Category Archives: Latest Trends

Huawei didn’t need American customers to become a smartphone giant

On October 16th, Huawei announced its latest smartphone, the Mate 10, alongside a Porsche Design-ed version of the same device. In previous years, the phone might have been seen as little more than a me-too clone of Samsung’s Galaxy Note. But these days, Huawei believes that its hardware is more than enough to stand up against the smartphone world’s “big two.” Its status as a major player may not be entrenched, yet, but between flashy product launches and an ever-growing presence on the world stage, it feels almost inevitable.

Huawei’s rise began in 1987 when the Chinese company was founded as a niche importer of telephone switches from Hong Kong. Since then, it has learned to develop its own telecoms and networking equipment, becoming the biggest infrastructure firm in the world. In 2016, it raked in profits of $5.3 billion and its handset business, which started in 2008, is now the third-biggest in the world. From the clunky U8100 in 2010, Huawei now has a plethora of Android smartphones tailored to a wide variety of niches.

(It’s worth noting that there is one small caveat: typically sales figures look at BKK Electronics’ various divisions as separate businesses. BKK, Huawei’s local rival, owns Vivo, Oppo and OnePlus, and would probably put Huawei into fourth place if all those divisions were treated as one.)

Huawei’s one-two punch of networking technology and handsets has made it a welcome friend of many carriers, especially in Europe. The company’s device strategy mirrored the early days of HTC and ZTE, producing white-label devices for networks to badge as they saw fit. But while ZTE has languished at the bottom and and HTC attempted to push its brand into the elite, Huawei stayed the course, flooding the market with handsets of all stripes.

One facet of Huawei’s success is its verticality; it has good relationships with many global carriers, producing reliable and low-cost devices that work well with its own infrastructure. Another is that the company rose to prominence towards the latter period of the smartphone boom. It took advantage of the advances (and risks) made by other companies to learn what not to do.

In 2013, the company’s Ascend P6 was launched as a statement of intent for the Chinese company looking to break into the mainstream. The device cribbed plenty of hardware and software flourishes from both Apple and Sony, and retailed for €449 ($531). It was a cheap phone that felt anything but, and while there were obvious compromises, people took it seriously. Our own review said “The takeaway message here is that Huawei means business. With the build quality and core-functionality nuts cracked, most other niggles should be relatively easy to improve.”

The Ascend P7 remedied many of the flaws of its immediate predecessor, doubling down on its iPhone-design on a budget ethos. It wasn’t going to blow anyone away, not compared to the flagships of the day, but it did what it needed to do well. In the UK, Huawei still uses phones based on the P7, as well as the G6, as the basis for the low-end devices sold by British carrier EE.

Source: https://www.engadget.com/2017/10/19/huawei-smartphone-giant-challenges-us-mate-10/

7 Easy Steps that Protect Your Website From Hackers

As a website owner, is there anything more terrifying than the thought of seeing all of your work altered or entirely wiped out by a nefarious hacker?

You’ve worked hard on your website (and your brand) – so take the time to protect it with these basic hacking protections!

In addition to regularly backing up your files (which you should already be doing, for various reasons), taking the following seven easy steps will help keep your website safe:

Step #1: Keep platforms and scripts up-to-date3

One of the best things you can do to protect your website is to make sure any platforms or scripts you’ve installed are up-to-date. Because many of these tools are created as open-source software programs, their code is easily available – to both good-intentioned developers as well as malicious hackers. Hackers can pore over this code, looking for security loopholes that allow them to take control of your website by exploiting any platform or script weaknesses.

As an example, if you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed are potentially vulnerable to these types of attacks. Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way and usually takes very little time to do.

WordPress users can check this quickly when they log in to their WordPress dashboard. Look for the update icon in the top left corner next to your site name. Click the number to access your WordPress Updates.

Step #2: Install security plugins, when possible

Once you’ve updated everything, further enhance your website security with plugins that actively prevent against hacking attempts.

Again, using WordPress as an example, you’ll want to look into free plugins like iThemes Security and Bulletproof Security (or similar tools that are available for websites built on other content management systems). These products address the weaknesses that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.

Alternatively – whether you’re running a CMS-managed site or HTML pages – take a look at SiteLock. SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering.

Step #3: Use HTTPS

As a consumer, you may already know to always look for the green https in your browser bar any time you’ll be providing sensitive information to a website. Most consumers know to recognize those five little letters as an important shorthand for security: they signal that it’s safe to provide financial information on that particular webpage.
If you have an online store, or if any part of your website will require visitors to hand over sensitive information like a credit card number, you have to invest in an SSL certificate. The cost to you is minimal, but the extra level of encryption it offers to your customers goes a long way to making your website more secure and trustworthy.

Step #4: Use parameterized queries

One of the most common website hacks many sites fall victim to are SQL injections.

SQL injections can come into play if you have a web form or URL parameter that allows outside users to supply information. If you leave the parameters of the field too open, someone could insert code into them that lets them hack into your database, which may well contain sensitive customer information, like their contact info or credit card numbers. Obviously that’s information it’s your duty to protect.

There are a number of steps you can take to protect your website from SQL injection hacks; one of the most important and easiest to implement is the use of parameterized queries. Using parameterized queries ensures your code has specific enough parameters so that there’s no room for a hacker to mess with them.

Step #5: Use CSP

Similar to SQL injections, cross-site scripting (XSS) attacks are another common foe site owners have to be on the lookout for. They occur when hackers find a way to slip malicious JavaScript code onto your pages which can then infect the pages of any visitors to your website that are exposed to the code.

Part of the fight to protect your site from XSS attacks is similar to the parameterized queries you use for SQL injections. You should make sure any code you use on your website for functions or fields that allow input are as explicit as possible in what’s allowed, so you’re not leaving room for anything to slip in.

Another handy tool you have to protect yourself from XSS is Content Security Policy (CSP). CSP allows you to specify the domains a browser should consider valid sources of executable scripts when on your page, so the browser knows not to pay attention to any malicious script that might infect your visitor’s computer.

Using CSP is simply a matter of adding the proper HTTP header to your webpage that provides a string of directives that tells the browser which domains are ok and any exceptions to the rule. You can find details on how to craft CSP headers for your website provided by Mozilla here.

Step #6: Make sure your passwords are secure1

This one seems simple, but it’s so important.

It’s tempting to go with a password you know will always be easy for you to remember. That’s why the #1 most common password is still 123456. You have to do better than that – a lot better than that.

Make the effort to figure out a truly secure password (or use HostGator’s password generator). Make it long. Use a mix of special characters, numbers, and letters. And steer clear of potentially easy-to-guess keywords like your birthday or kid’s name. If a hacker somehow gains access to other information about you, they’ll know to guess those first.And make sure everyone who has access to your website has similarly secure passwords. Institute requirements in terms of length and the type of characters that people are required to use so they have to get more creative than going with the standard, easy passwords they turn to for less secure accounts.

One weak password within your team can make your whole website more vulnerable, so set expectations with everyone who has access and hold yourself to the same high standard.

Step #7: Lock down your directory and file permissions

Now, for this final technique, we’re going to get a little technical – but stick with me for a moment…

All websites can be boiled down to a series of files and folders that are stored on your web hosting account. Besides containing all of the1 scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.

On the Linux operating system, permissions are viewable as a three-digit code where each digit is an integer between 0-7. The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else. The assignations work as follows:

  • 4 equals Read
  • 2 equals Write
  • 1 equals Execute
  • 0 equals no permissions for that user

As an example, take the permission code “644.” In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file. The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.

So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1) permissions would then readable, write-able, and executable by the user, the group and everyone else in the world.

As you might expect, a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone. Of course, there are valid reasons to open up access to other groups of users (anonymous FTP upload, as one example), but these instances must be carefully considered in order to avoid creating a security risk.

For this reason, a good rule of thumb is to set your permissions as follows:

  • Folders and directories = 755
  • Individual files = 644

To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP. Once inside, you’ll see a list of your existing file permissions (as in the following example generated using the Filezilla FTP program):

The final column in this example displays the folder and file permissions currently assigned to the website’s content. To change these permissions in Filezilla, simply right click the folder or file in question and select the “File permissions” option. Doing so will launch a screen that allows you to assign different permissions using a series of checkboxes:

Source: https://www.hostgator.com/blog/3-easy-steps-that-protect-your-website-from-hackers/

Best CCTV Cameras in India 2017

CCTV cameras provide remote surveillance for home, office, gardens and garage – all in your laptop, computer or smartphone so that you can keep track of your kid’s activates, ensure safety of elderly and keep check on intruders and trespassers.

Now, when it comes to choosing a CCTV camera, one can go for a single IP camera or a fully fledged and expandable CCTV surveillance system as per one’s requirements.

Before we get on with our list of best CCTV camera in India, let us take a look at few specs that must be taken into account while buying a CCTV Camera:

  • Day/Night Vision – Opt for a surveillance camera that has both day and night vision. Look for IR (Infrared) cut-off filter to ensure integrated night vision.
  • Camera type – Decide between analogue, High Definitions (HD) and Internet Protocol (IP) cameras, IP and HD cameras being top end cameras in the market.
  • Type and Quality of the Imaging Chip – CCTV cameras produce images using CMOS or CCD chips. Low priced cameras use CMOS technology and produce poor quality video. Decent quality cameras use CCD technology.
  • Light level – Light level is measured in Lux. The lower the Lux, the less light the camera will take to reproduce a clear image.

