CRYPTO: GDAX – CoinBase security flaw

January 23, 2018

Let’s assume you enabled 2FA on your GDAX/Coinbase account. Currently, you cannot withdraw funds from GDAX to outside address or bank account without two-factor authentication (2FA).

However, you can move the funds from GDAX to Coinbase account and from there you can then send them to outside address without 2FA! I consider this a security flaw and will demonstrate the issue in the example below.

If for example, you have a device (PC/MAC/Mobile, etc.) where you have activated “remember me for 30 days” feature to avoid providing 2FA everytime you log in, this device becomes a target for potential theft. Once someone will get an access to this device and steal your login credentials, they can then move the funds from GDAX to Coinbase and from there move it to an outside address to which you no longer have access. GDAX and Coinbase share the security settings (including login details), so attacker needs just your login details to access both platforms to action it.

Vulnerability above assumes that attacker will gain access to login credentials and to the device with active “remember me for 30 days”, so please make sure you have both secured very well if you happen to have this kind of set up.

@COINBASE: kindly fix it pls!

Tags

How to make public facebook posts private (the quicker way)

January 2, 2018

I randomly came across a problem related to Facebook privacy and public posts. If you have ever posted something on Facebook, you might also know that there are some privacy options available for each post. While you might have your default visibility set up to “friends” only, there still might be some older posts on your timeline with privacy set to “public“.

That essentially means that anyone who googles your profile can see your public posts, such as links, photos, videos, notes etc. Remember those pictures with your awesome hairstyle from the 80’s? Your dance creations on New Year’s Eve? Or maybe those links about political affairs? Whatever is the case, you might feel like you want to hide them all.

Unfortunately, these magic buttons do not exist in the Facebook world. Or at least I have not found one. Facebook gives you only a page with “view as…“, where you can see how general public (such as Google search) will see your profile. To change the privacy of those public posts, you have to do it one by one and you cannot do it directly from this “view as…” page either. What a pain! This could take up to several hours, depending on how many public posts you have.

So, to save you time and headaches, I have found a way to automate it, sort of. Now, before we dig into it, I do not claim it will work for you and I do not provide any support. Reason being is, that there are too many scenarios to cover and my time is limited too. So hopefully, you’re the lucky one:). So let us assume you have:

Solution:
We will use iMacros plugin, the couple of clicks and built-in loop feature. Easy peasy. Job for 3-5 minutes.

  1. Open chrome, login to your FB, click on your name and note your username from your URL
  2. Open new tab and search for: “iMacros for Chrome”, install Chrome and run it
  3. In iMacro window click on “record macro“, then click on “stop“. A new window will occur, where you replace all text with the following:
    VERSION BUILD=1001 RECORDER=CR
    URL GOTO=https://www.facebook.com/YOURUSERNAME?viewas=100000686899395&privacy_source=timeline_gear_menu#_
    WAIT SECONDS=2

    TAG POS=1 TYPE=SPAN ATTR=CLASS:timestampContent
    TAG POS=2 TYPE=I ATTR=CLASS:img<SP>sp_3OxEQobvphM<SP>sx_73cfea&&TXT:
    TAG POS=2 TYPE=SPAN ATTR=TXT:Friends*
  4.  PLEASE:
    1. Replace the bold text “YOURUSERNAME” with your “username” from step 1.
    2. If you have slow internet or too many posts, adjust “wait” parameter to a higher value such as 4, 6 or 8 depending on your needs. This will wait for your posts to load, so the script can then continue properly.
  1. Click on “Save as & close“, name it properly as a bookmark, then go back to your FB page and iMacro window.
  2. Select your macro in the upper part and then in the lower menu click on “play” -> “play macro“. It should open your facebook “view as…” page. Then it does few clicks and finishes on the post page with changed privacy. It is recommended to check your latest public post, to confirm it worked properly.
  3. Now you can try it again, but this time click “play” -> “play loop“. It should do 3 cycles and make your 3 latest posts marked as visible for “friends” only.
    Note: this script is changing the privacy from “public” to “friends“. You could tweak it to change it to another privacy group if you wish. There are infinitive improvements.
  4. If all works, simply change the value of “max” field to 10 or higher and see it working for you ten times. Run it several times under supervision or let it run for 100 repetitions and then come back. That’s it.
  5. HAPPY DAYS 🙂

IMPORTANT NOTE:
The script might not run on all types of posts. Some picture posts do not open in new window (as all other posts) and their privacy must be changed manually (click on the date next to your post -> then the “globe icon” -> select your privacy group). If you find, more scenarios that could be covered, send me an e-mail;).

