now browsing by tag


#nationalcybersecuritymonth | Why small businesses in India should take cybersecurity seriously

Source: National Cyber Security – Produced By Gregory Evans

NEW DELHI: City-based Virendra Shekhawat, founder of Delhi Photography Club, which teaches photography to beginners through workshops was the target of a cyber-attack in December 2017. The company’s Facebook page which had 2 lakh followers and 10,000 paid subscribers was hacked and Shekhawat was logged out of his own account.

Despite filing a police compliant and paying a ransom, Shekhawat failed to secure access to his account. He finally accessed it after Facebook reset his account. Shekhawat made just 12,000 from the page that month compared with monthly earnings of 3,00,000 and 4,00,000 prior to the attack.

Cyber-attacks on small- and medium-sized businesses (SMBs) have been on the rise. According to a 2019 study by Accenture, 43% of cyberattacks worldwide are aimed at SMBs. India has 6 crore SMBs that account for 30% of the GDP as per the Confederation of Indian Industry and with the adoption of technology their contribution is only likely to grow.

Consulting firm Zinnov expects SMBs in India to consume digital services worth $80 billion in the next 5 years.

Unlike large enterprises, many SMBs often do not have resources and manpower to deal with the evolving threat landscape. On top of it, they feel that they are not at risk.

A July 2019 study by UK based cyber-security firm Keeper Security found that decision makers in 62% of companies between $1 million and $500 million did not think they would be the target of cyber-attacks. It is this perception which may discourage them to spend enough on cyber-security.

“Small budgets certainly have a role to play for small companies that might forego hardware security via firewalls and unified threat management devices, and certainly would find it difficult to hire IT staff with the skill and experience to implement security measures,” said Samir Mody, vice president, CyberThreat Lab, K7 Computing, an Indian cyber-security firm.

To cut down on spending, many are tempted to use cracked or pirated software. Mody warned that using pirated or outdated operating systems also leads to the risk of cyber-attacks since they may not get security updates.

According to an August 2019 report by Russian cyber-security firm Kaspersky, despite the availability of newer versions of software, around 41% of consumers still use either an unsupported or approaching end of support desktop operating system such as Windows XP or Windows 7.

About 40% of very small businesses and 48% of SMBs continue to rely on these operating systems. Microsoft recently killed all support including security updates and patches for Windows 7.

SMBs in banking, financial services and insurance sector are more vulnerable as they allow cyber-criminals to make monetary gain and steal sensitive data at the same time.

Similar to SMBs, startups also feature high the list of potential targets of cyber-criminals. Despite founders of startups having a better understanding of modern day cyber-security risks, and a higher likelihood of them taking steps to protect their assets, there have been frequent cyber-attacks on startups. Among Indian startups, Zomato suffered a security breach in 2017.

Also, targeting startups can sometimes be more lucrative than SMBs. “Most important thing that a startup needs to protect is its IP (intellectual property). Many of these startups have no funding for first 6 to 12 months but they have a great idea. If the idea or source code is leaked, they can lose what makes them unique,” said Mukul Shrivastava, partner, Forensic and Integrity Services, EY India.

Credibility is also important. If a customer data base is breached, startups lose credibility, which can stall future investment in addition to heavy penalties they may have to pay, added Shrivastava. A 2019 study by US-based National Cyber Security Alliance suggests that 60% of SMBs that face a cyberattack tend to go out of business within six months.

Cyber-attacks have a catastrophic effect on startups as they are characteristically anchored in technology and operate on a lean infrastructure. If this infrastructure gets compromised, it usually compromises their business entirely, warned Rakesh Kharwal, managing director, India/South Asia & ASEAN, Cyberbit – an Israeli cyber-secuirty firm.

“Any cyber-attack primarily complicates a business in three ways, i.e. operations, market perception, and legal. Now, startups also have meagre capital. A report by Data Security Council of India (DSCI) also states that the average cost of cyber-attacks has increased by 8% in India. So, for startups, it becomes tough to sustain unit economics,” added Kharwal.

