5.6 million fingerprints stolen, but the reason is still unknown

Some people are blaming Office of Personnel Management (OPM), which serves as a sort of human resources department for the federal government,  some are saying unchangeable biometrics and others are blaming Chinese hackers behind the massive breach in U.S of the OPM’s servers during which fingerprints of 5.6 million people were stolen.

No matter, what was the reason but the tension is about those millions people whose fingerprints have been stolen. What would be the consequence? Or there is nothing to worry about?

The authority concerned needs to come up with some program to address the issue.

Now, the U.S. officials have blamed Chinese government hackers without any evidence. China has also denied to have any involvement in the breach.

The OPM has said that the federal experts believe there is low chance of fingerprints being misused. However, there is a possibility that future technologies could take advantage of this information.

The OPM had earlier confirmed that the number of people was 1.1 million only. However, the number has now increased to 5.6 million.

“The fact that the number [of fingerprints breached] just increased by a factor of five is pretty mind-boggling,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology, told Boing Boing. “I’m surprised they didn't have structures in place to determine the number of fingerprints compromised earlier during the investigation.”

Not only the fingerprints, it is said that about 21.5 million individuals had their Social Security Numbers and other sensitive information affected by the hack.

As per the OPM, now, Department of Homeland Security and Defense Department representatives are planning to review the implications of the stolen fingerprint data.

Two Ukrainian defendants to pay $ 30 million to the Securities and Exchange Commission

Ukrainian based firm, Jaspen Capital Partners Limited and Chief Executive Officer (CEO), Andriy Supranonok had agreed to pay $30 million to settle U.S. Securities and Exchange Commission (SEC) civil insider trading charges on Monday (September 14).

SEC had charged the two to have traded on information from illegally obtained news releases.
The company had become the first of 34 defendants to settle SEC charges over allegations of theft of more than 150,000 press releases from Newswire before the news became public.

Traders would sometimes create what prosecutors called “shopping lists” of companies that were expected to make announcements and pass them on to hackers.

The illegal profit generated by traders over a period of five years is estimated to be around $ 100 million while Jaspen and Supranonok made approximately $25 million buying and selling contracts-for-differences (CFDs), which are derivatives allowing for leveraged stock price bets, to trade from 2010-2015 trading on press releases stolen from newswire service.

The case was filed in U.S. District Court for the District of New Jersey, which entered an asset freeze and other emergency relief against Jaspen and Supranonok, among others. Nine of the defendants also face criminal charges, though Jaspen and Supranonok were not criminally charged.

Without admitting or denying the SEC’s allegations, the two defendants agreed to transfer $30 million of ill-gotten gains from the accounts which were frozen a month ago.

"Today's settlement demonstrates that even those beyond our borders who trade on stolen nonpublic information and use complex instruments in an attempt to avoid detection will ultimately be caught,” said SEC enforcement chief, Andrew Ceresney.

The settlement between Jaspen and Mr. Supranonok must be approved by a court.

The SEC said its civil case will continue against the other 32 defendants.


Researcher says Laser Pen can Halt Driverless Car

Where the world is waiting for self driving cars to become more popular to reach the masses, a security researcher has found a major flaw in the driverless car that can possibly drive it off the road.

Principal scientist at software security company, Security Innovation, Jonathan Petit, discovered that a laser pointer that costs only $ 60 could interfere with the laser ranging (Lidar) system of the car that could bring it to a halt.

Most self-driving cars rely on to navigate on this system of Lidar which creates a three dimensional map and allows the car to see potential hazards by bouncing a laser beam off obstacles.

Focusing the laser pointer at an automated or a semi automated car will be picked up by the Lidar system and can trick the car into thinking of some objects ahead it while there’s nothing actually. This act will force the car to slow down. A hacker can also overwhelm it with spurious signals which will force the car to remain stationary.

During his tests, Petit recorded laser pulses reflected by a commercial Lidar system, and then mimicked them with the laser back at the navigation system. This method worked from a distance of 300 feet from the car, and didn’t require perfect accuracy with the laser beam.

