More
Home Blog Page 303

Why Android Go is going to be a savior of budget smartphones?

By
Adwaith
-
android-go-edition

Android Go — a new lightweight version of the Android operating system to provide a lag-free, smooth Android experience to every smartphone, especially for the budget smartphones without compromising any of the important features of parent edition.

Google introduced Android Go as a part of the Android 8.1 Oreo version focusing the devices with 512MB to 1GB of memory. Unlike Android One — company’s previous initiative to power budget models — Android Go is a reimagination of the budget segment entirely.

To make this possible Google made deep changes to the kernel and other elements. Improved performance and storage section of the operating system with data management features and security benefits built-in. A newly redesigned set of applications — may be we can say they are the lightweight version of apps — exclusively for Android Go edition provides fluid smartphone experience to every user. Set of optimized apps includes Google Go, Google Assistant Go, YouTube Go, Google Maps Go, Gmail Go, Gboard, Chrome, and the new Files Go app by Google. Moreover, a tuned version of the Google Play Store is available to download any app.

Features of Android Go edition:

So why Android Go is going to be a savior of future entry-level phones with Android 8.1+ version? As we already said, Android Go never relies on the hardware specifications of a device. If your device comes with fewer resources then Android Go is the one and the only version of Android — may be the only smartphone OS — to reanimate your device as a beast. Here are some notable features of Android Go edition.

  • Average app is now 15 percent faster on devices running Android Go edition.
  • Enhanced preinstalled Google apps to take up 50 percent less space thus doubled the amount of available storage on entry-level devices.
  • Devices running on Android Go edition also come with Google’s data saver features turned on by default.
  • All devices with Android Go get Google Play Protect built-in.

Already Android platform is ruling the smartphone industry and Android Go significantly lower the barrier to entry for smartphones in emerging markets. Soon we can see many more new high performing Android budget smartphones in the market.

Turn Your Old Android Phone Into A Surveillance System With This New Open Source App By Edward Snowden

By
Avinash A
-
Haven - monitoring app by snowden

NSA Whistleblower Edward Snowden recently released a new Android app named — Haven — to protect your personal spaces and possessions without compromising privacy.

Haven is an open source project developed by Snowden, The Guardian Project and Freedom Of The Press to aid investigative journalists, human rights defenders, and people at risk of forced disappearance to create a new kind of herd immunity. Snowden who remains exiled in Russia previously developed an exclusive iPhone case designed to alert the user if and when the phone’s radio signals are turned on.

With Haven, you can turn your old Android phone into a surveillance system without worrying about compromising privacy. The app leverages on-device sensors to provide monitoring and turns any Android device into a motion, sound, vibration and light detector. When comes to privacy, Haven uses world’s most secure communications technologies, like Signal and Tor, to communicate anonymously over computer networks.

Haven uses following sensors to watch unexpected guests and unwanted intruders and send alerts via SMS, Signal or to a Tor-based website.:

  • Accelerometer: phone’s motion and vibration
  • Camera: motion in the phone’s visible surroundings from front or back camera
  • Microphone: noises in the environment
  • Light: change in light from ambient light sensor
  • Power: detect device being unplugged or power loss

For now, Haven only works with Android platform because anyone can purchase an inexpensive Android phone for less than $100 and use that as your “Haven Device”. And if you run Signal app on your iPhone then you can configure Haven on Android to send encrypted notifications, with photos and audio, directly to iPhone and also can remotely access all Haven log data from your iPhone, using the Onion Browser app by simply enabling the “Tor Onion Service” feature in Haven. But developers also guarantee an iOS version of the app in future.

You can download Haven from Google Play and open source Android app store F-Droid. And also you can grab the APK files from the Github releases page.

[Infographic] 7 Essential Excel Tricks Probably You Don’t Know About

By
Sabarinath
-
microsft excel tricks

Microsoft Excel – one of the most widely using productivity application around the world. I think Excel is the best piece of software Microsoft has ever built.Microsoft  Excel was first released 30 years ago on September 30, 1985.And the funny part is it was first developed for the Apple Macintosh. The Windows variant came in 1987.

Microsoft Excel that is now a part of Microsoft Office suite and recent reports show that 67% of office roles require expertise in Microsoft Excel. So sharpening up your Excel skills really can help improve pay and job prospects.So from the below infographic compiled by Best STL will show you top 7 essential Excel tricks to make your work fast and easy.

