Tag Archives: mobile

For Sale – EE 4g Osprey WiFi Dongle ‘Price Drop’

EE 4g mobile dongle.
Locked to EE but also works with my plusnet sim.
You can get an unlock code for 99p from an auction place.
No cables, just the box.
Tested this morning and in good order.
£33 to include postage.
Malcolm
IMG_6716.jpeg

IMG_6715.jpeg

Price and currency: £22
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Llandrinio
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Last edited: Aug 31, 2018

For Sale – EE 4g Osprey WiFi Dongle ‘Price Drop’

EE 4g mobile dongle.
Locked to EE but also works with my plusnet sim.
You can get an unlock code for 99p from an auction place.
No cables, just the box.
Tested this morning and in good order.
£33 to include postage.
Malcolm
IMG_6716.jpeg

IMG_6715.jpeg

Price and currency: £22
Delivery: Delivery cost is included within my country
Payment method: BT or PPG
Location: Llandrinio
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Last edited: Aug 31, 2018

Another mSpy leak exposed millions of sensitive user records

Mobile spyware company mSpy has once again leaked millions of customer records to the public internet.

The company develops mobile spyware that customers use to monitor the mobile device activity of their children, partners and others. Security researcher Nitish Shah discovered the mSpy leak via a public-facing database and reached out to cybersecurity journalist Brian Krebs, who first reported the leak.

Krebs looked into the mSpy leak and said no authentication was required to access the database. The customer data included passwords, call logs, text messages, contacts, notes and location data — all of which was compiled by the mSpy spyware — and there were millions of records. Additionally, there were records containing the username, password and private encryption key of every mSpy customer who was active in the last six months. The database also included the Apple iCloud usernames and authentication tokens of the Apple devices running mSpy.

According to Krebs, anyone who accessed the database would be able to see WhatsApp and Facebook messages that were also compiled by mSpy.

Krebs also noted that the transaction details of all mSpy licenses purchased within the last six months were exposed, and that included customer names, email addresses and mailing addresses. Additionally, there was browser and internet address information from users visiting the mSpy website.

The exposed database was taken offline this week. But Shah told Krebs the company’s support people ignored him when he tried to alert them of the mSpy leak and asked to be directed to their head of technology or security. After Shah contacted Krebs, Krebs reached out to mSpy as well, with only slightly better results. The chief security officer of mSpy said the company was aware of the issue and was working on it.

In response to Krebs’ article, mSpy issued a statement in which it acknowledged there was an incident, but denied that millions of records had been exposed.

This isn’t the first mSpy leak in recent years. In 2015, Krebs also reported a data leak after mSpy was hacked and customer data was posted on the dark web. In that breach, the information of over 400,000 was estimated to be exposed, and mSpy “initially denied suffering a breach for more than week,” according to Krebs, despite customers confirming their data was part of the exposed cache.

In other news:

  • The FIDO Alliance has launched a certification program for biometrics. “Biometric user verification has become a popular way to replace passwords and PINs, but the lack of an industry-defined program to validate performance claims has led to concerns over variances in the accuracy and reliability of these solutions,” the FIDO Alliance said. The certification, called the Biometric Component Certification Program, is designed for both users and providers. For enterprises, FIDO said, “it provides a standardized way to trust that the biometric systems they are relying upon for fingerprint, iris, face and/or voice recognition can reliably identify users and detect presentation attacks.”
  • More than 7,500 MikroTik routers were infected with malware, according to researchers from Qihoo 360 Netlab. The malware logs and transmits network traffic information to servers under the hackers’ control. The researchers found the routers were infected by the malware through an exploit of a vulnerability disclosed in the Vault7 leaks of alleged CIA hacking tools. The vulnerability, tracked as CVE-2018-14847, was patched in April. The researchers noticed the malicious activity on their honeypot systems in July specifically aimed at MikroTik routers. The largest number of routers affected by CVE-2018-14847 exploits were in Russia, as well as Iran, Brazil, India and Ukraine.
  • Hackers have compromised the MEGA Chrome extension — which is used for secure cloud storage — to steal login credentials and cryptocurrency keys, according to researchers. First discovered by an anonymous researcher called SerHack, the malicious version of the browser extension monitors for usernames and passwords in login forms on Amazon, Microsoft, GitHub and Google, and then it sends the credentials to a host in Ukraine. It also scanned for URLs relating to cryptocurrency sites, and then it would try to steal that login data, as well. The malicious version of the MEGA Chrome extension was put in place at some point after Sept. 2, and Google has already taken it down. There’s no evidence the Firefox version of MEGA has been compromised. Chrome users of the MEGA extension should remove it immediately and change all account passwords.

