Welcome to Archives, a place one could view different form of our listed activities.
Posts listed in Chronological Order.
- Fuel efficient routes.
- Should organizations be making MVP (Minimum Viable Product) or MVSP (Minimum Viable SECURE Product) ?
- Computer Scientist Explains One Concept in 5 Levels of Difficulty | WIRED
- COVID Risk Chart https://t.co/DzZeUeJVNh #examplefeeds – comics
- COVID Risk Chart https://t.co/DzZeUeJVNh – comics
- Thinking of a Cybersecurity Career? Read This https://t.co/9ZRqg8jkjp #infosec
- https://youtu.be/tfHJJCTivpI #SalmanKhwaja
- https://www.omgubuntu.co.uk/2020/07/install-shutter-on-ubuntu-20-04-snap #SalmanKhwaja
- Today marks the day I spoke in the webinar at EC Council. Couldn’t be more honored. #SalmanKhwaja
- Missed out on the Event on *Pakistani Universities and Online Education during Covid 19 Crisis? *
You can always watch it offline at either Facebook or YouTube.
Here are the links.
*Facebook*.
https://m.facebook.com/story.php?story_fbid=305966197092405&id=1487226818214322
*YouTube*
https://youtu.be/sILgQRz5iko
Also we present complete playlist of Agile Nights on YouTube.
https://m.youtube.com/playlist?list=PLduru4yrOGuVKmzDhrUmOhIP1qgylF9-C
Have a listen / watch to all the sessions, we have been doing since we all were home bound. #SalmanKhwaja
- https://twitter.com/mashable/status/1271861642226135042?s=09 #SalmanKhwaja
- Top 5 Advantages of Microsoft Office Certification in 2020
- https://twitter.com/beyondidentity/status/1250077259253374976?s=19
Didn’t know Netscape is behind beyond identity.. #SalmanKhwaja
- Beyond Identity in Action
https://youtu.be/E8GdzTgf14A #SalmanKhwaja
- Beyond identity, a password less authentication system, as they call it. Sounds interesting.. #SalmanKhwaja
- This Simple Hack Will Let You Enable Dark Mode on Whatsapp Web (Without Any Third-Party Extension) / Digital Information World
https://www.digitalinformationworld.com/2020/05/how-to-enable-dark-mode-on-whatsapp-web-without-any-third-party-extension.html #SalmanKhwaja
- How to enable dark mode on WhatsApp web. Pretty safe actually. Use developer options and search and replace body=”web dark”. #SalmanKhwaja
- https://www.omgubuntu.co.uk/2020/04/gtg-gtd-app-for-linux #SalmanKhwaja
- https://www.bleepingcomputer.com/news/microsoft/windows-10-quietly-got-a-built-in-network-sniffer-how-to-use/ #SalmanKhwaja
- Pktmon. nice and interesting.. #SalmanKhwaja
- A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ #SalmanKhwaja
- What an explanation #SalmanKhwaja
- DNS-over-HTTPS causes more problems than it solves, experts say | ZDNet
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/ #SalmanKhwaja
- Essence and Motivation – DevOps.com
https://devops.com/essence-and-motivation/ #SalmanKhwaja
- Public speaking at the speed of light.
- 5 Ways Big Data Can Help Grow Business in 2020
- https://www.linkedin.com/posts/tpsworldwide_eccouncil-cyberattacks-cybersecurity-activity-6654400973827604480-4rht #SalmanKhwaja
- “Words are, of course, the most powerful drug used by mankind.” – Rudyard Kipling #SalmanKhwaja
- Dark Reading:
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Often the hardest part in creating an effective awareness program is deciding what NOT to teach. #SalmanKhwaja
- Dark Reading:
Do DevOps Teams Need a Company Attorney on Speed Dial?
In today’s regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers. #SalmanKhwaja
- Threatpost | The first stop for security news
TrickBot App Bypasses Non-SMS Banking 2FA
TrickBot victims are being fooled into downloading an app that records their screens – stealing non-SMS 2FA passcodes for banking websites. #SalmanKhwaja
- IT SECURITY GURU
Hospitals in Spain targeted by Netwalker ransomware
Hospitals in Spain have been targeted with coronavirus-themed phishing lures by attackers looking to lock-down their systems with Netwalker ransomware. Local reports indicate that medical centres have been receiving emails purporting to offer “information on COVID-19”, but with PDF attachments that activate the ransomware, commonly associated with computer crime groups in Eastern Europe.
Source: Computing.com
The post Hospitals in Spain targeted by Netwalker ransomware appeared first on IT Security Guru. #SalmanKhwaja
- A beautiful Scrum Cheat sheet… #SalmanKhwaja
- Jeremy Long — It’s dependency check, not checker by Application Security PodCasthttps://player.fm/1zuBCk #nowplaying #SalmanKhwaja
- Awesome Talk on Dependency Check. If you want to implement it in your DevSecOps pipeline, go for it. #SalmanKhwaja
- Crafty Web Skimming Domain Spoofs “https”
https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/ #SalmanKhwaja
- Symptoms
https://xkcd.com/2279/ #SalmanKhwaja
- Ringtone Timeline
https://xkcd.com/2272/ #SalmanKhwaja
- Self-Isolate
https://xkcd.com/2276/ #SalmanKhwaja
- A cartoon intro to DNS over HTTPS – Mozilla Hacks – the Web developer blog
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ #SalmanKhwaja
- Don’t Tap That Mic – Alyssa Miller
https://alyssasec.com/2020/02/dont-tap-that-mic #SalmanKhwaja
- Telegram X was updated to version 0.22.5.1302
Brief overview of new features:
https://telegra.ph/Telegram-X-02-29 #SalmanKhwaja
- In am in love with telegram saved reminders feature..wow.. #SalmanKhwaja
- https://salmankhwaja.wordpress.com/2020/03/06/ucertify-a-tool-to-learn-and-keep-learning/ #SalmanKhwaja
- https://salmankhwaja.wordpress.com/2020/03/06/ucertify-a-tool-to-learn-and-keep-learning/ #SalmanKhwaja
- Ucertify, a tool to Learn and Keep Learning.
- Seriously… Social powered WiFi or MiFi…?
https://m.youtube.com/watch?v=H7pOuhAkEOQ
I think it’s the coolest way to Targeted spam. I am already in the hot spot of or like or follow list of many brands twitter, Facebook feeds.. why would I need this. ?
May be some could explain it to me… #SalmanKhwaja
- Peerlyst
https://www.peerlyst.com/posts/building-security-operation-center-soc-prasanna-b-mundas #SalmanKhwaja
- “The more you sweat in peace, the less you bleed in war”. Norman Schwarzkopf #SalmanKhwaja
- The Hacker News
500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been #SalmanKhwaja
- End to end Encryption explained in a very easy way. For infographic, click below
Twitter: http://bit.ly/39zJOhg
Facebook : http://bit.ly/2UQikQ5 #SalmanKhwaja
- Wow. How beautifully #Lego is using their careers page.
Fascinating to see such creativity.
https://twitter.com/LEGO_Careers?s=09 #SalmanKhwaja
- How to Establish an Effective Security Testing Plan – Cyber Startup Observatory
https://cyberstartupobservatory.com/how-to-establish-an-effective-security-testing-plan/ #SalmanKhwaja
- “The only way to discover the limits of the possible is to go beyond them into the impossible.” – Arthur C. Clarke #SalmanKhwaja
- IT SECURITY GURU
The Impact of Security Automation on Hiring Trends
Compiling data drawn from surveys sent out to more than a thousand IT and IT security practitioners within the UK and US, the Ponemon Institute, in collaboration with DomainTools, have recently published their insights in the report titled “Staffing the IT Security Function in the Age of Automation”. Will automation shrink IT security functions’ headcount?
According to the report, more than half of the respondents (51%) believe that automation will lead to a loss of employment opportunities within the security field. This mentality seems to have shifted quite dramatically as it has risen by 30% in comparison to the results obtained last year. Between the UK and the US, however, it would appear that this rising belief is especially pronounced among the UK respondents, with 56% answering that it would reduce headcount, compared to 45% of US respondents. Correlating with this belief, is the upsurge of concern that they may be made redundant due to automation, from 28% to 37% in the last year alone. Yet, despite these fears, around 1 in 7 organisations’ IT security functions are understaffed. Humans won’t become obsolete
While most respondents agree that automation has the benefit of freeing IT security staff from the more mundane tasks to focus on resolving serious vulnerabilities, there is still an underlying understanding that the role of humans is indispensable. Indeed, only 40% of respondents trust automation to reduce human error and 74% insist that automation is not capable of accomplishing certain tasks done by IT security staff. In this way, it looks as if the sentiment towards automation is bittersweet.
Nevertheless, rather than the loss of bodies within the sector, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, responds with optimism. He states that “What is more likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.” Automation makes security professionals’ jobs a little easier
In fact, automation does provide a multitude of benefits. For example, 60% of employees affirm that automation has aided in reducing stress levels and 43% confirm it increases productivity, whether through decreasing false positive and/or negatives (43%), increasing the speed of analysing threats (42%) or prioritising threats and vulnerabilities (39%).
