Tuesday, 16 February 2016

Google Will Launch a New VR Headset This Year

VR_Headset

Google to Launch a New Virtual Reality Headset

Later in the year, Google would be launching a new virtual reality headset for Android smartphones, according to reports. It is said that the headset would be sturdier as well as sophisticated than the Google Cardboard, the £10 virtual reality headset which had been shipped around five millions units since its launch in 2014.Different from its flat pack predecessor, the new headset of Google is will be having plastic casing and improved sensors together with lenses according to the Financial Times and Google has refrained from commenting on the reports.

Rumours have given further evidence that Google would be taking the growing virtual reality market seriously. Augmented reality firm, Magic Leap which Google has invested greatly, has closed recently, a round of funding which valued it at around $3.7 billion. In January 2016, setting up a virtual reality division, Google CEO Sundar Pichai had informed that beyond early efforts, there would be lot more from them as well as their partners.

If the reports tend to be true, the new headsets of Google would be identical to Samsung’s Gear VR, collaboration between Samsung and Oculus which had gone on sale to consumers late last year.

Replacement to Cardboard – Better Sensors/Lenses/Solid Plastic Casing

Though Google tends to continue focusing on its budget Cardboard headset, there are others in the industry that has developed more high spec-virtual as well as augmented reality technology. The new headset would be a replacement to Cardboard, which Google had launched in 2014, featuring better sensors, lenses together with solid plastic casing.

It is said that Google would be releasing its rival headsets together with new Android VR technology, this year. Similar to the Cardboard and Gear VR, the new headset would be using an existing smartphone inserted in the device, for display as well as most of its processing power. Google Cardboard depends mainly on sensors that are built in modern smartphones to sense the position of the head of the user, while Gear VR tends to be more strongly built, featuring extra motion sensors.

 As the Alphabet unit attempts to bring the technology to a bigger audience, the latest Google headset would be well-suited with a much broader range of Android devices than the Gear VR that would only work with a few of the recent Samsung Galaxy smartphone models.

Enhance Quality of Mobile VR Viewing Experience

Google hopes to enhance the quality of the mobile VR viewing experience, by implanting new software directly in its Android smartphone operating system instead of depending only on traditional app as with Cardboard.

The issue with several present smartphone-based VR viewers is that users tend to feel dizzy or unwell which is due to the virtual images displayed that could lag behind slightly behind the user’s head movement in the real world which is known as latency or unconsciousness. Cardboard has been more successful than expected, with deliveries over 5m units till date, when it had launched the low-cost goggles in 2014.

On improving resolutions as well as latency, the combination of the improved Android software as well as the new headset would enable users to devote longer in VR and also enable developers in creating more sophisticated apps.

Hack' on DoJ and DHS downplayed

DHS

Data Breach – DoJ/DHS

The US authorities had approved a data breach disturbing the Department of Justice, DoJ as well as the Department of Homeland Security – DHS, though restrained its severity. As per technology news site, Motherboard, the hacker has stated that they would soon share personal information of around 20,000 DoJ employees comprising of staff at the FBI.

It was informed by the news site that it had verified small parts of the breach, but had also observed that some of the details listed seemed to be improper or probably out-dated. The Department of Justice too restrained the significance of the breach. DoJ spokesman, Peter Carr had informed Guardian that `the department has been looking into the unauthorized access of a system which was operated by one of its components comprising of employee contact information and this unauthorized access is under investigation.

However, there is no indication at this time that there is any breach of sensitive personally identifiable information. The department has taken this very seriously and is continuing to arrange protection as well as defensive measure in safeguarding information. Any activity which is determined to be criminal in nature would be referred to law enforcement for investigation’

Hacked Data Posted on Encrypted Website

Hacked data which had been anonymously posted on encrypted website and reviewed by the Guardian comprise of a DHS personnel directory and the information listed included phone numbers together with email addresses. These were for individuals who have not worked for DHS for years. Besides this, some of the listings also had out-dated titles.

The encrypted DHS directory had appeared online prior to 7 pm EDT on Sunday and the password seemed to be `lol’. A source demanding responsibility had informed Motherboard who had revealed the story of the hack, that they had compromised the employee account of DHS and had then used the information from it to convince an FBI phone operator to provide access to the computer system of DoJ.

 The hackers had promised to release the information from the DoJ on Monday. At 4 pm EDT, an identical list had been posted on the same site with a DoJ staff directory which had also appeared to be out-dated. In order to assess the hack, during a government wide-meeting, an official compared it to stealing a years old AT&T phone book after the telecom had digitized most of its data already.

