Local News

World News

Monday, November 10, 2014

VIRAL: Traffic Enforcer who sells Bibingka as sideline gains respect by Netizens

We were so used for police officer and traffic enforcers or men in uniforms wherein they're involve in some kind of "kotong" allegations and various kinds of negativity that surrounds bribing and power trip.

 Photo credit: Czes Rivera/Top Gear Philippines

That is why this certain police/traffic enforcer had been gaining a lot of attention and popularity as he is a breath of fresh air that revives a whole new image for officers in general

Mr. Gonzales, the officer who was seen selling bibingka and different types of kakanin gained a lot of attention and respect as he is one of those that made a difference and proved that not every officer are as what the nation perceived them to be.

It was obvious that Officer Gonzales is a father that would do things just to make ends meet in a rather hard but proudful way.

I'm sure his kids were very proud and dignified of what he is as a father, officer and person.

After 30 minutes of the news being posted it got viral not only on the locals but worldwide as well

Officer Gonzales received words of praises from netizens around the world comparing his ways to other corrupt officers in position nowadays.

Compostela Valley student tops ‘Doodle 4 Google’ tilt

A 15-year-old high school student from Compostela Valley was hailed as the first grand winner of “Doodle 4 Google” Philippines, yesterday afternoon at the Music Hall, Mall of Asia in Pasay City.
The over-all winner, Kim Patrick Saren of Nabunturan Comprehensive High School, bested 50, 000 other hopefuls from all over the country with his entry “Sari-Jeepney.”
He described his doodle as a sarimanok - inspired idea. It symbolizes Filipino culture with deep appreciation for hardwork. His winning doodle currently displaying on the Google Philippines homepage (on Nov. 10). The theme evolved on the question: “What can I do for the Philippines?”
A colorful jeepney with wings, the Philippine flag underneath, and a key on the tail were dominantly seen in Saren’s entry.
“The concept is created to solve problems like traffic, economy, education, and basic needs. The key on the tail signifies the solutions to the problems wherein we must fly high with pride and honor,” Saren wrote in his artwork.
Saren received a specially designed trophy by Google, an Acer C720 Chromebook, Acer kit from National Book Store, P400,000 educational grant from BPI foundation for the college of his choice and P350,000 connectivity grant for his present school from PLDT-SMART foundation. He was the winner for the 15-17 age group.
Aside from Saren, other winners per age group category were: Angela Kaitlin Tiu, 8, Grace Christian College, “Love and care for the Philippines” (ages 5-8); Avryll Nartates, 11, St. Scholastica’s College-Paranaque, “Coral Ripped or Coral Reef” (ages 9-11); and Jay Portallo, 14, Iligan City East High School, “Symphony for Peace” (ages 12-14). They each received a trophy, Nexus 7 tablet, 3D doodling pen, and P5,000 worth of gift certificate from National Book Store.
Ryan Morales, Google Philippines country marketing manager, said that the event was the first in the country.
“We usually hold ‘Doodle 4 Google’ in countries with new Google offices, which are just 1-2 years old,” he said. It was launched in the Philippines last July.
Google Philippines, in partnership with the Department of Education and National Youth Commission gathered the entries through a school by school caravan throughout the country. Other entries were just sent online.
Among the 51,000 entries from Luzon, Visayas, and Mindanao only 400 finalists were chosen. The pool of judges was composed of: Katy Wu, doodler of Google, Fidelina Corcuera, senior vice president of BPI foundation, Ma. Esther Santos, president of PLDT-SMART foundation, Efren Penaflorida, 2009 CNN hero of the year and CJ De Silva, senior art director of TBWA-Santiago Mangada Puno.

