Security experts at Checkmarx discovered two security vulnerabilities in the Tinder Android and iOS dating applications that could be exploited by an attacker on the same wi-fi network as a target to spy on users and modify their content. Attackers can view a target user’s Tinder profile, see the profile images they view and determine the actions they take.

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising orother type of malicious content (as demonstrated in the research).” reads the analysis published by Checkmarx.

“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”

An attacker can conduct many other malicious activities, including intercepting traffic and launching DNS poisoning attacks.

The first issue is related to the fact that both the iOS and Android Tinder apps download profile pictures via insecure HTTP connections, this means that an attacker can access the traffic to determine which profiles are viewed by a Tinder user.

“Attackers can easily discover what device is viewing which profiles,” continues the analysis. “Furthermore, if the user stays online long enough, or if the app initializes while on the vulnerable network, the attacker can identify and explore the user’s profile.” “Profile images that the victim sees can be swapped, rogue advertising can be placed and malicious content can be injected,”

Obviously, such kind of issue could be mitigated with the adoption of HTTPS.

Checkmarx also discovered another issue related to the use of HTTPS, the flaw was called “Predictable HTTPS Response Size”.

“By carefully analyzing the traffic coming from the client to the API server and correlating with the HTTP image requests traffic, it is possible for an attacker to determine not only which image the user is seeing on Tinder, but also which action did the user take.” states Checkmarx. “This is done by checking the API server’s encrypted response payload size to determine the action,” 

An attacker that is in the position of analyzing the traffic can discover the user’s interest in a specific profile by detecting a 278-byte encrypted response that is delivered by the API server when he swipes left on a profile picture. Swiping right, the Tinder user likes a particular profile, in this case, the response generated is composed of 374 bytes.

The researchers also noticed that Tinder member pictures are downloaded to the app via HTTP connection, this makes possible for an attacker to view the profile images of those users being swiped left and right.

In order to mitigate this issue, researchers suggest padding requests, if the responses were padded to a fixed size, it would be impossible to discriminate the user’s action.

Checkmarx disclosed both vulnerabilities to Tinder.

Dealing with files on your Android phone or tablet can be intimidating, especially since there are several file transfer standards and dozens of different apps for file management. Do you find yourself overwhelmed by all the different Android file management options? Or are you just not sure where to get started?

Don’t worry. Today we’ll go over everything you need to know about file management on Android, including the best apps for managing files and how to transfer files seamlessly to other devices.

Utilize the Built-In Android File Manager

Android got a native file manager in Android 6.0 Marshmallow. It’s pretty barebones, but it gets the job done for basic file management.

Here’s how to access it on your stock Android device running 6.0 Marshmallow or higher.

Open Settings > Storage & memory. Here, you should see what files are hogging up space on your device. You should see a visual breakdown of your device’s storage into various categories like Apps, Images, Video, Audio, Cached data, etc.

To access the traditional Android file manager, scroll down and tap Explore. Switch to the Storagetab. You should see various partitions such as internal storage, external storage (if your phone supports SD card or USB OTG), and Google Drive.

You can tap on a particular item to cut, copy, delete, share or perform other file manipulation operations.

If your phone is running Android 8.0 Oreo, the location of the file manager is different. Open the Downloads app from the app drawer. Tap the three-dot overflow menu button and select Show internal storage. Here, you can manage your files and perform file manipulation operations such as cut, copy, delete, share, etc.

Note that if your device is not running stock Android, the built-in file manager might look pretty different. Some manufacturers, like Samsung, include their own file managers with their modified version of Android.

Use Third-Party File Managers for Extra Functionality

While the native Android file manager works great for basic file operations, it lacks advanced features. If you’re looking to do more with your files, a third-party file manager is what you need.

Here are some of our favorite third-party file managers for Android.

Solid Explorer

Solid Explorer is a powerful file manager wrapped with the beautiful material design. It features a dual-pane setup, rich customization options, and supports various network protocols like FTP, SFTP, WebDAV, etc.

For the uninitiated, FTP lets you host files in one location and access them from anywhere. Perhaps the best thing about Solid Explorer is that it supports extensions, so you can extend its functionality.

Download: Solid Explorer (Pro version, 14-day free trial)

ES File Explorer

ES File Explorer has lately faced criticism for its heavy advertising nature and unnecessary bloatware. While it’s true to some extent, there’s no denying that the once-favorite file manager still comes with a powerful set of features.

It boasts of real-time search, built-in support for compression and encryption, and remote file management using FTP.

