Hacking Strava & Spotify App

So lately I’ve been really getting into running.

I’ve reached that point in my life where I’m starting to get a bit of timer around my waist and my wife’s pretty much decreed that it’s time to do something about it.

So yeah, I’ve become a runner.

One thing that I’ve really struggled with is the boredom.

To kill the time, I started thinking about an app that I’d like to build that used both the Strava API and the Spotify API.

What I want to create is an app that maps which tracks were playing during certain points of my run and then plot the data onto a map. It’s just a noddy little project but I think it could be fun to see if my pace increases when ‘Eye of The Tiger’  starts blaring from my BOSE SoundSport (which really are the best running headphones).

It’s also got me thinking a lot more about the security of these pieces of software and how secure my data is online.

Strava is great because it has a private area which lets you hide your start and end point within a certain few k’s which is pretty nice.

I’ll update when I have a working prototype

Biggest Threats to Network Security                    

Are you worried about the network security of your company? If so, then it’s important to know some of the biggest threats.

Here are some of them:

  1. Browser Attacks

These attacks are done on people who are browsing the web. The attacks could encourage people to download malware that’s a fake software update/application. Malicious/compromised sites might also force malware on the systems of visitors. They do this by exploiting security weaknesses in the visitor’s browser/software. This is usually the result of the software being outdated.

One of the best steps your company can take to avoid this kind of attack is to update web browser and related services like Flash. This helps to make sure that new security vulnerabilities are patched before hackers can use them to attack networks.

  1. Backdoor Attacks

These make up a small percentage of network attacks but are worth noting. They’re a type of attack that gets around standard authentication. It then allows remote access. Backdoors are present in software based on the design. They can also be implemented by other software or launched by changing existing programs.

  1. SSL Attacks

This is another common attack on a network. The goal is to intercept data that’s sent over an encrypted connection. An attack that’s successful allows access to unencrypted data.

The attacks were quite common in late 2014. However, they’re still common today and account for a large percentage of all network attacks. There were several attacks following security vulnerabilities discovered in TLS and SSL.

  1. Brute Force Attacks

These kinds of attacks are increasing in in number and are done through automated software programs. They ”guess” various user passwords. The most network attacks are taking place in the US. That includes the number of attackers and targets.

This type of attack makes up about one-quarter of all attacks on networks. This type of attack tries to enter the “front door”, unlike many other attacks. The goal is to guess the password of a system.

Automated software is often used in order to guess thousands of password combinations. Sometimes this involves hundreds of thousands of combinations.

There are several ways you can protect your computers from these attacks. One basic way is to lock accounts after X login attempts. Another method is to block IP addresses after several login failures. Yet another option is to restrict login access to particular IP addresses.

  1. Shellshock Attacks

This is another common type of attack on networks. This is a vulnerability that’s found in the commend-line shell Bash. It’s used for Unix and Linux systems.

When Shellshock was discovered in September 2014, millions of systems/appliances were vulnerable. That included ones ranging from servers to thermostats. Since then attackers have started exploiting the various flaws. They use them to install malware that launches spam campaigns/DDoS attacks.

Many systems aren’t updated at all. So the vulnerabilities still exist over the web. The problem has become such a problem that Shellshock is the target of a large percentage of all network attacks. It’s become a major issue.

How to Boost Network Security to Avoid Hack Attacks

Is your company worried about hack attacks? They’ve become quite common in today’s tech world and often make news for all the wrong reasons. You might be wondering what steps your company can take to boost its network security and avoid such malicious attacks.

Here are some helpful tips:

  1. Avoid email from unknown sources

If anyone in your company gets emails from sources they’re not familiar with, it’s’ important that they avoid opening them. It’s also important to avoid opening any attachments that are sent with the email. The reason is that’s one-way computers can get infected with malware.

The problem is that sometimes the emails can look like they are from legitimate sites. The problem is that the domains are often very close to legitimate ones. If you want your company to avoid network security issues via email follow this policy to be on the safe side. It can help to avoid a ton of possible problems.

  1. Keep software updated

This is an easy yet effective way to help protect your computer network from hacks. This includes both software and operating systems. If they’re running an old version they might not have full and updated protection from hacks. That’s why it’s important to update the software as soon as you get an alert that an update is available. It doesn’t take much time, but can allow your company to avoid a lot of possible problems that result from hack attacks.

  1. Use 2-factor authentication

Today the issue of password protection has become bigger than ever.  It helps if your company is using strong passwords for all of its accounts. On the other hand, it’s still possible for third parties to guess passwords or hack accounts. 2-factor authentication requires users to input a password and confirm such as via a code texted to a phone. This is an effective tool your company can use even when hackers steal passwords.

  1. Use the cloud carefully

When you use the cloud, make sure not to share info you don’t want people to hack. Regardless of how “secure” a certain platform is. It’s important to know where your files on the cloud are actually going. You should also know the various practices followed by your cloud storage provider.

