India’s First Solar Village: Dharnai Is Now Power Independent

Dharnai, a village in Bihar has successfully been transformed into India’s first energy independent village that runs entirely on solar energy. Greenpeace, a Non-Governmental Organisation (NGO) introduced the revolutionary model in September last year along with two other NGO’s, BASIX and Centre for Environment and Energy Development (CEED).


The project is not confined to just lights and fans that run for few hours but is a 100 kilowatt (kW) micro grid that provides power to more than 2200 inhabitants of the village. The electricity generated fulfils the energy requirements of two schools, One Kisan (farmer) Training Centre, 50 commercial establishments including shops, a bank and few government buildings, and 60 street lights. The village also has solar powered water pumps that serve the purpose of irrigation in the fields.

The village was electrified earlier but due to loss of its electricity, infrastructure had become dependent once again on expensive diesel generators till last year. Dharnai is chosen by Greenpeace on the basis of its socio economic profile, demography and accessibility of the village through roads.
This dynamic efforts made by the NGOs are sure to change the lives of hundreds of inhabitants of the village through access to a better living and education.

The new Prime Minister of India, Mr. Narendra Modi also plans on introducing solar power brightening up the lives of 400 million who currently do not have access to it. The Bharatiya Janata Party (BJP) led government is keen on accomplishing the National Solar Mission that aims to install 22000 mega watt of solar power capacity by 2022.

The Gujarat Solar Park, a group of solar parks has been developed that delivers 1000 MW of power and saves 8 million tonnes of carbon dioxide from being released and 900,000 tonnes of natural gas per year. The park also helps in the prevention of wastage of 9 million litres of water annually.
Being a tropical country, India receives adequate solar radiation for 300 days amounting to 3000 hours of sunshine equivalent to over 5000 trillion kilo Watt hours. If used adequately, the available power can get most of its energy requirements fulfilled by solar energy itself.
With the combined efforts of the Government and the society, every village of the country can be electrified with clean energy reducing the emission of carbon dioxide and dependency on the already depleting coal and petroleum.

Solar Energy is certain to bring a revolution if serious efforts are taken in the desired direction.

Read More

Internet Concepts: How Internet Works

In 21st Century, Internet is become essential after food. Maybe, still many people will not agree with this statement now but once they start using internet they will be agree .

Well, you are reading this article so i hope you are already aware of 'what internet is'.
Are you?
I know you will say 'Yes i know what is internet' 

But is it enough ?  Don't you ever wonder how internet works? Maybe you already know how it works if you are IT student or teacher but still i think everyone should know this because internet is common and it is for everyone. So Its study should not be only for IT student.

The greatest thing about the Internet is that nobody really owns it. It is a global collection of networks, both big and small connected together in many different ways to form the single entity that we know as the Internet. The name 'Internet' comes from this idea of interconnected networks

Since its beginning in 1969, the Internet has grown from four host computer systems to tens of millions.
However, just because nobody owns the Internet, it doesn't mean it is not monitored and maintained in different ways.
The Internet Society, a non-profit group established in 1992, oversees the formation of the policies and protocols that define how we use and interact with the Internet.

How computer connects to internet.

Every computer that is connected to the Internet is part of a network, even the one in your home.
When you connect to your ISP (Internet service provider), you become part of their network. The ISP may then connect to a larger network and become part of their network.

The Internet is simply a network of networks.

Most large communications companies have their own dedicated backbones connecting various regions. In each region, the company has a Point of Presence (POP).

The POP is a place for local users to access the company's network, often through a local phone number or dedicated line. The amazing thing here is that there is no overall controlling network. Instead, there are several high-level networks connecting to each other through Network Access Points or NAPs.

Exmple:

Imagine that Company A is a large ISP.

In each major city, Company A has a POP. the POP in each city is a rack full of modems that the ISP's customers dial into. Company A use fiber optic (a cable) to communicate.

Imagine that Company B is a corporate ISP. Company B builds large buildings in major cities and corporations locate their Internet server machines in these buildings. Company B is such a large company that it runs its own fiber optic lines between its buildings

so that they are all interconnected.

In this arrangement, all of Company A's customers can talk to each other, and all of Company B's customers can talk to each other, but there is no way for Company A's customers and Company B's customers to intercommunicate.

The Function of an Internet Router (Message passing)Therefore, Company A and Company B both agree to connect to NAPs in various cities, and traffic between the two companies flows between the networks at the NAPs.

In the real Internet, dozens of large Internet providers interconnect at NAPs in various cities, and trillions of bytes of data flow between the individual networks at these points.

The Internet is a collection of huge corporate networks that agree to all intercommunicate with each other at the NAPs.
In this way, every computer on the Internet connects to every other.

