Profile cover photo
Profile photo
Softieons
16 followers -
The Way Web Should Be
The Way Web Should Be

16 followers
About
Posts

Post has attachment
Add a comment...

Post has attachment
Add a comment...

Post has attachment
The tech giant made a decision to pull the support plug on old versions of its Internet Explorer. Microsoft formulated the decision in its announcement as “prioritizing helping users stay updated with the latest version of IE”.

The company claimed that old versions of browser represent a major challenge in keeping the Internet ecosystem safer and more secure. Therefore, modern Internet browsers feature better security protection. For instance, Internet Explorer 11 has such features as Enhanced Protected Mode to help keep customers safer. Of course, it is unsurprising that the most recent and fully-patched version of the web browser is more secure than older versions.

So, starting January 12, 2016, only Internet Explorer versions 9-11 (depending on the platform) will be supported by Microsoft. In other words, after this date, only the most recent version of IE available for a supported OS will receive technical support and security updates. XP was not even in the list, of course.

Therefore, users currently running Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 on Windows 7 SP1 will have to switch to IE 11 if they want to continue receiving security updates and technical support. The company notifies all its customers that for more details regarding support timelines on its operating systems they can refer to the Microsoft Support Lifecycle website.

The company also announced that it is introducing new features and resources to help people upgrade and stay up-to-date with the latest web browser.
Photo
Add a comment...

Post has attachment
The tech giant has agreed to change the way it implements the new EU “right to be forgotten” measure. The reason was tones of critics for being over-zealous in the approach to blocking results in name-based searches.
 
Over 70,000 individuals have submitted requests to delete links to articles containing their names after a ruling by the European Court of Justice was delivered two months ago. A number of online media groups, including The Guardian, Daily Mail and BBC, complained when the search engine started removing links to their pages.

BBC’s economics editor claimed that Google had cast him into oblivion after a blogpost he published about the former Merrill Lynch boss was removed from some search results. Google admitted that the American company could be clearer in the way it informed publishers about the removals of search-terms.

Google explained it was undergoing a “learning process” and choosing the best way to implement the ruling. At the same time, the company denied that it was deliberately trying to subvert the judgment by being too fast to remove links upon the requests. BBC’s editor had wrongly assumed that Merrill Lynch boss was the one who had made the removal request. In reality, the request had come from a member of the public who had left a comment on the post, but the company agreed that it should provide publishers with more information about search-term deletions.

However, the blogpost in question remains widely available via almost all search terms – only if you search for the name of the commentator, the post wouldn’t show up on a Google search. Google claimed that its effort to comply with the EU ruling is a difficult process. The company promised to be committed to doing it as responsibly as it possibly can.

Aside from BBC case, 6 links to Guardian stories have also been removed from some search results, 3 of them being about a controversy involving a former Scottish Premier League referee McDonald who admitted lying about awarding a penalty in the Scottish FA Cup. The Guardian complained that the company was pursuing an overly broad interpretation of the recent court ruling and went too far in removing search results. In response, Google defended the way it addressed the court’s judgment, saying that it is obliged to comply with that law.
Photo
Add a comment...

Post has attachment
WORLD ISPS SUED UK SURVEILLANCE AGENCY

ISPs all over world lodged formal complaints against the British government’s monitoring service, GCHQ, accusing it of using malicious software to hack their networks. The complaints came from 7 companies based in 6 countries: Germany, the Netherlands, South Korea, the UK, the US and even Zimbabwe. This move will add to international pressure on the government after Snowden’s leaks concerning mass surveillance of the worldwide web by British and American intelligence agencies.

The complaints were filed with the investigatory powers tribunal – the court in London which assesses complaints about the agencies' activities and misuse of surveillance by government bodies. Normally, its hearings are held in secret. The tribunal is already considering some related complaints. For example, later in July it will investigate claims by human rights groups about the way the GCHQ targeted social media websites.

The UK agency has defended the security services, arguing that online searches are routed overseas and thus can be targeted as “external communications” and monitored without obtaining an individual warrant. The opposers claim that such a legal interpretation virtually sidesteps the need for traditional safeguards.

The latest claim was filed against both GCHQ and the Foreign Office, based on articles published in 2014 in the German magazine, which alleged that the surveillance agency had carried out a hacking attack on the Belgian telecoms group Belgacom by targeting individual employees with malware.

