India, Russia may ink cyber-security pact next week

FRESH DELHI: India and Russian federation will more than likely sign a cyber-security pact during Russian President Vladimir Putin's trip to Goa in a few days, cementing joint efforts to curb terror-related activities in the area.

Officials of both countries said a pact regarding this is expected to be announced at the Indo-Russian gross annual summit in Goa on October 15. India had entered into a comprehensive cyber security relationship with the US, another everlasting member of the UN Security Authorities, during the Commercial and Strategic Dialogue in August.
India and Russia have recently been working on closer coordination to combat radicalisation through social media by groups like Islamic State as well as Pakistan-based clothes like LeT, Hizbul Mujahideen and Jaish-e-Mohammed.
Ways to check online propaganda and recruitment by such groupings, and keeping hackers from sabotaging critical infrastructure are among the list of issues that will be high up on the agenda for Putin and Indian Prime Minister Narendra Modi when they meet for the Indo-Russian Gross annual Summit. Last year, the two countries had chose to form an expert group on cyber security and counter-terrorism.

At the summit next week, which will concentrate on counter-terror measures, you will see sharing of experience and expertise in the field of counter-terrorism training, the officials cited earlier said, requesting anonymity. While Russia is at the forefront of fighting the Islamic State in Syria, India had situations of youth being attracted through social media to join the group.

+Web Solution, Web Design and development Company, India
+CyberCrime 

Yahoo Hack: information on some 500 million people were stolen

Yahoo hack analysis shows little evidence of foreign involvement

Last week, Yahoo owned up to the largest hack known to have occurred in computing history. Passwords, logins, and other account information on some 500 million people were stolen in the heist. At the time, Yahoo claimed that the hack was the work of state-sponsored actors — but independent analysts working on analyzing the hack have begun pushing back that assessment, while current and former Yahoo employees say security was a distant priority at Yahoo.

InfoArmor has published a timeline and history of the attack against Yahoo. The first offers to sell Yahoo-derived data appeared on April 3, 2016. According to InfoArmor’s analysis, the individuals attempting to sell the Yahoo data (and other major data sets for websites like Instagram, LinkedIn, Dropbox, MySpace, and Tumblr) are fronting the data sets for criminal groups, as opposed to acting directly on behalf of government agencies in foreign countries. It’s not always easy to tease these relationships apart, since criminal hackers sometimes sell data to nation-states, or could be hired to work directly on their behalf.

The graphic below shows the proposed relationships between a set of professional, Eastern European black hats in green, English-speaking threat actors (in red), and a potential group of state-sponsored actors who purchase data from the digital fences but weren’t directly involved in the hack itself (purple).

YahooPIC8

It’s generally considered difficult to prove that any single government was responsible for a hack. But these attacks tend to be extremely sophisticated, with carefully crafted malware that goes after specific targets. If conventional malware attacks are WW2-era carpet bombing, targeted, state-sponsored malware are modern, self-guided ‘smart’ weapons with precision strike capabilities and advanced munitions. The InfoArmor analysis also revealed the scope of what was taken from Yahoo: login ids, country codes, recovery emails, date-of-birth records, MD5 password hashes, cell phone numbers, and zip codes were all stolen.

Yahoo: Too terrified of losing users to protect them
An investigation by the New York Times doesn’t paint a flattering picture of Yahoo’s security infrastructure. While Yahoo created a dedicated security team after high-profile attacks took down other services, it rarely listened to its own experts, dubbed the “Paranoids” internally. Yahoo didn’t implement a bug bounty program until 2013, three years after Google debuted its own. In 2013, the Snowden leaks demonstrated Yahoo was a frequent target of hack attempts, but it took the company a full year to even hire a chief information security officer.

Yahoo’s security team pushed for end-to-end encryption for all Yahoo products. They were shut down by protests from the senior VP overseeing email and messaging services, Jeff Bonforte, who claimed end-to-end encryption would limit Yahoo’s ability to search and index email or offer new services to customers. When Yahoo’s new chief security officer went to bat for user privacy and security, he found little support from CEO Marissa Mayer. The Paranoids were starved for resources, and their suggestions for improving security through superior intrusion detection were denied as well, according to the report. Even a request to automatically reset passwords for all users in the wake of a major breach was denied.

Why? Money and reach. Mayer and other executives were concerned that any disruption to service — even something as simple as a password reset — could trigger more users to leave the company and seek service elsewhere. Yahoo notified its customers that a hack had occurred, but took no other action to protect its customers. Between the lack of evidence for state-sponsored activity, and growing awareness that the company’s lack of concern for security played a significant role in its own downfall, Yahoo is looking like a worse acquisition for Verizon all the time.

