Tuesday, 27 June 2017

On 07:58 by Vismit Rakhecha in    No comments

On 04:49 by Vismit Rakhecha   No comments
Microsoft, Facebook, YouTube, and Twitter have formed a team to combat terrorism. These platforms have formed the Global Internet Forum to Counter Terrorism, which will aid in making their services "hostile to terrorists and violent extremists".

The four platforms will now share data and resources for fighting terrorism and will develop new detection techniques for this purpose. This forum also aims to formalize and structure existing and future areas of collaboration between their companies and nurture cooperation with smaller tech companies. This means that the four participating tech giants will also reach out to other smaller tech organizations for countering extremist content.

The forum members also believe that by working together they will have a greater impact on countering terrorism. In its blog post on the matter, Twitter said:
The spread of terrorism and violent extremism is a pressing global problem and a critical challenge for us all. We take these issues very seriously, and each of our companies have developed policies and removal practices that enable us to take a hard line against terrorist or violent extremist content on our hosted consumer services. We believe that by working together, sharing the best technological and operational elements of our individual efforts, we can have a greater impact on the threat of terrorist content online.
This forum builds on initiatives like the EU Internet Forum and the Shared Industry Hash Database. The creation of this database follows initial efforts by Dartmouth College supported by Microsoft. In addition to that, Twitter stated that this will also foster cooperation between international bodies like the European Union and the United Nations and even civil society groups.

As far as the impact upon online terrorist content is concerned, it remains to be seen as to how effective the joint effort will be with respect to content published on the platforms controlled by members of the forum and the web in general.

Source: Twitter
On 04:47 by Vismit Rakhecha   No comments
The European Commission (EC) has been investigating Google for alleged anti-competitive practices for some time now. Today, the European Union's antitrust regulators handed Google a record-breaking fine, as they concluded a seven-year investigation into the firm's shopping search service.

"The European Commission has fined Google €2.42 billion [roughly $2.7 billion] for breaching EU antitrust rules," the EC said in a press release today. "Google has abused its market dominance as a search engine by giving an illegal advantage to another Google product, its comparison shopping service."

The EC ordered Google to end its anti-competitive practices within 90 days "or face penalty payments up to 5% of the average daily worldwide turnover of Alphabet, Google's parent company."
European Commissioner Margrethe Vestager, who oversees EU competition policy stated:
Google has come up with many innovative products and services that have made a difference to our lives. That's a good thing. But Google's strategy for its comparison shopping service wasn't just about attracting customers by making its product better than those of its rivals. Instead, Google abused its market dominance as a search engine by promoting its own comparison shopping service in its search results, and demoting those of competitors.What Google has done is illegal under EU antitrust rules. It denied other companies the chance to compete on the merits and to innovate. And most importantly, it denied European consumers a genuine choice of services and the full benefits of innovation."
The fine dwarfs Europe's previous largest antitrust penalty, a €1.1 billion fine directed at Intel in 2009. The EC can apply a maximum fine equivalent to 10% of a company's global annual sales, which for Google would have amounted to roughly $9 billion of its 2016 revenue. Google is unlikely to draw much comfort from knowing that its fine could have been a great deal larger.

Google is still entangled in further antitrust investigations by the EC.

Following a separate probe, the EC formally accused Google in April 2016 of having "abused its dominant position" in Europe with its Android operating system. Google responded by saying that Android is "good for competition and for consumers". The EC hasn't yet announced its final determination in that case, which could also result in massive fines for the company.

Google is also under a third antitrust investigation by the EC, in which it stands accused of having abused its dominant position in the online advertising market, after it allegedly prohibited AdSense for Search users from accepting rival search ads.
On 00:18 by Vismit Rakhecha in    No comments
If smartphone hardware rumors are on the money, and they are usually at least in the ballpark (with the exception of transparent, bendable phones; apparently forever doomed to be mocked up in Photoshop) — then a 3D depth sensor is coming to the front-facing camera of a handset near you in the not too distant future.

Indeed, Apple has been rumored to be prepping to add such a sensor to its next flagship iPhone. Which is an educated guess — based on the company acquiring 3D sensor company PrimeSense, back in 2013. That and the fact rumors have been cranking up such an iPhone is coming this year.
But what’s the point of adding a Kinect-style depth sensor to a mobile device? There are lots of potential uses, of course, from gaming to augmented reality selfies to capturing and mapping 3D spaces. But one simple but practical use for this extra sensor would be 3D facial recognition for biometric authentication.

Just such a feature is set to be demoed at the MWC tradeshow in Shanghai this week — by SoftKinect, the wholly owned Sony subsidiary which makes camera sensor modules, running on a Sony Xperia smartphone and using facial recognition software from a Swiss company called KeyLemon.

