Related
There have been ways to get around a corporate exchange device administrator for other devices. Anyone know what can be done on the xoom?
Since adding my exchange account, I now have a required lock screen code, and required display time out, and the possibility of a remote wipe.... Probably familiar to some of you.
The standard lock screen was so cool!!!!! Arrrrr
The techniques I've seen before included an app that disables the device admin, or an email.apk with the exchange security removed.
Mine did the same thing. Its a security setting that needs to be in place based on the Exchange server settings. My Droid X needs a lock code as well.
It is actually a good thing for me, due to the fact I keep work info on it. Frustrating but necessary.
Yes, I have the email.apk on my Captivate that bypasses this screen lock. THough it has other deficiencies like width problems in the email and the links in an email don't work. But getting the email and responding works fine. Maybe try out the email.apk for the phone and see how it looks. You can always revert. I think no matter what, you are going to have to get a hacked version to bypass the exchange permissions options that a corporate admin can impose. The guy that hacked the email.apk has a paid program that probably fixes all the bugs in his free app.. and I hear he is very good about refunding within the first 24 hours if the program doesn't work as expected. Might be something to try.
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Bauxite said:
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
100% agreed. I did not know there was a way round this and if there is, I will not be supporting Android devices on our corporate network. I will continue to support it for private use but not corporate.
There is a way around everything. You can't just blame android. As admin you should randomly check devices to ensure the security measures are in place anyways. The users have to sign an agreement and if there a caught breaking the rules then the will suffer the consequences. Don't blame android because you too lazy to enforce your policies. You going blame windows when a user downloads torrents that contains malware?
Sent from my Xoom using XDA Premium App
Bauxite said:
You are the reason the exchange admins at my workplace don't want to support android users.
If you're placing corporate information on your personal computer, you should secure it properly.
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
OK, Thanks!
Except I can add the exchange mail to my laptop and save the password. There is no enforcement of my Windows login, screen saver, or the possibility of my laptop being wiped. I don't think the device admin is a good fit for a tablet, whereas a phone is a little different.
You guys are supposed to back me up here.
What was the name of the email.apk and paid app for the Captivate?
Weird. Im using touchdown and it didnt make me enter a lock password
Pitnefor said:
Weird. Im using touchdown and it didnt make me enter a lock password
Click to expand...
Click to collapse
Depends on the server settings that your admin has setup.
Here is the 'less supported' email client apk.
http://forum.xda-developers.com/showthread.php?t=775007
His paid for program is called Enhanced Email.
https://market.android.com/details?id=com.qs.enhancedemail&feature=search_result
Here is his website with forum stuff.
http://quantumsolutions.us/forum/
As far as IT having issues with this because of android.. my last Windows phone didn't have any type of security to force a password. So I agree its not an Android issue. Plus, some people can use IMAP to get their corporate data which also doesn't impose security passwords. Not saying it is the right thing to do (get email without locking down the phone) or not, just saying it can be done and here is how. You guys are big boys and girls.. make your own decisions.
eaglecomm said:
As far as IT having issues with this because of android.. my last Windows phone didn't have any type of security to force a password. So I agree its not an Android issue.
Click to expand...
Click to collapse
Which Windows phone is that? All WM phones that support EAS (WM5 and later) supports exchange policies. Whether or not a password is required totally depends on your Exchange Server policy. WM phones also support email encryption policy which wasn't supported on iPhone until 3GS and never supported on any Android OS.
Plus, some people can use IMAP to get their corporate data which also doesn't impose security passwords. Not saying it is the right thing to do (get email without locking down the phone) or not, just saying it can be done and here is how. You guys are big boys and girls.. make your own decisions.
Click to expand...
Click to collapse
Any corporate that requires password and other security policies also disables IMAP and POP3 access to their exchange server.
Any incompetent corprate IT that left IMAP enabled probably also doesn't require any password policy either.
foxbat121 said:
Which Windows phone is that?
Click to expand...
Click to collapse
Tilt2
foxbat121 said:
Any corporate that requires password and other security policies also disables IMAP and POP3 access to their exchange server.
Any incompetent corprate IT that left IMAP enabled probably also doesn't require any password policy either.
Click to expand...
Click to collapse
It would seem your second statement here overrides your first. I am not here to debate what they SHOULD be doing. I am stating the current state (or what was the last time I tried IMAP).
Whether they are incompetent or not is not for me to decide. You all seem to have enough opinions of your own for me to worry about changing your minds.
How 'bout we get back on topic?
Security is in place for a reason. Incompetence on the part of your IT dept is one thing, but deliberately trying to circumvent an enforced policy just because you don't really like the look of a lock-screen is another. Should be an interesting meeting with HR when an unsecured device (via security circumvention) is lost with confidential company data.
Just because you can do something doesn't mean you should. So what if your admins weren't bright enough to disable IMAP/POP3 access, if they are enforcing mobile security, respect it.
In my experience, the same people that complain about security are the ones that lose their phones or laptops the most, and also stay silent when proper security measures save their butts from losing their jobs.
eaglecomm said:
Tilt2
Click to expand...
