The FBI recently announced it had figured out how to crack into the security of the San Bernardino terrorist’s iPhone, and now Apple desperately wants to find out how the feds did it.
The Department of Justice officially withdrew its case against Apple, saying it no longer needed help from Apple, as it had secured assistance from an unnamed third-party, The Los Angeles Times reports.
But now, Apple is panicking at the prospect its iPhone 5c can easily be breached by outside parties at seemingly the drop of a hat. The FBI is totally uninterested in responding to Apple’s pleas, especially given the fact that Apple CEO Tim Cook said he would fight the DOJ every step of the way in court. That sort of no holds barred opposition from Apple has not engendered much support in the federal government.
“One way or another, Apple needs to figure out the details,” Justin Olsson, product counsel at AVG Technologies, told The Los Angeles Times. “The responsible thing for the government to do is privately disclose the vulnerability to Apple so they can continue hardening security on their devices.”
End-to-end data encryption on WhatsApp will no doubt endear the service to users who mind so much about their security and privacy, but not with governments that are struggling to battle the growing threat of terrorism. If one of them isn't, group chats will be unencrypted.
Let's explain this in WhatsApp's own words.
He added that the latest version of the app will encrypt every call, message, photo, video, file and voice message that is sent on the platform by default, including group chats.
WhatsApp's use of encryption has already caused friction in Brazil, where authorities recently arrested and then released a Facebook Inc. executive after the company said it was unable to unscramble a user's encrypted messages.
Now, WhatsApp has made a decision to take a major stand against both law enforcement, cybercriminals, and hackers.
'Do not take companies promises to keep your data safe seriously, even if Whatsapp means well, this article highlights details on WhatsApp end-to-end encryption that everyone else is afraid to tell you, ' he writes.
Jan Koum, WhatsApp's co-founder, who grew up in Soviet-era Ukraine, said: 'The desire to protect people's private communication is one of the core beliefs we have at WhatsApp and for me it's personal. However, WhatsApp claims the actual content of the messages is not held on the servers at all. WhatsApp started rolling out its end-to-end encryption feature.
The Criminal Procedure Code in Singapore requires technology companies to disclose information, or any codes they may have to unlock locked or encrypted information.
Yes, that's good news for those indulging in sending across images of their nether regions. But there's a downside to the encryption business too.
Der Spiegel notes that end-to-end encryption is only available if all the participants in a conversation are using the latest version of the software. Koum and Acton have touched upon this topic also. But it also underscores the way the growing availability of encryption to consumers is expanding the scope of the debate over how law enforcement should deal with data secured by the technology.
Is end-to-end encryption as foolproof as it’s cracked up to be?
It's a catch-22 situation.
The FBI and the Justice department didn't comment on this new action from the company, but it has been noted that WhatsApp's services were used to facilitate certain criminal acts, such as the Paris attacks previous year. That means even if someone cracks one key they will most probably get only a part of the conversation and cannot use that key to decrypt the rest of the messages in that conversation. Closing the system lets terrorists run amok.
In recent months, Mozilla developers were actively improving and modifying the user interface associated with security and privacy in the Firefox browser. The screenshot shows the changes that have affected output of notifications in the browser address bar.
The first change, which draws attention, is bringing the same general appearance of icons for sites protected by DV certificate and the EV certificate. Historically, in Mozilla Firefox padlock icon for sites protected by DV-certificate was somewhat different in their color theme from the same icons for sites with EV-certificates, which raised many questions from poorly informed user. In the updated version, all inconsistencies were eliminated - icons of locks have become the same.
Changes also affected the sites where the mixed content is loaded. As seen from the screenshot, notice of it have been revised and become more understandable.
Thanks to the new design improvements, users now are able to determine whether to trust the site or avoid it.
Google Chrome also was actively improving. Browser developers are planning to notify their users when the page of the site is insecure (http). Going forward, Google Chrome will mark all unencrypted sites padlock icon with a red cross in the address bar. For this purpose, Google Chrome will mark all padlock icons of unencrypted sites with a red cross in the address bar.
Google makes it clear that the web moves to the full transition to https. Many large companies and organizations supported the initiative, named «Encrypt All The Things», the essence of which boils down to the abandonment of traditional, less secure HTTP protocol and transition to HTTPS.
Google announced plan for a full transition to HTTPS back in 2014. At that time one of the Chrome Security Team members suggested to mark all HTTP-sites as "unsafe".
This change will bring more attention to sites that could be potentially unsafe.
It is currently remains unclear whether marking all HTTP-pages will be implemented by default in Google Chrome. However, now you can test it by typing in the browser "chrome: // flags" and selecting «mark non-secure origins as non-secure».