Source link

The post #nationalcybersecuritymonth | Why small businesses in India should take cybersecurity seriously appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Source: National Cyber Security – Produced By Gregory Evans

microsoft azure hacking

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes.

According to a report researchers shared with The Hacker News, the first security vulnerability (CVE-2019-1234) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.

If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn’t matter if they’re running on a shared, dedicated or isolated virtual machines.

According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.

By leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown.

microsoft azure screenshots

Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.

What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.

Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.

Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.

“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.

“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”

Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.

After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.

The Original Source Of This Story: Source link

The post Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | One man’s take on indie horror gaming

Source: National Cyber Security – Produced By Gregory Evans

Promoted from our Community Blogs

[I’ve been following Puppet Combo’s work for a few years now, and I love everything I’ve seen, but I still haven’t gotten around to actually playing any of their titles yet. Luckily, Xeo is here to remind me to tighten the hell up and finally get on that. – Kevin]

Why are there not more slasher games? This is a question I’ve thought about many times since I was a teenager, given that slashers are some of my favorite movies. Yeah, I get that if you involve kids and stuff it gets nasty, but you don’t have to (and really shouldn’t). However, what’s wrong with having some adults get cut to ribbons if they make a mistake or get caught in a chase? I mean, we already have ultra-violent video games anyway.

Then it hit me. Rarely are YOU the one doing the killing of seemingly innocent people in video games. People seem to freak out a bit more with cases like ManhuntHatred, or anything like that. Manhunt is something I never saw as a problem because every person you kill in that game is a piece of shit and has it coming, honestly. Games like Hatred are definitely a bit more questionable. Still, if you played a serial killer in a game stalking innocent victims… would that be okay? I suppose it depends on who’s playing or watching it.

Well, regardless, we’ve seen more and more things like this in recent years. An interesting twist came in the form of games like Dead By Daylight and Friday the 13th, where several people are playing as the victims and one player is controlling the serial killer. To be honest, as a slasher fan, these games are fun as hell to me played from either side. Still, you don’t see many developers willing to put you in the shoes of a killer who goes around shredding victims into a pile of flesh and bones. It’s still a taboo. Hell, comparatively, you rarely even see games where you’re trying to escape from a serial killer as a potential victim.

Well, that was until I discovered Puppet Combo’s games. The gentleman behind Puppet Combo, Ben Cocuzza, is a huge fan of ’70s and ’80s horror movies, most especially slashers. He makes small PSOne-looking horror games often based on this subject matter. I say he, because he’s a one-man development studio. That’s important to note before I begin here.

I randomly discovered one of his earlier games, Babysitter Bloodbath, when watching one of my favorite YouTubers who specializes in horror games. (John Wolfe/Harshly Critical.) It’s a simple premise: you play as a teenage girl coming to the home of some strangers to babysit their child, a young boy, and a serial killer is on the loose from the local asylum. You’ve seen it a thousand times in film, but how often have you gotten to play this experience as a video game? Surprisingly few. Shit hits the fan fairly quickly in the game and we’re introduced to a red coverall-wearing, masked serial killer named Neokalus Burr who strikingly resembles Michael Myers. 

The game consists of simple tank controls and inventory management with some fetching puzzles while running and hiding from this maniac. Gameplay-wise and plot-wise, it’s nothing special, but it still stands out. Why? As I said earlier, for some reason slasher games just aren’t very common. The low-rez graphics combined with the ’80s VHS-like film grain and menus enhance the atmosphere greatly, and what seems (and honestly is) extremely simple on the surface becomes something pretty atmospheric. You run and hide from this guy while he stalks you from room to room of the house before having a confrontation with him, finally, in the garage at the end.

