Firefox 53 Introduces Quantum Compositor, Reducing Browser Crashes

Mozilla released its Firefox 53 update on April 19, introducing a new browser engine and patching 39 vulnerabilities in the open-source web browser.

The new browser engine technology in Firefox 53 is known as Project Quantum and is a multipart effort to accelerate and improve the web browsing experience for users. The Project Quantum component included in Firefox 53 is known as the Quantum Compositor; it is designed to help reduce the number of browser crashes due to graphics issues.

With the Quantum Compositor, graphics rendering is now done separately from the main Firefox process. Mozilla’s early testing for the Quantum Compositor found that it reduces the number of browser crashes by 10 percent.

“The compositor determines what you see on your screen by flattening into one image all the layers of graphics that the browser computes, kind of like how Photoshop combines layers,” Nick Nguyen, vice president for Firefox at Mozilla, wrote in a blog post.

 

Firefox 53 also introduces two new user interface themes. The Compact Light theme provides users with a more compact, smaller user interface using the default Firefox color scheme. The Compact Dark theme also has a compact user interface, but it provides a darker color scheme for night browsing.

Security Updates

In addition to the browser improvements, Mozilla patched 39 security vulnerabilities in the Firefox 53 update. Of those 39 vulnerabilities, seven are rated by Mozilla as being critical.

As with nearly all Firefox updates, one of the critical vulnerability updates deals with memory safety bugs.

“Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code,” Mozilla warned in its advisory.

Among the other critical vulnerabilities patched in Firefox 53, two are use-after-free (UAF) memory vulnerabilities (CVE-2017-5435 and CVE-2017-5433). Two other critical vulnerabilities are out-of-bounds memory errors (CVE-2017-5436 and CVE-2017-5461), plus there is a critical buffer overflow issue (CVE-2017-5459) that has been patched.

Beyond the critical issues that Mozilla fixed, it also patched three sandbox escape issues (CVE-2017-5454, CVE-2017-5455 and CVE-2017-5456) in Firefox 53 that are rated as having high impact. The Firefox sandbox is intended to restrict the ability of a given process to access areas of a system outside of the process sandbox.

“A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths,” Mozilla warns in its advisory. “This allows for read only access to the local file system.”

 

via:  eweek


Save pagePDF pageEmail pagePrint page

Microsoft to shut down Wunderlist in favor of its new app, To-Do

Microsoft acquired the popular mobile to do list application Wunderlist back in 2015, and now it’s preparing users for its eventual demise with the release of its new application “To-Do,” announced today. The new app was built by the team behind Wunderlist, and will bring in the favorite elements of that app in the months ahead, Microsoft says. The company also added that it won’t shut down Wunderlist until it’s confident that it has “incorporated the best of Wunderlist into To-Do.”

In case you’re hoping Wunderlist will get some sort of reprieve, Microsoft makes its forthcoming demise pretty clear. Stating its plans in black-and-white: “we will retire Wunderlist,” it says in a blog post. 

In the meantime, Microsoft is encouraging Wunderlist users to make the switch by offering an importer that will bring in your lists and to-dos from Wunderlist into To-Do, where those items will now be available in other Microsoft products, like Exchange and Outlook.

Microsoft’s plans for To-Do were previously leaked, when the company was found to be testing a new app, then under the codename Project Cheshire.

At the time of the leaks, that was a fairly bare bones to-do app that let users create lists, add items, set reminders, and sync lists across platforms. The only interesting feature was that it was able to offer suggestions of tasks to add to a list – something that has now transformed into To-Do’s “Intelligent Suggestions” feature.

According to Microsoft’s announcement, To-Do starts you off in a screen called “My Day” which offers a list of items that need to get done today. You can customize this list further by accessing the “Intelligent Suggestions” feature – available with a tap on the lightbulb icon – which will offer suggestions of things you may want to add to your list.

For example, if there was something you didn’t get done yesterday, but perhaps should have, that could appear as a task suggestion. As Microsoft explains it, you’ll also be able to review to-do’s from the day before as well as view what’s due and other upcoming tasks, via this feature.