5G services to headline Mobile World Congress Americas 2018

If it’s September, it’s time for Mobile World Congress Americas. And this year’s conference, scheduled for next week in Los Angeles, will be all about 5G services, wrote Kathryn Weldon, an analyst at GlobalData, based in London.

“Clearly we are closer to actual 5G rollouts, so all vendors and operators that participate in the 5G value chain will be touting their wares, anticipating and touting possible use cases, and amping up the excitement,” she wrote.

Weldon said she does not believe next week’s Mobile World Congress will yield any major product announcements. Instead, she categorized education as the show’s biggest benefit, especially around 5G services.

“Enterprises know little about 5G at this point because they can’t yet see it or buy it. [The conference] should help them envision the kinds of things these new technologies can do for their businesses.”

Among those new capabilities will be enhanced video broadcasting, advanced interactive gaming systems and anything that can benefit from low latency, Weldon said.

5G services won’t be the only technology discussed at Mobile World Congress Americas. The event will also showcase other wireless trends, including low-power WANs, internet of things and, of course, business transformation. What’s a show without some mention of transformation, after all?

Find out what else — beyond 5G services — Weldon said attendees should look for at next week’s Mobile World Congress Americas.

VMware loves the cloud — now

VMware wasn’t always a fan of the cloud, but it sure is now, said Drew Conry-Murray, in a Packet Pushers post.

The vendor pitched its virtual cloud network architecture at last month’s VMworld, with executives telling attendees to make VMware software the foundation for all of their enterprises’ multi-cloud operational requirements — from security to management.

The reason why? The vendor does not want to be cast aside as more applications rely on a public cloud infrastructure that does not require VMware, Conry-Murray said.

VMware’s approach could work, but it won’t be inexpensive. Or easy, Conry-Murray said.

Read Conry-Murray’s other observations about VMware’s embrace of multi-cloud.

Platform wars: The next phase of enterprise security?

Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., said CISOs are increasingly looking for a single vendor to provide the tools they need to secure their networks.

That may be an efficient way to go, but most enterprises have a dizzying list of security needs they must meet, and finding a security platform capable of supporting all those requirements is not easy.

But that’s where Oltsik and his colleague, Doug Cahill, come in.

The two developed a list of eight attributes they said every cybersecurity platform must offer. Then they interviewed more than 200 cybersecurity professionals to identify the three attributes they consider most important.

Among the attributes cited: ease of management and coverage that includes major threat vectors such as email and web security. Almost 40% of those surveyed said email and web security is a must, while 33% said they needed a platform that offered central management across all products and services.

Find out what else survey respondents had to say about cybersecurity platforms.

Two seconds to take a bite out of mobile bank fraud with Artificial Intelligence

The future of mobile banking is clear. People love their mobile devices and banks are making big investments to enhance their apps with digital features and capabilities. As mobile banking grows, so does the one aspect about it that can be wrenching for customers and banks, mobile device fraud. 

image

Problem: To implement near real-time fraud detection

Most mobile fraud occurs through a compromise called a SIM swap attack in which a mobile number is hacked. The phone number is cloned and the criminal receives all the text messages and calls sent to the victim’s mobile device. Then login credentials are obtained through social engineering, phishing, vishing, or an infected downloaded app. With this information, the criminal can impersonate a bank customer, register for mobile access, and immediately start to request fund transfers and withdrawals.

