.

Sony A7R II:  Sony is always the most preferred brand when it comes to camera. Besides, Sony has changed with its mirrorless A7 series cameras and A7R II is having the highest resolution model.  The model comprises of 42.4 megapixel sensor is second only to the 50 megapixel sensor in the Canon 5DS for resolution.  The A7R II is two-thirds the size and weight of Canon which makes it quite interesting.

Nikon D500: If you are planning for Nikon then Nikon D500 is another goof option with 20.9 MP resolution and optical view finder. Besides the 3.2 inch titling touchscreen that can be used by expert level. Nikon has taken their flagship D5 DSLR which was having high end features with very durable metal body. This makes it fast action which can be used for sports and wildlife photography.

Sony RX 100 III: Another option is Sony RX100 III that is really compact and has 20.1 megapixels with CMOS sensor and EVF viewfinder. Sony RX100 III will record 1080 p videos that is feasible for enthusiast as well as for experts.

Panasonic TZ70/ZS50: If you are a passionate traveller then Panasonic TZ70 / ZS50 comes handy as it is versatile with big zoom. It has small sensor restricts quality with a touch screen. The only thing here is you have to compromise image quality which is why it is known as travel compacts.

Well, the list is unending as cameras are coming with advance technological features so make a wise decision in selecting your choice of digital camera.

 

Meet the World’s First 2TB USB Flash Drive

We’ve seen the evolution of digital life when we get rid of the CD and DVDs as USB flash drives replaced them. The pocket sized hard disk drives came next but today, Kingston stunned the world with the massive 2 TB drive and yes, its FLASH DRIVE and it’s not a hard drive. Kingston unveils the 2 TB flash drive named DataTraveler Ultimate GT where GT stands for Generation Terabyte.kingston 2tb datatraveler ultimate gt

Now, Kingston DataTraveler Ultimate GT users will be able to carry much more amount of data in a tiny flash drive. Forget the hard disk drives, because this flash drive can offer USB 3.1 performance and it’s quite effective while transferring data from the flash drive to computer and vice versa.

Kingston quoted that 70 hours of 4k video can be stored on a single 2 TB flash drive. Coming to the design, to resist shock it is made of zinc-alloy metal casing. The company also said that it will ship the flash drives in February and both the 2 TB and 1 TB capacities are available.

Features and Specifications

DataTraveler Ultimate GT is compatible with Windows 7, Windows 8, Windows 8.1, Windows 10, Mac OS v10.9.x+, Chrome OSTM, Linux v.2.6.x+. It comes with 5-year warranty with free technical support. Can you believe that 70 hours of 4k video can be stored in a 72mm x 26.94mm x 21 mm flash drive?

But you have to believe it, because its Kingston. It offers data transfer speeds of USB 3.1 Gen. 13. It’s just the flash drive which is lightweight, but if it comes to the data in it, it’s very heavy. As of now, there is no information about the price and Kingston is about to reveal in in a couple of weeks. Stay tuned for more information about Kingston DataTraveler Ultimate GT.

New Cry Ransomware Attacks Computers via Google Maps API

Heard about the recent ransomware threat “Cry”?

Well, it was discovered on last week by security researchers “MalwareHunterTeam”.  Like many of the similar ransomware programs, this appears to come from a government agency called “Central Security Treatment Organization”.  If infected a computer, this ransomware will encrypt the victim’s files to .cry extension. Then, it will then demand approximately 1.1 bitcoins or $625 USD to provide the decryption key.
This ransomware, has already begun to known by a number of names including Cry, CSTO ransomware, etc. Lawrence Abrams, owner of BleepingComputer.com along with MalwareHunterTeam, and Daniel Gallagher, have analyzed some of the characteristics shown in this ransomware. For them, this ransomware can send information about the victim to the Command & Control server using UDP (User Datagram Protocol). It will also websites such as Imgur.com and Pastee.org to put victim’s information. And, to your surprise, it will choose Google Maps API to find the victim’s location with the help of nearby wireless SSIDs.

