Android phones using Bing search under threat

CERT-In has issued an advisory to Android smartphone users who use Bing as their search engine. The advisory says, "Arbitrary code execution vulnerability has been reported in Microsoft Bing for Android which could allow remote attackers to execute arbitrary code and install arbitrary APK (Android application package file) on Android devices."

The cyber security agency has classified the threat as “medium.” The agency further alerted the users that the threat could lead to a possible virus attack which could “compromise” sensitive information stored on the phone.

Microsoft Bing 4.2.0 and prior versions have been reported to be vulnerable to the attack. The agency has suggested users using Bing, to upgrade their Bing apps to the latest 4.2.1 version and also use an anti-virus app on their phones.

Giving more info on the vulnerability, CERT-In says, “a flaw has been reported in Microsoft Bing for Android which could trigger while handling DNS (Domain Name System) responses on a secure network. An attacker could leverage this issue to executing arbitrary code within the context of the application. Successful exploitation of this vulnerability could allow an attacker to install arbitrary APK files via vectors involving a crafted DNS response, leading to the compromise of the device and resulting in information disclosure.”

20 percent of Indians victims of phishing attacks: Microsoft survey

Microsoft's third annual Microsoft Computing Safer Index (MCSI) report has outlined that the online safety maintained by Indians is quite poor. The report stated that nearly 20 percent of internet users in India are victims of malicious attacks.

Microsoft released the report on February 11, which is also the International Safer Internet Day. According to MCSI survey, identify thefts and world wide impact of phishing could be as high as $5 billion. Apart from that, the cost of repairing online reputation is far higher at around $6 billion or an estimated average of $632 per loss. Microsoft reported that 20 percent Indians claimed to be victims of phishing while 12 percent claimed to be victims of online identity theft at an average cost of Rs 7500.

The MCSI survey, conducted between March and May 2013 asking consumers to share their online experiences for the last 12 months, measured the online safety behavior of almost 10,500 consumers in 20 countries including Australia, China, India, Indonesia, Russia, Singapore, the UK, and US among others.

Globally, only 34 percent of the users said that they limit the amount of personal information that strangers see on social networks. While 38 percent said they adjust their social network privacy settings, only 35 percent use a PIN (personal identification number) or password to lock their mobile device.

Microsoft suggested that consumers should visit its recently launched interactive site and see the ‘Do 1 Thing’ campaign. The campaign features important tips regarding online security and provides education and guidance on how to avoid online risks.

“The Internet touches our lives every day, whether we are communicating with loved ones, for work, shopping, and paying bills,” said Prakash Kumar, national technology officer, MicrosoftCorp. India Pvt. Ltd.

“But, how cautious are we about monitoring our online presence, and taking note of our own vulnerabilities? There are many things you can do to stay safer online. What is needed is to do just one thing, and we can all be much safer, together."

'Uncrackable' geographical passwords coming soon

Computer scientist Ziyad Al-Salloum of ZSS-Research in Ras Al Khaimah, UAE, has developed 'geographical passwords' for securing online data. The new 'geo' approach, uses users' ability to recall a favourite or visited place with relative ease, and then use that place's specific location as the access credentials.

The prototype system is developed by ZSS-Research to protect a system against known password threats. The developer says that conventional passwords are a security risk in the face of increasingly sophisticated "hacker" tools that can break into servers and apply brute force methods to reveal passwords.

"It's much easier to remember a place you have visited than a long, complicated password," argued Al-Salloum.

The geographical password system utilizes geographical information from a specific memorable location around which the user has logged a drawn boundary - longitude, latitude, altitude and other features form the geographical password. It could be your favorite holiday destination, your local park or any other geographical feature.

Once created, the password is then "salted" by adding a string of hidden random characters that are user-specific and then the geographical password is "hashed" together with the salted password. The system works even if any two users picked the same place as their geographical password since the behind-the-scenes password settings would still be unique to them.

"Proposing an effective replacement of conventional passwords could reduce 76% of data breaches, based on an analysis of more than 47,000 reported security incidents,” Al-Salloum wrote, according to eScience News.

