Cyber Attacks That Made Ciso's Rethink Security- Top 5

Cyber Attacks That Made Ciso's Rethink Security- Top 5

It is been predicted that by the 2020 30% of global enterprises will be directly or indirectly compromised by the group of independent cyber activists or cyber criminals. Now a days Cybercrime is considered a profession to evade security controls where malware and exploit kits are created and sold with guarantees. An American information technology research Gartner estimates that $71 billion was spent on information security by various business but close to $400 billion was lost globally as a result of cybercrime.

Today Security is based on the basis that one can notice whether something is good or bad for e.g. web, email, files etc.  The basis is fundamentally weak as Malware continues to be cracked even the latest security technology.  The CTO Mr. Kowsik Guruswamy of Menlo Security has identified five different malware attacks that have had a deep impact on the Cyber security industry.

Let’s see the below:

Regin

Since 2008 Regin was used to spy on governments, infrastructure operators, businesses, researchers and individuals. It was not designed by someone who is looking to make quick buck and run away.  Regin is highly sophisticated five-stage threat which is fully encrypted with payloads, modular design and which is been around since 2008, is a force to deal with.  It is an extensible malware platform which has the ability to extend the core with highly targeted payloads which in turn is used for the long term collection of data and continuous monitoring of individuals.   This kind of Cyber reconnaissance was seen first time which was used as collateral not only against enterprises but also against nations and governments.  Regardless of its sophistication the infection vector of Regin aka Dropper was just another browser-based exploit like phishing site.

QWERTY (Regin revisited)

January 2015, researches linked a QWERTY keylogger plug-in to the Regin cyber-attack platform through the code given by SPIEGEL.  This QWERTY discovery was noteworthy for the security industry, nevertheless Regin malware continues to pop-up it the systems regardless.  Inside encrypted and compressed Virtual file system these QWERTY plug-ins are stored, however they don’t exist directly on the victim’s machine in native format.  As we all know that our lives depend on web and web based infection vectors are growing at a rapid pace now a days. 

SoakSoak

More than a lakh WordPress sites were infected by malware called SoakSoak in December 2014 which turned the infected sites into attack platforms.   This malware provided an perfect  example of vulnerable services becoming infection vectors themselves through internet downloads.  Malware authors have an immense install base to influence any vulnerability that shows up on the publishing platform as more than 70 million sites use WordPress as their content management system. At particular time Google flagged 11,000 sites but that wasn’t sufficient to track and patch many of the infected sites, without knowledge to the owners these sites are being used to serve malware.

Skeleton Key

Now a days the cyber kill chain is getting more smarter and more sophisticated, and malware which focuses on data extraction is on the rise.  Skeleton key was firstly seen in January 2015 which targets the keys to the authentication kingdom, such as AD controller.  Firstly it infects the AD administrators (possibly via web) this malware subsequently applies an in memory patch to the AD controller allowing it to masquerade as any other user to gain access to their data and email.  This malware completely evades existing detection mechanisms as it generates no abnormal network activity.  While the CTU researchers did not explicitly talk about the drop phase of the malware, it's likely to be web-borne and we are not surprised that signature and virtual execution products did not detect and stop this in the first place.  As being in the industry the real question is to ask ourselves is how, not if, these types of malware can be completely eliminated.

Google AdSense (malvertising)

 

More than 100,000 new websites come online every single day. When scammers began abusing Google AdSense for malvertising in January 2015, a single webpage would load up to eight different third-party scripts, resulting in the fetching of resources from about 250 unique domains. Because Google does not, and cannot, inspect the exact content served up on its platform, it only takes one of the ~1,600 "certified" ad networks to be hijacked. All of this untrusted and unknown content is executed on unsuspecting endpoints, resulting in a tremendous amount of risk any time a user visits a popular website. In this particular instance, the malvertising was aggressive and was forcing a redirect to a malware-serving page without user interaction. If the attack was subtler, chances are that this would've gone unnoticed for a long time.

