La Piazza

Bilbao is not only home to our company, Panda Security, but also to many other technological leading companies such as Sher.pa.

Sher.pa is a different way of search, a revolution in voice searching and the Spanish Siri challenger for Android. A Siri challenger from Bilbao sounds almost like science fiction to me, but it can’t can be more true! Sherpa is taking voice-enabled user interfaces to the next level. A natural language Android app compatible on Android, but eventually will work for iOS.

The app uses what’s called a “MultiKnowledge” system that sifts relevant information from different sources to provide the user with the right particulars. As a result unlike Siri, that is dependent on search engines, Sherpa delivers specific answers and eliminates the need to actually tap the “Search the web” button which is pretty  more convenient.

By linking together your Facebook, Twitter and LinkedIn profiles, you can update your status across each social network. You can send messages directly to Facebook by talking. You can ask Sherpa to show all your mentions on Twitter, set calendar appointments, turn the volume on your phone up or down. Moreover, Sherpa can play music of your choice through varying streaming services because it has access to a database of about 4 million music files.

Another interesting feature of  Sherpa is its ability to enter into transactions. You can ask Sherpa to transfer money from your PayPal account to someone in your contacts without having to type in an email address. And best of all, Sherpa is incredibly fast.

Well, the “Sherpas” have organized in Bilbao what is already considered to be “the international mobile technologies event of the year”. With speakers as renowned as, Martin Varsavsky, Founder of Jazztel and CEO of Fon; Mitchell Baker, President of Mozilla or John Sculley, ex CEO of Apple. The event will bring together CEOs, key experts and decision makers discussing and debating “the next generation of user interfaces, mobile search, voice search, interaction and user experience”.

And all this is going to happen in Bilbao, which as they say in their website,  is “One of the most developed regions in the world” (from Wikipedia), awarded the “World City Prize” (Nobel prize of the cities) Winner in 2010. Our city is part of one of the most innovative European regions.

So this post just intents to be a tribute both to our hometown and to such great entrepreneurs as Xabier Uribe-Etxebarria. People like him have made the growth of the city possible.

See you all at the Sherpa Summit!

A very interesting study by Social Times on social media explained how using social media such as Twitter, Facebook, Pinterest, you name it, can drain you out. Surprised? I must confess I was. Especially when I came to learn some of the statistics the study revealed. Other than the strain on the network that airtime usage implies, or how high broadband costs are, are you aware of the emotional stress that these sites may inflict upon you? Here go some hard facts:

• Tweeting or texting while driving slows your reaction time by 38%, which is more than drinking or smoking pot.
• 45% of people feel worried or uncomfortable when not able to access their social networks.
• 66% of people have difficulty sleeping after using social media.
• 64% have accepted a friend request from a stranger.
• 46% women are “highly concerned about letting a stalker know where they are.
• 41% are “aware or extremely concerned” about letting potential burglars know when they are not at home.
• Turning off mobile phones and avoiding the internet can leave people suffering from symptoms similar to those seen in drug addicts trying to go “cold turkey”.

Alarmed? Personally, and I use Twitter and Facebook on a daily basis, I can proudly say that I have never had trouble sleeping after using a social network, I have never, ever, driven and tweeting/texting at the same time, basically, because 1.How stupidly dangerous is that! 2. I hate fines.

I have never accepted a friend request from a stranger – but hey! sometimes I don’t even accept requests from “acquaintances”. Last but not least, I have certainly never experienced withdrawal symptoms. Quite the opposite! How nice is it to disconnect for one full day and not know anything from anyone every once in a while?

But, I could well be the exception to the rule, so how to stop the drain? Take a look at these tips:

• Set a time to be social and help eliminate stress from constant interruption.
• Disable automatic app updates.
• Delete some Facebook friends. Supposedly, the mind can only handle 150 relationships at a time, although I think my mind can only handle 20 max!
• Check your privacy settings.
• Measure is the key. Learn to enjoy social networks but don’t let them take over your life.

Addiction to social networks can be avoided, as we explained in the post Hooked to the Internet (Part I) and Hooked to the Internet (Part II). Don’t let your social media services become addictive, it is up to you to control it. Or are you a FOMO sufferer? If you know what this acronym stands for, please send your comments and enlighten our readers!

