Monday, 23 October 2017

Google Bug Bounty: Google Will Pay Hackers Who Find Flaws in Top Android Apps

Google’s new Security Reward Program

Google takes a lot of steps to ensure the security of their platforms. One such measure is the bug bounty reward program taken by Google. It involves the rewarding of persons who find faults or bugs in apps operating on Google play.

Google is closely collaborating with Hacker One, a company that rewards hackers for identifying bugs in a program and android apps to create a Google security reward program. This trademark initiative is said to help app developers and users alike. It will also improve the entire google play platform.

Bug bounty works like this, a hacker can identify bugs or an issue with a particular app and send a report pertaining to the issue to the developer of the app, the developer then resolves the issue/issues and then the hacker is free to contact the google play reward program.

The hacker can also work closely with the app developer to rectify the issue. The hacker can claim the bug bounty reward only once the issue is fixed. Hackers can get a bug bounty reward of up to 1000$.

There are various rules governing the bug bounty reward program. All hacker have to report vulnerabilities to the developers first. The developer should have resolved the issue before a hacker can request a bug bounty reward. If the developer does not respond to the bug report or does not show any inclination to fix the problem, the hacker does not get the bug bounty reward.

A detailed report has to be submitted along with meeting all of googles required criteria. Any issue that causes multiple problems in a program is only eligible for one bug bounty reward. If more than one hacker identifies an issue only the first report will be eligible for a bug bounty reward.

This program is right now available for only certain specific apps. Basically everyone knows that there are many apps on the play store and not all of them are up to a certain quality standard. In order to avoid giving bug bounty rewards to those apps that are sub- standard and contain a lot of bugs, google has introduced this program to only a few apps at present. Alibaba, dropbox, headspace, line,snapchat and tinder are the few apps that are included in the bug bounty reward program. As of now only these apps have opted into google’s bug bounty reward security program. In time a lot more apps mayopt in to the bug bounty rewards program.

Hackers will also be given information about the developer of the app so that they can interact directly with the developer in resolving the issue. Right now only google has reserved the right to reward hackers according to pre specified vulnerability criteria and only once the criteria has been met, only then will a hacker be rewarded. All bugs have to be resolved with a developer within 90 days to qualify for a bug bounty reward. Google has used the bug bounty program in order to improve the overall quality of apps and the google play platform.

Friday, 20 October 2017

Take Two for Samsung's Troubled Bixby Assistant

Bixby Assistant

The next phase of Samsung Bixby is competitive AI market

Artificial Intelligence is seen as the new frontier which ought to be explored by every major tech firm in order to boost its array of products and services. Apple is already in the game, so is true for Microsoft, Google and Amazon and they had almost aced it then Samsung comes to the party and it fails miserably. Bixby assistant made its debut on the Samsung elite Galaxy S line-up with dedicated button. The major issue for it overcome is the presence of Google Assistant on the Android OS which simply removes the need of having another budding AI within a smartphone.

 

The failure of the Samsung in the first phase

 
Bixby assistant has a rough and trouble beginning since its launch with the Samsung Galaxy S8 where it was touted as next best feature to be present on the flagship device. Sadly this AI wasn’t even ready to take on the challenges of the English-speaking world therefore Korean giant Samsung has to disable it altogether. This saw the departure of the Bixby from the premium Galaxy device and a physical button was left in its wake to remind users of the Samsung debacle.
 

Bixby came back with new energy and promise

 
Last year’s recall of the Note 7 due to battery failure was nothing less a nightmare for the Samsung and this year’s failure of Bixby was another nail in its coffin. However Samsung engineer took the challenge of improving upon ten shortcoming of the Bixby assistant in a record time and they brought the Bixby 2.0 at the Samsung’s Developer’s Conference in Sans Francisco. It is worth noting that this time around Samsung has simply rebuilt the Bixby from the ground and this time around they are hopeful of making a genuine progress with their AI technology.
 

Samsung aims to conquer the AI market

 
Samsung has hired Dag Killatus who had earlier created the Viv assistant which got acquired by Samsung just a year ago and even before this he was core-member of the team which went on ti develop Siri. Samsung is a dominant player in the smartphone market with having over 23 percent of the market share which can help it in pushing and popularizing its personal assistant without much hassle.