As Corin Imai, Senior Security Advisor at DomainTools, maintains, “Automation is already improving the productivity of security personnel across industries. We are … just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles. However, the human factor remains the most important player in information security…those that become experts in deploying and managing automating solutions will have a new valuable skill set for many years to come.”
Apart from having the skills to deploy and manage automating solutions, it also important to be aware of the environment we operate in, including being familiar with regulatory compliance standards such as GDPR. With 77% of respondents citing that such standards have a global influence on organisations’ use of automation, it is increasingly mandatory that job candidates are acquainted with new and existing regulations, regardless of their experience, whether entry-level or otherwise.
For more insights and additional trends, download the full set of findings.
The post The Impact of Security Automation on Hiring Trends appeared first on IT Security Guru. #SalmanKhwaja
- IT SECURITY GURU
The Impact of Security Automation on Hiring Trends
Compiling data drawn from surveys sent out to more than a thousand IT and IT security practitioners within the UK and US, the Ponemon Institute, in collaboration with DomainTools, have recently published their insights in the report titled “Staffing the IT Security Function in the Age of Automation”. Will automation shrink IT security functions’ headcount?
According to the report, more than half of the respondents (51%) believe that automation will lead to a loss of employment opportunities within the security field. This mentality seems to have shifted quite dramatically as it has risen by 30% in comparison to the results obtained last year. Between the UK and the US, however, it would appear that this rising belief is especially pronounced among the UK respondents, with 56% answering that it would reduce headcount, compared to 45% of US respondents. Correlating with this belief, is the upsurge of concern that they may be made redundant due to automation, from 28% to 37% in the last year alone. Yet, despite these fears, around 1 in 7 organisations’ IT security functions are understaffed. Humans won’t become obsolete
While most respondents agree that automation has the benefit of freeing IT security staff from the more mundane tasks to focus on resolving serious vulnerabilities, there is still an underlying understanding that the role of humans is indispensable. Indeed, only 40% of respondents trust automation to reduce human error and 74% insist that automation is not capable of accomplishing certain tasks done by IT security staff. In this way, it looks as if the sentiment towards automation is bittersweet.
Nevertheless, rather than the loss of bodies within the sector, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, responds with optimism. He states that “What is more likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.” Automation makes security professionals’ jobs a little easier
In fact, automation does provide a multitude of benefits. For example, 60% of employees affirm that automation has aided in reducing stress levels and 43% confirm it increases productivity, whether through decreasing false positive and/or negatives (43%), increasing the speed of analysing threats (42%) or prioritising threats and vulnerabilities (39%).
As Corin Imai, Senior Security Advisor at DomainTools, maintains, “Automation is already improving the productivity of security personnel across industries. We are … just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles. However, the human factor remains the most important player in information security…those that become experts in deploying and managing automating solutions will have a new valuable skill set for many years to come.”
Apart from having the skills to deploy and manage automating solutions, it also important to be aware of the environment we operate in, including being familiar with regulatory compliance standards such as GDPR. With 77% of respondents citing that such standards have a global influence on organisations’ use of automation, it is increasingly mandatory that job candidates are acquainted with new and existing regulations, regardless of their experience, whether entry-level or otherwise.
For more insights and additional trends, download the full set of findings.
The post The Impact of Security Automation on Hiring Trends appeared first on IT Security Guru. #SalmanKhwaja
- Threatpost | The first stop for security news
Equifax Breach: Four Members of Chinese Military Charged with Hacking
Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach. #SalmanKhwaja
- “Be faithful to that which exists within yourself.” – Andre Gide #SalmanKhwaja
- WIRED
How to Share Files Securely Online: Dropbox, Firefox Send, and More
You’ve got no shortage of options sharing documents and more with friends, family, and colleagues. These are your best bets. #SalmanKhwaja
- “Words are but the signs of ideas.” – Samuel Johnson #SalmanKhwaja
- “Curiosity will conquer fear even more than bravery will.” – James Stephens #SalmanKhwaja
- “I am still learning.” – Michelangelo #SalmanKhwaja
- WIRED
A Code-Obsessed Novelist Builds a Writing Bot. Plot Thickens
Vikram Chandra, the author of Sacred Games, created Granthika to keep track of complex narratives. It could change the future of storytelling. #SalmanKhwaja
- The Hacker News
The Rise of the Open Bug Bounty Project
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.
The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the #SalmanKhwaja
- “What sculpture is to a block of marble, education is to the soul.” – Joseph Addison #SalmanKhwaja
- Happy Kashmir Solidarity day.
- The Hacker News
Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any #SalmanKhwaja
- The Hacker News
Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks
The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.
Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by #SalmanKhwaja
- WIRED
Google Calls Out Safari for Privacy Flaws
Facial recognition, iCloud encryption, and the rest of this week’s top security news. #SalmanKhwaja
- Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks
https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html #SalmanKhwaja
- https://telegram.org/blog/verifiable-apps-and-more #SalmanKhwaja
- What is Technical Debt? | Scrum.org
https://responsiveadvisors.com/blog/what-is-technical-debt/ #SalmanKhwaja
- Really liked the idea of Stage Clip. A tool for universities to showcase their graduates and those graduates will in turn disperse their individual walks to social media.
https://youtu.be/ZagE3UhuqoE
Courtesy: Narmen Ahsan #SalmanKhwaja
- https://techbeacon.com/security/25-data-security-stats-matter #SalmanKhwaja
- A guide to DNS-over-HTTPS – how a new web protocol aims to protect your privacy online | The Daily Swig
https://portswigger.net/daily-swig/a-guide-to-dns-over-https-how-a-new-web-protocol-aims-to-protect-your-privacy-online #SalmanKhwaja
- The file is named security.txt, and this file SHOULD be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615] of a domain name or IP address for web properties,” it adds on the file’s specification.
“For legacy compatibility, a security.txt file might be placed at the top level path.”
For further details head to https://securitytxt.org/
A beautiful initiative and idea… #SalmanKhwaja
- Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard | The Daily Swig
https://portswigger.net/daily-swig/security-txt-iesg-issues-final-call-for-comment-on-proposed-vulnerability-reporting-standard #SalmanKhwaja
- The file is named security.txt, and this file SHOULD be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615] of a domain name or IP address for web properties,” it adds on the file’s specification.
“For legacy compatibility, a security.txt file might be placed at the top level path.”
For further details head to https://securitytxt.org/
A beautiful initiative and idea… #SalmanKhwaja
- Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard | The Daily Swig
https://portswigger.net/daily-swig/security-txt-iesg-issues-final-call-for-comment-on-proposed-vulnerability-reporting-standard #SalmanKhwaja
- Security.txt – IESG issues final call for comment on proposed vulnerability reporting standard | The Daily Swig
https://portswigger.net/daily-swig/security-txt-iesg-issues-final-call-for-comment-on-proposed-vulnerability-reporting-standard #SalmanKhwaja
- The file is named security.txt, and this file SHOULD be placed under the /.well-known/ path (/.well-known/security.txt) [RFC8615] of a domain name or IP address for web properties,” it adds on the file’s specification.
“For legacy compatibility, a security.txt file might be placed at the top level path.”
For further details head to https://securitytxt.org/
A beautiful initiative and idea… #SalmanKhwaja
- A guide to DNS-over-HTTPS – how a new web protocol aims to protect your privacy online | The Daily Swig
https://portswigger.net/daily-swig/a-guide-to-dns-over-https-how-a-new-web-protocol-aims-to-protect-your-privacy-online #SalmanKhwaja
- https://techbeacon.com/security/25-data-security-stats-matter #SalmanKhwaja
- A very nice Image of which Security Certification lies in which area of Information Security
- Threatpost | The first stop for security news
Microsoft OAuth Flaw Opens Azure Accounts to Takeover
The Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. #SalmanKhwaja
- Qoutable Qoutes from Famous Personalities.
- WIRED
Try Grayscale Mode to Curb Your Phone Addiction
iOS and Android make it easier than ever to sap the color from your phone, and help you save some sanity in the process. #SalmanKhwaja
- The Hacker News
4 Best Free Online Security Tools for SMEs in 2020
Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack.
This article #SalmanKhwaja
- #Android, I love #DigitalWellBeing. Loved the wind down feature and making the whole Mobile screen grayscale.
https://youtu.be/9O0_ubB49F0
https://youtu.be/7yly_XZXBb4
https://youtu.be/oiEJ4xhfYGs #SalmanKhwaja
- Google wants to be your bank: It will soon offer checking accounts – CNN
https://www.cnn.com/2019/11/13/tech/google-checking-account/index.html #SalmanKhwaja
- IT SECURITY GURU
Employees – the weakest link in email security?