Click to collapse
Tilt2 definitely supports all the Exchange policy, all the way down to SD care encryption policy and domain enrollment policy. The fact is your 2-year old WM phone is actually much more secure at enterprise level than your fancy new Android system. This is one area that Android currently lacks.
I'm not saying the Tilt2 didn't support it... was just making the statement that it didn't have it on it because it wasn't forced. Hell, I didn't even know it was an option until I had to use an iPhone for a few months and it forced the lock screen.
And it had nothing to do with the way it looked. It has to do with everytime I want to use my phone, I had to enter in a code. There was no way to set it (that I could find) that it would only turn on the lock after being off for, say, 10 minutes. Which means if I hit the power button by accident. Locked. No matter what, as soon as the screen went black.. locked.
Anyways, I'm not looking to pick a fight.. just stating things. I figure it's a free world. Once people start enforcing every part of your life, it won't be. I am sure everyone on this forum has passed the speed limit in their car (and probably do a typical basis). Rule broken.. there for your safety.. yada yada yada. Do what you like.. hence why I moved to Android from apple.
eaglecomm said:
And it had nothing to do with the way it looked. It has to do with everytime I want to use my phone, I had to enter in a code. There was no way to set it (that I could find) that it would only turn on the lock after being off for, say, 10 minutes. Which means if I hit the power button by accident. Locked. No matter what, as soon as the screen went black.. locked.
Click to expand...
Click to collapse
That I have to agree. WM5.0 did the right way but starting from WM6.0, it basically locks the phone all the time whenever screen goes dark. Now Android 2.2 and later does the same thing. It seems to be some kind of security precaution.
Anyways, I'm not looking to pick a fight.. just stating things.
Click to expand...
Click to collapse
Not to pick a fight either. Simply correcting your misconception.
I figure it's a free world. Once people start enforcing every part of your life, it won't be. I am sure everyone on this forum has passed the speed limit in their car (and probably do a typical basis). Rule broken.. there for your safety.. yada yada yada. Do what you like.. hence why I moved to Android from apple.
Click to expand...
Click to collapse
No one is forcing anything upon you. You have the choice not to receive company emails. However, if you do elect to receive business emails, companies have the right to enforce whatever security measure it deems necessary. Company emails often contain a lot of sensitive information and even maybe trade secrects. If your phone is accidentally lost and without the proper protection, anyone could take advantage of those information stored on your phone. And if your company found out that the information leak is from you because you circumvented the security policy, you will be in deep trouble
iPhones before 3GS and most Android phones before 2.2 actually cheated a lot of the EAS security policy by falsify policy query reponse. Basically, if your exchange server has a policy to require support of email encryption on device, old iPhones running old iOS and a lot of Android phones running old Android will repond as 'YES, supported' but in reality they don't have such support at all. Apple fixed this after 3GS release (3GS and newer do support email encryption) and Google fixed it in Android 2.2 OS by correctly respond 'No, do not support such policy". A lot of big corporations do enforce email encrytions.
foxbat121 said:
Not to pick a fight either. Simply correcting your misconception.
Click to expand...
Click to collapse
No worries.. no misconception. I just stated my phone didn't have it. Which it didn't (in terms of forced security that was implemented). Likely a corporate decision, but it still didn't have it.. which is what I said.
foxbat121 said:
No one is forcing anything upon you. You have the choice
Click to expand...
Click to collapse
Agreed.. choice.. at least this far in life.. is ours.
I can understand the need for having security measures in place... by why the he77 would those permissions need to include the ability to wipe my device?
I'm rather disappointed to see how many of you are unhelpful in a forum full of people who do this exact same thing in various applications. To answer your question, I use Blue Mail to bypass this silly corporate requirement and I actually like it a lot better than Outlook. Its also free.
I hope this time it's the correct forum.
So long story short.
I've written an app that allows to hijack FaceBook profiles over the WiFi. So when you're connected to WiFi you can "hack" into other users profiles. It doesn't work for profiles using SSL (yes you have that option in FB). So it can be treated as a "bad app". BUT! it is not dangerous for the one using it. I am aware that this is "questionable" application, but is there any other way to tell people - "HEY! use secure connections, it is not safe to use public WIFI!". I'd bet that a lot of you don't use SSL now and after using/reading this app you will turn SSL on.
That could be the #1 reason for deleting my app.
The second one is that I've put a 'demo' app in the market with a limit to sniffing only 3 profiles. But you could buy it through paypal. And today I've found out that this also could lead to app deletion. However i've bought launcherpro through paypal so I don't see why my app was removed in less than 24 hours.
What is your opinion and what can I do to sell my app somehow (i need my 25$ back that I've paid to register in google wrr...). Is there an option I could do put it in market without google deleting it like putting a disclaimer or something? The app itself is safe for the user downloading it.
Edit: If I put a link to this app here will this thread be deleted? If so, is there an option to promote it here?
Per forum rules, link removed
bponury said:
I've written an app that allows to hijack FaceBook profiles over the WiFi
Click to expand...