More importantly – to Microsoft, at least – is that To-Do has been built to integrate with Microsoft Office. The app is built on Office 365, and its first integration is in Microsoft Outlook. Your Outlook Tasks will sync with To-Do, so you can access and manage them across your devices.

To-Do’s data is also encrypted in transit and at rest for added security. The Preview version of To-Do is available today for I.T. admins to enable through the Office 365 admin center, and is available on iPhone, Android, Windows and the web for consumers.

ZDNet clarified with Microsoft that the app is not just for Office 365 users, as the original blog post about the launch seemed to imply. Instead, anyone with a Microsoft account can use To-Do, even if they don’t have an Office 365 plan, the company confirmed.

The To-Do app is not ready at this point to meet the needs of all Wunderlist users, however. As many users realized, some platforms do not yet support To-Do, including Mac, iPad and Android tablet. List sharing is also not available. But Microsoft says these will roll out in time along with other integrations with Microsoft services.

A Microsoft employee in the comments section of the original blog post even offered some enthusiasm towards users’ requests for Amazon Alexa integrations, which could be interesting. And they noted that support for Work accounts would arrive on To-Do on the web in the coming weeks, and gave the timeframe towards the iPad app as the “coming months.”

 

via:  techcrunch


Save pagePDF pageEmail pagePrint page

How to Easily Switch between Multiple Google Accounts

Learn how to sign-in to multiple Google accounts on the same computer and easily switch from one Gmail account to another using keyboard shortcuts.

Lots of us maintain multiple Google accounts for a variety of reasons. Maybe your day is mostly spent inside Gmail and Google Calendar associated with your work account but you prefer to store files inside Google Drive of your personal Google Account.

Google does make it easy for you to sign-in to multiple Google accounts simultaneously so you don’t have to log out of one Gmail account to check emails of the other one. Simply go to accounts.google.com/AddSession and sign-in with the other Google account inside the same browser session.

Sign-in is Easy, Switching Accounts is Difficult

One you are logged in, click your profile image in the upper right and select any Google account from the drop down to switch to that account.

switch-gmail-accounts.png

The default account, the one that appears on top of that list, is the one that you signed in with first. Thus, if you type mail.google.com in your browser’s address bar, you’ll always be taken your Gmail account. If you need to set another Google account as the default one, you’d have to sign-out of all existing accounts and sign-in first with that account.

That’s obviously too many steps for users who have to constantly juggle between multiple accounts. So here’s a simple URL trick that will help you switch between Google accounts quickly.

Create Keyboard Shortcuts for Google Accounts

Go to the Gmail website and press Ctrl+D (or Cmd+D on Mac) to bookmark the Gmail website.

gmail-bookmark.png

Click the Edit button to modify the bookmark. Here add ?authuser=email@gmail.com after the last slash(/) symbol and append the shortcut to the bookmark name as shown below. We use the short “gw” meaning Google Apps for Work Gmail.

gmail-multiple-signin.png

Repeat the steps for all your other Gmail accounts.

You can now type gw in the address bar to quickly launch your work Gmail account even if that account may not be your default Google account.

If you are a keyboard ninja, shortcuts are a much faster way to do things that using your mouse to click a bunch of menu items. The trick works with all Google Apps services including Google Drive, Contacts and Calendar.

https://calendar.google.com/?authuser=email@domain.com
https://drive.google.com/?authuser=email@gmail.com
https://contacts.google.com/?authuser=email@domain.org

You should check out the most important Google URLs.

 

via:  labnol


Save pagePDF pageEmail pagePrint page

Cybercriminals Mostly Prefer Skype Messaging

But cybercrime gangs worldwide are increasingly using encrypted peer-to-peer chat platforms for their communications outside online underground forums, new study finds.

When cybercriminals take their conversations outside their underground forums, their favorite mode of communication is Skype, according to a study of global cybercriminal operations.