Abram explains how this ransomware deals with Imgur:

“Once the file has successfully been uploaded Imgur will respond with a unique name for the filename. This filename can be broadcasted over UDP to the 4096 IP addresses to notify the Command & Control server that a new victim has been infected”

Many details about this ransomware is still has to be unveiled. But one thing is sure – within two weeks, this ransomware have infected around 8000 computers!

How Cry Ransomware attacks your Computer?

Mostly, spam email attachments are the main delivery method of Cry ransomware. Those mails will have elements to convince the victim that the attachment is a reliable invoice, bank statement, ticket or any other harmless file. If the user download that file, the ransomware infects user’s computer and it searches for file types that are important for the user. Such important files become encrypted leaving all other parts of computer to remain functional so that it can demand payment of the ransom.

If a computer is infected with CRY ransomware, it may leave some ransom notes “Recovery_[random_chars].html” and “!Recovery_[random_chars].txtencrypts” on a user’s desktop. These notes inform that the user’s files have encrypted with .cry extension. And to decrypt those files, it demands 1.1 bitcoin ($625).

5 Biometric Authentication Techniques That May Reach You Soon

Certainly, we have witnessed the growth of biometric authentication methods over these years. Some of these methods like Face recognition, fingerprint identification, retina scan, voice scan, etc. will be familiar to you. Here, let’s find out some techniques that can make a changeover on tomorrow’s biometric authentication discussions.

1. Cognitive Biometrics

It’s an authentication technique relies on a user’s reaction when brought in touch with a familiar photo, video, etc. for example. There would be equipment like Electroencephalogram, Electrocardiogram to receive these nervous responses. The stored responses will be validated with new responses created by making the same stimulus again on that person.

2. SkullConduct

This technique was actually formulated by few German scientists to provide users a more secure access to their devices. As the name SkullConduct says, it involves the use of a human skull. A head-mounted device will emit an ultrasonic sound that passes through one’s head creating waves of unique frequency bounce around their heads – so as to create noticeable patterns that unique for each person. This technology has somehow managed to enter the mainstream of biometric by its partial implementation in Google Glass.

3. Breathprint

Recently, some swiss scientist figured out an authentication technique using a breathalyzer and assigned a name for this technique – Breathprint. “Whatever we exhale is unique to us”- This is the core idea and the reason behind the development of this technique.

4. DNA Profiling

None of us would be unaware of the current DNA profiling techniques that are more commonly known by the names DNA fingerprinting, DNA testing, etc. The most acknowledged factor of this molecular level authentication is that the chance of two people having the same DNA profile is less than one in a million. Astounding developments are supposed to occur in this field in the upcoming years.  And, DNA profiling hasn’t grown much beyond forensic applications till now. However, as per the recent studies, DNA profiling can even use to predict the appearance of a person in the near future.

5. Even a Cough Can!

What more? Even the voice coming out from our throat would be used for authentication purposes in future! All types of audible emissions from your throat like a cough, gulp, etc. whichever having a particular frequency can be analyzed and use as a valid authentication method.

As the cyber world expands to new horizons, there would be more and more personal data involved around it. The current user authentication techniques are supposed to become obsolete soon. So, the less intrusive technologies with enhanced security characteristics are bound to find their places.

Should Android Users Really Care about Quadrooter Security Flaw?

Last week, the leading discussion among cyber security circles was about Quadrooter, a security bug reportedly targeting Android devices. There were rumors like – already 900 million Android devices are on threat because of this security bug. We, Safe with Tech team is trying to disclose what’s the actual reality behind these rumors.

Where it started?

It was security researcher Adam Donenfeld from Check Point Software presented four security vulnerabilities of Android devices based on Qualcomm chipsets. Qualcomm reviewed these reports and instantly released patches for security flaws.

Collectively, these vulnerabilities became known by “QuadRooter”, as it provides attackers the root privileges. And individually, these flaws got names “CVE-2016-2059”, “CVE-2016-2503” , “CVE-2016-2504” and “CVE-2016-5340”. These flaws were reported in Qualcomm drivers that’s been given to device manufacturers.