7 essential Excel tricks every office worker needs to know

Google Released A Hacking Tool To Find Bugs In iPhone

By
TechLog360
-
Google Released A Hacking Tool To Find Bugs In iPhone

Google Project Zero — team of hackers or security researchers employed by Google to find bugs or zero-day vulnerabilities in all types of software, including that not made by Google. Now under the same initiative, Google has released a powerful tool to help security researchers to hack and find bugs in iPhone.

The exploit is named as tfp0 — created by Ian Beer, a renowned iOS bug hunter and a member of Google Project Zero — capable of finding bugs in iOS 11.1.2, a very recent version of the iPhone operating system.

According to Beer, tfp0 should work for all devices. Although, he already tested it on iPhone 7, iPhone 6s, and iPod touch 6G and adding further support should be easy.

Why Google released a tool to find vulnerabilities of their competitor’s device? — Since iPhone is one of the hardest consumer devices to hack into and also if someone successful hacked into the device and find the bugs, they never give away the details of the tools they used. But Google Project Zero nonprofit organization aims to make all software, especially that owned by other companies, safer.

According to Google, this exploit is going to accelerate the process of development of an iOS 11 jailbreak.

Uninstall These 42 Chinese Spying Android Apps Now — Intelligence Bureau

By
Sabarinath
-
Uninstall Chinese Spying Android Apps

As the part of national security, India’s internal intelligence agency — Intelligence Bureau (IB) warned soldiers to not to use some Chinese spying Android apps.

IB has released a list of 42 Chinese Android apps which includes some popular ones like — We chat, True caller, UC Browser and UC News — allegedly collecting vital information about the Indian security installations.

According to the report, the Intelligence Bureau in a 24 November advisory has directed the soldiers assigned on Line of Actual Control (LAC) to uninstall these Chinese spying Android apps from their smartphones and also format the device after uninstallation as it may compromise national security.

Chinese Spying Android Apps:

  1. Weibo
  2. WeChat
  3. ShareIt
  4. TrueCaller
  5. UC News
  6. UC Browser
  7. BeautyPlus
  8. NewsDog
  9. Viva Video – QU Video Inc.
  10. Parallel Space
  11. Apus Browser
  12. Perfect Corp
  13. Virus Cleaner – Hi Security Lab
  14. CM Browser
  15. Mi Community
  16. Mi Store
  17. Mi Video call
  18. Vault Hide – NQ Mobile Security
  19. YouCam Makeup
  20. CacheCleaner – DU Apps Studio
  21. DU Recorder
  22. DU Battery Saver
  23. DU Cleaner
  24. DU Privacy
  25. DU Browser
  26. 360 Security
  27. Clean Master – Cheetah Mobile
  28. Baidu Translate
  29. Baidu Map
  30. Wonder Camera – Baidu Inc
  31. ES File Explorer
  32. Photo Wonder
  33. QQ International
  34. QQ Music
  35. QQ Mail
  36. QQ Player
  37. QQ Newsfeed
  38. QQ Launcher
  39. QQ Security Center
  40. WeSync
  41. Selfie City
  42. Mail Master

Although, China spying on with their Android apps is not a new incident. Earlier, many reports came against UC Browser about its suspicious way of collecting data from users and transferred back it to China. Now the government also took the matter seriously and recommended the troops to avoid spying Chinese eyes by uninstalling these dangerous apps.

Just remember, unintentionally you may become a traitor to your country by using these apps because who knows without your knowledge, what data are transferring to China by these awful Chinese spying apps.

KRACK WPA2 Wi-Fi Vulnerability Compromises Almost All Devices That Supports Wi-Fi

By
TechLog360
-
KRACK WPA2 Wi-Fi Vulnerability

WPA2 (Wi-Fi Protected Access II) — the WiFi security protocol which considers safeguarding a vast majority of wifi connections has now been compromised to a deadly vulnerability called Key Reinstallation Attacks or KRACK.

Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven discovered and published the details of the attack that affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, and Linux.

WPA2 became the most trusted security protocol that encrypts traffic on Wi-Fi networks to prevent eavesdroppers for last 13 years. In short, WPA2 networks are absolutely everywhere. Since KRACK WPA2 Wi-Fi Vulnerability utilizes a weakness in the WPA2 protocol to recover the key used to encrypt traffic between a client and an access point. The scary part is in some situations an attacker within range of a victim can also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

According to Vanhoef’s research group, “attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks“.