Eliminating Malware

Any attempt to categorize a website as good or bad, with respect to malware, is a false notion and we are fooling ourselves into thinking that this is even possible. With billions of dollars being spent on enterprise security, we are nowhere closer to securing our users or making the Internet a safe place. As an industry, we need to step back and think about definitive ways to eliminate attacks, not just detect them or react to them after the damage is already done.

Facebook acquires Voice Recognition Firm, targets Apple Siri

Facebook acquires Voice Recognition Firm, targets Apple Siri

In ambition to extend its reach beyond computers and smartphones Facebook Inc acquired a company that makes voice recognition technology for wearable devices and internet-connected appliances.

On Monday Facebook announced it acquired wit.ai without providing a price for the deal. Wit.ai is a 18-month old company based in Palo Alto, California, makes software that can recognize spoken words as well as written text phrased in “Natural Language”

A representative from Facebook declined to provide details on how Facebook is planning to use this voice recognition technology or with in which group of Facebook wit.ai team would work.

The deal comes as technology companies are racing to bring internet connectivity to a new crop of devices, from watches to washing machines. Voice recognition, the technology that helps power services such as Apple Inc's Siri, is considered a key building block for the new devices to earn mainstream consumer appeal.

Facebook, the world's largest internet social network, with 1.3 billion users, is increasingly looking beyond the PCs, tablets and smartphones currently used to access its service. In March, it acquired virtual reality headset maker Oculus VR for $2 billion.

The deal for wit.ai is likely to have been significantly smaller. Wit.ai announced in October that it had raised $3 million in a funding round led by venture capital firm Andreessen Horowitz.

Strangest Phones Ever Made By Nokia

Strangest Phones Ever Made By Nokia

Nokia designed some good but strange-looking devices in this period.

The former cell phone hulk is no more, as this giant industry continues to shift away from designing mobile devices to developing networking gear.  Ever since the company has prevent from returning to mobile making in the future, now it’s the best time to look back at its design heyday.

During the years of 2000’s when mobile devices were the must have gadget, Nokia would surprise its customer base every week with a new design – sometimes with traditional or astound phone with variety and delightful shapes.

However they weren’t the most popular devices Nokia had.  For instance the Nokia 7600 was squareish device with round croner’s with jewel design, as defined by some.  But it seemed silly to hold, make alone to call with.  And sold in low thousands.

Nokia 3650 was one of the more traditional with bold design, reimagined with an older rotary dial pad.  Wasn’t the most popular device the company ever made but the props made by the designers were something eccentric.

Nokia devices were designed to have core function like gaming or music devices.

It was a good time. It was a different time. So, why not relive it?

Cheapest Smartphone By Google - Android One

Google's Smartphone Launch In India- 

Andriod One

Google has launched in India the first smartphones under its Android One project, pricing them at Rs 6,399 ($105) to capture the low-cost segment of the world's fastest growing smartphone market.

The Mountain View-Based company tied up with Indian mobile players Micromax, Karbonn and Spice Mobiles to launch the affordable phones, which are powered by its Android operating system and aimed at emerging markets.

After launching in India, Google said it plans to expand Android One to Indonesia, Philippines and other South Asian countries by the end of 2014 and in more countries in 2015.

Google outlined the pricing and expansion details in a marketing document seen by Reuters.

India is seen as a lucrative market for low-cost smartphones because many people are buying the devices for the first time. Just 10% of the India's population currently owns a smartphone, brokerage Nomura said in a recent research note, and that figure is likely to double over the next four years.

Google, however, is not the only company jostling for a share of the Indian market.

There are at least 80 smartphone brands in India and analysts say the Android One phones must offer customers more than just affordability if it wants to compete with similarly priced devices made by Samsung Electronics, Motorola and Xiaomi.

"The initial pricing never sticks but it'll be tough for them to compete if they don't come down further," said Neil Shah, research director for devices and ecosystems at Hong Kong-based technology research agency Counterpoint Research.

In June, Google had announced the launch of the Android One project, which aims to boost demand for low-end Android smartphones by vastly improving their quality.

Currently, many cheap emerging market smartphones run different and somewhat customized versions of the Android operating system, which along with the many variations in hardware make apps on those phones prone to glitches.

iPhone Screen Size Affects iOS Developers

Affect Of iPhone Screen Size of iOS Developers

Apple may have challenged iPhone developers to figure out how best to support the different screen dimensions of the new iPhone 6 and 6 Plus, something that Android developers have been doing for years.