Email is not only one of the most important channels of communication in day-to-day business, but unfortunately also one of the biggest gateways for cyber attacks. According to the safety and network specialists Barracuda Networks, 91% of all attacks start with an email. Gateway solutions such as Barracuda Essentials therefore represent an important first line of […]
The post Employees – the weakest link in email security? appeared first on IT Security Guru. #SalmanKhwaja
- Social engineering is always performed on employees, which are the weakest link.. #SalmanKhwaja
- IT SECURITY GURU
Bug Grants Facebook Access to iPhone cameras
A bug in the latest version of iOS opens iPhone cameras as users peruse their Facebook feeds, letting the social media giant access the cameras. “We have seen no evidence of photos or videos being uploaded due to this bug,” a spokesman told the Guardian, confirming that glitch would let the Facebook app “navigate to the camera […]
The post Bug Grants Facebook Access to iPhone cameras appeared first on IT Security Guru. #SalmanKhwaja
- IT SECURITY GURU
Windows 10 Issue That Broke Defender ATP Fixed by Microsoft
Microsoft resolved a known issue causing Microsoft Defender Advanced Threat Protection (ATP) to stop running and fail to send reporting data on some Windows devices after installing the KB4520062 optional non-security update. Some Windows 10 customers affected by the now-fixed bug also received 0xc0000409 errors in the Event Viewer on MsSense.exe according to the known […]
The post Windows 10 Issue That Broke Defender ATP Fixed by Microsoft appeared first on IT Security Guru. #SalmanKhwaja
- The Hacker News
4 Best Free Online Security Tools for SMEs in 2020
Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in the UK, over 50,000 British SMEs could collapse next year following a cyberattack.
This article #SalmanKhwaja
- Google Online Security Blog
OpenTitan – open sourcing transparent, trustworthy, and secure silicon
Posted by Royal Hansen, Vice President, Google and Dominic Rizzo, OpenTitan Lead, Google Cloud
Security begins with secure infrastructure. To have higher confidence in the security and integrity of the infrastructure, we need to anchor our trust at the foundation – in a special-purpose chip.
Today, along with our partners, we are excited to announce OpenTitan – the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more. Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure. https://1.bp.blogspot.com/-n2qQdpSpUuc/Xb965lxHFAI/AAAAAAAABEc/aVj757izoYMQtLdHOGS4yCUaJXtI7chNQCNcBGAsYHQ/s400/OT.png The OpenTitan logo Anchoring trust in silicon
Silicon RoT can help ensure that the hardware infrastructure and the software that runs on it remain in their intended, trustworthy state by verifying that the critical system components boot securely using authorized and verifiable code. Silicon RoT can provide many security benefits by helping to:
* Ensure that a server or a device boots with the correct firmware and hasn’t been infected by a low-level malware.
* Provide a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate.
* Protect secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped).
* Provide authoritative, tamper-evident audit records and other runtime security services.
The silicon RoT technology can be used in server motherboards, network cards, client devices (e.g., laptops, phones), consumer routers, IoT devices, and more. For example, Google has relied on a custom-made RoT chip, Titan, to help ensure that machines in Google’s data centers boot from a known trustworthy state with verified code; it is our system root of trust. Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon. Raising the transparency and security bar
Similar to open source software, open source silicon can:
1. Enhance trust and security through design and implementation transparency. Issues can be discovered early, and the need for blind trust is reduced.
2. Enable and encourage innovation through contributions to the open source design.
3. Provide implementation choice and preserve a set of common interfaces and software compatibility guarantees through a common, open reference design.
The OpenTitan project is managed by the lowRISC CIC, an independent not-for-profit company with a full-stack engineering team based in Cambridge, UK, and is supported by a coalition of like-minded partners, including ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital. https://1.bp.blogspot.com/-ggGxGBSS-K8/Xb976JloWjI/AAAAAAAABEo/c57FeeqkGgItyXfst31gUZewNu2SwURjQCNcBGAsYHQ/s640/logos.png The founding partners of the OpenTitan project
OpenTitan is an active engineering project staffed by a team of engineers representing a coalition of partners who bring ideas and expertise from many perspectives. We are transparently building the logical design of a silicon RoT, including an open source microprocessor (the lowRISC Ibex, a RISC-V-based design), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more[…] #SalmanKhwaja
- Google Online Security Blog
The App Defense Alliance: Bringing the security industry together to fight bad apps
https://2.bp.blogspot.com/-Ox7aTD47wCo/XcIN1wcOwyI/AAAAAAAABKw/v3UcW-vZfbwy5p2reuXGUcYFJhj_WzQ9ACNcBGAsYHQ/s320/adaHeroSpinAnimation.gif
Posted by Dave Kleidermacher, VP, Android Security & Privacy
Fighting against bad actors in the ecosystem is a top priority for Google, but we know there are others doing great work to find and protect against attacks. Our research partners in the mobile security world have built successful teams and technology, helping us in the fight. Today, we’re excited to take this collaboration to the next level, announcing a partnership between Google, ESET, Lookout, and Zimperium. It’s called the App Defense Alliance and together, we’re working to stop bad apps before they reach users’ devices.
The Android ecosystem is thriving with over 2.5 billion devices, but this popularity also makes it an attractive target for abuse. This is true of all global platforms: where there is software with worldwide proliferation, there are bad actors trying to attack it for their gain. Working closely with our industry partners gives us an opportunity to collaborate with some truly talented researchers in our field and the detection engines they’ve built. This is all with the goal of, together, reducing the risk of app-based malware, identifying new threats, and protecting our users.
What will the App Defense Alliance do?
Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them from being published
As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.
Who are the partners?
All of our partners work in the world of endpoint protection, and offer specific products to protect mobile devices and the mobile ecosystem. Like Google Play Protect, our partners’ technologies use a combination of machine learning and static/dynamic analysis to detect abusive behavior. Multiple heuristic engines working in concert will increase our efficiency in identifying potentially harmful apps.
We hand-picked these partners based on their successes in finding potential threats and their dedication to improving the ecosystem. These partners are regularly recognized in analyst reports for their work.
Industry collaboration is key
Knowledge sharing and industry collaboration are important aspects in securing the world from attacks. We believe working together is the ultimate way we will get ahead of bad actors. We’re excited to work with these partners to arm the Google Play Store against bad apps.
Want to learn more about the App Defense Alliance’s work? Visit us here. #SalmanKhwaja
- Google Online Security Blog
GWP-ASan: Sampling heap memory error detection in-the-wild
Posted by Vlad Tsyrklevich, Dynamic Tools Team
Memory safety errors, like use-after-frees and out-of-bounds reads/writes, are a leading source of vulnerabilities in C/C++ applications. Despite investments in preventing and detecting these errors in Chrome, over 60% of high severity vulnerabilities in Chrome are memory safety errors. Some memory safety errors don’t lead to security vulnerabilities but simply cause crashes and instability.
Chrome uses state-of-the-art techniques to prevent these errors, including:
* Coverage-guided fuzzing with AddressSanitizer (ASan)
* Unit and integration testing with ASan
* Defensive programming, like custom libraries to perform safe math or provide bounds checked containers
* Mandatory code review
Chrome also makes use of sandboxing and exploit mitigations to complicate exploitation of memory errors that go undetected by the methods above.
AddressSanitizer is a compiler instrumentation that finds memory errors occurring on the heap, stack, or in globals. ASan is highly effective and one of the lowest overhead instrumentations available that detects the errors that it does; however, it still incurs an average 2-3x performance and memory overhead. This makes it suitable for use with unit tests or fuzzing, but not deployment to end users. Chrome used to deploy SyzyASAN instrumented binaries to detect memory errors. SyzyASAN had a similar overhead so it was only deployed to a small subset of users on the canary channel. It was discontinued after the Windows toolchain switched to LLVM.
GWP-ASan, also known by its recursive backronym, GWP-ASan Will Provide Allocation Sanity, is a sampling allocation tool designed to detect heap memory errors occurring in production with negligible overhead. Because of its negligible overhead we can deploy GWP-ASan to the entire Chrome user base to find memory errors happening in the real world that are not caught by fuzzing or testing with ASan. Unlike ASan, GWP-ASan can not find memory errors on the stack or in globals.
GWP-ASan is currently enabled for all Windows and macOS users for allocations made using malloc() and PartitionAlloc. It is only enabled for a small fraction of allocations and processes to reduce performance and memory overhead to a negligible amount. At the time of writing it has found over sixty bugs (many are still restricted view). About 90% of the issues GWP-ASan has found are use-after-frees. The remaining are out-of-bounds reads and writes.
To learn more, check out our full write up on GWP-ASan here. #SalmanKhwaja
- WIRED
As 5G Rolls Out, Troubling New Security Flaws Emerge
Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them. #SalmanKhwaja
- WIRED
Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings
Speculative execution attacks still haunt Intel, long after researchers told the company what to fix. #SalmanKhwaja
- The Hacker News
Is Facebook Secretly Accessing Your iPhone’s Camera? Some Users Claimed
It appears that Facebook at the center of yet another issue involving privacy.
Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone’s camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network.