One attack was a “man-in-the-middle” type, which bypasses encryption software and interposes the attacker between 2 machines which believe that they are securely communicating with each other.

The claim alleged that such attacks violated the Computer Misuse Act 1990 and interfered with the privacy rights of the employees under the European convention on human rights. All seven victims were all “responsible and professional ISPs”. Their case follows articles about mass surveillance based on Snowden leaks.

The programs said to have been operating included Turbine – it automates the injection of information and is able to infect millions of computers. The leaks also revealed the existence of Warrior Pride, which enables microphones on smartphones to be remotely activated.

The move of the Internet service providers has been supported by Privacy International, a British charity defending and promoting the right to privacy worldwide.
Photo
Add a comment...

Post has attachment
Industrial Project training in Surat
Join with us
Photo
Add a comment...

Post has attachment
US ACCUSED RUSSIAN HACKER OF $100M FRAUD

Evgeniy Bogachev, a Russian computer hacker, was accused a few days ago of organizing a worldwide conspiracy which targeted hundreds of thousands of PCs with malware, thus enabling him and his gang to steal over $100 million from US business and banks.
 
The group led by Bogachev infected machines with malware that captured passwords and account numbers. In result, they stole millions of dollars from victims. The members of the hacking group come from Russia, Ukraine and the UK. At the moment, the leader of the gang is not in custody, while charges of conspiracy, wire, bank and computer fraud, as well as money laundering were filed against Bogachev in Pittsburgh.

These hacking charges come weeks after the officials of the United States revealed cyber-espionage charges against 5 Chinese army hackers who are now arrested and accused of stealing trade secrets from various US companies. In the meantime, the indictment against the Russian hacker concerns only one victim, Haysite Reinforced Plastics of Erie, in northwestern Pennsylvania. The indictment states that the gang managed to steal about $824,000 from its bank accounts on one day three years ago. No further comments have been provided by the officials with the business, but it is known that the accounts were with Pittsburgh-based PNC Bank.

Another civil complaint provided other brief descriptions of victim entities. Their list even includes an unspecified American Indian tribe in Washington state, apart from a pest control company in North Carolina, an insurance firm, a company that runs assisted living centers in Pennsylvania, a police department in Massachusetts, a couple of Florida businesses, one restaurant and a local bank.

As for the losses the gang incurred, the Florida bank is known to have lost about $7 million via an unauthorized wire transfer, while the Massachusetts police department lost only $750 when one of its officers decided to pay a ransom demanded by the malware which infected its PCs.

A week ago, a federal judge in Pittsburgh granted a temporary restraining order against Evgeniy Bogachev and the other members of his group, demanding that they cease illegal activities – that order was recently unsealed along with the charges
Photo
Add a comment...

Post has attachment
SOCIAL MEDIA MASS SURVEILLANCE IS ALLOWED IN UK

The officials have officially confirmed the true extent of the government’s interception of social networks, including private messages between citizens. It was confirmed that searches on Google, Facebook, Twitter and YouTube, and exchange of emails abroad can be monitored by the local security services.
 
British government has finally admitted that communication of its citizens in private channels like Twitter direct messages are considered as legitimate targets that can be intercepted without a warrant.

The document representing defence of mass monitoring developed a legal interpretation,
provoking calls for the Regulation of Investigatory Powers Act to be overhauled urgently and the allegations that the authorities are exploiting loopholes in the law of which parliament was unaware.

The paper was released in response to a case brought by civil rights groups before the Investigatory Powers Tribunal (IPT), which deals with complaints against the intelligence services. The case was launched in the wake of revelations from Edward Snowden about the monitoring program dubbed Tempora operated by the British monitoring agency GCHQ. This program taps into the network of fiber-optic cables that carry the phone calls and online traffic worldwide, recording up to 600 million phone events daily.

According to the Regulation of Investigatory Powers Act, traditional interception of internal communications within the country requires an individual warrant. The authorities argue that in a technologically-fast moving world, identifying individual targets before monitoring is too difficult. The external one, in the meantime, can be monitored without an individual warrant. The document explains that searches on social networks involve communicating with a web-based platform abroad, and are therefore external communications, not internal. Emails sent or received from abroad could also be intercepted in such a way.

The statement also points out that the issue was raised during the passage of the law a decade ago, implying that parliament knew about the difficulty of distinguishing between internal and external communications when it passed the bill.

Indeed, the Section 8 of the law reads that the internal communications between UK residents within the UK may only be monitored pursuant to a specific warrant, and if there’s a reason to suspect the individual in unlawful activity. But external communications may be monitored indiscriminately under a general warrant.
Photo
Add a comment...

Post has attachment
Hackers Demand Money from Domino’s Pizza

Cyber attackers have demanded a ransom 

Cyber attackers have demanded a ransom of €30,000 from the pizza network after stealing personal data on over 600,000 French and Belgian customers of Domino’s Pizza. The personal details were allegedly stolen last week, and Domino’s France admitted that 592,000 French and 58,000 Belgian customer records were exposed to the hack.


Hackers left a message on text-hosting service Pastebin, saying that they have all customers’ names, addresses, phone numbers, emails and passwords. Domino’s France admitted that though they do use an encryption system for information, the company suffered a hack by seasoned professionals who could decode the encrypted data including passwords. Domino’s Pizza recommended all customers to change passwords for security reasons.

In the meantime, the hackers decided they rather need money than the list of favorite toppings of the customers. A group called Rex Mundi demanded €30,000 to not publish the data online.

Domino’s Netherlands responded they would not be paying the ransom, because no financial data had been stolen. It is also known that Domino’s France and Belgium are not part of the same franchise group as Domino’s Pizza in the United Kingdom, which holds the master franchise in Australia, New Zealand, France, Belgium, the Netherlands and Monaco. However, it is unclear whether details of users from Australia, New Zealand, the Netherlands and Monaco were compromised as well.

The data was stolen from the Domino’s franchise in France and Belgium, and even there no credit card or financial data of the customers was compromised. The security experts point out that it is just another example of how customer information, if not properly secured, can fall into the wrong hands. In this case, it is good that financial data was stored separately, but the theft of personal information has never been good news anyway.

By the way, it wasn’t the first time that Rex Mundi tried to extort money from multinational corporations by stealing user private details. Two years ago, the hacking ring stole and published online loan-applicant details from customers of AmeriCash Advance.

A number of other online services, including Feedly and Evernote, have recently been targeted for extortion. The hackers normally demand money to avoid being taken offline by DDoS attacks.
Photo
Add a comment...

Post has attachment
Tweetdeck Vulnerability Was Caused by Emoji Heart

The most popular microblog has finally relaunched its application for social media professionals after it was shut down due to discovery of a vulnerability leaving users open to attack. A few days ago, one of the Twitter users trying to code an emoji heart inadvertently revealed a vulnerability which resulted in Twitter being forced to shut down its Tweetdeck app. Now Tweetdeck has been reopened after verifying its security fix, but a number of users keep reporting problems because of caching of the web-based client.

An ordinary Austrian teenager nicknamed Firo online was experimenting with Tweetdeck. Namely, the teenager was trying to get the service to display the Unicode “heart” character. While trying to do so, Firo discovered that anything in a tweet which ended with the heart symbol would be treated by the client as though it was HTML code. The latter could be used to change the formatting of tweets or put an alert on the screens. It took Firo only 14 minutes to notify Twitter about his surprising discovery, but it was already too late: the flaw was in the wild.

90 minutes later, the first “worm” (this would be the proper name for a computer attack which is self-replicating) was created and launched using the vulnerability by German IT student. His tweet used the same flaw to make any user of an affected version of Tweetdeck automatically retweet it. As a result, the tweet got over 80,000 retweets in a few days.

Now Twitter has relaunched the service and announced that the vulnerability is fixed. However, some of the users keep reporting problems. For instance, the Political Scrapbook blog was hit by that worm more than 12 hours after the company had announced the fix. Perhaps, the persistence is related to caching issues: the security experts confirm that on web-based services, both users’ PCs and their broadband providers may occasionally deliver outdated versions of webpages to save on bandwidth. This means, that the problem remains even though the bug has been fixed.

The microblogging company has been asked for the comment on what ordinary Twitter users can do to make sure they are protected from the flaw, but the company hasn’t provided any guideline thus far.
Photo
Add a comment...
Wait while more posts are being loaded