Facebook Scraping SMS and Call logs

In case you haven’t heard or know about this Facebook scraped (grabbed/uploaded and stored!) call, text message data for years from Android phones! [Read about it here – https://goo.gl/acrfJW]

[Many are saying that this didn’t/couldn’t happen on iPhones, but I believe that as much as I believe that Facebook when they say

“.. that the company keeps the data secure and does not sell it to third parties”.]

For years now, I have never used Facebook Messenger on any phones, ever; I tested the app security a couple times and during install it requested accesses to all kinds of stuff including sms and phone logs, contact information access to phone storage etc.. (I have a security extension (X Privacy – requires root) that lets you see EVERY process an application requests access to. I saw the permissions the application asked for and knew it would be bad. Looks like, I was right.

To access messenger messages I use a computer Browser or a web session on my phone set to use the ‘desktop agent’. I’ll explain that at the bottom of this post.

So what to do now if you’re one of those who have been snared:

On phone app:

How to manage contact uploading with the Facebook App.

Facebook will upload your contacts from your device if you have continuous uploading turned on. To turn off continuous uploading in the Facebook app:

  1. Tap clip_image001.
  2. Tap App Settings.
  3. Tap Continuous Contacts Upload to turn this setting on or off.

You can also tap Sync Your Call and Text History to turn this setting on or off. Syncing your call and text history makes it easier to connect you to your friends.

How do I delete contacts I uploaded to Facebook?

To delete contacts you’ve uploaded to Facebook:

  1. Go to the Manage Invites and Imported Contacts page.
  2. Tap the box next to the contacts you want to delete.
  3. Tap Delete Selected.

You can view or remove your uploaded contacts on the Manage Invites and Imported Contacts page.

Now if you wish to view messages on your phone without the FB messenger you can login to your Facebook account with a browser (for that I use Opera) and set the ‘user agent’ option to desktop – this will tell the FB servers that you are connecting from a computer and not a phone. [Just make sure the address you type in the address bar is https://facebook.com and NOT m.facebook.com – the ‘m’ sets it to mobile.

Open Opera Mobile Browser:

Tap on Opera Menu and you’ll see Settings option, tap Settings

clip_image005

clip_image007

In the settings scroll down to the Content section and you’ll find the Default user Agent setting.

clip_image010

Tap that and you can set the agent to Desktop

clip_image012

Now when you open that Browser and go to a website you’ll see the ‘desktop’ version and not the mobile version. Like I said I use this for Facebook to check/send messages and also see differences in how FB presents things on my timeline based on the agent.

How to Block Your Wall on Facebook From a Friend, Friend of Friend or everyone. And How to Block a Wall Post on Facebook

So far these are the simplest instructions I’ve come up with for How to Block Your Wall on Facebook From a Friend, Friend of Friend or everyone. And How to Block a Wall Post on Facebook

1 Click “Account” at the top right of your profile screen.

2 Click “Privacy Settings.” Click the “Custom” button and then click “Customize settings.”

3 Click the current privacy settings next to “Posts by me.” Your current privacy setting is either “Everyone,” “Friends of friends” or “Friends only.” Click “Customize.”

4 Type the name of the person you wish to block from setting your wall in the “These people” text box under “Hide from.” Click “Save Setting.”

Then Check this too

1 Log into Facebook and click “Edit My Profile” at the upper left.

2 Click the “Privacy Preferences” link in the left column.

3 Select the “Edit Settings” link from the “How You Connect” area.

4 Select the gray menu box positioned to the right of “Who Can See Wall Posts.” A menu appears.

5 Click “Custom.”

6 Click the “These People” text field in the Hide This From section.

7 Type the name of the person you want to block from posting on your wall. Names appear below the These People field while you type.

8 Click the person’s name. His name appears in the “These People” field. Repeat Steps 7-8 to add more people.

9 Select “Save Changes.”

In your PRIVACY SETTINGS, if you want to change how your wall appears to others you need to go to TIMELINE & TAGGING and change your settings there. I have this feeling that most of you are going to CONTROL YOUR DEFAULT PRIVACY and making your changes there. Control your default privacy only changes your future post, until you change it again. So, if you make sure that you set those first (TIMELINE & TAGGING). Keep in mind this does not change settings for your posts, not photo Album.