  1. Watch out for suspicious links

Make sure not to click on links to unknown sites. This can result in malware being installed on a computer, which can then infect an entire network. If the link is unknown, then it’s important to always avoid clicking on it. As with unknown email domains, it’s just as important to avoid clicking on links from unknown sites.

  1. Use strong passwords

This involves taking steps to make your passwords as soon as possible. For example, use a mix of upper/lower case letters, numbers, and symbols. It’s important not to save the password in a file, and also to avoid using a personal reference when picking the password.

Another important step is to avoid using the same password for multiple accounts. This can make it more convenient to use your accounts, but can also cause various security issues including hacks.

Tips to Improve Network Security

Are you worried about your company’s network security? It’s become a major issue in today’s business world and especially due to the skyrocketing number of online companies. Here are some basic tips for making your online company more secure:

  1. Put your policies in writing

It’s important to put your company’s network security policies in writing. This will help to make sure your IT department, in particular, will be aware of the protocols your company is using to protect its network. Not only that, but potential customers will also be assured that you’re taking steps to protect your network and their data. The latter is especially important when they pick a company to work with.

  1. Stay up-to-date

This is important because technology is constantly changing. It’s important to know about some of the most common hack attacks, for example. That will help your IT Department to be on alert about how it can take steps to best protect your network. Make sure that you get the latest software updates/patches to keep your computers as safe as possible.

On the other hand, without knowing about some of the biggest hack attacks, for example, it will be more difficult to protect your computers. That’s definitely a situation you’ll want to avoid as it will be tough to keep your networks safe and secure.

  1. Begin with the basics

It’s important to start with the basics when beefing up the security of your company’s networks. That includes password security, virus protected, encrypted pages, etc. These are the basics, but they’re effective in helping to protect your computer networks.

Make sure that you deal with these kinds of issues early. If you aren’t handling such issues you should start doing that immediately. However, keep in mind that it’s not really enough just to have such programs. It’s also important to implement them continuously. That, in turn, will help to keep your network as safe as possible.

  1. Consider a third-party vendor

Your company might be in the situation in which you don’t have the time or resources to monitor your network properly for security issues. The best solution is to hire a third-party vendor. This is a great option because it can help to provide expertise for protecting your network. Not only that, but they can dedicate their time to protecting your network.

  1. Monitor your network

Make sure that you’re constantly monitoring your network. You should definitely install anti-virus/malware software, for example, but that’s just the start. Make sure to use monitoring software so you’ll stay updated about the status of your network. You should also review the details from time to time so you’ll know the current status in terms of hack attacks on your system. It’s best to know as soon as possible when such cases are most likely.

Another major benefit of this approach is that you can find possible security breaches. When you do that you can fix the problem as soon as possible. It’s all about monitoring your system so you’ll be best prepared to deal with possible situations.

Why Network Security Is Important

As the Internet expands and improves it’s important to focus on the importance of network security. This has become one of the biggest factors for companies to take up. In fact, startups and Fortune 500 companies alike are focusing on ways to improve it. Here are some of the main things you can avoid by beefing up the security of your network:

1. Privacy Spoofing
This is also known as a spoofing attack. In involves falsifying data to give the party an unfair advantage. This is definitely a situation your company will want to avoid. There are various negative effects including effects on your company’s data, profits, and reputation. It’s definitely a situation you’ll want to avoid because it can cause potential customers to believe they’re getting emails from you, for example, when that’s not the case.

2. Identity Theft
There are various ways parties can do this. It basically involves a party taking on a fake identity. This can affect your company in many negative ways. For example, your customers might get a text, email, etc. that seems to be from your company, but in fact it isn’t. This type of communication can be very confusing and can be devastating to your company on different levels.

It’s highly advisable to take steps to avoid this type of situation because it’s a critical issue in terms of network security. Your IT staff can help with the situation or you might want to call in the services of companies that specialize in combatting identity theft.

3. Information Theft
This is another issue related to network security. Data is more important than ever and today’s companies are collecting tons of it. It’s used for various factors such as marketing. So if your company experiences information theft it can cause a world of trouble.
Keep in mind that not all information is highly classified. However, whenever any info is stolen from your company it has the potential to cause all sorts of problems.

4. Piracy
This is actually one of the biggest issues in terms of network security. Companies are very concerned that outside parties will steal information about their products, services, etc. then make cheap knock-offs. This can cost a company quite a lot of money so it’s important to take steps to avoid it as much as possible.

5. Malware
This is one of the biggest issues today with hackers using powerful tools to install malware on companies’ networks and devices. You’ve probably read many news stories about malware that’s infected hundreds of thousands of devices. It’s a major issue, so it’s definitely one you should take steps to curb as much as possible.