Artificial Intelligence (AI) models have the potential to dramatically improve fraud detection rates and detection times. One approach is described in the Mobile bank fraud solution guide.  It’s a behavioral-based AI approach and can be much more responsive to changing fraud patterns than rules-based or other approaches.

The solution: A pipeline that detects fraud in less than two seconds

Latency and response times are critical in a fraud detection solution. The time it takes a bank to react to a fraudulent transaction translates directly to how much financial loss can be prevented. The sooner the detection takes place, the less the financial loss.

To be effective, detection needs to occur in less than two seconds. This means less than two seconds to process an incoming mobile activity, build a behavioral profile, evaluate the transaction for fraud, and determine if an action needs to be taken. The approach described in this solution is based on:

  • Feature engineering to create customer and account profiles.
  • Azure Machine Learning to create a fraud classification model.
  • Azure PaaS services for real-time event processing and end-to-end workflow.

The architecture: Azure Functions, Azure SQL, and Azure Machine Learning

Most steps in the event processing pipeline start with a call to Azure Functions because functions are serverless, easily scaled out, and can be scheduled.

The power of data in this solution comes from mobile messages that are standardized, joined, and aggregated with historical data to create behavior profiles. This is done using the in-memory technologies in Azure SQL.  

Training of a fraud classifier is done with Azure Machine Learning Studio (AML Studio) and custom R code to create account level metrics.

Recommended next steps

Read the Mobile bank fraud solution guide to learn details on the architecture of the solution. The guide explains the logic and concepts and gets you to the next stage in implementing a mobile bank fraud detection solution. We hope you find this helpful and we welcome your feedback.

Developers favor JVM languages for mobile, enterprise

Languages that run on the Java Virtual Machine have lined up well with mobile app developers, alongside the usual code suspects.

JavaScript, Java, Python, PHP and C# top RedMonk’s latest list of programming languages, ranked by code usage (GitHub pull requests) and discussions (Stack Overflow Q&As). C++, CSS, Ruby, C and Objective-C round out the top 10. But a host of JVM languages rank in the middle of the pack and are on the move up the list.

The JVM supports a host of programming languages, such as Kotlin, Groovy, Scala and Clojure, along with JRuby and Jython, as well as more obscure languages such as BeanShell, Pizza, Pnuts and Xtend. Scala (ranked 12th), Clojure and Groovy (tied at 21st) advanced in the RedMonk rankings, while Kotlin — one of the hottest languages around — fell back one spot to 28th.

Bright future for Kotlin, Swift for mobile OS development

Kotlin is especially popular with mobile app developers as a preferred language for Android application development due to its clean, modern design, wrote Stephen O’Grady, analyst at RedMonk, based in Portland, Maine, in a blog post.

Scala had dropped for three consecutive quarters prior to this latest ranking, although the drops were rather small. The causative factors behind Scala’s past declines are unclear, but likely involve competition not only from Java but from other JVM languages such as Clojure, Groovy and even Kotlin.

“Scala had its day in the sun, but it seems to be suffering from growing pains and unable to move under the resistance of its own considerable weight,” said Cameron Purdy, CEO of Xqiz.it, a Lexington, Mass., software startup in stealth mode, and formerly senior vice president of development at Oracle.

Swift, a newer language to build iOS applications, also slid one slot out of a tie with Objective-C, but still enjoys increased attention from developers. IBM and others have pushed Swift as a server-side language.

Like Kotlin, Swift appeals to developers as a language that hides the ugliness of a legacy platform, although it drags a ton of luggage from various legacy Apple technologies that feel less clean, Purdy said.

“If I were a developer starting out today, I’d prioritize Kotlin and Swift for Android and iOS development, with JavaScript or TypeScript for the browser,” he said. “Kotlin should also suffice for the back end.”