Skype, which does not encrypt messaging end-to-end like some of the newer-generation messaging apps such as WhatsApp, Jabber, Telegram, and Signal, ranks at the top-most identified messaging platforms, according to FlashPoint, which studied the number of times cybercriminals in the Deep and Dark Web mentioned the use of messaging services over a four-year period. While they couldn’t confirm why Skype got the most love, the researchers theorize that it’s because the well-known messaging application now bundled with most Microsoft software is the most readily available and convenient way to communicate.

Leroy Terrelonge, Flashpoint’s director of Middle East and Africa Research and director of Americas Research, says he and his team wanted to see where cybercriminals go to communicate and drill down on their deals and hacking operations after first meeting in their online forums. “Yes, they are meeting in [online underground forums]: that serves as a vital way to bring people together. But the really meaty conversation where they go to [discuss] targeting is not happening in forums, but in different messaging applications,” he says.

Cybercriminals around the world also tend to follow and emulate what Russian-speaking cybercrime groups do. Russian-speaking cybercrime is considered the most sophisticated, and Flashpoint noted that there’s a large adoption of the nonencrypted ICQ messaging platform around the world. ICQ traditionally has been heavily used by Russian cybercriminals, although Skype has bumped it from the number one slot in those groups.

“Russian-speaking actors … sit at the top of the food chain,” and cybercriminals in other regions look to them for the latest communications tools, as well as to communicate and collaborate with them, Terrelonge says.

Flashpoint investigated four years of data it had collected via its Deep Web and Dark Web monitoring, and found that Skype in 2016 landed in the top five-most mentioned messaging platforms in communities that speak Russian (#1) English (#1), Spanish (#2), Arabic (#2), French (#2), Chinese (#3), and Persian/Farsi (#3). Skype overall was used much less within Chinese-, French-, and Persian-speaking cybercrime communities, however.

“Skype, which is not considered to be a very secure messaging platform is still used across many different language communities as one of the top five messaging apps,” Terrelonge says.

Most of the regions are trending toward adopting end-to-end encrypted messaging as well. The shift began sometime after Edward Snowden’s leak of documents from the National Security Agency (NSA) that illustrated the agency’s surveillance capabilities: “In general, across all [groups], there was a move from 2012 to 2016 away from less secure to more secure messaging,” Terrelonge says.

The new generation of encrypted messaging apps is much easier to use, he says, than the old days of non-user friendly interfaces that were “clunky.”

Among the Russian-speaking groups, the top five mentioned messaging apps in 2016 were Skype (38.72%); Jabber (24.77%); ICQ (21.05%); Telegram (7.26%); and Viber (4.47%). Jabber (45.84%) topped the French-speaking list, while WhatsApp (27%) and Skype (25%) topped the Arabic-speaking one; Telegram (88.5%), the Persian-speaking one; and Jabber inched up to number two behind Skype in the English-speaking cybercrime community, with 11.75%, followed by ICQ (9.81%), and Kik Messenger (5.63%). Chinese-speaking groups mosty use the less-secure QQ (63.33%), followed by WeChat (35.58%); Skype (0.44%); WhatsApp (0.22%); and Jabber (0.31%), according to the Flashpoint report.

 

via:  darkreading


Save pagePDF pageEmail pagePrint page

7 Ways Hackers Target Your Employees

One employee under reconnaissance by cyberattackers can put your whole business at risk. Where are they being targeted, and what should they know?

Cybercriminals are testing the strength of your organization’s defensive wall, looking for the one crack they need to launch their attacks. Oftentimes that flaw isn’t a “what,” but a “who.”

Employees only need to download a bad attachment, click a malicious link, or give attackers one piece of information they need to break in. Security is a business-wide responsibility.

“Companies need to realize if their employees are picking up the phone and answering emails, they are making security decisions every day that can affect the company,” says Michele Fincher, COO for Social-Engineer, Inc. “They don’t realize how many good decisions employees need to make to be secure.”

Addressing the importance of security during annual training sessions isn’t enough, says Fincher. “If you only talk about it once a year, you’re doing the staff a grave disservice.”

