Here is what you SHOULD know about Social Engineering

Social Engineering

Short Bytes: People want to extract information, they want to hack people’s accounts, credit cards, and other things. They can do so by becoming Social Engineering experts. It involves various techniques to impact the psychological state of the people’s minds. An attacker can end up convincing a person to give him the information he needs by deceiving them.

     You might have heard the word Social Engineering. But, what exactly is Social Engineering? What are the types of Social Engineering techniques? It can be assumed as a set of techniques primarily intended by the people who want to hack other people or make them do some particular task to benefit the attacker. However, to do this, they don’t want to depend largely on the coding part. Social Engineering scams are the art of deception used by evil minded people to nourish their greed for money or something else.

What is it

     You might’ve received phone calls or emails from people giving credit card offers. They try to take people into confidence and make them pay a hefty amount to claim the offers. We call such things as a fraud. That’s an example/type of social engineering, where people try confidence tricks on their targets.

      It’s not just for financial benefits. Social engineering can be done for other purposes too, for instance, harvesting information from people. It involves playing with people’s mind to get things done. 

     

     You can find social engineers everywhere. Even your friends sitting next to you concentrating on your keyboard while you type your passwords is a social engineer. It’s just that there is no certification for this thing. So, let’s tell you what are the types of social engineering in detail.

Types

     Social engineering can take many forms depending on the medium used to implement it. The medium can be email, web, phone, USB drives, or some other thing. So, let’s tell you about different types of social engineering attacks:

1. Phishing - Phishing is the most common type of social engineering. The attacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.
   
   
2. Spear Phishing - A social engineering technique known as Spear Phishing can be assumed as a subset of Phishing. Although, similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably greater in the case of spear phishing.
   
   
3. Vishing - Imposters or social engineers can be anywhere on the internet. But many prefer the old fashioned way; they use the phone. This type of social engineering is known as Vishing. They recreate the IVR system of a company. They attach it to a toll-free number and trick people into calling the number and entering their details. Would you agree on this? Most people don’t think twice before entering confidential info on IVR system, do they?
   
   
4. Pretexting - Pretexting is another form of social engineering you might’ve come across. It’s based on a scripted scenario presented in front of the targets, used to extract PII or some other information. An attacker might impersonate another person or a known figure. You might’ve seen various TV shows and movies, detectives use this technique to get into places where they’re personally not authorized or extract information by tricking people. Another example of pretexting can be fake emails you receive from your distant friends in need for money. Probably, someone hacked their account or created a fake one.
   
   
5. Baiting - If you have seen the movie Troy, you might be able to recall the trojan horse scene. A digital variant of this technique is known as Baiting and it is one of the social engineering techniques used by people. Attackers leave infected USB drives or optical disks at public places with a hope of someone picking it up out of curiosity and using it on their devices. A more modern example of baiting can be found on the web. Various download links, mostly containing malicious software, are thrown in front of random people hoping someone would click on them.
   
   
6. Tailgating - Similarly, there are other social engineering techniques, like Tailgating, where a person takes help of an authorized person to get access to restricted areas where RFID authentication or some other electronic barrier is present.
   
   
7. Quid Pro Quo - Another social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they’re contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for normal people also. Quid pro quo involves an exchange of something with the target, for instance, the attacker trying to solve a victim’s genuine problem. The exchange can involve materialistic things such as some gift in return for the information.

Defense Strategy

     A few months ago, you might’ve come across the story of Ivan Kwiatkowski. He had sensed a smelly customer support call before it was too late. He managed to fool the so-called executive on the other side and installed ransomware on the attacker’s computer. That could be thought of as a counter attack on such people. You need to be alert when someone asks you to give your information or when some unknown person is giving something to you for free.

     Social engineers can also try to hit on the emotional part of people’s brains. They might try to take you on a guilt trip, make you nostalgic, or even try to impact negatively. The situation becomes alarming; people have the tendency to open up in front of the ones trying to give them emotional comfort.

   One more thing you must pay attention to save yourself from different types of social engineering scams is what you do on the internet. A person trying to hack into your online account may glance through your Facebook profile and find some clues about the answers to the security questions or even your password.

     Mostly, such questions include less important stuff like pet names, school names, birth place, etc. Also, pay attention to what web pages you visit or what files you download. They may contain malicious tools to harvest your information.