Reading the tea leaves

Other industry experts suggest the ebbs and flows of such language popularity rankings are nothing more than periodic changes in the schemes of software development.

As programmers change development projects, they’ll shift from “vanilla Java” to Kotlin if they’re doing Android development, or to Groovy for development with Grails, or to Clojure or Scala for various functional programming work, said Ted Neward, director of developer relations at Smartsheet, Bellevue, Wash.

The more Java improves, the less these other ‘Java++’ languages have compelling enough differences to justify the overhead of using something other than Java.
Charles Nuttersenior principal software engineer, Red Hat

“This is much like trying to read the tides by marking the waves on the side of the pier over a five-minute period,” he said. JVM languages in general have carved out a niche within the broader Java world, which is viable because that world is so large. “If anything, it signals that these languages are reaching a level of maturity and acceptance within the ecosystem,” he said.

Meanwhile, recent improvements in the Java language, such as lambdas in Java 8 and local variable type inference in Java 11, take some steam away from JVM alternatives, said Charles Nutter, co-lead of the JRuby open source project and a senior principal software engineer at Red Hat.

“The more Java improves, the less these other ‘Java++’ languages have compelling enough differences to justify the overhead of using something other than Java,” Nutter said.

Algolia partners with integrators, digital agencies

Algolia, which offers search technology for websites and mobile apps, has launched a partner program targeting systems integrators, consultants, digital agencies and e-commerce platforms. Algolia partners include Accenture Interactive’s Altima business unit, digital agency Wunderman and e-commerce platforms Magento and Shopify.

At launch, the Algolia Partner Program has 20 certified partners. The program aims to create an ecosystem of Algolia partners that can help enterprises customize Algolia search technology, according to the company.

The program’s launch follows rising interest among customers in working with partners, said Alexandre Popp, director of channels and alliances at Algolia.

“Over the past year, we saw increasing demand from enterprises to leverage the support of partners like systems integrators, consultants and agencies,” Popp said. “So we made the decision to dedicate resources to building out partner engineering, account management, and marketing teams to support our partners in the field and meet customer demand.”

The partner program is part of the company’s enterprise customer initiative.

Alexandre Popp, director of channels and alliances at AlgoliaAlexandre Popp

“Our motion to move upmarket comes with partners and multinational brands purchasing our product in tandem with partner solutions, and deployed with consulting firms’ team[s],” Popp said. He noted the program’s objective is to support partners as they “build or sell digital products” that embed Algolia.

Algolia’s partner program offers technical enablement and certification; go-to-market and sales enablement; and marketing support, including co-marketing events, webinars and campaigns. The company, founded in 2012, said it has more than 5,700 customers.

Cloud service providers launch offerings

Cloud service providers Faction and 2nd Watch rolled out new services this week.

Over the past year, we saw increasing demand from enterprises to leverage the support of partners like systems integrators, consultants and agencies.
Alexandre Poppdirector of channels and alliances, Algolia

Faction, a Denver company that focuses on multi-cloud services, said it is working with VMware to provide cloud-attached storage for VMware Cloud on AWS deployments. Faction said its Cloud Control Volumes offering provides a scalable storage platform for VMware Cloud on AWS customers who need more storage capacity.

Meanwhile, 2nd Watch, a managed service provider based in Seattle, said its Cloud Migration Cost Assessment service aims to help large and midmarket firms get a handle on the cost benefits of moving on-premises IT infrastructure to the cloud. The cloud migration assessment involves a six-week engagement in which 2nd Watch cloud personnel evaluate a customer’s IT estate and “map current resources to the most cost-effective cloud solution,” according to the company.