Download: ES File Explorer (Free with ads, $2.99 for Pro)

Transferring Files Between Android Phone and PC

Now that we have seen various apps for on-device file management, here’s how to simplify file transfers between your Android phone and your computer.

Transfer Files With a USB Cable

This one is fairly obvious, but it’s still pretty reliable. Simply connect your phone by plugging it via USB to your computer. Unlock your device and tap the “USB for…” notification. Select Transfer Files. A file transfer window should pop up on your computer. You can now transfer files seamlessly.

If you’re using a Mac, you need to download Android File Transfer first. Then connect your phone by plugging it into your Mac. Android File Transfer should launch automatically. Unlock your Android device. You should be able to transfer files back and forth between your Mac and your Android device.

Transfer Files Using Bluetooth

Bluetooth transfer can be pretty slow, but it’s always nice to have a quick, easy wireless option.

Start by pairing your Android device with your PC or your Mac. To transfer a file, just hit the Share button inside any file manager app and select the paired computer from the list.

USB On-the-Go

Most Android phones these days support USB On-The-Go. USB OTG lets your Android device read data from a USB connection without requiring a PC. This essentially means that you can connect a USB flash drive or a portable hard drive directly to your Android phone and transfer files easily.

To check if your device supports USB OTG, you can download this free app called USB OTG Checker. Alternatively, you can check the device specifications on the manufacturer’s website.

Transfer Files Using AirDroid

If you don’t like fumbling around with USB cables, you can transfer files remotely using AirDrop. To begin, download AirDroid on your Android device and your desktop. After you sign up for a free account, you can easily transfer files to nearby devices and other registered devices. You can transfer files remotely even when the devices aren’t connected to the same Wi-Fi network.

Download: AirDroid for Android (Free) | AirDroid Desktop Client (Free)

Browse Your Files Remotely From Anywhere

Until now, we’ve seen how to manually transfer files between your computer and your Android phone. But what if you forget an important file on your work computer, and have no physical access to the computer?

Pushbullet provides an easy solution. Pushbullet’s Remote Files feature lets you access your files remotely from anywhere. To get started, download Pushbullet and sign up for a free account. Head over to Pushbullet’s support page for instructions on how to enable Remote Files.

Download: Pushbullet (Free)

Transfer Files Between Android Devices Using Files Go

Late last year, Google launched Files Go, its very own file manager app aimed at lower-end smartphones. Its primary focus is to make storage management easier, but it also comes with a nifty feature to transfer files securely without the internet.

To use it, both the Android devices should have Files Go installed.

To send a file, switch to the Files tab and tap on Send. If you’re using it for the first time, tap Allow to grant the required permissions and enable Allow modify system settings. Enter your name and tap Next. The setup is now complete.

Ask your friend to open the app and tap Receive. It creates a secure Bluetooth connection to let you share files quickly. It might take a while to transfer the file to the other device, depending on the file size.

Note that you can alternatively use AirDroid and Pushbullet to transfer files between Android devices.

Download: Files Go (Free)

Transfer Files From Android to iPhone Using ShareIT

ShareIT has been the go-to app for sharing files between Android and iOS devices for a while now. It doesn’t require an active internet connection, but it requires both devices to be connected to the same WiFi network. It utilizes a feature called WiFi Direct for blazing fast transfer speeds.

Download: ShareIT for Android (Free) | ShareIT for iOS (Free)

Automatically Sync All Your Files Across Several Devices

Do you have some important files on your Android that you want to keep up-to-date always, across all your devices?

Enter Resilio Sync.

Resilio Sync lets you sync all your files/folder across your phone, computer, and NAS. Every time you make changes to a file, it instantly syncs the changes seamlessly across all your registered devices. It also features a proprietary file transfer service that the company claims “skips the cloud and finds the shortest distance between devices.”

Download: Resilio Sync ($59.99, business plans start at $29/mo)

These days, note-taking apps tend to add a whole lot of features. Most OneNote or Evernote users aren’t utilizing half of those features. In fact, these simpler, uncomplicated notepad apps can actually make you more productive.

A lot of productivity is about discarding unnecessary things that you think are necessary. Strip the useless bits of note-taking apps and you’re left with lean and mean productivity tools, ready to get things done. It’s something that the Notes app on macOS and the ever-popular Simplenote app do well. And that’s the philosophy that more apps have taken up.

So try out these free web-based notepads, ready to jot down what you have to say. And each adds a little something to make your life easier.

Nooot (Web): Always-Saving Web Notebook With a Unique URL

Notepads and notebooks are best when you don’t need to actually click the save button. When you type anything, they should save it automatically. Not only does Nooot do that, it also gives you a unique URL.

