Internet Explorer hit by serious vulnerability – MS issues security patch – Windows XP Included


Microsoft has reported that a security flaw in its Internet Explorer browser could allow hackers to access your personal information especially if you are still using Windows XP.

The bug has been found to affect IE versions 6 through 11 and was found by Microsoft’s security company FireEye. The company says that the flaw leaves around 56 percent of the browser market vulnerable to attack. The bug has been classified as a “Zero Day” flaw which gives victims zero warnings before attack.

The flaw is a remote code execution vulnerability which means that a hacker can successfully run software on a victim’s computer after attack. Microsoft issued a security alert which said that “the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.”

In short, a hacker could install programs, view and delete data simply by visiting a website that you are running at the same time on your IE.

FireEye has said that a gang of attackers has already launched a campaign exploiting the flaw. Microsoft reported that IE9 through IE11 versions are the worst-hit as the three versions of IE account for almost 26 percent of the web browsers currently in use around the world. The software giant has said that Internet Explorer 10 and 11 are safe from the flaw only if the Enhanced Protected Mode in these browsers is turned on. The company is currently working on fixing the problem and might soon come out with an update.

UPDATE : Microsoft is issuing a fix for the “zero-day” vulnerability found in Internet Explorer last week. The update should be rolling out to all users any time now. In addition to updating Internet Explorer, Microsoft is also providing a fix for Windows XP, despite the fact that the operating system is no longer officially supported. The fix was issued because support for XP ended recently.

Source : Microsoft.

Advertisements

Heartbleed bug: What you need to know


What is Heartbleed bug?

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.

heartbleed

The issue is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

The damage caused by the “Heartbleed” bug is currently unknown. The security hole exists on a vast number of the internet’s web servers and went undetected for more than two years. While it’s conceivable that the flaw was never discovered by hackers, it’s nearly impossible to tell.

There isn’t much that people can do to protect themselves until the affected websites implement a fix.

Why is it a big deal?

Heartbleed affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google researcher who was working separately.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

How does it work?

Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed. Interlopers can also grab the keys for deciphering encrypted data without the website owners knowing the theft occurred.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Which sites are affected?

There are half a million believed to be vulnerable so too many to list but there is a glut of new sites offering users the chance to check whether the online haunts they use regularly are affected.

The LastPass website  has compiled a list as has new websiteMashable . Meanwhile security firm Kaspersky directs people to theHeartbleed test.

While Facebook and Google say that they have patched their services, according to the Kaspersky blog,  there is a long list of sites that are still vulnerable, including Flickr, OkCupid and Github.

One of the biggest tech firms remaining on the vulnerable list was Yahoo but, as of last night, it too seemed to have remedied the problem saying it “had made the appropriate corrections across our entire platform”.

Many more sites will spend the coming days scrambling to do the same.

Bruce Schneier called on internet companies to issue new certificates and keys for encrypting internet traffic. Doing so would render stolen keys useless, he said.

Worst case scenario

The bad news, according to a blog from security firm Kaspersky  is that “exploiting Heartbleed leaves no traces so there is no definitive way to tell if the server was hacked and what kind of data was stolen”.

Security experts say that they are starting to see evidence that hacker groups are conducting automated scans of the internet in search of web servers using OpenSSL.

And Kaspersky said that it had uncovered evidence that groups believed to be involved in state-sponsored cyber-espionage were running such scans shortly after news of the bug broke.

Anti-apartheid icon – Nelson Mandela


South African anti-apartheid hero Nelson Mandela died aged 95 at his Johannesburg home on Thursday after a prolonged lung infection, plunging his nation and the world into mourning for a man hailed by global leaders as a moral giant.

Nelson_Mandela

Although Mandela had been frail and ailing for nearly a year, Zuma’s announcement late on Thursday of the death of the former president and Nobel Peace Prize laureate shook South Africa.

Tributes began flooding in almost immediately for a man who was an iconic global symbol of struggle against injustice and of racial reconciliation.

World’s most famous political prisoner

South Africa’s ruling African National Congress (ANC) party said the country and the world had lost “a colossus”.

“His life gives us the courage to push forward for development and progress towards ending hunger and poverty,” it said in a statement.

He was awarded the Nobel Peace Prize in 1993, an honor he shared with FW de Klerk, the white Afrikaner leader who released from jail arguably the world’s most famous political prisoner.

As president, Mandela faced the monumental task of forging a new nation from the deep racial injustices left over from the apartheid era, making reconciliation the theme of his time in office.