Pixel-perfect screen designs have been a trademark of native iOS development from day one. A tradition that with the introduction of new iPhone screen sizes may have to give way to adaptive screen design across the platform. Native iOS developers tend to cater to specific devices mores than mobile web and Android developers. But when the number of variances in screen sizes gets out of control, all you can do is gravitate more towards an adaptive or responsive approach in your app’s design. Prior to the iPhone 6, there have been very few screen size differences to contend with in the iOS world compared to Android.

It is the iPhone 4S that is irregular, not the iPhone 6 Plus

When looking at the screen dimensions for each of the different iPhone models supported by iOS 8, only the iPhone 4S supports a 3:2 aspect ratio. The iPhone 5, 5C, 5S as well as the new iPhone 6 and the iPhone 6 Plus all support a 16:9 aspect ratio. Moving from the iPhone 4 to the iPhone 5, Apple kept the pixel width of the different screens constant at 640. It was the pixel height that changed from 960 to 1136, which transitioned the iPhone from a 3:2 ratio to 16:9. With the iPhone 6 and the iPhone 6 Plus, both the width and the height changed keeping the aspect ratio fixed at 16:9 across all iOS 8 supported iPhones, except the iPhone 4S.

The shorter dimensions of the iPhone 4S compared to the other iOS 8 supported iPhones makes it more difficult to support when it comes to screen design. Simply put, designs don’t scale well when crossing over to a different aspect ratio. But this is not a new challenge for iOS developers to contend with; this has been a part of iOS 7 development all along. As a result, there are still some iOS 6 apps out there that do not conform to the 16:9 screen dimensions of the iPhone 5 and center themselves on the screen, leaving blank black bars of dead space across the top and bottom of the device.

The good news about the screen dimensions on both the iPhone 6 and 6 Plus is that all of the effort put into redesigning apps to take full advantage of the iPhone 5 screen size will, for the most part, scale nicely on both the iPhone 6 and the iPhone 6 Plus.

Designing screens specific to a device

Out of the gate, Apple has made every effort to keep apps that were specifically redesigned in iOS 7 for the iPhone 5, 5C and 5S to look as good as possible in iOS 8 on the iPhone 6 and 6 Plus. The auto-scaling capabilities built into iOS will look better than the letter-boxing effect app owners had to deal with as developers redesigned their screens from the 3:2 aspect ratio inherent to the iPhone 4 and 4S to the taller, more slender 16:9 ratio of the iPhone 5. Meaning, if you buy a device with a larger screen, you will actually get to use the larger screen.

That does not mean that similar to the “Designed for iPhone 5” app updates of 2012 and 2013 we will not start seeing “Designed for iPhone 6” updates to our favorite apps. There is more screen real-estate to potentially design for. In particular, icons, graphics and other UI elements will now need to support the @1x, @2x and the recently introduces @3x pixel sizes, otherwise things might start to look a bit blurry. Mostly iOS developers will have to learn to take advantage of some of the new Adaptive Layout features in iOS and keep their screen designs more flexible rather than pixel perfect. Designing apps that adapt will likely be the standard for apps targeting the iPhone 5 and iPhone 6 screen sizes, but the iPhone 6 Plus may prove to be a bit more of a challenge.

What is likely to prompt developers to redesign some of your favorite iPhone apps will be the changes introduced by the iPhone 6 Plus and its enhanced support for landscape mode. Many iPhone specific apps lock their orientation to portrait mode. You may have noticed that these particular apps do not rotate when you told your screen. This is primarily because in many scenarios on the iPhone, landscape mode just does not have enough space to design a decent app.

With the iPhone 6 Plus’s larger screen, Apple has started supporting the home screen in landscape mode as well as a more iPad-like split view for iPhone 6 Plus apps. This will likely require some major updates to customize the user experience on the iPhone 6 Plus, especially when designing app extensions. The time it will take to redesign portrait-only screen layouts of an iPhone only app could equal that of transition to a universal app that also supports the iPad.