According to him, the movement of cars, pedestrians or stationary obstacles can be imitated from 50 to 1000 feet away from the car and the same attack can be carried out using a Raspberry Pi or an Arduino single-board computer.

On detecting a phantom object, the car may exhibit both short and long term response. The short term reaction may only consist of an unnecessary stop but a long term stop may trick the car into believing a blockage on the road thus taking an alternative route which will affect the trip.

The automakers need to ensure that simple hacks don't render driverless vehicles useless or worse.

If proper steps are not taken on security implications of internet-connected cars right now, they will be vulnerable to hackers in the same way as PCs, laptops and tablets.

Director of smart connected vehicles at Cisco, Andreas Mai believes that an advanced end-to-end security reference architecture and close collaboration among automakers, suppliers, technology providers and government agencies should be maintained in order to deal with modern cyber attacks.

In a world, where data breaches takes place every time and all sorts of corporations look up to cyber security to protect their customer’s personal and financial information, car companies have something major to worry for.

Automated cars were developed with thought for safety as the conventional, human-driven cars produced many instances of bad decisions of humans while driving. Road accidents happen because of human errors on when to accelerate and when to put brakes.

But Google, which has led the way on self-driving cars, has experienced several accidents since hitting the road. In July, one of the firm’s Lexus SUV driverless cars was rear-ended in Google's home city of Mountain View, California.

For car companies, the worry of hacking does not end with financial crimes and frauds like in other corporations but here hacking can result in real-world and real-time physical problems and injuries.

While automated cars could be beneficial in future, the companies that bring them to the masses have to make people comfortable about them. They won't be successful if they aren't perceived as completely safe.

Man jailed for 18 months for hacking into 900 Aviva phones

Richard Neele (40) has been sentenced to 18 months in prison for hacking into 900 phones of insurance company Aviva.

Neele deleted the data on all the 900 smart phones making the company lose out on 5,00,000 pounds onf business.

Neele was a director at Esselar. a company which had been contracted by Aviva to manage its security network.

Neele has said that he carried out hte attacks becauys eof falling out with his colleagues.

He hacked the system at Aviva in May 2014 when Esselar was giving a security demonstration to Aviva.

Splunk buys Caspida for $190M

Splunk announced on July 9 that it had purchased Caspida, a Palo Alto startup that uses machine learning techniques to help identify cyber-security threats from inside and outside the company, for $190 million.

“Under the terms of the agreement, Splunk has acquired all of the outstanding stock of Caspida for an aggregate purchase price of approximately $190 million, including approximately $127 million in cash and $63 million in restricted Splunk securities,” the Splunk posted on its blog.

Haiyan Song, SVP of security markets at Splunk said it helped both companies to deal with the onslaught of machine data coming from IT systems using data science techniques and automation to make sense of it. Part of that is a growing security business, which accounted for a third of the company revenue in its most recent quarter.

“With Caspida, Splunk accelerates its focus on solving advanced threats - both external and from insiders - by shining a light on those who are wrongfully using valid credentials to freely and unpredictably exploit systems they have accessed. By addressing the entire lifecycle of known and unknown advanced threats, and by providing a platform to detect, respond to, and automate actions, Splunk has further reinforced its position as the security nerve center,” he added.

It is said that Splunk is adding a new tool to its security arsenal to beef up the ability to locate threats using the machine learning techniques that Caspida has developed.

“Like everyone, Splunk has watched the growing number of breaches over the last year, and its customers have been asking for better security detection tools to help battle these threats, many of which use with compromised credentials. This kind of attack is difficult to detect with conventional security techniques looking for signatures or rules. If someone comes in through the front door using valid credentials, there are no rules or patterns. They look like a valid user,” Song explained.

According to the blog post, the 35 Caspida employees will join Splunk immediately.

Caspida, which was launched in 2014, came out with its first product at the end of last year.

“We founded Caspida with a vision of applying data science to help solve the most pressing cybersecurity challenges - advanced threats and insider threats,” said Muddu Sudhakar, CEO of Caspida.