Disruption Regularly in Government Data Security

However, experienced officials state that it should be less simple in obtaining access token by imitating an official from a different department over the phone to a help desk.Things tend to be disrupted regularly in government data security and the OPM hack, exposed in June, revealed the deeply researched security clearance of 21.5m present and former government employees together with contractors from phone numbers to fingerprints.

 But the DHS breach seems to be far less severe and it is especially embarrassing considering that the department has been selected the point of entry for all corporate data shared with government agencies in the debated information sharing program between government and industry developed last year, by the Cybersecurity Information Sharing Act. The program wherein private companies tend to share user information with the government in exchange for immunity from regulation had not been accepted from its start at the DHS, which is left holding the bag in the incident of a breach.

Alejandro Mayorkas, DHS deputy secretary cited troubling provision from the bill to Senator Al Franken in a letter sent in July, wrote that `the authorization to share cyber threat indicators and defensive measures with any other entity or the Federal Government, notwithstanding any other provision of law, could sweep away important privacy protection’

Monday, 15 February 2016

Mysterious Spike in Wordpress Hacks Silently Delivers Ransomware to Visitors

ransomeware_hack

WordPress Content Management System – Hacked


A large number of websites which tend to run on the WordPress content management system are getting hacked to deliver crypto ransom-ware together with other malicious software to ignorant end users. Researchers from three different security firms, in the last few days have reported that a huge number of legitimate WordPress sites are hacked, silently redirecting visitors to a sequences of malicious site.

The attack sites tend to host code from Nuclear exploit kit which is available for sale in black market all over the Internet. People who tend to visit the WordPress sites and use out-of-date versions of Adobe Flash Player, Adobe Reader Internet Explorer or Microsoft Silverlight would find that their computers are infected with the Teslacrypt ransomware package which encrypts user files, demanding a heavy ransom for the decryption key required to restore them.

According to Malwarebytes Senior Security Researcher, Jerome Segura who had mentioned in his blog post published recently stated that WordPress sites are considered to be injected with enormous recommendations of rogue code which tends to silently perform redirection to domain appearing to be hosting ads. This could be a distraction and fraud since the ad comes with more code which sends the visitor to the Nuclear Exploit Kit.

Google’s Safe Browsing Mechanism


The compromised WordPress sites observed, had been hacked to include encrypted code towards the end of all legitimate JavaScript files according to the latest blog post published by website security firm Sucuri. It is said that the encrypted content seems to vary from site to site.

To avoid detection from researchers visiting the compromised site, the code makes efforts to infect only first time visitors and to further hide the attack, the code then redirects end users through a series of sites prior to delivering the ultimate malicious payload. Google’s Safe Browsing mechanism, Sucuri which browser maker then to use in helping users to avoid malicious websites had mentioned that Google had blacklisted some of the Internet domains that were utilised in the scam.

However, a post published recently by Heimdal Security listed an altered domain with the probability that the attackers seem to frequently refreshing as the old ones tend to get identified. Moreover, Heimdal Security also cautioned about antivirus programs could do little in protecting end users.

Enhanced Mitigation Experience Toolkit - Microsoft


The exploit code for instance had been detected by only two of 66 leading AV packages, towards the latest part of the campaign, while the payload it delivered has also been limited.The most recent reminder of the attacks are that people could be exposed to powerful malware attacks even while visiting legitimate websites which could be trusted.

 The best defense would be to install security updates as soon as they tend to become available for such drive by attacks. Other systems comprise of running Enhanced Mitigation Experience Toolkit of Microsoft on any of the Window based computers using the 64-bit version, if possible, of Google’s Chrome browser. It is not known how the WordPress sites tend to get infected.

 There could be a possibility that administrators may be failing in locking down the login identifications which may enable the site content to be changed. It could also be likely that the attackers may be exploiting unknown vulnerability in the CMS, which is one of the plugins used, or the operating system they tend to run on. When a system is infected, the website malware tends to install various backdoors on the webserver, a feature which could result in several hacked sites being repeatedly re-infected.

Police Train Eagles to Take Down Drones on Sight


eagle

Eagles Trained to Bring Unmanned Drones Down in Emergency


The Dutch National Police force has revealed that it would be training eagles in bringing down unmanned drones in emergency cases. The purpose is to disable a drone which may for instance, tend to wander in the airspace of a city centre or an airport or without the danger of falling from the sky and on anyone below.