As shown in the Twitter videos below, when users click #SalmanKhwaja
- IT SECURITY GURU
Another Facebook Privacy Breach
Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible.
The post Another Facebook Privacy Breach appeared first on IT Security Guru. #SalmanKhwaja
- WIRED
How to Change the Default Apps on All Your Devices
Don’t settle for the preinstalled apps Apple, Microsoft, and Android stick you with. Mix it up a little\! #SalmanKhwaja
- The Hacker News
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could #SalmanKhwaja
- TechBeacon – Security
Cybersecurity Awareness Month: Is it time to review your approach?
For most folks, October is a month for ghosts and goblins, but for the last 15 years the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) have had a different emphasis: National Cybersecurity Awareness Month (NCAM). #SalmanKhwaja
- What your Devices knows about you ?.
- Schneier on Security
Wi-Fi Hotspot Tracking
Free Wi-Fi hotspots can track your location, even if you don’t connect to them. This is because your phone or computer broadcasts a unique MAC address.
What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive portal — like your email address, phone number, or social media profile — can be linked to your laptop or smartphone’s Media Access Control (MAC) address. That’s the unique alphanumeric ID that devices broadcast when Wi-Fi is switched on.
As Euclid explains in its privacy policy, “…if you bring your mobile device to your favorite clothing store today that is a Location — and then a popular local restaurant a few days later that is also a Location — we may know that a mobile device was in both locations based on seeing the same MAC Address.”
MAC addresses alone don’t contain identifying information besides the make of a device, such as whether a smartphone is an iPhone or a Samsung Galaxy. But as long as a device’s MAC address is linked to someone’s profile, and the device’s Wi-Fi is turned on, the movements of its owner can be followed by any hotspot from the same provider.
“After a user signs up, we associate their email address and other personal information with their device’s MAC address and with any location history we may previously have gathered (or later gather) for that device’s MAC address,” according to Zenreach’s privacy policy.
The defense is to turn Wi-Fi off on your phone when you’re not using it. #SalmanKhwaja
- Threatpost | The first stop for security news
Microsoft Blacklists Dozens of New File Extensions in Outlook
In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails. #SalmanKhwaja
- Threatpost | The first stop for security news
Google Assistant Audio Privacy Controls Updated After Outcry
Google is tightening its privacy controls over its Google Assistant voice assistant after a report earlier this year found that it was eavesdropping on user conversations. #SalmanKhwaja
- https://podcasts.google.com/?feed=aHR0cHM6Ly9wb2RjYXN0LnNlY3VyaXR5am91cm5leS5jb20vZmVlZC9wb2RjYXN0Lw&episode=aHR0cHM6Ly9wb2RjYXN0LnNlY3VyaXR5am91cm5leS5jb20vP3A9MTI1Mw #SalmanKhwaja
- WIRED
After Six Years in Exile, Edward Snowden Explains Himself
In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists. #SalmanKhwaja
- *There are three types of intelligence.*
*Intelligent Quotient (IQ)*
*Emotional Quotient (EQ)*
*Social Quotient (SQ)*
Now this thread shows what each of these mean and their impact.
Do well to share so others can learn.
1. *Intelligent Quotient (IQ)*: this is what helps one to “know book”, solve maths; memorize things and recall subject matters.
*2. Emotional Quotient (EQ)*: this is what makes someone to be able to maintain peace with others; keep to time; be responsible; be honest; respect boundaries; be humble, genuine and considerate.
3. *Social Quotient (SQ):* this is what makes people to be able to build network of friends and maintain it over a long period of time.
People that have higher EQ and SQ tend to go farther in life than those with high IQ but low EQ and SQ. Most schools capitalize in improving IQ level while EQ and SQ are played down.
A man of high IQ can end up being employed by a man of high EQ and SQ even though he has an average IQ.
Your EQ represents your character; your SQ represents your fame. Give in to habits that will improve these three Qs but more especially your EQ and SQ.
EQ and SQ make one manage better than the other.
Pls don’t teach children only to be IQ but also to be EQ and SQ.
Now there is a 4th one :
A new paradigm
4. *The Adversity Quotient (AQ)*: that makes people go through a rough patch in life and come out without losing their centres.
The AQ determines who will give up in face of troubles, who will abandon their family or who will consider suicide.
To parents.
Expose children to other areas of life than academic. They should adore manual work (never use work as a form of punishment), sport and art. Develop their EQ, SQ and AQ. They should become multifaceted human beings able to do things independently of the parents.
Finally, do not prepare the way for the children. Prepare the children for the way.
Have a nice path #SalmanKhwaja
- New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
https://thehackernews.com/2019/09/simjacker-mobile-hacking.html #SalmanKhwaja
- OWASP API Security Project – OWASP
https://www.owasp.org/index.php/OWASP_API_Security_Project #SalmanKhwaja
- Ladies and Gentlemen, we have, finally OWASP API Security project. #SalmanKhwaja
- WebARX — A Defensive Core For Your Website
https://thehackernews.com/2019/09/webarx-web-application-security.html #SalmanKhwaja
- Nice tool to try #SalmanKhwaja
- Popular Period Tracking Apps Share Your Sexual Health Data With Facebook
https://thehackernews.com/2019/09/facebook-period-tracker-privacy.html #SalmanKhwaja
- Wow. Shocking to see this news. Clearly an example of third party integration, particularly on Facebook. Read on. #SalmanKhwaja
- How Facebook Catches Bugs in Its 100 Million Lines of Code | WIRED
https://www.wired.com/story/facebook-zoncolan-static-analysis-tool/ #SalmanKhwaja
- What Is Cyberwar? The Complete WIRED Guide | WIRED
https://www.wired.com/story/cyberwar-guide/ #SalmanKhwaja
- Now Hackers Can Use Smartphones To Secretly Listen To What You’re Typing On Your Laptop Keyboard
https://www.forbes.com/sites/jeanbaptiste/2019/08/20/now-hackers-can-use-smartphones-to-listen-to-what-youre-typing-on-your-laptop-keyboard/ #SalmanKhwaja
- Does Night Mode on Smartphones Really Help Us Sleep Better? https://c.mi.com/thread-2258388-1-0.html #SalmanKhwaja
- The end of project management? | CIO
https://www.cio.com/article/3433939/the-end-of-project-management.html #SalmanKhwaja
- Don’t know how much secure and private they are, but a nice product for privacy enthusiasts..
https://thehelm.com/ #SalmanKhwaja
- Airlift Wants to Replace Public Transport in Pakistan. Is it Succeeding? [Review]
https://propakistani.pk/2019/08/19/airlift-wants-to-replace-public-transport-in-pakistan-is-it-succeeding-review/ #SalmanKhwaja
- Visa Introduces Suite of Security Capabilities to Help Prevent and Disrupt Payment Fraud | Press Release
https://usa.visa.com/about-visa/newsroom/press-releases.releaseId.16536.html #SalmanKhwaja
- The Hacker News
Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
If you are using LibreOffice, you need to update it once again.
LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities.
LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available #SalmanKhwaja
- Dark Reading:
The Flaw in Vulnerability Management: It’s Time to Get Real
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future. #SalmanKhwaja
- Dark Reading:
68% of Companies Say Red Teaming Beats Blue Teaming
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows. #SalmanKhwaja
- Dark Reading:
7 Biggest Cloud Security Blind Spots
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles. #SalmanKhwaja
- Dark Reading:
5 Things to Know About Cyber Insurance
More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy. #SalmanKhwaja
- Google Online Security Blog
New Research: Lessons from Password Checkup in action
Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse research
Back in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever you sign in to a site using one of over 4 billion usernames and passwords that Google knows to be unsafe due to a third-party data breach. Since our launch, over 650,000 people have participated in our early experiment. In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe—1.5% of sign-ins scanned by the extension. https://1.bp.blogspot.com/-giCATR9Q_LU/XVTX6OAwsvI/AAAAAAAAN34/Fr-mvOTiqaUY89uYOskCEXGiDDvI56tYgCLcBGAs/s640/Desktop%2BHD.png Today, we are sharing our most recent lessons from the launch and announcing an updated set of features for the Password Checkup extension. Our full research study, available here, will be presented this week as part of the USENIX Security Symposium.
Which accounts are most at risk?
Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach. If you use strong, unique passwords for all your accounts, this risk disappears. Based on anonymous telemetry reported by the Password Checkup extension, we found that users reused breached, unsafe credentials for some of their most sensitive financial, government, and email accounts. This risk was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites.
In fact, outside the most popular web sites, users are 2.5X more likely to reuse vulnerable passwords, putting their account at risk of hijacking. https://1.bp.blogspot.com/-kpB8ExSWsXA/XVTX6BEolrI/AAAAAAAAN4E/IiXg5Y0hjw8i0SU_7lmSxtyffsYOoGqVQCEwYBhgL/s640/pasted%2Bimage%2B0%2B%25282%2529.png Anonymous telemetry reported by Password Checkup extension shows that users most often reuse vulnerable passwords on shopping, news, and entertainment sites.
