Category Archives: Technology

Grammarly’s chrome extension bug puts user’s private data at risk

Google’s Project Zero team identified a security bug in Grammarly’s chrome extension which leaves user data exposed for exploitation. In a latest update on the bug, Grammarly has fixed a security bug on Monday.

Tavis Ormandy, a security researcher at Google’s Project Zero identified this bug. Project Zero is a security team at Google which works on identifying vulnerabilities.

Ormandy categorized this as high vulnerability bug and said, “I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations, because users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites.”

More than 22 million users across the world use Grammarly as a Extension or add-on to check the spelling and grammar online.

Ormandy has already filed a bug report on Friday which has a 90-day disclosure deadline. He has explained a POC code in his report which explains how the bug can be used to retrieve the authentication tokens to all websites the user has visited. Authentication tokens can be used by any websites to gain access to user’s documents, history and other data.

Grammarly thanked Tavis and Google Project Zero team in a tweet on Monday while releasing the fix on Chrome Web Store and Mozilla within few hours.

Latest Updates for Chrome and Mozilla:

Updates
Source: Chrome Web Store, Mozilla Official Website

 

 

 

Cisco VPN bug rated 10/10 on severity; Patch it immediately

A warning has been issued by Cisco to its customers who are using its Adaptive Security Appliance (ASA) software to patch a dangerous VPN bug that a researcher will be revealing how to exploit this weekend. The bug was reported by NCC Group security researcher Cedric Halbronn, who will explain how he exploited the flaw in Cisco’s AnyConnect/WebVPN on ASA devices.

Cisco Warns Customers

As per Cisco’s advisory, Cisco’s ASA operating system for its network security devices has a severe double-free vulnerability in the Secure Sockets Layer VPN feature. The vulnerability can be exploited by using specially crafted XML packets. As a result of that attacker can gain full access to the system. Cisco warns that the unauthenticated attacker can cause a reload of the affected system or remotely execute code.

The bug — CVE-2018-010 — has been given a Common Vulnerability Score System (CVSS) score of 10 out of a possible 10 due to the fact that it’s easy to exploit, the impact could be worse.

However, ASA devices are only exposed if the webvpn feature is enabled, it notes. Cisco has provided instructions for admins to see if the the webvpn feature is enabled.

Vulnerable Products:

Cisco released FTD 6.2.2 which was the first one to support remote access VPN. The bug applies to FTD 6.2.2 and Systems with major release FTD versions before 6.2.2 aren’t vulnerable.

Below systems are vulnerable.

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches
  • Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance,
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module, and Firepower Threat Defense Software (FTD).

Release Updates for fixes

Cisco has released free software updates that address the vulnerability described in this advisory and also has provided instructions for admins to see which versions of ASA and FTD they’re running. Cisco advises customers to migrate to a supported release to receive the fix. The detailed affected releases and the release which customer should migrate to are given on Cisco Website in tabular format.

Researcher

NCC Group researcher Cedric Halbronn worked on the POC to exploit a pre-authentication vulnerability in Internet Key Exchange (IKE)v1. NCC Group has made detailed information available about the research

Aadhaar data being sold for just ₹500; Probe begins

As the deadline for linking Aadhaar with financial services and other services is nearly approaching, a new report in “The Tribune” suggests a serious data leak of a billion users’ Aadhaar data. A service is being offered by an anonymous agent over a WhatsApp group, which is providing an unrestricted access to Aadhaar data of over a billion Indian citizens, The Tribune reported.

A group running this racket reportedly created a Gateway and allowed The Tribune team to access the Aadhaar data of any citizen which includes Name, Address, Postal Code, Photo, Phone Number and an email. All of this for mere a ₹500 which were transferred to an agent through Paytm. Moreover, printing of Aadhaar card was facilitated for the Tribune correspondent posing as a buyer by providing ₹300 more.

UIDAI reaction

Sanjay Jindal who is an Additional Director-General at UIDAI Regional Centre in Chandigarh affirmed that no one except Director General and himself should have access to the portal. UIDAI responding to the report claimed that there had been no data breach and reaffirmed that the data is safe and secure. However, UIDAI accepted that the search facility was provided to the designated personnel and state government officials as a part of grievance redressal facility which is being misused to gain illegal access to Aadhaar data. UIDAI specified that the biometric data is still secure and the grievance redressal system gives away limited details of Aadhaar.

UIDAI clarified that Aadhaar number is not a secret number and can be shared with authorized agencies whenever a Aadhaar holder wishes to avail certain services.

