Tuesday, December 13, 2016

Legion hacker group set eyes on sansad.nic.in; seem to be cyberdacoits, bring them down

Legion hacker group set eyes on sansad.nic.in; seem to be cyberdacoits, bring them down

By 
The Indian State has been threatened. Make no mistake. Banks, hospitals and Parliament are our institutions and a fitting response has to be given.
Attacker: Legion
Targets:
 Rahul Gandhi. Vijay Mallya. Barkha DuttRavish Kumar.
Next Target-Wannabe: Lalit Modi.
New Targets: Banks, Hospitals & sansad.nic.in aka BIG FISH
One can be tempted to bracket the hacking done by Legion as a sign of the dystopian times that we live in. There are enough straws to indicate that: a group of renegades dabbling in weed, smoke and mirrors, security codes and a na├»ve sense of superiority.
One can also be equally tempted to decipher deep meanings from the hacking about the nature of hidden angst and its manifestations. Again, there are enough crumbs leading that trail: a group of Robin Hood style do-gooders disillusioned with the ways of world boldly taking the battle to the rich and the powerful.
Powder puff and romanticism aside, the reality is as cold as steel. Legion is a group of people with uncommon hacking skills that’s not the plain vanilla variety that India has encountered till now. In short, Legion is bringing into India, for the first, international standard hacking. Ask security experts. It’s not easy to hack into Google and Twitter servers. Nor is it a walk in the park to design a tool to sift through terabytes of data.
Let’s not kid ourselves. Legion is clear and presents danger. Forget their ‘g33ky’ lingo and snigger-worth references to “balloons filled with Zykon B” (which, by the way, is cyanide-based pesticide). Forget them being fanboys (and fangirls) of ‘progressive house music, Brian Eno, Aphex Twins and Global Communications’. Wipe out that Rastafarian story of languid pace and peaceful contentment that you are building about them in your head.
Legion is a wake-up call for a transforming (read digital) India. The alarm bells are ringing loud and clear in three domains.  The first bell is clearly meant for our law enforcement institutions. This is not the first time that our cops and sleuths have been caught deer-like. The sorry figure cut by intelligence agencies on the @shamiwitness aka Mehdi Biswas case was filled with lessons. They should have been learnt. Yet, we are again seeing the same story.
On paper, India by now is supposed to have a National Cyber Coordination Centre and a National Critical Information Infrastructure Protection Centre. At least that’s what the National Cyber Security Policy of 2013 recommends. Yes, the policy also promises “to create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions… and create a workforce of 5,00,000 professionals skilled in next five years through capacity building skill development and training”. Good words, nicely written. What now?
The second bell is meant for organisations and institutions using digital payment gateways.  The focus has always been on either using the digital medium for greater reach, efficiency and effectiveness or for creating new product and service lines that can be sold directly to the consumer. Of course, the logic of the business model demands that the transactions take place in the simplest possible manner: from Point A to Point B. But lost in this logic of making everything simple is the question of security of personal and financial information. The government institutions have a greater responsibility, at least a couple of notches above any private organisation and institution.  After all, in a democratic India, the government with all its warts and pimples is still representative of our collective will.
Like it or not, cybersecurity of critical institutions and organisation is a matter of national security. And, there are solutions. Every single piece of data, every bit and byte, passing Indian internet and telecommunication pipes can be intercepted, stored, analysed and workable intelligence generated out of it. Germany, France and United States of America are quite good at it. India has had similar ambitions in the form of developing and deploying a central monitoring system (CMS). Maybe, it’s time?
The third bell is for us: as a collective and as an emerging community of digital natives. It gives us vicarious pleasure to see other people’s accounts hacked and their personal information coming out into the public domain. It could happen to you too. Of course, some of the injustices are stark and cannot ever be ignored: how can Vijay Mallya live it up when he hasn’t paid the salaries of Kingfisher employees? Sure, good question, but a different debate. Classic, contemporary and post-modernist arguments of freedom, privacy, democracy, rights and entitlements aside, isn’t it time for us to start pointing out the elephants and unicorns of all shades in the room? Where does freedom begin and privacy end?
The hackers of Legion are not Julian Assange or Wikileaks. They are also not old style investigative journalists who brought down tobacco companies and mining barons. They are cyberdacoits. They need to be brought down.
Attacker: India
Target:
 Legion Hacker
Wannabe Target: Copycat Hackers
New Targets: Loading…

Legion: Here’s how to keep your online accounts safe from malicious attacks by hacker groups

Legion: Here’s how to keep your online accounts safe from malicious attacks by hacker groups

