Internet Explorer hit by serious vulnerability – MS issues security patch – Windows XP Included


Microsoft has reported that a security flaw in its Internet Explorer browser could allow hackers to access your personal information especially if you are still using Windows XP.

The bug has been found to affect IE versions 6 through 11 and was found by Microsoft’s security company FireEye. The company says that the flaw leaves around 56 percent of the browser market vulnerable to attack. The bug has been classified as a “Zero Day” flaw which gives victims zero warnings before attack.

The flaw is a remote code execution vulnerability which means that a hacker can successfully run software on a victim’s computer after attack. Microsoft issued a security alert which said that “the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. The phrase ‚Äúarbitrary code‚ÄĚ means pretty much any software that the attacker chooses to run.”

In short, a hacker could install programs, view and delete data simply by visiting a website that you are running at the same time on your IE.

FireEye has said that a gang of attackers has already launched a campaign exploiting the flaw. Microsoft reported that IE9 through IE11 versions are the worst-hit as the three versions of IE account for almost 26 percent of the web browsers currently in use around the world. The software giant has said that Internet Explorer 10 and 11 are safe from the flaw only if the Enhanced Protected Mode in these browsers is turned on. The company is currently working on fixing the problem and might soon come out with an update.

UPDATE :¬†Microsoft is issuing a fix for the “zero-day” vulnerability found in Internet Explorer last week. The update should be rolling out to all users any time now. In addition to updating Internet Explorer, Microsoft is also providing a fix for Windows XP, despite the fact that the operating system is no longer officially supported. The fix was issued because support for XP ended recently.

Source : Microsoft.

Advertisements

Heartbleed bug: What you need to know


What is Heartbleed bug?

Heartbleed¬†is a¬†security bug¬†in the¬†open-source¬†OpenSSL¬†cryptography¬†library, widely used to implement the Internet’s¬†Transport Layer Security¬†(TLS) protocol. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure¬†web servers¬†certified by¬†trusted authorities¬†were believed to be vulnerable to the attack, allowing theft of the servers’¬†private keys¬†and users’ session cookies and passwords.

heartbleed

The issue is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

The damage caused by the “Heartbleed” bug is currently unknown. The security hole exists on a vast number of the internet’s web servers and went undetected for more than two years. While it’s conceivable that the flaw was never discovered by hackers, it’s nearly impossible to tell.

There isn’t much that people can do to protect themselves until the affected websites implement a fix.

Why is it a big deal?

Heartbleed affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google researcher who was working separately.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

How does it work?

Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed. Interlopers can also grab the keys for deciphering encrypted data without the website owners knowing the theft occurred.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Which sites are affected?

There are half a million believed to be vulnerable so too many to list but there is a glut of new sites offering users the chance to check whether the online haunts they use regularly are affected.

The LastPass website  has compiled a list as has new websiteMashable . Meanwhile security firm Kaspersky directs people to theHeartbleed test.

While Facebook and Google say that they have patched their services, according to the Kaspersky blog,  there is a long list of sites that are still vulnerable, including Flickr, OkCupid and Github.

One of the biggest tech firms remaining on the vulnerable list was Yahoo but, as of last night, it too seemed to have remedied the problem saying it “had made the appropriate corrections across our entire platform”.

Many more sites will spend the coming days scrambling to do the same.

Bruce Schneier called on internet companies to issue new certificates and keys for encrypting internet traffic. Doing so would render stolen keys useless, he said.

Worst case scenario

The bad news, according to¬†a blog from security firm Kaspersky¬†¬†is that “exploiting Heartbleed leaves no traces so there is no definitive way to tell if the server was hacked and what kind of data was stolen”.

Security experts say that they are starting to see evidence that hacker groups are conducting automated scans of the internet in search of web servers using OpenSSL.

And Kaspersky said that it had uncovered evidence that groups believed to be involved in state-sponsored cyber-espionage were running such scans shortly after news of the bug broke.

Anti-apartheid icon – Nelson Mandela


South African anti-apartheid hero Nelson Mandela died aged 95 at his Johannesburg home on Thursday after a prolonged lung infection, plunging his nation and the world into mourning for a man hailed by global leaders as a moral giant.

Nelson_Mandela

Although Mandela had been frail and ailing for nearly a year, Zuma’s announcement late on Thursday of the death of the former president and Nobel Peace Prize laureate shook South Africa.

Tributes began flooding in almost immediately for a man who was an iconic global symbol of struggle against injustice and of racial reconciliation.

World’s most famous political prisoner

South Africa’s ruling African National Congress (ANC) party said the country and the world had lost “a colossus”.