Puppet Combo Babysitter Bloodbath

This immediately made me take notice. This was the thing I’d been looking for all this time. In a mad dash of Google-fu, I discovered that Puppet Combo was originally called Pig Farmer Games. He’d been working on games like this for a while (about 2000-2013 when Babysitter Bloodbath was completed) before I discovered him, and I found myself head over heels with his work. Another of his finished games at this time was Power Drill Massacre, originally released as Minotaur and then remade as Power Drill Massacre in 2015. Gameplay-wise, this one is similar to Babysitter Bloodbath. You play as a mostly helpless, innocent victim to a serial killer. In this case, you’re playing as a young woman whose car breaks down in the middle of nowhere. The woman tries to find help in the closest structure she can find, a seemingly abandoned factory building.

Inside, she finds herself trapped in the gigantic, sprawling building with a madman, equipped with the power drill that the title suggests, stalking her. Despite the silly concept and the purposefully-aged graphics, both this and Babysitter Bloodbath absolutely ooze atmosphere and create some extremely high-tension chase scenarios for the player. They’re VERY stressful games to play, in my opinion. But, that just means that they’re effective in what they’re trying to do.

The killer encounters are completely random and non-scripted, as are the item locations that you need to find in order to escape this ordeal. The “jump scare” of the killer charging you around a blind corner while screaming, combined with the loud whirring of the power drill, is intense and effective when combined with the ’70s slasher-like burst of chase music. (If you’re a fan of these types of films, you know what I’m talking about here.)

Puppet Combo Power Drill Massacre

By this point, it’s easy to see the angle Puppet Combo is going for. That b-movie grindhouse vibe, complete with those awesome retro VHS cover art pieces for the games. (I seriously LOVE these.) The titles of the first two games I discovered from him absolutely scream this, and this type of general vibe would continue for a bit with his work from 2016’s Meat Cleaver Mutilator to 2017’s The Night Ripper. The Night Ripper was the next game I saw in action from him and immediately it brought to mind the real-life 1982 Italian exploitation/slasher The New York Ripper. It was clearly inspired by this, and this just further cemented my love for Puppet Combo’s work.

Buzz-Saw Blood House mixed things up a bit with a different twist on the same general concept. You play as some drugged young schoolgirls from the perspective of a deep web “red room” livestream. You have to navigate a torture dungeon of various death traps, all while sometimes being chased by a maniac with a chainsaw. This one forgoes the slasher angle and focuses more on raw carnage, all while “viewers” to the livestream are constantly commenting on the action unfolding.

Sometimes, they’ll even donate to bring in the maniac or for more elaborate death traps. The gameplay here deviates a bit from the previous offers by mostly doing away with puzzles and item finding, replacing it with just navigating around obstacles. This is already difficult as it is, but even more so when the chainsaw man is on your heels. The game doesn’t end when you die, and your next “life” is represented with a different looking girl to play, seemingly another of the kidnapped victims.

In a bit of tonal shift, the next game to release from this madman of a developer was 2018’s Planet of the Bloodthirsty Santas. It’s a Christmas-based game that plays more like the previous offers, where you play as a member of a space mining expedition that lands on this Christmas-y planet in order to find minerals. You soon discover you’re not alone on the seemingly empty planet and end up being chased by a deranged, monstrous Santa creature. This one is about as tongue-in-cheek as it gets, but how many other Christmas themed horror games are out there?

Stay Out of the House followed this and goes back to the less cheesy grindhouse roots that Puppet Combo started with. You play as a gal who wakes up trapped in a house in a cornfield, after getting knocked out by a man wearing a burlap sack over his head when searching for a missing friend. There’s less emphasis on being chased in this game compared to past ones and more on finding items as a means to escape the dire situation you’re in. This game is also entirely in first-person, changing the dynamic a bit.

Puppet Combo Stay Out of the House

A short prequel game accompanied this called Night Shift. Here you play as the missing friend from Stay Out of the House as she works her night shift job at a convenience store. You deal with mundane, though sometimes strange, customer interactions before being abducted in the end by a man through the back room of your store, thus setting up the beginning of Stay Out of the House.