Over the last few years numerous major corporations and organizations have been targeted by hackers. Recently Snapchat, LinkedIn, Microsoft, Twitter, Yahoo and others - have had their systems compromised to different degrees in spite of advanced security systems.

Source: ET

Firefox and Chrome vulnerable to cyber attacks: CERT-In

Cyber security experts have detected a series of several vulnerabilities in popular web browsers Chrome and Firefox, according to PTI.

Internet users in the Indian cyber space have been asked to keep a check on their systems. In view of these browsers prone to such virus-based activities, users have been advised to upgrade their versions on their workstations.

“Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird and SeaMonkey which could be exploited by a remote attacker to bypass certain security restrictions, disclose potentially sensitive information, gain escalated privileges, execute arbitrary code and causes denial of service condition on the affected system,” the Computer Emergency Response Team of India (CERT—IN) said in its latest advisory to online users in the country.

CERT-In is the agency to combat hacking, phishing and to protect security-related defenses of the Indian cyber space arena.

“The two web browsers are an important tool for Internet surfing among Indian online consumers. The anomalies have been detected recently and it would be advised that users upgrade their existing versions sooner than later. These activities are mischievous on part of hackers or they are harmful viruses,” a cyber security expert told PTI.

The agency in its advisory pointed that this inconsistency is caused "due to improper restrict access to ‘about:home’ buttons by script on other pages in Mozilla Firefox”.

“A user-assisted remote attacker could exploit this vulnerability using a crafted website or webpage. Successful exploitation of this vulnerability could allow user-assisted remote attacker to cause a denial of service condition,” the CERT-In said.

Similar issues have been reported in the popular browser offered by Google. “Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to cause denial of service condition or execute arbitrary code on the target system,” the agency said.

The advisory said that the maximum damage these vulnerabilities can cause include memory corruption, forced downloading of files and loss of information. Users have been asked by the advisory board to either use proper security patches (Mozilla Firefox) or upgrade their browsers with the latest version (Google Chrome).

The affected versions include “Firefox versions prior to 27.0, Firefox extended support release (ESR) versions prior to 24.3, Thunderbird versions prior to 24.3, SeaMonkey versions prior to 2.24 and Google Chrome prior to version 32.0.1700.102.”

Good to Know: Google's 'stay safe online' campaign launched in India

Google India has introduced “Good to Know”, a nationwide campaign to raise awareness around staying safe online. Google has tied up with the Digital Empowerment Foundation (DEF) and the Voluntary Organization in the Interest of Consumer Education (VOICE) for this campaign, which includes a series of online safety workshops that will reach schools, NGOs, consumer and industry groups across India.

The campaign is endorsed by the Computer Emergency Response Team (CERT-In) - the Government of India’s nodal agency that deals with cyber security threats; the Data Security Council of India (DSCI) and the Internet & Mobile Association of India (IAMAI).

To begin the Good to Know campaign, the Digital Empowerment Foundation and VOICE will hold a week-long series of educational events in New Delhi. This will be followed by digital literacy and online safety workshops in Pune, Kanpur, Guwahati and Lucknow. VOICE will focus especially on outreach to schools and NGOs across the country, teaching tips and tricks to help families become responsible digital citizens.

You can find more details about the campaign at Google's Good to Know website.

“Through the Good to Know campaign, we want to help equip millions of new Internet users coming online in India with the knowledge and tools needed to become responsible digital citizens. Internet safety begins with exercising meaningful choices when online, having an open conversation about it with our families, and teaching them the basics such as using strong, unique passwords and not sharing personal information,” says Chetan Krishnaswamy, Country Head - Public Policy, Google India.

"This Safer Internet Day, let's pledge to be responsible users of the Internet. This is an excellent initiative by Google, DEF, Consumer Voice and CERT-In to create awareness about the simple ways through which we can stay safe and secure online. I hope to see many more initiatives of this kind as an increasing number of Indians come online, especially the youth,” says J Satyanarayana, Secretary, Department of Electronics and IT, Ministry of Communications and IT.

'E-mail miles' tracks how far your email has travelled

Inventor Jonah Brucker-Cohen has developed a new technology which uses GPS and internet tracking to calculate the number of miles an email has travelled before reaching an inbox. The system tracks where a message was sent from and where it was received.

The system developer, Jonah Brucker-Cohen states that the system calculates the total distance between the two and displays it on the screen alongside a map. He stated, that he hoped it would remind people how quickly they can communicate today in a digital world, according to 'The Times.'

The system shows how indirect the route of emails can be. For eg, an email sent from New York to Dakar, Senegal, travel's 790 miles (1,271km) to a server in Chicago Illinois, and that went 2,163 miles (3,481km) to Mountain View, California; 1,699 miles (2,734km) to Dallas; 4,745 miles (7,636km) to London; and 2,718 miles (4,374km) to its destination - 12,115 miles (19,497 km) in total.

Brucker-Cohen said the system does all of its time and distance calculations using the internet and a 'coordinate mapping system.'

“When all of the mileage amounts are tallied, it adds them all and provides the user with a map, the countries, continents and miles the email travelled,” Brucker-Cohen said.

“The goal of Email Miles is to bring back the authentic nature of snail mail into something we now use daily as its replacement – email”, states Jonah.

“Email Miles is both a free and open source plug-in for standard email software such as Apple’s Mail and Gmail that scans outgoing emails and their destination servers for their Geolocation, calculates the distance in miles and countries and continents the mail has traveled and tags each incoming email with this info,” reads the FundAnything page of the Email Miles project.

How to install an Android app on BlackBerry 10.2.1 phone

With the most recent BB 10 OS update, BlackBerry has allowed Android apps to be installed on BB10 phones, directly via the .apk installer. The process isn't very complicated, but there are a couple of things you need to keep in mind.

With the 10.2.1 update, BlackBerry has added the ability to install .APK files, directly on the phone. For those of you who may not be familiar with the .APK file format, it is the setup package for an Android app (Just as .EXE is for a Windows PC). This is a massive development because anyone using any BlackBerry 10 device - Z10, Q10, Q5, Z30, etc., can now get access to a massive library of apps. This used to be possible through a long, convoluted process. It's much easier now.

Step 1: Find the .APK for your favorite app
While its 'happy news' to be able to install Android apps directly on a BlackBerry 10 phone, you need to be very careful of where you may be getting the .APK file from. Google Play does not allow you to download the setup files on another device. Whatever the source you come across, you need to be extra careful to check the user feedback on the quality of apps. With anyone offering .APK files on third party websites, there is the massive risk of security issues. There is a legitimate fear of malware getting into the phone.

An honest advice, don’t go too far and start downloading “cracked” versions of apps that are paid on Android, because that is not only a corrupt practice but also a massive security risk.

Step 2: Get that .APK file on to the BB10 device
Multiple methods of doing that. First, you could open the website that offers the download, directly via the browser in the phone. Secondly, you may plug the phone to the PC (or Mac) via USB and transfer the file to the phone’s internal memory and proceed to install from the storage on the device. A third, and personally my favorite method, is to use a cloud service like Dropbox and Box. The File Manager within BlackBerry offers support for certain cloud services, and you could just sync the file from the PC to the cloud and access it on the phone.

Step 3: Install the .APK on BlackBerry 10
If you downloaded the .APK via the phone’s web browser, the Downloads window would usually prompt you asking where to save the file. Just tap the file when it's done, and the installation should begin.

If you had transferred the file from PC via the USB route, you can find it from the File Manager; if you remember the exact folder you saved the file in. Alternatively, use the phone’s search capabilities by tapping the magnifying glass icon on the bottom of the home screen and type ".apk" in the search box. Once you have located the file in the search results, simply tap on the file to proceed with the installation.

Once the .APK of the Android app has been selected, it will start installing. There may be a slight “processing” delay, but that will depend on the file’s size in most cases. Along the way, you will have to accept the device permissions that are required for the app to run (there will be a prompt for that) where you will get the choice to accept or decline.