Other news

  • Silver Peak launched its Authorized Deployment Partner (ADP) Program, which will train, certify and authorize a group of services partners. Partners receiving authorization are deemed capable of managing the design, deployment and management of the Silver Peak Unity EdgeConnect SD-WAN offering. Program participants include Cavell Group, FireOwls Corp., Geode Networks, Traversa Solutions and Velociti.
  • Arcserve, a data backup and availability vendor based in Minneapolis, unveiled a new channel program dubbed Arcserve Accelerate. The program targets North American MSPs, value-added resellers, large-account resellers and original equipment manufacturers. Program features include re-developed e-learning courses, partner certification, individual and corporate SPIFs, marketing development funds and access to cloud-native products with support for private and public clouds such as AWS and Microsoft Azure, according to Arcserve.
  • Matrix Integration, an IT infrastructure company in Kentucky and Indiana, has opened its new Louisville regional office. The company said the expansion provides a hub for modernizing the IT infrastructure of public and private sector entities in the Louisville area.

Market Share is a news roundup published every Friday.

Unprotected Firebase databases leaked over 100 million records

Thousands of mobile applications are leaking personally identifiable information from unprotected Firebase databases.

According to research from application security company Appthority, 3,000 mobile iOS and Android apps are leaking 100 million exposed records of user data. The records include 2.6 million

plain text
passwords and user IDs, at least 4 million records with protected

health  information
(PHI), 25 million GPS location records, 50 thousand financial records, and at least 4.5 million Facebook, LinkedIn, Firebase and corporate datastore user tokens.

These exposures happen “when app developers fail to require authentication to a Google Firebase cloud database,” according to the report from Appthority, which also notes that Firebase is one of the 10 most popular datastores for mobile apps with over 53,000 apps using it in 2017.

“The challenge for app developers is that Firebase does not provide adequate security capabilities out of the box. The only security feature available to developers is authentication and

rule-based
authorization,” Appthority explained in its report. “However, Firebase does not secure user data by default nor are third-party tools available to provide encryption for it.”

The report also noted that it would be easy for hackers to find unprotected Firebase databases and gain access to private data records.

“The result is a trove of data that is open to the public internet unless the developer explicitly imposes user authentication on each individual table or directory,” Appthority explained in the report. “Even when developers do implement authentication, they may not secure every database table.”

As a result, the Appthority researchers found that over 113 GB of data has been exposed through the 3,000 apps. They also found that 62% of enterprises are using at least one vulnerable app, spanning a variety of industries across the globe including banking, telecoms, postal services,

ride sharing
companies, hospitality

and
education. The apps that leaked the most data were health and fitness apps.

“Medical information can be worth ten times more than credit card numbers on the deep web,” the report said. “Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers.”

It’s misconfiguration and mismanagement of the backend infrastructure opening up these vulnerabilities.
Seth HardyDirector of Security Research, Appthority

Appthority said it notified Google of this issue with apps hosted on unprotected Firebase databases, but Seth Hardy, Appthority’s director of security research, doesn’t think the blame falls entirely to Google — despite Google not making the security features that would prevent these leaks set to default.

“They’re not directly responsible,” he told SearchSecurity. “When you make a tool and try to make it easy to use, then you’re probably not going to want to add that setting by default.”

Hardy noted that it’s also not the responsibility of the user to make sure the apps are secure.

“It’s definitely a developer issue,” he said. “It’s misconfiguration and mismanagement of the backend infrastructure opening up these vulnerabilities.”

The solution, according to Hardy, lies with the developers.

“It’s really just a matter of trying to educate developers in general about secure coding practices, making sure that they’re implemented in all parts of the software development lifecycle and giving users and enterprises the tools to verify whether these apps are implementing proper security controls on their data.”

Microsoft Teams mobile app matures, but interoperability lags

Microsoft has been building out the capabilities of the Microsoft Teams mobile app in recent months, adding features more advanced than those traditionally supported by unified communications mobility clients. Nevertheless, the vendor has more work to do to catch up with rival Cisco and to provide a seamless mobile experience to businesses.

Microsoft is on par with the meeting features in Cisco Webex Teams mobile, but Cisco can give users a more seamless experience for scheduling and joining meetings from their mobile phones. That’s because Cisco Webex Teams and Cisco Webex rely on the same back-end cloud infrastructure, said Zeus Kerravala, founder and principal analyst at ZK Research in Westminster, Mass.