The hallmark of Mandela’s mission was the Truth and Reconciliation Commission which probed apartheid crimes on both sides of the struggle and tried to heal the country’s wounds. It also provided a model for other countries torn by civil strife.

In 1999, Mandela handed over power to younger leaders better equipped to manage a modern economy – a rare voluntary departure from power cited as an example to African leaders.

In retirement, he shifted his energies to battling South Africa’s AIDS crisis, a struggle that became personal when he lost his only surviving son to the disease in 2005.

Mandela’s last major appearance on the global stage came in 2010 when he attended the championship match of the soccer World Cup, where he received a thunderous ovation from the 90,000 at the stadium in Soweto, the neighborhood in which he cut his teeth as a resistance leader.

Charged with capital offences in the infamous 1963 Rivonia Trial, his statement from the dock was his political testimony.

“During my lifetime I have dedicated myself to this struggle of the African people. I have fought against white domination, and I have fought against black domination.”

Internet of Things (IoT)


The Internet of Things (IoT) is a scenario in which objects, animals or people are provided with unique dentifiers and the ability to automatically transfer data over a network without requiring human-to-human or human-to-computer interaction. IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the Internet.

A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network. So far, the Internet of Things has been most closely associated with machine-to-machine (M2M) communication in manufacturing and power, oil and gas utilities. Products built with M2M communication capabilities are often referred to as being smart. (See: smart label, smart meter, smart grid sensor)

IPv6’s huge increase in address space is an important factor in the development of the Internet of Things. According to Steve Leibson, who identifies himself as “occasional docent at the Computer History Museum,” the address space expansion means that we could “assign an IPV6 address to every atom on the surface of the earth, and still have enough addresses left to do another 100+ earths.” In other words, humans could easily assign an IP address to every “thing” on the planet. An increase in the number of smart nodes, as well as the amount of upstream data the nodes generate, is expected to raise new concerns aboutdata privacy, data sovereignty and security.

Although the concept wasn’t named until 1999, the Internet of Things has been in development for decades. The first Internet appliance, for example, was a Coke machine at Carnegie Melon University in the early 1980s. The programmers could connect to the machine over the Internet, check the status of the machine and determine whether or not there would be a cold drink awaiting them, should they decide to make the trip down to the machine.

Kevin Ashton, cofounder and executive director of the Auto-ID Center at MIT, first mentioned the Internet of Things in a presentation he made to Procter & Gamble. Here’s how Ashton explains the potential of the Internet of Things:

“Today computers — and, therefore, the Internet — are almost wholly dependent on human beings for information. Nearly all of the roughly 50 petabytes (a petabyte is 1,024terabytes) of data available on the Internet were first captured and created by human beings by typing, pressing a record button, taking a digital picture or scanning a bar code.

The problem is, people have limited time, attention and accuracy — all of which means they are not very good at capturing data about things in the real world. If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling and whether they were fresh or past their best.”

Obituary: Paul Walker (September 12, 1973 – November 30, 2013)


 paul-walker-picture-5 (1)

Paul Walker, who starred in the Fast & Furious series of action films, has been killed in a car crash in California.

Walker, 40, was a passenger in a Porsche sports car driven by a friend – who also died – when it crashed north of Los Angeles.

Walker was said to be attending a charity event at the time.

He starred in all but one of the films in the Fast & Furious franchise, the sixth of which opened in May.

Paul William Walker IV  was an American actor. He became famous in 1999 after his role in the hit film Varsity Blues, but later garnered fame as Brian O’Conner in The Fast and the Furious film series. His other films include Eight BelowInto the BlueShe’s All That, and Takers. He appeared on the National Geographic Channel series Expedition Great White.

Walker’s first passion was marine biology; he joined the Board of Directors of The Billfish Foundation in 2006. He fulfilled a lifelong dream by starring in a National Geographic Channelseries Expedition Great White, which premiered in June 2010.He spent 11 days as part of the crew, catching and tagging 7 great white sharks off the coast of Mexico. The expedition, led by Chris Fischer, founder and CEO of Fischer Productions, along with Captain Brett McBride and Dr. Michael Domeier of the Marine Conservation Science Institute took measurements, gathered DNA samples, and fastened real-time satellite tags to the great white sharks. This allowed Dr. Domeier to study migratory patterns especially those associated with mating and birthing over a 5-year period of time.