Here’s another little secret. On your wall underneath your wall banner is ACTIVITY LOG and right next to it is a GEAR icon. If you click that icon, select VIEW AS. A search bar will appear on the top left corner of your page . Select a name of one of your friend and it will show you exactly how your page appears to that friends and if you read the description you’ll notice the word PUBLIC in blue and it will show you how the page appears to the public. This is how you can view your settings! [if you do this make sure you clear your internet cache settings first!] 🙂

I’d also like to put in another recommendation for the use of ‘Social Fixer’ a Browser Plugin to dramatically improve your ability to control the layout and functionality of Facebook.

Below are some screen captures of the above procedures for you if you care.

Hope this helps some who’ve been asking me.

123456789101112

For your future post make sure your settings are defined correctly as you do them.

13

Facebook Timeline Fix with Social Fixer

OK. I was asked again about Facebook’s Timeline and how to ‘fix it’ and make the experience more like ‘it used to be’. I’ll tell you now: You are stuck with Facebook Timeline – it’s Facebook’s world and what they say goes in their world. (for the most part anyways). And Facebook says EVERYONE is getting Timeline!

BUT you can Un-Fack the Timeline and make it more ‘enjoyable’ by using the Social Fixer extension for Firefox, Chrome, Opera or Safari. Get it here. I just posted about this a couple of days ago but seems not many actually read it. Hope you will this time. The folks at Lifehacker put up a quick and simple video of it’s use here:

 

So get the extension, watch the video and experiment and see if this help you.

I have also written numerous articles on using extension/add-ons for Browsers – specifically Firefox and Chrome. Since so many of us spend so much time interacting with the world via a Browser window, it’s seems utterly silly that most won’t or don’t customize or tweak that window for more productivity, security and enjoyment. Maybe, many of you just don’t know what you can do. But now you do. So go search through my blog to find those other tips!

While I’m here let me give you some other links on how to better secure your Facebook Profile and enhance your personal security.

Techworld has a VERY good article here. I agree with, and do everything they mention.

Have fun and stay safe out here. 🙂

Peace.

Facebook news feed settings update

Facebook has changed its News Feed, so that by default, you can only see updates from people you’ve "recently interacted with." If you don’t change this and aren’t that active, then only a few of your friends will actually see your posts and vice versa.

YOU ACTUALLY HAVE TO CHANGE IT AT THE BOTTOM OF YOUR HOME PAGE, CLICK EDIT OPTIONS AT BOTTOM AND ADD "ALL FRIENDS" TO MAKE THE CHANGE

So Here is how to do that:

Login to Facebook:

clip_image002

To Search for ‘Options’ link at the bottom of the page. The best way to do this is to

Press Ctrl F (if you are on a Windows PC) or Command F (if you are on a Mac) this will open a ‘find’ dialog box. The box will be located in the upper right, upper left or lower left depending on your Browser.

clip_image005

Type in ‘Options’

clip_image009clip_image006

You will find it at the bottom of the page. Click on it to bring up the options:

clip_image011

Open the drop down menu

clip_image013

Change and then save and you’re done.

Thoughts on Privacy, Anonymity and Security

One thing I deal with a great deal in the information/technology  and security field are the very separate concepts of privacy, anonymity and personal security.

Do you think that anonymity and privacy are the same things? Wrong. Do you think that because you are anonymous your information is secure? Wrong There are differences that are important when we want to distinguish what methods you need to protect yourself from attackers and surveillance. Let’s define anonymity,privacy and security. First the definitions:

Anonymity typically refers to the state of an individual’s personal identity, or personally identifiable information; being publicly unknown. Or a condition in which an individual’s true identity is unknown. Read more here

Privacy is usually thought of a person’s right and or ability to control access to his or her personal information. Read more here.

Computer (and ‘information) security primarily means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. Read more here

So anonymity does not equal privacy or security. Let’s see two examples:

In the first example say you are using a proxy server, a VPN service or Tor to surf anonymously (these offer different levels of anonymity). Your true (or should I say ‘originating’) IP address and therefore your identity (computer/network wise) is hidden. Someone who watches the traffic between your computer and the network cannot see your true identity. However, he can see the traffic and therefore gain access to your personal information. In this case your anonymity is safe but your privacy is not. Worse still, your personal data can contain information to identify you so that both your anonymity and privacy are undermined.