Development of anti-drone UAV are also taking place though it presently seems to be simpler and cheaper in the use of nature’s greatest hunters instead of one of humanity’s lest dependable robots to do the task. It is reported that the Dutch police will be working with a company known as `Guard From Above’, or a translation of that name for training of the eagles, a firm in The Hague who tend to specialize in training birds of prey for private security, in helping to protect the skies from rogue drones.

With the training, the eagle tends to recognise the drones as prey which they disable with the claws. Thereafter the eagle deposits the drone in a space which is distanced from civilians. A specific example, which was posted to YouTube, the eagle picks out a DJI model and does it quite effectively.

Drones Getting Cheaper & Accessible


So far, the project seems to be under trail with the police assessing if they want a full fleet of drone busting birds of prey. The police have also been working on other systems to take the drone out from the sky including hacking the drone as well as just using a net or the combination of both.

However, the potential of the eagle tends to provide more flexibility once the machine is recovered. Eagles in the wild have portrayed a natural inclination in attacking drones on sight as hawks, rams and chimps and thus it may not be the most awful idea if the safety of the animal can be assured.

Drones are getting cheaper and much more accessible, increasing the apprehension that they could be utilised by criminals or terrorist groups. Taking this into consideration, recently the Japanese police force has announced that they would organise a battalion of anti-drone officers and disable drones.

Animal Instinct of Bird of Prey – Exceptional


The Netherland’s Police had mentioned in a statement that `in future, drones would be used progressively and hence it would increase the number of incidents regarding drones and could also be utilised for criminal purposes. The security firm state that the technique used is not harmful to the birds and is not dangerous than the scraps they get into with prey in the wild.

 Their feet are heavily scaled to precisely protect them from sharp bites, scratches and slashes. Nonetheless, the company has been working with the Dutch Organization for Applied Scientific Research to evaluate whether the propellers of the drone tend to affect the claws of the bird. `Guards from Above’ had mentioned in a press release that they used birds’ natural hunting instincts to intercept drones and this was done safely, accurately and quickly.

The animal instinct of a bird of prey is exceptional and capable of overpowering fast-moving prey. At times the solution to a hypermodern problem is more obvious than one might imagine.

Friday, 12 February 2016

Google Now Blocking Websites That Show Fake Download Buttons

Blocking

Blocking Deceptive Content/Ads through Google’s Safe Browsing


As reported by online source, Google will be helping more users in avoiding sites which post deceptive ads and content has begun blocking website that tend to do so, to ensure that users do not indulge in fake download button.

This may appear right near the real download button or pup-ups, challenging phone tech support to remove million malware infections which may be deceptively found on the computer. The blocking would take place through Google’s Safe Browsing tech that one would have perhaps seen earlier. It is the big red interstitial which seems to appear when one clicks on a dodgy search result.

Safe Browsing has been for some time though it only prevents the user from visiting sites which were serving up malware or sites which Google had considered unsafe. However, in November, Google had begun blocking sites that utilised `social engineering attacks, in order to get the user to install unwanted software or to reveal sensitive information.

Presently Google has been expanding that to websites which tend to serve up deceptive embedded contents. The new block, specially is against deceptive embedded content which translates to `deceptive ads’.

Google to Display a Big Red Warning


When searching for something, the sites with the shady misleading ads which tend to claim that you need to install a certain type of plugin, product or a toolbar would generate a big red scary unfriendly STOP screen, misleading the user to a deceptive button.

 This is a development to a change which Google has made to search returns back in November when it began blocking sites it envisaged were utilising some type of social engineering attack to make you divulge information which otherwise one would not reveal. As Google had explained on its Online Security Blog, sites that have any kind of ads which deceptively attempt to imitate actual site functionality would now be considered as `social engineering’.

 This would comprise of fake download buttons, cautioning that software that one has is `out of date’ and fake notifications to update like Flash player. Whenever a site tends to use this tricks, Google would be displaying a big red warning prior to the visits of the site by the user. This would discourage shadier sites from utilising underhand attempts to trick users on clicking on ads or make attempts in preventing them from getting tricked.

Essential to Refresh Page Prior to Viewing Social Engineering Ads


For the webmasters, this change would be especially difficult. Hosting of deceptive content on the site is one thing though deceptive third party content served by casual ad server would be a bit difficult to police. Webmaster knowledge base of Google does not seem to provide much help, though to note that `ad networks could be rotating the ads shown on the site’s pages.

 Hence it could be essential to refresh a page a few times prior to viewing any social engineering ads that appear. For the others, this would be a longed-for change. Though the usage pattern seem to be unstable, Google Search tends to drive billion of website clicks each day and several of these websites tend to still depend on Google traffic to stay afloat and this could be the start to an end for fake download buttons.