The Panda Security Support Blog, The Piazza, wants to thank you for your visits, views and comments all through the year and wishes you a Merry Christmas and Happy New Year 2013.

And remember, if during these special days you need to contact our technical experts, you can do so from the contact form available on the corporate Panda Security Support website.

If you prefer to use the networks, you will also find us in the Panda Technical Support Twitter account or in the Technical Support forum.

Happy Holiday!!!

Sometimes you may wonder how come my computer got infected if my antivirus was updated and my Operating System too? Well, many of today’s viruses mutate at breakneck speed. The big question is: How did the virus access my computer then? Well, one of the most insecure entrance ways is the browser. Now you might think, do I then need a computer for work, another to play and another one to navigate? It is an option, but not quite suitable for all budgets. So today, at La Piazza, we summarize the most secure web browsing methods you can find in most cases completely for free.

• Virtual Machine
  A virtual machine is a specific machine which allows you to browse from your own computer. It is like a computer inside your computer, a protected space in which you can load other operating systems. Being isolated, the virtual machine cannot infect your computer. There are virtual machines specially designed to navigate, for example, VMWare Browser Appliance.
  
• Browser in a sealed box
  Something less complicated is to isolate the web browser process itself. This is technically known as a sandbox. Equivalent to running the browser in a cage from which nothing can get out unless we want it so. For example, you can use Panda SafeBrowser or Google Chrome’s safe browser.
  
• Extensions reinforcement
  As we discussed in the post How to Prevent the Police Virus, navigating without JavaScript, Flash animations or Java applets greatly increases the safety of navigation, but it can also be a nuisance. To overcome this obstacle, both Firefox and Chrome have extensions to control what is loaded and when: Flashblock (Firefox and Chrome) and NoScript apps such as Chrome’s NotScripts are best.
• Virtual Browsing
  These are pages that act as an intermediary between your browser and the page that you want to visit, let’s say as a proxy. For example, Virtual-Browser.

I hope these tips help you browse safely!

How about you? Do you browse safely? Why don’t you share your experience with us?

Source: How to Browse Safely (in Spanish)

Following the information we already commented in the article WhatsApp is unsafe. Truth or myth?, and taking into account the comments you made, we want to share with you a new entry.

WhatApp has always been reluctant to release a public API and encourage developers to create applications based on its platform. This has led some people, by means of reverse-engineer, to get to know how WhatsApp works internally.

Thanks to the reverse engineer work, an alternative known as WhatsAPI was published  to use WhatsApp from programming languages like PHP and Python, thus opening the door to web applications.

If we add this information to the formerly mentioned weakness of the encryption key, we face the troubling situation that it is even easier now, if anything, to impersonate someone in WhatApp: we only need to know the IMEI of the phone (in the Android devices), or the MAC of the network card (for IOS devices). There are already websites which offer to non-technical users the ability to impersonate a user in WhatApp: you only need to know the MAC or IMEI of the phone you want to impersonate.

• To know the IMEI of a phone you need to have physical access to it but if we do, in a few seconds and entering a key combination (* # 06 # to Android devices), the IMEI will be displayed.
• On the other hand, to know the MAC of an IOS device, you only need to capture the traffic while being connected to the same network of the phone to replace, for example, a public Wi-Fi network.

Let us reformulate our safety recommendations, then:

• Never lose sight of your phone, or leave it accessible to strangers.
• Avoid using this application when connected to public Wi-Fi networks (airports, coffee shops, etc.). You never know who may be listening.
• Apply basic security measures to your own Wi-Fi network. This way, you will prevent other users from connecting to it without your consent.
  
  Note: check your router user guide for more information to know how to implement the following recommendations, as they may vary depending on the manufacturer:
  • Change the default password that gives access to your router or Wi-FI access point
  • Increase the security of transmitted data, enabling WPA/WPA2 encryption
  • Enable MAC address filtering

A new post on the parenting and teenagers struggle.

I am an advocate of communication between parents and children. I think it is essential for parents to be informed and to strive to make communication with children smooth and close.

Having made this statement, I regret to say that I have serious doubts about its utility.

At La Piazza we are continually giving advice on how to help our children protect themselves from the dangers of the Internet. Again and again we emphasize how we must talk to them, we try to make them see that the network can magnify any nonsense and multiply it by “n” turning something insignificant into a real tragedy. And unfortunately, there are dramatic cases to prove so.