More Ways to Control What You See in Your News Feed

News Feed is where you go to catch up on what’s happening with your friends and find the content that matters to you.
What you do in News Feed helps determine what you see in News Feed. You decide who you want to connect to, and what Pages and public figures you want to follow.
Starting today, there will be more ways for you to control and give feedback on your News Feed.
Quickly Unfollow and re-follow people, Pages and Groups
News Feed settings will now show a list of the top people, Pages and Groups that you’ve seen in your News Feed over the past week. You can choose to sort by people, Pages or Groups posts, or see an overall summary. Unfollow any friend, Page or Group if you don’t want to see their stories in your News Feed. You can also see who you’ve unfollowed in the past and can choose to re-follow them at anytime.
New ways to give feedback about your News Feed
If you see a story you’re not interested in or don’t want to see, you can tap the arrow in the top right of that story to hide it. Starting today, when you hide a story you’ll have the option to ask to see less from that person or Page.
If you choose to see less, you are then given the option to unfollow them if you don’t want to see any of their stories in your News Feed. You can always visit News Feed settings to see everything you’ve unfollowed and have the option to re-follow them.
News Feed settings will be available starting today on desktop and mobile. The new options for giving feedback about your News Feed will be available today on desktop, and coming to mobile in the coming weeks. For more information, visit our Help Center.

Google Must Make Android Safer (Op-Ed)

This article was originally published at The Conversation. The publication contributed the article to Live Science's Expert Voices: Op-Ed & Insights.
Over the past few months, the Android platform developed by Google and based on the Linux operating system has been having a difficult time. Hackers, with malicious intent and those without, have been investing time in finding out how weak this operating system is.
Android runs on more than four out of five mobile devices. It is popular because it is free and its terms do not dictate to device manufacturers what hardware it must be used on.
The hacking seen so far is partly a result of this popularity. But there also seem to be inherent problems, which experts and hackers have discovered don’t exist on other mobile platforms.

What are the issues?

Android is getting the most attention from malware creators, because it has more than 40,000 different malware compromises. This is worrying especially as the same systems for Windows and Apple phones seem to have only handful such issues (on non-jailbroken devices).
In June concerns arose about an SMS worm that could propagate via Android devices. One of the primary issues is the version control system these devices uses. As new and better versions of Android have been released, manufacturers having committed their development efforts to one version cannot always allow for upgrades. This is commonplace among the lower-priced devices, which tend to be fixed to a specific version of Android. Currently new devices are using the KitKat version of Android, but previous versions, such as JellyBean and IceCreamSandwich, remain in use.
In July researchers published their analysis of Android devices purchased on eBay. Even though these devices had had the information on them deleted, they could recover and analyse it. Naked Selfies among other confidential data were found, exposing a serious flaw in the encryption used by Android. The factory reset option, which should be able to permanently wipe any historical data from the device, seemed not to work well either. (This is the same issue, which was reported earlier in August, regarding the Tesco Hudl tablet, which uses Android as the operating system.)
Now researchers have found a flaw in the Gmail application on Android devices. The flaw makes it easy to create malware to obtain personal information, effectively using the email application as a route to extract all kinds of data from your phones. The researchers have claimed that this is also possible on iPhones and Windows phones. What they neglect to share is that Microsoft and Apple have app stores that undergo a range of stringent security checks before any app is allowed on their devices. This is unlike the Google Play environment, which is not the only source for apps on Android device.
There are many non-Google Android app stores – some legitimate but many not. Worse still, the security community has also exposed issues with the official Google Play store. We can trust almost all applications downloaded on Apple and Microsoft phones, but for any on the Android platform the risk is considerably higher. Unless you have up-to-date anti-malware software and are extremely cautious, chances are that your Android phone may eventually be compromised.

Should I be concerned?

Sadly, I think all Android users should be concerned. It is an excellent mobile operating system and has enabled low-cost smartphones and tablet computers to exist in the market place. But Google needs to tighten controls on how applications can enter this device as well as some of its underlying features.
Whenever I meet someone with an Android device, the first question I ask them is if they have any anti-malware installed. They often give me a quizzical look. The reality is that, if they don’t have such security apps installed, the data on their Android is not safe.

This is how your Gmail account got hacked

How easy is it to steal your passwords?

If your Gmail account got hacked, blame your friends.

You are 36 times more likely to get scammed if your contacts' accounts have been hacked, according to a study released this week by Google (GOOG).
It's rare. On an average day, only nine in 1 million accounts gets stolen. But when it happens, the operation is swift. These are professional criminals at work, looking through your email to steal your bank account information.
The criminals are concentrated in five countries. Most of them live in China, Ivory Coast, Malaysia, Nigeria and South Africa. But they attack people worldwide, duping them into handing over Gmail usernames and passwords.
Google has effective scans to block them and emergency options to get your account back. But criminals still manage to pull off the attacks.
Here's some more of what Google found in its three-year study.

