Security Bugs and Vulnerability - The Vulnerability Landscape

Cyber security is an arms race between offensive and defensive capabilities, and unfortunately, we are losing this battle. As users, we want better technology doing cooler things enabling us to do more. But the more we have, the more we rely on it,  and the more complex these systems become.
Complexity is the enemy of security. In fact, complexity is a nemesis of security,
which is one of the main reasons why we’re losing this arms race.
I’m going to get you up to speed on security bugs and vulnerabilities and how they
affect your security. A security bug and a vulnerability are actually the same thing. So they’re synonyms for each other. So if I say security bug or vulnerability, it’s the same thing. And it’s an
error. It’s an error written into software that creates a potential for a threat agent,
such as a hacker, to exploit it. So an example might be the recent Heartbleed bug which you may have heard about because it was on mainstream news. This is a bug in something called Open
SSL which enables the decryption of internet traffic sent to vulnerable sites. So for example, maybe you have a online bank. If it was susceptible to the Heartbleed bug, and when you were sending your username and password, somebody may, if the bug was in that bank, able to decrypt and get access to your username and password. Security bugs will always exist as long as humans write software. That might not be forever, but humans are fallible, so as long as humans write software, there’s going to
be security bugs. And it’s no surprise really if you consider something like the Windows operating
system. It’s made up of millions and millions of lines of code. Humans are fallable, we
will make mistakes, there will be security bugs. On the left here, you can see a diagram that represents your computer, and on the right, we have a diagram that represents the internet. On each side we have things that you care about.  Security bugs can exist in your operating system, firmware, applications, things like Outlook, your media player, Adobe Acrobat. In a particular risk, they can exist in your browser and the extensions and add-ons within the browser.  So for example, there can be a security bug in your Internet Explorer. You visit a website which has special code on it. You won’t see that this code is one there, and this will install malware on your machine and take it over through that vulnerability.
And maybe the consequences are that they choose to encrypt all your files and hold them to ransom until you pay the money to decrypt it, and that’s known as Ransomware. Because you have things you care about online, we have to consider the security bugs that exist on internet sites and on the internet infrastructure. So maybe you use Dropbox and there is a bug that is discovered by Dr. Evil on Dropbox, which gives him access to your files. And because Dropbox stores encryption keys, so encryption isn’t going to save you, he will then have access to your files. There are two main types of bugs. Really, it’s best to draw a distinction between, and those are the Known and Unknown bugs. So if we start with the Known bugs, known bugs of vulnerabilities have patches, and if you patch your system, you are safe against that bug. And we’ll cover the best and easiest way to do patching of all the things that need patching as we go through. And then you have the Unknown bug, also can be referred to as zero-days. These are much harder to protect against as there is no patch. So we’ll cover later techniques to protect against these, and these are referred to in the security industry
as a compensating control. I’m going to bring up a spreadsheet to give you a little bit more of an insight intothe world of the cyber criminal. Your budding, entrepreneur hacker doesn’t even need to be particularly skilled these days. He can go purchase an already made exploit kit. If you look at this spreadsheet, here along the top, these are the various popular exploit kits that are available at the moment and to purchase. And down here are the
various vulnerabilities, what they affect down here. And, as a budding, hacking entrepreneur, we can look through here and see which particular vulnerability we might want to use. Okay, we might want to exploit Internet Explorer, so there you go, we can use this one. And here we can see that this one allows the remote attacker to execute arbitrary code by a crafted website that triggers access to a detailed object. That really means that if you click on a link or go anywhere with an Internet Explorer browser, is susceptible to this vulnerability, they can take over your machine. And if we’re not feeling like potentially buying an exploit kit, you can look online for the exploit. And we can see here this is the code to run the exploit. So I hope that gives you a better idea about what security bugs are and vulnerabilities. And later on, we’re going to be going through the ways to mitigate against the Known vulnerabilities and the Unknown vulnerabilities.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

Spyware, Adware, Scareware, Pups & Browser Hijacking || tech talks group ||

Spyware have its main purpose is to gather information and send it back to the attacker, well, to

spy. The attackers don’t generally want to cause damage directly, but want to

compromise your privacy and anonymity based on some agenda they’ve got. Spyware

is intelligence gathering malware.

For example, a rootkit can also be a Trojan horse, someone could call spyware a

virus. The point is just to understand the variants that exist and the possible purpose

of the malware.

 Adware, which some people consider it to be a form of spyware. Is

undesirable software that forces advertisement on you. There are millions of different

variants of this. One of the most annoying and destructive form of adware is called

Cool Web Search. You may even have encountered it yourself, but there’s nothing

cool about it at all.