The good news is that there are several tools and techniques you can use to make your network safer. It’s important to find out which ones will be most effective in preventing online hacks and theft.It’s important to keep in mind that these are investments in your company as they’ll help to make your business more secure and profitable.

INTRODUCTION TO COMPUTER NETWORKS

Let’s talk about the different ways we can categorise computer networks. There’s actually a variety of different classifications we can use. Here we’re going to talk about three of them. We’re going to talk about host roles, we’re going to talk about geographic proximity, and then the signalling methods used. Let’s first talk about classifying networks according to the host roles. In other words, what do the hosts do in the network?

The first one we want to look at is called peer-to-peer. In a peer-to-peer network, network hosts don’t have a specific role that they play. In other words, hosts on a peer-to-peer network both provide network services, and hosts on a peer-to-peer network also consume network services. What exactly does that mean? In a peer-to-peer network, we have a variety of operating systems here, and they fulfil a variety of different roles. For instance, over here we may have a workstation that has a printer connected to it and that printer is shared on the network, allowing each of these different hosts to print to that printer. Over here, this host might have a huge hard drive installed and everyone is allowed to share that hard drive. If they have a huge file they need to save, they can put this file down here.

In this situation, you have hosts that both provide and consumer network services. These two hosts provide a new service. This one provides printing. This one provides storage. At the same time, these hosts also consume services. For instance, this host prints to this workstation. This workstation saves files to the hard drive in this workstation. In essence, they function both as a client and as a server at the same time.

There’s a lot of benefits to a peer-to-peer network. First of all, it’s very easy to implement. In other words, you could take a whole bunch of Windows XP workstations, for example, and create a peer-to-peer network. You can share printers, share storage. You don’t have to go to any trouble to configure this. All you have to do is share your resources. It’s very easy to implement. It’s also very inexpensive. In this case, with a Windows XP peer-to-peer network, you just instal the operating system. That’s it. There’s no special software to purchase and implement.

There are some drawbacks to a peer-to-peer network. You might be asking, “Well, it’s so easy to implement, so inexpensive, why don’t more companies implement it?” There are some key problems. First of all, a peer-to-peer network is not very scalable, meaning the bigger it gets, the harder it is to manage and the harder it is to keep running. Peer-to-peer networks are very, very difficult to support. That’s because they lack centralised control. In other words, there’s not one network administrator running the show. Every user at each workstation is like their own little network administrator.

Let’s take an example of how this is a problem. Let’s say that you have shared storage over here on this hard drive and this workstation belongs to Fred. Fred says, “You know, there’s going to be an awful lot of files on my hard drive. I think I’m going to erase a whole bunch of them. Let’s just erase them so I have more room on my hard disc.” What impact does that have on everybody else? Mary over here might have had her files on that hard drive, and he just wiped them out. She’s going, “My files!” No centralised control.

Further, let’s suppose Mary decides to get back at everybody because Fred over here deleted her files and she takes off the next day from work, leaves her office door locked and her computer off. Everybody needs to print. Can they print? Nope, they can’t. This host is down. You can’t access its printer.

Another problem is the fact that when you have a peer-to-peer network, there’s no real centralised place to save files. We could have storage on this system. We could have maybe some other shared storage on this system. Maybe some other shared storage on this system. Maybe even some over here on this system. When it comes time to back up and protect critical company data, you’ve got to go to each one of these hosts and back up their data. You may not know exactly where folks are saving it. It could be all over the place on the hard drives.

We have another classification within the host roles category, and that is a client/server network. In a client/server network, unlike a peer-to-peer network, network hosts have specific roles assigned to them. In a client/server network, you have certain systems, certain hosts that are assigned to be servers. What does a server do? A server provides network resources. You also on a client/server network have clients. A client does not provide network services. It consumes network services. What does that mean? That means in a client/server network these client workstations will not have shared storage. They will not have shared printer. All those services are provided down here by the server. It might have a humongous hard drive. Maybe we have a printer that this server manages. Et cetera. Server provides the resources. The clients simply use the resources.

To do that, we have different operating systems implemented. Recall, with a peer-to-peer network, everybody had the same operating system. Not so in a client/server network. Client workstations have generic operating systems that provide functionality such as being able to run applications, to do word processing, spreadsheets, et cetera, and software that allows them to connect to the server. Examples would be Windows XP, maybe Windows 2000 Professional. Those are client workstation operating systems. The server, on the other hand, has special optimised operating systems, and these operating systems aren’t designed for client type tasks such as word processing and spreadsheets. Although some of them will do it, that’s not their main job. For example, server operating systems include NetWare, Linux, Windows 2000, and Server 2003. These operating systems are designed to provide these network resources.

