iGyaan Network

Tag: Cyber Security

  • Microsoft Takes Down Online Facial Recognition Database Over Accusations

    Microsoft Takes Down Online Facial Recognition Database Over Accusations

    As a consequence to yet another accusation, American technology giant Microsoft quietly removed an online database that contained a whopping 10 million images of almost 1,00,000 people. As per reports, the images were derived from a multitude of search engines and were published in a dataset called MS Celeb in the year 2016. Accusations stated that many people in the dataset were not aware that their images were being used and that their consent wasn’t asked for while capturing the images.

    The images in the Microsoft dataset were being used to train AI based facial recognition systems around the world. For instance, Chinese firms SenseTime and Megvii were using the images in the set to develop their software. Moreover, military researchers were also making use of the images to train recognition-based applications. The same dataset was previously used in an AI project to identify various celebrities. Sources state that the database has been directly linked to China’s efforts to crack down on ethnic minorities in the country.

    The images of people included in Microsoft’s database were scraped from the web under the Creative Commons License. As per the License, people can academically reuse the images, provided that permission has been granted by the copyright holder of the image, not the subject of the image. Previously, in April 2019, the Chinese government used facial recognition software to keep tabs on 11 million Uighurs (Muslim Minority).

    google glass facial recognition

    Also Read: NASA Opens Commercial Opportunities For The International Space Station

    This may be an alarming wake-up call for conglomerates in the light of the fact that consent is absolutely compulsory. If a check is not kept on the method which is being implemented to capture facial-recognition data, the same data can be used in unethical ways. Law enforcement agencies these days rely heavily on technology to ease investigations, but any software isn’t without its flaws. Further developments will expectedly shine more light on the case, but as of now, Microsoft has not stated anything regarding the matter.   

  • Google Wants Users To Encrypt Data Using A New Hardware Titan Security Key

    Google Wants Users To Encrypt Data Using A New Hardware Titan Security Key

    With the increase in internet traffic, the risk of falling victim to malicious threats has also increased. It has become rather unmanageable to keep up with all the security protocols, even simple tasks like changing passwords regularly can be an ordeal.  The lack of user safety and the number of increasing threats put your private data at risk. Google claims that it has kept its employee data safe since 2017 without ever facing a leak since. The company has been using a hardware encryption key called the Titan Security Key. Google is now selling this Titan Security Key to anyone who seeks a safer internet experience.

    Also Read: Google Sued For £3.2 Billion For Secretly Tracking Browsing Data For 4.4 Million iPhone Users

    How Does The Titan Security Key Work?

    With Google’s two-step verification method, users have to use a special code to authenticate your login session. Instead of using a method of one-time codes via text message, with the Titan Security Key you just have to tap a button on the key. So, it works is just by replacing the hassle of trying to enter codes every time you want to log into a new machine.

    Titan Security Keys work with many devices and apps, support FIDO protocol, and are built with a secure element and a firmware written by Google that verifies the integrity of security keys at the hardware level. Security keys are recommended for all users for stronger protection against phishing, enforcing security keys for admins and other high-value users should be the first step.

    "<yoastmark

    How To Set Up Titan Security Key?

    To set up Google’s Titan Security Key users need to go to their Google Account settings and find the two-step verification section. From there the user gets the ability to add a key or keys. This will allow users to login in to google services and accounts by entering the ID and password and a quick tap on the button on the Titan key.

    Titan Security Key

    Pricing And Availability Of Titan Security Key

    The Titan Security Key is available in two variants, a USB variant, and a Bluetooth variant. The USB version is available for $20 (Rs. 1,372.81 approx) and the Bluetooth variant costs $25 (Rs. 1,716.01 approx). However, Google is also selling both the devices as a bundle for $50 (Rs. 3,432.03 approx). While the key is available in the US, there is no word if and when the device will be available in India and rest of the world.

     

    Have something to add? Leave a Comment Below!
  • Baba Ramdev’s Kimbho Messaging App Disappears From Google Play Store Within 24 Hours Of Its Launch

    Baba Ramdev’s Kimbho Messaging App Disappears From Google Play Store Within 24 Hours Of Its Launch

    Baba Ramdev, the infamous yoga guru launched a “swadeshi messaging app”, called Kimbho in India on May 30th. The app was launched as a competition to WhatsApp which is the world’s most used instant messaging app. Kimbho, however, is no longer available for download from either Google Play Store or iOS App Store. While many are bemused by the sudden vanishing, it appears that a recent takedown of the app’s security frailties might be the prime reason behind it.