In the second example you protect your data using both data encryption and a secure protocol such as SSL. You control who has access to your personal information. The actual packets of digital information are hidden/encrypted and the information therein cannot be accessed. However, if you don’t protect your anonymity an attacker will know who you are. This might help him in password and social engineering attacks or allow a law enforcement agency to force you to reveal your passwords and lose your privacy.

For true online safety, both privacy and anonymity must be secured.

There are literally thousands of more detailed articles available to you by doing a simple search on Google, Bing or Yahoo or whatever on “privacy vs anonymity”. There are guys who’ve written their PhD thesis’ on this subject, so there is obviously loads of information available if you want some greater depth than my simple explanations.

But I just wanted to remind you to do some of the simple things that can mean a great deal.

  • 1st. And foremost get some kind of security software or suite (Symantec, McAfee, Trend Micro, MalewareBytes, Eset, MS Security Essentials etc.) AND KEEP IT UPDATED AUTOMATICALLY!!.
  • 2nd. Keep your Operating System updated.
  • 3rd. Keep your browsers and especially the plug-ins (like Adobe Flash and Acrobat) updated.
  • 4th. Use ‘HTTPS’ on ALL your important communications like email, Twitter, Facebook etc. For Facebook look here. You should also use something like ‘no script’ to ensure https connections.
  • 5th. Clear out your internet cache every time you close your browser. You can set all the common browsers to do this automatically or use one of my favorite tools – CCleaner. There is even a Mac version which I wrote about recently.

It is nearly impossible to be truly anonymous and completely private. BUT you can have some security in both of these with a little diligence and common sense. Read some of my other posts on security for other more detailed information.

Please practice safe and secure computing.

Security news – Gmail spear phishing attack

There are some very splashy news stories going around saying ‘Google was Hacked".. Oh no sky is falling.

Let’s be clear. GOOGLE WAS NOT HACKED!
What happened is that many ‘targeted users’ were ‘Phished’ – the users where ‘conned/tricked’ into giving up their security information and passwords. This is called ‘spear phishing’

Essentially Gmail’s login screen was mimicked, and people were tricked in ‘re-entering their information, and hundreds of Gmail accounts, including those of U.S. Officials were then compromised in this very targeted Phishing attack. You have to read a little bit into these articles to actually find the true nature of the supposed ‘attack’.

To be clear – Hacking is done by a very skilled person on whatever his target is, phishing is done by almost anyone to anyone dumb enough to let themselves be tricked!

Here is one headline

and another

Google’s blog page has more details here

The simple thing to take a way from this is to be ever cautious of where, when and how you enter in any information online – to ANYONE.
AND use strong passwords.

The way this attack was carried out can be seen in this analogy I used with someone.

Suppose you went to the bank ATM, put in your card and entered your PIN. You then carried out your transaction; looking up your balance and making a withdrawal. After you are finished you take your cash, receipt and card and prepare to walk away.

At that moment someone comes around the corner wearing a shirt with the bank name – looking ‘all official’ and asks to look at your card because the bank is ‘tightening up security for it’s special clients.

You hand it to him. He then asks for your PIN; you know just to make sure you are who you say you are. He writes down your name, card and PIN number and hands back your card and says, "thanks, we just have to be extra cautious nowdays…"

In this scenario you just handed that person everything they need to know about how to royally screw you.

This is the same thing that happens with these ‘phishing’ and other types of ‘social engineering’ cons and scams.

People – please use extrodinary caution when dealing with personal information.

Google has an awesome security protocol called ‘Two Step Authentication’ and it is well worth the extra time and effort to set up.

You can learn about Two step authentication in this video:

[Remember about Application Specific passwords if you use Gmail on your Smartphone or desktop (Outlook, Thunderbird etc.)]

LastPass Warns of Potential Breach, Ratchets Up Security

OK FOLKS, TAKE NOTE LAST PASS MAY HAVE BEEN HACKED!!

Read about it here.

I don’t use them, but I know many people who do! CHANGE YOUR MASTER PASSWORD IMMEDIATELY!
It’s important to note that they have no evidence that anyone was actually compromised – YET.