In March 2010, Walker went to Constitución, Chile to offer his help and support to the people injured in the 8.8 magnitude earthquake that struck on February 27. He flew with hishumanitarian aid team, REACH OUT Worldwide, to Haiti to lend a helping hand to the 2010 Haiti earthquake victims.

An avid car enthusiast, he competed in the Redline Time Attack racing series in which he raced a M3 E92 and was on the AE Performance Team. His car was sponsored by Etnies, Brembo Brakes, Ohlins, Volk, OS Giken, Hankook, Gintani, and Reach Out Worldwide. Walker had been preparing for an auto show prior to his death.

Death

On November 30, 2013, at approximately 3:30 p.m. PST, Walker and Roger Rodas,age 38, left an event for Walker’s charity Reach Out Worldwide for victims of Typhoon Haiyan. Shortly after leaving in Rodas’ red 2005 Porsche Carrera GT, the driver lost control and crashed into a light pole and tree in Valencia, Santa Clarita, California, and the vehicle burst into flames. Rodas was believed to be driving the car. The Los Angeles County Sheriff’s Department declared the two dead at the scene.Walker’s publicist, Ame van Iden, confirmed early reports of his death. The Los Angeles County Sheriff’s Office stated that speed was a factor in the crash.

Rodas became friends with Walker after meeting at a race track. Rodas became Walker’s financial advisor in 2007 and helped to establish Reach Out Worldwide.Rodas was the CEO of Always Evolving, a Valencia performance shop owned by Walker for high-end vehicles.

Various friends posted tributes to Walker on social media.

Facebook Graph Search


Facebook Graph Search is a semantic search engine that was introduced by Facebook in March 2013. It is designed to give answers to user natural language queries rather than a list of links. The Graph Search feature combines the big data acquired from its over one billion users and external data into a search engine providing user-specific search results. 

The feature was developed under former Google employees Lars Rasmussen and Tom Stocky.

Graph Search operates by use of a search algorithm similar to traditional search engines such as Google. However, the search feature is distinguished as a semantic search engine, searching based on intended meaning. Rather than returning results based on matching keywords, the search engine is designed to match phrases, as well as objects on the site. 

Search results are based on both the content of the user and their friends’ profiles and the relationships between the user and their friends. Results are based on the friends and interests expressed on Facebook, and also shaped by users’ privacy settings. In addition to being restricted from seeing some content, users may be able to view relevant content made publicly available by users that are not listed as friends.

Entries into the search bar are auto-completed as users type, with Facebook suggesting friends and second degree connections, Facebook pages, automatically-generated topics, and finally Web searches for anything Facebook is not yet able to search for.

The operation of the search feature depends on user involvement. The feature is intended to promote users to add more friends, more quickly. In doing so, it can provide updating, more data-rich results and stimulate use of the feature.

Microsoft has been partnered with Facebook to provide search results since 2008. Microsoft Live Search came to be known as Bing following the initiation of the partnership. In 2010, Facebook and Bing partnered to offer socially-oriented search results: ‘People Search’ and ‘Liked by your Facebook Friends’ information appeared in results within Facebook and on Bing.com.

In May 2012, Bing launched a social sidebar feature which displayed Facebook content alongside of search results. Promoted on the basis of asking friends for advice, the feature allows users to broadcast queries related to their searches to Facebook friends, and offers recommendations of Facebook friends, as well as experts from other networks who could be capable of offering insight.

The previously developed Instant Personalization feature integrated friends’ publicly available information, such as likes, into content on other external websites, such as Rotten Tomatoes and Yelp.

The emergence of the Graph Search feature builds on this partnership. Facebook content remains on Bing.com. The focus of Graph Search is internal content, but Bing continues to issue search results of external content. The external search results are based on traditional keyword-match.

The Open Graph feature allows developers to integrate their applications and pages into the Facebook platform, and links Facebook with external sites on the Internet. The feature operates by allowing the addition of metadata to turn websites into graph objects. Actions made using the app are expressed on users’ profile pages.

HTC One – Official Now..!


HTC has proven time and again that it is willing to take a risk. Whether it pays off or not is a different matter altogether. With its latest flagship, the HTC One, which was announced yesterday, the company is banking on enhanced camera capabilities – HTC is calling it an Ultrapixel camera – an improved sound experience and a revamp of its Sense UI. It also brings a full HD display on a screen smaller than 5 inches, a first for a smartphone. 