    A few hours after the launch, a Twitter user who goes by the name of Elliot Anderson tweeted a series of flaws that were found in the app. The French security researcher took to Twitter and posted a few screenshots and a video. According to the video, it’s possible to choose a security code between 0001 and 9999 and send it to the number of your choice. He also tweeted that he can access everyone’s messages and that the app is a security disaster.

    An even more amusing fact that he discovered is that Kimbho is an identical version of another application. The screenshots and app description of Kimbho is the same as another messaging app called Bolo. To make matters worse for Kimbho, users started receiving OTP messages for Bolo Chat App instead of Kimbho. This proved Anderson’s finding that the app is indeed built on the Bolo app and the Kimbho developers didn’t even fix the OTP SMS format.

    Kimbho, however, has a completely different take on the issue. According to a new tweet, the app has “extremely high traffic,” and that it “will be back shortly.”

    https://twitter.com/KimbhoApp/status/1002076004590895106

    At the time of its launch, a company spokesperson explained the meaning behind the app’s unusual name. Kimbho is a Sanskrit word and according to Patanjali’s spokesperson SK Tijarawala, it means “How are you?” or “What’s new?” The app has, or rather had, all the features you’d want in a messaging app. Users could send text, video, images, GIFs, stickers, doodles and more. According to the app’s description, users can block unwanted conversations or users and is encrypted by AES for security.

    It appears that the people over at Kimbho realised that its security shortcomings have been exposed. Taking down the app means it’s been worked upon and it might be released in the future with better security.

  • Russian Hackers Are Using Wi-Fi Routers To Hack Into Homes And Government Offices

    Russian Hackers Are Using Wi-Fi Routers To Hack Into Homes And Government Offices

    Cyber attacks being carried out by Russian hackers seems like a news that started floating around decades ago. Time and again, we have come across instances where the US government has warned its people about the danger that Russian hackers carry. Now, a new security alert has identified that hackers are now using large numbers of routers, switches, and other network devices that are well past their last security update to compromise US homes, government offices, businesses, and critical infrastructure providers.

    According to the US Department of Homeland Security and FBI and the UK’s National Cyber Security Center, Russian hackers can extract a lot of sensitive information like passwords, intellectual properties by gaining access to network devices around an office or a home. With advancements in technology and the widespread use of smart home products in a lot of places, it is hard to imagine any home or workplace to not have network devices like smart switches or WiFi routers. This is even more severe in a country like the US where the internet is so readily available and smart home products are cheaper and easy to use.

    The technical alert has highlighted the severity of this situation and the timeline of the information the security personnel received.

    Since 2015, the US government received information from multiple sources—including private- and public-sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers and switches worldwide.

    In a detailed account of Russian hackers misusing the poorly secured network devices in government offices and other sensitive places, the alert notice laid down different stages of the hacking process.

    • Reconnaissance is the first stage when hackers identify poorly secured network ports like network management protocol
    • The second stage is the weaponisation and delivery of traffic to the identified devices that cause such devices to send the hackers configuration files that contain cryptographically stored passwords and other sensitive data
    • The third stage is exploitation is when attackers use this data to gain access to the compromised devices
    • The final stage is command and control, wherein the hackers use the newly gained access to pose as previous or trusted users to establish a connection

    Cisco, a multi-million dollar tech conglomerate has already identified that its install client was recently compromised. Cisco is a manufacturer of a lot of network devices that are used by a lot of citizens of the US.

    The access gained by Russian hackers is mainly down to old network devices like routers and switches. These devices run on old firmware and are not updated to the latest security protocols allow hackers to gain remote access to the network without even installing any sort of malware. With this security alert now made available to all government officials, it is yet to be seen what the workplaces will do in order to curb the situation and make them less vulnerable to cyber attacks from Russian hackers. Until then, to protect yourself from such threats, make sure to use adequate security protocols like strong passwords and update your hardware firmware in a timely manner.

  • Despacito YouTube Video Deleted By Hackers

    Despacito YouTube Video Deleted By Hackers

    Update: The video has been recovered by YouTube and is now live on the video streaming platform.

    Luis Fonsi’s song, Despacito became the most-watched video ever on YouTube. Now, after falling victim to a cybercrime, the official video of Despacito has been deleted from YouTube while several accounts of other artists have also been compromised.