Once you change your master password any breach that may have happened will be rendered moot. Their service is still good, I’m sure – just not good enough for me.

I have used KeePass for years and looks like I will continue to do so now for sure – it is open source and resides on YOUR system(s). It may not be as ‘slick’ and completely web based as LastPass but I trust it more. I guess I will NOT be migrating to that service after all.

As a systems administrator and IT guy, I have no less than 78 items in my main password safe! And I have a few smaller ‘safes’ for some of my clients. So it is necessary for me to have a place to keep them all and of course a flat file or piece of paper wouldn’t work.
I keep a KeePass safe on my machines that I sync and also on a usb drive. I have always believed in owning my information.

Be safe folks.

Backup your Facebook Profile Information

I am going to show you two (2) methods of obtaining your Facebook contact information; Names and email account information. One via a browser extension/add-on and another via using an ‘intermediary’ email account – in this case Yahoo.

As I have written many times I love me my Firefox browser. With the add-ons/extensions and tweaks I use, I am able to make use of my Browser as my most important productivity tool. With Firefox extension/add-ons and Greasmonkey extensions I have been able to do just about everything I’ve ever needed to with a browser.

I do also use Internet Explorer for some of my Microsoft sites where it is needed and Google Chrome – though primarily a portable version and/or on my Linux builds. It is also good to check any site building/scripting in all these browsers for differences in behavior.

One reason I don’t use Chrome that often is that although I love many things Google (Gmail and Google Apps in particular), I don not like the fact that just about EVERYTHING you type into Chrome address bar gets sent back to Google! AND the ‘google updater’ is constantly running in the background.

For this reason I use Chrome portable. You can pick up the latest version here. [For a Standalone Installation – To install a portable app by itself, or manually, just browse to the location of the [AppName]_Portable_x.x.paf.exe file you downloaded. Double-click the file to start the installation. Follow the on-screen prompts and select the location you’d like to install to. Within the directory you select, an [AppName]Portable directory will be created containing the portable app.]

Method 1 – Chrome Extension:


Now for the fun! I just found a Chrome extension that is totally awesome but so far is not available or does not have a like kind for Firefox 4. Get a copy of Chrome and install this extension – It is called the
"Facebook Friend Exporter", get it here. 

This extension allows for exactly what it says. You can install this plugin, log into Facebook, go to your ‘Friends’ page and then export all of your friends profile information that is contained in YOUR Facebook profile page(s).
This extension will allow you to get your friends information that they shared to you:
– Name
– Emails
– Phone numbers
– Screen names
– Websites
– Address
– Birthdays

Two methods of exports
– CSV file (if you have many friends, greater than 500, it will be very slow)
– Gmail Contacts (It will place them into a folder called "Imported from Facebook")

Notes:
– An "Export" button will appear on Facebooks toolbar on the top.
– Click on it and it will open a screen to start processing.
– Depending how many friends you have, this may take a very very long time to complete.
– For example: Exporting 100 friends will take at least 30 minutes!!

Additionally I may upload a copy of my portable Chrome build with all the extension already packed in; but that will have to come later.

Method 2 – Via Yahoo:

Another simple method to get Facebook contact information is to use a Yahoo email account.

· Import Facebook Contacts into Yahoo Mail

  • Step 1

Create a free email account at Yahoo Mail if you don’t have one or a use a new one to keep your contacts separate. Make sure you can send a test email out – to ‘verify’ your account. Log out of the Yahoo Mail account, once created. Close all open browsers.

  • Step 2

Open a new instance of a web browser and enter the URL for Yahoo. Log into your ‘general’ yahoo account. [make sure if you have the ‘redirect remover’ Firefox add-on installed in your browser to disable it temporarily]

  • Step 3

Click the "Facebook" button usually down on the lower left hand side. A login prompt will appear requiring a valid Facebook user ID and password.

  • Step 4

Log into the Facebook account where the contacts reside you wish to get. Open a new ‘Tab’ in your browser and type in Yahoo.com (you should still be signed in there too.) As soon as you logged in through the Yahoo Address page, the Facebook contacts will be available in Yahoo Contacts. Open the Yahoo ‘Contacts’ and choose to ‘get/import’ your contacts. A Facebook icon will be displayed and you will be asked if you are sure you wish to import them. Say yes of course and in a few moments all your Facebook contacts (names and email addresses contained in Facebook address book) will now be in your Yahoo Contacts! That simple!!