Does it make a winner though? We will have to wait for hands-on time to figure that out. However, going by the specs sheet, the HTC One is a sumptuous handset that will surely attract some attention over the likes of the Xperia Z and the company’s other 1080p-display-laden offering, theButterfly. Let’s take a deeper look at the specs of the HTC One

OS – Android 4.1 Jelly Bean with Sense 5
It’s great news that Jelly Bean powers the HTC One. Project Butter should go a long way when it comes to delivering a lag-free UI experience. Of course, HTC has injected a bit of Sense into the stock Jelly Bean experience. Sense 5 or the New Sense, as HTC called it last night at the unveiling, is all about the BlinkFeed. This is the new homescreen on HTC’s phones. The company has tied up with 1400 content providers to bring you updates related to sports, current affairs, business, technology, social networking and lifestyle to your BlinkFeed. The BlinkFeed is essentially a vertical scrolling widget, but it is also the page you will see by default when hitting the home key. The feeds are customisable and overall there is a Flipboard-like feel to it. Indeed, this can be called HTC’s re-imagining of Live Tiles from Windows Phone 8. However, users who want a more conventional Android experience can set a more regular homescreen as default. Here, HTC has gone for a more minimal look, closer to the stock experience.

One thing that HTC fans won’t find in the out-of-the-box setup is the trademark Sense flip clock. That’s included as a widget however, with a flatter, more simple-looking clock-weather indicator being the default option.

Cellular Network – LTE-ready
Of course, the HTC One is ready to support LTE networks around the world. But if your region has no 4G infrastructure, it will play nicely with 850 / 900 / 1900 / 2100 bands for HSPA. The phone supports download speeds up to 100Mbps and 50Mbps for uploads. The SIM slot in the HTC One accepts only Micro-SIMs.

Display – 4.7-inch full HD SuperLCD3
The display is one of the highlights of the HTC One. As mentioned above, this is the first phone with a screen less than 5 inches diagonally to have a 1080p resolution. Naturally, text, images and videos look immensely crisp. With a pixel density of 468ppi, you are unlikely to see jagged edges of text or any kind of pixelation, unless you see the world through an electron microscope. The screen itself uses the Super LCD 3 technology, which in the past has ensured vibrant, yet natural-looking hues. Of course, HTC has ensured you don’t cover that awesome display with scratches. There’s Gorilla Glass 2 protection for the 4.7-inch wonder. 

Form factor and weight – Slim, but slightly odd 
Fitting a full HD display on a compact screen has its downsides, but HTC has managed a sublime job at reducing the weight of the handset. The 143 g heft means it’s a lighter smartphone to hold than the Xperia Z, or even the truly bulky LG Optimus G Pro, which weighs in at 160 g. HTC has also managed to fit all the gadgetry in a slim 9.3 mm body, which is a good deal better than the LG handset, but still nowhere near the 7.9 mm-thin frame of the Xperia Z. One area that HTC has sort of mangled is the height of the device. At 137.4 mm, it’s only slightly shorter than the Xperia Z, but considerably taller than the Xperia ZL, which is positively pygmy-esque at 131.6 mm. That and the fact that the power or lock/unlock button is situated on the top of the device could mean a lot of stretching of fingers. 

Another sore point for fans could be the inclusion of only two capacitive buttons below the display. The buttons – back and home – flank a big HTC logo, which is not a button and does pretty much nothing but say you bought an HTC phone. The recent apps screen can be reached by double-tapping the button, while a long-press shows you Google Now. Despite not actually using the device, this setup sounds cumbersome to say the least. A feature like the recent apps screen should be easily reached and a double tap seems like extra work.

htcone

Wi-Fi – Everything you expected, and more
In this department, HTC has packed in everything you could have hoped for. The One supports Wi-Fi 802.11 a/ac/b/g/n bands. Multimedia content can be sent to your TV or HTPC thanks to the DLNA support and Wi-Fi Direct can be used to share files with other phones on the same WLAN connection. It also has Android’s standard Wi-Fi hotspot capability to share the phone’s Internet connection with other devices.

SoC – Qualcomm APQ8064T Snapdragon 600 with Adreno 320 GPU
HTC has thrown in the brand-spanking new Snapdragon 600 chipset into the One. That’s the same CPU that was used in the LG Optimus G Pro, but we have not yet seen the raw benchmark scores or the real-world performance of this chipset. Of course, if you have any doubts, please hold them back. The Snapdragon 600 features a quad-core processor clocked at 1.7GHz, which is an upgrade over the insanely fast Snapdragon S4 Pro seen on the Nexus 4 and the Xperia Z. Expect the HTC One to blaze through everyday tasks and even not-so-everyday tasks. If only there were enough apps in the market to take advantage of all this processing power. The powerful SoC will be complemented by 2GB RAM and an Adreno 320 GPU. Both of which should only add to the raw power of the HTC One. 

