Products
Personal Monitor
Record PC users's actions, grab screenshots and passwords
Keylogger
Keystrokes recording software. Keylogger free trial
Hoverwatch
Cell phone and computer spy
Employee Monitor
Access and control the time spent by your workers
Terminal Monitor
Track employee activities on Terminal Server
Free Keylogger
Free keyboard logger keeps track of all typed text

Vulnerability found in smart toilets

13 September 2013

Toilet hackedA great and rather unique piece of news for our “madness and information security” section – experts have found a software vulnerability in a line of smart toilets.

The vulnerability was found in Japanese Lixil Satis toilets, but it was discovered by American (not British!) experts from Trustwave SpiderLabs.

Some features of Japanese toilets include music playback, automatic seat lifts, automatic flushing, personal settings and toilet usage statistics.

The equipment is controlled with a special Android application via Bluetooth. The essence of the vulnerability is that the developers used a single PIN code for connecting to the toilets – 0000. The code can be used by anyone to connect to any model of this line of toilets.

To do this, one needs to download the My Satis all from Google Play, install it on the phone and locate a Lixil Satis toilet within the Bluetooth working range.

Ultimate information security

13 September 2013

The Commerce Department’s Economic Development Administration has recently demonstrated extreme zeal in maintaining ultimate information security on its own premises.

A preliminary analysis showed that 146 of the department’s 250 computers were infected with a virus. As it turned out later, this early information was completely wrong – just two computers had problems.

However, the they took it very seriously, even too seriously. To defend against the spreading virus, the company’s management decided to physically eliminate all “infected” equipment, including computers, keyboards, mice, printers, surveillance cameras, TV’s and so on.

The total damage caused by this decision (investigation, deployment of an interim infrastructure, planning, purchasing of new equipment and recycling of old devices) reached 2.7 million dollars, exactly a half of the department’s budget.

An interesting approach to a seemingly simple problem, isn’t it?

Free keylogger for android secretly watches over the phones of your children or staff members, recording calls, camera, spy on SMS, MMS, WhatsAPP, internet activity, calendar, contacts, and geodata (GPS).

Google Hangouts: a step towards closed protocols

9 July 2013

Corporate SecretsGoogle decided to replace the Google Talk IM platform with Google Hangouts that has very limited XMPP (Jabber) support and no option for disabling the logging of user’s chats.
A number of experts criticized this decision, since, in their opinion, it denotes the transition from free to closed proprietary protocols.

Messengers are already being updated – and that includes both desktop applications, their web counterparts (found in Gmail and Google+, for example) and mobile apps.

The main difference between the protocols is the lack of the server-to-server federation standard support that allowed users to use alternative message exchange servers or even create their own ones to be 100% sure of the confidentiality of their communications. From now on, all messages will be sent via Google’s servers and be logged there as well.

The consequences this may lead to are obvious.

IT security experts are calling to Google to revert to open standards, make the Google Hangouts specifications public and publish the source code for creating a personal server.

Interception of Gmail messages: FBI’s key priority

9 July 2013

gmail-300x200Speaking at an event organized by the American Bar Association, Andrew Weissman, an FBI counsel, called the development of a legal base for monitoring major online services the top priority of the bureau in 2013.

The current legal foundation for online surveillance is a part of a law that grants secret services access to email and chat services and is called the “Wiretap Act”. It enables the FBI to monitor users’ activities on the provider level. However, most Internet services encrypt data connections between users and the server, thus rendering FBI surveillance partially useless.

Weissman mentioned Gmail, Google Voice, Dropbox and built-in chats in many games as examples of such services.

Therefore, FBI can legally compel Gmail, for instance, to assist in intercepting some information, but it does not oblige Gmail employees to mandatory actions, so the efficiency of FBI investigations in limited. This happens because the Act only applies to providers, who must install FBI equipment in their data centers. Online services are currently out of reach for the bureau.

According to Weissman, FBI will be working hard on new legislation, which, once adopted, will considerably broaden their authority.

You don’t need to be an FBI agent to intercept your children’s messages and protect them from online threats of all sorts. Download the fully functional trial version of Refog Personal Monitor and use it for free for 3 days.

Microsoft and Verizon patent user surveillance technologies

9 July 2013

A new patent by Microsoft (patent number 0120278904) describes a surveillance system that uses special camera-like devices to detect the presence of people in a room and calculate their number. The patent describes a possible use case where such a system is used to monitor the number of people watching a movie. When a certain threshold is exceeded, the system requests that an extended content license be purchased. The content can be played only a certain number of times, within a certain time period and for a certain number of viewers of specific ages.

patent
According to the patent, such a system can be used in various types of devices: from tablets, consoles and PC’s to mobile phones.

Verizon has a similar patent, but it provides more details about user monitoring.

The system is based on devices equipped with a microphone, a camera, an infrared camera and a laser sensor. The concept is strikingly similar to existing devices – for instance, Kinect for Xbox.

The described system can not only determine the number of people in a room, but also analyze their activities and identify their behavior (and show relevant ads, for example). The system will recognize the age of specific individuals and detect the presence and type of pets in front of it.

The system can also connect to users’ mobile phones for greater control accuracy.

Google is currently submitting a similar patent for its Google TV service, but little is known about it yet.

The capabilities of such systems are described in patent applications as entirely voluntary user actions. However, this will hardly prevent content providers (game and movie companies) from requiring a connection to such a system.