“Cisco has been very, very mobile-centric for a long time, so I wouldn’t expect Microsoft to have the same maturity in the mobile client,” Kerravala said. Nevertheless, recent improvements to the Microsoft Teams mobile app are “a good start.”

Microsoft users must juggle multiple UC mobile apps

Microsoft still has separate mobile apps for Teams and Skype for Business that require users to toggle between apps. Users can generally only access Teams meetings from within the Microsoft Teams mobile app, rather than from the mobile apps for Outlook or Skype for Business.

“The ability to schedule and join calls or meetings needs to be a lot more consistent,” Kerravala said. “So, if I’m in Outlook mobile and I can start a Skype for Business meeting, I should be able to start a Teams meeting.”

This gap in interoperability could cause headaches for businesses, as they attempt to migrate users from Skype for Business to Teams in keeping with Microsoft’s directive that it will eventually phase out the former.

Microsoft is encouraging customers that use the cloud version of Skype for Business to begin using Teams simultaneously. The vendor recently gave users the ability to transfer contacts and groups from Skype for Business to Teams and made instant messaging exchanges between the two clients persistent for Teams users.

Recent features added to the Microsoft Teams mobile app included the ability to join audio and video meetings in Teams or request a meeting to call them on their mobile devices. Once in a meeting, the Microsoft Teams mobile app lets users upload files, share their screens and control presentations.

Team collaboration elevates mobile clients

Team collaboration apps like Microsoft Teams, Cisco Webex Teams and Slack are growing in popularity because they provide a single platform for communicating synchronously and asynchronously and for getting work done through third-party integrations.

That model for unified communications (UC) has made mobile clients even more significant, as vendors compete to deliver products that help users stay connected to colleagues and data whether they are in the office or working remotely, analysts said.

“The lines between communication, collaboration and conferencing are blurring,” said Alan Lepofsky, a principal analyst at Constellation Research Inc., based in Cupertino, Calif. “One of the biggest challenges for vendors is to create consistent experiences across various device types.”

Traditional UC mobile apps were built primarily around calling and messaging, but mobile phones already provide those same capabilities over cellular networks. The mobile apps for Microsoft Teams and Cisco Webex Teams now give users access to nearly all of the files and collaboration tools available to them on the desktop.

“For all the manufacturers in this space, their singular goal should be [the following]: Can the user eradicate the term, ‘I’ll take care of that when I’m back in the office?'” Kerravala said.

For Sale – Laptops

Laptop 1 – Sold
Lenovo SL510
Intel Core 2 Duo T6670 2.20GHz
4GB Ram
320GB HDD
Intel Mobile 4 Series Express Chipset
Windows 7 Pro 64bit. Fresh install. Fully updated. Recovery disks and partition.
15.6 inch (1366 x 766)
DVD RW
HDMI out
WIFI
Good condition. Battery 2hrs+
Genuine Charger

Laptop 2 – Sold
HP 650
Intel Core i3 2328M 2.20GHz
4 GB RAM
500 GB HDD
Intel HD Graphics 3000
Windows 7 Pro 64bit. Fresh install. Fully updated. No recovery disks or partition
15.6 inch (1366 x 766)
DVD R
HDMI out
WIFI
Excellent condition. Battery 3hrs+
Genuine Charger

Laptop 3 – Sold
Dell Latitude E5430
Intel Core i5 3230M 2.6GHz
4GB RAM
320GB HDD
Intel HD Graphics 4000
Windows 10 Pro. Fresh install. Fully updated. Windows 7 recovery disk.
14 inch (1366 x 766)
DVD RW
HDMI out
WIFI
Excellent condition. Battery 3hrs+
Genuine Charger

Price and currency: Various
Delivery: Delivery cost is included within my country
Payment method: BT
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.