    At first, the thumbnail for the video was altered. The original image was replaced with a group of masked men holding guns and the description was changed by a group of hackers calling themselves Prosox and Kuro’ish. The hackers also wrote “Free Palestine” in the description of many videos. The image of the masked gang members is from the Netflix show, Casa de Papel.

    Apart from Luis Fonsi (creator of Despacito), several other artists’ Vevo accounts including DJ Snake, Shakira, Katy Perry, Taylor Swift and more have been hacked.

    YouTube

    Almost all the videos of these artists are available on YouTube as of now. However, the titles, descriptions and thumbnails of many famous videos have been compromised. It is worth noting that all these videos were uploaded to the Vevo accounts of these artists. There is no clarity about the degree of access these hackers have gained. Whether these hackers have gained access to individual accounts or if there was a wider attack on Vevo accounts.

     

  • Mark Zuckerberg Apologises For Facebook Data Scandal In Full-Page Newspaper Advertisements

    Mark Zuckerberg Apologises For Facebook Data Scandal In Full-Page Newspaper Advertisements

    Facebook, over the past few days, has been under tremendous scrutiny. Mark Zuckerberg first posted on Facebook addressing the whole issue. However, the Facebook post looked more like a recap of the controversy and less of an apology. He talked about steps that Facebook will take in order to curb this problem. But, never once said that he or the company was sorry for what had happened.

    Now, the social media and giant has taken to print media to issue an apology. Facebook took out several full-page advertisements in newspapers like the New York Times, Wall Street Journal, The Washington Post and several UK papers. The ads take the form of an apology written by Mark Zuckerberg, co-founder and CEO of Facebook Inc.

    The apology, again, talks a lot about the steps Facebook is taking or has taken already to curb data breaching. The apology reiterates that the company has limited the amount of data an app gets when a user signs up through their Facebook account. However, the tone of the ad certainly is a bit more remorseful than the Facebook post from last week. Zuckerberg writes, “This was a breach of trust and I’m sorry we didn’t do more at the time. I promise to do better for you.”.

    A few days ago, a story broke out, exposing a British data analytics firm and its illegal acquisition of private data of about 50 million users. Cambridge Analytica, the firm in question performed work for the campaign of President Donald Trump and made ads for the Defeat Crooked Hillary page. Worth noting that that the page was run by the Make America Number One super PAC (Political Action Committee). Co-incidentally, both the Cambridge Analytica and Make America Number One financed by Robert and Rebekah Mercer, who backed Donald Trump in the general election.

    POTUS Donal Trump

    Ever since the story went public, the repercussions have been severe for the social media giant. Apart from a massive dent in its reputation, the company has been hit with several lawsuits. The hashtag #DeleteFacebook has been trending on social media as well. Moreover, the company has lost over US$ 60 billion in market cap since the controversy began.

  • Facebook CEO Zuckerberg Promises To Protect Personal Data

    Facebook CEO Zuckerberg Promises To Protect Personal Data

    Facebook has been under the scanner for the past few days. The controversy of Cambridge Analytica has sparked a huge debate about Facebook and its data sharing practices. Apparently, Cambridge Analytica performed work for the campaign of President Donald Trump. It made ads for the Defeat Crooked Hillary Facebook page. Co-incidentally, both the Cambridge Analytica and Make America Number One financed by Robert and Rebekah Mercer, who backed Donald Trump in the general election.

    Mark Zuckerberg’s Statement

    Now, Facebook co-founder and CEO, Mark Zuckerberg has come out and addressed the issue. This post comes in a few hours after the #DeleteFacebook started trending across social media. The long post, in a nutshell, talks about the controversy and Facebook’s stance. While talking about the issue in hand, he also outlined a few steps Facebook will take.

    • Facebook will investigate all apps that had access to user data before 2014. This is because it was in 2015 when Facebook changed its Privacy Policy to reduce data access. The company plans on banning any user that had misused the data. Every “thisisyourdigitallife” user will be informed about their data breach. Every user of an app will be informed about it when Facebook bans that app.
    • If someone hasn’t used an app within the last three months, Facebook will turn off the app’s access to their information.
    • From now on, every app that requires a Facebook Login will only have access to name, profile photo and email address.

    The rest of the press release tells us what we have known already. While the steps mentioned by Zuckerberg do make a lot of sense, their implementation is what will matter. Facebook has already lost over US$ 60 million in market cap. Astonishingly, that is more than the entire market capitalisation of Tesla Inc.