Social engineering attacks also make it harder to differentiate legitimate from malicious activity. In the past, cybercriminals needed more technical skills to launch attacks. These days, they can wreak havoc with social network browsing, phone calls, and emails. They can conduct surveillance without raising red flags.

As Social-Engineer, Inc. CEO Chris Hadnagy explains, “There’s no bar for entry for an attacker.”

Here are seven common strategies attackers use to target employees. Share these with your teams to inform them of today’s dangers and where hackers may be hiding.

 

via:  darkreading


Save pagePDF pageEmail pagePrint page

The Human Factor: The unspoken threat in cybersecurity

How can a CISO best negate the threats that BYOD and mobile devices pose to their organization?

Ever since there have been humans, there have been human errors – and some of them have been whoppers (like the Japanese trader’s “fat finger” trading error that cost his company $600 billion). Doing tasks that they really don’t understand, or mistakenly pushing a button or pulling a lever, people are the root cause of 90% of air traffic control errors, over 50% of factory equipment failures after maintenance, 37% of downtime at pharmaceutical firms, and in one of the biggest flubs of all time, human error nearly destroyed Kansas.  

Such errors can destroy a company, too – by allowing hackers access to sensitive data. Trying to detect and deflect such attacks is often fruitless; the solution security officers need to concentrate on is a prevention-based one.

It seems that there is a correlation between human error and an employee’s lack of understanding of what a job entails – a problem that is responsible for tens of billions of losses for companies every year. And it also appears that the more complex a job or system is, the greater the level of human error. So it should come as no surprise that human error, negligence, a lack of understanding of what they are supposed to do, and similar human failings are responsible for more than a third of data breaches, according to a Ponemon Institute study. Computer systems today are extremely complex, and the way organizations operate today – from focusing on detection of breaches and outage issues to encouraging employees to bring their own devices to work – only increases the chances that someone at some time will make a mistake, one that could prove fatal to the organization.

Examples of how errors by workers led to data breaches are rife – and many of them rely on social engineering, spear-phishing, and other e-mail and Internet-based exploits. In 2014, hackers ran a phishing exploit that netted them credential information from as many as 100 eBay employees, that enabled them to get access to the company’s systems – undetected – for months. In 2015, hackers got hold of personal data (including social security numbers) from employees and customers of Anthem Blue Cross and Blue Shield, apparently using social engineering techniques via an e-mail or other communication. And in one of the most infamous breaches of all time, hackers got access to Sony’s network using phishing techniques.  

Phishing and social engineering are far from the only source of human error-related data breaches. BYOD – where companies invite employees to use their own personal devices or laptops in the office, either for convenience or to save money – bring a load of security issues into the office. In 2014, a hacker managed to breach a BYOD service used by UK insurance giant Aviva to invade employee devices, possibly stealing credentials. And of course there are the “run of the mill” mobile device security issues; thousands of new mobile malware strains appear every day, and in fact, according to a major security study, some Android devices are coming with the malware pre-installed, making the work of hackers easier and more convenient than ever. And since nearly half of employees who use their devices for work don’t even think about about security as an issue, BYOD-friendly organizations could easily find themselves experiencing “perfect storm” security crisis at any time.

What’s a CISO to do? Well, the natural response among most security officers – especially when they have been targeted – is to take inventory and see where the breach came from, and how to close up the “hole” that allowed the data breach to occur in the first place. And since, as we’ve seen, most of these breaches are due to human error, there are some specific responses that promise to limit the damage.:

1. Just Don’t Click

When in doubt, that is. Many organizations have educational programs that stress over and over the dangers of clicking on suspicious links, or opening attachments. Sandboxes, firewalls, and anti-virus programs check incoming data six ways ’till Sunday. And in some companies, IT managers send out fake phishing messages in order to see whether employees have learned their lessons. Between the security systems and employees’ self restraint, phishing/social engineering exploits that use links or rogue script in attachments should be a thing of the past.