The Hikvision CCTV Security System with Turbo DS is our top pick – it is the top quality product with high-end specs for those who can afford it. D3D Wireless IP Camera is our most recommended product because it provides great value for its price.

Top-Rated CCTV Camera in India

CCTV Camera Specifications

  • Hikvision CCTV Security System 1MP bullet cameras & Replaceable 1TB Memory
  • Foscam C1 115 degree viewing angle & PIR motion detection
  • IFITech Foscam 155 degree viewing angle, dual audio & motion detection
  • D3D 720P(1280 x 720), VGA(640 x 360), QVGA(320 x 180)
  • D-Link Built-In Wi-Fi Extender, Audio & motion detection alerting
  • Sricam SP Series Inbuilt IR lenses, Horizontal and vertical camera rotation
  • CP Plus CP-VCG-T20L3 6mm lens, 36 IR LEDS and up to 30 meters night vision
  • CP Plus HDCVI IR 6mm Lens with IR Range of 30 Mtr
  • CP Plus CP-GAC-DC1000L2H2 20 meters of IR range, Compatible with analog DVR
  • Tubros HIKVISION Bullet Full HD720P video output & Up to 20 meter IR distance
  • Dahua 1/2.9″ 1Megapixel CMOS image sensor
  • LIO 800TVL IR 6mm Fixed Lens, 36 LEDs & up to 15 meters range

Source: http://www.techzene.com/best-cctv-cameras-india/

Website Security: How Do Websites Get Hacked?

In 2014, the total number of websites on the internet reached 1 billion. Today it’s hovering somewhere in the neighborhood of 944 million due to websites going inactive, and it is expected to normalize again at 1 billion sometime in 2015. Let’s take a minute to absorb that number for a moment – 1 billion.

Another surprising statistic is that Google, one of the most popular search engines in the world, quarantines approximately 10,000 websites a day via its Safe Browsing technology. From our own research, out of the millions of websites that push through our scanning technology, roughly 2 – 5% of them have some Indicator of Compromise (IoC) that signifies a website attack. Granted, this might be a bit high, as the websites being scanned are often suspected of having an issue, so to be conservative we would extrapolate that to suggest about 1% of the total websites online are hacked or infected. To put that into perspective, we are talking somewhere in the neighborhood of 9 million websites that are currently hacked or infected.

With this sort of impact, it’s only natural that people are curious how websites keep getting hacked. The challenge is that the answer has been the same for quite some time.

In the past month, I began a series of articles asking various aspects of website hacks and infections:

  • Why, in Why do Websites get Hacked and the motivations behind them.
  • What the implications of a hack were to website owners of all calibers in The Impacts of a Hacked Website.
  • Today, we’ll take a moment to understand the, How.

It is the one question that almost every website security professional gets at some point in their career, and in some cases, repeatedly. As pros, we take for granted the knowledge we have gained over the years and forget what it is like not to know.

Websites get hacked because of three things:

  • Access Control
  • Software Vulnerabilities
  • Third-Party Integrations

The Website Environment

We cannot have a conversation about how websites get hacked without having an open dialog about everything that makes up a website.

There are various elements that make a website function and work in unison. Components like, the Domain Name System (DNS) – the thing that tells requests where to go. The web server houses various website files and the infrastructure houses various web servers. These websites live in a complex ecosystem of interconnected nodes around the internet, but likely something you’ve never given much thought.

Many of these features are provided by a number of service providers that make it very easy for you to create an online presence. They sell you things like domain names, hosting space, and other services designed to make operating your website easy.

While I won’t dive into too many details about the threats that these elements introduce, please understand that every one of the components described above has an impact on your overall security posture and can potentially contribute to how your website gets hacked.

Forensics Versus Remediation

There is a difference between Forensics and Remediation, and it is not as subtle as some might believe it to be.

Forensics has been around for a very long time. It follows a very stringent process of identifying what happened, but more importantly how it happened, and often includes some form of attribution (i.e., who did it?). Remediation however, is the art of cleaning or removing the infections. When it comes to everyday infections, forensics isn’t a necessity. In most cases it is quick to ascertain what happened and how to get it to stop. With that in mind, for complex cases, good remediation cannot be achieved without proper forensics. Here is an example:

When you ask, “How do websites get hacked?” you are essentially asking for forensics. The problem is, true forensics is complex, time consuming and requires a lot of data – data that is often unavailable via most configurations. You can often segment which component is required based on audience. For small business owners with shared hosting environments, forensics is almost impossible because there is limited access. However, for large organizations/enterprises, forensics is required and the necessary data is sometimes more attainable.