     

     

  • #DeleteFacebook Is Trending: Here’s What Has Happened

    #DeleteFacebook Is Trending: Here’s What Has Happened

    On the 20th of January, Donal Trump was inaugurated as the United States’ 45th President. Leading up to that day was an excruciating Presidential campaign. Wherein Hillary Clinton lost to Trump on the basis of electoral votes. Even though Clinton was ahead by 2.1% in popular votes, she conceded the election on the 9th of November. Ever since his election, Donal Trump and his Presidential campaign have come under a lot of scrutinies.

    [section label=”Background”]

    A few weeks ago, the Justice Department indicted 13 Russian nationals and 3 companies for interfering in the 2016 presidential election. The Russians stole the identities of American citizens and posed as political activists to deviate the public opinion against a certain Presidential candidate. However, there was no accusation that President Trump or his associates were knowingly part of the conspiracy.

    And now, a British analytics firm, Cambridge Analytica has come under the radar. It has been accused of illegally capturing data of 50 million Facebook users for target-based advertising during the Presidential campaign. Apparently, Cambridge Analytica performed work for the campaign of President Donald Trump and made ads for the Defeat Crooked Hillary Facebook page.

    Worth noting that that the page was run by the Make America Number One super PAC (Political Action Committee). Co-incidentally, both the Cambridge Analytica and Make America Number One financed by Robert and Rebekah Mercer, who backed Donald Trump in the general election.

    [section label=”Key Events”]

    The question arises then, how did a company get hold of personal information of 50 million Facebook users? Illegally, for starters. Apparently, Aleksandr Kogan, a University of Cambridge psychology professor got permission from Facebook to harvest information from users who downloaded his app, thisisyourdigitallife. But, users who downloaded the app gave the professor the permission to collect data on their location, their friends and even the content they had liked. Krogan, then, passed on this data to Cambridge Analytica which violated Facebook’s rules.

    A recent report on Alexander Nix, CEO of Cambridge Analytica has intensified the allegations on the firm.A British television channel aired a report where he is seen discussing potential bribery and entrapment of politicians. However, Cambridge Analytica has since stated that:

    The report was edited and scripted to grossly misrepresent the nature of those conversations.

    That stance did not stick for too long as Alexander was suspended by the company on 20th March 2018. It is worth noting that Christopher Wylie, a former contractor of Cambridge Analytica is the whistleblower. He shared this information with the New York Times and The Observer. Facebook has since suspended his account.

    In a nutshell, all of this corruption was fueled by the availability of such damming data. After the recent accusations of Russian nationals using Facebook to sway voters, this new accusation is much bigger. It has been revealed that since the story broke, Facebook has lost about US$ 50 million in market cap. Also, the hashtag #DeleteFacebook has been trending elsewhere.

  • How To Delete Personal Data On Facebook Without Deleting Your Account

    How To Delete Personal Data On Facebook Without Deleting Your Account

    Facebook is getting a lot of undesired attention. The company is accused of harvesting millions of Facebook user’s personal information to Cambridge Analytica. Even WhatsApp co-founder has tweeted with a hashtag #DeleteFacebook, asking people to delete their Facebook accounts. However, deleting a Facebook account once in for all might not be a feasible solution, as most of the day to day activities are directly connected with it. Instead, remove the private data stored on Facebook.

    Methods to delete personal data

    There are two methods to remove already existing data on Facebook. The first method helps to prevent Facebook from collecting additional data from other platforms like Instagram. Go to Settings>Apps>Websites and plugins then click on disable platform. This action will prevent you from signing-in to other applications or platforms that use your Facebook details. After doing this, you might not be able to play games or access applications. However, the already signed-in applications will still collect your data, until you sign-out of that application individually.

    Facebook

    The second method gives a more refined control over the information that you can share with other platforms. Go to Websites and plugins>Apps Others Use and undo the required checkboxes. The list includes options like your birthday, relation status, interests etc. However, this method might kill some of the app functionality to the third-party apps, which need this information. The page also lists the apps, that you have shared your information with. Remove the apps, that you feel insecure to share your personal data.

    Facebook

    The last option is to go to Ads section in settings to turn-off data collection from other websites, that you visit on a daily basis. Edit your information section from to not to share your personal information with advertisers. If you want to be a pro-private person on Facebook, use a virtual proxy network (VPN) with an add-on which can block cookies.