I hope this saved you some time or you have tried at least something new. If you are into automation, check out iMacros website, they offer much more sophisticated tools for automation nerds. See more at iMacros Store.

Have a good one!

 

Short forecast of computing era in relation to AI

September 15, 2016

AI = artificial intelligence, has been on rapid growth during the millennium age and we are shifting into cognitive era of computing, where computer software can listen, learn and analyse unstructured data. Cognitive thinking is natural to humans but it’s been a great challenge for digital world. These limitations however, are falling apart and the future we envision and sometimes dream about, might be closer than we think. Scary and exciting at the same time.

I was interested in IBM Watson project for few years now and recently came across a question related to AI and new computer era.

Q: what will be the next computing era about? What’s next?

So here’s a thought:

I foresee the Fourth Era of Computing as the time of CREATION. Creation of knowledge, solutions, thinking. Technology itself will serve automated discovering, analysing, creating and delivering new solution to our problems. It will serve helping to reveal the unknown as well as overtake some decision making processes. Quantum physics will play major role in computing and will set us on a new path. Human intelligence, physical enhancements and integration of AI with human body and thinking might become the new field of focus.

In meantime, I believe that future steps of this third (cognitive) era for AI will be:
– expanding learning ability to human’s emotional intelligence (if it’s not there yet)
– creating decision making processes under supervision scheme (hopefully)
– integrating and changing daily lifestyle of our society & well being (AI as personal assistant – already happening).

I hope however, that I will still have some real friends even then :).

Regardless of what will actually become real from the list above, one thing remain the same – “only the strong will survive”.

What are your thoughts of future?

 

iPhone wifi issue solved by hair dryer

May 5, 2015

Ok. So this has happened to me already 4 times and technique below is not guaranteed at any circumstances. However, it worked for me all the time. So what is the issue? iPhone 4s simply stop providing me wifi feature since I updated the iOS to newer version. It has happened with any major iOS update 7.x, 8.x. Wifi was working perfectly fine, then I updated iOS and boom – wifi button grayed out. Soft reset, hard reset, factory restore, nothing helps. Apple support claiming it as a hardware fault.

Ok, let’s take a hair dryer, turn it on and smash earphone of the iphone with the heat until it “melts” or at least shows you it is overheated and it’s turning itself off. Great, we’ve?just melted the wiring and it’s time to put it in freezer for quick cool down. After 5-10 minutes I am taking it out, letting it dry off with cloth. 5 minutes later I turn it back on and VOILA – here comes the wifi feature again until next iOS update.

Hardware fix applied to software issue? Science fiction becomes reality :).

WiFi grayed out (not working, image on left) vs WiFi ON (working, image on right)

wifi grayed out wifi working

Password security

February 4, 2015

I am currently working on revision of my password management. Recently, I’ve been a victim of a scam e-mail from pretending to be from Gumtree and my password was exposed. Rookie mistake in a rush. I immediately took actions, however I realised, I don’t have a clear idea, where else have I used that password and hence those services is under potential threat.

I came up with few ideas, where one of them is to have a spreadsheet containing all services that I am using and require password for. Instead of having passwords listed there, I’ll store only security level of password, telling me which password?should I use. Actual form of password is stored only in my mind. I would have level 1 for banks, level 2?for bills, shopping and other services, and level 3 for non-important sites like forums etcetera.

Credit card maintenance section required – list of services holding credit card details and which.

I will update this post with preview, if anyone would like to do the same…

UPDATE pending…