A few reasons you might require forensics:

  • You need to understand what happened and have all associated data elements and access.
  • You are an Ecommerce website and have to be PCI compliant.
  • You are an organization that has IR protocols in the event of a compromise.

How Websites Get Hacked

What I find fascinating about website hacks is that they always come down to the same elements regardless of the organization’s size. It does not matter if you are a Fortune 500 or a small business selling cupcakes. The only difference is the why.

In large organizations, it is often because they dropped the ball. They knew exactly what the threat was, but they never thought it would extend to their websites, with the common response being – “I thought someone else was handling it”. When it comes to small businesses, it is often – “Why would anyone want to hack me? I never knew it’d be an issue for me, I’m not Target, I don’t have credit card information”.

Access Control

Access control speaks specifically to the process of authentication and authorization; simply put, how you log in. When I say log in, I mean more than just your website. Here are a few areas to think about when assessing access control:

  • How do you log into your hosting panel?
  • How do you log into your server? (i.e., FTP, SFTP, SSH)
  • How do you log into your website? (i.e., WordPress, Dreamweaver, Joomla!)
  • How do you log into your computer?
  • How do you log into your social media forums?

The reality is that access control is much more important than most give credit. It is like the person that locks their front door but leaves every window unlatched and the alarm system turned off. This begs the question, why did you even lock the door?

Exploitation of access control often comes in the form of a brute force attack, in which the attacker attempts to guess the possible username and password combinations in an effort to log in as the user. You can also see various social engineering attempts of phishing pages designed to capture a user’s ID/username and password combination, or some form of Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attack in which the attacker tries to intercept the user credentials via their own browser. There is also the obvious Man in the Middle (MITM) attack, where the attacker intercepts your username and password while working via insecure networks and your credentials are transferred between one point to another via plain text.

Software Vulnerabilities

Software vulnerabilities are not for the faint of heart. I would argue that 95% of website owners are unable to address today’s software vulnerabilities; even everyday developers are unable to account for the threats their own code introduces. The problem, as I see it, is in the way we think. It takes a special person to want to break things. Most of us use things as they are designed.

These software vulnerabilities extend beyond the website itself and easily bleed into the various technologies we discussed above (i.e., web server, infrastructure, etc.). Anywhere there is a system, there’s a potential software vulnerability waiting to be exploited. This can also extend to your browser (i.e., Chrome, Internet Explorer, Firefox, etc.).

Exploitation of software vulnerabilities come in various forms, but for the sake of sanity, we will target a website’s and not the various supporting elements. When it comes to websites, exploitation of a software vulnerability is achieved through a cleverly malformed Uniform Resource Locator (URL) or POST Headers. Via these two methods, an attacker is able to enact a number of attacks; things like Remote Code Execution (RCE), Remote / Local File Inclusion (R/LFI), and SQL Injection (SQLi) attacks. There are a number of other attacks, but these are some of the more common attacks we’re seeing affecting today’s websites.

Third-Party Integrations / Services

Third-party integrations/services are increasingly becoming a problem. The most prominent form are ads via ad networks leading to malvertising attacks. It extends beyond that to services you might use, including things like a Content Distribution Network (CDN) – as in the recent Washington Post hack last week.

Third-party integrations and services have become commonplace in today’s website ecosystem, and are especially popular in the highly extensible Content Management Systems (CMS) like WordPress, Joomla! and Drupal.

The problem with the exploitation of third-party integrations and services is that it is beyond the website owner’s ability to control. We assume when we integrate third-party providers that they are ensuring the service you consume is safe, but like everything else there is always the chance of compromise.

How to Protect Your Website

It is easy to read this article and feel overwhelmed, but understand that half of the website security battle is awareness and education. The problem is that it is almost impossible to get in front of enough people to scale awareness and education. Once you get in front of people, the next battle is getting them to care. It is often only after someone feels the pain of a compromise that they begin to care or realize the harsh effects.

The first thing I always like to tell website owners is that security is about risk reduction not risk elimination. You must get your head around this simple fact because there is no such thing as a 100% solution to staying secure. Almost all the tools you employ within your environment aim to reduce your overall risk posture; whether it’s continuous scanning or a more proactive approach such as mitigating incoming attacks.

