Hi and Welcome to small dot of Salman ke Khayalat on Websphere.
This blog is an attempt to keep all my information (which could range from ideas, from rants to product / movie reviews) in a visual way, a visual repository perhaps. Also, I have a knack of keeping bookmarks to my favorite websites and making them properly tagged, and assigned them keywords. Still with the amount of bookmarks, I feel a better way to document those websites (especially reference ones) is to use a Blog.
The name is Salman… Salman, Khwaja (Feels like the bond intro, doesn’t it). I came across a good idea of turning a small web page into a search engine.
- Google Online Security Blog OpenTitan – open sourcing transparent, trustworthy, and secure silicon Posted by Royal Hansen, Vice President, Google and Dominic Rizzo, OpenTitan Lead, Google Cloud Security begins with secure infrastructure. To have higher confidence in the security and integrity of the infrastructure, we need to anchor our trust at the foundation – in a special-purpose chip. Today, along with our partners, we are excited to announce OpenTitan – the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more. Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure. https://1.bp.blogspot.com/-n2qQdpSpUuc/Xb965lxHFAI/AAAAAAAABEc/aVj757izoYMQtLdHOGS4yCUaJXtI7chNQCNcBGAsYHQ/s400/OT.png The OpenTitan logo Anchoring trust in silicon Silicon RoT can help ensure that the hardware infrastructure and the software that runs on it remain in their intended, trustworthy state by verifying that the critical system components boot securely using authorized and verifiable code. Silicon RoT can provide many security benefits by helping to: * Ensure that a server or a device boots with the correct firmware and hasn’t been infected by a low-level malware. * Provide a cryptographically unique machine identity, so an operator can verify that a server or a device is legitimate. * Protect secrets like encryption keys in a tamper-resistant way even for people with physical access (e.g., while a server or a device is being shipped). * Provide authoritative, tamper-evident audit records and other runtime security services. The silicon RoT technology can be used in server motherboards, network cards, client devices (e.g., laptops, phones), consumer routers, IoT devices, and more. For example, Google has relied on a custom-made RoT chip, Titan, to help ensure that machines in Google’s data centers boot from a known trustworthy state with verified code; it is our system root of trust. Recognizing the importance of anchoring the trust in silicon, together with our partners we want to spread the benefits of reliable silicon RoT chips to our customers and the rest of the industry. We believe that the best way to accomplish that is through open source silicon. Raising the transparency and security bar Similar to open source software, open source silicon can: 1. Enhance trust and security through design and implementation transparency. Issues can be discovered early, and the need for blind trust is reduced. 2. Enable and encourage innovation through contributions to the open source design. 3. Provide implementation choice and preserve a set of common interfaces and software compatibility guarantees through a common, open reference design. The OpenTitan project is managed by the lowRISC CIC, an independent not-for-profit company with a full-stack engineering team based in Cambridge, UK, and is supported by a coalition of like-minded partners, including ETH Zurich, G+D Mobile Security, Google, Nuvoton Technology, and Western Digital. https://1.bp.blogspot.com/-ggGxGBSS-K8/Xb976JloWjI/AAAAAAAABEo/c57FeeqkGgItyXfst31gUZewNu2SwURjQCNcBGAsYHQ/s640/logos.png The founding partners of the OpenTitan project OpenTitan is an active engineering project staffed by a team of engineers representing a coalition of partners who bring ideas and expertise from many perspectives. We are transparently building the logical design of a silicon RoT, including an open source microprocessor (the lowRISC Ibex, a RISC-V-based design), cryptographic coprocessors, a hardware random number generator, a sophisticated key hierarchy, memory hierarchies for volatile and non-volatile storage, defensive mechanisms, IO peripherals, secure boot, and more[…] #SalmanKhwaja
- Google Online Security Blog The App Defense Alliance: Bringing the security industry together to fight bad apps https://2.bp.blogspot.com/-Ox7aTD47wCo/XcIN1wcOwyI/AAAAAAAABKw/v3UcW-vZfbwy5p2reuXGUcYFJhj_WzQ9ACNcBGAsYHQ/s320/adaHeroSpinAnimation.gif Posted by Dave Kleidermacher, VP, Android Security & Privacy Fighting against bad actors in the ecosystem is a top priority for Google, but we know there are others doing great work to find and protect against attacks. Our research partners in the mobile security world have built successful teams and technology, helping us in the fight. Today, we’re excited to take this collaboration to the next level, announcing a partnership between Google, ESET, Lookout, and Zimperium. It’s called the App Defense Alliance and together, we’re working to stop bad apps before they reach users’ devices. The Android ecosystem is thriving with over 2.5 billion devices, but this popularity also makes it an attractive target for abuse. This is true of all global platforms: where there is software with worldwide proliferation, there are bad actors trying to attack it for their gain. Working closely with our industry partners gives us an opportunity to collaborate with some truly talented researchers in our field and the detection engines they’ve built. This is all with the goal of, together, reducing the risk of app-based malware, identifying new threats, and protecting our users. What will the App Defense Alliance do? Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them from being published As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store. Who are the partners? All of our partners work in the world of endpoint protection, and offer specific products to protect mobile devices and the mobile ecosystem. Like Google Play Protect, our partners’ technologies use a combination of machine learning and static/dynamic analysis to detect abusive behavior. Multiple heuristic engines working in concert will increase our efficiency in identifying potentially harmful apps. We hand-picked these partners based on their successes in finding potential threats and their dedication to improving the ecosystem. These partners are regularly recognized in analyst reports for their work. Industry collaboration is key Knowledge sharing and industry collaboration are important aspects in securing the world from attacks. We believe working together is the ultimate way we will get ahead of bad actors. We’re excited to work with these partners to arm the Google Play Store against bad apps. Want to learn more about the App Defense Alliance’s work? Visit us here. #SalmanKhwaja
- Google Online Security Blog GWP-ASan: Sampling heap memory error detection in-the-wild Posted by Vlad Tsyrklevich, Dynamic Tools Team Memory safety errors, like use-after-frees and out-of-bounds reads/writes, are a leading source of vulnerabilities in C/C++ applications. Despite investments in preventing and detecting these errors in Chrome, over 60% of high severity vulnerabilities in Chrome are memory safety errors. Some memory safety errors don’t lead to security vulnerabilities but simply cause crashes and instability. Chrome uses state-of-the-art techniques to prevent these errors, including: * Coverage-guided fuzzing with AddressSanitizer (ASan) * Unit and integration testing with ASan * Defensive programming, like custom libraries to perform safe math or provide bounds checked containers * Mandatory code review Chrome also makes use of sandboxing and exploit mitigations to complicate exploitation of memory errors that go undetected by the methods above. AddressSanitizer is a compiler instrumentation that finds memory errors occurring on the heap, stack, or in globals. ASan is highly effective and one of the lowest overhead instrumentations available that detects the errors that it does; however, it still incurs an average 2-3x performance and memory overhead. This makes it suitable for use with unit tests or fuzzing, but not deployment to end users. Chrome used to deploy SyzyASAN instrumented binaries to detect memory errors. SyzyASAN had a similar overhead so it was only deployed to a small subset of users on the canary channel. It was discontinued after the Windows toolchain switched to LLVM. GWP-ASan, also known by its recursive backronym, GWP-ASan Will Provide Allocation Sanity, is a sampling allocation tool designed to detect heap memory errors occurring in production with negligible overhead. Because of its negligible overhead we can deploy GWP-ASan to the entire Chrome user base to find memory errors happening in the real world that are not caught by fuzzing or testing with ASan. Unlike ASan, GWP-ASan can not find memory errors on the stack or in globals. GWP-ASan is currently enabled for all Windows and macOS users for allocations made using malloc() and PartitionAlloc. It is only enabled for a small fraction of allocations and processes to reduce performance and memory overhead to a negligible amount. At the time of writing it has found over sixty bugs (many are still restricted view). About 90% of the issues GWP-ASan has found are use-after-frees. The remaining are out-of-bounds reads and writes. To learn more, check out our full write up on GWP-ASan here. #SalmanKhwaja
- WIRED As 5G Rolls Out, Troubling New Security Flaws Emerge Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them. #SalmanKhwaja
- WIRED Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings Speculative execution attacks still haunt Intel, long after researchers told the company what to fix. #SalmanKhwaja
- The Hacker News Is Facebook Secretly Accessing Your iPhone’s Camera? Some Users Claimed It appears that Facebook at the center of yet another issue involving privacy. Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone’s camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network. As shown in the Twitter videos below, when users click #SalmanKhwaja
- IT SECURITY GURU Another Facebook Privacy Breach Facebook has quietly revealed another privacy breach involving approximately 100 developers. On Tuesday, Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships said in a blog post that the names and profile pictures of users connected to Groups and the system’s API were accessible. The post Another Facebook Privacy Breach appeared first on IT Security Guru. #SalmanKhwaja
- WIRED How to Change the Default Apps on All Your Devices Don’t settle for the preinstalled apps Apple, Microsoft, and Android stick you with. Mix it up a little\! #SalmanKhwaja
- The Hacker News New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could #SalmanKhwaja
- TechBeacon – Security Cybersecurity Awareness Month: Is it time to review your approach? For most folks, October is a month for ghosts and goblins, but for the last 15 years the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) have had a different emphasis: National Cybersecurity Awareness Month (NCAM). #SalmanKhwaja
- What your Devices knows about you ?.
