More
Home Blog Page 388

Microsoft Probably has your Disk Encryption Key in its Server, Here’s How to Take it Back

By
Sabarinath
-
Disk Encryption Key

Did you recently bought a new Windows 10 PC or have upgraded to the latest version of the Windows OS, chances are your disk encryption key has been uploaded to Microsoft’s servers — which means you’re not 100 percent in control of the privacy of your data.

Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices. The Intercept reports that this is probably the case if you’ve logged in to Windows 10 with your Microsoft account. That’s useful for accessing your hard drive after something’s gone wrong, but it also means that if a hacker gains access to your Microsoft account, they could make a copy of it for misuse.

Also Read : How To Increase Internet Speed In Windows

So What is Disk Encryption ?

Disk encryption is a simplified version of the BitLocker drive encryption that made its debut in Windows Vista in 2006. The full BitLocker requires a Pro or Enterprise edition of Windows, and includes options such as integration with Active Directory, support for encrypting removable media, and the use of passwords or USB keys to unlock the encrypted disk.

Disk encryption is more restricted. It only supports internal system drives, and it requires the use of Secure Boot, Trusted Platform Module 2.0 (TPM), and Connected Standby-capable hardware. This is because Disk encryption is designed to be automatic; it uses the TPM to store the password used to decrypt the disk, and it uses Secure Boot to ensure that nothing has tampered with the system to compromise that password.

The final constraint for Disk encryption is that you must sign in to Windows with a Microsoft account or a Windows domain account to turn it on. This is because full disk encryption opens the door to all kinds of new data loss opportunities. If, for example, you have your system’s motherboard replaced due to a hardware problem, then you will lose access to the disk, because the decryption keys needed to read the disk are stored in the motherboard-mounted TPM. Some disk encryption users may feel that this is a price worth paying for security, but for an automatic feature such as device encryption, it’s an undesirable risk.

Also Read : InFocus Kangaroo Launched As World’s Smallest Windows 10 PC

How to Remove Disk Encryption Key from Microsoft Account ?

Although there’s no way to prevent a new Windows powered computer from uploading the disk encryption key at the very first time you log into your Microsoft account, you can delete the existing encryption key from your Microsoft account and generate a new one.

Follow the below steps to remove disk encryption key from your Microsoft account :

• Open recovery key page in OneDrive and log in with your Microsoft Account

• You will find list of recovery keys backed up to your Microsoft Account. If you don’t see any recovery keys, then you either don’t have an encrypted disk, or Microsoft doesn’t have a copy of your recovery key. This might be the case if you’re using BitLocker and didn’t upload your recovery key when you first turned it on.If you have recovery key, take a backup (screenshot) of it locally and now go ahead and delete your recovery key from Microsoft Account.

Generate a New Disk Encryption Key Without Giving a Copy to Microsoft

Also Read : Mozilla Finally Introduced 64-Bit Firefox for Windows

In order to generate a new disk encryption key, this time without giving a copy to Microsoft, you need decrypt your whole hard disk and then re-encrypt it, but this time in such a way that you’ll actually get asked how you want to backup your recovery key.

• So first go to Start, type “Bitlocker”, and click “Manage BitLocker”.

• Click “Turn off BitLocker” and it will decrypt your disk.

• Once done, Click “Turn on BitLocker” again.

• Now Windows will ask you: How you want to backup your Recovery Key. Make sure to DO NOT Choose “Save to your Microsoft Account”. If you choose to save it to a file, it will make you save it onto a disk that you’re not currently encrypting, such as a USB stick. Or you can choose to print it and keep a hard copy.

Disk Encryption Key

• On the next page it will ask you if you want to encrypt used disk space only (faster) or encrypt your entire disk including empty space (slower). If you want to be on the safe side, choose the latter. Then on the next page it will ask you if you wish to run the BitLocker system check, which you should probably do.

• Finally, it will make you reboot your computer

When you boot back up your hard disk will be encrypting in the background. At this point you can check your Microsoft account again to see if Windows uploaded your recovery key – it shouldn’t have.

Now just wait for your disk to finish encrypting. Congratulations: Your disk is encrypted and Microsoft no longer has the ability to unlock it.

This is only possible if you have Windows Pro or Enterprise. Unfortunately, the only thing you can do if you have the Home edition is upgrade to a more expensive edition or use non-Microsoft disk encryption software.