 

  

Step 4: Find the app
Once installed, even these Android versions will sit alongside the native BlackBerry apps. Swipe right or left in the app list to figure out where the latest install sits. You can easily move the app around to a spot you may find more convenient - simply tap and hold an app icon for a couple of seconds and then drag it around.

Step 5: Getting over a potential disappointment
Yes, BlackBerry says that some Android apps will run on BlackBerry 10. But do remember, since the OS isn’t Android, the experience may not always be perfect. Also, certain apps will not run. For example, any of those theme customization apps will not work on BB10. Also, some of Google’s apps like Hangouts and Gmail may not work smoothly (or work at all), since these apps require Google Play Services’ access, which BB10 obviously does not have.

Now, SMS alert after confirmation of waitlisted railway tickets

Soon, you will no longer have to dial the 139 or visit the railway website to check the status of your waitlisted ticket. Railways will now send ticket booking status messages to passengers on their mobile phones, if their tickets get confirmed before journey.

"Once the SMS-based service is operational, passengers will get the updated status of their wait-listed tickets automatically. Only those passengers will get the message whose tickets get confirmed,” a Railway Ministry official is quoted as saying.

Software for the SMS-based service is being developed by CRIS, the technological arm of Railways.

The new service is certainly going to benefit a number of passengers and also help reduce load on the government railway website.

It's notable IRCTC has already launched a facility to book tickets using mobile phones. To make ticket booking process easier, IRCTC has launched mobile apps as well. Read: In Focus: IRCTC App for Windows Phone 8

IRCTC recently launched e-wallet scheme, wherein users have an account with the IRCTC and have a sum already deposited that can be used for future tickets bookings.

Candy Crush and Outlook among top battery sucking apps: Battery Doctor

A recent study performed by KS Mobile, makers of the Battery Doctor app, found camera app Camera360 Ultimate as the top battery sucking Android app. Other popular battery sucking apps in the list are Microsoft's Outlook and the addictive game Candy Crush Saga.

KS Mobile tested which Android apps trigger a warning to smartphone users about their own battery consumption levels with the highest frequency. Camera360 Ultimate app which has nearly 180 million users world wide was the top app in the list. In second place was Microsoft's Outlook.com app. The app which has "8 different color themes to personalize your experience," is the reason for your phone's low battery.

The third and fourth spot is taken by EZ Weather Forecast and Widget and TV and movies app Viki respectively. Other Android apps on the list include walkie-talkie app Zello PTT, gaming app Temple Run 2, Imo free video calls and text. Games like Racing Moto, Fruit Ninja and Candy Crush Saga are also on the list.

KS Mobile says that users should practice "smart battery preservation." The reports suggest users should disable automatic time zones and clock updates; reducing the frequency of push notifications and turn the GPS off when not required. The report also says that users should charge their smartphone through a power outlet instead of a USB port.

Hyundai i20 WRC: Car Tech at Auto Expo 2014

Hyundai, just late last year, announced that they will be competing in the World Rally Championship on a full-time basis. And the car they chose for that is the standard i20 hatchback, and beefed it up for the rigors of rally racing and to bring it in line with the very stiff regulations that dictate the specifications of each car. Hyundai displayed the i20 WRC Edition at the Auto Expo 2014, and while we weren’t allowed to sit in it, there was still a lot to talk about.

The power comes from the Hyundai Motorsport turbocharged injection 1600cc engine delivering 300hp and 400nm torque. The fuel that this engine is designed to use is FIA approved, which is mandatory for WRC. The sequential 6 speed gearbox, with the power going to all four wheels.

The structure of the i20 WRC is the FIA-spec reinforced steel and composite fibre body with welded multi-point roll cage. Michelin provides the rubber for the car, with different compounds for different driving conditions - Pilot Sport for tarmac, A41 for snow/ice tarmac, X-Ice North for ice/snow gravel and Latitude Cross for gravel.

