The Christmas countdown is on! Have you thought about all of the wonderful gifts to buy the family this year? A present that finds it’s way onto almost all children’s Christmas list is a new mobile phone. Buying a new mobile can be a costly investment often making you wince at the thought of the price. But fear not, their is a current Christmas trend that may save you burning a hole in your pocket… In recent years, there has been a massive uplift in the number of mobiles and tablets being gifted to children or siblings during Christmas. With the release of highly anticipated phones such as the iPhone X and Samsung Galaxy Note 8, many parents will be repairing and handing down their previous device to a loved one. Offering both a mail-in and a nationwide call-out service, our technicians will give your device that extra TLC, ensuring the device will look good as new. All repairs come with a 12-month warranty. To get our customers in the Christmas spirit, iMend are running a Christmas cracker of a competition. We are offering a a FREE REPAIR (to the value of £100) to the customer with the MOST SERIOUSLY SMASHED SCREEN. If you are interested in entering our competition all you need to do is the following: Facebook: Like our page and upload a picture of your smashed phone screen. Share the post with at least one person. It’s that simple! We’ll pick one winner on Friday 15th December 2017. And don’t forget this competition is open to everyone with a broken phone, so feel free to share and let your friends know too! What happens next: We will pick one winner with what we consider to be the the most smashed phone screeen. Winners will need to like or be following us at the time of the prize draw to be eligible for the prize. The Legal Stuff 1. The promoter is: iMend.com, whose registered office is at iMend.com, Spear House, Burntwood, Staffordshire, WS7 3GL, United Kingdom. Employees of iMend or anyone else connected in any way with iMend.com, the competition or helping to set up the competition shall not be permitted to enter the competition. 2. There is no entry fee and no purchase necessary to enter this competition. 3. Closing date and time for entry will be the 15th December 2017 at 5pm PDT. After this date, no further entries to the competition will be permitted. 4. No responsibility can be accepted for entries not received for whatever reason. 5. The rules of the competition and the prize for each winner are as follows: 6. Prize: One phone repair to the value of £100. Once the winner is chosen, the iMend team will contact him/her and ask them to send their contact details to so the iMend team can proceed with the repair. 7. iMend.com reserve the right to cancel or amend the competition and these terms and conditions. 8. The promoter is not responsible for inaccurate prize details supplied to any entrant by any third party connected with this competition. 9. No cash alternative to the prize will be offered. The prize is not transferable. Prize is subject to availability and we reserve the right to substitute any prize with another of equivalent value without giving notice. 10. Winners must be a UK resident and will be chosen at 5pm by iMend management from all entries received and verified by Promoter and or its agents. 11. The winner will be notified by social media on 15th December. If the winner cannot be contacted or does not claim the prize within a further 7 days of the notification, we reserve the right to withdraw the prize from the winner and pick a replacement winner. 12. The promoter’s decision in respect of all matters to do with the competition will be final and no correspondence will be entered into. 13. By entering this competition, an entrant is indicating his/her agreement to be bound by these terms and conditions. 14. The competition and these terms and conditions will be governed by English law and any disputes will be subject to the exclusive jurisdiction of the courts of England. 15. The winner agrees to the use of his/her name and image in any publicity material. Any personal data relating to the winner or any other entrants will be used solely in accordance with current UK data protection legislation and will not be disclosed to a third party without the entrant’s prior consent. 16. Entry into the competition will be deemed as acceptance of these terms and conditions. 17. This promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook, Twitter or any other Social Network. You are providing your information to iMend and not to any other party. The information provided will be used in conjunction with the following Privacy Policy found at http://www.imend.com The post iMend’s Cracking Christmas Competition appeared first on iMend Blog. from https://www.imend.com/blog/imends-cracking-christmas-competition/
0 Comments
iMend.com are the only nationwide call-out mobile repairs company in the UK, with over 300 technicians. In addition, we operate one of the busiest repair centres in the UK where our talented iTechs are able to repair any tablet or mobile phone. This iPhone 7 has picked up a nasty smash in the corner of it’s screen and needs an iPhone 7 Screen replacement. This is a challenging procedure but our experienced technician Karol makes it look like a piece of cake. When repairing the iPhone 7, there are a number of factors you must take into consideration. We asked Karol to give us some top tips when repairing this device: – ” First things first, make sure your work space is completely tidy. A messy work surface can lead to losing screws or other small components.” – “Make sure you disconnect all source of power, otherwise you could get a nasty shock!” – ” Make sure all of the screws go back into the correct holes. Not all of the screws are the same size. If you were to put a screw in the wrong hole, this could lead to long screw damage, possibly drilling into your motherboard and writing the phone off.” – ” When stripping the old components from the old screen to the new screen care and precision is essential, particularly when removing the earpiece, proximity light sensor and the front camera flexes. If not done with precision, the proximity sensor can part with the flex.” Repairing your own phone can be disastrous, leading to you having to pay more on repairs or killing the mobile completely. Leave these technical procedures to a professional like Karol or one of our nationwide call-out technicians. If you would like an iPhone 7 screen replacement look no further than iMend.com. Click here to see the different repairs we do for this device.