So how does Android handle it?

While supporting a wider variety of screen sizes may be new to iPhone developers, it certainly is not new to Android developers. The latest information from Open Signal shows that as a platform, Android has become increasingly more fragmented each year when it comes to the number of manufactures, different devices, OS versions and variances in screen sizes. There were 18,796 distinct Android devices this year compared to 11,868 last year and only 3,997 in 2012. Keeping track of all of the different screen resolutions on Android can in itself be a full-time occupation.

An interesting dynamic that was added to Open Signal’s analysis of the fragmentation data this year was the discovery of a correlation between the market share of the top five devices in a give market segment and that country’s gross national product per capita (GDP/Capita). The data shows that the higher the GDP/Capita, the less fragmentation there is in that country. As an example, here in the U.S. the top five Android devices represent forty-five percent of the market. That drastically cuts down on the number of devices one has to consider supporting compared to Madagascar where the top five devices represent only eight percent of the overall Android market.

Apple may have just introduced a third category for asset densities within in an iPhone project (@3x), in contrast Android supports six generalized screen densities (dpi, mdpi, hdpi, xhdpi, xxhdpi, and xxxhdpi). The goal for Android developers is to achieve what is referred to as density independence, basically avoiding situations that make graphics, buttons and icons appear oversized on different screens.  And that’s a situation that iPhone developers will now have to contend with.

YouTube Offline Availability

Youtube Availability Will Be Offline Now In India

In the coming few weeks, much of YouTube is going to be available offline in India, said Caesar Sengupta, vice president, product management at Google in the capital on Monday. "It's a very common way to use YouTube. You find videos you like, you tend to watch them over and over again," he said at the launch of Android One in the capital.

A Google spokesperson says that the offline availability will be the content owner's prerogative. "It will be available by default. Content owners can decide if they want to opt into it," the spokesperson said, adding that views of the videos and ads will be kept track of offline as well.

Kanan Gill, who runs a YouTube series called Pretentious Movie Reviews along with fellow film reviewer Biswa Kalyan Rath, says that while the idea itself is "awesome", it is something that will need testing for content uploaders like him once made available. "It probably makes sense to have longer videos and podcasts made available offline so that people can watch it or listen to it at leisure," says Gill, who has nearly 85,000 subscribers to his YouTube channel.

Standup comedian Rohan Joshi, part of the group AIB that uploads humorous videos on YouTube regularly, says that if there is an accurate way to monitor views and ads, the new feature would work well. "There are a lot of internet connectivity issues in India. So that way, it is good, more people will watch these videos," says Joshi. AIB has over 6 lakh YouTube subscribers.

So far, web services like "keepvid" and "clipconverter" could be used to download YouTube videos on to a laptop or a desktop. However, the legality of using such services is questionable. In this case, a user would have the content owner's consent to have the video available on their device, offline. 

Leaked Images Of New Microsoft Nokia Smartphone

Leaked Images Of New Microsoft Nokia Smartphone

Microsoft recently announced three smartphones with Nokia branding, named Lumia 830, 730 and 735. However, this launch was soon followed by reports of Microsoft doing away with Nokia branding on future mobile phones. And now we have the leaked photos of the first smartphone sans the Nokia name.

The images, leaked by French website Nowhereelse.fr, show a big-screen smartphone with ultra-thin bezels, suggesting it may be a top-end device as most manufacturers keep such design innovations for their top models.

Above the display where usually the Nokia name is seen is the branding of Microsoft. Thus, this smartphone may be the first one to bear the Microsoft name. However, the smartphones in the upcoming range will continue to be called Lumias, reports suggest.

Earlier, a report said that Lumia 830, 730 and 835 will be the last smartphones to hit the market with Nokia branding. As part of the deal with Nokia, Microsoft can use the Nokia brand on its mobile phones for a period of 10 years.

It also said that Microsoft will do away with the 'Phone' in the name of its mobile operating system Windows Phone. In July, CEO Satya Nadella had announced that all major versions of Windows will eventually merge into one platform.

According to the rumor mill, the next major version of Windows operating system will integrate various Microsoft software together.