In the mind of a hacker
Effective scams work 45% of the time. This number sounds huge, but well-crafted scams can be convincing. They send official-looking emails requesting your login credentials. And sometimes they redirect you to a page that looks like a Google login, but it's not.
Safety tip: Don't ever email your username or password -- anywhere. And always check the Internet address in the URL above to ensure you're at the actual Gmail site.
They usually steal your account in less than a day. Once they have your login credentials, the average criminal hijacks your account within seven hours. For an unlucky 20%, the bad guys do it in just 30 minutes. Then they change your password to lock you out.
Safety tip: Sign up for account alerts on your phone or a backup email. And move fast.
Related: Apps aimed at children collect a shocking amount of data
It takes only 3 minutes to scan your email for valuable stuff. They're looking for any email that shows your bank account information and images of your real life signature. They also search for login credentials for other accounts at Amazon (AMZN, Tech30) or PayPal. They use the email search feature, looking for phrases like "wire transfer," "bank" and "account statement."
Safety tip: Perform this search yourself. Go ahead and erase any email with this sensitive data. Don't leave this stuff lying around.
Expect your friends to get preyed on too. Criminals will send emails in your name asking friends for money. Typically, they use a sob story, claiming you got stuck somewhere and need help.
Fraudsters are smart at keeping this under the radar too: 15% of them create automatic email rules that forward your friends' responses to another email address. So even if you get your account back, you won't know your friends were targeted, because you'll never get their responses.
Worst of all? Sometimes fraudsters delete all your emails and contacts to prevent you from warning friends afterward. Google has an account recovery option to bring them all back -- but that's only if you actually recover your account.
Safety tip: Just make it impossible to break into your email in the first place. Sign up for two-step authentication, a second password you get by text message. It's an extra 30 seconds on every new computer, but it's worth it in the long run.
Related: How safe are you? CNNMoney's cybersecurity Flipboard magazine
Related: Apps aimed at children collect a shocking amount of data

Sunday, November 9, 2014

Priests Pose Naked For Calendar Aimed At Battling Homophobia

A calendar featuring naked Orthodox Catholic priests has launched, with its creators calling it a blow against global homophobia.
calendarThe OC Calendar, which with comes in both SFW and x-rated editions, was shot in Romania and follows a theme of the Seven Deadly Sins. Six different photographers capturing the clerical subjects, who keep their identities anonymous.
The OC 2015 edition pays tribute to social tolerance, in reaction to the Orthodox hierarchy’s medieval views. According to them, LGBT people have suddenly become the worst kind of sinners – an omen of the impending end of the world.
What about wrath, avarice, sloth, pride, lust, envy, and gluttony? Maybe we’re missing something, but the last time we checked, homosexuality was not one of the Seven Deadly Sins!
So, are these guys actually Eastern Orthodox priests? The OC site refers to them as “members” of Church, which could mean a lot of things.
If they are, we need to start going to Mass a LOT more.
calendar 2