Click to collapse
There's your answer.
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
+1 on that
if it allows you to hijack fb you can steal other information from the users account so why would they allow it and put themselves into a legal bind for doing so
JamesC_ said:
There's your answer.
Click to expand...
Click to collapse
So if it wasn't for this app you would be safe? No, facebook is ignoring users privacy and this app is nothing more then a good way to show people what could be the cost of not using secure connections. Of course this can be used in a bad way, a lot of apps can. Like sms bombing or phone number spoofing. But they are not removed from the marked do they?
Ethics
And even worse you want to get paid for it.
wdl1908 said:
Ethics
And even worse you want to get paid for it.
Click to expand...
Click to collapse
Yes, I know what ethic is however we're not living in a perfect world and just believing that everyone is good and ethical so I can just leave my door open when leaving the house is not going to protect me against the reality. I believe in http://en.wikipedia.org/wiki/Full_disclosure and this case is even better because FaceBook is aware of the problem and just ignore it. A few people are aware that there's an option to use SSL on facebook. In my opinion FB should just get it done right and force users to use it. It's not a problem these days right? And what is wrong in getting paid for my work. I've spent some time developing it. Security by obscurity is not working, really. Take my app for example it would take max 1h to crack it. It's not security it's just being to lazy to secure it. And hoping that no one would care to crack it.
sms bombing is not hacking someones account! you are just spamming someone with messages.
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
traumatism said:
sms bombing is not hacking someones account! you are just spamming someone with messages.
Click to expand...
Click to collapse
People are killed for spamming in russia (http://www.theregister.co.uk/2005/07/26/russian_spammer_killed/)
And what about spoofing caller id? AFAIK that things are valid in court cases in Poland.
traumatism said:
even if it is down to fb to let people know about security, the market owners can be sued for allowing such an app on the market. there are better ways of showing a person how unsecure a connection is without punishing them in such a way.
the secure connection is useful for public connections but some people may not want or need to use it at home so they have the ability to switch it on or off. apparently there are issues with some games on fb that are linked in with the use of the secure connection.
Click to expand...
Click to collapse
I don't know how to tell people - secure yourself any other way. I know i'm devils (myself) advocate right now, but really do you think that forgetting about insecurity is a good way? I don't force anyone to use it in a bad way. But after I showed how it works in my house all my room-mates turned SSL on instantly. And they were not mad about it, shocked a bit but now they are safer now. Sure you can just tell people - hey turn ssl on and 90% of them will ignore you. But when you show them - look! i can see your messages that easily if you don't do it. Then they would listen.
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
MarkusPO said:
haha! So, if someone got a gun and went around shooting people in cars to proove that they should actually have bullet proof windows and burst-proof tyres, that it's all ok, and not in any way shape or form, illegal?
ha. ha.
infact op ip should be reported to facebook
Click to expand...
Click to collapse
So if you have a car that can be opened by someone who has a screwdriver wouldn't you want car manufacturer to secure your car. Buying a bulletproof car isn't exactly the same as pushing a button in a web browser isn't it? And you're comparing killing a man to posting "I'm a jackass on someones FB wall". But still, you can buy a gun right? Also pretending that there's no problem isn't fixing a problem.
And hey, this app isn't new you know, if it wasn't for this thread maybe you wouldn't know that people use this apps on PC's maybe one day you would find that all your mail is gone (yes, this app could be modified to work with other sites like this forum). And ask yourself wouldn't you be pissed if you've found out that anyone using your network could get into your bank account? Well I would. But most (all?) banks use SSL by default. Google does. Why FB doesn't?
hazard99 said:
By nature I wouldn't go near this app. If its collecting other peoples info I could be collecting my own. Thats how I see it logically ... people always get screwed when they are doing something they shouldn't be doing.
There is a place for all apps in this world be they good or bad. You could always host a site and put it on there. I wouldn't go near it cause once again I'd be afraid of whats laced on that site.
I was just providing another point of view to the convo.
Click to expand...
Click to collapse
Yes, in fact it needs root to modify iptables and send raw arp messages and I know people get scared when an app needs root. If someone is interested I could write here how it's done and anyone could write it. It's actually nothing magical.
I wrote this app as a project for my mobile programming class. In the first version it also sniffed for Gadu-Gadu messages (it's a polish messenger). But I sure hope that when and if this app let's loose than FB will react and enable ssl by default. Maybe other websites will use it too. It's just that easy to protect your users, I don't understand why they don't do it?
most people who do not want their details stolen, do not use public access internet. does FB take money transactions over their site?
google does and the banks do so they will have a secure section. fb may do this using paypal or google checkout or otherwise so may not need the ssl that the banks need. sure it still renders people vulnerable to attack and theft of other information but even so that information is very limited dependant on the user of the account.
traumatism said:
most people who do not want their details stolen, do not use public access internet.
Click to expand...
Click to collapse
Yes, so other people want their details stolen? You are aware of the problem 'cause your "into computers" but out of 500 milion fb users how many of them ever heard of SSL? How many know that they are unsafe?