Here’s how it works. Go to the site and choose a unique URL to type into the box Nooot provides. If successful, that’s your notepad from now on, saved forever. And yes, it’s completely free. Any time you want to access that notepad, just go to Nooot and type it in the box again. Simple, eh? Plus, you can make as many such notepads as you want.

The only missing feature is any password protection in your Nooot. That means anyone with your Nooot URL can also visit your notepad. If you plan on saving any sensitive information, make your URL like a unique password.

Take A Note (Web): Password-Protected Quick Notepad

So let’s say you want something more than what Nooot offers, especially some password protection. Turn to Take A Note. But only if you want the password protection because otherwise, Nooot is better.

Take A Note is a large, blank notepad ready for you to write notes immediately. You can also change the URL to a custom address you remember. And there’s the ability to add a password at any time you want so that no one can tamper with your notes.

Be careful though, the password protection turns the note into read-only mode. If you want to edit it, you’ll need to remove the password, delete or add text, and then password-protect it again.

Dictation.io (Web): Quick Voice Notes and Support for Multiple Languages

Don’t you love it when a no-fuss, no-signup productive app does everything right? Meet Dictation.io, a voice notes app that works through your browser and supports multiple languages. I haven’t seen anything like it before.

Using the app is as simple as it gets. Fire it up, choose the language you are going to speak in, and click the Start button to begin talking. Dictation.io will listen to what you say and turn it into written sentences in the notepad. Apart from the Roman alphabet, it can take dictation in other scripts like Espanol, Russian, Arabic, Hindi, Japanese, and more.

The notepad itself also includes some cool features. You can format the text with basic formatting tools, like bold, italics, strikethroughs, and so on. And the entire notepad can be saved to your hard drive or exported as an email or tweet. And of course, you can print it out if you want to.

RexPad (Web): Powerful Yet Fast Full-Featured Notes App

With the number of things RexPad packs in, you’d expect it to be a little slow. But this app surprises you with how fast and lightweight it is, while still offering the kind of features you see in heavy apps like OneNote or Evernote.

RexPad is text-only, but it achieves everything you want in a text-only notepad. You can write notes with full text formatting, to-do lists, bulleted lists, and anything else you can think of. The to-do lists actually have checkboxes to tick once you’re done. You can add hashtags to tag similar notes, and the powerful search feature is lightning-quick at finding what you want.

The app also includes a simple note-sharing feature to collaborate with others. Share the link with any email address, and they can see and edit the note as long as they register for Rexpad. Give it a try, the look and feel of this one might be just what you have been looking for in a notes app.

Snippetnote (Web): Notes That You Copy-Paste Often

There are somethings that you tend to write often in different places, like your full home address or a favorite emoticon like the shruggie. It’s easier to use a text expander for these, or copy-paste them from a clipboard. Snippetnote does just that.

It can seem a little strange to use a clipboard as a notepad, but try it out. The Snippetnote developers are on to something here. Start adding notes you use often to the app, and see how it retains text formatting to ensure a good copy-paste experience. In fact, Snippetnote works exceptionally well with code syntax and highlights, making it a valuable tool for coders.

It’s also nice to have an app that works across devices, where all you need to do is sign into a website to access your frequently used snippets. Given that it’s mobile-friendly, the cross-use between desktop and mobile is welcome.

In today’s global digital economy, protecting data privacy is a must. With customers all over the world, every company must be able to demonstrate how they are protecting data privacy to earn the trust of their customers, users, partners and employees. It starts with these three things.

1. Be transparent and accountable. Let customers and partners know your commitment. For example, Cisco is committed to helping our customers and partners by protecting and respecting personal data, no matter where it comes from or where it flows. We have established long-standing security, data protection and privacy programs and are committed to comply with regulations, customers’ needs and our own corporate code of conduct.
2. Invest in a comprehensive data protection program.  Make sure your data protection program covers data throughout its lifecycle. It begins with security and privacy by design and includes privacy engineering methodology and privacy-enhancing technologies (PETs); managing collection, use, processing and storage; addressing operational needs such as reporting and oversight; and secure disposition or destruction at end of life.
3. Be vigilant about global regulatory requirements. Addressing personal data handling requirements across different jurisdictions around the world requires a mature data privacy practice that aligns with industry best practices, customer demands and regulatory requirements. Being a global data citizen includes awareness and structured flexibility across cultural divides.