“By analyzing machine data and using data science to detect meaningful anomalous behavior of users, devices and entities, Caspida has solved a problem that previously required significant manpower and expensive, do-it-yourself toolsets. We are very excited to join the Splunk family and deliver new detection capabilities to customers,” he explained.

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”

Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 

Cisco announces its intent to acquire OpenDNS

Cisco announced on June 30 its intent to acquire OpenDNS, a security company which provides advanced threat protection for any device, anywhere and anytime based in San Francisco.

It is said that the acquisition will boost Cisco's Security everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

According to the press statement issued by the organization, the OpenDNS team will join the Cisco Security Business Group. As per the agreement, Cisco will pay $635 million in cash and assumed equity awards, plus retention based incentives for OpenDNS. The acquisition is expected to close in the first quarter of fiscal year 2016, subject to customary closing conditions.

The press statement said that the burgeoning digital economy and the Internet of Everything (IoE) are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks. The faster customers can deploy a solution, the faster they can detect, block and remediate these emerging security threats.

“OpenDNS' cloud platform offers security delivered in a Software-as-a- Service (SaaS) model, making it quick and easy for customers to deploy and integrate as part of their defense architecture or incident response strategies. By providing comprehensive threat awareness and pervasive visibility, the combination of Cisco and OpenDNS will enhance advanced threat protection across the full attack continuum before, during and after an attack,” the statement read.

The statement added that OpenDNS' broad visibility, unique predictive threat intelligence and cloud platform with Cisco's robust security and threat capabilities will increase awareness across the extended network, both on- and off-premise, reduce the time to detect and respond to threats, and mitigate risk of a security breach.

Hilton Romanski, Cisco chief technology and strategy officer, said that many people, processes, data and things connected because of which opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.

“OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device,” Romanski added.

A Bug allows anyone to crash the iPhone with a Message

(pc- Google images)
A new bug in the latest version of iOS shows a string of Arabic characters and symbols in a special text message which is followed by the crashing of the phone.

(pc- Google images)
It affects the Messages App so much so that the lines of the message after being copied and texted to another iPhone, shuts it off as well.

Affecting iOS 7 and iOS 8 now, it is due to the banner notifications processing the Unicode text using CoreText API.

This susceptibility of the iPhone to stop working can happen in any mode; but in Jailbreaking iOS, it enters into the safe mode.

The only patch to this vulnerability is to send a photo or text to the original dispatcher with the help of the share sheet in another app.

The Reddit website has been flooded with comments after the recent attack of the malicious iMessage on their iPhones.

Megaupload domains serve malware and scam ads to website visitors

Three years ago, the US government had seized several Megaupload domains that are now directing visitors to malware scams and ads.The domains namely Megaupload[dot]com and Megavideo[dot]com are being exploited by cybercriminals to supply malware and carry out scams.

Seized back in January 2012, the trial and hearing have been delayed since the New Zealand police raided the mansion of Kim Dotcom in Auckland and closed the online file locker storage website. US officials still hope that New Zealand will hand over him and his colleagues.

The domains redirect people to a Zero-Click advertising feed which feeds malicious links to malware installers and other malicious ads.

Many of these redirects try to trap the visitors with the chance of winning iPhones for cheap. One of the malicious ads serves as the link to a false BBC article, offering the iPhone 6 for only £1.

It is said that the reason behind the exploitation of the domains is the failure of the FBI cybercrime unit in controlling the main nameserver, which was previously registered to the Cyber Initiative and Resource Fusion Unit (CIRFU).

CIRFU.biz, the domain name for Megaupload.com, points to a server in The Netherlands hosted by LeaseWeb; and the domain CIRFU.net lists Syndk Media Limited as the registrant.

It seems that Megaupload and Megavideo are serving malicious ads run by the third party as the domain used as a nameserver by the Department of Justice has either expired or taken over via other means, and is no longer a part of the Government.

“With U.S. Assistant Attorney Jay Prabhu the DOJ in Virginia employs a guy who doesn’t know the difference between civil & criminal law. And after this recent abuse of our seized Mega domains I wonder how this guy was appointed Chief of the Cybercrime Unit when he can’t even do the basics like safeguard the domains he has seized,” Megaupload founder Kim Dotcom commented.