But as we see, they aren’t. Hackers keep up with the times, and they are able to slip malware code into files that sandboxes won’t catch; the malware is programmed to hide itself while it’s in the sandbox – and if the attack is a zero-day exploit (as most exploits today are), there is no way a signature-based anti-virus program will prevent a hack. And many phishing exploits are cleverly hidden in e-mail messages that employees would swear look legitimate.  

2. Best BYOD Practices?

By allowing -in many cases requiring – employees to use their own devices at work, IT security teams automatically increase their workload by a large amount. Now they are responsible not only for the security of their network, but for the security of the devices that connect to the network. To prevent breaches, organizations have developed acceptable use protocols: What apps can be installed on a device, what apps cannot be used, how and when to connect to social media, etc. In addition, many organizations require the use of encryption for organization communications and connections.

Which is all well and good – except for the fact that enforcing such policies is more difficult than enforcing network security. After all, the device belongs to the employee, who paid good money for it (or at least got it from the company for business and personal use). And while a really dedicated employee might be at his or her desk for 60 or more hours a week, there are still plenty of other hours in which they will be able to use their devices out of view of network personnel. Can a CISO guarantee that an employee won’t accidentally copy a file or sensitive data from an enterprise-approved app to their Facebook page?

3. Mobile Mess

Related to BYOD is the whole phenomenon of using mobile devices for work-related purposes, especially for e-mail and text messaging. While having access to the office – and managers having access to employees – at any time is certainly convenient, the risks of mobile in this context are high. Two-factor authentication to access apps could help, but it won’t prevent copying mistakes as described above. In addition, devices are vulnerable to many kinds of hacks that could allow cyber-criminals to attack devices. Text messages, for example, could include links to rogue sites that download malware on a device and implement key-logging techniques to steal credentials. The problem is so bad in fact that NIST, the National Institute of Standards and Technology, NIST, recommends dumping SMS as an authentication method, because it is too easy to hack.

Is this the best CISOs can hope for? It is, if they plan to fight hackers who have already gotten credentials, or are attempting to do so via a phishing/social engineering/malware attack. If hackers can beat sandboxes, a long-time venerable technology that organizations rely on to protect them, they can beat a company’s best educational efforts, penalty programs, or security protocols. The methods by which employees can slip up are just too many and too easy, and organizations cannot rely on such arrangements.  

What has to be implemented is a system that keeps threats away from employees and the IT system altogether. Network segregation goes beyond sandboxing; not just checking files and connections for rogue activity, but actually executing code and making connections in an isolated environment. If a problematic connection or file attempts to execute, it will do so – in a virtual container that keeps the executed code or connection way from the real network until it’s purpose is clear. If the connection or code checks out – and does what it is supposed to do, based on its profile – then it is allowed to move forward. And if not, it just gets rejected, kept away from the IT system altogether. Network segregation can also be used to isolate devices, keeping them from passing malware or copying data from an IT system. Thus, the threats of mobile and BYOD are obviated as well. With a system like this, CISOs can rest a little more easily, knowing that they did their best to plug up the many “security holes” that are a feature of the human experience – and of human employees.

 

via:  itproportal


Save pagePDF pageEmail pagePrint page

Businesses increasing encryption efforts

Cyber security threats have done their part in encryption adoption among businesses.

Businesses are increasingly adopting encryption strategies, according to a new report by Thales. More than four in ten (41 per cent) of respondents in the report said their organisation has an encryption strategy that is applied ‘consistently’, across the enterprise.

What’s also interesting as that for the first time since Thales started making these reports (12 years), business unit leaders have more influence on these things than IT operations.

Looking at the figures, the report states that two thirds (67 per cent) use one of two routes: They either perform on-premise encryption, or send the data into the cloud, where it’s encrypted using on-premise generated keys.

Almost four in ten (37 per cent) said their businesses turn over complete control of keys and encryption processes to cloud providers.