Know Your Enemy - The Current Threat and Vulnerability Landscape

It hijacks your default search engine, it displays ads in the browser, when you click

on links, it sometimes takes you to places that it wants you to go to instead of where

you want to actually go to, and it actively defends itself from being removed and

getting rid of it. So it’s particularly hard to shift. And there are many, many variants

of it that have affected millions of people.

When an adware or malware takes over your browser in this way, it’s known as

Browser Hijacking, and you might hear that term more throughout the course.

You should always pay particular attention when installing software because often,

a software install includes optional installs such as this browser hijacker that we’ve

just mentioned. So you can see here optional installs. And what you’ve got here is

installs that are going to be potential adware. So be very careful what you agree to

install.

Always opt for the custom installation and deselect anything that is not familiar,

especially optional software that you never wanted to download and install in the first

place. It goes without saying that you should not install software that you don’t trust.

Sometimes your device might come with adware preinstalled if you're particularly

unlucky. One of the worst cases was Lenovo preinstalling Superfish adware that not

only served you adverts based on what it knew about you from spying on you, it also

included a self-signed certificate allowing your browser TLS and SSL encryption to be

bypassed. So not very good of Lenovo there. In fact, I will never buy a Lenovo laptop

again because of that and all the rest of the things that Lenovo had done.

Scareware is a type of social engineering attack to trick a person into

believing in a threat that isn’t really real. So a common example is fake security

software claiming that you have malware infections or something like that. Often they

want you to pay something in order to fix the fake problem. These scams have been

extremely successful.

You can see here Personal Antivirus Software. It’s identifying all of these fake

vulnerabilities. And then it’s going to keep popping up, it’s going to keep causing

problems on your machine, and then people are fooled into paying for something to

remove the fake viruses.

And finally we have this catch all term. If it’s something that you might not have

wanted, these are called Potentially Unwanted Programs, or PUPs.

They’re called potentially unwanted because the antivirus companies and people

that attempt to remove these things aren’t quite sure whether you want them or not.

Most often, you don’t want them.

They’re annoying; the things that are bundled in with software. So again, they are

often bundled in with the software when you install, so you must make sure when

you install software, you go through the custom install and make sure you remove

any of these PUPs.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

Microsoft's New AI Lab provide training to India Students. || techtalksgroup ||

Microsoft will soon launch its new AI labs through which the tech giant aims to train as many as 1.5 lakh students across higher educational institutes in the country, the company said announcing its decision on Thursday.

As part of the programme, the tech giant will closely work with 10 educational institutes and will provide the needed infrastructure and guidance to the selected students.

BITS Pilani, BML Munjal University, ISB, Kalpataru Institute of Technology, KL University, Periyar University, Karunya University, SRM Institute of Science and Technology, SVKM (NMIMS) and Trident Academy of Technology are among the list of chosen 10 institutes across the country.


Maintaining that AI is crucial for reskilling the workforce of tomorrow,  Microsoft India President Anant Maheshwari said, “As AI becomes mainstream, organisations will require talent with skill sets that are very different from what exists now. Educators and institutions are integral to the skilling revolution taking root in the country.”

Apart from designing the curriculum and giving students access to its cloud and AI services, Microsoft will also train the faculties through workshops emerging technologies and provide assistance in strategising content and curricula for project-based and experiential learning.

Booming AI and Data Science market

The move comes in the wake of growing significance of artificial intelligence (AI) and machine learning (ML) related skills in the current job market.

As per a study by Analytical India Magazine which studied the analytical and data science jobs in India, In early 2019 alone, the total number of analytics and data science job positions available are 97,000, thus marking a 45% jump in the open job requirements, when compared to 2018.

The AI lab is one among the number of initiatives undertaken by Microsoft to promote AI in the country. In 2018, the PC-maker joined hands with NITI Aayog to lay the foundation for the country’s AI architecture. As per the agreement, Microsoft India will support Niti Aayog by combining the cloud, AI, research across several core areas including agriculture and healthcare and the environment.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

Some Details which had been know so far for HongMeng "Ark" OS Huawei || techtalksgroup ||

The drama surrounding Huawei’s ban from importing and buying US products continues to unfold and the latest episode revolves around what is believed to be its answer to Android. Internally called “HongMeng”, the Android replacement is reportedly ready for deployment. Not next month, as an earlier report indicated but sometime starting later this year. What HongMeng really is continues to be a mystery but here are the breadcrumbs we’ve gathered about it from different corner of sources.