The post iPhone 7 Screen Replacement appeared first on iMend Blog. from https://www.imend.com/blog/iphone-7-screen-replacement/ A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now. For better or worse, this glaring vulnerability was first disclosed today on Twitter by Turkish software developer Lemi Orhan Ergin, who unleashed his findings onto the Internet with a tweet to @AppleSupport:
High Sierra users should be able to replicate the exploit by accessing System Preferences, then Users & Groups, and then click the lock to make changes. Type “root” with no password, and simply try that several times until the system relents and lets you in. How does one change the root password? It’s simple enough. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”. Many people responding to that tweet said they were relieved to learn that this extremely serious oversight by Apple does not appear to be exploitable remotely. However, sources who have tested the bug say it can be exploited remotely if a High Sierra user a) has not changed the root password yet and b) has enabled “screen sharing” on their Mac. Likewise, multiple sources have now confirmed that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled. There may be other ways that this vulnerability can be exploited: I’ll update this post as more information becomes available. But for now, if you’re using macOS High Sierra, take a moment to change the root password now, please. from https://krebsonsecurity.com/2017/11/macos-high-sierra-users-change-root-password-now/ In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer. The existence of the Equation Group was first posited in Feb. 2015 by researchers at Russian security firm Kaspersky Lab, which described it as one of the most sophisticated cyber attack teams in the world. According to Kaspersky, the Equation Group has more than 60 members and has been operating since at least 2001. Most of the Equation Group’s targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali. Although Kaspersky was the first to report on the existence of the Equation Group, it also has been implicated in the group’s compromise. Earlier this year, both The New York Times and The Wall Street Journal cited unnamed U.S. intelligence officials saying Russian hackers were able to obtain the advanced Equation Group hacking tools after identifying the files through a contractor’s use of Kaspersky Antivirus on his personal computer. For its part, Kaspersky has denied any involvement in the theft. The Times reports that the NSA has active investigations into at least three former employees or contractors, including two who had worked for a specialized hacking division of NSA known as Tailored Access Operations, or TAO. Thanks to documents leaked from former NSA contractor Edward Snowden we know that TAO is a cyber-warfare intelligence-gathering unit of NSA that has been active since at least 1998. According to those documents, TAO’s job is to identify, monitor, infiltrate and gather intelligence on computer systems being used by entities foreign to the United States. The third person under investigation, The Times writes, is “a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer.” JEEPFLEA & EASTNETSSo who are those two unnamed NSA employees and the contractor referenced in The Times’ reporting? The hacking tools leaked by The Shadow Brokers are now in the public domain and can be accessed through this Github repository. The toolset includes reams of documentation explaining how the cyber weapons work, as well as details about their use in highly classified intelligence operations abroad. Several of those documents are Microsoft Powerpoint (.pptx) and PDF files. These files contain interesting metadata that includes the names of at least two people who appear to be connected to the NSA’s TAO operations. Inside the unzipped folder there are three directories: “oddjob,” “swift,” and “windows.” Looking at the “swift” folder, we can see a Powerpoint file called “JFM_Status.pptx.” JFM stands for Operation Jeepflea Market, which appears to have been a clandestine operation aimed at siphoning confidential financial data from EastNets — a middle eastern partner in SWIFT. Short for the Society for Worldwide Interbank Financial Telecommunication, SWIFT provides a network that enables financial institutions worldwide to send and receive data about financial transactions. Each of the Jeepflea Powerpoint slides contain two overlapping seals; one for the NSA and another for an organization called the Central Security Service (CSS). According to Wikipedia, the CSS was formed in 1972 to integrate the NSA and the Service Cryptologic Elements (SCE) of the U.S. armed forces. In Figure 10 of the Jeepflea Powerpoint document, we can see the seal of the Texas Cryptologic Center, a NSA/CSS entity that is based out of Lackland Air Force Base in San Antonio Texas. The metadata contained in the Powerpoint document shows that the last person to modify it has the designation “NSA-FTS32 USA,” and that this leaked version is the 9th revision of the document. What does NSA-FTS32 mean? According to multiple sources on the internet it means Tailored Access Operations.
We can also see that the creator of the Jeepflea document is the same person who last modified it. The metadata says it was last modified on 8/12/2013 at 6:52:27 PM and created on 7/1/2013 at 6:44:46 PM. The file JFMStatus.pptx contains metadata showing that the creator of the file is one Michael A. Pecoraro. Public record searches suggest Mr. Pecoraro is in his mid- to late 30s and is from San Antonio, Texas. Pecoraro’s name appears on multiple documents in The Shadow Brokers collection. Mr. Pecoraro could not be reached for comment. Another person who earned the NSA-FTS32 designation in the document metadata was Nathan S. Heidbreder. Public record searches suggest that Mr. Heidbreder is approximately 30 years old and has lived in San Antonio and at Goodfellow Air Force Base in Texas, among other locations in the state. According to Goodfellow’s Wikipedia entry, the base’s main mission is cryptologic and intelligence training for the Air Force, Army, Coast Guard, Navy, and Marine Corps. Mr. Heidbreder likewise could not be reached for comment. Another file in the leaked Shadow Brokers trove related to this Jeepflea/EastNets operation is potentially far more revealing, mainly because it appears to have last been touched not by an NSA employee, but by an outside contractor. That file, “Eastnets_UAE_BE_DEC2010.vsd,” is a Microsoft Visual Studio document created in Sept. 2013. The metadata inside of it says the last user to open the file was one Gennadiy Sidelnikov. Open records searches return several results for this name, including a young business analyst living in Moscow and a software developer based in Maryland. As the NSA is based in Fort Meade, Md., this latter option seems far more likely. A brief Internet search turns up a 50-something database programmer named Gennadiy “Glen” Sidelnikov who works or worked for a company called Independent Software in Columbia, Md. (Columbia is just a few miles away from Ft. Meade). What is Independent Software? Their Web site states that Independent Software is “a professional services company providing Information Technology products and services to mission-oriented Federal Civilian Agencies and the DoD. The company has focused on support to the Intelligence Community (IC) in Maryland, Florida, and North Carolina, as well as select commercial client markets outside of the IC.” Indeed, this job advertisement from August 2017 for a junior software engineer at Independent Software says a qualified applicant will need a TOP SECRET clearance and should be able to pass a polygraph test. WHO IS GLEN SIDELNIKOV?The two NSA employees are something of a known commodity, but the third individual — Mr. Sidelnikov — is more mysterious. Sidelnikov did not respond to repeated requests for comment. Independent Software also did not return calls and emails seeking comment. Sidelnikov’s LinkedIn page (PDF) says he began working for Independent Software in 2015, and that he speaks both English and Russian. In 1982, Sidelnikov earned his masters in information security from Kishinev University, a school located in Moldova — an Eastern European country that at the time was part of the Soviet Union. Sildelnikov says he also earned a Bachelor of Science degree in “mathematical cybernetics” from the same university in 1981. Under “interests,” Mr. Sidelnikov lists on his LinkedIn profile Independent Software, Microsoft, and The National Security Agency. Both The Times and The Journal have reported that the contractor suspected of leaking the classified documents was running Kaspersky Antivirus on his computer. It stands to reason that as a Russian native, Mr. Sildelnikov might be predisposed to using a Russian antivirus product. Mr. Sidelnikov calls himself a senior consultant, but the many skills he self-described on his LinkedIn profile suggest that perhaps a better title for him would be “database administrator” or “database architect.” A Google search for his name turns up numerous forums dedicated to discussions about administering databases. On the Web forum sqlservercentral.com, for example, a user named Glen Sidelnikov is listed as a “hall of fame” member for providing thousands of answers to questions that other users posted on the forum. KrebsOnSecurity was first made aware of the metadata in the Shadow Brokers leak by Mike Poor, Rob Curtinseufert, and Larry Pesce. All three are security experts with InGuardians, a Washington, D.C.-based penetration testing firm that gets paid to break into companies and test their cybersecurity defenses. Poor, who serves as president and managing partner of InGuardians, said he and his co-workers initially almost overlooked Sidelnikov’s name in the metadata. But he said the more they looked into Sidelnikov the less sense it made that his name was included in the Shadow Brokers metadata at all. “He’s a database programmer, and they typically don’t have access to operational data like this,” Poor said. “Even if he did have access to an operational production database, it would be highly suspect if he accessed classified operation documents.” Poor said that as the data owner, the NSA likely would be reviewing file access of all classified documents and systems, and it would definitely have come up as a big red flag if a software developer accessed and opened classified files during some routine maintenance or other occasion. “He’s the only one in there that is not Agency/TAO, and I think that poses important questions,” Poor said. “Such as why did a DB programmer for a software company have access to operational classified documents? If he is or isn’t a source or a tie to Shadow Brokers, it at least begets the question of why he accessed classified operational documents.” Curtinseufert said it may be that Sidelnikov’s skills came in handy in the Jeepflea operations, which appear to have involved compromising large financial databases, and querying those for very specific transactions. For example, Jeepflea apparently involved surreptitiously injecting database queries into the SWIFT Alliance servers, which are responsible for handling the messaging tied to SWIFT financial transactions. “It looks like the SWIFT data the NSA was collecting relied heavily on databases, and they were apparently also using some exploits to gather data,” Curtinseufert said. “The SWIFT databases are all records of financial transactions, and in Jeepflea they were able to query those SWIFT databases and see who’s moving money where. They were looking to pull SWIFT data on who was moving money around the Middle East. They did this with EastNets, and they tried to do it down in Venezuela. And it looks like through EastNets they were able to hack individual banks.” The NSA did not respond to requests for comment. InGuardians president Poor said we may never know for sure who was responsible for the Shadow Brokers leak, an incident that has been called “one of the worst security debacles ever to befall American intelligence.” But one thing seems certain. “I think it’s time that we state what we all know,” Poor said. “The Equation Group is Tailored Access Operations. It is the NSA.” from https://krebsonsecurity.com/2017/11/who-was-the-nsa-contractor-arrested-for-leaking-the-shadow-brokers-hacking-tools/ KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid. Short for the Free Application for Federal Student Aid, FAFSA is an extremely lengthy and detailed form required at all colleges that accept and award federal aid to students. Visitors to the login page for FAFSA have two options: Enter either the student’s FSA ID and password, or choose “enter the student’s information.” Selecting the latter brings up a prompt to enter the student’s first and last name, followed by their date of birth and Social Security Number. Anyone who successfully supplies that information on a student who has applied for financial aid through FAFSA then gets to see a virtual colonoscopy of personal information on that individual and their family’s finances — including almost 200 different data elements. The information returned includes all of these data fields: 1. Student’s Last Name: From an identity thief’s perspective, it seems like the only question missing from this list is, “What was the name of your first pet?” Seriously though, armed with this bounty of data identity thieves would likely have little trouble impersonating a student (or parents of a student) who had applied for federal financial aid. According to the Education Department, nearly 20 million students filled out this form in the 2015/2016 application cycle. What indications are there that ID thieves might already be aware of this personal data treasure trove? In March 2017, the Internal Revenue Service (IRS) disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid — citing evidence that identity thieves were abusing it to siphon data used to commit tax refund fraud with the IRS. The IRS found that identity thieves were abusing the automated tool — which pulled data directly from the FAFSA Web site — in order to learn the adjusted gross income (AGI) of applicant families. The AGI is crucial to successfully filing a tax refund request in someone’s name at the IRS. While the IRS’s tool is no longer online, this post shows how easy it remains for identity thieves to gather this same information directly from the FAFSA Web site. Think it’s hard to find someone’s SSN and DOB? Think again. There are a multitude of Web sites on the open Internet and Dark Web alike that sell access to SSN and DOB data on hundreds of millions of Americans — all for the price of about $4-5 worth of Bitcoin. Somehow, we need to move away from allowing online access to such a deep vein of consumer data just by supplying static data points that are broadly compromised in a thousand breaches and on sale very cheaply in the cybercrime underground. Until that happens, anyone who is applying for federal student aid or has a child who applied should strongly consider taking several steps: -Get on a schedule to request a free copy of your credit report. By law, consumers are entitled to a free copy of their report from each of the major bureaus once a year. Put it on your calendar to request a copy of your file every three to four months, each time from a different credit bureau. Dispute any unauthorized or suspicious activity. This is where credit monitoring services are useful: Part of their service is to help you sort this out with the credit bureaus, so if you’re signed up for credit monitoring make them do the hard work for you. –Consider placing a “security freeze” on your credit files with the major credit bureaus. See this tutorial about why a security freeze — also known as a “credit freeze,” may be more effective than credit monitoring in blocking ID thieves from assuming your identity to open up new lines of credit. Keep in mind that having a security freeze on your credit file won’t stop thieves from committing tax refund fraud in your name; the only real defense against that is to file your taxes as early as possible — before the fraudsters can do it for you. –Monitor, then freeze. Take advantage of any free credit monitoring available to you, and then freeze your credit file with the four major bureaus. Instructions for doing that are here. from https://krebsonsecurity.com/2017/11/namedobssnfafsa-data-gold-mine/ |
ABOUT MEHi my name is Anthony I am 32 years old from Houston. I am working in local store selling electronic devices. I have been interested in eclectronics since childhood and I like to reacd about it. Archives
April 2019
Categories |