Helping users re-secure their unsafe passwords
Our research shows that users opt to reset 26% of the unsafe passwords flagged by the Password Checkup extension. Even better, 60% of new passwords are secure against guessing attacks—meaning it would take an attacker over a hundred million guesses before identifying the new password. https://1.bp.blogspot.com/-VYJdio0Ss00/XVTX6CZY4BI/AAAAAAAAN4E/fbk5UagZAoIxveSDkfg-45aAzRaDMLOxACEwYBhgL/s640/pasted%2Bimage%2B0%2B%25283%2529.png Improving the Password Checkup extension
Today, we are also releasing two new features for the Password Checkup extension. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box. The second gives users even more control over their data. It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage. By design, the Password Checkup extension ensures that Google never learns your username or password, regardless of whether you enable telemetry, but we still want to provide this option if users would prefer not to share this information.
We’re continuing to improve the Password Checkup extension and exploring ways to implement its technology into Google products. For help keeping all your online accounts safe from hijacking, you can install the Password Checkup extension here today. #SalmanKhwaja
- IT SECURITY GURU
New Innovations From Tenable Automatically Discover And Assess Rogue Assets Across On-Prem And Cloud Environments Within A Single Platform.
Tenable, Inc., the Cyber Exposure company, today announced new product innovations in Tenable.sc (formerly SecurityCenter) and Tenable.io to continuously discover and assess known and unknown assets across on-premises and cloud environments from a single platform at no extra charge. These innovations are based on Tenable’s industry-leading Nessus Network Monitor (NNM) for passive network monitoring, […]
The post New Innovations From Tenable Automatically Discover And Assess Rogue Assets Across On-Prem And Cloud Environments Within A Single Platform. appeared first on IT Security Guru. #SalmanKhwaja
- Modern-Day SOCs: People, Process & Technology
https://www.darkreading.com/edge/theedge/modern-day-socs-people-process-and-technology/b/d-id/1335434 #SalmanKhwaja
- To all my followers, readers, and associates. Eid ul Azha Mubarak. 2019 #SalmanKhwaja
- I never knew there is security operations center maturity model. Nice. #SalmanKhwaja
- This Tesla Mod Turns a Model S Into a Mobile ‘Surveillance Station’ | WIRED
https://www.wired.com/story/tesla-surveillance-detection-scout/ #SalmanKhwaja
- Quite a potential and a double edged weapon. Surveillance Detection Scout . #SalmanKhwaja
- How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace | WIRED
https://www.wired.com/story/atm-lock-hack-electric-leaks/ #SalmanKhwaja
- Amazing #SalmanKhwaja
- Dark Reading:
WhatsApp Messages Can Be Intercepted, Manipulated
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams. #SalmanKhwaja
- Dark Reading:
Rethinking Website Spoofing Mitigation
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here’s how. #SalmanKhwaja
- WIRED
10 Best Instant Cameras: Instax, Lomography, Polaroid, Etc
Despite nearly dying off a decade ago, instant photo printing has come roaring back. These are the best instant cameras you can buy, and our favorite instant printer. #SalmanKhwaja
- The Hacker News
Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer
Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers.
The unknown attacker threatened the world’s largest cryptocurrency exchange by volume to release KYC information of 10,000 users if the company did not pay 300 Bitcoins—that’s equivalent to almost $3.5 #SalmanKhwaja
- The Hacker News
KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files
If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any “.desktop” or “.directory” file for a while.
A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user’s #SalmanKhwaja
- 40 Linux Server Hardening Security Tips [2019 edition] – nixCraft
https://www.cyberciti.biz/tips/linux-security.html #SalmanKhwaja
- https://t.co/57qInZv1H8?amp=1 #SalmanKhwaja
- -fraud scheme involved AT&T employees from the company’s Bothell, Washington call center (near Seattle)
-two Pakistani men were charged with running the scheme
-one is believed to be deceased
-the other is named Muhammad Fahd, 34yo
Indictment PDF: https://t.co/GBFDx2Idr4 https://t.co/bHZcBtryEM #SalmanKhwaja
- AT&T employees took bribes to plant malware on the company’s network as part of a massive phone unlocking scheme
-bribes went over $1 million
-one employee made $428K
-crooks unlocked over 2m devices
-employees also planted rogue WiFi APs on AT&T network #SalmanKhwaja
- This anti-choking device could save a child’s life in less than a minute.
https://www.linkedin.com/posts/techthatmatters_techthatmatters-childsafety-emergencyservices-activity-6564502365003743232-piCa #SalmanKhwaja
- Dark Reading:
FBI Issues Relationship Fraud/Confidence Scheme Warning
Criminals are getting increasingly sophisticated in their efforts to commit fraud and recruit ‘money mules,’ according to the FBI. #SalmanKhwaja
- Dark Reading:
Security & the Infinite Capacity to Rationalize
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here’s how. #SalmanKhwaja
- Dark Reading:
Hollywood-Style Hacker Fight
Watch movies much? Here’s what happens when two hackers try to outhack each other. #SalmanKhwaja
- TechBeacon – Security
The state of container security: Tools, policy trail the technology
Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros. #SalmanKhwaja
- Dark Reading:
Securing DevOps Is About People and Culture
Preconceived notions and divisions make building security into the software development life cycle an uphill battle for many organizations. #SalmanKhwaja
- What Capital One’s cybersecurity team did (and did not) get right
https://www.cyberscoop.com/capital-one-cybersecurity-data-breach-what-went-wrong/ #SalmanKhwaja
- Data Security scientists …. A new role is coming up
https://tdwi.org/articles/2019/07/22/adv-all-rise-of-data-security-scientist.aspx?m=1 #SalmanKhwaja
- 8 Ways to Authenticate Without Passwords
https://www.darkreading.com/endpoint/authentication/8-ways-to-authenticate-without-passwords/d/d-id/1334809 #SalmanKhwaja
- Threatpost | The first stop for security news
Chrome 76 Dumps Default Adobe Flash Player Support
In addition, Google’s latest Chrome version implements 43 new security fixes. #SalmanKhwaja
- Dark Reading:
Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking
Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras. #SalmanKhwaja
- All Day DevOps, feedback loops#SalmanKhwaja
- 8 Ways to Authenticate Without Passwords
https://www.darkreading.com/endpoint/authentication/8-ways-to-authenticate-without-passwords/d/d-id/1334809#SalmanKhwaja
- Telegram Messenger
https://telegram.org/#SalmanKhwaja
- Farewell, Dear Password? The Future of Identity and …
https://www.darkreading.com/edge/theedge/farewell-dear-password-the-future-of-identity-and-authorization/b/d-id/1335265#SalmanKhwaja
- Farewell, Dear Password? The Future of Identity and …
https://www.darkreading.com/edge/theedge/farewell-dear-password-the-future-of-identity-and-authorization/b/d-id/1335265
- Now Even Funerals Are Livestreamed—and Families Are Grateful | WIRED
https://www.wired.com/story/funerals-livestreamed-families-grateful/
- Google Online Security Blog: Chrome Fuzzer Program Update And How-To
https://security.googleblog.com/2019/07/chrome-fuzzer-program-update-and-how-to.html
- The Hacker News
Viral FaceApp Unnecessarily Requests Access to Users’ Facebook Friends List
FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason.
The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the
- What karate kid teaches us about infosec…
https://www.peerlyst.com/posts/what-the-karate-kid-teaches-us-about-infosec-ken-westin
- The Hacker News
Popular Malware Families Using ‘Process Doppelgänging’ to Evade Detection
The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed.
Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and
- Dark Reading:
Answer These 9 Questions to Determine if Your Data Is Safe
Data protection regulations are only going to grow tighter. Make sure you’re keeping the customer’s best interests in mind.
- Dark Reading:
How to Create Smarter Risk Assessments
Executives and directors need quantitative measurements – such as likelihood of loss and hard-dollar financial impact – to make more informed decisions about security risks.
- Open Source Hacking Tool Grows Up
https://www.darkreading.com/attacks-breaches/open-source-hacking-tool-grows-up/d/d-id/1335296
- Dark Reading:
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Threat actors are increasingly ‘living off the land,’ using publicly available management and administration tools to conceal malicious activity.
- WIRED
The FaceApp Privacy Panic, a Mysterious Satellite Outage, and More News
Catch up on the most important news from today in two minutes or less.
- The Hacker News
Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully
If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you’re not alone.
The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet
- WIRED
The Sea Is Consuming Jakarta, and Its People Aren’t Insured
What happens when your city is sinking and flooding and you don’t have insurance?
- The Hacker News
EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users
Security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned.
It’s a known fact that there are a very few strains of Linux malware exist in the wild as compared to Windows viruses because of its core
- The Hacker News
New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions.