Also Read : Microsoft Joint Hands with a Chinese Partner to Accelerate Adoption of the Windows 10 Operating System

Did you follow above mentioned steps, if not do now? Have any doubts during process feel free to comment!

Researchers from Google Discovered How to Hack a Corporate Network just by Sending an Email

By
Avinash A
-
FireEye Hack a Corporate Network just by Sending an Email

What if, with a single email, an attacker could monitor all traffic on a supposedly protected network?

Researchers from Google’s Project Zero found, and silently reported, a bug in FireEye security software that allowed attackers to do just that. No, it’s a not a phishing scam. No one had to actually open the email. Just sending it was enough.

Also Read : The Anatomy Of A Data Breach

FireEye offers devices that scan all traffic flowing through a company’s network. If malware is detected in any transfer, the device intercepts the file and removes the malware.

Project Zero demonstrated they could use this constant screening process against the software, turning it from a security feature into a bug that monitors all Internet traffic inside the company. Google employee Tavis Ormandy outlined the process in a blog post.

“For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario,” wrote Ormandy, adding that such an exploit could let hackers passively monitor all traffic on a company’s network. He then outlined an exploit that does exactly that.

Also Read : What Is DDoS Attacks And How Does It Works ?

Read the entire post if you’re technically inclined — everything is laid out in detail. But don’t worry, FireEye has been notified of the problem, and given a chance to fix it before Google published the exploit for the entire world to read.

Google’s Project Zero team is charged with discovering, documenting, and silently reporting zero day exploits before malicious hackers do. The team researches not only potential security issues in Google services, but any software used by large groups of people.

When the team discovers a flaw in another company’s software, they report it silently so that patches can be developed and released. It’s only after everything is fixed that they make their discoveries public — or 90 days, whichever comes first. The team caused controversy in 2014, when Microsoft did not fix an exploit in Windows 8 within the 90-day Window.

Also Read : What Is SQL Injection Attack And How Does It Works ?

Anonymous Brought Down 400,000 Turkish Websites As Part Of War Against ISIS

By
Avinash A
-
Anonymous Brought Down Turkish Websites

Turkey is reeling under a massive cyberattack purportedly carried out by the hacktivist group Anonymous. The targets of the attacks include the websites of the government and banks. According to official page of hacker group, Anonymous brought down about 400,000 Turkish websites as part of war against ISIS.

According to local media, the Anonymous hacking group posted a message saying it would continue to attack Turkey for “supporting the Islamic State by buying their oil and tending to their injured fighters.”

Anonymous recently ‘went to war’ with ISIS after the horrific terrorist attacks in Paris, which left 130 people dead.

Also Read : The Anatomy Of A Data Breach

Anonymous Brought Down 400,000 Turkish Websites

The two-week-long cyber campaign intensified over Christmas as scores of financial and state-run sites were experiencing distributed denial of service (DDoS) attacks resulting in crippling of transactions. Nic.tr, a non-governmental organisation that administers addresses for websites using the “tr” domain, said Thursday that the attack appeared to be from “organised sources” outside Turkey. The domain is used by websites belonging to Turkish ministries, commercial enterprises and banks. The attack has seriously disrupted the banking sector.

Anonymous Official Press Release To Turkish Government Leaders

“As many of you have heard, Turkey is supporting Daesh [Isis] by buying oil from them and hospitalizing their fighters.”

“We won’t accept that Erdogan, the leader of Turkey, will help Isis any longer. The news media has already stated that Turkey’s internet has been the victim of massive DDoS attacks.”

“Dear Government of Turkey, if you don’t stop supporting Isis, we will continue attacking your internet, your root DNS [the foundation of Turkey’s internet], your banks and take your government sites down.

After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.”

“Stop this insanity now, Turkey. Your fate is in your hands.”

Also Read : What Is SQL Injection Attack And How Does It Works ?

Anonymous group released a video claiming that they brought down the servers because of Turkey’s alleged ties with the Islamic State (Isis). Local media reports said leading banks such as Isbank, Garanti and Ziraat Bank were among the targets.

https://youtu.be/EdgLA3ICvuc

Turkish servers were bombarded for more than a week earlier this month, in what’s being called some of the most intense cyberattacks in the history of the country. The government was eventually forced to cut off all foreign internet traffic coming to ‘.tr’ websites – Turkey’s domain – to help stop the assault, according to Radware.