Puppet Combo was very busy in 2018 and has been in 2019 so far as well. He’s released a slew of short games. The Nun Massacre refined his typical serial killer chase game type and was followed by a very short, but different, game called Feed Me Billy. This is one of those games that starts to toe the line between opinions of what’s too much for some or others.

You play as a man named Billy who wakes up to find his closet… talking to him and telling him to feed it. It looks like a gaping maw of sharp teeth and meat and demands human flesh. Billy suits up with a mask and grabs a revolver. You’ll step into his shoes and must go out, kill innocent people, and then drag their corpses in your pickup truck back home to feed your monstrous closet. 

There were previously some unreleased games by Puppet Combo in which you played the role of the killer, but this was the first one released to do so. While the premise of the game is almost slapstick, the tone changes so dramatically when you first go out and pull the trigger on an innocent girl by a payphone that it’s almost jarring. To be honest, the fact that the game makes you feel uncomfortable when doing so means it’s being effective in what it set out to do.

What Puppet Combo did here is no different than what many of the movies he’s inspired by did when showing the act of murder through the eyes of the killer, but the big difference, of course, is that it’s you pressing the mouse button to pull the trigger here. Frankly, it took balls to make this sort of game, and it’s one of the reasons we probably won’t be seeing any console releases of his games anytime soon. That being said…

Earlier this year, The Glass Staircase was released. I saw more mainstream coverage than I have for everything else Puppet Combo has made combined with this game. In fact, it was the first time I saw much of ANY mainstream coverage of his work. I’m not sure exactly what made this one be THE one in that regard. It’s overall less in-your-face violent. That probably helped. It doesn’t focus on the ’70s and ’80s slashers a lot of his previous work did.

Instead, it’s a slow-burning psychological horror romp that pays homage to old-school Italian zombie movies. Although, it’s also not really a zombie game either. Strangely enough, despite being the most mainstream-covered game of his, it’s one of the only ones to feature younger protagonists… that are murdered.

It’s quite different from the previous games in tone, theme, and atmosphere. 

The Glass Staircase Puppet Combo

Another very different game in this catalog came next called The Riverside Incident. This one is a first-person investigation game, playing out like a found footage film. There is no actual combat or encounters here, making it very different from everything else Puppet Combo had done to this point. It also features a neat twist that I won’t spoil here.

The year is rounding out with a few more releases such as Day 7. It’s another first-person game that’s loosely based on both the PSOne game Hell Night and the creepypasta called The Backrooms, the latter of which was originally this game’s title as well. 

Samhain is the latest release, and it’s a Halloween-themed game about trick or treating. I, unfortunately, haven’t had the chance to play or watch this one, so I can’t comment much on it.

This is honestly just scratching the surface of this guy’s body of work. He releases new games and updates constantly if you’re a Patreon supporter. His brand of retro-styled grindhouse horror is entirely unique, and he’s one of the few indie horror developers out there that’s willing to push the envelope and not just churn out recycled, asset pack Amnesia or P.T. clones these days. It makes perfect sense WHY his work is as niche as it is, but it’s still a shame. As a fan of the brand of horror he usually works with, it’s just so refreshing to see someone with this much passion working his ass off to bring his visions to us.

Puppet Combo video games

He’s constantly trying new ideas and gameplay elements. Each of his games, even the ones that are quite similar to one another, are almost always refining his ideas and visions into something more compelling to play. In short, the guy works hard in a field where so many others like him are content to just rehash the same tired old tropes and ideas over and over again. I just wanted to take this time to highlight what he’s all about. I know there are others here who appreciate his work already and maybe some more that hopefully will after this.

I, unfortunately, have been busy with real-life issues and things, so I wasn’t able to get this blog up before Halloween, which was originally my intention. But hell, if you’re like me, every day is still a bit like Halloween anyways. If you’ve read this far, I want to thank you for stopping by, and I hope you enjoy Puppet Combo’s special brand of horror.

