Sign up for our Technology Newsletter 
Is Changing Your Password Often A Good Idea?
Comments Off on Is Changing Your Password Often A Good Idea?
Carnegie Mellon University professor Lorrie Cranor, who is the US FTC’s technology guru, has debunked a myth that it is a good idea to change your password often.
Talking to Ars Technica she said that while frequent password changes can lock hackers out they make make security worse.
She told the BSides security conference in Las Vegas that frequent password changes do little to improve security and very possibly make security worse by encouraging the use of passwords that are more susceptible to cracking.
A study published in 2010 by researchers from the University of North Carolina at Chapel Hill more or less confirmed her views. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.
By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1″, for instance (excluding the quotation marks) frequently became “tArheels#1″ after the first change, “taRheels#1″ on the second change and so on. Or it might be changed to “tarheels#11″ on the first change and “tarheels#111″ on the second. Another common technique was to substitute a digit to make it “tarheels#2″, “tarheels#3″, and so on.
“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation. They take their old passwords, they change it in some small way, and they come up with a new password.”
The researchers used the transformations they uncovered to develop algorithms that could predict changes with great accuracy.
A separate study from researchers at Carleton University showed that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.
Courtesy-Fud
Google Upgrades Voice Search
October 8, 2015 by admin
Filed under Around The Net
Comments Off on Google Upgrades Voice Search
Google said it has constructed a better neural network that is making its voice search work faster and better in noisy environments.
“We are happy to announce that our new acoustic models are now used for voice searches and commands in the Google app (on Android and iOS), and for dictation on Android devices,” Google’s Speech Team wrote in a recent blog post . “In addition to requiring much lower computational resources, the new models are more accurate, robust to noise, and faster to respond to voice search queries.”
In 2013, Google brought the same voice recognition tools that had been working in Google Now to Google Search.
Along with being able to find information on the Internet, Google Voice Search also was able to find information for users in their Gmail, Google Calendar and Google+ accounts.
At the 2013 Google I/O developers conference, Amit Singhai, today a senior vice president and Google Fellow, said the future of search is in voice. For Google, he said, future searches will be more like conversations with your computer or device, which also will be able to give you information before you even ask for it.
The company went on to make it clear that it would continue to focus on voice search.
And this week’s announcement backs that up.
Google explained in its blog post that it has updated the neural network it’s using for voice search. A neural network is a computer system based on the way the human brain and nervous system work. It generally uses many processors operating in parallel.
The improved neural network is able to consume the incoming audio in larger chunks than conventional models without performing as many calculations.
“With this, we drastically reduced computations and made the recognizer much faster,” the team wrote. “We also added artificial noise and reverberation to the training data, making the recognizer more robust to ambient noise.”
Source-http://www.thegurureview.net/aroundnet-category/google-upgrades-voice-search.html
Dropbox Beefs Up Security
August 25, 2015 by admin
Filed under Around The Net
Comments Off on Dropbox Beefs Up Security
Two-factor authentication is widely regarded as a best practice for security in the online world, but Dropbox has announced a new feature that’s designed to make it even more secure.
Whereas two-step verification most commonly involves the user’s phone for the second authentication method, Dropbox’s new U2F support adds a new means of authenticating the user via Universal 2nd Factor (U2F) security keys instead.
What that means is that users can now use a USB key as an additional means to prove who they are.
“This is a very good advancement and adds extra security over mobile notifications for two-factor authentication,” said Rich Mogull, Securosis CEO.
“Basically, you can’t trick a user into typing in credentials,” Mogull explained. “The attacker has to compromise the exact machine the user is on.”
For most users, phone-based, two-factor authentication is “totally fine,” he said. “But this is a better option in high-security environments and is a good example of where the FIDO standard is headed.”
Security keys provide stronger defense against credential-theft attacks like phishing, Dropbox said.
“Even if you’re using two-step verification with your phone, some sophisticated attackers can still use fake Dropbox websites to lure you into entering your password and verification code,” the company explained in a blog post. “They can then use this information to access your account.”
Security keys, on the other hand, use cryptographic communication and will only work when the user is signing in to the legitimate Dropbox website.
Dropbox users who want to use the new feature will need a security key that follows the FIDO Alliance’s Universal 2nd Factor (U2F) standard. That U2F key can then be set up with the user’s Dropbox account along with any other U2F-enabled services, such as Google.
Can Android AT Work Entice The Enterprise?