Apart from the smartphones Samsung has planned to push Bixby assistant to the refrigerators and a number of other homely electronic devices as they can benefit immensely from voice-based controls rater than the user interface. Samsung is going all out to make the Bixby a better competitor in the crowded personal assistant by bringing Bixby more devices and it will also be opining it up for the third party-developers to boost its functionality and features.

As stated earlier Samsung Bixby Assistant will be competing against the Google Assistant majorly as it comes bundled on the Android OS. It is very unlikely that users will be keeping two different assistant on the same device but Samsung is keeping its finger crossed.

Thursday, 19 October 2017

Google Advance Protection, for Those Who Need It Most

Google Advance Protection

Google Advance protection: Secured Login Procedure

A much more secured login procedure for users who tend to be at high risk of online attacks has been designed by Google wherein the latest Google Advance protection feature is directed on defence against phishing, fraudulent access and accidental sharing of accounts.

This feature has been hosted for users keeping in mind journalist who would require safeguarding their sources or campaign staffers at the time of election. Google Advance protection program would be utilising Security Keys that tend to be small USB or wireless devices which would be essential in signing into accounts. According to Google they seem to be the most secured type of two-step verification, utilising public key cryptography together with digital signatures for confirmation on the identity of the user.

Google has stated that the security keys could be complex and could be utilised for users who do not mind taking them around, utilising the Chrome browsers on desktop and Google apps, since the keys would not function with the mail, calendar together with the contact apps of iPhone. Alphabets’ Google had mentioned that it would be rolling out this program to offer stronger mail security for users like government officials, political activists besides journalists who may be the object by refined hackers.

Google Advance protection with Physical USB Security Keys

Google users would have the advantage of choosing in to security settings focused on protecting Gmail, YouTube data and Google Drive from phishing attacks.Google Advance protection features comprises of physical USB security keys for connecting to a desktop computer before every login for the purpose of identifying the user.

Mobile logins would need a Bluetooth wireless device. Google Advance protection users would have their data confined from access by any of the non-Google third-party applications like the Apple iOS mail client aapl or Microsoft Outlook msft. The program is said to comprise of a much more laborious as well as detailed account recovery procedure in order to avert fraudulent access by the hackers who may tend to obtain access by playing that they have been locked out.

Users, who tend to be part of Google Advance protection, would have extra steps put in order, at the time of account recovery comprising of extra reviews together with request on why a user seemed to have lost access to their account. Moreover Google Advance protection feature tends to automatically restrict full access to Gmail as Google Drive for particular apps.

Google Advance protection: Upgrade Two-Factor Authentication Tool

As of now, Google Advance protection would be made available for consumers of Google Accounts and in order to offer comparable protection on G Suite Accounts, G suite admins would look into Security Key Enforcement together with OAuth apps whitelisting.

Earlier this year, Google had mentioned that it intends to upgrade its two-factor authentication tool after numerous high-profile hacks inclusive of the Gmail account of Clinton campaign chairman John Podesta in 2016. U.S. Intelligence agencies believed that those hacks comprising of a breach of John Podesta’s personal Gmail account had been done by Russian as part of a broader cyber campaign to assist Donald Trump, to win the White House.

Google has stated that it would update the security of accounts on a continuous basis which has been signed up for the program and the same is made available to users having a regular account. While Google had earlier supported the utilisation of security keys for two-factor authentication, Google Advance protection users would not be having backup log-in system available should they lose their keys other than the fuller account recovery procedure. Google has not specified what the recovery practice would involve.

Tuesday, 17 October 2017

The Uses of Captured CO2

We’ve all heard of CO2, it is the gas that we breathe out. We also may have heard that CO2 emissions are a major concern to the atmosphere and us at large. So what do we do to control this progression into our ultimate destruction?

Recently scientists have found ways by which CO2 can be captured and transformed into something that is useful and not harmful. By this I mean that now those harmful CO2 emissions that we so dread, can now be mixed with other materials thereby making it not only more stronger but also and most importantly it will also reduce the CO2 emissions in the atmosphere.

They say that we as humanity should never sleep on the problem of pollution, well with this solution we can control CO2 emissions by actually sleeping. This may sound that I have taken a trip down the crazy lane but by sleeping you can actually control CO2 emissions. But let me tell you how. Scientists have now come up with a technology that is fitted into your pillow that allows the CO2 breathed out by us to be captured into our pillows thereby reducing the CO2 emissions in the air.