TechRadar earlier received word that Huawei’s homegrown OS is ready to launch commercially in June. The Chinese OEM corrected the misconception but also added a few interesting tidbits.

Foreseeing this exact situation, Huawei says it has been ready since January 2018 but held off releasing the OS to maintain its relationships with Google and other US-based partners. Now that those have cut their ties, it will be moving forward with a launch in China in late 2019 and a global release sometime in 2020.

It might be called Ark OS

“HongMeng” is just the operating system’s codename and Huawei knows it won’t do for a marketing name. It has apparently been filing trademarks across the world for an “Ark OS” name. While there’s no certainty that Ark OS is HongMeng’s commercial name, given the timing of the filings, it’s almost a sure thing.

It will run Android apps but may not be Android-based

WinFuture obtained some alleged screenshots of this Ark OS and it’s pretty clear it can run Android apps, complete with standard Android permissions. That’s pretty much a no brainer because, as the likes of Samsung’s Tizen OS and Jolla’s Sailfish OS or even Microsoft’s Windows Phone proved, HongMeng wouldn’t survive without a massive number of apps. Especially the most popular ones.

What’s still not certain, however, is whether HongMeng/Ark OS itself is based on Android or if it simply has a compatibility layer for Android apps. The latter, while possible, is extremely tricky and our bet is on a modification of the Android Open Source Project or AOSP.

It is compatible with the “Android Green Alliance”

The Android Green Alliance was formed in 2016 by Huawei, Tencent, Baidu, Alibaba, and NetEase in an effort to improve the quality of Android experience on Chinese phones. This does seem to confirm that Ark OS is indeed based on Android. Whether or not the other members of the alliance stand behind Huawei on this front is, of course, a different question altogether.

Huawei boasts it can make it on its own

Huawei, however, is almost boastful that it has all that it needs to keep its business running, except for Intel chips for PCs and servers. It is using its own Kirin chipset for its phones, of course, but also claims to have ARM-based processors and database software to replace Intel and Oracle. How that stands in light of ARM’s withdrawal from Huawei remains to be seen.

The company also says outright that Wi-Fi, Bluetooth, and SD card alliances actually stand to lose in keeping out a big contributor such as itself. As international standards, however, Huawei suggests it can use such technologies even without being part of that alliance.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

Top 10 Worst IT Jobs. || techtalksgroup ||

                
Source: The Best Computer Science Schools

Not every job in technology involves sitting in a comfy chair, analyzing data. Best Computer Science Schools has taken a look at some of the worst jobs in information technology and what makes them so dangerous, dirty or just plain disturbing.

Electronics assembly

With devices like cell phones and tablets becoming increasingly central to everyday life, those who assemble such devices are under growing strain to meet deadlines and deliver high-quality products. The stress recently led several employees of an Apple assembly factory in China to commit suicide. In addition, accusations have been leveled against other companies like Dell, HP and Samsung, claiming sweatshop conditions and exposure to radiation.

Undersea Internet cable repair

Think you are able to connect to another continent thanks to satellites? Think again. Massive undersea cables provide about 99 percent of the world's Internet connectivity. Workers have to lay those cables and then return to repair them in the event of a line break, which can be caused by everything from a ship's anchor to an undersea earthquake. Robots controlled by humans physically lay and bury the cables, but humans must haul in, fix and drop the tables. And since they're in the middle of the ocean, nature could intervene at any time.

Climbing towers

Cell phone-tower climbing has been called the most dangerous work in the country. These towers can reach heights of 2,000 feet, exposing workers to the very real risk of a deadly fall. And with the increasing reliance on cellular networks, more and more towers go up every year, with more workers exposed to those dangers all the time.

Network engineer

Engineers who troubleshoot networks often have to crawl through basements and attics, pulling equipment and repairing it. That's already a pretty gross job. Imagine doing all that in a war zone. Military network engineers are tasked with doing that very unglamorous job in dangerous areas, including in active conflict zones.

Recycling e-waste

Spent electronics aren't simply tossed into landfills and left to nature. Used hardware from the U.S. often travels halfway around the world to developing nations for workers there to smash so they can strip the valuable metals (gold, copper and silver included) from circuit boards. In addition to flying shards of glass, they often come into contact with dangerous minerals and chemicals, such as lead, mercury and brominated flame retardants, as well as acid to help reveal the valuable metals.

Sanitation

Like the developing world workers who reclaim precious metals from discarded computers, asset disposition firms analyze old computers from major companies, clean them up and decide if they must be trashed or if they can be refurbished. Many of the computers have been unused for years, so inside workers can encounter spiders, insects, dust, even animal carcasses.

Mining for "blood phones"

Conflict mining doesn't just apply to diamonds. Key ingredients for making electronics, such as tantalum, tin, tungsten and gold, are found in abundance in the eastern Congo. Hundreds of Congolese men, women and children dig through mountains and river streams for even small bits of these substances, while facing threat of armed groups, who make millions off these materials. While no companies have been able to completely certify their products are 100 percent conflict-free, many are moving in that direction.

Content reviewer

You know the bad stuff on the Internet? No, the really bad stuff - images of hate crimes, child abuse, torture, executions? Internet content reviewers get paid to filter out such material from social networks and photo-sharing sites. Some companies that employ content moderators also pay for free counseling for their employees.

System administration

While system administrators often work from behind a desk or in an office, they're also very frequently tasked with jobs far outside the scope of office work. System administrators often receive panicked phone calls or emails late at night (or very early in the morning), and they often deal with users who complicate their jobs by not being entirely truthful about their activities. And especially at smaller companies, system administrators are the ones who clean and maintain equipment and must MacGyver problems by engineering solutions on the fly.

Building infrastructure

Those who build communications infrastructure are at risk of falls and injuries. Those who work in war zones like Iraq and Afghanistan? Add the very real risk of being shot or caught up in a bomb blast. At least five telecommunications contractors have been killed in Iraq and Afghanistan, though numbers are unclear, since most work for private contractors.

SOURCES

PC World
How Stuff Works
Yahoo!

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

AWS vs Azure vs Google. Which is best for Cloud Computing.? || techtalksgroup ||

Having taken over our daily communications almost entirely, the web is constantly evolving and expanding. With this continuous expansion, it provides you with more and more data which you consume daily. However, all the information that appears on the web, every like, subscription, tweet, downloaded video or uploaded vlog, making all of this possible requires a highly sophisticated computational process working behind it, constantly.

The smooth functioning of the web has more to it than just the computational procedure. Current web services operate through a solid and intricate network of RAM, containers, database engines as well as machine learning skills.

Importance Of Cloud Technology

Due to continuous technological growth and advancements, the demand for cloud computing services is increasing, too. It has become essential for individuals and businesses to have a better storage space with increased security and faster service. There is no doubt about the fact that Google has been ruling the internet with its search engine services. However, when it comes to cloud technology, Amazon and Microsoft are giving Google tough competition. Amazon offers the most-up-to-date mobile and web apps in the market, gaining a strong anchorage for itself in the market.

With these constant high-tech developments and changes, migrating to a cloud platform is not an expensive and time-consuming process for an organization anymore. With so many cloud providers in the market, business corporations are finding it extremely beneficial as they can have more options and services to choose from that are cost-effective as well.

Which Is The Most Cost Effective Platform?

Google stepped into the cloud market when Amazon Web Services was already an established cloud platform in the IT industry. AWS was relaunched in 2006 and has been offering advanced cloud services and products since then.

Just like Amazon Web Services and Google, Microsoft introduced Azure to establish itself in the cloud market. Presently, Microsoft Azure enjoys a bigger market share than the GCP and has been continuously working on developing and upgrading its level of services to the consumer.

Current Market Scenario

According to the latest study, Amazon rules the share market with a hold of a massive 34%. Amazon is followed by Microsoft Azure, which owns around 14% of the market share. Last but certainly not the least, we have tech giant Google Cloud holding a minimal percentage of the market share.

The apparent supremacy of Amazon in the market has, in turn, resulted in greater demand for certified professionals to manage cloud computing for organizations. As a result, AWS certification training is highly sought after by individuals as it globally verifies their cloud computing skills and increases their chances of landing up an ideal job.

Why Opt For Amazon Web Services (AWS)?

Amazon Web Services (AWS) is one of the leading cloud platforms in the IT industry. Amazon Web Services offers a wide variety of services including mobile apps, management, and other web developing tools. AWS offers products and services to perform storage operations and manage containers that assists an AWS certified developer to perform cloud operations more effectively and efficiently.

Amazon’s cloud platform is based on IaaS and consists of the following parts:

• Database management
• Networking and storage
• Computation Power

EC2 and S3 are the most prominent features of AWS and serves as a base for more advanced level services and products offered byAmazon Web Services.

Since Amazon offers the largest number of services, it is possible that you may find those services that aptly suit your organization’s storage needs and requirements. These applications help developers to design and manage advanced-level and highly scalable applications.

