We are working on a biometric data capture exercise for one of our clients. In the first phase, we used loosely coupled devices, this time, we intend to use integrated kits. The kits are still coupled, but they are packaged as whole units.
I run a number of websites, and I mostly used WordPress. It is fast and very easy to use and there are a ton of plugins available to enhance your site. One plugin I always install (and believe should be a part of WordPress core) is Better WP Security.
Several times, I have benefited from using the plugin. Today, once more, I received a benefit of using this plugin. There is a massive attack on wordpress sites now and every webmaster using this blogging tools needs to step up their games, especially in the concerns of security.
I suddenly noticed a spike in my unread email count – from 4 to 85 within a minute and I realised that one of my sites was under attack again.
I checked my email and I saw this:
These are the alert emails sent by Better WP Security when it fends off an attack. Lagos Scholarship board website was under attack. This wasnt a DOS (Denial of Service), this was a scripted attack from a single computer. Probably a script kiddie using automated tools. An example of one of the emails is shown below:
The script attempts to use several SQL injection variants to gain access to the site. Lucky for me, Better WP Security was on hand to fend them off. The first time I noticed attacks of this nature, I could 76 different trials, now the number has risen to over 180. Maybe one day, one of them will succeed. Maybe not. Hopefully, not! But we wait and see.
Whenever, I notice these emails, I open up the site immediately and keep checking to know if any attack is successful. I go through my file permissions, and my core files. I check for changes. Still, I am safe, for now.
A couple of days back, I saw an article about theNetNG, google it here.
Yesterday, our primary domain www.thenetng.com was compromised by internet hackers, who criminally gained access to our servers and illegally took possession of our identity.
We are convinced this is a calculated attack by detractors to unsettle and distract us, knowing our third anniversary (April 26) is just around the corner, as well as the inaugural Nigerian Entertainment Conference holding next Friday
This incident occurred in the early morning of Thursday April 18, and the hijackers immediately followed up with an email, announcing their operation and demanding $1,200 ransom to reclaim our property. They have since sent other emails, and made fresh requests, which we are reviewing with our lawyers, registrars and IT team.
It is the first time since we registered the domain in 2009, that such security breach would occur. And even though we considered our readers, advertisers and partners, our management took a firm decision not to engage with the criminals.
After careful considerations, we decided yesterday, that we will not be negotiating with the hijackers, that we will not bow to these cheap internet terrorists. And we will definitely not be paying the requested ransom money ($900 as at their last email).
As a web developer (and hacker of some sorts), this information presented a scenario that a typical Nigerian would describe as having a “k-leg”. I decided to review and see if I could figure out what happened.
First, a hacker can not just take over your domain. Hosting files, yes, domain no. I am not saying it isnt possible, but it isnt common. The only way you can lose your domain in this kind of attack (if that is your lingo of preference) is if you do not renew it. I checked the whois information and the domain history.
The domain was registered in September 14, 2009, which means it expires (should be renewed) September 14 every year. The article made a reference to April 2013. The last update date was May 3 2013. That is a six month difference between the supposed last expiration date and the “hijack” date. Domains usually ave a 90 days period between their expiration and availability to the general populace. Source: http://whois.ws/whois/thenetng.com
The domain history shows the previous and current registrars of the domain. http://whois.ws/domain-history/thenetng.com. It was previously managed by AntiGravity. My suspicion is that there was a fallout between theNetNG and AntiGravity, leading to the non-renewal of the domain. The domain was promptly hijacked.
A fallout (likely), a loss of the domain by AntiGravity? (I don’t think so). Checking the screenshot history of the site using the Wayback Machine showed that after 2009, AntiGravity was no longer the designer/developer of the website. It had been transferred to Unstoppables International.
My experience with the Race Lite. I bought the phone a couple of days ago and I am regretting the purchase. Maybe, it is as a result of me having used several android phones before now, or I had high expectations, I am not sure. I bought the phone on price and I am paying the price. It is a decent with decent specs, very much a mid range phone. I did not expect Galaxy S3 range performance but I did expect something to match my HTC Desire HD (a single core phone from 2010).
I unboxed the phone and my wife fell in love with it, but unfortunately, it isnt for her. Extra flip covers and a casing. Protecting the back of the phone but leaving the front vulnerable. I would have expected a single flip cover as opposed to 3 back covers. Here, high expectations.
I proceeded to install the common apps I use, some came preinstalled, e.g Facebook, Whatsapp. I proceeded to add Airdroid, Instagram, Twidere, Bible, ExExplorer, MxPlayer, SwiftKey. Some installed, some didnt. Important ones on the phone, I was okay. Next step was to search for root information. I need AdAway. It is essential for me. No root information available, only thread available was the Nairaland thread on Race Bolt X450. Searched on the main InfinixMobility site, nothing. Nothing on XDA, its not a large name brand. Went on Facebook, still nothing.
I resorted to using the phone as is. I wanted to live a week without root so I could blog my experience. Following day, I encountered the usual experience of android phone users – updates. I connected to WiFi and proceeded to update, all failed. The phone had run out of space. I checked the internal memory, 128MB. Really? I understand the need to reduce costs by using smaller components, but I expected the developers to trick the OS into using the sdcard as part of its internal storage. If I had root, I could have symlinked a folder on sdcard to the internal storage, but no root.
Opening the app drawer and the icons seemed to forget where their positions were. I had to slide the drawer to get them to rearrange themselves. I would have loved to install another drawer app but I have run out of space. I tried to move applications to sdcard, but that frustrated me even further. Most apps don’t want to run from the sdcard, case in point – Facebook, Airdroid, SwiftKey, WhatsApp etc.
My preferred keyboard is SwiftKey, but every time I restarted the phone, it decided that I wished to use the default android keyboard. A workaround involved avoiding restarting the phone. Another issue, when the battery fell to 15%, I plugged it in and it remained there. Remained there. It didn’t go above 15%, despite being in power for over an hour. I unplugged, restarted and it came up with the actual battery amount – 79%.
I am a clumsy user. I have broken the screens of my Samsung Galaxy Tab 7+ and HTC Desire HD. Hence my decision to buy on price. The Infinix Race Lite fell (a soft fall) and switched off. Why? Is that a feature or a bug?
One more thing, if you choose to reset the phone to factory settings, ensure you do not wipe the sdcard, some default apps are preinstalled on the card.
My overall verdict – the phone is only good for people who do not need a smart phone. If you are a casual user, go for a Symbian or a feature phone. If you are a heavy user and want to fully enjoy Android (or a smart phone), save a bit more and go a low end big name brand.