Today we will learn about the example of operating system, their meaning and their usage. Our main focus in this article is about examples o
seen from Singapore
seen from Germany
seen from Qatar
seen from Germany

seen from Czechia
seen from France
seen from Saudi Arabia
seen from Italy

seen from Hong Kong SAR China

seen from Australia
seen from Germany

seen from United States

seen from Malaysia

seen from Germany

seen from China

seen from Germany

seen from Colombia
seen from Australia
seen from China
seen from United Kingdom
Today we will learn about the example of operating system, their meaning and their usage. Our main focus in this article is about examples o
E.L.O Everything Live On
http://www.everythingliveon.com/steer-clear-of-ios-8s-infinite-loop/
Steer Clear of iOS 8's Infinite Loop
A flaw in iOS 8 allows hackers essentially to crash apps that perform SSL communications whenever they like. Skycure reported the bug at the RSA security conference held last week, advising owners of iOS devices to upgrade to iOS 8.3.
Apple this week confirmed that iOS 8.3 addresses the vulnerability, according to Skycure.
An attack would involve specially crafting an SSL certificate to regenerate a bug. SSL is used in almost all apps in the iTunes App Store, which means pretty much every device user running iOS 8 could be at risk.
The flaw is an SSL parsing vulnerability that affects iOS itself, and heavy use of affected devices will crash the OS, Skycure said.
Further, under certain conditions, affected devices can be put into a reboot loop, which locks them up. If the attack’s coming through a WiFi network, victims can’t disable the WiFi interface to stop it. They’re stuck in what Skycure has dubbed a “No iOS Zone.”
However, “we have not seen any instances [of exploits based on this vulnerability] in the wild,” Skycure CEO Adi Sharabani told TechNewsWorld.
The No iOS Zone
Combining the iOS 8 SSL vulnerability with WiFiGate, which Skycure disclosed in 2013, or with the Karma tool, would let attackers form a No iOS Zone.
Attackers could automatically recruit any iOS device in range into what essentially would be a mobile botnet that could launch denial of service attacks on target iOS devices.
The possibility of such an attack is real, according to Simone Margaritelli, a developer and security researcher at Zimperium.
“I recently used a Karma attack against my updated iOS device, and it worked like a charm,” he told TechNewsWorld.
Victims can’t do anything about the No iOS Zone, Skycure said.
Follow the Money
“Mobile malware and WiFi hacks like the No iOS Zone are on the rise, driving a multibillion-dollar market opportunity for mobile security companies,” said Steve Morgan, CEO of Cybersecurity Ventures.
“This is like the early days of antivirus, when the vendors were leapfrogging each other in the media as they each scurried to be the first one to report a bug,” he told TechNewsWorld. “Companies … who report a bug initially are poised for growth.”
Nothing to Fear but Fear Itself?
Attacks exploiting the iOS 8 SSL vulnerability “will happen, but I would be much more worried about the prevalence of bugs in iOS that allow malicious apps or malicious websites to run code on the devices,” said Marble Security CEO Dave Jevans.
“In the one month between the release of iOS 8.2 and iOS 8.3, Apple fixed 37 iOS security bugs, one of which also allowed denial of service attacks over the air,” he told TechNewsWorld.
“There were also nine security bugs fixed that were related to malicious apps or websites taking over devices or running unauthorized code on them. The myth that iOS is secure is just that — a myth,” Jevans added.
The iOS 8 SSL vulnerability Skycure found is “similar to the Darwin Nuke flaw discovered by Kaspersky,” said Jimmy Shah, senior director of research at Zimperium.
The current threat level for the vulnerability is low, he told TechNewsWorld, because “DoS is not persistent, and no code execution is involved.”
Staying Safe
Users whose iOS devices keep on crashing or rebooting should disconnect from a troublesome WiFi network or change their location, Skycure recommended, and they should upgrade to version 8.3 post haste.
Users of iOS devices can enable the OS’s “Ask to join networks” feature to protect themselves, Zimperium’s Shah suggested.
“Android and iOS are constantly improving their security mechanisms,” he remarked. Although iOS is generally believed to be the more secure of the two, “in reality [they] are equally secured, with pluses and minuses for each.”
Like this:
Like Loading…
E.L.O Everything Live On
http://www.everythingliveon.com/chrome-web-store-gives-bad-extensions-the-boot/
Chrome Web Store Gives Bad Extensions the Boot
Google recently purged some 200 extensions from its Chrome Store inventory. Extensions and add-ons let users add functions and features to the Chrome Web browser, but bad extensions can expose users to a greater risk of spyware and malware. A major problem with many browser add-ons is ad injectors.
The clean-up resulted from an extensive search for embedded code that violates Google’s policies, triggered by increasing user complaints.
Google has been studying add-on security risks with a team at the University of California, Berkeley, and will release a full report of its findings on May 1.
“It is not so much the security of the Chrome browser as the security in having an open store for downloading extensions,” noted Martin Zetterlund, founder of ScrapeSentry.
“I am sure Google automatically screens any extension uploaded — but the bad guys will, of course, do their best to trick automatic screening,” he told LinuxInsider.
Tip of the Iceberg
ScrapeSentry this week revealed its discovery of problems with the Chrome extension Webpage Screenshot: The extension could send any information visible on a browser tab back to an IP address located in the U.S., such as page title.
“Obviously, they need to put more work into screening of uploads to the Chrome Store if it should be considered a trusted source, as opposed to downloading from random sites on the Internet,” Zetterlund said.