Thieves Cash Out Rewards, Points Accounts

HHONORSA number of readers have complained recently about having their Hilton Honors loyalty accounts emptied by cybercrooks. This type of fraud often catches consumers off-guard, but the truth is that the recent spike in fraud against Hilton Honors members is part of a larger trend that’s been worsening for years as more companies offer rewards programs.
Many  companies give customers the ability to earn “loyalty” or “award” points and miles that can be used to book travel, buy goods and services online, or redeemed for cash. Unfortunately, the online accounts used to manage these reward programs tend to be less secured by both consumers and the companies that operate them, and increasingly cyber thieves are swooping in to take advantage.
Brendan Brothers, a frequent traveler from St. John’s in Newfoundland, Canada, discovered a few days ago that his Hilton Honors account had been relieved of more than a quarter-million points, rewards that he’d accumulated using a credit card associated with the account. Brothers said the fraudsters were brazen in their theft, using his account to redeem a half-dozen hotel stays in the last week of September, booking rooms all along the East Coast of the United States, from Atlanta, GA to Charlotte, N.C. all the way up to Stamford, CT.
The thieves reserved rooms at more affordable Hilton properties, probably to make the points stretch further, Brothers said. When they exhausted his points, they used the corporate credit card that was already associated with the account to purchase additional points.
“They got into the account and of course the first thing they did was change my primary and secondary email accounts, so that neither me nor my travel agent were getting notifications about new travel bookings,” said Brothers, co-founder of Verafin, a Canadian software security firm that focuses on anti-money laundering and fraud detection.
Brothers said he plans to dispute the credit card charges, but he’s unsure what will happen with his purloined points; nearly a week after he complained to Hilton about the fraud, Brothers has yet to receive a response from the company. Hilton also did not respond to requests for comment from KrebsOnSecurity.
Hilton gives users two ways to log into accounts: With a user name and password, or a member number and a 4-digit PIN. What could go wrong here?  Judging from changes that Hilton made recently to its login process, thieves have been breaking into Hilton Honors accounts using the latter method. According to the travel loyalty Web site LoyaltyLobby, Hilton recently added a CAPTCHA to its login process, ostensibly to make it more difficult for crooks to use brute-forcing programs (or botnets) to automate the guessing of PINs associated with member accounts.
In a post on October 30, LoyaltyLobby’s John Ollila wrote about a hacker selling Hilton Honors accounts for a tiny fraction of the real world value of points in those accounts. For example, the points stolen from Brothers would have fetched around USD $12 — even though the thieves in his case managed to redeem the stolen miles for approximately USD $1,200 worth of hotel reservations.
I did a bit of sleuthing on my own and was able to find plenty of sellers on shady forums offering them for about three to five percent of their actual value. As this ad from the online black market/drug bazaar known as Evolution Market indicates, the points can be redeemed for gift cards (as good as cash) at and other locations that convert points to currency. The points also can be used to buy items from the Hilton shopping mall, including golf clubs, watches, Apple products and other electronics.
A merchant on the Evolution black market hawking hijacked Hilton points for a fraction of their value.
A merchant on the Evolution black market hawking hijacked Hilton points for a fraction of their value.
“I don’t recommend using them for personal hotel stays, but they ARE safer (and cheaper) than using a carded hotel service,” the Evolution seller advises, referring to the risks associated with using purloined points versus trying to book a stay somewhere using a stolen credit card.
Hilton Honors is hardly alone in allowing logins via account numbers and 4-digit PINs; United Airlines is another big name company that lets customers log in to view, spend and transfer points balances with little more than a member number and a PIN. These companies should offer their customers additional security options, such as the ability to secure accounts with multi-factor authentication (e.g. via Security Keys or Google’s Authenticator mobile app).
If it wasn’t already painfully obvious that a lot of companies and their customers could benefit from adding multi-factor authentication, check out the screen shot below, which shows an underground site that offers automated account checking tools for more than two-dozen retail destinations online. Some of these tools will help streamline the process of dumping available awards and points to a prepaid card.
Stolen points and miles would be a great way to fund a criminal-friendly travel agency. By the way, that’s actually a thing: Check out this story about services in the underground that will book stolen flights and hotels rooms for a fraction of their actual cost.