It is not only in pillows that can capture CO2 emissions but also other everyday items such as the soles of our shoes, the spines of our books or even the concrete of our buildings and roads are all made of or can contain our CO2 emissions.

So how can all this be done we might ask ourselves. Well CO2 which is a technically unreactive gas can be made to react with petrochemical raw materials which are used in making a lot of plastics. In this new form CO2 can account for upto 50% of the materials used to make up plastics. Also while using CO2 in this way, the CO2 emissions not only get used but also the resulting CO2 from the process also gets absorbed by the process. The resultant materials are also found to be alot stronger than if CO2 were not used.

Other companies are now using CO2 emissions to make jet fuel and diesel through carbon engineering . While somewhere else CO2 emissions are being captured and used in making soda ash which is an important ingredient in making fertilizer, dyes and synthetic detergents.

Scientists claim that through this process, by the year end the process would have reduced CO2 emissions by 3.5 million tonnes in the atmosphere which is like taking 2 million cars off the road.

But of course all the captured CO2 is very small compared to the actual amount that it is in the air and that could, nay will potentially harm us. Scientists have discovered that CO2 emissions account for 12 to 14 gigatonnes of toxic waste emissions a year. That is roughly 12 to 14 billion tonnes a year.
We burn a burn a lot of fossil fuels a year to provide for gas, coal and oil and all this adds to the CO2 emissions in the air among other undesirable gases. Although through the process of capturing CO2 emissions we are reducing it in the atmosphere, the process is used only in a very small scale and therefore is very expensive.

Monday, 16 October 2017

SWIFT Says Hackers Still Targeting Bank Messaging System

The $81 million heist that was carried out from the Bangladesh Bank in February was done by attackers who hacked into the bank’s SWIFT software. They were able to steal the money by hacking into the software to transfer the money. The attackers were also able to cover up their tracks in a very effective manner.

The attacker, based in Bangladesh, was able to develop a malware which was highly sophisticated and could interact with the local SWIFT software in his vicinity.

SWIFT is a cooperative of 3,000 organizations, based in Belgium. It provides a platform to transfer funds internationally. SWIFT is in the know, that there exists a malware that can reduce the financial institutions systems abilities that can cause various fraudulent transactions on their local systems. They are however saying that this malware is not capable of hacking into their network or causing extreme damage as far as their messaging services are concerned. This is contrary to the reports, which suggest otherwise.

In case of any hacking to the SWIFT software can cause transfer of funds from the victim’s account to the attackers account. As seen in the Bangladesh Bank case, there were 30 SWIFT transactions on FEB 5th, for a withdrawal of $ 1 billion from the US Federal Reserve in New York using the SWIFT bank code. Only $ 81 million could be transferred and the balance $ 6.9 million was still retrievable.

The malware used in the Bangladesh Bank SWIFT software was specially designed with a complete know how of the SWIFT Alliance Access software and excellent malware coding abilities.

The malware used by the attacker was not only used to change the SWIFT transactions, but also to hide any of the changes made, since all the transfers that take place are sent by the SWIFT’s software to a printer. When the transactions are printed out, the officials of banking sector can notice any fraudulent transactions and take action immediately. They can thus prevent any malafide transactions from taking place. The malware used in this case intercepted the SWIFT messages and the altered manipulated copies of such messages were printed. In this way they were able to cover up their fraudulent transactions. The malware used, seems to be a wider attack toolkit, allowing the attacker to send forged instructions for payment and also cover up his tracks. This gave the attacker ample amount of time to carry out the transactions and enabling multiple transactions without being detected.

SWIFT is coming out with a software to counteract such related attacks, including alteration in the database records. The customers on their part are encouraged to keep all their IT systems up to date in order to prevent the attackers from hacking into any loopholes in their local security systems.

A spokesperson has advised their customers to keep an eye on any anomalies seen in their local database records whereby helping the customers to keep their accounts secure. The most vital is to adopt adequate security measures and safeguard their systems.

The authorities warn that the malware and the various related tools can be a threat for SWIFT customers. They can be configured easily and likely to cause similar attacks in future. A worrying aspect is how the attackers sent these transactions, the malware used in the systems and who are the people behind this scam.