Distributing malware is against the Chrome Web Store’s Content Policies, said Google spokesperson Veronica Navarrete.
“When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances,” she told LinuxInsider.
However, Navarrete declined to answer specific questions about the program purge process, ad injection programs or the Webpage Screenshot extension.
Google removed Webpage Screenshot on Tuesday, Zetterlund said.
A Growing Problem
Ad injectors are code within an extension or add-on that inserts new ads or replaces existing ads on pages the Web browser visits. Google has received more than 100,000 complaints from Chrome users about ad injection in the last three months, according to Google Software Engineer Nav Jagpal.
Injectors are related to unwanted programs. Both are deceptive, hard to remove, and often secretly bundled with other downloads.
It is unclear if ad injectors are able to work within the more rigid architecture of Linux as a function protected by the Web browser’s integration with the operating system. The study refers to browsers tested only on Mac and Windows operating systems.
Google does not ban all uses of ad injectors. People can choose to install injectors that clearly disclose what they do, noted Jagpal.
However, injectors that sneak ads into a browser violate Google’s policies. Google alerts Chrome browser users with red warnings when users attempt to download software that is deceptive or does not use the right API (application program interface) to interact with the browser.
Ad Injector Study
The problem with Web browser extensions and add-ons is not restricted to the Chrome browser. The UC Berkeley team studied more than 100 million page views of Google sites across Chrome, Firefox and Internet Explorer.
The results were anything but pretty, noted Jagpal. The researchers found ad injectors on browsers running on the Mac and Windows operating systems, but it is unclear if they found them on the Linux OS.
The researchers detected ad injectors in the Chrome, Firefox and IE Web browsers. The study results include these findings:
More than 5 percent of browsers visiting Google sites have at least one ad injector installed. Half of those browser visits showed at least two injectors installed. Nearly one-third have at least four installed.
Thirty-four percent of Chrome extensions injecting ads were classified as outright malware.
There were 192 deceptive Chrome extensions that affected 14 million users.
Action Taken
Google has removed or disabled those deceptive extensions. Google now incorporates the techniques researchers used to catch them to scan all new and updated extensions, noted Jagpal.
Google has several policies in play to limit or entirely prohibit ad injectors. Those policies affect both the Chrome browser and AdWords advertisers with software downloads hosted on their site or linked to from their site.
For example, all Chrome extensions hosted in the Chrome Web Store must comply with the Developer Program Policies. This means that extensions must have a specific understandable purpose.
AdWords advertisers must comply with Google’s Unwanted Software Policy and the DoubleClick Ad Exchange (AdX) Seller Program Guidelines. Both prohibit programs that overlay ad space on a given site without permission of the site owner.
E.L.O Everything Live On
http://www.everythingliveon.com/windows-10-to-make-the-secure-boot-alt-os-lock-out-a-reality/
Windows 10 to make the Secure Boot alt-OS lock out a reality
Those of you with long memories will recall a barrage of complaints in the run up to Windows 8’s launch that concerned the ability to install other operating systems—whether they be older versions of Windows, or alternatives such as Linux or FreeBSD—on hardware that sported a “Designed for Windows 8″ logo.
To get that logo, hardware manufacturers had to fulfil a range of requirements for the systems they built, and one of those requirements had people worried. Windows 8 required machines to support a feature called UEFI Secure Boot. Secure Boot protects against malware that interferes with the boot process in order to inject itself into the operating system at a low level. When Secure Boot is enabled, the core components used to boot the machine must have correct cryptographic signatures, and the UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system won’t boot.
This is a desirable security feature, but it has an issue for alternative operating systems: if, for example, you prefer to compile your own operating system, your boot files won’t include a signature that Secure Boot will recognize and authorize, and so you won’t be able to boot your PC.
However, Microsoft’s rules for the Designed for Windows 8 logo included a solution to the problem they would cause: Microsoft also mandated that every system must have a user-accessible switch to turn Secure Boot off, thereby ensuring that computers would be compatible with other operating systems. Microsoft’s rules also required that users be able to add their own signatures and cryptographic certificates to the firmware, so that they could still have the protection that Secure Boot provides, while still having the freedom to compile their own software.
This all seemed to work, and the concerns that Linux and other operating systems would be locked out proved unfounded.
This time, however, they’re not.
At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down.
The presentation is silent on whether OEMS can or should provide support for adding custom certificates.
Should this stand, we can envisage OEMs building machines that will offer no easy way to boot self-built operating systems, or indeed, any operating system that doesn’t have appropriate digital signatures. This doesn’t cut out Linux entirely—there have been some collaborations to provide Linux boot software with the “right” set of signatures, and these should continue to work—but it will make it a lot less easy.