March 9, 2015 by admin
Filed under Around The Net
Comments Off on Can Android AT Work Entice The Enterprise?
Google Inc rolled out an initiative to make smartphones running its Android software more appealing to corporations, a move that could help extend the Internet technology giant reach into workplaces.
Google said on its official blog that its Android for Work program will provide improved security and management features for corporations that want to give their employees Android smartphones. Smartphones supported by the new initiative will be able to keep an employee’s work and personal apps separate, and a special Android for Work app will allow businesses to oversee key tools such as email, calendar and contacts.
Google said it is partnering with more than two dozen companies including Blackberry Ltd, Citrix Systems Inc, Box Inc.
Google’s Android software is the world’s most popular mobile operating system, but many corporations, which have significant security and device management requirements, give their employees smartphones made by Blackberry or Apple Inc.
Verizon Fixes Serious Securty Flaw In FiOS
Comments Off on Verizon Fixes Serious Securty Flaw In FiOS
Verizon corrected a serious vulnerability in its My FiOS mobile application that granted unfettered access to email accounts, according to a developer who found the problem.
Randy Westergren, a senior software developer with XDA Developers, looked at the Android version of My FiOS, which is used for account management, email and scheduling video recordings.
“Since Verizon has a good amount of my information, I thought it would be a good candidate for research,” Westergren wrote on his personal blog. “I was right, and the results were astonishing.”
The flaw, contained in the application’s API, could have allowed an attacker to read individual messages from a person’s Verizon inbox and even send emails from an account, he wrote.
Westergren looked at the traffic sent back and forth between My FiOS and Verizon’s servers. He found My FiOS would return the content of someone else’s email inbox by simply substituting a different user ID in a request.
He contacted Verizony, which later acknowledged the problem. Verizon issued a fix last Friday, Westergren wrote.
“Verizon’s security group seemed to immediately realize the impact of this vulnerability and took it very seriously,” Westergren wrote. “They were very responsive during this process and even arranged for a free year of FiOS Internet service as a token of their gratitude.”
Acers To Launh Cheap Tablets
September 17, 2014 by admin
Filed under Consumer Electronics
Comments Off on Acers To Launh Cheap Tablets
Acer’s latest low-cost 8-inch tablets will come to market in both Android and Windows flavors.
The Iconia Tab 8 W runs Windows on an Intel Atom Z3735G quad-core processor. It offers 8 hours of battery life, weighs 370 grams and is 9.75 millimeters thick. The 8-inch screen has a resolution of 1280 by 800 pixels.
For the $149 price tag, Acer includes a one-year subscription to the Personal version of Office 365, which includes access to Word, Excel, PowerPoint, OneNote and Outlook.
Android fans will prefer the Iconia One 8, running Android 4.4. It has the same Intel processor and screen dimensions as its Windows cousin, but is slightly lighter at 340 grams and only 8.5 millimeters thick.
Buyers can choose between 10 colors, including red, green, blue, purple and pink.
Acer also took the covers off the Iconia 10, an Android-based 10-inch tablet. The device has a quad-core processor from MediaTek. The screen is protected using Gorilla glass and has Full HD resolution. Using Dolby Digital Plus, surround sound is simulated from two-channel stereo audio headphones.
Available in black or white and with a price of $199, the Iconia Tab 10 includes a micro HDMI port and Wireless Display support for showing photos and videos on a bigger TV.
The first of the new tablets to start shipping will be the Iconia 10, available this month in the Americas and Europe, Middle East and Africa (EMEA).
The Iconia Tab 8 W will go on sale in October in EMEA and in November in the Americas.
Apple Changes Policy In China
August 28, 2014 by admin
Filed under Consumer Electronics
Comments Off on Apple Changes Policy In China
Apple Inc has started the processing of keeping the personal data of some Chinese users on servers in mainland China, marking the first time the tech giant is storing user data on Chinese soil.
The storage of user data in China represents a departure from the policies of some technology companies, notably Google Inc, which has long refused to build data centers in China due to censorship and privacy concerns.
Apple said the move was part of an effort to improve the speed and reliability of its iCloud service, which lets users store pictures, e-mail and other data. Positioning data centers as close to customers as possible means faster service.
The data will be kept on servers provided by China Telecom Corp Ltd, the country’s third-largest wireless carrier, Apple said in a statement.
“Apple takes user security and privacy very seriously,” it said. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland china. All data stored with our providers is encrypted. China Telecom does not have access to the content.”