Turkey has been under fire in recent months for failing to actively stop ISIS, especially given the geographic proximity to Syria and Iraq. President Obama has put pressure on the country to secure their border with Syria, and U.S. officials have expressed frustration that Turkey has not stopped extremists smuggling oil.

Also Read : What Is XSS Attacks And How Does It Works ?

Researchers Claims GOTPass System – Images and Patterns as Passwords Holds Up Well Against Hacks

By
Avinash A
-
GOTPass System

Researchers at Plymouth University have devised a new password input method called GOTPass system, that they believe could improve security and could be effective in protecting personal online information from hackers.

GOTPass system combines patterns, imagery, and one-time passcode to create a system that it’s hoped would be both more secure and easier to remember than traditional passwords. It will also reduce the cost for banks or companies where they might need to implement hardware systems, and also more convenient for customers who might no longer need to bring around.

Also Read : Google Says its Quantum Computer is More Than 100 Million Times Faster Than a Conventional PC

“In order for online security to be strong it needs to be difficult to hack, and we have demonstrated that using a combination of graphics and one-time password can achieve that. This also provides a low cost alternative to existing token-based multi-factor systems, which require the development and distribution of expensive hardware devices. We are now planning further tests to assess the long-term effectiveness of the GOTPass system, and more detailed aspects of usability.” —  said by Dr Maria Papadaki, Lecturer in Network Security at Plymouth University and director of the PhD research study

How does GOTPass System Work?

GOTPass System

To set up the GOTPass system, users would have to choose a unique username and draw any shape on a 4×4 unlock pattern, similar to that already used on mobile devices. They will then be assigned four random themes, being prompted to select one image from 30 in each.

Also Read : Researchers Developed First Light-Based Microprocessor Chip to Create More Powerful Computers & Ultrafast Communications

When they subsequently log in to their account, the user would enter their username and draw the pattern lock, with the next screen containing a series of 16 images, among which are two of their selected images, six associated distractors and eight random decoys.

Correctly identifying the two images would lead to the generated eight-digit random code located on the top or left edges of the login panel which the user would then need to type in to gain access to their information.

It all sounds horribly complicated, but initial tests have shown the system to be easy to remember for users, while security analysis showed just eight of the 690 attempted hacking were genuinely successful, with a further 15 achieved through coincidence.

Researchers say the system would be applicable for online banking and other such services, where users with several accounts would struggle to carry around multiple devices, to gain access. And they are now planning further tests to test its efficacy and usability.

Also Read : Difference Between File System NTFS, FAT32, and exFAT

So what do you think about GOTPass system, do they provide a new layer of security without password? We’d love to hear from you in the comments!

Researchers Developed First Light-Based Microprocessor Chip to Create More Powerful Computers & Ultrafast Communications

By
Avinash A
-
Light-Based Microprocessor Chip

Researchers at the University of Colorado Boulder, in collaboration with the University of California, Berkeley and the Massachusetts Institute of Technology (MIT), have developed a groundbreaking light-based microprocessor chip to create more powerful computers and ultrafast communications. Since this microprocessor chip uses light, rather than electricity, to transfer data at rapid speeds while consuming minute amounts of energy.

The technology involved in creating light-based microprocessor, called silicon photonics, is an active area of research at chipmakers like Intel and IBM. The new light-based microprocessor measures just 3 millimeters by 6 millimeters and  utilises multiple wavelengths of light, simultaneously sending data through a single fibre. And the new chip has the potential of transmitting data at nearly 300Gbps per square millimetre, which is close to 50 times faster than conventional electronic wires.

Also Read : Power Paper – A Paper to Store Electricity Coming Soon

Why Light-Based Microprocessor Chip

Light-Based Microprocessor Chip
Light-based microprocessor chip showing optical circuits (left), memory (top) and 2 compute cores (right). | Image Credits : Colorado Univ

Data transport across short electrical wires is limited by both bandwidth and power density, which creates a performance bottleneck for semiconductor microchips in modern computer systems—from mobile phones to large-scale data centres. Since fibre optics offer larger bandwidth that could facilitate higher rate of communications over greater distances. Fibre optics also utilises less energy. The prototype researchers used had fibre optic links instead of conventional electric wires, also demonstrating that optical chips can be made without any alteration to existing semiconductor manufacturing processes, which has been a challenge thus far.