Internal storage – 32 or 64GB
The internal storage in the HTC One is capped off at either 32GB or 64GB. There is no microSD card slot, so your choice will be final. This could be a sore point for many fans, who normally bemoan the lack of a microSD slot, something that Sony and Samsung have regularly included in their most recent handsets. The HTC One also comes with free 25GB of Dropbox storage.

Primary camera – HTC Ultrapixel camera
HTC wanted to emphasise “less is more” with the brand new Ultrapixel camera. It essentially is a 4-megapixel sensor with enlarged pixels that capture more light and enhance details of a photograph. In the HTC One’s camera, you will find a BSI sensor with each pixel measuring 2.0 microns, larger than those in the iPhone 5, Galaxy S III and Lumia 920, all of which have1.4 micron pixels and considerably larger than the Xperia Z, which has 1.1 micron pixels in its sensor. The company has shied away from the use of megapixels because it claims that the industry has been misleading consumers by launching phones with more megapixels, but not improving the final image quality. The Ultrapixel camera comes with Optical Image Stabilization (OIS), Smart Flash (Five levels of flash automatically set by distance to subject), HDR mode in video recording, continuous shooting and VideoPic, slow motion video recording with variable speed playback. It can shoot 1080p video. Other features include retouching of images after the fact including removing objects, smile detection and sequence shot.

One camera-related feature that HTC is really pushing is HTC Zoe. When in Zoe mode, the camera captures 5 photos before you press the shutter and another 15 after you do. It also shoots a 3-second HD video clip besides giving you the 20 pictures. This gives you short clips with audio, which are called Zoes. These short videos will then be stitched together to create a more immersive and visually impressive clip. A Zoe can be posted to HTC’s site, where it will remain for 180 days. The HTC One will even combine Zoes with animated images, transition effects and music, like an automatic movie editor.

Front-facing camera – 2.1-megapixels with HDR
The 88 wide angle lens on the front-facing camera of the HTC One, means better video calls when there is more than one subject. The camera can shoot 1080p video, which is fast becoming a standard for front-facing cameras. Self-shots will turn out nice with the integrated HDR capability. However, we are not sure anyone would have missed this feature.

htcone_silver

Sensors – Accelerometer, gyro, proximity, compass
Nothing new here, but the phone’s capabilities would have been highly affected if they were missing. There is an infrared blaster built into the power key to use the phone as a remote control. HTC has bundled in an app as well to help users take advantage of this feature. 

GPS – Comes with A-GPS and GLONASS
HTC has integrated GLONASS support as well as Assisted GPS. Lack of GLONASS would have been a glaring omission and will certainly improve location lock times on the HTC One. 

NFC
The HTC One has an NFC chip and should play nicely with speakers that have this technology. But the NFC chip might not be present on some international variants of the phone.

Battery – Li-Po 2300 mAh battery
Given the specs of the phone, the battery should have been of a higher capacity, but it is still better than the HTC Butterfly, which only lasted just 6 hours and 40 minutes in our video drain test. If you are a power email user or are constantly browsing on the phone, then the 2300 mAh Lithium polymer battery won’t last the entire day. Of course, we are yet to see how HTC have gone about the power optimisation in the phone, so it could be that the current capacity is more than enough, especially as the Snapdragon CPU is said to be power-efficient. We would have ideally liked to see a 3000 mAh battery and also a removable back cover. But it’s been a long time since we saw an HTC flagship with the latter feature. 

The bottom line
There’s no doubt that HTC has managed to impress us with the specs sheet of the HTC One. It is one beast of a phone with the latest CPU, screen technology and a brand new camera experience. It’s also said to bring a better sound experience than its competitors thanks to the two stereo speakers on the front face. On paper, it sounds delectable. However, things could change by the time we get a chance to review the phone. The Galaxy S4 will be hot on the HTC One’s trail and is expected to be a monster of a phone. Having said that, currently the HTC One is the best-specced handset in the market. 

A couple of things could have been better. The overall design is very reminiscent of the BlackBerry Z10 and the two-button setup seems short-sighted and does present a learning curve for new users. There isn’t a whole lot missing from the spec sheets and indeed the One improves on a lot of specifications of the yet-to-be-launched Xperia Z.

Source : Tech2.