How Message passes between computers

All of the networks rely on NAPs, backbones and routers to talk to each other.
What is incredible about this process is that a message can leave one computer and travel halfway across the world through several different networks and arrive at another computer in a fraction of a second!

The routers determine where to send information from one computer to another.
Routers are specialized computers that send your messages and those of every other Internet user speeding to their destinations along thousands of pathways.

A router has two separate, but related, jobs:

* It ensures that information doesn't go where it's not needed.
* It makes sure that information does make it to the intended destination.

In performing these two jobs, a router is extremely useful in dealing with two separate computer networks.

It joins the two networks, passing information from one to the other. It also protects the networks from one another, preventing the traffic on one from unnecessarily spilling over to the other.

Regardless of how many networks are attached, the basic operation and function of the router remains the same.
Since the Internet is one huge network made up of tens of thousands of smaller networks, its use of routers is an absolute necessity.

Internet Backbone

Backbones are typically fiber optic trunk lines. The trunk line has multiple fiber optic cables combined together to increase the capacity.

Fiber optic cables are designated OC for optical carrier, such as OC-3, OC-12 or OC-48. An OC-3 line is capable of transmitting 155 Mbps while an OC-48 can transmit 2,488 Mbps (2.488 Gbps). Compare that to a typical 56K modem transmitting 56,000 bps and you see just how fast a modern backbone is.

The National Science Foundation(NSF) created the first high-speed backbone in 1987. Called NSFNET, it was a T1 line that connected 170 smaller networks together and operated at 1.544 Mbps (million bits per second). IBM, MCI and Merit worked with NSF to create the backbone and developed a T3 (45 Mbps) backbone the following year.

Today there are many companies that operate their own high-capacity backbones, and all of them interconnect at various NAPs around the world.

In this way, everyone on the Internet, no matter where they are and what company they use, is able to talk to everyone else on the planet.

The entire Internet is a gigantic, sprawling agreement between companies to intercommunicate freely.


Internet Protocol: IP Addresses and Domain


Every machine on the Internet has a unique identifying number, called an IP Address.

The IP stands for Internet Protocol, which is the language that computers use to communicate over the Internet.

A protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser.
To make it easier for us humans to remember, IP addresses are normally expressed in decimal format.

E.g. 216.27.20.164.

But computers communicate in binaryform.

the four numbers in an IP address are called octets, because they each have eight positions when viewed in binary form. If you add all the positions together, you get 32, which is why IP addresses are considered 32-bit numbers. 

Since each of the eight positions can have two different states (1 or zero), the total number of possible combinations per octet is 28 or 256. So each octet can contain any value between zero and 255.

Combine the four octets and you get 232 or a possible 4,294,967,296 unique values!
Out of the almost 4.3 billion possible combinations, certain values are restricted from use as typical IP addresses.

For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255 is used for broadcasts.
The octets serve a purpose other than simply separating the numbers.

They are used to create classes of IP addresses that can be assigned to a particular business, government or other entity based on size and need.

The octets are split into two sections: Net and Host.
The Net section always contains the first octet. It is used to identify the network that a computer belongs to.
Host (sometimes referred to as Node) identifies the actual computer on the network.
The Host section always contains the last octet.
There are five IP classes plus certain special addresses.

DOMAIN NAME SYSTEM:

Its very complex to use and remember IP addresses of the computer you wanted to establish a link with.
For example, a typical IP address might be 216.27.20.164.
This was fine when there were only a few hosts out there, but it became unwieldy as more and more systems came online.

The first solution to the problem was a simple text file maintained by the Network Information Center that mapped names to IP addresses. Soon this text file became so large it was too cumbersome to manage.

In 1983, the University of Wisconsin created the Domain Name System (DNS), which maps text names to IP addresses automatically.
This way you only need to remember www.technotification.com, Instead of How technotification.com's IP address.


URL: Uniform Resource Locator

When you use the Web or send an e-mail message, you use a domain name to do it.

For example, the Uniform Resource Locator (URL) " http://www.technotification.com" contains the domain name technotification.com.
Every time you use a domain name, you use the Internet's DNS servers to translate the human-readable domain name into the machine-readable IP address.

Top-level domain names, also called first-level domain names, include .COM, .ORG, .NET,  .EDU and .GOV. Within every top-level domain there is a huge list of second-level domains. For example, in the .COM first-level domain there is:

- Google
- Yahoo
- Microsoft

Every name in the .COM top-level domain must be unique.
The left-most word, like www, is the host name.
It specifies the name of a specific machine (with a specific IP address) in a domain.