Google Says it has released three patches for the first three flaws through its security bulletin for nexus devices. Anyhow, it has flagged CVE-2016-2059 as low severity and according to them, it can be mitigated through SELinux(a kernel extension to reduce exploitation of some flaws by implementing certain access controls)

What is Check Point’s explanation on this?

Check Point explains the threat will not affect users through web browsing, emails, chats but rogue applications could be a reason. Check Point says Google’s view on CVE-2016-2059 is not at all feasible. They’ve already released a free application on Google Play for users to check whether their devices are affected by any of these flaws.

A different Stand Point

Check Point, the one initially figured this vulnerability says about the mobile threat detection that’s already present on Android phones. It’s called “Verify Apps” that’s practically available all of those 900 million devices since 2012.

This “Verify Apps” scans your Android device whenever you install new apps and features into your phone. It’ll resist you if you try to install any dangerous app to your device and verify if any of your installed app starts doing anything suspicious.

From Gingerbread, this feature is available on Android. So, almost 99% of Today’s Android devices are powered with Verify Apps. And from Google’s point of view Verify Apps can watch out any Quadrooter related security threat. They provide monthly security patches on a regular basis.

What’s up of the Users?

Since there’s no so serious threat reports from Google about this update till now, consumers don’t have to think too much. They just have to make sure that, the apps they’re installing should be verified. Moreover, the basic security measures are available on your phone itself, so be less worried on that.

Beware! Any Website can be Hacked, even the Most Secure One

HEIST, it’s the name of attack technique unveiled by security researchers at KU Leuven. It’s given a definition also – HTTP encrypted information can be stolen through TCP-Windows.

Seems baffling?

Let’s try to figure out.

Recently, Mathy Vanhoef and Tom Van Goethem, PhD researchers in KU Leuven took a short briefing on this subject. They explained how they could able to track vulnerabilities of some secure websites.

I’m interested in quoting some of the main points from this briefing.

The idea of HEIST comes from the background of the number of attacks against SSL/TLS over the last few years. Without the existence of an adversary that’s capable of manipulating network traffic, it wasn’t able to figure out vulnerabilities of these SSL/TLS channels that were attacked. Here’s where HEIST came. It could able to exploit flaws in network protocols without sniffing to network traffic.

How it Works?

In HEIST, it’s possible to compromise an encrypted website using only a JavaScript file that’s hidden in a maliciously created ad. This can measure the size of the encrypted response and thus set up an attack its own. And, with another technique, it can able to pick sensitive information from encrypted data traffic including banking details.

Possible Ways to Avoid such a Situation

Tom Van Goethem also says, disabling third-party cookies in the browser is the only way to prevent attacks at least in the short term. And, it won’t be a heavy task. Most of the today’s browsers, it’ll be On by default. The internet browser used to access sensitive websites should be clean, lacking unwanted plugins or ad-ons. Other browsers can be set to receive cookies.

Conclusion

These type of studies have a great impact in indicating the vulnerabilities in network security. At least some internet browsing programs would become aware of these flaws, and some of them may bring security patches. Anyway, thanks to KU Leuven researchers for figuring out this vulnerability

How to Get Rid of a Ransomware Attack?

In a recent article, I have covered the effect of Ransomware as a cyber-security threat. Hope, all you have read it. This time, I just want to share some tips for helping you to get rid of ransomware attack.

Certainly, Ransomware attacks are on the rise, more than ever. Every day, you may read about some info on this threat, if you are a constant follower of information security related news. It has become as one among the favorite tools of cyber criminals – as it’s very profitable, making a million-dollar market. For Symantec, this number has reached even £3 million a year.

What to do After Ransomware Attack?

As you know, your computer can be infected by two types of ransomware- lock screen ransomware and file encryption ransomware. If the ransomware type infected on your machine is file encryption type, you can try to get rid of your system from that. Following steps may be useful for you then.