Yahoo management could have used the Snowden leaks to justify a new round of spending and consumer-centric, privacy-friendly changes. After all, it was thanks to Snowden that we found out Yahoo had challenged the government’s right to spy on its customers in multiple secret court battles. Yahoo could have built on that record and appealed to more customers in the process. Instead, it refused to implement best practices because it was afraid of losing market share at an even faster rate.

Reffred: extremetech.com

Google ad hints of new smartphones to come on Oct. 4

Google released an intriguing new video on prime time TV Monday that hints of an Oct. 4 announcement of two new smartphones -- the Pixel X and Pixel XL.

The 30-second spot, also posted on Google-owned YouTube, shows a search bar rectangle that morphs into the shape of a smartphone accompanied by the 1974 hit single, “Come and Get Your Love” by the rock band Redbone.

A separate website, madeby.google.com with much the same content shows the smartphone shape with color photos and a place to sign up for email alerts for more information. Fans of the Google Nexus phones will notice the URL refers to “made by Google” as well. Billboards in New York City are also showing the promotion.

The promotion was also backed up by invitations to some media outlets for a Google event in San Francisco on Oct. 4.

Reports suggest that Google will announce two new smartphones that day, the Pixel X with a 5-in. screen, and the larger 5.5-in. Pixel XL. They would presumably run a custom version of the latest Android OS, 7.0 dubbed Nougat. The phones would be manufactured by HTC.

Other reports indicate Google is dropping the Nexus name for Pixel, and plans to announce other products on Oct. 4, such as its Daydream virtual reality device and Google Home, an answer to the Amazon Echo.

The significance of the video and the reports of new smartphones should not be lost on average smartphone users.

Android phones dominate the global smartphone market, with an 85% share that is predicted to continue through 2020, according to research firm IDC. However, Google and even many Android phone makers, are clearly interested in keeping Android users updated with the latest operating system, along with the latest processors, cameras, sleek designs and other updates.

The Nexus line, going back to the Nexus One in 2009, has been one way that Google could show the best designs and uses for pure Android, even as it has served a small group of customers -- mainly tech-savvy users.

“Google’s goal with Nexus, or now Pixel phones, is the same as always: an alternative to Samsung smartphones in the high end which can really show off Android and Google’s ecosystem,” said Carolina Milanesi, an analyst at Creative Strategies.


So far, “Nexus devices have not helped because of the limited sales channel,” meaning they are mainly sold unlocked on the web. Google needs wider distribution, but can’t really afford to work with carriers and mass retailers because doing so would increase Google’s costs and upset other Android phone manufacturers, Milanesi said.

Milanesi said another report that’s circulating is that Google will bring its pure Android approach through Nexus in-house completely and close it off to other partner/manufacturers. “Alienating partners no longer seems to be a concern,” she added.

Under that scenario, Google could make its Google Mobile Services (GMS) — including Google Search, Gmail, Chrome and Google Maps — “proprietary,” in order to simplify the process of getting devices updated to the latest version of Android. “That would be so pure innovation actually makes it into consumers’ hands,” she said.

GMS is available only through a license with Google, according to the Android website, although installing it on devices requires no license fee.

More details may be forthcoming on Oct. 4 about a GMS that is more proprietary, expensive or restrictive for licensees. Google CEO Sundar Pichai told The Verge on June 1 that his company would “be more opinionated about the design of the phones,” particularly where Google sees a need to “push the devices forward.”

Pichai said then that Google would not create its own phones from scratch, and said Google’s plan was “still to work with OEMs to make phones.”

While Android already dominates the smartphone market, Google has to make Android evolve to keep up with the market and create interest when a new OS version is released, said Jack Gold, an analyst at J.Gold Associates.

“Google needs to show continued improvements, if not outright innovation, if it wants to maintain its market share,” Gold said. “Google often creates flagship devices that are meant to stimulate the market and get vendors’ creative juices flowing. It will continue to do so.”

Gold said he hopes that Google will announce an evolution of its core search capabilities with artificial intelligence with new interfaces for users.

The latest Google video promotion with TV and billboard ads shows a marketing willingness to take the Nexus concept for innovation to the mass market and beyond the niche of technophiles that have purchased the devices online.

On the other hand, Google faces a balancing act as it enlarges its market reach, said Patrick Moorhead, an analyst at Moor Insights & Strategy.

“Google always needs to be cautious that Android doesn’t get cheapened as a phone platform, especially as Apple gobbles up so much of the premium tier,” Moorhead said. “They should charge as high a price as they can without getting piggish on profits.”

The worst that could happen is if Android smartphones become a “commodity” with little pizazz and innovation.