A given domain can, potentially, contain millions of host names as long as they are all unique within that domain. DNS servers accept requests from programs and other name servers to convert domain names into IP addresses.

When a request comes in, the DNS server can do one of four things with it:

1. It can answer the request with an IP address because it already knows the IP address for the requested domain.
2. It can contact another DNS server and try to find the IP address for the name requested. It may have to do this multiple times.
3. It can say, "I don't know the IP address for the domain you requested, but here's the IP address for a DNS server that knows more than I do."
4. It can return an error message because the requested domain name is invalid or does not exist.



How DNS, and URL works? (EXMPLE)

Let's say that you type the URL www.technotification.com into your browser and than The browser contacts a DNS server to get the IP address.

A DNS server would start its search for an IP address by contacting one of theroot DNS servers. The root servers know the IP addresses for all of the DNS servers that handle the top-level domains (. COM, . NET, . ORG, etc.).

Your DNS server would ask the root for www.technotification.com, and the root would say, "I don't know the IP address for www.technotification.com, but here's the IP address for the .COM DNS server."

Your name server then sends a query to the . COM DNS server asking it if it knows the IP address for www.technotification.com. The DNS server for the .COM domain knows the IP addresses for the name servers handling the www. technotification.com domain, so it returns those.
Your name server then contacts the DNS server for www.technotification.com and asks if it knows the IP address for www.technotification.com. It actually does, so it returns the IP address to your DNS server, which returns it to the browser, which can then contact the server for www.technotification.com to get a Web page.

One of the keys to making this work is redundancy. There are multiple DNS servers at every level, so that if one fails, there are others to handle the requests. The other key is caching. Once a DNS server resolves a request, it caches the IP address it receives.

Once it has made a request to a root DNS server for any .COM domain, it knows the IP address for a DNS server handling the .COM domain, so it doesn't have to bug the root DNS servers again for that information.
DNS servers can do this for every request, and this caching helps to keep things from bogging down.
Even though it is totally invisible, DNS servers handle billions of requests every day and they are essential to the Internet's smooth functioning.

The fact that this distributed database works so well and so invisibly day in and day out is a testimony to the design.

Internet Servers, Clients and Ports, http

Internet servers make the Internet possible. All of the machines on the Internet are either servers or clients. The machines that provide services to other machines are servers. And the machines that are used to connect to those services are clients. There are Web servers, e-mail servers, FTP servers and so on serving the needs of Internet users all over the world.

When you connect to www.technotification.com to read a page, you are a user sitting at a client's machine. You are accessing the Blogger's Web server (as technotification.com is hosted on blogger). The server machine finds the page you requested and sends it to you. Clients that come to a server machine do so with a specific intent, so clients direct their requests to a specific software server running on the server machine.

For example, if you are running a Web browser on your machine, it will want to talk to the Web server on the server machine, not the e-mail server. A server has a static IP address that does not change very often.

A home machine that is dialing up through a modem, on the other hand, typically has an IP address assigned by the ISP every time you dial in.

That IP address is unique for your session -- it may be different the next time you dial in. This way, an ISP only needs one IP address for each modem it supports, rather than one for each customer.

Ports and HTTP

Any server machine makes its services available using numbered ports. One for each service that is available on the server.

For exmple, If a server machine is running a Web server and a file transfer protocol (FTP) server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. Clients connect to a service at a specific IP address and on a specific port number.

Once a client has connected to a service on a particular port, it accesses the service using a specific protocol. Protocols are often text and simply describe how the client and server will have their conversation. Every Web server on the Internet conforms to the hypertext transfer protocol (HTTP).

That's all for now. If you understand it well i ca say now you know how internet works and every basic concepts related to it. share this article to help your friends too .

Read More

Hackers Can Now Attack Your PC Even Without Internet!

         Simply removing a malware-infected machine from a network might not be enough to secure other devices, for sophisticated hackers have found an easy way out to bypass the 'air gapping technique'. The technique is used by network admins in building a literal air roadblock that stops malicious computer code from propagating throughout a network.

         Air-gap malware (named after the very technique it bypasses) travels through the air as sound waves to infect machines in the near vicinity without needing Internet. The 'smart' malware can effectively jump an air-gap by converting malicious code into high-frequency sound waves. These sound waves are then transmitted to nearby devices irrespective of any network leading to infection. The malware works in a way modems work and machines communicate over phone lines. "Recently, researchers have started to show proof-of-concept implementations of how malware could leak data from an air-gapped machine using peripheral devices such as microphones and sound cards." Engin Kirda, professor at Northeastern University and a co-founder of Lastline, a company specialising in advanced malware was quoted as saying.