The benefit to this type of network is first of all that it’s very highly scalable. What does that mean? That means it’s very easy to expand the size of the network. It’s very easy to add more clients. It’s very easy to add more servers. Client/server networks are also much easier to support. That’s because services are centralised. If folks are having a problem accessing their files, you know where to look. It’s on the server. You need to check out the storage on the server. If folks are having trouble printing, you know where to look, because the service is provided by the server. Backup is also a lot easier. Instead of having to back up individual workstations, they’re saving their data over here in the storage system on the server itself.

You’re still using your relatively inexpensive client operating systems up here just like with a peer-to-peer network, such as Windows XP, Windows 2000 Professional. The expense comes down here. These operating systems for the most part are relatively expensive. The exception, of course, is Linux. NetWare is relatively expensive. Windows 2000 Server is very expensive. Server 2003 is relatively expensive as well.

The other thing is that this type of network takes a lot of planning beforehand. If it were a peer-to-peer network, you just slap things together. You set up your systems, and away you go. You don’t do that with a client/server network. You pre-plan everything. You decide which servers are going to host which services and you decide where they’re going to be placed on the network, et cetera.

That’s how we categorise computer networks by host role. Now let’s look at a different way of categorising computer networks, and that is geography. The first category is that of a local area network. A local area network resides within a small geographic area. An example of a local area network would be the network inside a particular company’s office. It has multiple floors, but these are all connected by a network medium in some way. This comprises a local area network. It could be multiple buildings, in fact. You could have a second building over here, several floors, computer systems, and these are all interconnected in some fashion. It’s still a local area network because the geography separating the hosts is relatively small. You could even have other buildings over here with their own networks. For instance, perhaps a college campus. There’s a building here and a building here, and then you connect all the networks together. When you do that, by the way, that’s called an inter-network. However, this is still a LAN because they’re geographically close together.

It’s also possible to have a computer network where the networks and the hosts are very widely distributed geographically. When we have that situation, we’re talking about a wide area network. Basically, a wide area network is a group of interconnected LANs, local area networks, that are separated geographically. For example, suppose we have a company named XYZ Corp. XYZ has an office over here in New York City. They have a local area network. This company also has an office down here in Houston, Texas. Then they also have an office up here in Portland, Oregon. Users in these different locations occasionally need to have access to information at these various different sites. To make that possible, we’ve connected them in some way so that these local area networks are inter-networked together, making a very large inter-network, or a wide area network.

When you set up a WAN, basically the way it’s done is that you make sure that the resources that the users need are located on the local LAN. For example, if someone needs to open a file here in New York City, you don’t want them to have to go clear down here, transverse the wide area network to Houston to open up a file and bring it back here and work on it over here in New York City. Then, when you save you have to go clear across the country again just to save on a server located down here. Instead, you’ll locate the information resources that each local area network needs here locally, so you’d set up a server here in New York City with the information that the users here in New York City would need.

Likewise, you wouldn’t want to store your user accounts over here in Portland so that someone who needs to log in to the network down here in Houston has to go across the WAN link clear over here to Portland just to authenticate. The benefit of the WAN is that, if the situation arises, say a user here needs access to a document that’s being worked on by a product team over here in Portland, they can use the wide area network to get that information and open it over here.

Those are the two different classification or categorising networks by their size and their geographic proximity. There’s one more categorization I want to talk about here, and that is the type of signalling used by the network. There’s basically two types. There’s baseband signalling and then there’s broadband signalling. This right here represents our network medium, whether it’s a wire or whether it’s a piece of fibre optic cable or what have you. With baseband signalling, you can have one signal at a time on the network medium, and that signal uses the entire network medium all at the same time. Broadband signalling, on the other hand, divides the network medium into multiple channels. With broadband signalling, you can have multiple signals all being transmitted on the same network medium at exactly the same time.

You want a good example of broadband signalling, think of your cable TV system. If you have cable TV, you have channel two, four, five, six, seven, et cetera. You have multiple signals all using the same cable at the same time. Baseband signalling, in the old days I used to use the example of a telephone. Now telephone systems are starting to use broadband signalling to allow you to have DSL and your telephone conversations at the same time, but in the old days telephones used to use baseband signalling. In other words, you picked up the phone receiver and you made a telephone call. While you were using the phone, someone else on a different extension in the same house couldn’t lift up the phone and make a phone call at the same time because you could only have one signal on the wire at the time.

Those are the two different types of signalling that’s used-

Welcome

So despite the internet being around for well over 20 years now and blogging being around for just as long – I’ve never actually given it a go before.

However, in a bit to start boosting my profile within the network security industry, I’ve decided to branch out and launch my very own weblog.

Good for me, right?

Anyway, over the coming weeks, months and years I’ll be posting about everything from Pervasive security / Security of internet enabled host devices, Anonymous traffic networks to Software Defined Networking ( SDN ) vulnerabilities.

Until next time.