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
traumatism said:
well with the amount of messages being spread on fb already about this i think more people will know, but to let people know only by stealing their details is pathetic. sure you may have made this app for a project but why give other people the power to do this. all you are doing is providing more uses for those who like to make other peoples lives a misery. the best thing that could be done with this is to let the website provider know how unsecure their system is. especially if you are aware of the issue and are bothered by it. i know i'd do the same. if that didnt work, sure i'd tell people about it but i wouldnt sell an app on to others so they can make use of it. not even for free.
Click to expand...
Click to collapse
Sure I could write an e-mail to facebook, but this issue is known for years! http://en.wikipedia.org/wiki/Session_hijacking I am sure FaceBook is aware of it. In fact they've enabled SSL only a month ago (maybe two months) but why it isn't enabled by default?
who knows. perhaps issues with other applications on the website, or applications made to access facebook. they may have left it so they can cater for other applications for and on the site. only they can answer that question.
anyway, he just showed the spirit of a developer and created something new
he never told anyone "hey go hack facebook profiles" or "sniff those profiles, its fun"
he just showed the possibilites of android development and did nothing wrong in my opinion
it's not his fault if facebook is unable to close a security leak known for a long time
yeah dont get me wrong blezz i understand that completely. but the argument was as to why they would remove it. legality reasons would be tne main issue. to cover their own backs as they can in fact face legal action for allowing the app to become available in their market.
I don't see anything wrong with the app.
It shows the flaws of facebook, and the fact that no one in facebook cares enough to do anything about it. But then I understand whygoogle would remove it... If facebook decided to sue for this google would be sued not YOU.
so it would be best if you released it HERE on xda rather than the market
So my school just recently said we can use tablets and laptops in class and around the school. They are willing to allow us to connect to the school's WiFi, but we have to give the dean the MAC address for our device.
I'd like to be able to keep some privacy, even though they say we have to waive our right to privacy if we decide to use electronics. I guess I'm looking for a few apps that can help me achieve this. Maybe a browser with an incognito feature like Chrome, or something that can cover what I'm doing online.
I also wanna know if there would be any way for me to access thinks like Facebook, Twitter, Youtube, Google Music, etc. through their respective app if the website is blocked.
If push comes to shove, I guess I could just tether with my GNex, but that would require an extended battery, which I would like to not have to buy.
Have you tried using the incognito tab option on the stock honeycomb browser?
Unless you are using some sort of vpn connection or encryption you have no privacy. I'd suggest remoting into your home desktop using splashtop or teamviewer and doing all your browsing on your desktop if you are worried about privacy that much.
They can see everything you do since it's a shared connection and they have access to the gateway and internet logs.
They are probably running a transparent proxy with logging (I would be if I were the sysadmin), so the incognito tab won't help.
But
Konfuddle said:
Have you tried using the incognito tab option on the stock honeycomb browser?
Click to expand...
Click to collapse
That does not do anything with the connection. It just dont cache anything in your browser. So that noone borrowing your computer can see that you have been watching porn.
But to OP: Get a vpn connection. Only way to get privacy on a wifi system.
SwiftLegend said:
So my school just recently said we can use tablets and laptops in class and around the school. They are willing to allow us to connect to the school's WiFi, but we have to give the dean the MAC address for our device.
I'd like to be able to keep some privacy, even though they say we have to waive our right to privacy if we decide to use electronics. I guess I'm looking for a few apps that can help me achieve this. Maybe a browser with an incognito feature like Chrome, or something that can cover what I'm doing online.
I also wanna know if there would be any way for me to access thinks like Facebook, Twitter, Youtube, Google Music, etc. through their respective app if the website is blocked.
If push comes to shove, I guess I could just tether with my GNex, but that would require an extended battery, which I would like to not have to buy.
Click to expand...
Click to collapse
whoa whoa whoa man... "incognito" has nothing to do with what you transmit online. it only prevents them from seeing what you have already done if they took your device
what you need is a secure VPN like goldenfrog.com, or use a secure proxy server. anything that puts a layer of encryption between you and the server will block out any man in the middle
noobs these days... incognito has NOTHIGN TO DO WITH WHAT YOU TRANSMIT DAMMIT
if you want, use opera and turn on the "turbo" feature. that will create a link to the opera servers and deliver compressed content. meanwhile, it will make it impossible for the school to decrypt anything it intercepts.
chatch15117 said:
if you want, use opera and turn on the "turbo" feature. that will create a link to the opera servers and deliver compressed content. meanwhile, it will make it impossible for the school to decrypt anything it intercepts.
Click to expand...
Click to collapse
Nope, opera turbo is a plaintext connection so still can be viewed, the only option is https for everything or vpn/ssh tunnels
Ok thanks for all the replies. I guess the easiest thing would be to tether with my phone. (Hopefully Verizon doesn't freak )
I guess I can try setting up a VPN (no idea how). I think my friend tried to, since he owns a bunch of servers, but the school blocks almost every port.
Could using a vpn connection be considered
using Proxies, Caching Servers or any others means to circumvent restrictions placed on
the school’s IT network and internet access
Click to expand...