A source with knowledge of the situation said the encryption keys for Apple’s data on China Telecom servers would be stored offshore and not made available to China Telecom.
Apple has said it has devised encryption systems for services such as iMessage that even Apple itself cannot unlock. But some experts expressed scepticism that Apple would be able to withhold user data in the event of a government request.
“If they’re making out that the data is protected and secure that’s a little disingenuous because if they want to operate a business here, that’d have to comply with demands from the authorities,” said Jeremy Goldkorn, director of Danwei.com, a research firm focused on Chinese media, internet and consumers.
“On the other hand if they don’t store Chinese user data on a Chinese server they’re basically risking a crackdown from the authorities.”
Goldkorn added that data stored in the United States is subject to similar U.S. regulations where the government can use court orders to demand private data.
A spokesman for China Telecom declined to comment.
Rackspace Goes Onmetal
Rackspace has launched Onmetal Cloud Servers, a service that combines the on-demand nature and scalability of cloud servers with the performance and total control of bare-metal servers.
The Onmetal Cloud Servers service will be available from July, initially at Rackspace’s Northern Virginia data centre only, but is expected to roll out internationally during 2015.
The service brings all the power and flexibility of cloud computing to applications previously considered unsuitable to run in a virtualised environment, according to the firm. It is an API-driven, single-tenant infrastructure-as-a-service (IaaS) offering that enables customers to provision dedicated servers with whatever operating system and services stack they require.
Rackspace has been looking at bare-metal provisioning since at least last year, when the firm introduced its Performance Cloud Servers tier for customers with more demanding workloads. However, there has been growing interest in the ability to own the entire server, according to the firm, because of the “noisy neighbour” problem in multi-tenant environments, where another workload on the same host may degrade network latency, disk input/output (I/O) and compute processing power.
Rackspace president Taylor Rhodes said, “Virtualisation and sharing a physical machine are fantastic tools for specific workloads at certain scale; however, we’ve learned that the one-size-fits-all approach to multi-tenancy just doesn’t work once you become successful, so we created Onmetal to simplify scaling for customers to stay lean and fast with a laser-sharp focus on building out their product.”
Onmetal Cloud Servers make use of the Ironic Bare Metal Provisioning project in the Openstack cloud computing framework. This is still in incubation rather than a full core part of Openstack, but Rackspace has a policy of introducing cutting-edge features in its cloud services.
The physical hardware itself is compliant with Open Compute Project specifications, and available in three different tiers aimed at specific workloads.
These comprise a compute-optimised configuration for application servers supporting 20 threads and 32GB memory, while a memory-optimised configuration for tasks such as in-memory analytics supports 24 threads and 512GB.
An I/O-optimized configuration supports 40 threads with 128GB memory and a 3.2TB PCI Express flash drive. The latter is best for traditional databases, NoSQL and online transaction-processing applications, Rackspace said.
Pricing has not been disclosed, but Rackspace said customers will be able to pay by the minute, with utility-style billing only for the resources they use.
NSA Software Reengineered
Hackers have found a way to reverse engineer the technology of the United States National Security Agency (NSA) spy gadgets.
Thanks to documents leaked by fugitive former NSA contractor and whistleblower Edward Snowden, the group has built a copycat device able to gather private data from computer systems.
The Advanced Network Technology catalogue, leaked by Snowden, is the Argos book of the NSA showing a range of toys available to agents. One such device known has a “retro reflector” had eluded identification, beyond that it acted as a bug, keylogger and screengrabber.
Michael Ossman and his team from Great Scott Gadgets, a Colorado based hacking group, decided that the best defence against such devices was to create their own to understand what makes them tick.
It transpired that the key technology being used is called software defined radio (SDR), an approach that uses software to generate radio transmissions through signal processing, doing away with a lot of hardware circuitry.
“SDR lets you engineer a radio system of any type you like really quickly so you can research wireless security in any radio format,” Ossmann told New Scientist.
The technique can be used for almost any type of radio signal and therefore the devices are capable of tracking anything, from what you’re listening to through a Bluetooth headset to the binary signals of your internet traffic.
The group, which will demonstrate its work at the Defon hacking conference in Las Vegas, runs a website at NSAplayset.org that is a repository for all of the information it gathered.
Is The Internet Secure?
June 9, 2014 by admin
Filed under Around The Net
Comments Off on Is The Internet Secure?
Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.
Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”
She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.
“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.