- Threatpost | The first stop for security news Microsoft Blacklists Dozens of New File Extensions in Outlook In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails. #SalmanKhwaja
- Threatpost | The first stop for security news Google Assistant Audio Privacy Controls Updated After Outcry Google is tightening its privacy controls over its Google Assistant voice assistant after a report earlier this year found that it was eavesdropping on user conversations. #SalmanKhwaja
- https://podcasts.google.com/?feed=aHR0cHM6Ly9wb2RjYXN0LnNlY3VyaXR5am91cm5leS5jb20vZmVlZC9wb2RjYXN0Lw&episode=aHR0cHM6Ly9wb2RjYXN0LnNlY3VyaXR5am91cm5leS5jb20vP3A9MTI1Mw #SalmanKhwaja
- WIRED After Six Years in Exile, Edward Snowden Explains Himself In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists. #SalmanKhwaja
- *There are three types of intelligence.* *Intelligent Quotient (IQ)* *Emotional Quotient (EQ)* *Social Quotient (SQ)* Now this thread shows what each of these mean and their impact. Do well to share so others can learn. 1. *Intelligent Quotient (IQ)*: this is what helps one to “know book”, solve maths; memorize things and recall subject matters. *2. Emotional Quotient (EQ)*: this is what makes someone to be able to maintain peace with others; keep to time; be responsible; be honest; respect boundaries; be humble, genuine and considerate. 3. *Social Quotient (SQ):* this is what makes people to be able to build network of friends and maintain it over a long period of time. People that have higher EQ and SQ tend to go farther in life than those with high IQ but low EQ and SQ. Most schools capitalize in improving IQ level while EQ and SQ are played down. A man of high IQ can end up being employed by a man of high EQ and SQ even though he has an average IQ. Your EQ represents your character; your SQ represents your fame. Give in to habits that will improve these three Qs but more especially your EQ and SQ. EQ and SQ make one manage better than the other. Pls don’t teach children only to be IQ but also to be EQ and SQ. Now there is a 4th one : A new paradigm 4. *The Adversity Quotient (AQ)*: that makes people go through a rough patch in life and come out without losing their centres. The AQ determines who will give up in face of troubles, who will abandon their family or who will consider suicide. To parents. Expose children to other areas of life than academic. They should adore manual work (never use work as a form of punishment), sport and art. Develop their EQ, SQ and AQ. They should become multifaceted human beings able to do things independently of the parents. Finally, do not prepare the way for the children. Prepare the children for the way. Have a nice path #SalmanKhwaja
- New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS https://thehackernews.com/2019/09/simjacker-mobile-hacking.html #SalmanKhwaja
Or one could choose to go to following Categories
With time, I do develop small projects, that aid in the my web development. Below are small links to projects, which I have created for Self Promotion, and they are also being used in everyday routines tasks.
- Power Seek
A complete user manual resides here.
Test drive Power Seek here.
- Power test
test drive your web applications on check for screen sizes here.