         The startling finding indicates that a computer's sound card is more than sufficient to spread the malware as inaudible sound that could go on and infect other machines. If such is the case, there doesn't seem to be a viable cure or protection against the air-gap malware at least now. However, researchers are of the opinion that it doesn't pose much of a threat to casual computer users since hackers would have to be extremely sophisticated to pull of such an act!

Read More

India Turns Down WTO’s Trade Facilitation Agreement

On August 1, the United States of America Secretary of State, John Kerry met the Indian Prime Minister, Narendra Modi for the fifth India-US strategic dialogue. Kerry appreciated Modi’s agenda of Sabka Saath, Sabka Vikas (cooperation of all,  development for all) but the forty-minutes meeting didn’t turn out the way it was expected.

India vetoed from the World Trade Organisation’s (WTO) Trade Facilitation Agreement (TFA), fearing that the country might have to compromise on its food security. Modi said that the developed countries should understand the problems faced by the developing nations. For instance, India has a challenge of feeding a huge population.
The US secretary of State responded by saying that faliure in signing the agreement has undermined India’s image and it sends a confusing signal.
In December, 2013 a trade agreement, called the Bali Package, was signed among all the WTO members (159 countries) in Bali, Indonesia aiming at lowering global trade barriers.
TFA, which is a part of the Bali Package, aims at reducing the bureaucratic obligations in import-export of goods among the signatories. But the problem with the TFA arises with the clause that restricts the agricultural subsidies to 10 percent of the total agricultural production. If the limit is crossed then other nations can impose a trade penalty for disobeying the rule. This clause is likely to have an adverse effect on food security in developing countries, as there are major issues like that of poverty and over-population.
India’s agreement to the TFA was based on the premise that developing nations would be provided with relief and no tax or penalty would be imposed till 2017. A permanent solution, according to the agreement, was to be later worked out.
India is now against the TFA because the 10 percent limit on subsidy is based on 1986-88 prices when the cost of food grains were much lower. This magnifies the already existing problem of limited subsidy. Also developed countries like US provide huge subsidies to its farmers, but developing countries like India have got restricted permission.
India now demands a permanent solution to the restricted subsidy issue, its stand being supported by China and some southern African countries as well. Whereas according to the WTO, subsidies that require the recipient to meet certain export targets, or to use domestic goods instead of imported good distort the international trade and affect the farmers of other signing countries.
It is well taken that the concerns of the developing nations is a valid one, but they are still forced by developed giants like the US. With India’s initiative of turning down the TFA, other developing countries might also join hands with India in its opposition to the agreement.

Read More

Microsoft issues Emergency Windows Update to Block Fake SSL Certificates

Today, Microsoft has issued an emergency update for almost all versions of Windows and also for Microsoft devices running Windows Phone 8 and 8.1 to secure users from attacks that abuse the latest issued rogue SSL certificates, which could be used to impersonate Google and Yahoo! websites.

A week after the search engine giant Google spotted and blocked unauthorized digital certificates for a number of its domains that could result in a potentially serious security and privacy threat, Microsoft has responded back to block the bogus certificates from being used on its software as well.

"Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates," said Dustin Childs, group manager of response communications.

The fake digital certificates, issued by the National Informatics Centre (NIC) of India - a unit of India’s Ministry of Communications and Information Technology, were uncovered at the beginning of this month by Google's security team.

Microsoft officials warned the country's certification authorities as well as Microsoft, because the certificates issued by NIC are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome.

Yet, Microsoft is not aware of any kind of attack leveraging this issue, but millions of websites operated by banks, e-commerce companies and other types of online services make use of such kind of cryptographic credentials to encrypt the web traffic and prove the authenticity of their servers.

"These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties," a Microsoft advisory warned. "The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks."

The Certificate Trust list (CTL) update has been rolled out to all users who have automatic updates enabled, and for those who do not have the automatic updater of revoked certificates installed, Microsoft has released a patch that can be manually installed.

The emergency update addresses all Microsoft PC operating systems including Windows Vista, Windows version 8, 8.1, RT, RT 8.1, Server 2012, Server 2012 R2, and its Windows Phone 8 software. At this moment, there is no update available for systems running Windows Server 2003 to revoke the fraudulent certificates – Microsoft says it will issue an update as soon as one becomes available. Also Server 2003 support ends next year, but the company will provide a fix before then.

Read More

Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user’s device, even when they lack the necessary permissions.

The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as “Jelly Bean.”

APPS CAN MAKE CALLS FROM YOUR PHONE

“This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won’t ask you for extra permissions to do a phone call to a toll number – but it is able to do it,” Curesec’s CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. “This is normally not possible without giving the app this special permission.”

By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone calls, disrupt ongoing calls, dialing out to expensive toll services, potentially framing up big charges on unsuspecting users' phone bills.

Android bug allows unauthorized users to terminate outgoing calls and Send USSD

The vulnerability can also be exploited to disconnect the outgoing calls, to send and execute :

• Unstructured Supplementary Service Data (USSD)
• Supplementary Service (SS)
• Manufacturer-defined MMI (Man-Machine Interface) codes.

These special codes can be used to access various device functions or operator services, which makes the problem a nasty one for those who value the data they store on their mobile phone.

“The list of USSD/SS/MMI codes is long and there are several quite powerful ones like changing the flow of phone calls (forwarding), blocking your SIM card, enabling or disabling caller anonymisation and so on,” reads the blog post.

Even the Android security programs, where apps without the CALL_PHONE permission should not be able to initiate phone calls, can be easily bypassed and offer no protection from these flaws, because the exploits have capability to deceive the Android permissions system altogether.

"As the app does not have the permission but is abusing a bug, such apps cannot easily protect you from this without the knowledge that this bug exists in another class on the system," wrote the researchers.

A large number of versions of Android are affected by the vulnerabilities. Researchers have found two different flaws that can be exploited to achieve the same ends – one that's present in newer Android releases and another that's found in older versions.

FIRST BUG - AFFECTS NEWER VERSION OF ANDROID

The first security bug, identified as CVE-2013-6272, appears to be introduced in Android version 4.1.1 Jelly Bean, and outlasted all the way through 4.4.2 KitKat before the security team at Google was able to fixed it in Android 4.4.4.

But, luckily only about 14% of users are currently updated to the latest version of the mobile Operating System. So, just think about it, How many users are currently in the grip of the flaws? Not less than a generous users open to vulnerabilities and attack paths.

SECOND BUG - AFFECTS OLDER VERSION OF ANDROID

The second security hole is wider in its reach, affecting both Android 2.3.3 and 2.3.6, the popular versions of Gingerbread variant which are used by lower-end smartphones, budget-style smartphones which continue to surge in popularity amongst emerging markets like those found in Brazil, China, and Russia.

The bug was fixed in Android 3.0 Honeycomb, but that was a tablet-only release that no longer even charts on Google's Android statistics. That means the bugs leave nearly 90 percent of Android users running vulnerable versions of the Operating System to dialer-manipulating vulnerability.

Researchers at Curesec have provided source code and a proof-of-concept demonstration app for both the bugs, so that customers can help themselves to test if their Android devices are vulnerable or not.

It is strongly advised to Android users those are running KitKat on their devices to get upgraded to the latest version 4.4.4 as soon as possible. It is expected that the device makers and carriers will soon roll out the updates in the coming weeks.

Read More

Google catches Indian Government Agency with Fake Digital Certificates

 

Google has identified and blocked unauthorized digital certificates for a number of its domains issued by the National Informatics Centre (NIC) of India, a unit of India’s Ministry of Communications and Information Technology.

National Informatics Center (NIC) holds several intermediate Certification Authority (CA) certs trusted by the Indian government’s top CA, Indian Controller of Certifying Authorities (India CCA), which are included in the Microsoft Root Store and so are trusted by a large number of applications running on Windows, including Internet Explorer and Chrome.

The use of rogue digital certificates could result in a potentially serious security and privacy threat that could allow an attacker to spy on an encrypted communication between a user’s device and a secure HTTPS website, which is thought to be secure.

 

Google became aware of the fake certificates last Wednesday on July 2 and within 24 hours, the Indian Controller of Certifying Authorities (India CCA) revoked all the NIC intermediate certificates and also issued a CRLSet to block the fraudulent certificates in Chrome. CRLSets enable Chrome to block certificates in an emergency.

The search engine giant believes that no other root stores include the Indian CCA certificates, which means that Chrome on any other operating systems, Chrome OS, Android, iOS and OS X were not affected.

“Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misused certificates for other sites may exist,” said Google security engineer Adam Langley.

Langley added that “Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.”

It’s the second high-profile incident of a government agency caught issuing fake SSL certificates since December, when Google revoked trust for a digital certificate for several of its domains, mistakenly signed by a French government intermediate certificate authority.

Google has taken many measures to advance the security of its certificates, as SSL certificates are still one of the core elements of online security and still, since hundreds of entities issue certificates, it makes the company difficult to identify fake certs that aren’t following proper procedures.

One such measure is Google’s recently launched Certificate Transparency project, which provides an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. 

DigiCert was one of the first Certificate Authority’s to implement Certificate Transparency after working with Google for a year to pilot the project.

Google also upgraded its SSL certificates from 1024-bit to 2048-bit RSA to make them more secure and unbreakable. Because longer key length would make it even more difficult for a cyber criminal to break the SSL connections that secure your emails, banking transactions and many more.

Read More

Germany to Consider Typewriters to Protect From US Spying

So far we have heard that using privacy tools by every individual and offering encrypted communication by every company is the only solution to Mass Surveillance conducted by the government and law enforcement authorities. But, Germany says the only solution to guard against surveillance is - Stop using Computers!!

Ohh Please!! Is it a joke?

No, it does not mean that they are going to completely throw out all of their computer systems, but rather they would use it preposterous.

A year ago, when it came to light that German Chancellor Angela Merkel’s own personal mobile phone had been spied by the U.S. National Security Agency (NSA) for years, Surveillance has become a big issue for Germany. Such a big that prominent politicians are seriously considering using manual typewriters for sensitive documents instead of computers.

The head of the Germany's NSA Inquiry Committee, Patrick Sensburg said in an interview with the Morgenmagazin TV show on Monday night, that the government is seriously considering a low-tech solution to the ongoing espionage problem and to keep American eyes off of sensitive documents.

According to the Guardians translation of the German interview:

Interviewer: Are you considering typewriters?

Sensburg: As a matter of fact, we have - and not electronic models either.

Surprised interviewer: Really?

Sensburg: Yes, no joke.

Sensburg is heading up the Bundestag’s parliamentary inquiry into the NSA’s activities on German soil and is the one who know about the serious concerns caused by foreign states surveillance programs.

Germany's NSA Inquiry Committee was established in March to investigate allegations by NSA whistle blower and former contractor Edward Snowden that the United States government has been eavesdropping Germans and even bugged Chancellor Angela Merkel’s personal cell phone, an issue that has strained relationships and raised trust issues between old allies, Berlin and Washington.

The relations between the two became even more worse when earlier this month, Germany arrested a German intelligence officer who worked as a double agent and passed information to the CIA about the parliament’s NSA investigation. According to Sensburg, US snooping is ongoing.

After Edward Snowden released his first document about the U.S. government's surveillance activities, even Russia also thought to revert again to the old-school forms of communication, and bought 20 electric typewriters last year to keep inside communications more private, according to the Moscow Times.

“Any information can be taken from computers,” a Russian member of parliament said. "[F]rom the point of view of keeping secrets, the most primitive method is preferred: a human hand with a pen or a typewriter.”

IN-SHORT

But, Just think that How much is this Practically possible? Just to safeguard ourselves from spying, we should start using Typewriters instead of emails, What it means? Means we should go on-foot instead of using cars, just to protect ourselves from an accident. Agree? Well, I am not!

Every individual, even government authorities should be encouraged to make use of best privacy tools and encrypted communication only, this would protect them from the risk of spying.

Read More

Update Your Java to Patch 20 Vulnerabilities Or Just Disable it

Today, Oracle has released its quarterly Critical Patch Update (CPU) for the month of July, as part of its monthly security bulletin, in which it fixes a total of 113 new security vulnerabilities for hundreds of the company’s products.

The security update for Oracle’s popular browser plug-in Java addresses 20 vulnerabilities in the software, all of which are remotely exploitable without authentication, that means an attacker wouldn't need a username and password to exploit them over a network.

MOST CRITICAL ONE TO PATCH FIRST

Oracle uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. One or more of the Java vulnerabilities received the most “critical” rating according to Oracle’s Common Vulnerability Scoring System (CVSS), i.e. base score of 10 or near.

Although, numerous other Oracle products and software components addressed in the latest security updates, which address around 29 vulnerabilities in Oracle Fusion Middleware out of which 27 enable remote code execution, seven vulnerabilities in Hyperion products and five apiece for Oracle database and E-Business Suite. But, Java was the only impacted with security issues scoring the highest critical rating.

So, Java patches are the most urgent and should be at the top of your list, as one of the Java SE vulnerabilities (CVE-2014-4227) in this patch update, scores ten out of ten in the common vulnerability rating system, and seven of the other Java SE client vulnerabilities received a CVSS score of 9.3.

Oracle Database Server will also be updated for five vulnerabilities, one of which is remotely exploitable, while there will be 10 patches released for MySQL Server, but none of them are remotely exploitable.

JAVA WILL CONTINUE TO SUPPORT WINDOWS XP

The company recently announced that it would no longer support Java on Windows XP, though it expect Java 7 to continue to work on Windows XP platform and Oracle security updates for Java on XP machines will continue.

“This end of support announcement has been misread as ‘Java no longer works on Windows XP’ or ‘Oracle will stop Java updates from being applied on Windows XP.’ These statements are not correct,” said Oracle vice-president of product management in the Java Platform Group Henrik Stahl.

“We expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the foreseeable future. In particular, we expect that JDK 7 will continue to work on Windows XP.”

However, Java 8 is not designed even to install on Windows XP operating system. So, the installer for the developer releases of Java 8 will not run on it without manual intervention.

PATCH OR SIMPLY DISABLE JAVA?

Java runs on more than 850 million personal computers and on billions of devices worldwide, therefore protecting against Java zero-day exploits is a rising concern among millions of Windows, Mac OS, and Linux users.

  Security experts recommend not installing Java if you don't already have it, and perhaps even disable it if you have it if you do not regularly use an application or visit any Web site that requires Java.

UPDATE YOUR SYSTEMS NOW

The company is urging its customers to update their systems as soon as possible. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the firm warned.

Oracle has published the full details about the list of patches here.

Read More

Project Zero - A Team of Star-Hackers Hired by Google to Protect the Internet

Google has publicly revealed its new initiative called “Project Zero,” a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet.

A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise Project Zero is a dedicated team of top security researchers, who have been hired by Google to finding the most severe security flaws in software around the world and fixing them.

PROTECT ZERO vs ZERO-DAY

Project Zero gets its name from the term "zero-day," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies.

"Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage." Chris Evans said, who was leading Google’s Chrome security team and now will lead Project Zero.

Zero-day vulnerabilities could give bad actors the power to completely control target users’ computers, and in such scenario - no encryption can protect them.

 

RECRUITMENT OF STAR HACKERS

Google has already recruited some hackers at Project Zero:

• Ben Hawkes - an independent researcher from New Zealand, and well known for discovering dozens of bugs in software like Adobe Flash and Microsoft Office.
• George Hotz - best known for hacking Sony PlayStation 3, cracking iPhone and Google's Chrome browser.
• Tavis Ormandy - working as an Information Security Engineer at Google and known for discovering lots of critical zero-day vulnerabilities in various softwares.
• and many more..

Main objective of the Project Zero is to significantly reduce the number of people harmed by targeted attacks.

"We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Chris added.

TEAM WORK

However, they are not restricted to finding bugs in Google's products only, rather they can choose targets by themselves strategically, but possibly team would majorly focus on the softwares that relied upon by a significant number of people. Flaw hunting and reporting process will be as mentioned below:

1. The Project Zero team will hunt for zero-day vulnerabilities in Popular Softwares.
2. Google will report flaws to vendors.
3. Google will release full vulnerability disclosure only when the vendor issues a patch for it.
4. Every bug will be filed transparently in an external database.

"We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Chris said.

Google is looking forward to grow their team of security experts and is making every effort to dedicatedly contribute to the Infosec Community.

 

Read More

Motorola Moto E Outshines all the phone under 10000Rs

1. Motorola Moto E:

Again a magical phone from Motorola. The Moto E has got everything you can expect at this price range, it even has additional features you can’t imagine at just Rs. 7,000. This is the best phone under 10,000 Rs. and yet it is cheaper by about 3,000 Rs. than other phones in this list. The Moto E runs on the latest Android 4.4.2 Kitkat and most important is that, Motorola has promised at least one update of the Android when a new version is released. It has a Dual Core Qualcomm Snapdragon 200 A7 processor clocked at at 1.2 GHz and is supported by 1 GB of RAM, the combination of which can handle most everyday needs, multitasking and gaming. The phone has a very good design which is similar to the Moto G. It has a 1980 mAh Li-Ion battery which can last all day. Its camera is not so great but come on…., you are not buying a phone at 7,000 Rs to click high resolution images. Additionally it has water resistance and smudge coating with Corning Gorilla Glass 3. Sometimes, I wonder how Motorola manages to put so many things at such a low price. Overall, it is a perfect all round phone one should buy at this price range and yes, it is better than Micromax Unite 2.

PRICE	6,999 Rs.
OS	Android OS, v4.4.2 (KitKat)
CPU	Dual-core 1.2 GHz, Qualcomm Snapdragon 200 Processor
RAM	1 GB RAM
SCREEN	4.3 inches capacitive touchscreen with Corning Gorilla Glass
DISPLAY	540 x 960 pixels, 256 ppi pixel density
SIM	Optional Dual SIM (Micro-SIM, dual stand-by)
CAMERA	5 MP Primary Camera, No Secondary Camera
MEMORY	Internal Storage 4. microsd expandable upto 32 GB
BATTERY	Non-removable Li-Ion 1980 mAh battery
OTHERS	3G, Bluetooth, WiFi, GPS

 