“Jay Prabhu keeps embarrassing the U.S. government. I would send him back to law school and give him a crash course in ‘how the Internet works’,” Dotcom adds.

Apart from these domains, various poker sites seized previously, naming absolutepoker.com and ultimatebet.com also are linked to malicious content now.

Copart.com hacked, requests all members to change passwords

Copart, a Texas-based company which provides online vehicle auction and remarketing services, is urging its member to change their password for their Copart.com account after the company discovered that an authorized person gained access to its computer network.

“As part of our efforts to address the problem, the Copart is requiring all members to change the password for their Copart.com account,” Sean Eldridge, senior vice-president & chief operating officer at the Copart, wrote in a letter.

“If you have not already recently been required to reset your password, simply sign into your Copart account and go to the Change Password option under the My Account tab. Also, if you use the same username and password for any other account, we recommend that you change your password there as well,” he added.

On 31 March 2015, when the company identified that the unauthorized person accessed to its network, the company immediately worked to block any further unauthorized access.

A leading cyber-security firm has been hired for the investigation. It helps the company to help determine what had happened to the company’s system and to assists in implementing enhanced security measures.

“Based on the investigation, we determined that the unauthorized person may have accessed the member’s name, address, driver’s license number, telephone number, e-mail address, and the username and password for their Copart.com account,” said Eldridge.

In order to protect, the company has recommended its members to remain vigilant by reviewing their account statements and credit reports for any unauthorized activity.

Similarly, the members can also get a copy of their credit report, free of charge, in every 12 months from each of the three nationwide credit reporting companies: Equifax, Experian and TransUnion.

According to the letter, in order to order the free credit report, the members should visit www.annualcreditreport.com or call toll free at 1-877-322-8228.

Eldridge said that if any member believed that his/her personal information has been misused, he/she should immediately contact the Federal Trade Commission and/or the attorney general’s office in respective Home State.

Cisco releases software updates to address serious flaws in TelePresence products

Cisco has released software updates to address several vulnerabilities that have been identified in its TelePresence products, which can be exploited by hackers to compromise a vulnerable system.

It has also urged its customers to update their TelePresence software. Similarly, they are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.

Cisco said in an advisory published on May 13 that the workarounds that mitigate the vulnerabilities, which have been identified by during its internal tests and product security reviews, are not available.

“The vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated or remote attacker to inject arbitrary commands that are executed with the privileges of the root user,” Cisco said in its advisory.

“The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page."

"Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user,” the advisory added.

Cisco said that although, this is a serious vulnerability with a CVSS score of 9.0, it hasn’t found evidence that shows flaw has been leveraged for malicious purposes.

One click scammers targeting people in Hong Kong

People running one click scams on the internet have seem to taken it one step further by creating new malware in Chinese.

Recently, one click scammers have begun targeting people in Hong Kong by using pop-up windows and registration pages that have been written in Chinese and ask for payment in Hong Kong dollars. In the last month alone, Symantec has blocked more than 8,000 such attempts.

Such scams have been primarily running on adult websites and download malicious software to a users computer.

Such scams primarily were run in Japan but hackers have come into new territory by learning Chinese.

Cisco fixes remote code flaw in its UCS Central software

Cisco System Inc, an American multinational corporation,  has released an advisory to address remote code execution vulnerability in its Unified Computing System (UCS) Central software, a networking giant which integrates processing, networking and storage into one system.

The company said that it could exploit by remote attackers to execute arbitrary commands on affected systems.

“Successful exploitation of the vulnerability may permit unauthenticated access to sensitive information, allow arbitrary command execution on the Cisco UCS Central operating system or impact the availability of the affected device,” Cisco wrote in its advisory on May 6.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," said the advisory. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”

According to the advisory, the vulnerability was caused by the improper input validation (CVE-2015-0701) which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

However, the company has failed to validate user input via its web framework, exposing the platform to remote attack in versions 1.2.