Apparently, there’s rumors of Devolver Digital having been in talks with him to see some of his work published under them and, who knows, maybe we’ll see some console ports after all?

You are logged out. Login | Sign up




This story was submitted via our Community Blogs,
and ultimately made it to the home page! Anybody can get on the homepage of Dtoid when you piss excellence. Want in? Write a longform blog with photos and senpai may notice you (our community committee picks the promos). It happens all the time: read more promoted stories



Filed under…

Source link

The post #deepweb | <p> One man’s take on indie horror gaming <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Is Congress Finally Ready to Take On Cybersecurity? | Tech Law

Source: National Cyber Security – Produced By Gregory Evans

The United States Congress made some significant progress this session when it comes to data privacy, but cybersecurity remains a blind spot for lawmakers.

Congress currently is considering a
national privacy law that mirrors legislation enacted in the European Union. It would allow people to access, correct and request the deletion of the personal information collected from them. Though there are several ideas as to the final form the bill should take, a path became clear during the Senate Commerce Committee’s
privacy hearing last month.

Congress also seems willing to address the consequences of new technologies. Last month it passed the National Quantum Initiative Act, which is expected to disperse US$1.275 billion for quantum research over the next four years. Some have argued that this newfound enthusiasm for tech might be used
to fix the impeachment process.

When it comes to cybersecurity, though, Congress is still in the dark ages. Efforts to pass a privacy law often are seen as addressing both data privacy and cybersecurity, but in reality, they do not. Companies and consumers have been forced to take matters into their own hands, reflected in the recent announcement that Facebook
has banned deepfakes, and the rising use of VPNs among the general population.

Privacy Means Nothing Without Security

This oversight with respect to security could have huge consequences for the efficacy of data privacy legislation. Though data privacy and data security are separate concerns, there is an inherent link between them. Security has been overlooked in the current proposed law, as well as in similar legislation — like Europe’s GDPR and the Australian privacy bill
passed two years ago.

To understand how privacy and security are linked, consider an app that collects location data from its users. The types of data privacy law proposed (or already in force) would impose strict requirements on the company behind this app, such as telling its users what it is collecting, and what it does with the data. If the app is not properly secured, however, and the information is stolen or leaked, strong privacy policies will be of little comfort to users.

This oversight is apparent in almost all the legislation on data privacy in the U.S. The
Information Transparency & Personal Data Control Act, which was introduced in the House last spring, contains a passage that requires lawmakers and tech companies “to protect consumers from bad actors in the privacy and security space,” but it doesn’t include any further details. The
Consumer Online Privacy Rights Act goes a little further, but only two of its 59 pages give vague cybersecurity requirements for private companies.

Even the
United States Consumer Data Privacy Act of 2019 provides only the broad instruction that companies should “maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity of sensitive covered data.”

A Lack of Leadership

At best, the failure of Congress to tackle cybersecurity has left the data of millions of Americans unprotected. At worst, it represents a lack of leadership that has left responsible companies completely confused as to what their legal, moral and ethical responsibilities are when it comes to protecting user data.

In this context, there has grown a huge and unregulated market for cybersecurity tools and services, each claiming to offer class-leading protection against cybercrime. For companies, website security is now a major component of
website maintenance costs. This is because CEOs are acutely aware of the risks of cybercrime, a form of criminality that
will cost the global economy $6 trillion a year by 2021, according to Cybersecurity Ventures’ annual report.

Even the National Security Agency
has warned that cybercriminals are “becoming more sophisticated and capable every day in their ability to use the Internet for nefarious purposes.” Yet many companies
fail to take basic precautions, such as deleting expired accounts.

The Future

To be fair to Congress, crafting a data security law that covers every private company is complex. Today, data is unlikely to be held by one company in one place, and assigning responsibility for protecting it has become a difficult issue. Any such law, therefore, would have to take into account the widespread adoption of cloud storage,
SaaS business models, and other forms of distributed data storage and processing. In this context, it’s understandable that most
state-level laws on data security require companies only to take “reasonable” security practices, without specifying what those are.

On the other hand, there finally does appear to be an appetite in Congress to address these issues. An increasing number of data protection laws cover individual industries, such as
healthcare and
financial institutions, and the FTC has brought some data breach-related
enforcement actions under its relatively weak and vague
consumer protection powers.

Looking to the future, these industry-specific laws could form an excellent model for a national data protection law, as could state-level legislation. The state most mentioned in this regard is New York, which arguably has the most comprehensive requirements. Financial services companies in the state must meet more than 10
specific requirements, which include encryption of nonpublic information, penetration testing, vulnerability assessments, and oversight of service providers’ cybersecurity.

New York also offers another lesson for Congress. In order to draft and enact the new law, the state convened an expert panel that brought together lawmakers, cybersecurity professionals, and the CEOs of major companies.

The development of an effective data protection law at a national level is going to require the same level of expertise and consultation. This is why some have suggested that a
federal Department of Cybersecurity is the way forward. Such a department could bring together responsibilities that currently are fragmented across a huge number of departments.

Lacking even a basic indication from the government as to what constitutes adequate cybersecurity, many people are taking cybersecurity into their own hands. VPNs — security tools that encrypt user data in transit — are experiencing explosive growth. Just a few years ago, they were regarded as semi-legal tools that enabled consumers
to get around Netflix geo-blocks or
avoid cryptocurrency bans. Now, they are used by a significant proportion of the populace.

Whatever the outcome of these new legislative initiatives, data protection is no longer an issue that Congress can ignore. Protecting consumer data is important for the economy. At the broadest level, ensuring data security is also critical to the efficacy of data privacy legislation that already has been passed. That is to say nothing of the reputation of Congress, which would be severely damaged if it should fail to take leadership on one of the most important issues facing the U.S. today.

Sam Bocetta has been an ECT News Network columnist since 2019. A freelance journalist specializing in U.S. diplomacy and national security, Bocetta’s emphases are technology trends in cyberwarfare, cyberdefense and cryptography.

Source link

The post #nationalcybersecuritymonth | Is Congress Finally Ready to Take On Cybersecurity? | Tech Law appeared first on National Cyber Security.

View full post on National Cyber Security

Facebook Says Encrypting Messenger by Default Will Take Years

Source: National Cyber Security – Produced By Gregory Evans

In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It’s also not happening any time soon.

What Zuckerberg didn’t spell out at the time is just how difficult that transition would be to pull off, and not just in terms of political hurdles from encryption-averse law enforcement or a shift in Facebook’s business model. Encrypting Facebook Messenger alone represents a herculean technical challenge. According to one of the Facebook engineers leading the effort, a version of Messenger that’s fully end-to-end encrypted by default remains years away.

“I’ll be honest right now and say we’re still in a place of having more questions than answers,” said Jon Millican, Facebook’s software engineer for Messenger privacy, in a talk today at the Real World Crypto conference in New York. “While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging, and involves fundamentally rethinking almost everything.”

Millican’s presentation at the conference, in fact, wasn’t about how Facebook plans to pull off the transition to default encryption for Messenger, which currently offers the feature only through its Secret Conversations mode. Instead, it seemed aimed at explaining the many hurdles to making that transition, and asking the cryptography community for ideas about how to solve them.

Millican readily admitted that means Facebook users shouldn’t expect to see a default encryption rollout for several years. That also likely means the company’s planned integration of WhatsApp, Facebook, and Instagram messaging will take at least as long, given that all three would likely need to be end-to-end encrypted to avoid undermining the existing default protections in WhatsApp.

“We publicly announced the plan years in advance of being able to actually ship it,” Millican said of Messenger’s encryption rollout in an interview with WIRED ahead of his conference talk, while declining to say when exactly Facebook expects the rollout to be complete. “There are no imminent changes coming here. This is going to be a long process. We’re dedicated to getting this right rather than doing it quickly.”

“If this is taking several years, maybe they’re not putting their money where their mouth is.”

Matthew Green, Johns Hopkins University

Facebook Messenger’s bounty of features—video calls, group messaging, GIFs, stickers, payments, and more—almost all currently depend on a Facebook server being able to access the contents of messages. In an end-to-end encrypted setup, only the people at the ends of a conversation would possess the keys on their devices to decrypt messages, requiring that more of Messenger’s mechanics be moved to apps and browsers. Facebook’s servers would act only as blind routers, passing messages on without being able to read them—which also keep them safer from government agencies or other snoops.

Millican argues that getting to that point will require rebuilding every feature of Facebook Messenger from the ground up. “We’re looking at a full-stack rethink and re-architecture of the entire product,” he says. “We’re not just adding end-to-end encryption to a product, we’re building an end-to-end encrypted product.”

Facebook has, of course, already carried out the sort of billion-user transition to default encrypted messaging that it now says is so difficult. In 2016, Facebook-owned WhatsApp enabled default end-to-end encryption for all its billion-plus users. But Millican points out that transition also took years, despite the WhatsApp of 2016 having been much simpler than Facebook Messenger in 2020. He points to key differences in the two apps; WhatsApp doesn’t support multiple devices, beyond a desktop program that essentially routes messages via the user’s phone. And it doesn’t back up messages to a server so that they’re available when you reinstall the app. Messenger does both.

Apple may present another model of how to achieve the sort of massive end-to-end encrypted network Facebook has committed to create: It’s managed to build rich features and end-to-end encryption by default into iMessage. But it doesn’t have the sort of full-featured, independent web interface that Facebook Messenger offers, which presents other challenges, since it’s designed to allow users to send messages from any device. (WhatsApp’s web interface, like its desktop app, only works when it’s linked with a user’s phone.)

The Original Source For This Story: Source link

The post Facebook Says Encrypting Messenger by Default Will Take Years appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Purcell column: Don’t take cyber scammers’ bait in 2020

Source: National Cyber Security – Produced By Gregory Evans One of 2019’s biggest stories will be bigger in 2020: Cyber scams are on the rise. “As people increasingly conduct business and live their lives online, more and more criminals are leveraging the internet to steal,” reports Forbes’ Stu Sjouwerman. The dirty rotten scammers continue to […] View full post on AmIHackerProof.com

#deepweb | Go, Take A Dive In Joe’s Deep Dark World, But Come Out Of It Before It’s Too Late

Source: National Cyber Security – Produced By Gregory Evans

You Season 2 Review: Star Cast: Penn Badgley, Victoria Pedretti, Jenna Ortega, James Scully, Carmela Zumbado, Ambyr Childers, Elizabeth Lail

Developed By: Greg Berlanti, Sera Gamble

Streaming On: Netflix

You Season 2 Review: What’s It About? & How’s The Screenplay?

You Season 2 Review: Go, Take A Dive In Joe’s Deep Dark World, But Come Out Of It Before It’s Too Late

After Candace comes back Joe’s life to seek revenge, he immediately leaves New York and goes to Los Angeles and roots for ‘A Fresh Start’. He changes his name. Now he is Will Bettleheim. Finds new love in Love Quinn and new family in her brother Forty Quinn and starts working at their bakery only.

Joe Goldberg aka Will Bettleheim has huge baggage of past on his mind now and he wants to change himself completely. To make the necessary changes in his life, he does everything possible but how easy or difficult it is to get out of the dark world once you are sucked in in? Or is it possible?

Watch out You Season 2 to know about that.

The first season of You was loved by the audience for its unique style of presenting the dark side of a man. His creepy yet charming personality looted the audience especially girls’ hearts even though they didn’t want it to be the case. A serial killer, a stalker who has wild senses and absolutely no control over them. When killing someone he doesn’t think he is doing a sin, he convinces himself to think that he is helping his loved one instead. Now that’s something really hard-hitting. How will a person realise that he is doing wrong if he has convinced himself for it with all the heart? Before killing someone he has killed his soul and that’s scary to the core.