2. Micromax Canvas 2 A120 Colours:

PRICE	8623 Rs.
OS	Android v4.2 (Jelly Bean)
CPU	1.3 GHz, Quad Core, MT6582 Processor
RAM	1 GB RAM
SCREEN	5.0 inches, Color IPS capacitive touchscreen
DISPLAY	1280 x 720 pixels, 294 ppi pixel density
SIM	Dual SIM (GSM+GSM)
CAMERA	8 MP Primary Camera, Secondary Camera: 2 MP
MEMORY	Internal Storage 4 GB, microsd expandable upto 32 GB
BATTERY	2000 mAH, Li-ion Battery
OTHERS	3G, Bluetooth, WiFi, GPS

 

3. Sony Xperia M:

PRICE	10,799 Rs.
OS	Android OS, v4.1 (Jelly Bean)/ v4.2.2 - C2004/C2005 models, upgradable to v4.3 (Jelly Bean)
CPU	Dual-core 1 GHz Krait, Qualcomm Snapdragon S4 Plus MSM8227 Processor
RAM	1 GB RAM
SCREEN	4.0 inches, TFT capacitive touchscreen
DISPLAY	480 x 854 pixels, 245 ppi pixel density
SIM	Optional Dual SIM (Micro-SIM)
CAMERA	5 MP Primary Camera, 0.3 MP Front Camera
MEMORY	Internal Storage 4 GB, microsd expandable upto 32 GB
BATTERY	Li-Ion 1750 mAh battery
OTHERS	3G, NFC, Bluetooth, WiFi, GPS

 

4. Nokia XL:

PRICE	10,320 Rs.
OS	Android OS, v4.1.2 (Jelly Bean)
CPU	Dual-core 1 GHz Cortex-A5, Qualcomm MSM8225 Snapdragon S4 Play Processor
RAM	768 MB RAM
SCREEN	5.0 inches, IPS LCD capacitive touchscreen
DISPLAY	480 x 800 pixels, 187 ppi pixel density
SIM	Dual SIM (GSM + GSM)
CAMERA	5 MP Primary Camera, 2 MP Secondary Camera
MEMORY	Internal Storage 4 GB, microsd expandable upto 32 GB
BATTERY	Li-Ion 2000 mAh battery (BN-02)
OTHERS	3G, Bluetooth, WiFi, GPS

 

5. HTC Desire 310:

PRICE	9,833 Rs.
OS	Android OS, v4.2.2 (Jelly Bean)
CPU	Quad-core 1.3 GHz Cortex-A7 Mediatek MT6582M Processor
RAM	512 MB RAM
SCREEN	4.5 inches, 218 ppi pixel density
DISPLAY	480 x 854 pixels TFT capacitive touchscreen
SIM	Dual SIM, (Micro-SIM, dual stand-by)
CAMERA	5 MP, 2592х1944 pixels, autofocus, Geo-tagging, touch focus, face detection & Front Camera: 0.3 MP
MEMORY	Internal Storage 4 GB, upto 32 GB microSD expandable
BATTERY	Li-Ion 2000 mAh battery
OTHERS	3G,Bluetooth, WiFi, GPS

 

Read More

Why Does Modi Concern Obama?

When I came across a piece of report on Obama-Modi equation, my guess was that the news would go viral creating a stir in not only India, but worldwide. The story reported that in an exclusively small fundraiser, the United States’ President Barack Obama made quite a statement that shook up the little number of audience present there. When a person asked him about his concern with the newly elected Indian Prime Minister, the President gave a six word answer that left the audience dumbfound. He said, “My name is Barack HUSSEIN Obama.”

 The article first appeared on firstpost.com but now seems to have been removed.With Bharatiya Janata Party’s (BJP) sweeping electoral victory, most Indian chose to forget about the bygone concerns regarding Prime Minister Modi’s equation with Muslims. However, it seems that the world is still haunted by the PM’s alleged past.
  Modi is believed to have remained ineffective during the 2002 Gujarat riots. Some even accused him responsible for the whole riot. Therefore, quite a few remained skeptical about Modi’s past, saying that his rule would alter what the idea of “India” stands for i.e. it would undermine secularism. Others on the other hand, endowed Modi with their confidence. However, with India getting Modi-fied, almost everyone in India have eventually come to terms with his rule.
While he seems to have convinced India of his credibility, the short statement made by someone as strong a figure as Obama is certainly going to hang in the air for PM Modi. Modi thus cannot afford to delude any of his moves while in office. There is a need of a concrete, materialized assurance on the part of PM Modi, for he needs to turn around his image of a Hindu nationalist into that of a secular head of government.
As the world, on one hand, might continue to monitor the Indian Prime Minister’s efforts for a secular India, we need to put our trust on the PM that he will bring “acche din” (good days) for the Indian Muslims as well!

Read More