Since the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations, almost all devices that support WiFi are going to be a KRACK victim. Vanhoef recommends, “To prevent the attack, users must update affected products as soon as security updates become available“.

How attacker use KRACK vulnerability?

As a part of demonstration Vanhoef’s group executed KRACK WPA2 Wi-Fi Vulnerability attack against an Android smartphone. During the demo, the attacker was able to decrypt all data that the victim transmits.

According to researchers, KRACK attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key. About attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks:

Vanhoef also points out that 4-way handshake weakness causes WPA2 protocol vulnerable. This handshake is executed when a client wants to join a protected Wi-Fi network and is used to confirm that both the client and access point possess the correct credentials. The four-way handshake also generates a new encryption key—the third communication in the four-step process—to protect the user’s session.

And the KRACK vulnerability allows hackers to trick a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. And the attacker can replay and decrypt packets, and even forge packets in some cases.

Unfortunately, KRACK vulnerability is not only limited to recovering login credentials but also any data or information that the victim transmits can be decrypted. Also, the attack is capable to decrypt data sent towards the victim (e.g. the content of a website) even though websites or apps use HTTPS as an additional layer of protection.

Researchers indexed following Common Vulnerabilities and Exposures (CVE) identifiers to track which products are affected by specific instantiations of KRACK :

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Also, research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.

Librem 5 — Security and Privacy Focused Pure Linux-Based Smartphone Coming Soon

By
Sabarinath
-
Purism Librem 5

We all love our privacy, especially the online privacy nowadays. Since we are using devices powered with operating systems developed by multi-million cooperates, privacy and security are just a myth.

Today the World only knows two mobile platforms — Android and iOS. One is under control of the search engine giant, Google, who own 90% of the internet world and the other under Apple, who only build devices with a luxury price tag.

But what about a device that respects our online privacy and gives us the full authority of its control. Yes, a company named Purism is soon going to launch a similar phone — Purism Librem 5.

Librem 5, runs on Pure OS — a derivative of Debian GNU/Linux main — primarily focuses on security and privacy of the users. Recently Librem 5 has met its $1.5 million crowdfunding goal with 2 weeks left in the campaign, Purism plans to start working on the next steps for bringing the phone to market.

Initial crowdfunding days, made everyone think Purism wouldn’t make its $1.5-million goal. But after the incredible support from GNU/Linux enthusiasts and the Free/Open-Source community at large, forging partnerships with KDE and the GNOME Foundation help them to cross the milestone.

Now about the super secure smartphone, Librem 5 is going to be world’s first encrypted, open smartphone ecosystem that gives complete device control to users. Running Free/Libre and Open Source software and a GNU+Linux Operating System made this possible.

As we already mentioned, the smartphone runs on PureOS, which comes with the best Free/Libre privacy and security software and apps for privacy “out of the box”. The phone also comes with Hardware Kill Switches for Camera, Microphone, WiFi/Bluetooth, and Baseband — means you only connected when you want to be, no automatic background services.

Purism PureOS

Purism only shared a little information about the hardware side of the device. Librem 5 will be equipped with 5 inch screen and works with 2G/3G/4G, GSM, UMTS, and LTE networks. And also it uses an i.MX 6 or i.MX 8 CPU, that separate from baseband to offer protection from modern communication challenges.

Since the company is boosting its hardware production as soon as possible to assemble a developer kit as well as initiate building the base software platform, which will be publicly available and open to the developer community.

Django Messages: How to Use Messaging Framework

By
TechLog360
-
django

When a user does not receive a reaction after an interaction with a web application, it can be rather confusing. In some cases, it might cause the user to think there is a bug in the system, especially if he has had to push on the same button over and over again even though the target action was performed immediately after the first online command was made. So, how do you successfully make your web app communicate with users using the Django messages framework?

You can see Django Messages in action when a flash message appears during an interaction with a web application. For example, when you click the “Save” button you often receive a notification that your information has been saved. When you type in an incorrect password, the system notifies you that you have to review the data you’ve inputted.

Django can be used for performing various tasks. For example, Django instant messaging can be implemented in a multi chat using the specific package called Channels. A typical Django Channels example is chat rooms. By using this package, any company can create a multi chat with user authentication, separate chat rooms, and real-time messaging. Before you start using Django in your own application, let’s make sure you understand what the platform is, and what it is capable of.

What Is Django?

Django is an open source framework for web applications. Django is written in Python and it supports data-driven architecture. It is aimed at simplifying the process of development of complicated and database-driven websites. This framework is built to automate coding as much as possible and eliminate the necessity of repeated manual actions.

The three main principles of Django are:

  • Fast coding;
  • Non-repetition; and
  • Component reusability.

It is important to fully understand the benefits of this cost-free framework, before utilizing it in your systems.

What are the Advantages of Django Messaging?

Django provides enhanced support for session and cookie-based messaging for both identified and anonymous users. The messaging framework can store messages in a single request and retrieve them in the subsequent request. Every message has a tag that describes its priority: whether it is an error, warning, or simple information.

Django is Time- and Crowd-Tested

In 2017, the Django framework celebrates its 12th anniversary. Over the years, it has had several releases, some of which added new features, others were aimed at preventing security issues. Even outsourcing agencies have contributed to this framework.

Websites using Django include:

  • Pinterest;
  • Facebook;
  • Instagram;
  • Washington Post; and
  • Smithsonian Magazine.

Each of these websites is a typical Django messages example. Their experience of using this framework proves the effectiveness of its solutions.

Highly Detailed Documentation

The best component of Django is its documentation. This is an example of what an open source manual should look like. It’s not just an alphabetical list of modules and attributes that most other frameworks use, rather Django fans moderate and control a high-quality level of framework docs.

How to Use the Messages Framework

Every new Django project has a messaging package installed by default, which is why there is no need to enable it from the very beginning or to make any adjustments. Instead, take a look at the engine configuration tips provided by gearheart.io.

Message Engine Configuration

Django message middleware and a context processor are used to implement messages. The package is able to use various backends (classes) for storing temporary messages. It is worth noting that Fallback Storage is a class set by default.

Django’s built-in storage classes are:

  • Cookie Storage;
  • Session Storage; and
  • Fallback Storage.

Cookie Storage class uses cookies, which is signed with a secret hash to store message data. Session Storage stores the message data in the request’s session. The Fallback class uses Cookies and then falls back to Session Storage to store the messages that cannot be saved in a single cookie.

To select a class, use one of the following variants of configuration:

  • django.contrib.messages.storage.[cookie].[cookiestorage];
  • django.contrib.messages.storage.[session].[sessionstorage];
  • django.contrib.messages.storage.[fallback].[fallbackstorage];

Setting Message Tags

Tags are applied to messages to show their level of importance. Message tags are stored in a string and used as CSS classes for style customization.

By default, message importance levels correspond to the following tags:

  • 10 is DEBUG;
  • 20 is INFO;
  • 25 is SUCCESS;
  • 30 is WARNING;
  • 40 is ERROR.

If you need to change these tags for a built-in or custom message level, “connect” the “MESSAGE_TAGS” to the dictionary that contains message importance levels and then provide the levels that you want to change with the corresponding tags. Creating custom message levels is not recommended if you are planning to reuse your web application.

Creating Messages

You have to write a simple command to create a message:

“from django.contrib import messagesmessages.add_message(request, messages.INFO, ‘Your message here’)”.

messages.add_message(request, messages.INFO, ‘Your message here’)”.

If a context processor (CP) is used, render your template with a “RequestContext” to display messages. If you do not use a CP you have to ensure the availability of the “messages” variable to the template context.

To set the minimum recorded level per one request, use the “set_level” method. To do this, you have to change the message level to ensure a debug message has been added. Then record warning messages (or higher) in another request and set the level to default using the command: “messages.set_level(request, None)”

Message Expiration

By default, messages are cleared when the response is processed or the storage instance is iterated. If you do not want a message to be cleared right after the response has been processed set the storage to “False” after the iteration.While creating a reusable web application, you may need to hide an error message if the message framework is disabled. In this case,

While creating a reusable web application, you may need to hide an error message if the message framework is disabled. In this case, add the “fail_silently=True” argument to one of the “add_message” method families.As you can see, using Django Messages is quite easy, especially taking into account the detailed documentation created by numerous contributors from all over the world. The framework does not have a price and helps startups create free, simple, and effective solutions for business goals they have set. Several typical commands will enable the full functionality of this well-structured set of libraries.

As you can see, using Django Messages is quite easy, especially taking into account the detailed documentation created by numerous contributors from all over the world. The framework does not have a price and helps startups create free, simple, and effective solutions for business goals they have set. Several typical commands will enable the full functionality of this well-structured set of libraries.

1...302303304...328Page 303 of 328

© 2025 Copyright - TechLog360