“His life gives us the courage to push forward for development and progress towards ending hunger and poverty,” it said in a statement.

He was awarded the Nobel Peace Prize in 1993, an honor he shared with FW de Klerk, the white Afrikaner leader who released from jail arguably the world’s most famous political prisoner.

As president, Mandela faced the monumental task of forging a new nation from the deep racial injustices left over from the apartheid era, making reconciliation the theme of his time in office.

The hallmark of Mandela’s mission was the Truth and Reconciliation Commission which probed apartheid crimes on both sides of the struggle and tried to heal the country’s wounds. It also provided a model for other countries torn by civil strife.

In 1999, Mandela handed over power to younger leaders better equipped to manage a modern economy – a rare voluntary departure from power cited as an example to African leaders.

In retirement, he shifted his energies to battling South Africa’s AIDS crisis, a struggle that became personal when he lost his only surviving son to the disease in 2005.

Mandela’s last major appearance on the global stage came in 2010 when he attended the championship match of the soccer World Cup, where he received a thunderous ovation from the 90,000 at the stadium in Soweto, the neighborhood in which he cut his teeth as a resistance leader.

Charged with capital offences in the infamous 1963 Rivonia Trial, his statement from the dock was his political testimony.

“During my lifetime I have dedicated myself to this struggle of the African people. I have fought against white domination, and I have fought against black domination.”

Internet of Things (IoT)


The Internet of Things (IoT) is a scenario in which objects, animals or people are provided with unique dentifiers and the ability to automatically transfer data over a network without requiring human-to-human or human-to-computer interaction. IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the Internet.

A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network. So far, the Internet of Things has been most closely associated with machine-to-machine (M2M) communication in manufacturing and power, oil and gas utilities. Products built with M2M communication capabilities are often referred to as being smart. (See: smart label, smart meter, smart grid sensor)

IPv6‚Äôs huge increase in address space is an important factor in the development of the Internet of Things. According to Steve Leibson, who identifies himself as ‚Äúoccasional docent at the Computer History Museum,‚ÄĚ the address space expansion means that we could ‚Äúassign an IPV6 address to every atom on the surface of the earth, and still have enough addresses left to do another 100+ earths.‚ÄĚ In other words, humans could easily assign an IP address to every “thing” on the planet. An increase in the number of smart nodes, as well as the amount of upstream data the nodes generate, is expected to raise new concerns aboutdata privacy, data sovereignty and security.

Although the concept wasn’t named until 1999, the Internet of Things has been in development for decades. The first Internet appliance, for example, was a Coke machine at Carnegie Melon University in the early 1980s. The programmers could connect to the machine over the Internet, check the status of the machine and determine whether or not there would be a cold drink awaiting them, should they decide to make the trip down to the machine.

Kevin Ashton, cofounder and executive director of the Auto-ID Center at MIT, first mentioned the Internet of Things in a presentation he made to Procter & Gamble. Here’s how Ashton explains the potential of the Internet of Things:

‚ÄúToday computers — and, therefore, the Internet — are almost wholly dependent on human beings for information. Nearly all of the roughly 50 petabytes (a petabyte is 1,024terabytes) of data available on the Internet were first captured and created by human beings by typing, pressing a record button, taking a digital picture or scanning a bar code.

The problem is, people have limited time, attention and accuracy — all of which means they are not very good at capturing data about things in the real world. If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling and whether they were fresh or past their best.‚ÄĚ

Obituary: Paul Walker (September 12, 1973 ‚Äď November 30, 2013)


 paul-walker-picture-5 (1)

Paul Walker, who starred in the Fast & Furious series of action films, has been killed in a car crash in California.

Walker, 40, was a passenger in a Porsche sports car driven by a friend – who also died – when it crashed north of Los Angeles.

Walker was said to be attending a charity event at the time.

He starred in all but one of the films in the Fast & Furious franchise, the sixth of which opened in May.

Paul William Walker IV¬†¬†was an American actor. He became famous in 1999 after his role in the hit film¬†Varsity Blues, but later garnered fame as¬†Brian O’Conner¬†in¬†The Fast and the Furious¬†film series. His other films include¬†Eight Below,¬†Into the Blue,¬†She’s All That, and¬†Takers. He appeared on the¬†National Geographic Channel¬†series¬†Expedition Great White.

Walker’s first passion was¬†marine biology; he joined the Board of Directors of The Billfish Foundation in 2006.¬†He fulfilled a lifelong dream by starring in a¬†National Geographic Channelseries¬†Expedition Great White, which premiered in June 2010.He spent 11 days as part of the crew, catching and tagging 7¬†great white sharks¬†off the coast of Mexico. The expedition, led by Chris Fischer, founder and CEO of Fischer Productions, along with Captain Brett McBride and Dr. Michael Domeier of the Marine Conservation Science Institute took measurements, gathered DNA samples, and fastened real-time satellite tags to the great white sharks. This allowed Dr. Domeier to study migratory patterns especially those associated with mating and birthing over a 5-year period of time.

In March 2010, Walker went to Constitución, Chile to offer his help and support to the people injured in the 8.8 magnitude earthquake that struck on February 27. He flew with hishumanitarian aid team, REACH OUT Worldwide, to Haiti to lend a helping hand to the 2010 Haiti earthquake victims.

An avid car enthusiast, he competed in the Redline Time Attack racing series in which he raced a M3 E92 and was on the AE Performance Team. His car was sponsored by Etnies, Brembo Brakes, Ohlins, Volk, OS Giken, Hankook, Gintani, and Reach Out Worldwide. Walker had been preparing for an auto show prior to his death.

Death

On November 30, 2013, at approximately 3:30 p.m.¬†PST, Walker and Roger Rodas,age 38, left an event for Walker’s charity Reach Out Worldwide for victims of¬†Typhoon Haiyan.¬†Shortly after leaving in Rodas’ red 2005¬†Porsche Carrera GT, the driver lost control and crashed into a light pole and tree in¬†Valencia, Santa Clarita, California, and the vehicle burst into flames.¬†Rodas was believed to be driving the car.¬†The Los Angeles County Sheriff‚Äôs Department declared the two dead at the scene.Walker’s publicist, Ame van Iden, confirmed early reports of his death.¬†The Los Angeles County Sheriff’s Office stated that speed was a factor in the crash.

Rodas became friends with Walker after meeting at a race track. Rodas became Walker’s financial advisor in 2007 and helped to establish Reach Out Worldwide.Rodas was the CEO of Always Evolving, a Valencia performance shop owned by Walker for high-end vehicles.

Various friends posted tributes to Walker on social media.

Facebook Graph Search


Facebook Graph Search is a semantic search engine that was introduced by Facebook in March 2013. It is designed to give answers to user natural language queries rather than a list of links. The Graph Search feature combines the big data acquired from its over one billion users and external data into a search engine providing user-specific search results. 

The feature was developed under former Google employees Lars Rasmussen and Tom Stocky.

Graph Search operates by use of a search algorithm similar to traditional search engines such as Google. However, the search feature is distinguished as a semantic search engine, searching based on intended meaning. Rather than returning results based on matching keywords, the search engine is designed to match phrases, as well as objects on the site. 

Search results are based on both the content of the user and their friends’ profiles and the relationships between the user and their friends. Results are based on the friends and interests expressed on Facebook, and also shaped by users’ privacy settings. In addition to being restricted from seeing some content, users may be able to view relevant content made publicly available by users that are not listed as friends.

Entries into the search bar are auto-completed as users type, with Facebook suggesting friends and second degree connections, Facebook pages, automatically-generated topics, and finally Web searches for anything Facebook is not yet able to search for.

The operation of the search feature depends on user involvement. The feature is intended to promote users to add more friends, more quickly. In doing so, it can provide updating, more data-rich results and stimulate use of the feature.

Microsoft has been partnered with Facebook to provide search results since 2008. Microsoft Live Search came to be known as¬†Bing¬†following the initiation of the partnership. In 2010, Facebook and Bing partnered to offer socially-oriented search results: ‚ÄėPeople Search‚Äô and ‚ÄėLiked by your Facebook Friends‚Äô information appeared in results within Facebook and on¬†Bing.com.

In May 2012, Bing launched a social sidebar feature which displayed Facebook content alongside of search results. Promoted on the basis of asking friends for advice, the feature allows users to broadcast queries related to their searches to Facebook friends, and offers recommendations of Facebook friends, as well as experts from other networks who could be capable of offering insight.

The previously developed Instant Personalization feature integrated friends’ publicly available information, such as likes, into content on other external websites, such as Rotten Tomatoes and Yelp.

The emergence of the Graph Search feature builds on this partnership. Facebook content remains on Bing.com. The focus of Graph Search is internal content, but Bing continues to issue search results of external content. The external search results are based on traditional keyword-match.

The Open Graph feature allows developers to integrate their applications and pages into the Facebook platform, and links Facebook with external sites on the Internet. The feature operates by allowing the addition of metadata to turn websites into graph objects. Actions made using the app are expressed on users’ profile pages.