Sometimes we have resorted to lists to advise parents and children: Top 10 tips on Internet safety that every parent should know, The 3 basic ways to prevent sexting, The 6 golden rules for children to use technology safely. Anyway, lists, lists and more lists which in addition to help us structure the post, rank well in terms of search engines, but.. are they at all useful?

Last week the local Police Computer Crime squad gave a talk at my children’s school. They explained in great detail and with real examples the dangers children face on the network. My children returned home surprised and shocked. As if they had never heard their father and I talk about these issues. Well, I guess a uniform can be more imposing yet not imposing enough, because a few days later, several of my middle child (12 years old) classmates were expelled from school for uploading pictures of their teachers to Facebook, obviously without their authorization. My big girl (15 years) changed her Twitter profile picture to one displaying half her body only covered by a small bikini top. Well, I guess it is a quick way to get followers. To top it all, both girls tweet nonstop about every detail of their daily lives, where they are, who with, where they will be going next, upload pictures of themselves, of their brothers …

Friends of mine have a 11 year-old child who blatantly lied to their parents when they caught him bragging on Facebook about the amount of alcohol he had drunk the day before. Despite trying to convince his parents that his Facebook account had been hacked, they began to watch it closely. Result: the child created a second profile where he could publish things “unfit” for parents …

Let’s do a memory exercise. All of us, parents of teens, were teenagers not so long ago. What crossed our then young and reckless heads? The same thing as it crosses their minds. The thing is that parents are not aware of anything. Teens know exactly what they need. No one understands them. They found the love of their lives and they will love him/her forever. And above all, what really matters are friends. Best friends. True. Those to whom they tell everything and the only ones who understand.

Therefore, what is the point of insisting that not everything on the Internet is true, that they have to be careful, that it is not good to give their location coordinates with great detail, that they should not upload photos from home – geolocation enabled of course, who ever remembers to disable it? -, and so on to complete a list of 10, 20, 30 points pointing out the infinite dangers of the network.

Parents have to resign and be aware that those who really influence their children are others. If Stephanie Meyer, famous for her Twilight books or any other writer popular among teenagers and young adults wrote a novel in which the central character was a teenager who was bullied in the network and driven to suicide, tragically like Amanda Todd’s trance, the impact and exemplary positive consequences would probably be vastly superior to any maternal / paternal advice to prevent them from sending “sexy” pictures  to their current “boyfriends”. Or imagine any of the characters in Glee going through something like what Tim Ribberink  – the poor old Dutch boy who committed suicide after years enduring jokes online about his sexuality – experienced. If the actor or actress managed the problem correctly, the beneficial effect for many teens scared of their sexuality would be awesome.

As parents, one thing must be clear, our children will not tell us anything until it’s too late and therefore, they will not follow any of our tips, as these are intended to restrict what they see as their own freedom.

What is left then? Using spying programs?

My position is always the same. This type of software should only be used as a last resort when there is reasonable suspicion that something serious may be happening. All there is left for us parents is to be very alert to any changes in behavior and never lower our guard. We must explain that these issues constitute a crime and must be denounced. And if in spite of all, they are already in trouble, we will give them all the understanding, help and support they need, both to get out of the mess and to teach them how to make it in this complicated cyber world we live in.

The Police Virus continues spreading. This type of virus, a trojan specifically, usually exploits system or software vulnerabilities. Therefore, we would like to remind all our readers basic security measures to prevent future attacks, as published in the blog post How to disinfect the Police Virus.

• Avoid browsing unsafe pages
  How? By using virtual browsers as Panda Safe Browser. This type of browsing creates what is called a virtual environment completely isolated from the system and the other applications on your PC, letting you browse the Internet securely. It is as if your Internet session took place outside your computer. This way, your system will be safe from possible Internet threats.

• Enable automatic updates for your operating system, in the case of Windows, Windows update. If not active, you can use the Vulnerability detection analysis featured in any of the 2013 Panda products.

• Upgrade your programs as soon as possible
  Do not rely the security of your computer security programs only. Note that many of these viruses mutate easily and very quickly. Therefore, it is very important to close the gates, which are the security holes they exploit.

• Remove, if not required, applications such as Java applets, Flash animations. Otherwise, keep them updated at all times.

• We are sure you already know, but we don’t get tired of repeating it: Never open mails from unknown senders as they may contain virus.

Now, if you haven’t taken into account these security measures and you have already been infected, we recommend cleaning your computer with the free Panda RescueDisk tool.

And remember, if you have any problems with the disinfection, please Contact TechSupport. We know how to help you.

On Wednesday, Amanda Todd, aged 15, was found dead at his home in Port Coquitlam, Canada. Last month she released a video on YouTube in which she denounced her tragic experience  as victim of a cyber stalker, with the following messages: “My story: fighting, bullying, loneliness, suicide, self-harm.”

The sad story of the teenager began at the age of 12 when a stranger with whom she contacted online asked to see her breasts. Since then, she suffered extortion to no end, until one day he made his threats true and spread her images amongst her teachers, friends and family. It was the beginning of the end: a tormented life which culminated in the suicide of the young Amanda.

Again, we would like to remind parents that prevention is the best cure:

• Talk to your children.
• Alert them of how dangerous it is to have virtual friends whom they do not know in real life.
• Persuade them of how risky it is to display provocative or exhibitionistic images on the web.
• Urge them to protect their personal data.

We will not get tired of remembering the safety tips that, once and again, we repeat in La Piazza’s blog posts: Online grooming, Teenage sexting the thin line between fun and shame, Spying on kids, not yes or no but how much?

Amanda’s case may seem extreme, but we must never forget that bullies take advantage precisely of the innocence of their victims; children who are growing up and, in many cases, are completely unaware of the dangers that certain behaviors pose.

So parents, please, try to be more attentive and always talk openly with your children; teach them real cases like Amanda’s or others that unfortunately do exist, so that they are never tempted to expose their privacy to complete strangers. The suffering is not worth it.

WhatsApp is no longer yet another instant messaging application, but is becoming a true social phenomenon. It is used by all kinds of users and it handles two billion messages per day.

WhatsApp

In fact, it may even lead to social exclusion, as the people who do not use it become ‘expensive’ friends in the eyes of others and might see how the number of calls and messages received from friends is drastically reduced.

Leaving aside these questions, today most smartphone users use WhatsApp and, despite its tremendous popularity, security experts have brought to light other not-so-good aspects of the app, mainly the level of communication security provided by it.

Until recently, messages sent through the WhatsApp service were not encrypted. Thus, it was fairly simple to see the messages sent by other users as long as you were connected to the same network as them (for example, a public Wi-Fi network). To fix this, at the end of August a new version of WhatsApp was released which included message encryption to assure the user’s communication privacy.

However, it has been demonstrated that the encryption used is not robust enough so it is still possible to intercept communications even with this new version.

The problem stems from the fact that the encryption key used by WhatsApp for Android is a MD5 hash of the phone’s IMEI number in reverse format; that is, if you calculate your phone’s IMEI number MD5 hash and write it from right to left instead of from left to right, you’ll obtain the encryption key used by WhatsApp, and therefore will be able to decrypt the messages sent through the service. Additionally, on IOS devices (iPad/iPhone), WhatsApp creates its encryption key simply by doubling the Wi-Fi interface’s MAC address and generating an MD5 hash from it. Many voices claim that WhatsApp is insecure but, how risky is it really?

For a user to be able to intercept and decrypt the messages you send via WhatsApp, the following conditions must be met:

• They must be connected to the same Wi-Fi network as you. For example, a public Wi-Fi network.
• They must know your phone’s IMEI number (which is not easy).
• They should have sufficient computer knowledge as to be able to capture network traffic, calculate the MD5 hash of your IMEI number and decrypt the messages.

Once you know the risks, you just have to take some basic security measures to continue using the app without compromising your privacy:

• Avoid using WhatsApp on public Wi-Fi networks (airports, cafés, etc.). You never know who may be listening.
• Use certain basic security measures with your own Wi-Fi network. This way, you will prevent other users from connecting to it without your consent.

Note: Refer to your router user guide for more information on how to apply the following recommendations as instructions may vary between router manufacturers:

• Change the default password of your router or Wi-Fi access point.
• Secure data transmission, enabling WPA/WPA2 encryption.
• Enable MAC address filtering.

The internet is just part of life but sometimes it is not so obvious who you are talking to. We need to make sure our children are staying safe because there are some evil people out there, looking for vulnerable, innocent people…

And always remember that boys are just as vulnerable as girls.