Representational Image
By 
The hacking group Legion seems to be going after high level targets, in a campaign similar to the one executed by OurMine. The Legion group does not seem to be as sophisticated as OurMine, because they are choosing targets from an already compromised data, instead of deliberately finding ways to take down marks of interest. There are some elementary safety precautions that you can take to secure yourself against attacks by groups such as Legion.
One of the OurMine takedowns of Mark Zuckerberg’s social media accounts compromised Twitter and Pinterest at one go. Zuckerberg apparently used a “dadada” as the password, even though Zuckerberg is safe enough to physically put a tape over the webcam of his laptop. Being paranoid is a good idea when it comes to information security, and every additional security measure helps, even if it is a bit of tape. The main takeaway from the attack is to use different passwords for different accounts.
zukerberg_tapes
Paranoia is a security feature
The leaked passwords used by Vijay Mallya in the hack showed that he had taken this precaution to a certain extent. A number of base text strings were used, with variations added on top. Now someone who has access to these base strings and variations can attempt to guess passwords for new accounts. It is important to constantly cycle passwords for critical accounts, and not share the same passwords across services. Variations might be simple to remember, but it is more secure to have completely different alphanumeric strings.
Lastpass is a password manager that works across platforms.
Lastpass is a password manager that works across platforms.
Keeping track of multiple usernames and passwords can be daunting, a secure password manager such as LastPass is better than saving your passwords in a notepad file in your email inbox. The mobile application available on iOS and Android allows users to store their passwords behind the biometric security offered by a fingerprint scanner. One common mistake is to write down your passwords on a sheet of paper, it is worse to list all your usernames and passwords on a single sheet of paper.
Asus ZenFone 3 Laser 18
Constantly cycling passwords protects users from compromised dumps. If a service offers two factor authentication, it is better to activate it to prevent hostile takeovers to accounts. Most popular email, social networking and content distribution platforms support two factor authentication. Another vector of attack is through the secret questions set at time of account creation. Do not key in the actual answers to the questions, as someone who knows users personally can guess the answers. Instead use obscure questions, as well as hard to guess answers, even if a known person attempts to takeover your account. Guessing the answers to the secret questions is one of the most common ways accounts are compromised.
Haveibeenpwnd shows which data breaches contain your data.
Haveibeenpwnd shows which data breaches contain your data.
It is a good idea to check if any of your accounts have already been compromised. Haveibeenpwned is such a service that allows users to check if their email addresses or usernames are compromised in any of the large well known data dumps. These are large dumps of login credentials farmed from compromised third party sites.
The site will let you know in which dump your credentials appear, and you can take steps to safeguard that account. There is also a mention of what details were compromised in the particular hack. Users can sign up to be alerted when their accounts are compromised in future hacks. Checking the site periodically is a good idea to keep your accounts safe.

Harvard scientists identify aerosol that can cool the planet and repair the ozone layer at the same time

Harvard scientists identify aerosol that can cool the planet and repair the ozone layer at the same time

By 
The Paris Agreement is a historic global effort to combat global warming by taking steps to reduce carbon based emissions. However, just reducing emissions may not be enough to tackle the problem. A drastic measure for geoengineering the atmosphere is to release large amounts of sulfate aerosols in the atmosphere, which happen naturally after major volcanic eruptions. These aerosols cool down the atmosphere by reflecting sunlight back into space. However, the problem is that the same aerosols also damage the ozone layer, leading to increased risk of UV light exposure.
The UV light exposure can adversely affect human beings, by causing eye damage and increasing the chances of skin cancer. Researchers from the Harvard John A. Paulson School of Engineering and Applied Sciences (SEAS) have found an aerosol that not only cools the atmosphere, but repairs the ozone layer at the same time. The research is published in the Proceedings of the National Academy of Sciences.
“This research is a turning point and an important step in analyzing and reducing certain risks of solar geoengineering,” said David Keith, the Gordon McKay Professor of Applied Physics at SEAS.  Frank Keutsch, the Stonington Professor of Engineering and Atmospheric Science at SEAS said “Essentially, we ended up with an antacid for the stratosphere.”
Previous research in the area was focused on nonreactive aerosols to reduce the damage done to the ozone layer. The Harvard researchers focused on highly reactive aerosols, that can have potentially beneficial effects. The researchers scanned the periodic table to identify potential candidates for geoengineering. After a process of eliminating unpredictable elements, rare earth metals and toxic substances, Alkali and Alkaline Earth metals emerged as potential candidates.
The researchers are testing the use of calcite in lab environments that simulate the atmosphere. The research teams will be a part of the Harvard Solar Geoengineering Research Program, to be launched next year. The interdisciplinary program is expected to be one of the most extensive and far reaching solar geoengineering research effort ever undertaken.