Contacts that are in Yahoo can then be exported for use in many other email applications. You can choose to export in a few different ‘.csv’ file formats, a single Outlook file format or a zip file containing all the individual files in an ‘address book card’ files format (.vcf). .VCF files can be imported into many applications – Gmail being one, not just Outlook.

· Export Facebook/Yahoo Contacts as a CSV File

  • Step 1

Click on the "Address Book" tab in Yahoo Mail.

  • Step 2

Select "Address Options."

  • Step 3

Click "Import/Export." The Export dialog box will open.

  • Step 4

Click the button labeled "Export Now" next to the email client the export will be imported into. For example, if the exported CSV file will be imported into Outlook, select "Outlook."

  • Step 5

Type a file name for the CSV file into the input box, when prompted and click the "Save As" button. Save the CSV file. The file is now ready to be imported into the specified email client or utilized as data. Super simple!

Some simple privacy and security tips

Besides my many previous tips on keeping your Browsers(and plug-ins like Flash), Operating Systems, Anti-Virus/Anti-Spyware, and other productivity applications here are some other things you can do to help keep yourself even more secure and less likely to be ‘compromised’. Please read my previous articles on security and follow those tips first. The things here are some ways to ‘clear/delete’ temporary files that may contain sensitive information or possible a trojan/virus that is just ‘waiting’ to launch from a temporary location.

First

Every time I close my internet browser(s) (IE, Firefox, Opera etc.) I run CCleaner. Actually I run a ‘batch file’ that runs CCleaner and clears my network cache settings too. You can, and I recommend you do, simply run CCleaner every time you shut your browser.  If you would like to use/create my batch file simply copy the information between the ‘start’ and ‘end’ into a text file and rename it with a .bat extension. Example copy the file into notepad and save the file with a name of clean.txt. Then rename the file clean.bat.

For XP

Start:

"C:\Program Files\CCleaner\CCleaner.exe" /AUTO
arp -d
nbtstat -R
ipconfig /flushdns
nbtstat -RR
ipconfig /registerdns

Finish

for Window 7

Start:

"C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO

arp -d
nbtstat -R
ipconfig /flushdns
nbtstat -RR
ipconfig /registerdns

Finish

Second

Some third-party programs can temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of the Windows virtual memory architecture, this information can be present in the paging file.

Although clearing the paging file is not a suitable substitute for physical security of a computer, you might want to do this to increase the security of data on a computer while Windows is not running.

   1. Start Registry Editor (Regedt32.exe).
   2. Change the data value of the ClearPageFileAtShutdown value in the following registry key to a value of 1:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
      If the value does not exist, add the following value:
      Value Name: ClearPageFileAtShutdown
      Value Type: REG_DWORD
      Value: 1

This change does not take effect until you restart the computer.

Hope this helps some of you.

Managing Passwords – Using KeePass

In the digital age remembering your usernames and passwords can be very difficult. You need a password for the Windows network logon, your e-mail account, your homepage’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to ALL your e-mail accounts, banking, mortgage, homepage, etc.

Here is a list of what I have to manage.
My corporate accounts: 64, my logmein accounts: 22,Personal Internet sites and services: 38, my internet email accounts(gmail, hotmail, yahoo): 14,personal banking/credit: 9.
That is a total of 147! And there are probably some I can’t remember!
As you can see having to manage these could be a nightmare without some kind of password management system.

To that end I use KeePass.
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). I also use KeePass to store my non-digital passwords such as ‘PINs’ for banking and credit cards. Because the database is digital and can be exported it can be copied to many locations for back up purposes – such as USB drives, CDROMs, place in a save deposit box and/or to an Internet storage solution.

http://keepass.info/features.html

There are versions for Windows, Linux, OSX and portable devices such as Blackberrys, iPhones and Windows Mobile (PPC).

There are also ‘Portable Versions’ that can be installed on a USB drive with your Key database for use on other non-secure machines.

Here is a good video how to:


Here is another pretty good video on how to setup and use KeePass. It is a little ‘slow’ and it is covering the portable version but the instruction is right on.
http://showmedo.com/static/flowplayer/flowplayer-3.1.5.swf