The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side
- Time to remove xss protection in our hardening documents and introduce CSPs.
https://portswigger.net/daily-swig/google-deprecates-xss-auditor-for-chrome
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/TuYw-EZhO9g/blGViehIAwAJ
- The Hacker News
Engage Your Management with the Definitive ‘Security for Management’ Presentation Template
In every organization, there is a person who’s directly accountable for cybersecurity. The name of the role varies per the organization’s size and maturity – CISO, CIO, and Director of IT are just a few common examples – but the responsibility is similar in all places.
They’re the person who understands the risk and exposure, knows how prepared the team and most important – what the gaps are
- TechBeacon – Security
Why the phishing problem is getting worse
Phishing has been around as long as email, and it continues to present a substantial risk to business and is often cited as a top security concern. The concern is driven by increasingly sophisticated attacks; the move from email to alternative attack vectors, such as social media and messaging; and the simple fact that phishing targets the weakest link in the security chain: people.
- The Hacker News
Cybersecurity Frameworks — Types, Strategies, Implementation and Benefits
Organizations around the world are wondering how to become immune from cyber attacks which are evolving every day with more sophisticated attack vectors.
IT teams are always on the lookout for new ransomware and exploit spreading in the wild, but can all these unforeseen cyber attacks be prevented proactively?
That’s definitely a ‘NO,’ which is why there’s a reactive approach in place to
- The Hacker News
Patch Tuesday: Microsoft Releases July 2019 Security Updates
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity.
The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure
- Threatpost | The first stop for security news
1,300 Popular Android Apps Access Data Without Proper Permissions
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.
- Threatpost | The first stop for security news
Marriott Hit With $123M Fine For Massive 2018 Data Breach
The data breach fine against Marriott by the Information Commissioner’s Office comes a day after British Airways was also penalized.
- What Is Blockchain? The Complete WIRED Guide | WIRED
https://www.wired.com/story/guide-blockchain/
- Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions
https://thehackernews.com/2019/07/android-permission-bypass.html
- Dark Reading:
DevOps’ Inevitable Disruption of Security Strategy
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
- WIRED
A Zoom Flaw Gives Hackers Easy Access to Your Webcam
All it takes is one wrong click, and the popular video conferencing software will put you in a meeting with a stranger.
- WIRED
Should You Wear White or Black on Hot Days? Here’s the Data
Quick experiments can help you answer the eternal question of whether to wear black or white on hot summer days. Turns out, it’s complicated.
- WIRED
5 Best Slow-Motion Video Apps: How to Shoot Slo-Mo on Phones
How to manipulate time and space to get the most out of your phone’s camera. Our slo-mo advice, and the best smartphones for recording in slow motion.
- Progressive Web Apps explained: Everything you should know
https://www.androidauthority.com/progressive-web-apps-1005564/
- “Data Breaches are on the Rise — Is it too hard to p̶r̶e̶v̶e̶n̶t̶ control data breaches?” by Sahil Ahamad https://link.medium.com/7edZdad78X
- WIRED
How to Protect Our Kids’ Data and Privacy
Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.
- The Hacker News
Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories.
It appears that the cyberattack was, fortunately, just a “loud” defacement attempt rather than a “silent” sophisticated supply-chain attack to distribute modified malicious versions of the open-source
- WIRED
What Is Credential Dumping?
Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised.
- WIRED
Norway Invites You to Explore Its Electric Vehicle Paradise
The Land of the Midnight Sun—and one of Tesla’s biggest markets—wants you to come experience the transportation future.
- WIRED
Apple MacOS Catalina: New Features, New Apps, Accessibility
Apple’s next desktop operating system will bring new capabilities to your Mac. Here’s an early look at what to expect.
- https://www.linuxuprising.com/2019/06/use-albert-launcher-on-linux-to-boost.html
- “The one where Jenkins does Automated Vulnerability Checks” by Martin Budai https://link.medium.com/smdYSqus3X
- WIRED
The Colorful Science of Why Fireworks Look Bad on TV
Even the best TVs fall short of capturing all the colors in fireworks that humans can perceive.
- WIRED
Best Podcasts for Kids: Stories, Circle Round, Rebel Girls, Brains On
Keep your children entertained and ease the stress of getting there with these podcasts for kids.
- Microsoft launches Threat and Vulnerability Management for enterprises | BetaNews
https://betanews.com/2019/07/03/microsoft-threat-and-vulnerability-management/
- Microsoft Data Breach & Endpoint Security – Microsoft 365
https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp
- The Hacker News
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim’s computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully
- Still, sharing HTML file over email is way cooler than sharing word files.
- The Hacker News
AppTrana — Website Security Solution That Actually Works
Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines.
In January 2019 alone, 1.76 billion records were leaked, and according to IBM’s Data Breach study, the average cost of each lost or stolen record has reached about $148.
Most of these data leaks are because of malicious attacks, where exploitation of web application
- The Hacker News
Android July 2019 Security Update Patches 33 New Vulnerabilities
Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.
The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components,
- WIRED
Tesla Model 3 Can Survive a Crash—and Avoid One, Too
The Model 3 scores well in European crash testing, a day after Tesla reported a quarterly record for deliveries.
- https://www.wired.com/2014/07/fireworks-photos-2/
- WIRED How Extreme Heat Overwhelms Your Body and Becomes Deadly Europe’s record-breaking heat wave serves as a warning of just how dangerous high temperatures can be.
- WIRED
Tesla Model 3 Can Survive a Crash—and Avoid One, Too
The Model 3 scores well in European crash testing, a day after Tesla reported a quarterly record for deliveries.
- How to secure your PDF documents with passwords (and how to crack them if needed)
https://www.howtoforge.com/tutorial/linux-pdf-password/
- WIRED How to Take Photos of Fireworks With Your Phone Use these battle-tested tips and camera settings to capture dramatic photos of those explosions in the sky.
- The Hacker News
AppTrana — Website Security Solution That Actually Works
Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines.
In January 2019 alone, 1.76 billion records were leaked, and according to IBM’s Data Breach study, the average cost of each lost or stolen record has reached about $148.
Most of these data leaks are because of malicious attacks, where exploitation of web application
- The Hacker News
Android July 2019 Security Update Patches 33 New Vulnerabilities
Google has started rolling out this month’s security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity.
The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components,
- TechBeacon – Security
Get beyond short-term: Secure your apps by stage and role
For the second year in a row, insecure software applications have been the main culprit of breaches, according to Verizon’s 2019 Data Breach Investigations Report. But applying methods for shoring up your applications by stage and role will help.
- 11 Tips for Better Candid Photography
https://digital-photography-school.com/11-tips-for-better-candid-photography/
- How Blue-Blocking Glasses Can Save Your Sleep
https://curiosity.com/topics/how-blue-blocking-glasses-can-save-your-sleep-curiosity/
- Now is a good time to bring your friends and family to Telegram.
https://telegra.ph/Why-WhatsApp-Will-Never-Be-Secure-05-15
- Today’s update brings archived chats and a host of new and redesigned features — just in time for spring cleaning.
Tidy things up with archived chats by separating work from play, and important from inactive. Copy links to messages in private groups and channels to point back to specific posts. Redirect forwards before sending to keep messages for their intended audiences only. See who else is up past their bedtime with online badges.
Android users can now select multiple chats for bulk actions, quickly pinning, muting, archiving or deleting in one sweep. The app’s icon and menus have a new look and new functions — introducing an expanded chat list, quick forwarding button, and a more robust sharing menu supporting emoji.
iOS now accommodates 6-digit passcodes and a new look for large emoji, as well as the option to clear recently used stickers.
Read more on our blog:
https://telegram.org/blog/archive-and-new-design
- Today’s update to Telegram apps introduces a new kind of private communication. You can now “unsend” any message you sent or received in any private chat, anytime. You can also control when your messages link back to your account if forwarded. For good measure, we’ve also added an option to hide your profile picture from non-contacts.
Android users can now use emoji search to quickly find the yellow beasts they were looking for — and will get emoji suggestions for the first word they type in a message.
Both platforms also support improved sticker search — you can now find individual stickers based on the keywords for the relevant emoji.
All the important parts of our iOS app can now be accessed with VoiceOver and the Android app fully supports TalkBack.
More features from this update:
https://telegram.org/blog/unsend-privacy-emoji
- WIRED
What Boeing’s 737 MAX Has to Do With Cars: Software
Investigators believe faulty software contributed to two fatal crashes. A newly discovered fault will likely will keep the 737 MAX grounded until the fall.
- WIRED
Microsoft’s Ebook Apocalypse Shows the Dark Side of DRM
Microsoft has closed its ebook store—and will soon make their customers’ libraries disappear along with it.
- This vertical wind turbine turns wind generated from traffic into usable energy.
https://www.linkedin.com/feed/update/urn:li:activity:6550713157164367872
- Threatpost | The first stop for security news
MongoDB Leak Exposed Millions of Medical Insurance Records
Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com.
- Dark Reading:
NIST Issues IoT Risk Guidelines
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
- Dark Reading:
How Hackers Infiltrate Open Source Projects
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
- Threatpost | The first stop for security news
New Microsoft Excel Attack Vector Surfaces
Researchers have identified security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems.
- TechBeacon – Security
12 lessons from NASA hacks: What SecOps can learn from JPL
NASA’s JPL keeps getting hacked. That’s the worrying conclusion of a NASA audit published earlier this month.
- IT SECURITY GURU
Hackers can take control of Tesla Model 3 navigation.
Sat Nav spoofing is a growing threat to in-car driver assistance systems and autonomous vehicles, warns Regulus. Security researchers claim to have been able to hack into the navigation system of a Tesla Model 3, getting the vehicle to turn itself on. In early June, security specialists from Regulus conducted a test drive of the […]
The post Hackers can take control of Tesla Model 3 navigation. appeared first on IT Security Guru.
- IT SECURITY GURU
Firefox to get a random password generator.
Firefox’s random password generator expected to launch later this fall. Mozilla is adding a random password generator to Firefox. Google added one to Chrome and Chromium-based browsers in the fall of 2018, with the release of Chrome/Chromium v69. The Firefox random password generator is expected to become publicly available for all Firefox users with the […]
The post Firefox to get a random password generator. appeared first on IT Security Guru.
- The Best Features of iOS 13: Maps, Photos, Privacy, Health | WIRED
https://www.wired.com/story/ios-13-top-features/
- The Hacker News
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple’s macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on
- TechBeacon – Security
Privacy engineering: How DevOps delivers beyond app sec
When developers hear the term “shift left,” they often think about the traditional waterfall delivery model, and how security must shift earlier in the application lifecycle to reduce cost and friction, and increase quality. But that definition focuses too much on waterfall and not enough on your DevOps culture.
- Telegram 5.8 lets you add anyone to your Telegram contacts – even if you don’t have their number.
If you’re looking to exchange contact info with people standing next to you, try the new Add People Nearby section in Contacts. You will see other users within 100 meters who are also viewing this section at the same time.
The People Nearby section also shows Groups Nearby –public chats related to places around you. As of today, anyone can host location-based group chats in their city.
We’ve also added a tool to transfer group ownership and enhanced notification exceptions to all apps.
Additionally, iOS users can now use Siri shortcuts and change the app icon (in Settings > Appearance).
Read all about this update:
https://telegram.org/blog/contacts-local-groups
- Threatpost | The first stop for security news
Post-Ransomware Attack, Florida City Pays $600K
Riviera Beach, a Florida city, is coughing up $600,000 to hackers after a ransomware attack brought down its computer systems.
- The Entrepreneur Who Became a Billionaire After Being Rejected by Facebook
https://www.entrepreneur.com/article/335531
- Gmail for Android starts getting first bits of dark mode
https://www.androidpolice.com/2019/06/20/gmail-android-dark-mode-beginnings/
- https://youtu.be/eYuGD40qpdE
- According to rumours, Telegram is working on improving public chat groups with a new feature:
Add geolocation to chat group. With that, you will be able to find chat groups near you.
@geeksChannel
- TechBeacon – Security
Your iPhone is not secure: Cellebrite UFED Premium is here
Think your iPhone or iPad is secure from prying eyes? Think again.
- Dark Reading:
The Hunt for Vulnerabilities
A road map for improving the update process will help reduce the risks from vulnerabilities.
- WIRED
Lawmakers Express Privacy Concerns About Facebook’s Libra
Officials in Europe and the US worry about user privacy and how Facebook will handle data stemming from its cryptocurrency.
- Threatpost | The first stop for security news
Oracle Warns of New Actively-Exploited WebLogic Flaw
Oracle is urging users to update after a critical WebLogic Server Flaw was found being actively exploited in the wild.
- The Hacker News
Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks
If you use the Firefox web browser, you need to update it right now.
Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.
Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow
- WIRED
A Plan to Stop Breaches With Dead Simple Database Encryption
Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches.
- WIRED
It’s Time to Switch to a Privacy Browser
Ad trackers are out of control. Use a browser that reins them in.
- WIRED
Security News This Week: Telegram Says China Is Behind DDoS
Voting machine security gets a boost, Have I Been Pwned is for sale, and more of the week’s top security news.
- Dark Reading:
10 Notable Security Acquisitions of 2019 (So Far)
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
- Threatpost | The first stop for security news
Millions of Linux Servers Under Worm Attack Via Exim Flaw
Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.
- IT SECURITY GURU
SecBI Amplifies Its Threat Detection Solution With Automated Response.
SecBI, a disruptive player in cyber threat management, today announced the extension of its agent-less, threat detection solution with automated response. Now security operations centers (SOC) and managed security service providers (MSSPs) can benefit from a comprehensive solution including detection, investigation, and automated response that delivers significant boosts in effectiveness and productivity. Despite the intuitive […]
The post SecBI Amplifies Its Threat Detection Solution With Automated Response. appeared first on IT Security Guru.
- Dark Reading:
BlueKeep RDP Vulnerability a Ticking Time Bomb
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
- https://www.linuxuprising.com/2019/06/scrcpy-19-released-view-and-control.html
- WIRED Google’s Push to Close a Major Encrypted Web Loophole By building security into top-level domains, Google makes it harder for HTTPS to fall short.
- Latest News from Salman, Khwaja
- Latest News from Salman, Khwaja
- The Hacker News Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform, The Hacker News Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform,
- IT SECURITY GURU Cybersecurity Platform Allows Firms To Provide Proof Of Compliance. ThreatAware – the cybersecurity monitoring and compliance platform – has added a new reporting feature which provides businesses with a full audit trail on any aspect of their IT security. It allows users to create a full report on the status of their cybersecurity and record any actions they have taken – whether they are […] The post Cybersecurity Platform Allows Firms To Provide Proof Of Compliance. appeared first on IT Security Guru. IT SECURITY GURU Cybersecurity Platform Allows Firms To Provide Proof Of Compliance. ThreatAware – the cybersecurity monitoring and compliance platform – has added a new reporting feature which provides businesses with a full audit trail on any aspect of their IT security. It allows users to create a full report on the status of their cybersecurity and record any actions they have taken – whether they are […] The post Cybersecurity Platform Allows Firms To Provide Proof Of Compliance. appeared first on IT Security Guru.
- Threatpost | The first stop for security news Google Calendar Attacks Target Unwitting Mobile Users Automatic invite notifications are spreading malicious links.
- Latest News from Salman, Khwaja
- Latest News from Salman, Khwaja
- Latest News from Salman, Khwaja
- 6 Words You Need To Eliminate From Your Professional Vocabulary Lisa QuastContributor Everyone wants to be seen as eloquent, intelligent and credible. Whether it’s through emails, phone calls, meetings or interviews, we have a daily opportunity to support this goal or detract from it. To ensure you’re being perceived in the way you want, begin eliminating these words from your professional vocabulary. Honestly. Many job seekers use this word when they’re hung up on how to kick off an interview answer. However, beginning a sentence this way can give hiring managers the impression that maybe your previous responses weren’t so honest. Just. This seemingly simple word is often used but rarely needed. It also packs a big punch to detract from your credibility and confidence and negates from the importance of your message. Instead of sending an email that begins with “Just wanted to check in…” say “I’m checking in on X, Y and Z.” The adjustment is small, but there is a big difference in the resulting impression you leave. Watch on Forbes: Things. This is a valueless word that can be replaced with more descriptive and meaningful expressions. Instead of “How are things going with our project?” a question positioned as “Can you share an update on how our project timeline is progressing” is clearer and will likely give you the real answer you need. Another example: In an interview or cover letter, instead of saying “there are many things that make me a great candidate,” say the things! Sorry. How familiar does this sound – “Sorry, Wednesday doesn’t work for me.” Women are the most frequent culprits in the overuse of this word, but everyone should stop apologizing for anything they’re not really sorry for. Offer a solution or counterpoint: “Wednesday is booked for me. Are you available Y or Z?” – and save the apologies for when you mean them. Hopefully. In the workplace, don’t hope – deliver. Instead of “Hopefully, we’ll hear back about this by Monday,” say “I asked for an answer by Monday morning, and if I don’t hear back, I will follow up.” Your speech disfluencies. Everyone has these – it could be an um, ah, like, right or ‘you know what I mean.’ These are the phrases or words used to fill up dead air and end sentences, but they are also credibility killers. Further, these words are usually said involuntarily, meaning most people are unaware they’re using them. For my coaching clients, I always recommend they videotape themselves at least once during an interview prep or when practicing a presentation. You’ll catch your “likes” and “ums” immediately and can begin practicing speaking without them.
- Gmail scheduled emails.
- Web Browsers Are Broken. Here’s Why
- عید الفطر مبارک۔ ۲۰۱۹.
- Happy Mother’s day.
- Taxonomy of Information security and it’s many layers..
- 6 skills required for a career in digital forensics
- Blue team, red team and purple team.
- The worst password of 2018
- Ties in with Physical Security
- How to Handle a Full-Time Job and a Side Gig – The Muse
- Privacy and Data protection
- Critical log review checklists for Security Incidents.