To be clear this is not the 2D ‘face unlock’ we’ve seen on Android smartphones for years (Google’s platform added a face unlock feature as far back as 2012, in Android 4.0). The point with 3D facial recognition is to provide a (more) spoof-proof biometric authentication — i.e. which can’t be fooled by holding up a 2D photo in front of the front-facing lens.

Nor could you — presumably — 3D-print an entire head and hope to fool the “near-infrared” sensor with a lump of moulded plastic (though you can bet the Chaos Computer Club will try).
One advantage of a 3D sensor powered facial biometric, according to a KeyLemon spokesman, is that non-frontal faces can be used for authentication — because the hardware captures a depth map. So there’s presumably more flexibility (and fewer fails) for the user, provided the enrollment of the biometric is robust.

“To sum up, you get a secured and convenient authentication method,” he said.

How secure remains to be seen, of course. Biometrics on phones, such as 2D face and iris unlock/authentication, have proved to be about as secure as setting your password to “password”. But the additional depth sensor should, at least in theory, add an extra security layer to a facial biometric.
Apple’s iPhone already uses a fingerprint biometric for authentication and unlocking. Which has long been shown to be vulnerable to some fairly crude workarounds. So a 3D facial biometric would represent — at very least — a security upgrade on that low bar.

While there are some potential practical benefits for users too, as fingerprints can fail if your skin is especially dry or wet. Or you don’t want to have to touch your phone because you’re preparing food, for example.
Having a face-based option for authenticating on a mobile device could support entirely hands-free interactions — say if the phone is in a cradle you would just need your head to be visible to the sensor for unlocking (although that might also cause problems if you can accidentally authenticate just by having your face in frame).

Clearly a lot will depend on how such a feature is implemented.

On the privacy front, phone users who prefer to cover up the front-facing lens of their handset unless they’re actively using the camera might also find a facial biometric an unwelcome imposition.
But widespread implementation of 3D sensors in smartphone cameras is at least surely on the cards — given that Sony is a major supplier of image sensors to the industry. (Back in 2014 the company reportedly accounted for roughly 40 per cent.) And has apparently now managed to pack all the necessary sensing tech into a single, front-facing camera lens.

So expecting smartphone cameras to soon come with extra sensing powers seems a fairly safe bet.
On 00:15 by Vismit Rakhecha   No comments
Facebook is bringing a ton of new filters, masks and video reactions to video chats in Messenger, aiming to deliver a more fun experience to younger users on the app and shore up the service against competing video chat apps.

The update is centered all around fun, visual filters.

Video reactions will allow you to choose one of the Facebook reaction emojis and bring up custom video filters that share your joy, anger, sadness or more. The live filters allow you to react to conversations in a more visual way.

Additionally, the service is introducing stylistic filters that can give your video footage a different color hue or lighting type. You’ll be able to preview these filters live before sharing the style with your group.
Continuing with the filter-centered update, Facebook is bringing some new augmented reality masks to video chats, allowing users a greater depth of variety in what exactly they can become onscreen. Animated effects like falling hearts and shooting stars that react to your movements will also be included in the update.

Alongside the filter updates, Messenger will be making it easier for users to take screenshots of their video chat conversations with a dedicated button that will save images so you can easily preserve a snapshot of a call without fumbling with multi-button combinations.

While services like FaceTime are popular, they’re pretty bare-bones compared to most photo and video apps out there. iMessages has already copied more fun-loving chat apps in a lot of ways, but video chat is still pretty dull. Adding in some fun and goofy filters gives Messenger a chance at capturing the attention of more young users, though the app continuing to add complexity also risks creating headaches for those who just want an easy way to chat with their FB friends.
On 00:07 by Vismit Rakhecha   No comments
Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.
A targeted user who had real-time protection turned on wasn't required to click on the booby-trapped file or take any other action other than visit the malicious website or receive the malicious e-mail or instant message. Even when real-time protection was off, malicious files would be executed shortly after a scheduled scan started. The ease was the result of the vulnerable x86 emulator not being protected by a security sandbox and being remotely accessible to attackers by design. That's according to Tavis Ormandy, the Google Project Zero researcher who discovered the vulnerability and explained it in a report published Friday.
Ormandy said he identified the flaw almost immediately after developing a fuzzer for the Windows Defender component. Fuzzing is a software testing technique that locates bugs by subjecting application code to corrupted data and other types of malformed or otherwise unexpected input.
"I took a quick stab at writing a fuzzer and immediately found heap corruption in the ERNEL32.DLL!VFS_Write API," he wrote on June 7. "I suspect this has never been fuzzed before." Google published the report on Friday after Microsoft released an update that patched the code-execution flaw. It was the third critical Windows Defender vulnerability Project Zero researchers have uncovered in the past seven weeks. The emulator is used to execute untrusted files that might have the potential to execute code. Asked if Microsoft had previously fuzzed the Windows Defender component, a company representative said yes.
"Fuzzing is one of a number of techniques we employ to update and strengthen our software," the representative said in an e-mail. "It is a standard practice we use as part of the Security Development Lifecyle for our products."
In an advisory that was also published Friday, Microsoft officials said attackers who exploited the vulnerability could execute arbitrary code that would run with the rights of a LocalSystem account. According to this document, the account has "extensive privileges on the local computer and acts as the computer on the network." Exploiting the memory corruption bug in the Windows Defender emulator, an attacker could take control of the system and perform a variety of tasks, including installing programs, viewing, changing, or deleting data, as well as creating new accounts with full user rights.