EU has planned a new security draft which will put strict restriction on WhatsApp and Skype

EU has planned a new security draft which will put strict restriction on WhatsApp and Skype

Image Credit: WhatsApp
Messaging services such as Microsoft’s Skype and Facebook’s WhatsApp face stricter rules on how they handle customer data under new security laws due to be proposed by the European Union, according to a draft document seen by Reuters. The EU executive wants to extend some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, according to the draft.
Web services will have to guarantee the confidentiality of communications and obtain users’ consent to process their location data, mirroring similar provisions included in a separate data protection law due to come into force in 2018.
“Moreover, it generates an uneven playing field between these providers and electronic communications service providers, as services which are perceived by users as functionally equivalent are not subject to the same rules.”
A European Commission spokeswoman declined to comment on the draft but said the aim of the review was to adapt the rules to the data protection regulation which will come into force in 2018 and simplify the provisions for cookies. Telecom companies, barred by current rules from using customer data to provide additional services and make more money, will be able to use customer data with their consent, according to the proposal.
It would also remove the obligation on websites to ask visitors for permission to place cookies on their browsers via a banner if the user has already consented through the privacy settings of the web browser. Cookies are placed on web surfers’ computers and contain bits of information about the user, such as what other sites they have visited or where they are logging in from. They are widely used by companies to deliver targeted ads to users.
“If browsers are equipped with such functionality, websites that want to set cookies for behavioural advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft said.
Many have questioned the effectiveness of such cookie banners which appear every time a user lands on a website because people tend to accept them without necessarily reading what that entails. “While such banners serve to empower users, at the same time, they may cause irritation because users are forced to read the notices and click on the boxes, thus impairing internet browsing experience,” the draft said. The proposal is set to be unveiled in January and may still undergo changes.
Reuters

Microsoft launches app to let users stream Xbox One titles on the Oculus Rift

Microsoft launches app to let users stream Xbox One titles on the Oculus Rift

By 
Microsoft has launched the free Xbox One Streaming app for the Oculus Rift. Users will need a Windows 10 PC, an Xbox One and Oculus Rift on the same wireless network for the streaming to work. At launch there is support for Gears of War 4Forza Horizon 3, and Halo 5: Guardians. Support for more titles, including sport and indie titles are planned for 2017. A few backward compatible Xbox 360 games will also be supported.
The feature is an extension of a feature that allowed Xbox One titles to be streamed to a Windows 10 machine. The Oculus Rift works with Windows 10 natively, so there is no need to install or configure additional software. The machine should be capable of supporting VR experiences, so the minimum requirements are on the higher side. Users will also require a free Xbox One Live account for the streaming feature to work. An Xbox One controller is used as input for the titles.
Previously, the Microsoft and Oculus teams had worked together to bring Oculus Rift support to the beta version of Minecraft: Windows 10 Edition. The experience allows users to play Minecraft on a virtual flat screen television, or dive into the game at any point for an immersive 360 degree Minecraft experience. At the Microsoft’s Windows 10 “Creators Update” event in October, Microsoft demonstrated its own VR glasses.

Twitter CEO Jack Dorsey will interview Edward Snowden on Periscope

Twitter CEO Jack Dorsey will interview Edward Snowden on Periscope

Jack Dorsey is the CEO of both Square and Twitter. Image: Reuters
By 
Jack Dorsey will conduct an interview with Edward Snowden on Periscope. Jack Dorsey is a known supporter of the Pardon Snowden movement, an initiative that aims to get a presidential pardon for Snowden.
Snowden blew the whistle on the NSA spying on US citizens without democratic consent, and pushed the tech industry towards taking more steps to safeguard the privacy of their users. Other known supporters of the Pardon Snowden campaign include Steve Wozniak, Tim Berners-Lee, Neil Gaiman and Mark Ruffalo.
Edward Snowden famously exposed the illegal surveillance of US citizens by agencies. He has been on the run since then, and there has been a campaign to bring him back to the United States after being granted a pardon for spying on the spy agencies spying on the citizens. Snowden describes himself succinctly on Twitter as someone who worked for the government and now works for the public.
Snowden is popular all over the world for defending the right of privacy, particularly in Europe, which has much stronger privacy laws as compared to the United States. In Germany, fans of Snowden asked President Barack Obama if he could pardon Snowden,but Obama ruled out the possibility as the proper procedures were not initiated in the courts in the first place for the pardon to be granted.
Snowden is reportedly working on an iPhone case that prevents any kind of surveillance. He has also warned users against using Google’s instant messaging application, Allo, for holding secure and confidential conversations.
In India, the time for the interview works out to around 10:30 PM, tonight. The live Periscope interview will be hosted by the @PardonSnowden Twitter account. Users can submit questions for Dorsey to pose to Snowden using the #AskSnowden hashtag.

Related Posts Plugin for WordPress, Blogger...