     However, these are general ways to defend oneself from being exploited by a social engineer. Big organizations have devised more formal methods to deal with such scenarios. This can include things such as conducting regular drills on employees, training them to deal with such situations, and establishing proper methods to identify a legitimate personnel.

  So, this was a brief overview of social engineering and their types. If you feel like adding something, drop your thoughts and feedback.

Is AI Already Conscious ?!

A.I. Machines Are Learning Quantum Physics And Solving Complex Problems On Their Own

“In future, you might hear about intelligent machines that’ll learn new things on their own and help create a full-fledged quantum computer.” This prediction is inspired by the recent work of researchers that involves the use of neural networks to understand the quantum many-body problem. The AI used in this research was similar to the one that conquered the ancient game of Go.

Do you remember how Google’s Alpha Go artificial intelligence neural network mastered the ancient game of Go and beat world champions? It looks like the same technology can be utilized to solve some other tricky modern problems. And, what could be trickier that understanding the quantum physics?

In the past, traditional methods to understand the behavior of quantum interacting systems have worked well, but there are still many unsolved problems. To solve them, Giuseppe Carleo of ETH Zurich, Switzerland, used machine learning to form a variational approach to the quantum many-body problem.

Before digging deeper, let me tell you a little about the many-body problem. It deals with the difficulty of analyzing “multiple nontrivial relationships encoded in the exponential complexity of the many-body wave function.” In simpler language, it’s the study of interactions between many quantum particles. 

If we take a look at our current computing power, modeling a wave function will need lot more powerful supercomputers. But, according to Carleo, the neural networks are pretty good at generalizing. Hence, they need only limited information to infer something. So, fiddling with this idea, Carleo and Matthias Troyer created a simple neural network to reconstruct such multi-body wave function.

"I LIKE SAYING THAT WE HAVE A MACHINE DREAMING OF SCHRÖDINGER’S CAT.”

By testing some sample problems, they were able to know that it performed better than other available tools. They also calculated the lowest energy or ground states.

“It’s like having a machine learning how to crack quantum mechanics, all by itself,” Carleo says, according to New Scientist. “I like saying that we have a machine dreaming of Schrödinger’s cat.”

This work has sparked a new idea of using neural networks to create an efficient representation of quantum systems. With the increasing advancements in machine learning, we can surely get more insights into intricate problems. And, one day, who knows, an AI-powered supercomputer might just create a quantum computer on its own!

Also, watch very good video about AI

Hackers are using smart toys to watch and talk to children

Barbie can be used by hackers as exploit

     Barbie has gone through more reinventions than Madonna in her 57 ageless years, but her latest reincarnation could be her most revolutionary yet. The internet of things has entered the playroom, and it’s added a layer of intelligence to Mattel’s signature fashion doll, which can now record what children say and give personalized replies by feeding data to the cloud and analyzing their play habits. It all sounded like fun and games until reports emerged last September that Hello Barbie might not be as innocent as she seemed. Security vulnerabilities in the Wi-Fi enabled doll opened a route to turn it into a surveillance device by joining the connected home network.

     Security researcher Matt Jakubowski told NBC Chicago he had accessed the toy’s operating system to gain system information, the Wi-FI network names and account IDs it connects to and the audio it records. He claimed he could use that information to find the house it was kept in and then access the home network. 

     "We're still struggling to have a security kind of mindset when we develop software and products," Gartner analyst Ruggero Contu tells Techworld. 
     
     "There is a need — particularly in the world of digital business and IoT — that security processes and best practices in technology are embedded into the development stage, and at the moment I don't think it's the case." 

     Barbie isn’t the only example of an insecure Mattel smart toy. Its subsidiary Fisher-Price produces an interactive stuffed animal with verification limitations unearthed by researchers at Boston security company Rapid7 that could give out personal details about a child.

     Other manufacturers have faced similar criticisms. The toymaker VTech admitted that information about more than six million children had been stolen by hackers in November 2015 by accessing its devices, including children's photos and addresses.

Legal Action

     The spate of vulnerabilities exposed led a trio of consumer watchdogs in the USA to file a complaint last December alleging that some toy manufacturers collected and used personal information including children’s voices and provided a way for strangers to listen in on their conversations. 

     The submission claims they violate the Children's Online Privacy Protection Act (COPPA), which requires companies to gain parental consent for any personal information obtained online from children under age of 13. 

     Mattel told Techworld that it was committed to safety and security when bringing new products to market. 

     "Mattel and its partners take a number of steps to ensure all of our products conform with applicable laws and standards, including the Children's Online Privacy Protection Act," the company said in a statement.

     Hello, Barbie is not sold in the UK, where similar devices may breach the terms of the EU Unfair Contract Terms Directive, EU Data Protection Directive, and Toy Safety Directive. But the regulations appear to have provided insufficient deterrence so far. "The problem with the IoT world is that responsibility can be potentially attributed to different participants in the ecosystem," says Contu. "There are the manufacturers that obviously have some relevant responsibility, there are the communications service providers that when we look at for example a major denial of server attack, potentially could do more to limit the effectiveness of such attacks [and] there is the responsibility of the consumers themselves."

Danger

     These concerns are not new. In 1998, an electronic toy capable of learning English through a play called Furby became the must-have Christmas gift for children. The National Security Agency saw a sinister potential bubbling under the fake fur and banned the cuddly robot from its headquarters, forcing Tiger Electronics president Roger Shiffman to declare that "Furby is not a spy!"

      IoT technology has turned such paranoia into justified anxiety and the market is set for a boom. Smart toys are predicted to reach $2.8 billion in revenues in 2020 according to Juniper Research, more than quadruple the figure they estimated for 2015. 

     Smart toys don’t just interact with children. They can also be used by parents to monitor location information if the child carries it with them. A security breach could allow someone to find out where the toy was, or even create false data that is sent back to the parent indicating that the child was somewhere that it wasn't. 

     The potential dangers of internet-enabled toys don’t end in accessing the device itself. The Wi-Fi network it connects to could also be accessed and its operation reprogrammed, giving hackers an entry point to the home security network and everything else connected to it, such as mobiles, computers, and smart TVs. 

     "If you're talking about people's home computers, at some point there is somebody sitting in front of a screen, you can give them some instructions and tell them what to do," says Paul Marshall, the chief customer officer at IoT connectivity provider Eseye. 

     "When we talk about the internet of things devices, there's a lot of them and you can't tell them to be careful, you can't tell them there's a new threat about, you have to build that in from the get go."

Security

     Eseye has developed a tool that could allay some of the fears. The AnyNet Secure SIM enables interconnected devices such as smart toys to remotely and securely activate, connect, certify and authenticate. 

     The company recognized that making IoT devices identifiable was key to its solution and that leaving this to an individual to enter a security key into the device would be a major vulnerability. 

     "You could put the security key in at manufacture, but we see a lot of customers nervous about that because if you're outsourcing the manufacture, you don't necessarily know where your security material's going," says Marshall. 

     "And this is the security material that allows not only the device to identify itself, but also to feed data straight into the core network delivering the back-end services." 

     The other possibility that people could see is that you open up an insecure connection to start with and quickly send the security material across it, but then, of course, you've still got this insecure link that you're delivering the security material across."

      The solution it developed delivers application security material across the authentication channel between the modem and the network operator through the AnyNet Secure SIM.

 

     "The device is identified by the SIM card and that's secure and known, so, therefore, nobody actually needs to type in a number of copy paste anything or feed anything in locally." 

     The tale of Hello Barbie is a terrifying one for parents, but the reactions of the industry and security companies offer some hope that the risks will be reduced in her next reinvention.

Is Samsung's Chromebook "Mac Killer"?

Samsung Chromebook Pro 2017

     Some early reviewers of the Samsung Chromebook Pro characterized it as a "MacBook killer," but others were more restrained in their enthusiasm. Jointly developed with Google and first demoed at CES 2017, the Chromebook Pro is slated for release next month. Samsung's Chromebooks basically are lightweight productivity tools that rely heavily on access to cloud-based resources. They have gained popularity in the enterprise for use with remote workers and in educational settings as entry-level computing tools. However, they "are no Mac killers," said Werner Goertz, a research director at Gartner.

 Price

     The Chromebook Pro will sell for US$550. Some reviewers, including PC Magazine's Victoria Song and Ars Technica's Valentina Palladino, considered it pricey. However, that pricing fits into the normal laptop budget, noted Wired reviewer David Pierce. "I don't want to spend $1,000-plus on a PC or Mac when I could get something like the Samsung Chromebook Pro for $549," Forbes' Shelby Carpenter remarked. "Access to the Google Play store and the Android apps ecosystem, combined with the freemium productivity suites such as Slack, make [Chromebooks] a viable option for remote workers," Gartner's Goertz told TechNewsWorld, "and Samsung's carefully selected price points are justified vis-a-vis the slightly less expensive competition."

Battery Life and Design

     The rounded edges and exposed hinge give the Chromebook Pro "a decidedly utilitarian look," Wired's Pierce noted, which is "just fine." Though the Pro is light and small, its squarish shape is "a little awkward when typing," according to PC Magazine's Song. Its design struck Ars Technica's Palladino as "solid." "I got my hands on the device at CES, and I was impressed with how thin and light it was while not feeling like a typical flimsy plastic Chromebook," noted Eric Smith, a senior analyst at Strategy Analytics. The Chromebook Pro's battery life is "only beat by the much more expensive Chromebook Pixel 2 and the Dell Chromebook 13," said Ars reviewer Palladino. However, it "pales in comparison to what we saw" from various Asus Chromebook models, said PC Magazine's Song, who noted that results of two tests varied substantially.

HD Screen

     The Chromebook Pro's 2400 x 1600 Quad HD LED display "is virtually indistinguishable from my Mac screen," Forbes' Carpenter said. The display "makes the entire device taller than most 16:9 laptops and two-in-ones," observed Palladino. That allows a larger palm rest and more space for the user's hands, but a huge bottom bezel and a hardware strip for the hinges to attach to the lid leave "a bunch of empty space," he pointed out. The display offers a much higher resolution than typically found in 11- or 13-inch Chromebooks, Song said, but the 3:2 aspect ratio means it's more square-shaped. That leaves a little room on either side of the keyboard, making the typing experience somewhat awkward.

             

Android Apps and Stylus

     Although the included stylus drew generally favorable remarks, "the quality of the inking wasn't as impressive as Windows or iOS devices at similar price points," Strategy Analytics' Smith told TechNewsWorld. Reviewers liked the Chromebook Pro's access to the huge number of Android apps in the Google Play store. However, some Android apps don't play well with Chrome, they noted. "Some apps don't recognize the keyboard and trackpad; others seem unable to handle a touchscreen," Wired's Pierce pointed out. "Most crash constantly," and switching between apps can be clumsy, said Song. Still, "I was able to do most of my daily work on the Chromebook Pro without major problems," Palladino remarked, adding that it "performed faster than my MacBook Air."

Right Direction

     The convertible Chromebook segment is expanding rapidly, according to Linn Huang, a research director at IDC. "Most have been underpowered, small-screen, low-cost offerings, [and] Samsung's Chromebook Pro marks an evolution towards the premium end," he told TechNewsWorld. In general, Chromebooks "have largely been a K-12 phenomenon," suggested Huang, and they need more work to succeed in the larger consumer market as a category.

also, watch Samsung Chromebook plus Official Introduction video:

Here is what you SHOULD know about new Linux Kernel 4.10

Linux kernel 4.10’s release is just around the corner. This release comes loaded with many new features and better hardware support for Nouveau driver, Intel GTV, AMD Zen, Intel Turbo Boost Max, new ARM devices, etc. The other new features of Linux kernel 4.10 include writeback throttling, fast fail support, and faster WLAN support.

     Back in December 2016, Linux boss, Linus Torvalds rolled out Linux kernel 4.9. Thanks to tons of code due to Project Ara’s ‘greybus’ and AMD GPU register definition files, it was the biggest ever kernel release in terms of commits. The release also opened the Linux kernel 4.10 merge window. Kernel 4.10 is expected to be released this weekend–most probably on February 19.

     Having said that, I know you’re pretty excited about this release and you might be wondering about the new and best features coming to Linux kernel 4.10. So, here they are:

Linux Kernel 4.10 New Features

1. Writeback throttling
   Writeback throttling has been integrated into the block layer. This makes the system more fluid and doesn’t compromise with the background writeback activity.
   
2. Improvements in Nvidia DRM driver
   
   A major change coming with Linux kernel 4.10 is the improvements for Nvidia GPUs. The Nouveau driver is now restructured to allow smoother development in the future. The basic support for Multi-Stream Transport has also been added. There is also performance boost support, option to adjust Nvidia logo brightness, etc.
   
3. Fail fast support
   
   In the MD RAID subsystem, Fail fast support has been added. What is its use? This change will cancel the read operating from the drive that’s showing problems and read from the other device.
   