Privacy of billion users at risk

While BJP calling the breach a fake news and UIDAI continue to be denying the claims of unauthorized access, a FIR was filed by UIDAI in this data leak case. It raises questions over the security of one of the largest personal data of Indian citizens. Reports suggested that the groups were created on Social Media to provide Aadhaar Services for a nominal ₹500 which were believed to be using Village-level-enterprise operators under Common Service Center scheme. UIDAI claimed that it maintains the traceability logs and will be able to track down the misuse. An Investigation has already begun to look into this which is certainly a major national data breach.

 

 

WhatsApp will end support for these phones and operating systems

WhatsApp is the most loved instant messaging and Voice over IP (VoIP) mobile messaging application in today’s time. It’s unbelievably gaining popularity since its inception in January 2009. It has more than over one billion user base by February 2016, which is growing year by year.

The features updates are obviously exciting for the users but there is a bad news for WhatsApp users. In June 30, 2017 it has stopped support for Nokia Symbian S60. As per an official blog, WhatsApp is going to suspend support for older platforms from 2018 onwards. WhatsApp is looking to extend its feature set further in 2018. As per compliance issues, it will stop working on ‘BlackBerry OS’, ‘BlackBerry 10’, ‘Windows Phone 8.0’ devices. The App operations are ceased for Android 2.1 and Android 2.2, BlackBerry OS and iOS 6 operating systems.

Here is the List of outdated platforms that would no longer support WhatsApp.

whatsapp

Obviously, this amendment would make some of the WhatsApp users’ unhappy. But no need to panic, simply update the OS and continue using the App. Though, people using older phones that are in exclusion list will be disappointed as they need to get a new device in order to enjoy the services. People who own BlackBerry 10, the Nokia S40, Windows Phone 7, and the iPhone 3GS handsets also need to up to date with your mobile phones. the older operating platforms needs to be updated to newer versions Android OS 4.0+, iPhone, iOS 7+, or Windows 8.1+. Some of the features might not work for these platforms. However, creation of new accounts on the older devices will not be allowable.  In 2019 Nokia S40 Android will also be unsupported by WhatsApp. Also, Android versions 2.3.7 would stop working after 2020.

Jan Koum, a Ukrainian-American internet inventor launched the initial versions of WhatsApp with his companion Brian Acton. You will be stunned to know that Jan was born in a poor family in the Ukraine. Even he was deprived of basic necessities like shelter, food, electricity water. He and his mother earned the livelihood by babysitting and floor sweeping. Koum worked with Yahoo for nine years from 1997 to September 2007. He incorporated WhatsApp Inc. in California on February 24, 2009. Now, his estimated worth is more than $7.5 billion and is recorded among the 400 richest Americans at position 62 in Forbes list.

Initially 70% of the smartphones were BlackBerry and Nokia OS, now the proportion has varied, most of the smartphones now are supporting Google, Apple, and Microsoft OS.  It has been 9 years since the initial version of WhatsApp Messenger had been launched. Along with the changing smartphones era the app is also upgrading and making upgradations. You can send text messages, voice notes, images, media, documents, and user location. It also allows you to make voice and video calls. To register for a WhatsApp account, you must have a standard cellular mobile number. In 2017, WhatsApp added end to end data encryption feature. Initially, it allows communicate with other users individually or in groups of individual users. In 2017, it also announced to provide customer service to users at scale. In the forthcoming years the feature set is expected to expand even more. A lot of security features are expected.

 

Apple Apology over battery drain; discounts on replacement

Recently, there has been lot of concerns on twitter, Facebook complaining about the iPhone battery life post-upgrade to #ios11. Apple in a press release on Thursday acknowledged the issue and addressed the customer concerns

Updates

Apple released iOS11 to the public on 19 September 2017 and it became available for download.  iOS11 release was identified with a bug which forced Apple to release iOS 11.2 on 2nd December 2017. Some of the features of iOS 11.2 include Apple Pay Cash (only in US), 7.5W wireless charging for iPhone X, 8 and 8 plus.

Battery Life concerns

A mobile security firm, Wandera carried out a monitoring of heavy to moderate iPhone and iPad users having iOS 10 and iOS 11. Analysis of these activity found that devices running iOS 11 ran out of battery in 50% lesser time than that of iOS 10.

What is causing battery drain

Wandera suspects that it is partly because of the Spotlight re-indexing that happens after an upgrade of iOS. Apple initially thought it is the performance impact because of the background installation of fixes and new software and updates of the apps. However, Apple now believe that the major contributor to the battery drain is chemical aging of the batteries in older devices.

battery

Apple explained about the possible factors that might affect the chemical aging of the batteries. It can reduce the ability of battery to hold charge for a longer time. Apple released a support article for their customers to understand the Performance of iPhone batteries.