Today several Windows user has reported that their system has been infected withand as a result they have become unable to access their files as well as its data in its original format. Generally it infiltrates targeted computer when user click or download infectious attachments come from unknown sources. You must know that it is one of the severe Ransomware that can affect Windows based system completely and make your files like .jpg, .mkv, .mp3, .doc, .xls, .gif etc and make them encrypted. In order to make data inaccessible it uses AES 256 encryption algorithm and it can not be decrypt without unique key. After being installed on the targeted computer Petya Ransomware will download Zemot, CMSrute and other malware infection without taking your approval. Apart from that it is also possible that you may face several unknown applications and programs to ruin system performance in complete manner.
After being infected with Petya Ransomware, user may find unknown and unwanted message on the computer screen because it install on txt file inside the encrypted folder. Due to this README.txt file you may receive ransom note on the computer screen saying that you files on the disk has been encrypted and you have to pay money in order to get back your files in its original format. Sometimes after getting such messages innocent users get scare and pay the demanded money. But the bad news is that even after paying money situation remain same and still files are encrypted. Therefore it is advised that not to do as it says and mustfrom the computer as soon as you can.
This past weekend security researcher and “artful hacker” Mike Olsen discovered that surveillance cameras he purchased through Amazon were embedded with malware. Olsen had purchased the USG Sony Chip HD 6 Cameras, marketed as “Affordable High Definition CCTV Video Surveilance” to provide outdoor surveillance for a friend’s home. In keeping with the marketing pitch, he thought the 6 cameras and recording equipment were a good deal.
In a blog post, Olsen describes how he received the cameras and experienced trouble as soon as he tried logging into the administrator page to configure the system. “First of all something seemed a bit off, the interface showed the camera feed but none of the normal controls or settings were available.” Since Olsen is a software engineer, he began to investigate the underlying CSS code of the page which is supposed to contain the camera’s settings. He thought a simple flaw was hiding the settings he required to configure the surveillance system. Instead, he found an iframe emedded linking to a suspicious website.
The website in question was brenz.pl which has been associated with distributing malware for years. Accordingly the site was being used to distribute malware as far back as 2009. Since this surveillance system has the malware link embedded in its administrator page, malware targeting the system could potentially be used to steal data from the device or infect the user’s computer in other ways.
The method of infecting users with malware by hiding it inside devices is not wholly unexpected, though most of us would expect a purchase from Amazon to be relatively safe. In this case one of the people who purchased the device, Mike Olsen, had the necessary skills to uncover the problem with the device. As more people integrate internet-connected devices into their homes, more cybercriminals will use it as an opportunity to compromise home networks.
What is Swift?
Swift is Apple’s new programming language, which has been in development for the past four years and which looks to replace Objective-C as the main language for app development on Apple’s platforms, OSX and iOS.
It’s a major departure from the syntax of Objective-C and takes a lot of cues from other languages, such as Haskell, C#, Ruby and Python, which Apple presumably hopes will make it appealing to bright young coders, keen on modern languages.
Although it’s a major departure, Apple have taken a lot of trouble to make the transition to Swift as painless as possible. It is fully binary compatible with existing Objective-C libraries and maintains a close relationship with the Cocoa frameworks.
That means that developers can introduce Swift into their apps at their own pace, by writing discrete modules that should seamlessly interoperate with their existing Objective-C code.
What are the improvements around Objective-C?
In Swift there is no need to annotate variables with type information as the compiler can infer type based on the value a variable is being set to. Due to the dynamic nature of Objective-C, type is not truly known at compile time because methods may be added to existing classes, entirely new classes added or instance type changed all at runtime.
With Swift, the compiler can be more helpful in catching subtle type related bugs. As the compiler knows more about type in any method call, it can optimise certain call sites and jump directly to the implementation using C++ style vtable dispatch, rather than going through dynamic dispatch as in Objective-C. This enables smart optimisations that can make code run faster.
The humble switch statement has undergone a radical overhaul in Swift and can now match against ranges, list of elements, boolean expression, enums amongst others. It doesn’t fall through by default, and is further enhanced by Swift’s flexible pattern matching.
An optional type is a type that might contain a value of a type. It allows you to more easily convert between types and avoid null checks. Optionals can be chained together to protect from exceptions when calling multiple methods or properties in a chain where one call might return “nil”.
Strings are now easier to deal with in Swift, with a cleaner syntax than Objective-C, eg: concatenate strings using “+=“.
Here are three tips that can help in the selection process of a developer:
1. Hire for DNA first, then work experience.
When I hire web developers, their personal DNA is the most important consideration. While experience is important, the bigger predictor of success is someone's innate DNA and how it fits your company. Are drive, determination, persistence, curiosity, important to you culture? Or, are you more low-key and relaxed about time management and deadlines? Whatever characteristics make up your culture, you want to ensure that the web developer will fit in.