Still Spamming After All These Years

A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email.
atballLast month, security experts at Cisco blogged about spam samples caught by the company’s SpamCop service, which maintains a blacklist of known spam sources. When companies or Internet service providers learn that their address ranges are listed on spam blacklists, they generally get in touch with the blacklister to determine and remediate the cause for the listing (because usually at that point legitimate customers of the blacklisted company or ISP are having trouble sending email).
In this case, a hosting firm in Ireland reached out to Cisco to dispute being listed by SpamCop, insisting that it had no spammers on its networks. Upon investigating further, the hosting company discovered that the spam had indeed come from its Internet addresses, but that the addresses in question weren’t actually being hosted on its network. Rather, the addresses had been hijacked by a spam gang.
Spammers sometimes hijack Internet address ranges that go unused for periods of time. Dormant or “unannounced” address ranges are ripe for abuse partly because of the way the global routing system works: Miscreants can “announce” to the rest of the Internet that their hosting facilities are the authorized location for given Internet addresses. If nothing or nobody objects to the change, the Internet address ranges fall into the hands of the hijacker (for another example of IP address hijacking, also known as “network identity theft,” check out this story I wrote for The Washington Post back in 2008).
So who’s benefitting from the Internet addresses wrested from the Irish hosting company? According to Cisco, the addresses were hijacked by Mega-Spred and Visnet, hosting providers in Bulgaria and Romania, respectively. But what of the spammers using this infrastructure?
One of the domains promoted in the spam that caused this ruckus — unmetegulzoo[dot]com — leads to some interesting clues. It was registered recently by a Mike Prescott in San Diego, to the email address [email protected]. That email was used to register more than 1,100 similarly spammy domains that were recently seen in junk email campaigns (for the complete list, see this CSV file compiled by
persaud-fbEnter Ron Guilmette, an avid anti-spam researcher who tracks spammer activity not by following clues in the junk email itself but by looking for patterns in the way spammers use the domains they’re advertising in their spam campaigns. Guilmette stumbled on the domains registered to the Mike Prescott address while digging through the registration records on more than 14,000 spam-advertised domains that were all using the same method (Guilmette asked to keep that telltale pattern out of this story so as not to tip off the spammers, but I have seen his research and it is solid).
Of the 5,000 or so domains in that bunch that have accessible WHOIS registration records, hundreds of them were registered to variations on the Mike Prescott email address and to locations in San Diego. Interestingly, one email address found in the registration records for hundreds of domains advertised in this spam campaign was registered to a “[email protected]” in San Diego, which also happens to be the email address tied to the Facebook account for one Michael Persaud in San Diego.
Persaud is an unabashed bulk emailer who’s been sued by AOL, the San Diego District Attorney’s office and by anti-spam activists multiple times over the last 15 years. Reached via email, Persaud doesn’t deny registering the domains in question, and admits to sending unsolicited bulk email for a variety of “clients.” But Persaud claims that all of his spam campaigns adhere to the CAN-SPAM Act, the main anti-spam law in the United States — which prohibits the sending of spam that spoofs that sender’s address and which does not give recipients an easy way to opt out of receiving future such emails from that sender.
As for why his spam was observed coming from multiple hijacked Internet address ranges, Persaud said he had no idea.
“I can tell you that my company deals with many different ISPs both in the US and overseas and I have seen a few instances where smaller ones will sell space that ends up being hijacked,” Persaud wrote in an email exchange with KrebsOnSecurity. “When purchasing IP space you assume it’s the ISP’s to sell and don’t really think that they are doing anything illegal to obtain it. If we find out IP space has been hijacked we will refuse to use it and demand a refund. As for this email address being listed with domain registrations, it is done so with accordance with the CAN-SPAM guidelines so that recipients may contact us to opt-out of any advertisements they receive.”
Guilmette says he’s not buying Persaud’s explanation of events.
“He’s trying to make it sound as if IP address hijacking is a very routine sort of thing, but it is still really quite rare,” Guilmette said.
“He’s trying to make it sound as if IP address hijacking is a very routine sort of thing, but it is still really quite rare,” Guilmette said.
The anti-spam crusader says the mere fact that Persaud has admitted that he deals with many different ISPs both in the US and overseas is itself telling, and typical of so-called “snowshoe” spammers — junk email purveyors who try to avoid spam filters and blacklists by spreading their spam-sending systems across a broad swath of domains and Internet addresses.
“The vast majority of all legitimate small businesses ordinarily just find one ISP that they are comfortable with — one that provides them with decent service at a reasonable price — and then they just use that” to send email, Guilmette said. “Snowshoe spammers who need lots of widely dispersed IP space do often obtain that space from as many different ISPs, in the US and elsewhere, as they can.”
Persaud declined to say which companies or individuals had hired him to send email, but cached copies of some of the domains flagged by Cisco show the types of businesses you might expect to see advertised in junk email: payday loans, debt consolidation services, and various nutraceutical products.
In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy.
Update, 11:35 p.m. ET: Persaud says that the Michael Persaud who pleaded guilty to defrauding the government in 2000 was not him but a different Michael Persaud in San Diego. Persaud has provided a document from the U.S. District Court for the Southern District of California that appears to support this claim.
Original post:
Many network operators remain unaware of the threat of network address hijacking, but as Cisco notes, network administrators aren’t completely helpless in the fight against network-hijacking spammers: Resource Public Key Infrastructure (RPKI) can be leveraged to prevent this type of activity. Another approach known as DNSSEC can also help.