The company added that it is not aware of any public exploits as it hasn’t found any evidence to prove it.

The advisory said that the users can fix the vulnerability by updating the software which is provided by Cisco.

The company has urged its users to update to UCS Central software version 1.3. It has assigned the vulnerability its highest severity score of 10.

Earlier, Cisco released security updates for several of its products. Like Cisco Adaptive Security Appliance (ASA), Cisco Small Business SPA300 and SPA500 series IP phones, and IOS software.

Hacker's tweet led FBI to issue warning for airlines in US

In response to the claims and reports of the recent United Airlines incident, The US Federal Bureau of Investigation has issued a warning to all the airlines to be on the lookout for hackers. It follows an onboard tweet from Chris Roberts, pro hacker and the founder of One World Labs.

Roberts, a researcher specializing in the security of commercial airplanes, was detained by FBI (Federal Bureau of Investigation) agents while deplaning his United Airlines flight from Denver to Syracuse, New York. This action was taken after he tweeted a joke about taking control of the plane’s engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft’s functions, including temperatures of various equipment, fuel flow and quantity, and oil-pressure.

The computer expert tweeted: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone ? :)”. This apparently caught the attention of Federal authorities who confiscated Robert’s iPad, MacBook Pro, and storage devices after questioning him for four hours.

Roberts stated that he was perturbed by the actions of the US law enforcement as he has been demonstrating vulnerabilities in the avionics system used on modern airplanes and telling CNN that he could connect a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems. And he is not the only one, according to an article by Forbes, Thomas Lim, head of security consultancy Cose Inc, has repeatedly been checked going through airports in recent years. On a flight from New York to Taipei, he was searched of all his belongings at the airport in Anchorage.

United Airlines has now banned Chris Roberts from all its flights.

Moreover, in a notification reported by the Wired Magazine, the FBI advised airlines to report any suspicious activity i.e. passengers connecting unknown wires and cables, or tampering or the forced removal of covers to network connection ports, along with reporting any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks.

Valve new policy to control spam cases and phishing on Steam

Photo Courtesy: Steam
With an aim to control spam cases and phishing on Steam, Valve, an entertainment software and technology company, has come up with a new policy under which people won’t get Steam’s features, unless they have a minimum of $5 worth of games in their library, or more in the store.

It is believed that Valve’s new policy is to ensure that the user is an actual gamer or not.

It is said that once the new policy gets implemented, current and new users will find huge restriction on their Steam accounts. However, those people who have spent $5 in the past or more in the store won’t have to face such restriction.

Although, people can play games without paying $5, they cannot send friend invitations, open a group chat, vote on Greenlight, Steam Reviews and Workshop items, participate in the Steam Market, post frequently in the Steam Discussions, gain Steam Profile Levels (Locked to level 0) and Trading Cards, submit content on the Steam Workshop, post in an item's Steam Workshop Discussions, access the Steam Web API, use browser and mobile chat.

Tom Sykes, who writes for PC Gamer, wrote that if anyone has 200 Steam games on his/her game library, then he/she won’t face restrictions. But, the new policy would affect people who only use Steam with disc-based retail games.

He added that by activating retail game on Steam won't prevent account restrictions. People can use buy different features by their own currency. Their currency will be converted into dollars using daily exchange rates.

Teenagers suspected of hacking Belgian and French websites

Photo Courtesy: The Local France
Two teenagers, who were suspected of hacking the websites of Belgian and French newspapers last week, would have a court hearing, authorities said on April 17.

The websites of Le Soir, La Libre Belgique, La Dernière Heure, the Sudpresse group, the French regional publications, including La Voix du Nord, and Union de Reims and l'Ardennais, which sites were disabled during the attacks, were targeted.

According to the prosecutors, five-year prison sentence will be given to those two teens, if the prosecutors find them guilty. Similarly, those persons will have to pay a fine of up to 100,000 euros and also to have to compensate for the damages.

In a statement Brussels prosecutors said that the regional unit of computer crime managed to identify the two teens, who are 18 and 16 years old, behind the cyber attacks on Sunday and Monday.