In season 2, things get creepier. As Joe, now Will tries to lead a more peaceful and better life, he faces bigger challenges. While trying to make a better future and making peace with the past, there come several situations which will make you hit the pause button and close your eyes, because what are you even watching? Also, the show keeps you hooked and provides you an edge of the seat thrill which makes this 10-episode show worth a binge-watch. Although season 2 seems a little slower compared to the first one that doesn’t turn out to be a major issue.

But watch out the show for its mind fu**ing finale! Don’t miss the last two episodes of the show for anything as they hold most of the juice. It’s unpredictable and shocking to the core.

You Season 2 Review: How Are The Performances?

Penn Badgley lives the character of Joe aka Will. He gets into the skin of the character so much so that it’s impossible to think that Penn and Joe are not the same people. Performing a layered and complex character like this is no child’s play and Penn has done it so effortlessly.

Victoria Pedretti who was last seen in The Haunting of Hill House looks gorgeous and performs very well. She is a natural actor and makes her character of Love Quinn believable.

James Scully as Forty Quinn is effortless. He does his job beautifully and leaves an impression.

Jenna Ortega & Carmela Zumbado are good too. Ambyr Childers as Candace makes the screen look magical. Elizabeth Lail is there too for a small interval as Will keeps on hallucinating her. Basically, American shows have a typical way of keeping their dead characters alive. Someone has to suffer hallucination issues after a person dies and the latter must come in former’s thoughts. After 13 Reasons Why, I’ve seen the same thing in this one as well and have understood why Ekta Kapoor has a thing of bringing back dead people in her serials like anything.

Overall, You Season 2 is a must-watch if you loved the first season. if you haven’t seen the first one yet, make sure you start from there. Go, take a dive in the deep dark world of Joe but make sure you come out before it’s too late.

Rating: 3.5/5

Android & IOS users, download our mobile app for faster than ever Bollywood & Box Office updates!

Source link

The post #deepweb | <p> Go, Take A Dive In Joe’s Deep Dark World, But Come Out Of It Before It’s Too Late <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | 3 Steps Developers Should Take To Use npm Securely

Source: National Cyber Security – Produced By Gregory Evans Node Package Manager (npm) was a revolutionary addition to web application programming. It allowed developers to create small, reusable pieces of code and share them with the developer community. npm gives developers massive flexibility and makes developing applications incredibly simple, but there are also potential pitfalls […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Your Data Is Out There: Don’t Freak Out, Do Take Action

Source: National Cyber Security – Produced By Gregory Evans Equifax, Facebook, Capital One, Yahoo — every week seems to bring news of another data breach. Millions of consumers’ sensitive information, such as login credentials, bank account info and Social Security numbers, is floating around the internet just waiting to be exploited. And 2019 is on […] View full post on AmIHackerProof.com

Tinder #vulnerability allows #hackers to take over #accounts with just one #phone number

Source: National Cyber Security News

After it was reported last month that online dating app Tinder had a security flaw, which allows strangers to see users’ photos and matches, security firm, Appsecure has now uncovered a new flaw which is potentially more damaging.

Infiltrators who exploit the vulnerability will be able to get access to users’ account with the help of their login phone number. The issue has, however, been fixed after Tinder was alerted by Appsecure.

Appsecure says, the hackers could have taken advantage of two vulnerabilities to attack accounts, with one being Tinder’s own API and the other in Facebook’s Account Kit system which Tinder uses to manage the logins.

In a statement sent to The Verge, a Tinder spokesperson said, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”

The vulnerability exposed the access tokens of the users. If a hacker is able to obtain a user’s valid access token then he/she can easily take over a user account.

“We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention,” The Verge quoted a Facebook representative as saying.

Read More….


View full post on National Cyber Security Ventures