Click to collapse
DroidSheep anyone hahaha
unless websites like Facebook and such are blocked haha
Is there a way to spoof the MAC?
Scribed in blood using XDA Premium
Dan_Brutal said:
Is there a way to spoof the MAC?
Scribed in blood using XDA Premium
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1385577
Dan_Brutal said:
Is there a way to spoof the MAC?
Scribed in blood using XDA Premium
Click to expand...
Click to collapse
Yes but I would bet the reason why they want the MAC address is for WIFI access. You could spoof someone else's MAC but school's aren't known for having hard facts before disciplining students. If they think it is you, you will get in trouble.
I would recommend using TOR if you want to protect your privacy. Download Orbot from the market.
Cheers!
-M
Xda member since 2007
Considering the schools budgets these days, you probably have nothing to fear as far as privacy goes.
Sure they are logging your wifi usage, but no one is monitoring it! All the logging allows them to do, is to look at where you went and when AFTER they have a reason to start looking.
Unless they hired someone specifically to start monitoring students, no one is ever going to look at your logs.
Sure they could put in alerts to let them know when any user goes to site xyz, but odds are they simply have blocked it.
One of the main reasons they are logging things is if say perhaps a teachers online grades were 'hacked', and the IP was traced back to their own servers, they'd have a way to identify which user was using that connection.
Many ISPs already log your internet access as well, but it's at such a low level that no one looks at it (though there are privacy laws to prevent them from looking directly in those cases).
Bottom line.. is if you're not doing anything illegal (torrenting, sending nude pics of yourself, harassing other students via text/email) then you have nothing to worry about, and odds are you won't even be noticed.
DroidGnome said:
Bottom line.. is if you're not doing anything illegal (torrenting, sending nude pics of yourself, harassing other students via text/email) then you have nothing to worry about, and odds are you won't even be noticed.
Click to expand...
Click to collapse
I partially agree. If you use the schools network for normal stuff you shouldn't have anything to hide.
But Co-students are a great security risk. Both willingly and unwillingly. In these days with loads of malware floating around jumping from computer to computer via security flaws in networked devices. Students may also try to hack your device just for fun.
If you have sensitive data you really should encrypt your traffic in one way or another when connected to a network with unmanaged and unknown devices.
DroidGnome said:
Considering the schools budgets these days, you probably have nothing to fear as far as privacy goes.
Sure they are logging your wifi usage, but no one is monitoring it! All the logging allows them to do, is to look at where you went and when AFTER they have a reason to start looking.
Unless they hired someone specifically to start monitoring students, no one is ever going to look at your logs.
Sure they could put in alerts to let them know when any user goes to site xyz, but odds are they simply have blocked it.
One of the main reasons they are logging things is if say perhaps a teachers online grades were 'hacked', and the IP was traced back to their own servers, they'd have a way to identify which user was using that connection.
Many ISPs already log your internet access as well, but it's at such a low level that no one looks at it (though there are privacy laws to prevent them from looking directly in those cases).
Bottom line.. is if you're not doing anything illegal (torrenting, sending nude pics of yourself, harassing other students via text/email) then you have nothing to worry about, and odds are you won't even be noticed.
Click to expand...
Click to collapse
Bored teachers/faculty get up to practically anything and snooping on students is apparently a great sport. Everywhere that has a computer lab has someone doing IT and just think about that for a minute...someone doing IT at a high school, the personality of that person. You don't have to be doing anything illegal to get into trouble with your school. A casual google will reveal all the lawsuits students have brought against schools for violating their privacy. Do yourself a favour and use Orbot.
Cheers!
-M
Xda member since 2007
dragon_76 said:
Bored teachers/faculty get up to practically anything and snooping on students is apparently a great sport. Everywhere that has a computer lab has someone doing IT and just think about that for a minute...someone doing IT at a high school, the personality of that person. You don't have to be doing anything illegal to get into trouble with your school. A casual google will reveal all the lawsuits students have brought against schools for violating their privacy. Do yourself a favour and use Orbot.
Cheers!
-M
Xda member since 2007
Click to expand...
Click to collapse
it is great fun, but also remember that code of conduct that you and your parents sign at the start of the year states that we do have the right to make sure you are using the internet provided by the school for school purposes only
Can't you use 3G connection from your phone instead of the school WiFi?
As far as getting on facebook if it's blocked....
If you type httpS://facebook.com it will usually let you in. They have blocked several websites at my office, but I can still get into them using this trick. Sometimes, you will have to add the "S" after navigating through the websites, but still will let you get in. So, just use your web browser (not the facebook app), and type s. I believe most people don't block secure websites.
SwiftLegend said:
So my school just recently said we can use tablets and laptops in class and around the school. They are willing to allow us to connect to the school's WiFi, but we have to give the dean the MAC address for our device.
I'd like to be able to keep some privacy, even though they say we have to waive our right to privacy if we decide to use electronics. I guess I'm looking for a few apps that can help me achieve this. Maybe a browser with an incognito feature like Chrome, or something that can cover what I'm doing online.