Here are the tips I tend to offer everyone that will listen when it comes to managing website security:

  • Employ Defense in Depth Principles – layers like an onion.
  • Leverage best practices like Least Privileged – not everyone needs administrative privileges.
  • Place emphasis on how people access your website, leveraging things like Multi-Factor and Two-Factor Authentication.
  • Protect yourself against the exploitation of software vulnerabilities through use of a Website Firewall – focus on Known and Unknown Attacks.
  • Backups are your friends – your safety net – try to have at least 60 days available.
  • Register your website with Search Engines – Google and Bing have Webmaster Tools, leverage their infrastructure to tell you the health of your website.

Security is not a singular event or action, but rather a series of actions. It begins with good posture and the responsibility begins and ends with you. Realize that if you desire to know the How, you will inevitably cross one of the scenarios I described above, and that’s okay!

Source: https://blog.sucuri.net/2015/05/website-security-how-do-websites-get-hacked.html

Apple responds on Face ID privacy concerns

After a US Senator wrote to Apple CEO Tim Cook, conveying concerns on users’ security with Face ID biometric security in iPhone X, Apple has responded to him, detailing Face ID’s built-in security features.

In September, Senator Al Franken (Democrat-Minnesota) had asked several questions related to Apple’s implementation of the Face ID technology.

Franken had asked Mr. Cook to reply to his concerns by October 13.

According to a report in Appleinsider on Tuesday, Apple Vice President for Public Policy Cynthia Hogan has clarified Franken’s concerns in a letter.

“Face ID confirms the presence of an attentive face (via gaze detection), projects and reads a depth map of a user’s face and sends that information to the Secure Enclave for processing.”

“Face ID data, which includes a mathematical representation of a user’s face, is encrypted and never leaves the device,” Hogan wrote.

“Data sent to the Secure Enclave is not sent to Apple or included in device backups. Further, 2D face images and corresponding depth map information captured for normal unlock operations are immediately discarded once the mathematical representation is calculated for comparison against an enrolled Face ID profile,” Apple said in the letter.

Franken also issued a statement regarding Apple’s response.

“I appreciate Apple’s willingness to engage with my office on these issues, and I’m glad to see the steps that the company has taken to address consumer privacy and security concerns,” said Franken, who is the member of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.

Face ID uses ‘TrueDepth’ camera system made up of a dot projector, infrared camera and flood illuminator, and is powered by A11 Bionic to accurately map and recognise a face.

Face ID projects more than 30,000 invisible IR dots.

The IR image and dot pattern are pushed through neural networks to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time.

Apple has always been reluctant to let enforcement agencies get into its hardware security technology.

In 2016, Apple refused to comply with a court order after federal prosecutors tried to unlock an iPhone tied to a 2015 terrorist attack in San Bernardino, California.

Source: http://www.thehindu.com/sci-tech/technology/apple-responds-on-face-id-privacy-concerns/article19875499.ece

Samsung Galaxy Tab Active 2 debuts with 8-inch display and IP68 certification

Samsung yesterday released the user manual of its Galaxy Tab Active 2. Soon after that, the company launched the device without much fanfare, as reported by LETSGODIGITAL

The tablet had appeared in many leaks, and most of the speculations have turned out right. Meant specifically for business use, the Samsung Galaxy Tab Active 2 is claimed to withstand extreme weather conditions. It has an IP68 certification, which means the device can be submerged in water up to 5 feet deep up to 30 minutes. It is also dust resistant. Furthermore, being a rugged version, the Galaxy Tab Active 2 carries MIL-STD-810 certified. Hence, it is said to hold out against extreme pressures, temperatures, climates, shocks, and traps. The tablet comes with an 8-inch display that offers a screen resolution of 1,280×800 pixels. Thanks to the technology employed by Samsung, the display can be with gloves on as well as wet fingers. The tablet features a physical home button, which double functions as a fingerprint scanner. As shown in the user manual, the Galaxy Tab Active 2 comes with both Bixby Home and Bixby Voice. Notably, not many Samsung devices boast the presence of Bixby voice assistant. On the optics front, the tablet features an 8MP rear-facing camera with auto focus. Likewise, there is a 5MP selfie camera at the front. The front camera is said to feature Face Detection technology. In addition, the new device offers AR capabilities, NFC, and 4G connectivity. The Black colored Samsung Galaxy Tab Active 2 4G variant will go on sale in the Netherlands at the end of November at €500 (approximately Rs. 38,250) including VAT. Since Samsung is yet to update its website, rest of the specifications have not come to light. The moment we get the information, we will update you.

Source: https://www.gizbot.com/tablet/news/samsung-galaxy-tab-active-2-debuts-with-8-inch-display-and-ip68-certification-044966.html