“Commoditization doesn’t just happen; industries allow themselves to be commoditized,” Moorhead said. “Case in point -- the PC market. The PC market reduced investing then started to get commoditized and had to spend even more to decrease the slide.”
+Web Solution, Web Design and development Company, India

~computerworld

4 Harmful-Easy Steps to Covered Your WordPress Site Against Hackers

Best hacking protection Service - Newsflash: If you run a WordPress site, you ought to completely find a way to secure it against programmers.

Alright. This is not by any means news to you and me.

The issue is, that in the event that you resemble the vast majority, you don't consider site security to be an energizing theme. You recognize it's imperative, be that as it may, hey, it's likewise kinda exhausting and specialized.

Additionally there's that appealing old "It won't transpire" melody playing at the back of your psyche.

So site security mopes at the extremely base of your schedule, and never gets any consideration.

Be that as it may, imagine a scenario where I let you know could increase your site security at this moment, independent from anyone else, in 18 minutes or less, without spending a penny.

Now that is news!

Simply take after these 4 dead-simple strides, you'll soon be allowed to return to the next, all the more exciting errands on your schedule:

(Note these strides allude particularly to WordPress locales, however can be connected to most other substance administration frameworks.)

1. Erase the username "administrator"

The default username while making a WordPress site is "administrator." Most individuals keep this username. This makes it dead simple for programmers to figure your username. At that point they are as of now half signed into your site.

So erase any record with the username "administrator."

Note: if the record with username "administrator" is the main client that as of now has Administrator-level access, you won't have the capacity to erase it until you first make and login with an alternate Administrator-level record. WordPress necessities to guarantee that there is some approach to get to Administrator capacities for your site.

Time required: 4 minutes

2. Fortify Your Password

password_generatorHackers use programming to promptly test each word in Wikipedia against your watchword. So anything that is a genuine word or name in any dialect ought not be utilized. Any sensible or noteworthy number grouping ought not be utilized.

That implies don't utilize your pet's name, your child's birthday, or whatever else that ambiguously bodes well.

The best passwords incorporate an arbitrary game plan of capitalized and lowercase letters, and also numbers and images. As it were, they ought to be rubbish.

You can utilize a secret word generator to help you do this – simply make a point to spare your passwords in a safe spot.

So go now and change your site login secret key to something truly limitless. Request that different clients do likewise.

Time required: 2 mins

3. Erase and Update

WordPress has somewhat of negative criticism for being "uncertain." actually, a WordPress site just gets to be shaky when you neglect to stay up with the latest. Any piece of your site that is not redesigned to its most recent variant exhibits a security hazard. Programmers discover vulnerabilities in locales through obsolete documents, topics and modules.

So go now and ensure that you are redesigned to:

The most recent form of WordPress

The most recent form of all introduced modules

The most recent form of all introduced topics

While you're in there, it's best to erase any modules or subjects that you don't utilize or require. These are prone to end up obsolete without you seeing, making future security dangers.

Time required: 8 mins

4. Limit Login Attempts

login_attemptsAt illuminea, we introduce a module like this on every one of our customers' WordPress destinations: the Limit Login Attempts module. It's truly a smart easily overlooked detail a-mama dance.

One of the regular ways that programmers endeavor to access a site is by utilizing programming that barrages the login page with an unending number of username and secret word blends, until they strike gold. Furthermore, on the off chance that you are not taking after strides 1 and 2, they will strike gold truly quick. This was the way the Brute Force assaults were so effective in devastating numerous WordPress locales in 2013.

That is the magnificence of this module: it restrains the quantity of times that anybody can endeavor to login to your site inside one single hour to some sensible human number, similar to five.

On the off chance that you are the absent minded sort, set it to 10 🙂

So off you go to scan for and introduce the "Point of confinement Login Attempts" module on your site.

Time required: 4 mins

Alright. We're finished.

That is all you have to do to take your site security up an indent.

In any case, Wait, Will This Really Protect My Site Against Menacing "Hacktivists"?

You may ask yourself: Malicious programmers have brought down expertly-secured locales having a place with the US Government and PayPal. What chance do I have of securing my site against them, with a couple of basic DIY measures?

In actuality, these tips are not trick confirmation but rather they do raise your security level over the vast majority of the destinations on the web. The normal programmer wants to focus on the weakest among us, so by raising your site out of that class, you can truly ensure your site.

In the event that you have motivation to trust that your site could be a particular focus of master programmers, then you will require much more grounded measures than this. The most ideal approach to know whether you are in this high-hazard class is whether you have as of now been liable to more than one hacking endeavor.

In the event that this is you, you have to counsel a specialist.

For whatever is left of us, amazing measures are not typically important. In the meantime, a couple of basic security steps could spare tremendous cerebral pains and a considerable measure of cash modifying a site that has been noxiously hacked.

Reffered Pnpuniverse