Ever since it was relaunched in 2006, AWS has been continuously working on making its cloud services more affordable than its competitor cloud platforms, Microsoft and Google. For those potential customers who are skeptical about migrating to AWS platform, Amazon has a free trial offer for such users.

As AWS is constantly modifying its services to meet the needs of organizations, it is becoming immensely popular and being adopted by many enterprises. These enterprises are currently in search of trained staff who can effortlessly handle their cloud operations.AWS offers various training programs for professionals to equip them to meaningfully contribute to their organization. Therefore, it is highly recommended to enroll in the right IT training program and earn an AWS certification if you seek career advancements.

Why Opt For Google Cloud Platform (GCP)?

Many experts opt for Google as it offers a wide range of products and services for cloud specialists. The most popular among these is the Google App Engine. With the help of Google App Engine, you can design various applications without working on multiple servers.

This app by Google takes care of building mobile applications as well as web applications efficiently. One factor that makes Google Cloud the first choice of many experts is that you can execute all computing operations by using the very hardware utilized by Google for its countless web services such as Gmail, Google Search etc. Moreover, services by Google Cloud also include supplying databases, networking as well as storage solutions.

Hence, you can find an all-inclusive solution for your IT operations and produce varied web services and apps. Despite the fact that Google provides fewer facilities and options comparatively, it still boasts a large clientele due to its comprehensive approach.

Google Cloud Platform lags behind AWS and Microsoft Azure in terms of the number of services and features provided. However, it offers the most cost-effective package for small businesses and start-ups. This package helps Google in winning the confidence of new users and clients and find a firm footing in the cloud market.

Why Opt For Microsoft Azure?

Microsoft Azure provides a platform to help professionals work on VMs. Similar to Amazon Web Services and GCP, you can adjust your computation power according to your system’s requirements here as well. If you need computing in parallel batch for your web services, Microsoft Azure takes care of it, as does Amazon AWS. Azure and Amazon AWS have to their credit the exceptional trait of providing the option of large scale parallel computing.

Since Azure does not offer a free trial package for new users, it is better that users first determine their cloud needs and choose only those services and products that would be beneficial for their cloud system. You might have to pay for additional services separately.

Conclusion

It is evident that Amazon, Microsoft and Google have their own strengths and weaknesses. While Amazon concentrates on the number of services and offers the largest number of cloud services, GCP on is known for offering services at a lower price Microsoft Azure tries to maintain a balance between its services, costing and features.

Before selecting a cloud platform for your organization, you have to first figure out your budget and your organization’s storage needs. It is better to first understand different applications and features these platforms have to offer. Then it will be easier for you to decide on the features and services which are really beneficial for your organization.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More

How Hackers Get Into Computers ..?? || techtalksgroup ||

Hacking has become an comman term now a days between the youngsters specially in newbies. They get excited by seeing the stuffs in some science fiction movies which shows them hacking by pressing the keyboards faster and within seconds the hacker get access to the computer. But thats not true..!! Hacking into someones computer or network require some sort of steps which should be follows these steps include:-

Casing the Target

Firstly identify the target in which you want to get access. It can be a computer in the network in which you are connected . Lets take an example, Suppose you are Colleges newbie and want to upgrade your attendance by getting access to the colleges main server computer, so for doing this you should first identify the  computer by knowing its IP Address. and you can get it easily if you are connected to same network.

Identifying Target Components

Now after getting the victims IP identify the component on which you are going to perform the attack, in short you have to scan for any port open and a service/software should be running on that specific port. After that scan for any vulnerability in that software which users that service through which you are performing the attack. Lets take an example:- You are connected in a network of 10 computer and you want to perform an attack on a specific computer which has a port 3389 open which is default port for RDP connection which is remote desktop connection then you will going to find the vulnerability in windows ( suppose you are going to attack windows os ) for RDP connection. Then after getting the vulnerability use standard tools to exploit it.

Obtain Access

For obtaining the access to the victims computer you should have the password of the victims computer profile which you can get by two methods either the victims trust on you, and he tells himself the password to you, who's chances are less or you can see him by entering the password, and the another method is to go for Brute Force Attack. and get the password.

Obtaining Privileges 

 After getting access to any of the profile of the victims computer, its your good luck that you might by-pass the most privilege profile  of the victim other if you get access to the normal profile of the computer through register keys you can get the password of the most privilege user easily.

So that's it. Hope you guys like it. If yes then please .. comment down below and do not forget to like follow and share our social media platforms.

 Facebook Page:- https://www.facebook.com/theprogrammer.harshit/

Website:- https://www.techtalksgroup.com

Instagram:- https://www.instagram.com/theprogrammer.harshit

Read More