With enforcement of the European Union’s General Data Protection Regulation (GDPR) just around the corner (May 25), Cisco has been getting ready for GDPR across its global enterprise. Additionally, to secure a safe and legal transfer of personal data across multiple jurisdictions, Cisco was an early adopter and among the first to achieve Asia Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules system certification. We are also certified under both the European Union (EU) and Swiss-U.S. Privacy Shield and recently received accreditation under the EU’s Binding Corporate Rules with policies aligned to GDPR.

With an eye to these three things and a collaborative, risk-based approach to data privacy, companies can focus and respond effectively in an ever more complex and dynamic world.

College students access open networks more often than any other online users. Unfortunately, some students are careless with managing online activities and personal information, which can make you more vulnerable to security threats, identity theft and malware attacks. Any time you log in to your social media accounts, you leave digital footprints that could be traced back to your identity. Having sensitive data, such as credit card or bank account data and passwords, fall into the wrong hands could result in major repercussions. Identity thieves can access payment information using your login credentials and make fraudulent transactions with your debit and/or credit cards. In addition, posting photos online and location check-ins or tags expose you to stalkers and cyberbullies who can use this information against you. Therefore, as a student, it is important for you to manage your privacy online. Below are some useful guidelines.

Avoid Downloading Free Media

Downloading media from direct download websites, torrents or streaming hosts opens your devices up to viruses and malware. Some of these websites contain malicious codes that can be used to steal your personal information. To prevent this from happening to you, avoid downloading illegal content from piracy websites.

Do Not Store Your Payment Information Online

Amazon and other popular online retailers give users the option of storing payment information on their sites for future use. Even though some of these sites are secure, cybercriminals can still hack and access this stored information and make unauthorized transactions. Avoid storing payment information online to improve your financial security.

Use Strong Passwords

Using your name, birth date, pet’s name or phone number as your password makes it easy for hackers to crack your account. The stronger your password is, the harder it is for hackers to crack. Make your password a sentence that’s at least 12 characters long – you can even use capital and lowercase letters, numbers, symbols, punctuation and spaces!

If you have a lot of passwords to remember, you may opt to use a password manager that helps you manage all your passwords securely. With many password managers, you only need to remember one password that will enable you to log in to any website that has your login credentials.

Avoid Oversharing Personal Information

Since it’s hard for students to resist the urge to share everything online, cybercriminals can easily access their personal information and use it against them. To prevent this, avoid oversharing and review your privacy settings so that your status updates can be viewed only by the people you trust. Also, declining friend requests from strangers, since they may not be trustworthy, is best practice.

If what you are sharing involves your friends or family, make sure that you check with them to see if they are comfortable with you doing so. This will help you to avoid sharing their sensitive information. Posting about your neighborhood or place of residence could also make your home a target for robbery.

Install The Latest Antivirus Software

Antivirus software protects devices from trojans, worms, viruses and spyware. These malicious programs are capable of invading your privacy and stealing personal data; it is important to have your devices protected by the latest antivirus software.

Unique Account, Unique Password

Create different passwords for different accounts; if a criminal has your login information for one account, he/she will try to break in to your other accounts.

Delete or Clear Tracking Cookies

Tracking cookies are pieces of code that sites attach to your devices to store information concerning what you do while online. This information is then sold to various companies across the globe without you knowing about it.

In case you have concerns regarding the manner in which the data about you is both collected and used, remove or block all the unwanted cookies regularly on your browsers.

Encryption

It is common for social media and banking login pages to use HTTPS encryption to scramble login information and help prevent identity theft. Prior to signing in to a social media platform or other website or app, ensure that you check for https at the beginning of the URL.

It is also possible for you to encrypt your whole hard drives via the use of BitLocker by Microsoft or FileVault by Apple. These two software programs are examples of some of the best current methods of protecting your documents in case you find yourself in a data theft quagmire.

Pop-Up Blocking

Almost all browsers available today have built-in settings that assist in the prevention of pop-ups. In addition to this, you may find that others can allow you to modify the pop-up restrictions in order for you not to miss out on some legitimate data online. With these features available, it is possible for you to avoid accidentally stumbling upon malicious ads.

Be Careful on Public Networks and Computers

Cybercriminals can install malware on public computers and collect personal information from unsuspecting users. Alternatively, these criminals can set up free Wi-Fi hotspot stations and use phishing to collect information. To avoid becoming a victim to such scams, steer clear of using public networks for personal and financial matters.

Conclusion

It is still possible to use social networks to share and engage, but it’s important to be cautious and ensure that you keep your personal information from getting into the wrong hands. Identify the threats to which you’re most vulnerable, and take the necessary measures to protect yourself.