For example, a brilliant web developer who has worked at a large financial institution may not do well at a startup. Why? A startup typically requires traits like versatility, adaptability, risk-taking and a self-starter personality, but these may be less important at a large company.
So, make a list of your company's DNA requirements. Do you foster an environment of relentless drive? Do you want great team players? If you come up with five requirements, make sure the interviewee matches at least three. Hiring for DNA also can help you to start to define a company culture and ensure that your team will work well together.
Of course, it's easy for some people to fake it in an interview, so you may need to evaluate them in other ways to ensure they're a good fit.
2. Try out a new developer with a small project first.
Although you might think you've identified your ideal candidate, just to be sure you should give him or her a small, non-critical project. That can let you observe the person in action and provide additional information beyond the job interview.
You can see how efficient the candidate is in delivering products and how buggy the final product is. Did he or she go above and beyond to get the product delivered? How creative was the solution? How well did he or she work in a team and communicate problems and delays?
3. Pick a developer with aptitude, not a particular skill set.
In the tech space, skills become obsolete every two years, give or take. So, it's better to hire a web developer who can learn new technologies easily rather than someone who knows a specific technology now but may not adapt when a new one comes along.
So now this is the list how traditionally people test their framework, but can you afford this, and off course issues will be there, so will be the errors, but yes of you still believe in erasing than backspace, probably the article would interest you.
A Paper and Pencil
Paper and pencil you say? The most powerful and dirt cheap of usability testing tools says I! The reality is using a paper and pencil to draw interfaces, wireframes, and cards for card sorts and a host of other usability mechanisms is an extremely fast, extremely effective way to conduct usability testing.
Paper and pencil are amazingly simple to use, communicate quite effectively, are so low cost you probably have them all over the office and home, and are just about as cheap as dirt.
You can’t go wrong using paper and pencil to help conduct early prototype usability testing, it’s a great way to get quick, fast and meaningful results at a rock-bottom price.
Pros – Cheap, fast and extremely effective
Cons – Early design stage testing only, not for use in testing interactio
Concept Feedback was and is designed as a way to gather input and feedback from experts about new designs for marketing or advertising purposes. However, this tool can be used by web site designers and usability researchers to gather information about potential new web site designs, or interfaces.
It works quite simply, you submit your concept to the expert community, and reviewers provide their suggestions, recommendations and input about your design. You then judge the quality of their responses by taking into consideration each reviewer’s quality score, higher scores mean more people consider this reviewer an expert, which means their advice might be worth more.
This community of experts is available free of charge, and because each reviewer can be graded by others it offers a means to determine the quality of each opinion you receive.
Cons – From a usability testing perspective the reviews are not conducting actual tasks (they’re viewing an image), which means interaction feedback is not possible. In addition, there’s no guarantee the reviewer’s opinions reflect the actual user experience once the site is live.
The results can be disastrous, ranging from bruised feelings to tens (or hundreds) of millions in lost sales. Whilst creating an intentional reputation monitoring/management plan ahead of time is certainly optimal, usually by the time we get the call the business is already bleeding profusely. We have successfully listed our views:
Useful tips, when you have a remote team to push the online reputation of your web application.
1. Be Available
Communication is the ultimate key to collaboration. More often than not, communication is nothing more than a simple question, a clarification, or a request for information. In a real office you would tip your head over your computer and simply speak to a colleague, but in remote teams it can be hard to determine if somebody is available, and in most cases, you’d likely forget about it and try to find an answer by yourself.
2. Prepare Your Messages
Because we’re not having face-to-face conversations, and even more so because of time zone differences, we can receive responses to our communications hours later. Always offer the correct information and be clear about what you’re saying or asking; too much information is better than not enough information. Send images, code examples and source files to supplement your messages.
3. Communicate When Necessary
Like I said, communicating takes you away from actually doing work. Don’t use your core messaging app to chit-chat all day, and only ever include others in the conversation when it concerns them. Other team members don’t want to be CC’d into every email, every response and every sub-comment connected to it.
4. Schedule Non-Work Related Hangouts
Working remotely can be lonely and it’s totally natural to want to engage in some normal, work-unrelated banter. However, it can be terribly counterproductive to open up the core dialogue to free discussion. Instead, schedule some time on Google Hangouts or Skype (at certain intervals in the day) to facilitate free, healthy discussions. It’s a bonding moment for the team too.
5. Use Apps That Make Communication Productive
Slack has made a significant impact on the future of team communication. Some, however, have said that the “always online” approach results in far too much communication and day-long meetings. I don’t think that’s Slack’s fault, but there certainly are drawbacks to look out for.