4. AMDGPU DRM driver fixes and AMD Zen addition
   
   Multiple fixes (power management, exposed RPM fan info., etc.) have been made to AMDGPU DRM. Now, it supports Polaris 12 GPUs. Also, more AMD Zen code is being mainlined.
   
5. Support for Intel Turbo Boost Max 3.0 and Intel Cache Allocation Technology (CAT)
   
   A big feature of Linux kernel 4.10 is the support for Intel Turbo Boost Max 3.0 technology. This lets the CPU cores to achieve higher frequencies. Another addition is the support for Intel Cache Allocation Technology that allows one to partition the cache of newer Intel CPUs.
   
6. Initial Intel Graphics Virtualization Technology support
   
   In Linux kernel 4.10, the initial Intel GVT mainline support is being added. It’ll allow the VMs to make use of graphics hardware.
   
7. Support for new ARM platforms
   
   A number of new ARM platforms are now supported. They are Huawei Nexus 6P, LG Nexus 5X, Pine64, Snapdragon 808 and 810, Samsung Exynos 5433, NXP LS1046A, etc
   
8. Better support for Raspberry Pi 3, Microsoft Surface 3, x86 laptops
   
9. Other Major Improvements:
   
   Better HDMI support on Skylake CPUs
   Early support for Tegra P1/Parker
   EXT4 DAX iomap and XFS iomap support
   Faster WLAN
   ATA command priority support
   Encryption support in UBIFS
   
   also, watch what is a Linux:
   
   
   
   
   and why to use a Linux over Windows:
   
   

When will new Samsung Galaxy S8 come out ?

Samsung galaxy s8 release date and rumors

The Samsung Galaxy S7 was almost everything we hoped for, with improvements throughout leading it to be one of the most powerful, stylish and all round accomplished smartphones on the market. But there's still room for improvement and based on the rumors we're hearing that's exactly what we'll get from the Galaxy S8, with talk of a new AI assistant, a dual-lens camera, an upgraded screen and more.

Most Important Part

• What is it? Samsung's next flagship smartphone
• When is it out? Rumors say March 29 launch, April 21 release date 
• What will it cost? Maybe around $850 (roughly £655/AU$1120)

All About RELEASE DATE

• No MWC announcement, but maybe a video tease 
• A delay until likely late March or April
• It will be called the Galaxy S8

     Samsung typically announces new phones at the end of February, but its mobile president confirmed that the Samsung Galaxy S8 won't be announced at MWC 2017 – well, not announced in full at least.

     Instead, we'll see the new Android Nougat phone teased in a one-minute video at the event on February 26, according to a new report out of Korea. Most of the company's MWC press conference will focus on the Samsung Galaxy Tab S3.

     Expect 60 seconds a slowly rotating smartphone draped in dark shadows and have it all accompanied by booming music. Maybe even a tagline like 'The next big thing just got even bigger,' alluding to a larger display size. 

     The official launch date may happen a little more than one month later, with the newest believable leaks saying it'll be a March 29 launch event in New York that outs the new Samsung phone. The actual Galaxy S8 release date in stores is expected to be April 21. 

     Samsung's biggest phones typically go through a one month lag time between their announcement and actual shipment dates, so that part at least checks out.

      Of course, we've also heard about other possible release dates, including April 18. Either way, Samsung isn't launching its phone as soon as it usually does.

Samsung Galaxy S8 Leaked Photo

     If you have a Samsung Galaxy S6 on a two-year contract, you're going to want to hold onto it for a few more weeks instead of upgrading to the older Galaxy S7. There will be phones like the LG G6 and BlackBerry Mercury trying to tempt you away in the meantime.

     The later Samsung Galaxy S8 release date doesn't necessarily mean it's been delayed. It could be that the company wants to host a separate event or wait for the very latest specs to build the best phone possible.

     It also taking extra time to focus on what caused the Samsung Galaxy Note 7's flammable faults - an investigation which has now been completed.

     One thing we can say with some certainty though is whenever it launches, Samsung's next phone will indeed be called the Galaxy S8, as Samsung has filed an application with the USPTO to protect exactly that.

     Notice: The March 29 launch date comes from reliable leakers, and the April 21 release date makes sense since it's nearly one month later. Expect more Samsung Galaxy S8 leaks during MWC, even though it's not there for the public to see outside of a 60-second teaser video.

Watch Video about how will new Samsung Galaxy S8 look like :