As in many other similar situations, this news worried lots of users. Blogs and forums were filled with references to Orwell’s “1984” novel and concerns about possible illegal use of such systems for user monitoring.
Try the free 3-day version of Personal Monitor. It will never send the information it collects to third parties and will let you know exactly who was doing what on your PC.

Viruses against the road police of the Moscow region

9 July 2013

Kaspersky Lab experts have discovered a virus that was intentionally planted into the Strelka-ST video surveillance systems that belong to the road police of the Moscow region. Specialists have discovered over a hundred files infected with various modifications of the virus.

The infection resulted in an almost complete shutdown of the regional video surveillance system on key highways and a financial loss estimated at 50 million rubles, since the systems remained offline for two weeks.
The analysis of the malware revealed that it was using a well-known technique – the virus periodically connected to a remote server and executed its commands.

Therefore, it is quite possible that data from these systems may have been sent over to the hackers’ server and we may be witnessing the use of the first spyware for road cameras in Russia.

In countries where digital technologies are more commonplace, many similar incidents have been recorded – from hacking digital locks in hotels to breaking into the software of coffee machines and even nuclear reactors. However, this particular case involving a virus attack on a federal video surveillance system is quite unique.

Authorities from the road police administration and the Ministry of Transportation are conducting an internal investigation and believe that the attack was the result of harsh competition between potential providers or system maintenance and support services.

Please bear in mind that spyware is not limited to viruses only. This category of software also includes legal and useful products of a similar kind.

For instance, if you want to know what your children are doing on their computers while you are away, you can use such software to collect detailed information about their activities and fend off many online threats.

All you need to do is to download Personal Monitor and install it on your computer. The program has a 3-day free unrestricted trial mode.

Computer and user monitoring software

9 July 2013

American journalists have discovered a video on YouTube that has never been intended for public viewing. It was uploaded back in 2010 for demonstration at the Federal Security Conference (that took place in April 2012), but it was never shown – the developers decided that the software was really not ready.

The author of the video and the software shown in it is the American defense company Raytheon, and the software is RIOT (Rapid Information Overlay Technology). The video can easily be found on YouTube by typing in the full name.

It is a computer and user monitoring software that uses a large number of data sources, including social networks (Facebook, Foursquare, Twitter, etc.). A data unit (personal file) is assigned to each user within the software, where information is gathered from all possible sources.

The monitoring software collects information on contacts, places visited, and typical routes. User’s photos are analyzed – the appearance is identified, EXIF tags are analyzed with the GPS data and times the pictures were taken. By analyzing the gathered information, the software predicts the future actions of the person.

Raytheon confirmed the authenticity of the video and stated that the software has not yet been sold to the client – the federal agency.

Development of monitoring software is a global trend that seems to have been around for a while, but is just beginning to gather steam.

Despite its formidable functionality, this software can be used in hundreds of peaceful and lawful ways.

refog-employee-monitor_51419

downloadFor example, if your children use your computer in your absence, information gathering about their activities can make life much simpler both for the children and for their parents – after all, you can avert many dangers of modern day Internet that way.

And you don’t have to sign a contract with a defense company to do it; you can simply download the Personal Monitor software and install it on your computer. For the first 3 days the software is free in the fully functional mode.

Google is developing alternative authorization schemes

12 April 2013

Google employees say they have begun developing new user authentication technologies that do not use passwords.

The company’s security division released a report on the possible ways of lowering the risk that websites’ authorization mechanisms will be broken into. According to the report, user passwords are no longer a sufficient method for protecting information.

Google’s ideas for protecting its e-mail service, Gmail (and connections to it), include miniature cryptographic USB cards that allow users to be authorized after registration without entering a password. It has been suggested that in time the USB interface will move way to wireless technology that would allow any accessory — watches, rings, etc. — to be used to grant access.

Antiviruses are losing to virus attacks

12 April 2013

av-testA research by German scientists from the AV-Test information security institute revealed a drastic decrease of the efficiency of anti-virus tools. The research included the testing of 25 anti-virus tools for home use and 8 corporate products.

Anti-virus programs managed to block 92% of low-level attacks and clean 91% of infected systems, of which only 60% were able to operate normally.

Three out of 25 tested programs could not score high enough to get a security certificate: Microsoft Security Essentials, PC Tools and AhnLabs. Another corporate solution from Microsoft, Forefront, also didn’t score high enough in the tests.

A similar alternative research was conducted by a company called Imperva in late 2012 with similarly discouraging results: all anti-virus tools of the VirusTotal service successfully detected less than 5% of malware.

Yahoo users’ personal data leaked

12 April 2013

yahooAccording to the experts of BitDefender, a developer of anti-virus tools, the hacking of a large number of mailboxes of Yahoo users was the result of a missed update of the WordPress CMS that was installed on the servers of the mail service.

The WordPress vulnerability that was used by the hackers had been known before and was only fixed in spring 2012. However, the CMS simply wasn’t updated on the developer.yahoo.com portal. After WordPress was hacked, the intruders managed to gain access to the cookie files of user sessions for the entire yahoo.com domain.

They used the obtained files and special JavaScript constructs on fake sites to get session-based access to a large number of mailboxes of Yahoo users.

User passwords were not compromised, but the hackers could read and send emails on behalf of Yahoo users. They could, for instance, gain access to users’ social accounts associated with the hacked mailbox.

At the moment, the consequences of the compromise threat have been dealt with. WordPress has been updated.