“The accelerated growth of encryption strategies in business underscores the proliferation of mega breaches and cyberattacks, as well as the need to protect a broadening range of sensitive data types,” commented Dr Larry Ponemon, chairman and founder of The Ponemon Institute.

“Simply put, the stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy. Encryption and key management continue to play critical roles in these strategies.”

It’s also interesting to learn that a third (31 per cent) are either using, or plan on using HSMs (Hardware Security Modules), together with the BYOK deployments (Bring Your Own Key). A fifth (20 per cent) said the same for CASB (Cloud Access Security Broker) deployments. Both HSM and CASB usage is expected to double in the next year, up from 12 to 24 per cent.

 

via:   itproportal


Save pagePDF pageEmail pagePrint page

McAfee LinkedIn page hijacked

Now deleted updates to the hijacked business page link attackers to a Twitch hack in 2016.

On Sunday evening, the LinkedIn page for McAfee was hijacked by a single person or an unknown number of individuals who apparently watched Twitter for reactions. The business page was defaced with random remarks, and at one point made a passive reference to a Twitch hack in 2016. (See update at the bottom of this story.)

 

The LinkedIn defacement happened around 9:30 p.m. EST on Sunday evening. McAfee recently announced some changes to the company, including a return to its original name after being acquired by private equity firm TPG.

 

How the individual(s) obtained access to McAfee’s LinkedIn account is unknown, though someone claiming a connection to the incident says the key was recycled passwords.

 

Once word of their defacement started to spread however, those responsible for the hijacking watched Twitter for reactions and made comments on the McAfee LinkedIn page in response.

They also changed the company logo to a well-known meme after it was referenced on Twitter.

Another update to the hijacked McAfee LinkedIn page (deleted shortly after being posted) referenced a Gmail account used during the takeover of a Twitch account in 2016.

At the time BlackDotATV was compromised by someone during a broadcast. Taunting the channel owner, Dominik “Black^” Reitmeier, the person responsible told him to email the Gmail account for instructions on how to secure his account.

Salted Hash reached out to McAfee for comment, and we’ll update this story when they respond.

We reached out the referenced Gmail account as well. The person who responded claimed they were previously part of OurMine, a group that claims to be a security company, but promoted their services by compromising other high-profile social media accounts.

The person said Sunday’s McAfee hijack was possible due to recycled credentials, and that two-factor authentication was not enabled on the account. McAfee, the person said, was “a small hack, the first of many.”

“They’re going to gradually get bigger and bigger. Keep an eye on the twitter accounts of many high-profile companies, that’s all I’ll say.”

The takeover lasted for just over half-n-hour, until LinkedIn pulled the whole McAfee page. However, the changed logo propagated to many staff accounts, and were still present even after the business page was removed.

Update:

Shortly after this story was posted, a person going by the handle “Monarch” contacted Salted Hash with additional information. This individual also goes by “Monarch” on OGFlip, the forum reporting that LeakedSource was raided by law enforcement earlier this year.

After some conversation, Monarch put us in touch with the person who is claiming credit for the McAfee hijacking. This individual, who asked that they not be named, said the McAfee LinkedIn hijacking started out as an attempt to take over a two-letter Twitter account.

The Twitter takeover failed, but the password originally believed to be linked to the account turned out to be the person’s LinkedIn password. Salted Hash will not name the two-letter account, or the person who owns it. However, their password was discovered in the LinkedIn data breach records.

It was the compromised LinkedIn password that enabled the McAfee hijacker access, as the victim’s LinkedIn account was listed as an administrator on the McAfee company page.

Until McAfee comments, there is no way to prove this person’s claims, but the methodology and the OurMine references made by them were worth noting.

This incident highlights not only the risks in shared admin access on social media, it also serves as a reminder that passwords should be changed if they’ve been compromised. This is also true if there is a chance the password has been compromised by a large data breach like the one LinkedIn experienced in 2012.

Since the compromised records were exposed to the public, the LinkedIn data breach has been tied to several incidents in the years that followed. In many of the cases, it was the usage of recycled credentials that enabled the attackers.