“One advantage of light based communication is that multiple parallel data streams encoded on different colors of light can be sent over one and the same medium – in this case, an optical wire waveguide on a chip, or an off-chip optical fiber of the same kind that as those that form the Internet backbone,”  — said Popović, whose CU-Boulder-based team developed the photonic device technology in collaboration with a team led by Rajeev Ram, a professor of electrical engineering at MIT.

“Another advantage is that the infrared light that we use – and that also TV remotes use – has a physical wavelength shorter than 1 micron, about one hundredth of the thickness of a human hair,”  —  said Popović. “This enables very dense packing of light communication ports on a chip, enabling huge total bandwidth.”

Also Read : Li-Fi Is Here, 100 Times Faster Than Wi-Fi

Future of Light-Based Microprocessor Chip

Light-Based Microprocessor Chip
Electrical signals are encoded on light waves in this optical transmitter consisting of a spoked ring modulator, monitoring photodiode (left) and light access port (bottom), all built using the same manufacturing steps and alongside transistor circuits that control them (top). | Image Credits : Colorado Univ

The new light-based microprocessor chip bridges the gap between current high-speed electronics manufacturing and the needs of next-generation computing for chips with large-scale integrated light circuits.

Also Read : Nanoparticle Quantum Dot Will Charge Your Phone In 30 Seconds

If they succeed in bringing their prototype out of the research lab, consumers will eventually benefit. For data centers, where messages shuttle among thousands of servers, silicon photonics could speed up services like Google search or Facebook image recognition or let those companies introduce performance-intensive features not economical today. For personal computers and smartphones, silicon photonics could uncork performance bottlenecks without hampering battery life.

“Light based integrated circuits could lead to radical changes in computing and network chip architecture in applications ranging from smartphones to supercomputers to large data centers, something computer architects have already begun work on in anticipation of the arrival of this technology,”  — said Miloš Popović, an assistant professor in CU-Boulder’s Department of Electrical, Computer, and Energy Engineering and a co-corresponding author of the study.

So when can we expect it? The researchers are expecting that data-centers will be the first to utilise the chips, and they will eventually find their way into the mobile and PC market. They also expect the test versions of these chips to be ready by early 2017. The team has published a paper in the journal Nature.

Also Read : A Smart Glove That Translates Sign Language Into Text And Speech

What do you think about this new light-based microprocessor chip. Do they opens new door to more advanced technology? We’d love to hear from you in the comments!

[Infographic] 8 Deadly Computer Viruses That Brought the Internet to Its Knees

By
Sabarinath
-
Deadly Computer Viruses

We all heard about computer viruses, yes not a new thing. Everyday new type of computer viruses are created by cyber-criminals to compromise our gadgets and personal data.

Did you know first computer virus was created by a 15-year-old high school student, Rich Skrenta in February 1982. And the name of the first computer virus was Elk Cloner. Since Elk Cloner virus was a harmless prank, displaying random messages to users and played subtle tricks when the infected floppy disk was booted.

After that many different types of viruses have been created. Some, like the Elk Cloner, can be annoying but harmless to your computer. Others can do actual damage and end up costing you money due to wasting computer resources, causing system failures, corrupting or deleting your data, or even stealing your private information.

While many of these computer viruses can easily be defeated and others have gone rampant and cost millions of dollars in damage. And also it’s difficult to count the actual number of computer viruses in existence because everyone defines new viruses and categorizes them differently. Some estimates range from in the thousands, to the tens of millions, while others categorize all viruses to a couple dozen different types.

Governments and big companies aren’t the only ones at risk. Your computer can be hacked by computer viruses as well, giving hackers access to your personal information, corrupting your data, wiping your hard drive, and even using your computer to spread the virus to your friends and family.

8 Deadly Computer Viruses

So here is an infographic from WhoisHostingThis, where they show 8 deadly computer viruses in history, the effects they had on their victims — and how you can keep yourself safe.

Deadly Computer Viruses

Did you ever created any computer viruses to prank your friend, if not then create one now and scare him.

 

Edward Snowden Doubts Security of Telegram, but Founder Pavel Durov Disagrees

By
Sabarinath
-
Edward Snowden Doubts Security

Popular messenger Telegram, the rival messaging app to WhatsApp which recently hit headlines over its popularity with terror group ISIS, is facing criticism on Twitter over its claims that it is totally secure and encrypted with NSA whistleblower Edward Snowden also raising the issue.