The hacking, which took place on Sunday evening, forced the Le Soir to close down its website for several hours.

The Belgian media group Rossel and the Belgian group IMP filed a police complaint last week.

The authorities carried out three raids in Belgium. During the raids, they discovered one address which linked to the attacks.

An examining magistrate has been investigating the case. They will try to find out, if others are involved or not in the attacks, the authorities said.

In a video by an anonymous group of Belgian, said that it had identified one of the teens as an adolescent who lives in Belgium and loves playing games.

The group, which is said to be hackers’ group, said it shared information with the police as it was protecting freedom of expression.

AT & T fined $25 million over customer data thefts

(photo courtesy- www.bbc.com)

The Federal Communications Commission (FCC) has fined AT & T Inc with $25 million over data breaches at call centers in Mexico, Colombia and The Philippines. The FCC said that at least two employees confessed stealing of private information belonging to thousands of US customers which included their names, full and partial social security numbers and account-related data, known as customer proprietary network information (CPNI).

According to a senior FCC official, the details of about 280,000 people were taken during the data breaches. These series of data thefts took place in 2013 and 2014. The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties involved in trafficking stolen cell phones.

After this incident, AT&T has informed with all the affected customers and it has also terminated its business deal with the companies that operated the call centers where the data was stolen.

The company also quoted that it has changed its policies and strengthened operations to ensure that a similar data breach doesn’t occur.

The investigations began by the FCC in Mexico, last May, after it was given information about data going missing.

The $25 million fine is the highest that the FCC has ever issued for data security and privacy violations.  

Google intrduces new review process for apps, age based rating system for all apps on Play Store soon

Google has decided to make change to its app submission process by adding human approval as a new step. Starting a couple of months back, a team of reviewers at Google started reviewing all applications before they were allowed to go live on the Play Store.

“We started reviewing all apps and games before they’re published – it’s rolled out 100%, and developers haven’t noticed the change.” said Purnima Kochikar, Director of Business Development for Google Play. After implementing the new review system, Google has still maintained its superiority in speed over rivals, Apple. Developers are able to get their apps live within a few hours of its submission on the Play Store, unlike Apple which has lengthy review process.

The reason Google has been so successful at this is its autmoated software that can detect only malware, but also sexual content and infringement of copyrights. Kochikar was not very coclusive about what all Google can detect through its automated detection softwares.

She said, “We’re constantly trying to figure out how machines can learn more,” explains Kochikar. “So whatever the machines can catch today, the machines do. And whatever we need humans to weigh in on, humans do.”

Google also lauched a new age based rating system for the Play Store that is supposed to come into effect in May. The system will be based on the scales provided by a given region’s official rating authourity. App developers will be required to fill in a questionnaire about the objectionable content in their app before submission and return the most appropriate rating for the app.

Googel has said that it will keep an eye on the ratings being given out by the new questionnaire system to make sure that the developers are truthful while filling out the questionnaire. Their will be a grace period for applications which are currently their on the Play Store, but soon, new submissions and updates to the Play Store will require developers to fill out the questionnaire.

Apple releases Bash update addressing ShellShock vulnerability

Over the last few days we have seen headlines about the critical security bug in Bash shell that affects Unix, Linux and even Mac computers.

Apple previously noted that only few Mac users who runs the advanced Unix Services were actually affected by the shell shock vulnerability.  Others are not at risk to this bug.

Apple said they are working to quickly provide update to patch this problem.

As promoised, it has released OS X bash update for OS X Lion, Mountain Lion and Mavericks.

You can download the update from their support page:

CSPF introduces Free online Ethical Hacking Course

Cyber Security and Privacy Foundation is happy to announce the first free online Ethical Hacking & Cyber Defence Course.

Within first 10 days after the course is launched, we have seen alreay 240 students registered for the online course.  The students registered range from Age group of 20 to 60.

Mr. Gemini Ramamurthy, chairman of CSPF, says we are very happy with overwhelming response from across the Globe for this course.  CSPF will continue to offer more such courses to the Online academy.

White Hat Hacking Course:

Cyber Defence Course: