“Heartbleed” bug uncovering cyber-criminals

The Heartbleed bug has turned cyber criminals from attackers into victims as researchers use it to grab material from chatrooms where they trade data.

Discovered in early April, Heartbleed lets attackers steal data from computers using vulnerable versions of some widely used security programs.


Now it has given anti-malware researchers access to forums that would otherwise be very hard to penetrate.

The news comes as others warn that the bug will be a threat for many years.

French anti-malware researcher Steven K told the BBC: “The potential of this vulnerability affecting black-hat services (where hackers use their skills for criminal ends) is just enormous.”

Heartbleed had put many such forums in a “critical” position, he said, leaving them vulnerable to attack using tools that exploit the bug.

Source: BBcNews


IIT-Delhi open`s its doors for Public on “Saturday”

Ever wondered what the insides of a laboratory at the Indian Institute of Technology-Delhi looks like? How about wanting to see a robotics show or perhaps witness a mini quadcopter take to the skies? You’re in luck, for IIT-Delhi’s traditional “Open House”, where it throws open its doors to the good citizens of the city, is happening this Saturday.


“Almost all our laboratories, departments and research will be open to the public on this day. Along with over 500 projects that showcase innovations in engineering and technology, science and humanities, design and management,” said Prof. Joby Joseph, who is the “Open House” chairperson this year.

“This time, we have given special attention to design, and socially relevant and commercially viable projects,” he added.

“A lot of students have already confirmed their presence as we have some talks lined up along with the actual exhibition. Schoolchildren never fail to astound us with their questions,” said Dean of Research and Development Prof. Suneet Tuli, while revealing that their research funding had reached around Rs.106 crore this year.


Heartbleed bug security alert

There’s nothing users can do until the web services have made their sites secure. The best advice for web users to wait for few days and then change the passwords on the web services you use.

For websites, the fix-it involves installing software patches on computers in their data-centres, then swapping out the confidential software key used to secure messages and transactions.

Users will largely need to depend on individual sites to notify them about whether the flaw has been addressed. Many major web services, like Yahoo, have already released such notices.

It’s a good time to review your passwords in general and any kind of formula that can help you to be protected from these types of bugs.

The Heartbleed scare, even if it doesn’t turn out to hurt many consumers, is a reminder of the importance of password hygiene. Changing passwords occasionally is a good idea, as is using a different password for each site. To vary passwords, Seiden suggests choosing a formula that is a variation on a theme. Pick out a core password of a mixture of six letters and numbers that are not a word.

What’s the Heartbleed Bug?

The major flaw can essentially allow attackers to gain access to highly sensitive information, including credit card numbers, usernames, passwords, and other sensitive data.

The vulnerability allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging and some virtual private networks.

Read More: http://economictimes.indiatimes.com

Windows XP operating system’s Support ends Today

Support for the venerable Windows XP operating system ends this Tuesday. It means that there will be no more official security updates and bug fixes for the operating system from Microsoft.

Some governments have negotiated extended support contracts for the OS in a bid to keep users protected. Security firms said anyone else using the 13-year-old software would be at increased risk of infection and compromise by cyber-thieves.

Statistics suggest 20-25% of all users have stuck with XP despite the fact that there have been three major releases of Windows since its debut in 2001.


Some of those existing XP users have struck deals to get security fixes from Microsoft while they complete their migration away from the ageing code.

Anyone currently running Windows XP already faced a disproportionate risk of falling victim to malware, said Dave Emm, a senior research analyst at security firm Kaspersky.

Windows XP users topped the list of victims cyber-thieves targeted, said Maik Morgenstern and Andreas Marx from the German AV-Test group, which rates and ranks security software.

“Malware writers go for the low hanging fruits because it’s a lot easier to infect systems running on an old Windows XP operating system compared to brand-new Windows 8.1, with all its built-in security features,” they said.

“We think we will see a lot of attacks for Windows XP within the next few months, but attackers will also always add exploits for other Windows systems just to catch those systems as well.”


Source: BBC NEWS

NASA would develop a ‘GitHub for astronauts’

If you have studied rocket science, NASA would enable you to make your own space craft!
From April 10, the US space agency is set to reveal its enormous database highlighting where to find software for more than 1,000 of its projects.

NASA would offer a searchable database of projects,” Daniel Lockney, technology transfer program executive at NASA, was quoted as saying in a Daily Mail report.

We have collected a large amount of software projects, everything from design tools to robotic control systems, Lockney added.

NASA would develop a ‘GitHub for astronauts’ by hosting the actual software code in its own online repository, which will be found at technology.nasa.gov.

The data can be accessed free of copyright, but special clearance would be needed for anyone who wants to access projects like rocket guidance systems.

With this data, people could put together their own rocket.

One of the main goals of the database is to help develop technology that can be transferred to other sectors, the report added.

These data may even help hackers and entrepreneurs push their existing ideas in new directions – as well as help trigger new concepts.


Source : www.deccanherald.com

Virtual Currency Sales is now allowed on eBay

To promote a trustworthy marketplace and ensure compliance with applicable regulations, eBay updated its Currency Policy in February. The updated policy clarifies that listings for Bitcoin and other similar virtual currencies must be listed in the Virtual Currency Category in the Classified Ad format. In terms of mining gear and mining contracts, those can be listed as auction or Buy It Now.


eBay, & PayPal, has added a new Virtual Currency  to their sales site, allowing users to sell virtual currency like bitcoin, as well as miners, and mining contracts.


The category is sparsely populated right now and the listings are all classified ads, suggesting that eBay wants buyer and seller to hash out their sale outside of the company’s jurisdiction, thereby reducing risk of become liable for scams and fake sales.

The company has been moving into digital sales over the past year but has long held a no-nonsense policy against digitally downloaded items. One listing for dogecoin, for example, notes that the cryptographic keys to the currency will be sent, presumably on a thumb drive or hard copy, via USPS or UPS rather than via email, something eBay has long frowned upon.

The category is so scattershot and clearly new that there is no telling just how this will change eBay’s policies towards digital items. Considering bitcoin is a direct competitor to PayPal and recent patent filings have shown eBay is working towards a type of crypto currency for its users, it makes sense for them to test the waters in this way. I’ve reached out to eBay for comment and will update when they respond.

Source: TechCrunch


Is Firefox’s future under threat?

The survival of her company, which pledges to make the web a better place, is at the mercy of one of its main competitors, Google.

If you haven’t heard of Mozilla, you almost certainly know – and perhaps use – its most famous product: the Firefox browser.

Since 2002, it has been steadily gaining market share against Internet Explorer (IE), Microsoft’s pre-loaded, oft-criticised equivalent.

It now has about half a billion users, a huge number of which are evangelists for the software. Many even help create it – it is one of the largest open-source projects on the net.


Google likes this. So much so, they pay Mozilla millions of pounds every year to secure a piece of prime real-estate on Firefox’s default homepage encouraging users to perform a Google search.

This investment is believed to represent about 85% of Mozilla’s entire income.

Mozilla loves that, no doubt, but can they trust it?

Mitchell Baker, Mozilla
Mitchell Baker tells the BBC it is important for Mozilla to diversify its income
“If for whatever reason the Google deal wasn’t renewed, it would be difficult,” admits Ms Baker in an interview with the BBC.

“We have a good amount of retained earnings, and we manage it that way so that we would have a long period to adjust, but that’s not the situation you want to be in.”

Why would Google pull out or scale back its contribution? Well, unlike in the past, when Firefox was the only real competitor to IE, the browser war is now a three-horse race. For Google, with its highly popular Chrome browser, Mozilla has gone from being a partner, to one of its competitors.


Source: BBC News