For the Apple customers

While appreciating the loyalty and trust customers showed in their product, Apple announced updates addressing the battery life concerns

press

Mumbai gets India’s first AC EMU train

After a couple of years of trial runs, India’s first Air-conditioned EMU train hit the track for it’s maiden run on a Christmas morning. Before it’s inaugural run, Western Railway conducted a final test run for important officials of Western Railways and it was given a green signal for India’s first EMU (Electric Multiple Unit) train. This train was brought in Mumbai on 4th of April 2016.

Below features of this train give hope of easy travel to everyday commuter

Capacity: It has the capacity to carry 1,028 sitting and total of 5,964 passengers.
Emergency Services: It has Talk back facility at each doorway for Emergency purposes and also traditional chain system have been replaced with LED based coach identification system for door malfunctioning and chain pulling.
Comfort: Trains have been built with Air Suspension system which could reduce a bit of your back pain. Luggage racks are modular with transparent glass which is good. Coaches are comfortable made up of stainless steel with straight side walls.
Security: Similar to local trains, AC trains will also have RPF constables in each coach


aclocal

  • First and twelfth coaches are reserved for Ladies
  • Second and eleventh coaches have 7 seats reserved for Senior Citizens
  • Fourth and Seventh coaches have 10 seats reserved for physically disabled passengers

How frequent the EMU will run?

Each day this train will have 12 runs on Western Line of Mumbai Railyway except weekends. Eight of these will be running on fast lane between Churchgate to Virar with halt at major stations – Mumbai Central, Dadar, Bandra, Andheri, Borivali, Bhayandar and Vasai Road. Three of them will run on the same fast lane from Churchgate but only till Borivali.
Rest of them will be running between Mahalaxmi to Borivali with halt at all stations.

How much will it cost?

Western Railway published the fare chart for the much awaited AC local to be effective until 29 December. As per railway officials, Base fares will be 1.3 times that of the first-class fares for single journey tickets. Surcharge of GST will be added on Base Fare. As a discounted offer for first six months, base fare will remain at 1.2 times of first-class base fares. MUTP surcharge for card ticket holder is Rs 6 for a journey between 11-150 kilometres

 

Watch Out: Adidas is bringing you one of the most innovative sneakers this December

Adidas has always been a front-runner when it comes to technology innovation in footwear manufacturing. Adidas is taking a major leap in the innovation by introducing a new line of sneakers created based on Futurecraft 4D technology. It will be the world’s first high-performance footwear which are being manufactured through Digital Light Synthesis process.

So, what is Digital Light Synthesis Process?

Digital Light Synthesis process is pioneered by Carbon, a tech company based out of Silicon Valley which majorly works in the field of creating different products by combining the power of Molecular Science with Hardware and Software. In 2015, Carbon published a breakthrough technology research paper in one of the most prestigious journal, Science. In this research paper, Carbon demonstrated an innovative technology called CLIP (Continuous Liquid Interface Production). Need for this technology emerged due to the long hours required for creating products using traditional 3D printing. While traditional way of 3D printing remains a relatively low cost process, it has to go through multiple additive cycle for consistent printing layers.

Digital Light Synthesis is based on this breakthrough technology called CLIP. The most important part of this technology is the “dead zone” created by oxygen-permeable window when ultra-violet images are directed onto it. This dead zone allows the continuous liquid interface of polymer resins to the printer which enables it to print products with even the minute details and consistent layer.

Why Adidas is adapting this technology?

In past few years, Adidas has been figuring out 3D printing in its manufacturing process. Adidas is a global player in the footwear industry focusing on the athlete needs and reinventing itself from time to time. Due to its inconsistency in products layers and the relatively higher production time, traditional 3D printing is never going to be enough to create footwear at a mass scale. Adidas with a strategic partnership with Carbon aims to achieve what could be the most innovative approach of manufacturing in the footwear industry. Carbon’s CLIP technology reduces the design time and aims to achieve the faster design-to-product cycle time.

When is it coming out?

In December 2016, Adidas released few Futurecraft 3D printed sneakers in a limited-edition format. Adidas plans to continue the innovation in the Futurecraft concept with release of 5000 pairs based on Futurecraft 4D technology in December 2017. Adidas is targeting 100,000 pairs sale by the end of 2018.

As the excitement builds up, let’s have some of the gorgeous shots of this sneakers