- The smallest things can make the biggest difference.
- What does Amazon CEO about work life balance.
- Parent child relation ship
- How to make a car using different methodologies
- How to know which app version you are using on Android.
- Voice hack in WhatsApp
- Where to start with DevOps Metrics? | The Road to ALM
- Radio Garden with a Location and Time. Nostalgia.
- Share expenses, split bills…the easy way
- How to share You Tube Video on Specific Time
- Your Phone data is no longer PRIVATE now. Was it before ?
- Watch “Download Facebook Videos Without Any Software (Computer | Android | iOS)” on YouTube
- Grab stuff from people, without any USB / HDD, over Dropbox, without them signing up on Dropbox
- Watch “Erlang Factory SF 2015 Keynote – From WhatsApp to Outer Space” on YouTube
- Whats App for business launched in Pakistan.
- How to save any Youtube video to your local system
- To be a Bug or not to be a Bug. What’s, How’s and Why’s of Bug Report
- Changing User Agent String
- How manually update ZAP proxy on Kali linux.
- 3 coffees a day, linked to more health than harm….
- Hackers Can Silently Control Siri, Alexa & Other Voice Assistants Using Ultrasound
- CertSimple | Why ‘site seals’ are even worse than you thought
- Biryani. بریانی
- Nutan – The Family Albums – Google Arts & Culture
- To Uber or Careem ?
- On line Banking / Mobile Banking :: Rambling of SCB Mobile Bank update.
- To Follow up or not to Follow up.
- How the filmmakers behind ‘Warcraft’ pushed film technology to the next level
- Watch “4 Slim Wallets for Men” on YouTube
- Four Things I’ve Learned Using a Standing Desk
- Happy independence day. Today we celebrate our independence day. Yeah.
- Kinds of people who wear shade…..
- Chocolate hazelnut with crunches.
- There’s nothing like a good old steak.. And that too medium done.
- Auto Start / Shutdown a Virtual Box Machine via Command line aka CLI
- Spring is here.
- Calendar update for the month of March 2015
- Pipping hot keema.
- Shahnaamey.. Can’t help taking a pic with the name..
- Flower..
- Watch your back, especially if there is an audi behind you..
- Minions..
- Can’t help taking the pic of Meezan bank lovely calendar.
- A handy crafts often sold in Pakistan
- Guide to SCRUM / Agile …
- What is Release Management and why is it needed ?
- Multi colored cake. Official name is rainbow cream cake. I wonder how it is…
- Challenges of Mobile Wallet Implementation in Pakistan Payment Industry
- Are we there YET. Tips on using the very best of Google Maps.
- An open cover letter to that person possibly reading my job application
- How to Check Which Version of Microsoft .NET Framework is Installed in Windows?
- Perspectives…
- In architectural language this is called a plan View….
- A wrecked boat.
- Take Back Your Life in Ten Steps
- What’s a Mobile Wallet ?
- 7 great companies that really should not exist
- Here are the 10 stupidest things you’re doing with your smartphone
- The easiest way to fight procrastination
- If you manage your time terribly, you’ll get more done
- Break free from your social media addiction
- Charge your devices on the go: New smart solar charger raises $50K on Kickstarter
- How to Design for Mobile Layouts
- Alibaba’s online investment account is becoming a serious threat to Chinese banks
- This girl hacker is beating all the boys: a Q&A with Jennie Lamere
- Sure way to lure more customers to your Service
- Fwd: Live Landscapes
- Downloading CHM files over the web and having trouble opening it
- Be content with what you have.
- Listen, not for a pre-determined answer, but for the sake of listening.
- Story to Success. One does not have anything but will to succeed.
- Parenting on unspoiling your child
- Emergency / Distress Numbers
- Managing Time :: Ahmed and Billo Concept
- Change mysql schema and table collation
- 746
- My new closeups of Mira
- Daily Qoutes
- Mitsubishi Minica
- My latest high score in Nin Jump
- What skill would you most like to learn in 2012?
- Should I buy an IPhone, Andriod Phone, or a Black berry. (What Phone are you)
- How to calibrate your battery in your android phone.
- Android :: Desk Clock
- How to import your contacts
- Andriod Software I can’t live without.
- How to boot your desire into recovery mode
- Movies At You Tube.
- Which Search Engine do you use?
- The Social Network :: Movie Review.
- Learning HTML 5 [Part 1]
- Server time out when php script takes too long to execute.
- Proper DB Insertion from Web Page.
- Server Varaibles
- My Reality Show
- A Strong Voice
- Should you be using that Browser ?
- Malaysian state launches Islamic currency
- First Pakistani Anti Virus and Recovery Tool developed.
- Should you be staring at that monitor?
- The World Would Be a Better Place If…
- Microsoft Vista – Source Code Humour
- Typed an Email in Coded language
- Cooking food under 10 minutes.
- Where the hell is matt?
- Pizza or Sharwarma
- Do Schools kill Creativity? Do they.
- Power Search
- Travelogue to Malaysia
- HTML Color Values
- Why settle for GOOD, when you can Have Awesome.
- 10 Amazing Life Lessons You Can Learn From Albert Einstein
- HPC (High Performance Computing) and Coffee
- Mac vs. PC Windows 7 vs. Mac Ad: Broken Promises
- Try this and laugh
- Daily Quotes :: Excuses
- Movie Review :: THE CAR (1977)
- Suspicion
- Twitter and it’s Retweets.
- Iqbal Day Tribute :: Anwarama :: Ajab Jehan hai yeh
- I need My Chocolate Drink.
- Resume on T-Shirts.
- Tech Support Cheat Sheet :: XKCD COMIC
- Blogging by Email :: Now being provided by Word Press.
- CUSTOMER CARE IN 2020
- Wolfram Alpha :: New Search Engine on the block.
- My Facebook Account is re-enabled
- My Facebook Account is disabled.
- My new addiction
- Me and My Twittering
- Web Development Insights on Sign Up Forms
- Movie Review:: Seven Pounds.
- Movie Review :: the Bucket List.
- Bruce lee Versus Iron Man
- How to install Ubuntu on Windows Machine. (Dual Boot)
- Stick Figure Animator.
- Code on Wedding Cake?
- Another nice feminist comic
- User Friendly
- Computer Poetry
- Scientific Dating Blogging Service.
- Seven Habits – Inside Out
- Blog Resolutions
- Living Internet
- Bruce Lee Vs. Iron Man
- Execersis and Solutions :: Google Online Tutorial
- Ubuntu on the Acer Aspire One
- How to Install MSN Messenger on Ubuntu Linux?
- Install Software By Clicking a Link in Ubuntu
- How to Install Adobe AIR on Ubuntu
- Boot and run Linux from a USB flash memory stick
- How to make UBUNTU USB Live
- 4 Liquid stages of Life.
- Jason Maraz :: Lucky I am Love.
- IE New Accessibility Features in IE 8
- Fashion Your FireFox
- Movie Review :: Eagle Eye
- Movie Review :: Max Payne
- Movie Review :: SlumDog Millionaire
- Movie Review :: The incredible Hulk.
- Movie Review :: Vantage Point.
Yearly Archives
Monthly Archives
- October 2023 (1)
- May 2022 (1)
- February 2022 (1)
- July 2020 (6)
- June 2020 (2)
- May 2020 (14)
- April 2020 (2)
- March 2020 (19)
- February 2020 (20)
- January 2020 (5)
- December 2019 (16)
- November 2019 (16)
- October 2019 (4)
- September 2019 (12)
- August 2019 (41)
- July 2019 (61)
- June 2019 (48)
- May 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (1)
- November 2018 (6)
- September 2018 (3)
- April 2018 (3)
- March 2018 (5)
- February 2018 (3)
- December 2017 (1)
- November 2017 (1)
- September 2017 (2)
- July 2017 (1)
- June 2017 (1)
- December 2016 (1)
- October 2016 (1)
- August 2016 (1)
- June 2016 (3)
- August 2015 (1)
- July 2015 (1)
- May 2015 (2)
- March 2015 (3)
- February 2015 (3)
- January 2015 (3)
- December 2014 (2)
- September 2014 (3)
- May 2014 (4)
- April 2014 (4)
- February 2014 (4)
- January 2014 (3)
- December 2013 (2)
- October 2013 (2)
- June 2013 (1)
- April 2013 (3)
- February 2013 (2)
- January 2013 (1)
- June 2012 (1)
- April 2012 (4)
- November 2011 (3)
- September 2011 (1)
- August 2011 (4)
- June 2011 (1)
- December 2010 (3)
- November 2010 (4)
- September 2010 (3)
- August 2010 (1)
- July 2010 (4)
- June 2010 (5)
- May 2010 (3)
- April 2010 (1)
- March 2010 (1)
- February 2010 (1)
- January 2010 (5)
- November 2009 (2)
- August 2009 (3)
- July 2009 (1)
- June 2009 (1)
- May 2009 (4)
- April 2009 (22)
- March 2009 (2)
- January 2009 (7)