Warning, this file may crash your server

As a testament to the ease of triggering the bug, Ormandy took special precautions in publishing some of the proof-of-concept exploits, which were linked to a file named testcase.txt. "Note that, as soon as the testcase.txt file touches disk, it will immediately crash the MsMpEng service on Windows, which may destabilize your system," he wrote. "The testcases have been encrypted to prevent crashing your exchange server."
In early May, Microsoft patched a separate severe code-execution vulnerability in the malware protection engine. That's the engine that powers Windows Defender, which is installed by Default on all consumer PCs running supported versions of Windows. Ormandy called the flaw "the worst Windows remote code exec in recent memory," and he warned that attacks "work against a default install, don't need to be on the same LAN, and [they're] wormable."
Ormandy and fellow Project Zero researcher Natalie Silvanovich discovered the issue and reported it. On May 25, Microsoft closed yet another code-execution hole in the malware projection engine that, like the other two, could be exploited with little or no interaction on the part of targets.
The steady accumulation of critical AV vulnerabilities unearthed by Ormandy has involved products from a variety of companies, including Kaspersky Lab, Trend Micro, Symantec, McAfee, Eset, and Comodo. Taken together, the findings demonstrate how AV use can open users to attack they otherwise wouldn't be vulnerable to. At the same time, AV in many cases prevents infections that would otherwise prove costly, particularly for less experienced users who aren't likely to be individually targeted by state-sponsored hackers.

Monday, 26 June 2017

On 07:32 by Vismit Rakhecha in    2 comments
It is a huge privilege to be granted an interview with Falgun Rathod, a "Information Security Professional" whose contributions are acknowledged by government and private sectors. 

So now without wasting the time, lets start interview with him and find out more !

Which are the most concerning Cyber- threats for Private business and Government organization ?

Falgun : APT as well as 0 days’ attacks are always been concerned for corporate and government organization.

If you neglecting security and taking it on granted remember data is everything may be more than money sometimes which can give you sleepless night.

Which are the industries most exposed to Cyber-attacks and why ?

Falgun : Nothing is secured from cyber-attacks. Everyone now a days carry data and money with them in pockets in mobile, tablets or laptops. Talking about impact finance, hospitals, IT, service industries are most impacted while cyber-attacks.

As a Cyber-security professor, what concepts are you teaching students that are new for even you, a veteran of the industry?

Falgun : Being a cyber-security professor, I always think information security as a practicing field. There are nearly few concepts in which I am interested to teach students like critical infrastructure security, IUTC purity and so on.

How has Cyber-security changed since you entered it? Where do you see it going in upcoming years?

Falgun : When I entered into the industry it was late 2009. No one was aware about the industry nor Media was talking about it. Only fee experienced people were used to it. But later as years passed now it has become the necessity and need. People are now getting aware and trained, it is booming industry. There are millions of jobs in this industry and costing trillion dollars’ industry in upcoming years.

Malware and Internet of things, what to expect in the next coming years?

Falgun : APT going to be new Cyber Weapon in upcoming years. We have recently seen wannacry, mirae and few other attacks. But obvious IOT and AI being the next step of IT industry which will evolve and with evolution security will also be tougher.

Which are the government most active in Cyber-space?

Falgun : Most of European Countries, US, Australia, China, Korea and now South Africa and India is becoming a part of the race which will have impeccable journey towards securing the cyber space and netizens.

In your opinion, is it an ideal time to go inti IT or to become an IT specialist? If so, why?

Falgun :  Every time is right time if you are willing to join any industry. I am not getting diplomatic but it’s my personal opinion. If you are dedicated and focused no one can stop, you to be a master of gem. I will specially suggest that go for something you are passionate about. IT Security is always look for skilled candidates.

What qualities or skills do you think are necessary for pursuing a career in IT and Cyber-security?

Falgun : As said, a candidate should be skilled, focused and dedicated towards the goal which makes him successful in any industry while same goes for Cyber security. Those who want to jump into the industry should more plan and research where exactly they are good at. My students range from age 15 to 70 from preschool students to retired from schools, corporates and governments. Few has become VP of the companies, few are working in very well-known Security companies and few are freelancer researchers earning millions seating at home. A best security person is the one who is pace learner, dedicated and focused.