I also wanna know if there would be any way for me to access thinks like Facebook, Twitter, Youtube, Google Music, etc. through their respective app if the website is blocked.
If push comes to shove, I guess I could just tether with my GNex, but that would require an extended battery, which I would like to not have to buy.
Click to expand...
Click to collapse
lilstevie said:
it is great fun, but also remember that code of conduct that you and your parents sign at the start of the year states that we do have the right to make sure you are using the internet provided by the school for school purposes only
Click to expand...
Click to collapse
The internet provided to the schools by tax payers and/or tuition you mean. You have a wretched problem that is rampant in American schools: you think you own the school's resources. They are owned by the community.
Cheers!
-M
Xda member since 2007
So the administration announced today the final policy and they won't be allowing WiFi access until next September because they want to expand the network. I'll probably just be tethering for the mean time.
Oh yeah, there's only 2 IT guys in my school (lol). One stays in a glass room in the back of the computer lab, and the other comes to classrooms to install projectors and crap.
Hey all and thanks in advance for any help you can provide as I have been racking my brain trying to figure this one out, but keep falling flat. A few days ago I received a Google Assistant notification on my Nexus 5X running the current stock Android (no rooting or modification on this device in any way). It was bringing to my attention an "important" email about one of my credit cards. I was immediately suspicious as this was the first time I had ever gotten a notification of this kind from Google Assistant. Usually it is sports score updates, bill reminders, breaking news, etc... But it did appear to be a legitimate Google Assistant notification so I did click it (I later confirmed this as I checked my notification history and it did show up as a Google App notification). It then opened Google Assistant, but then immediately opened either Chrome itself or a Chrome custom tab. The address that it opened appeared to be the legitimate Gmail domain, and unless it was using non Latin characters then I have no reason to believe otherwise. Not only that but it was showing an already opened email claiming to be from one of my credit card companies stating that there were important changes to their policies and/or my account.
It was at this point that I knew something was amiss. Images were being blocked in the email and just the whole process seemed "off". I opened Inbox/Gmail on my desktop and sure enough there was no such email there, it was at this point that I knew beyond doubt it was a scam. I was very careful not to click anything in the email but I could see that the "To:" label was to my legitimate email address and the "From:" address was typical of a phishing/scam email (eg. the name of the credit card company but with some kind of modifier attached). I wish I would have taken a screenshot of it, but it all caught me off guard. If it happens again believe me I will.
What made this all even weirder was when I tried to access this link on my desktop as I wanted to try and run some tests on the link that it was trying to get me to click on. I went on my Chrome history to track the link down but it was not there. So I checked my Chrome history on my phone and sure enough it showed up there, but not on my desktop. It was the only link not showing up on my desktop's Chrome history, all other links were there and I could see the same two links that were before and after the link in my phone's Chrome history but not that one. I have since factory reset my phone to be on the safe side and sure enough on my new install that link is also not showing up there either.
Now I am fairly well versed in tech, am very disciplined in "think before you click", and pride myself in being able to spot a scam - but I am also no expert and this is where I am needing some help in figuring out what exactly happened. I need to figure out if my device was compromised or if there is any way a malicious actor could have triggered my Google Assistant to open up a link like it did.
There is more to this story though which makes it a bit more complicated. Towards the beginning of the year I had a credit card that got compromised, this credit card was from the same company that the scam email was claiming to be from. Luckily I have alerts turned on and I was able to spot it almost immediately and reported it. The card was cancelled and I received a new one. I had my suspicions about how it was compromised but nothing for sure (I have never had a security problem like this, and I had recently used a website that I had never used before to purchase something - not damning itself but definitely suspicious). A couple months later and it happened again. At this point I was about 95% sure which website had compromised it. I believe the website itself was not malicious but that it's database had been breached, meaning the card only became compromised if it was "stored" in my account as a payment option. Also of note was that I have two cards with this particular company and only the one card I used on this website was compromised, not both cards nor the account itself (no other cards, companies, or payment options either). Further confirmation of my suspicions are that since I narrowed which website I thought that it was and it has not happened again.
My whole reason brining all of that up is that without it, to me anyways it would seem like my device is compromised. But with that story, and the fact that scam email was obviously phishing for my login credentials to that company makes it seem like someone somehow figured out a way to trigger my Google Assistant. Not only that, but triggered it to open up someone else's Gmail in a Chrome tab with an email already opened. Is that even possible? Do third party apps or services have this kind of access to Google Assistant? If not, it would seem to indicate for certain that my device is/was compromised, yeah?
As I already stated, I have since factory reset my phone, and every website and service I use has strong passwords and 2FA with alerts turned on if possible. But without knowing exactly how this attack was possible I still feel vulnerable. I have seen many phishing attacks in my day but this one seemed personalized, not mass targeted like the other which also makes me worry (again, even more so since I am not certain how this one happened). Plus I am worried that if it was my device that was compromised then a factory reset may not be enough. Many, many thanks for anyone who has a more intimate knowledge of Google's developer ecosystem that can help.