  • If your system is part of a network, remove it immediately from the network.
  • Check for available restore points, using which you can restore your computer to a “last known good configuration”. (Before doing this, it’s good to make a copy of encrypted files for future analysis)
  • Restart your machine in Safe Mode and Scan it using an antivirus software.
  • Know the type of Ransomware detected on your PC (You can use an online service called ID Ransomware for that).
  • If you have identified the type of Ransomware, download a ransomware decryption tool to get your data back.

Be Safe from Ransomware Attacks in Future

To minimize the chances of Ransomware attacks in future, you can take some precautions like:

  • Don’t visit unsafe, suspicious websites.
  • Don’t open email attachments from suspicious sources.
  • Beware of unsure links in emails or social media.
  • Protect your computer with a strong anti-spyware and enable Firewall.

Follow Safe with Tech Social channels for the latest updates on Cyber Security and Privacy news.

 

Avast acquires AVG Technologies for $1.3 Billion

It’s been just a month after Symantec corp. acquired Blue Coat Systems for $4.65 billion, internet security world is ready to host another major acquisition. It’s Czech antivirus software maker, Avast acquires AVG technologies for $1.3 billion.

The related announcement was on Thursday, at Prague wherein Avast officials said, the acquisition will be in all-cash deal. As per the combined statement from the companies, Avast will offer $25 share in cash to AVG investors. For Avast, the deal is to “gain scale, technological depth and geographical breadth”. Currently, there’re more than 400 million users in these two companies’ combined, 160 million of those are mobile users.

Both the companies have roots on old Czechoslovakia. Founded in 1988, Avast emerged as one of the top internet security firms controlling 1/5th global antivirus software market. AVG’s story wasn’t too different – by delivering elite class desktop and mobile security tools, it also became one of the trustable names in security software industry. From February 2014, Avast has been financially backed by private-equity firm CVC Capital Partners. The takeover can help the Czech company to get more opportunities in internet safety related areas, and growing sectors like Internet of Things.

Since, AVG is a publicly traded firm registered in NSE, its shareholders have to approve the deal. Anyway, Avast says the deal is expected to complete before October 15 this year.

According to a report by Gartner Inc., worldwide cyber security expenditure can increase up to $91.6 this year, 10% increase from the previous year. As new generation cyber threats arrive, larger players have to change the face of their product lines, by finding new markets and by polishing existing products. These companies have to find ways to consolidate and acquire new technologies to survive in the market. Avast’s move won’t be focused towards anything else.

What’s your opinion?

Should you keep Adobe Flash or Uninstall?

Recently, Adobe Flash Player got patched – for up to 36 security issues. Believe, one of these patches were for a critical vulnerability that allowed hackers to take full control of a victim’s machine!

This critical issue was revealed by Kaspersky Labs last week. This affected various platforms like Windows, Mac, Linux with the latest version of Flash. According to Kaspersky, in several countries, this vulnerability was already exploited by hackers.

Adobe Flash is here for several years- it’s been a vital part of a user’s browser, whatever he/she uses. Even, it was widely accepted, was also had a bad reputation for its security issues. At frequent intervals, developers had to release security updates to protect Flash.

But, based on the recent security issues, many industry experts have raised a different opinion. Phil Kernick, CQR Consulting’s CTO, has to say this.

Apple’s Steve Jobs had a similar opinion. For him, Flash is insecure and inefficient that’ll not match with iPhones.

Flash Player’s issues are not going to end up by this. A lot of queries regarding this player’s over-consumption of PC’s power have already reported.

You can either remove or keep Adobe Flash Player from your machine.

Keep following things in mind if you decided to keep Adobe Flash.

  • Whenever new updates are available for your Flash Player, install it. You can check it online from Adobe Flash’s official website. But, make sure not to install additional software coming along with the tool
  • Google Chrome uses its own version of Flash player. You don’t have to install a standalone version of Flash if Chrome is your default browser. In case you installed that, conflicts may happen, and as a result, you’ll not able to play media that need Flash support.
  • If you’re using Windows 10, there’s an update that’ll conflict with Flash. Better to check it.