    Facebook

  • This Device Can Break Into Any iPhone

    This Device Can Break Into Any iPhone

    Smartphones have become our primary devices very quickly. Our documents, pictures, music, everything resides in our palm thanks to smartphones. Also, over the years, smartphones have come under scrutiny for their lacklustre security. A few months ago, OnePlus 5 was found to be vulnerable to hacking. While that was software based, a new device claims to be able to break into any iPhone.

    GrayKey

    A new device called GrayKey looks, ironically, like an Apple TV and can bypass any iPhone’s security code. The device is made by Grayshift, an Atlanta, US-based company and comes to light after the recent debate around company ethics and smartphone security. A couple of years ago, FBI asked Apple to give it access to the iPhones of San Bernardino shooters. Apple declined and FBI discovered that there are third-party services that can break into iPhones. While FBI was able to bypass those iPhones, it is surprising that Apple has not yet closed that backdoor access.

    GrayKey has two lightning cables attached to it. The process of hacking into an iPhone starts with the iPhone being connected to the device for two minutes. After two minutes, the iPhone is disconnected and it shows a black screen. The black screen then displays the passcode and other information. However, it is worth noting that this process depends on how complex the passcode. It can even take up to two days to crack the code.

    Grayshift claims that even disabled phones can be cracked. Once the iPhone is unencrypted, all the data is downloaded to the GrayKey device. What is even more mindboggling is the price of this device. The GrayKey is available in two variants, the US$ 15000 (Rs 975,675 approx.) model needs an internet connection, and is geofenced to work on a single network. The other variant costs a whopping US$ 30,000 (Rs 1,951,350 approx.) which doesn’t need an internet connection and can bypass devices as the owner wants.

    It is worth noting that these devices will be nullified if and when Apple comes up with a fix for this vulnerability.

  • OnePlus Admits Credit Card Information Of 40,000 Customers May Have Been Stolen

    OnePlus Admits Credit Card Information Of 40,000 Customers May Have Been Stolen

    OnePlus has just launched the new Lava Red colour variant of the OnePlus 5T in India, a few weeks after it was unveiled in China. While OnePlus 5T suitors might be rejoicing about another possible option to buy, there are a few customers who might be left with a sour taste in their mouths after shopping on the OnePlus store.

    A few days ago, OnePlus shut down all credit card payments options on its official website after a few reports claimed that a lot of customers were facing issues after making payments on the OnePlus store. Affected customers reported cases of fraudulent transactions made without their knowledge, with one person saying someone ordered US $200 worth of Papa John’s pizza.

    After an investigation, OnePlus posted a statement which will not ring a tone of good news in the ears of the Chinese company or the aggrieved customers. In its forums, the company posted the following:

    We are deeply sorry to announce that we have indeed been attacked, and up to 40k users at oneplus.net may be affected by the incident. We have sent out an email to all possibly affected users.

    [amazon_link asins=’B0756ZFXVB’ template=’ProductAd’ store=’igyaan-21′ marketplace=’IN’ link_id=’3ecc45bb-fdb2-11e7-a7fd-b3483aaa3cda’]

    The company confirmed that the severity of the problem is far larger than initially thought. It continues to state that this could have affected anyone who input credit card information on OnePlus’ website from as far back as mid-November 2017. During the investigation, it was discovered that one of OnePlus’ systems had been attacked by a malicious script that intermittently captured data from a user’s browser window.

    While the infected server has since been isolated, it is unclear as to how much damage the infected server inflicted while its two-month-long active period. OnePlus says that credit card numbers, expiry dates, and security codes may have all been compromised. However, as a silver lining in the dark clouds, credit cards already saved on the site are apparently unaffected, according to OnePlus.

    While the company took the opportunity and apologised to its customers, it is hard to imagine that the company’s reputation will remain unscathed after such a severe incidence. Whether the inability to make payments on its official website will have a huge impact on the sales, especially a few days after the company announced its record sales numbers of 2017, is yet to be seen. However, above the sales figures and record numbers lies the trust of a consumer, and that might be dented after such a huge security failure.

  • Intel Facing Multiple Lawsuits Over Chip Security Flaw

    Intel Facing Multiple Lawsuits Over Chip Security Flaw

    The last couple of days have been frantic for the tech community. Ever since Google released two documents detailing the security flaws in almost every CPU in the world right now, the consumers have patiently waited for a fix for their devices. Some, however, have decided to take matters into their own hands. Owners of Intel-based CPUs in Oregon, California and Indiana have sued Intel over the security flaws that have been highlighted in its chipset.