The concern over Telegram was first raised by Matasano Security’s firm’s Thomas H Ptacek who posted that the app “stores the plain text of every message every user has ever sent or received” on its servers. According to Ptacek’s tweet, Telegram is not relying on encryption for the data it saves on its cloud servers, contrary to the app’s claims.

The tweet was then re-shared by NSA whistleblower Edward Snowden who posted, “I respect @durov, but Ptacek is right: @telegram’s defaults are dangerous. Without a major update, it’s unsafe.” 

Also Read : Why we are Addicted to Facebook ? – Interesting Survey Results

Pointing towards the vulnerability of such a setup, Snowden hinted that the plaintext of the messages should not be accessible to a service provider at all for a connection to be truly secure.

Telegram has recently been branded the “favorite” messenger among international terrorists in the US media, after Islamic State jihadists allegedly used it while claiming responsibility for attacks in Paris and on the Russian plane over Sinai. Laith Alkhouri, director of Research at Flashpoint Global Partners, called Telegram “the new hot thing among jihadists” in a CNN Money report. The messenger’s encryption might have provided them with the opportunity to exchange secret messages, he alleged.

While Ptacek’s and Snowden’s conclusions appear to contradict the allegations of Telegram’s self-professed complete security, Pavel Durov apparently disagrees. The founder responded to Snowden’s tweet by saying: “Skipping the sarcastic part: users who don’t need cloud sync or do not trust us, use secret chats – https://telegram.org/privacy.”

Also Read : Mark Zuckerberg Quit His Job At Facebook Because Of This Bug

But Durov’s reply that the app doesn’t store the messages hasn’t convinced all. London-based Mustafa Al-Bassam asked on Twitter, “How can http://web.telegram.org work while the phone is off then,” to which WhatsApp’s Jan Koum replied saying that unlike Telegram, WhatsApp for web won’t work without a phone as they don’t store any chat history on their servers.

Koum tweeted, “that is exactly why WhatsApp web client doesn’t work w/o your phone – because we don’t store you chat history on our servers 🙂 ” 

Interestingly WhatsApp has been accused of blocking links to the Telegram app on Android. Telegram claims to have over 60 million monthly users. Telegram co-founder’s reply hasn’t convinced critics, who are pointing out that the default settings in the app are not really that secure.

Also Read : Microsoft Joint Hands with a Chinese Partner to Accelerate Adoption of the Windows 10 Operating System

Are you concern over security of Telegram ? We’d love to hear from you in the comments!

Did you Know, Apple Has Over 800 Engineers Working on the iPhone Camera

By
Avinash A
-
iPhone Camera

If you ever wondered why the iPhone camera is among the top rated in the industry, it is because Apple has an army of people working on developing its technology. The company has more than 800 engineers working on perfecting the camera, arguably the most used part of the iPhone. In a wide-ranging interview, the company’s executives laid bare the great effort that goes into their devices.

Also Read : Hackers Claim $1 Million Bounty For Remotely Jailbreaking iOS 9

Speaking to 60 Minutes’ Charlie Rose, Graham Townsend, Apple Senior Director of Camera Hardware, revealed that the tiny camera module on the iPhone 6s Plus is made of 200 individual parts. To just get an idea of how important this aspect of the phone is to Apple, Townsend added that the company has a team of more than 800 engineers that work on it. Inside the camera are four tiny wires, Townsend said, that create a “microsuspension” to offset the shakes and disturbances raising from a user’s hands. Each wire is thinner than a human hair.

Why iPhone Camera So Special

Then he demonstrated how Apple simulates various conditions to test out the camera’s performance, from sunsets to lousy indoor lighting. “We can simulate all those here,” Townsend said. Apple’s competitors certainly conduct many of those same tests, but the sheer size of Apple’s camera team shows you how high up on the priority list it’s risen. Apple has built entire ad campaigns around the iPhone’s camera, and always makes it a point to highlight improvements with each new iPhone revision.

Also Read : Finally Samsung Agreed To Pay Apple $548 Million In Patent Dispute

iPhone Camera

There’s a lab inside Apple’s campus where it assesses the camera output. Some engineers test the camera photographs in a range of lighting situations and make the required calibration for getting the best shot. “To capture one image, there’s actually 24 billion operations going on,” Townsend told Rose.

The interview also saw Apple executives talk about its stand on encryption, taxation, and land labour, among other aspects.

Also Read : Apple Developing Advanced Display Technology at their New Secret Laboratory in Taiwan

1...387388389...401Page 388 of 401

© 2025 Copyright - TechLog360