 

 

via:  csoonline


Save pagePDF pageEmail pagePrint page

The failure of the missile launch by North Korea may have been caused by US cyber attack

The failure of the missile launch made the North Korea may have been thwarted by a cyber attack powered by the US Cyber Command.

The crisis between the US and North Korea is increasing, Donald Trump warns his military may ‘have no choice’ to strike the rogue state.

According to The Sun, US cyber soldiers may have hacked the control system of the rocket causing the failure of the launch.

The nuclear test ballistic missile exploded within five seconds of the launch, according to the newspaper the US agents have used a stealth malware that caused a massive malfunction.

The launch occurred from near the port city of Sinpo, Kim Jong-un ordered it defiance of President Trump sending a naval task force to the region.

The US naval force in the area, led by the aircraft carrier USS Carl Vinson, is equipped with rockets capable of intercepting missiles, but they were not deployed.

It was a medium-range ballistic rocket, likely a Nodong, the experts highlighted that North Korea is forced to import the high-tech electronics used in its missiles, so it is likely that US hackers compromised the supply chain implanting an undetectable malware.

According to some experts, North Korea is vulnerable to cyber attacks because its scientists have to import electronic hardware.

The experts believe that US cyber units may have detected the launch and sent the instructions to the malware via satellite from the US National Security Agency headquarters in Maryland.

North Korea missile launch failed

Source; The Sun

Fantasy or reality?

A similar attack requests a huge effort in terms of HUMINT and technical activities, but it is perfectly feasible.

“It is perfectly feasible the US brought down this missile.” said Defence analyst Paul Beaver.

“Their cyber warfare capabilities are now highly advanced.

“As soon as military satellites watching Sinpo detected an imminent launch, a team at the National Security Agency would have got to work.”

“It’s possible for them to have sent a signal directly to the missile from Maryland which effectively zapped it out of the sky.”

“North Korea has had a string of launch failures and it may be no coincidence that they have happened as the US went to cyber war.”

President Trump did not comment the Kim’s missile failure.

Analysts believe that Kim will punish military commanders involved in the failed operation.

Kim has a history of punishing failure with terrible retribution, including executing his own officials with anti-aircraft guns.

Giving a look at the North Korea’s military programme we can notice a long series of technical failures, a part of the intelligence community attribute the incident to cyber attacks powered by the US Cyber Command.

Other ballistic tests failed in the last weeks, medium-range North Korean rockets crashed and exploded.

“Last year a Musudan missile fired to mark the anniversary of the birth of Kim’s grandfather Kim Il-sung blew up so soon after take-off it wrecked its launcher.” reported The Sun.

“In November 2015 an attempt to launch a ballistic missile from a submarine ended in failure when the weapon disintegrated under­water.”

“There are many things that can go wrong but it would be impossible to tell from outside if something had affected the internal guidance or control systems.” said Defence analyst Lance Gatling

“It has been openly mentioned that there is a possibility that the North’s supply chain for components has been deliberately infected, and they might never know.”

 

via:   securityaffairs


Save pagePDF pageEmail pagePrint page

Google quietly takes on LinkedIn with its own job listings site

The company’s new Hire portal is online but not yet functional.

Google has a new job listings site coming online soon, adding yet another site you’ll need to upload your resume to. You can even visit the Google Hire site now, though it won’t let you sign in, yet. According to Axios, Hire will enable companies to post job listings and individuals to search for and find their next job.

Details are rather sparse, but there are already privacy concerns with the public-facing new site, which asks users to sign in with their personal Google account. There have been some speculation (as yet unfounded) that this would allow potential employers to see your entire search history. According to the Daily Mail, Google has denied these claims. We’ve reached out to Google for comment.

Google isn’t the first big company to jump into the job-recruitment arena. Facebook started rolling out support for job listings this past February. Google is facing a pretty crowded market of established players like LinkedIn, Glassdoor and Monster. To succeed, it will need to bring something different and better to the table.

 

via:  engadget


Save pagePDF pageEmail pagePrint page