    They claim that the vulnerability in the chipset, which Intel learned about several months ago, make its chips inherently faulty. Intel has provided security patches ever since, but, the complaints raise concerns that these patches will hinder the performance of their computers and is not an adequate response to the serious issues raised against the company’s products.

    A couple of days ago, Google along with other security researchers released a couple of documents which chronicled the major security flaws in Intel, AMD, and ARM processors. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Google announced a fix for one Meltdown and Spectre vulnerability each and claimed that these fixes won’t result in system slowdowns which was feared by many.

  • Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    Google’s Fix For Spectre And Meltdown Won’t Cause Significant Slowdowns

    A couple of days ago, Google along with a few other security researchers conceded that almost all the CPUs currently functioning across the world are susceptible to a major security breach. The company released two white papers chronicling the two main ways through which the CPUs can be affected, called Meltdown and Spectre.

    It now appears that Google has a fix for this flaw and it might not cause a significant slowdown as well. In a blog post, Google said that it has shared a new fix, called Retpoline which fixes one of the Spectre vulnerabilities (CVE-2017-5715). Along with that, the company also deployed a Kernel Page Table Isolation (KPTI) fix that protects against the Meltdown (CVE-2017-5754) vulnerability.

    There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

    However, Google has maintained that it doesn’t guarantee that there won’t be any slowdowns.

    In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

     

  • Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Apple Admits Spectre And Meltdown Affects All macOS And iOS Devices

    Alphabet’s Google, along with a few other security researchers published a document which chronicled two major flaws found in nearly all modern CPUs. The reason this flaw is much more complex than the usual software or hardware bugs is that it’s more than just a bug that can be fixed with an update. The flaw lies in the middle, at the level of the processors’ “architectures,” in the way all the millions of transistors and logic units work together to carry out tasks.

    In the architecture of modern CPUs, there are unpenetrable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

    MacBook Pro

    Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include passwords stored in a password manager or browser, personal photos, emails, instant messages and even business-critical documents.

    Meltdown affects Intel processors and works by penetrating through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Spectre affects Intel, AMD, and ARM processors, which basically means that it affects anything with a chip in it, from mobile phones to thermostats.

    iPhone X

    In a response to this revelation, Apple has come out and conceded that its devices are not immune to the security flaws. In a statement, the company announced that all its macOS and iOS devices are affected but, mitigations are either already in place or in the final stages of being rolled out. Apple has stated that it has already dealt with Meltdown:

    Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.

    This is what the company had to say about Spectre:

    Analysis of these techniques revealed that while they are extremely difficult to exploit, even by an app running locally on a Mac or iOS device, they can be potentially exploited in JavaScript running in a web browser.

    Apple will release an update for Safari on macOS and iOS in the coming days to mitigate these exploit techniques.

    In a nutshell, this means that while Meltdown is no longer a threat, Spectre remains the only major flaw which can be exploited and Apple will soon release a fix for that.

  • India Is Setting Up A High Tech Anti Cyber Terrorism Lab

    India Is Setting Up A High Tech Anti Cyber Terrorism Lab

    The Indian Government and the Department of Electronics and Information Technology are setting up a high-tech cybersecurity lab to take on cyber terrorism efforts. Recently a report was placed before a meeting of home secretaries and DGPs of 12 states, which was convened by the Union home ministry at the beginning of the last month. It took note of the finding that Jammu and Kashmir had the highest degree of activity related to the ISIS in the social media, Among many other potential Online cyber threats to institutions like banking, government services, and crime.

    India while ahead in terms of a number of connected users and the highest growth rate of Internet usage, lacks tremendously in cyber security. As an example, it is estimated that over 65% Indian Government websites and banks are easily prone and vulnerable to cyber attacks.

    While local policing bodies often use third party cyber consultants and employ ethical hackers for various cases. A central cybersecurity center could act more efficiently and prevent attacks on various possible targets in India.

    The Anti-Cyber Terrorism lab or the ACT was supposedly conceptualized after the May 17, 2012, hack, when Anonymous launched an attack against the websites of the India Supreme Court and the current-ruling Congress party.

    The exact location and operations of the lab are being kept private for the time being. In the age of encryption level messaging on daily use apps like WhatsApp and iMessage. The security agencies are having a tough time tracking their targets. Let’s just hope this does not lead to a “Snowden Leak” situation right here in India, where the Anti-Terrorism lab is invading the privacy of the citizens of India.

     

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.