[EDIT} I will continue to add some things here that I think may be relevant to diagnosing this issue.
I was not doing anything at the time that this notification was sent. I was not even on my phone - I use Pushbullet to get notifications on my desktop and it was there that I first noticed it. And honestly, I do not even use my phone that much as I am near my desktop almost all the time. The rare times that I do use it, it is for listening to music or podcasts, almost no web browsing at all and very little app usage.
I was at home at the time of the notification, meaning no public or untrusted Wi-Fi. Nor at risk of any bluetooth type attack either.
I do use a VPN at all times.
Alliance shield app bricked my phone...the owner (RRiVEN) banned me for asking about the permissions his app uses and he got butthurt and banned my account and ip address knowing it would soft brick my phone if i factory reset it with all the apps I disabled and now I can't remove the spyware/malware infected app or recover my device back to factory settings...him and his app destroyed my brand new 1200 dollar s21 ultra
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Maxxx17 said:
Wow. I used this app and I didn't get my phone blocked. Maybe the problem is something else? Re-record everything on your phone.
Click to expand...
Click to collapse
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Also this app proxys all your data and activity thru his server....the required sign up and login for the app to work is the first dead giveaway and a huge red flag
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
HELLFISH420 said:
You didnt get you phone hacked using this trash app because you didnt question the owner of the app about the shady invasive malicious permissions it uses ...smh
Click to expand...
Click to collapse
You may be right. Be careful next time.
yeah the owner is in trouble and he dont even know it....he even tried to push a zip file to my phone (script)
HELLFISH420 said:
Lol...the owner of this app doesnt even use ssl for his server or app...its all tsl...unencrypted...lol...poor fella has no clue whos monitoring and accessing his server and network now...smh...this app wont be around much longer...i promise ...lol
Click to expand...
Click to collapse
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
oh yeah one last thing [email protected]
RRiVEN said:
I can't believe I missed this thread. Such gold in here.
Since you brought it up, you were banned after you made false claims about the Shield. We offered you MANY chances to prove your claims and you never did, just more talk and more claims and never any proof. Which I expect you will do here, can't wait I have my popcorn ready.
My favorite part is where you think SSL is encrypted and TLS isn't. Protip: SSL is insecure and shouldn't be used, ever. But don't take my word for it. Take Cloudflare's, one of the experts on this - https://www.cloudflare.com/learning/ssl/what-is-ssl/
As far as the shield not being around much longer, well that is also wrong, still going strong - never got an email or call from my Samsung rep like you said I would. You sure you were talking to Samsung and they said they were shutting us down?
The dots in Gmail, nothing to do with my script (Android doesn't run scripts, it runs Java FYI) Dots in Gmail don't do anything, once again don't take my word for it take Google's, you know, the owner of Gmail - https://support.google.com/mail/answer/7436150?hl=en
We block dots in Gmail because it gives spammers/scammers unlimited email addresses. [email protected] gets blocked register again with [email protected] same email inbox. That one gets banned, repeat with another .
The claim of a zip file being pushed to a device is flat out false. You made that claim and never produced the zip file, or evidence it came from the Shield.
A quick check will prove the Shield couldn't do it. We don't ask for or want the Storage permissions. Without them we can't access, add, delete, or create any file outside our apps protected folder. Unless you are suggesting we are using a zero day Android exploit to push a zip file to your device (zip files don't execute so why would we do that in the first place?)
The claim that we proxy all of your traffic through my servers is easily debunked. If that were the case you would see every site using HTTPS throw a certificate error, (most apps won't work either) it is why you use HTTPS so you know if your connection is being hijacked.
We are also confused what shady malicious permissions you are talking about. Android defines the permissions and you either request to use them or not. Once requested the user must grant ones that can cause harm to your device, like storage (once again we don't ask for, we don't want it).
If you have made it this far I will tell you our theory why Hellfish is so bent on spreading lies. He/she used the Shield to disable some critical system apps and bricked their device. Mad, which we would also be, they reached out to us where we informed them sorry nothing we can do now, it is bricked. They also disabled safe mode and factory reset. Once again we have warnings stating be careful what you disable and to understand what you are doing.
Enraged they started spreading lies and when called out they doubled down, and tripled down until we banned them. We have our limits.
The best part, and we saved the login logs, is not even a day later Hellfish was logging in to the app on a S21 ultra. Guess you found a way to get it working. When confronted more lies were spread and that account was banned. (We kept finding your alt accounts because you kept having the name Hellfish in them. We figured after the first alt was banned you would figure it out, but you made it too easy to find you. I gave up looking for you after the fourth alt account was banned, if you want to use the app and keep bricking your phone go for it)
If you haven't noticed we don't bow to pressure or are PC. You mess up and blame us we call you on it, you either own up to your mistake or get banned. If that means I have social problem then ok, fine by me, I sleep just fine at night.
Including screenshot of the Shield having no permissions, most games have more permissions than we do.
Click to expand...