Aerodynamic components on the front and rear wheel arches have been redesigned to widen the body by around 10cm to maximize downforce. The front bumper is designed to maximize downforce and optimize the air flow to engine and brakes.

This is one car we would love to drive, considering the power to weight ratio would make this go like a rocket. Unfortunately, we cannot. But, we can certainly enjoy some pictures of this little beauty. And, the closest you will get to driving this beauty is in the Real racing 3 game on your iPad!

 


 

Government launches probe after Huawei engineers allegedly hack BSNL's network

The Indian government has launched an investigation after engineers of Chinese telecom company Huawei allegedly hacked BSNL's network.

Confirming the development, Minister of state for communications and IT Kruparani Killi said in the Parliament: “An incident about alleged hacking of BSNL's network by Huawei, a Chinese telecom company, has come to notice.”

According to reports, the government was informed about an October 2013 incident of unauthorised access to BSNL’s mobile towers in coastal areas of Andhra Pradesh. It was believed that hacking was conducted by the engineers of Huawei.

The investigation team is comprised of top officials from the National Security Council Secretariat, Intelligence Bureau, Union home ministry and BSNL. The probe team will be investigate into the alleged hacking and provide suggestions to prevent such incidents.

The investigation team will also look into possibilities if the incident was due to inter-corporate rivalry between Huawei and ZTE, which bagged BSNL's network expansion tender of about 10.15 million lines in 2012.

Almost two years ago, a Parliamentary panel had warned the government about increasing supply of hardware and software equipment by Chinese companies to the Indian firms. The panel had warned the government to consider USA's warning on dealing with Chinese firms.

Chinese companies Huawei and ZTE have strongly denied allegations of cyber espionage threats.

It's worth pointing out here several Indian telecom players have tied with these two firms for roll-out of their network. Aircel has tied up with ZTE for deployment of its 4G LTE network in India.

Google Maps for iOS and Android gets dynamic re-routing

Google has rolled out a new update for Google Maps (for Android and iOS) that alerts its users when a faster route becomes available. The new version can be downloaded for iOS from Apple's app store while Android users will get an automatic update.

The new update alerts users if a faster route becomes available while using the navigation feature in Google Maps. Users will get an automatic pop up on the bottom of the screen inviting the user to take the option. The message will be displayed for 30 seconds and if the user ignores it, it will go away. To accept the re-routing, users will have to tap on the screen and the route will change.

The update incorporates part of a technology from Waze, an Israeli-based mobile app that Google acquired seven months ago for $966 million. Waze gained popularity with its crowd sourced features and gamified navigation system that made the users route safer as well as faster whenever possible. The app had an ability to intelligently reroute users in the event of a traffic accident or other significant delays. Waze also provides real-time information on traffic and gives suggestions for short-cuts and stops along the way.

Google has been slowly adding Waze's capabilities to Google maps. In August last year, Google added the ability to receive real-time traffic information from Waze users on its Maps for iOS and Android and recently added Waze’s navigation data to help improve it's step-by-step direction cards while using Street View imagery.

Could this be the first Samsung Windows Phone 8.1 smartphone?

We love hunting for leaked devices and today its just our luck. @evleaks has yet again posted a smartphone image of what looks like a Samsung smartphone, codenamed ‘Huron’, which could be the company’s first Windows Phone 8.1 smartphone coming in the year 2014.

The smartphone shares the same design philosophy as the Galaxy S4, only with dedicated Windows home button and a Verizon branding on top. This means that the device could be running on Windows Phone 8.1 and head for Verizon in the US.

 

According to some leaked specs, the smartphone will either have a 4.3 inch or a 5 inch display with a 720p or maybe even a full HD 1080p resolution. Apart from that there will be a 13MP camera, a quad-core CPU and Adreno 305 graphics. While this does sound exciting, just earlier we heard that Samsung will be announcing the Galaxy S5 at MWC at an Unpacked event on the 24th of February. Hopefully we will get to see the Windows Phone running ‘Huron’ as well at MWC.