Click to collapse
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
HELLFISH420 said:
lmao...80-90% of what you said is straight up lies...you did all sorts of messed up stuff...hell you even hacked my discord and changed my password...then when my team bypassed your malicious app login you sent me emails threatening me and saying i broke laws and all sorts of dumb sh** ...you know what your doing is wrong....alot of other people see and know what your doing...you log passwords...your app has multiple permissions...exodus and other online checkers
Click to expand...
Click to collapse
All I see is more accusations and ZERO proof. Typical Hellfish.
Where is the poof I log passwords? I will happily give you any version of the Shield going back 2 years. Decompile it and show me the password grabber, or exodus, or anything else. You can't so I won't be holding my breath.
It has multiple permissions yes, but most are so the Knox features work. You know what permissions I don't request? Storage.
HELLFISH420 said:
riven you wouldnt by any chance be running a bitcoin mining scam would ya? ...lol....you run scripts and exe. files thru chrome remotely...i seen it with my own eyes...stop denying it...you know all bs aside i was actually nice and trying to help but you got butthurt when i showed the true app permissions to the whole world to see...as far as whats already been done is done...mark my words ...your app WILL NOT BE AROUND FOREVER
Click to expand...
Click to collapse
Once again more accusations and yet zero proof. Same offer still stands, show me the malicious permissions, what ever that means.
Since we banned you for lies it has been half a year. My app is still here. Still waiting for it to be taken down. My guess is another 6 months will pass and we will still be here.
You were nice and we were nice untill we asked for proof about your wild claims, then it changed. Suddenly we were the bad guys. Extraordinary claims require extraordinary evidence.
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
We are happy for you, really are, no sarcasm, but once again you don't understand why we have the login.
All it takes is reading our website feature list to see why, but hey you compare apples to carrots.
Also you better hope Samsung doesn't find out you are using Knox to disable system apps or your key will be revoked.
If it uses Samsung Knox, then it needs an internet connection, so excuse me If I don't believe you 100%
HELLFISH420 said:
oh yeah one last thing [email protected]
one last thing fool...stop putting ip grabber links in the comments...your just asking for trouble ...lmao
Click to expand...
Click to collapse
What are you even talking about? I really think you need to get help, your infatuation of us is weird and how you think everything we do is hacking you.
Trust me, if I had a zero day (which I don't) I wouldn't use it to hack random people via my legit app we worked 5 years on and almost half a million downloads. I would sell it for $100,000 and then find the next one.
But hey, you think whatever you want.
Edit:
After reading my comment again do you think the Cloudflare or Google link is an ipgrabber? I take it you never heard of Cloudflare or Google, interesting.
Cloudflare has a market cap of 65 Billion and Google 1.99 Trillion, very huge respected tech companies.
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Suprnova84 said:
Hi Rriven, I just heard about your app and was surprised that it involved using Samsung Knox. That sparked my curiousity, so I did an some analyzing and I have a curious question. Does your connection with the US Military/Army help you create this app. I did see that the DoD (Department of Defense) has approved and worked with Samsung, Knox specifically in creating a phone for the Military. And according to your LinkedIn profile, it shows that you have DoD clearance.
Click to expand...
Click to collapse
Any legit company can apply to use Samsung Knox, which I did.
My connection with the Military has nothing to do with the app. The Shieldx was created in my spare time using my company (RRiVEN LLC) that I set up as a College project before I joined the Military.
Knox is a very powerful system that the Shield only scratches the surface of what it can do. I am not surprised that the Military uses it.
This hellfish character is a troll. Shield is a great app and works well. Only I don't stick with it because there is still no way to add large hosts from online sources easily. Once that happens, I'm switching. Until then, adhell3 is the best solution.
Wow that war was awesome to read. Go Alliance Shield X whoo whoo !!! lol
this issue has been resolved....mods please delete this entire post
I'm not related to hellfish or whatever, just saw a recommendation in the internet - app to control running services on Samsung devices, well that was quite an experience.
This is just ridiculous software, probably author is a follower of well known Terry Davis (god bless his soul) with his well known TempleOS. IT IS JUST FREAKING RIDICULOUS! never ever install that crap and stay away... just a complete nonsense beyond imagination, you may get a taste of it just browsing through official website, which was already very much suspicions, but I registered and installed anyways... mother of god...
also author's weak excuses about dot in emails? WHAT ON EARTH???? have you ever seen a single rnd generator... do you have a slightest idea how email works, any understanding of modern spam\antispam techniques? zero, zilch... my god... sheeez....
HELLFISH420 said:
this issue has been resolved....mods please delete this entire post
Click to expand...
Click to collapse
How did you resolved the issue? pls update me about the solution so we can also try..
HELLFISH420 said:
you couldnt pay me to use your malicious app .....lol...since my run with you ive already compiled and built my own disabler app ...and guess what..it requires no internet connection...no logins ...no permissions of any kind..has no trackers or anayltics ...and its 100% free..unlike your bitcoin mining app/alliance shield app...lmao.
Click to expand...
Click to collapse
also how can I get this software of yours? Have you uploaded this in the forum or playstore or somewhere else? Please update me...