“Gaming Disorder” Is A Mental Health Condition, WHO Declares

If you open the latest edition of the International Statistical Classification of Diseases (ICD) handbook of the World Health Organization, you’ll notice that Gaming Disorder has been classified as a mental health condition.

In the handbook, the organization has placed it under the “Disorders due to substance use or addictive behaviors” category–it’s the same category which includes “Gambling Disorder” as well. Some people might find this placement apt as video games were already being called “digital drugs” by concerned parents and health specialists.

The organization further lists different reasons that could trigger the disorder:

  • Impaired control over gaming
  • Priority is given to gaming over other tasks
  • Escalation of gaming despite negative consequences
  • However, this inclusion isn’t being well received by all; many experts aren’t convinced that gaming disorder even exists in the first place.

On the other hand, Vladimir Poznyak, the WHO member who proposed the diagnosis, told CNN that the inclusion is a result of the trends and developments in the professional field as well as daily lives.

The experts have also argued that WHO’s criteria needs to be more narrowed down as it doesn’t offer a way to distinguish between severe and mild addiction.
Wednesday, 20 June 2018
Posted by Siva Priya

How to safeguard your databases from SQL injections

SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases. However, the databases can be breached when an attacker adds SQL statements that attempt to corrupt, delete, extract, or delete the data held in the databases.

With the current rise of SQL injection cases, learning how to protect your databases is critical for achieving your cyber security goals. You can also improve your skills of shielding yourself from this type of attack by watching how professionals do it.

For example, Darren Rainey, who is from the U.K. and has more than four years of experience in cyber security, usually livestreams the measures he employs to safeguard systems from various types of attacks, including SQL injection.

How does an SQL injection take place?

An SQL injection occurs when a hacker “injects” a malicious SQL statement into another statement, causing the database to carry out unintended actions. Such type of injections usually affect applications that formulate SQL statements from user actions such as the values users input on the form of a website.

The main type of SQL injection attacks is error-based attacks. They take place when attackers compromise unsanitized inputs.

If a developer fails to sanitize inputs by eliminating needless characters from inputted data, an attacker can insert wrong values and cause harm to the database.

For example, here is the PHP code of a login web form having username and password fields.

?php

$my_username=$_POST[‘username’];
$my_password=$_POST[‘password’];
$my_sql_query=”SELECT * FROM users WHERE username='”.$my_username.”‘ AND user_password='”.$my_password”‘;”;
?>

The above command would then be sent to a database server to determine correspondence with the data stored, before allowing or denying a user access.

Let’s say that a user inputs “computer” as username and “comp123” as the password, it would lead to the following command.


$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password='”.$comp123″‘;”;

However, the above code is vulnerable to attacks. If an attacker inserts ‘ or ‘a’=’a ‘or’ in the password field, then the variable $my_password will have the value ‘ or ‘a’=’a ‘or’.

In that case, the resulting command will look like the following, which usually leads to a non-empty dataset.

$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password=” or ‘a’=’a’;”;

Consequently, since the statement a=a is always true, the attacker may be granted entry without having valid login credentials.

How to protect your database

Sanitize inputs
An important technique you should use to safeguard your database from SQL injection attacks is to sanitize input strings. If you sanitize the user input on the server side, you will remove any potential harmful commands and ensure that users offer only the right type of input.

For example, in PHP you can use the mysqli\_real\_escape\_string() function for escaping the characters that could alter the characteristics of the SQL command.

Here is the improved version of the code mentioned above.

?php
$my_username= mysqli_real_escape_string$_POST([‘username‘]);
$my_password= mysqli_real_escape_string($_POST[‘password‘]);
$my_sql_query=”SELECT * FROM users WHERE username=‘”.$my_username.”‘ AND user_password=’“.$my_password“‘;”;
?>

With the improvements, the web form would be safeguarded when an attacker includes an escape character (\) in front of single quotes in the fields.

You can also sanitize user inputs by ensuring that numeric or alphanumeric fields lack symbol characters and removing whitespace and new line characters before sending them for processing on the server-side.

Furthermore, you should ensure that user inputs are validated to keep to the guidelines set for length, syntax, and type. For example, if users are providing email addresses in a form, they should be filtered to allow only the characters that constitute an email address.

Restrict database permissions

You should avoid giving users excessive privileges. When your application is connecting to a database, ensure that the users are granted only the necessary privileges for that purpose.

This way, you will lower the effects of any SQL injection attacks that could compromise the security of your database.

For example, if you are using the Microsoft SQL server, you could limit database permissions as follows.

deny select on sys.tables to sqldatabasepermit;

deny select on sys.packages to sqldatabasepermit;

deny select on sys.sysobjects to sqldatabasepermit;

Use parameterized queries
With this simple and effective technique, you can segregate the data provided by the users from the code powering the application.

As such, the two will not interact with one another directly, allowing you to minimize the effects of SQL injection attacks.

Importantly, you should avoid revealing database error information to users. If attackers get hold of the error messages, they can use them to exploit the security of your database.

Conclusion

SQL injection is one of the common types of attacks hackers use to compromise systems. Therefore, you need to stay vigilant and appropriately guard your IT infrastructure from this type of attack.

The techniques listed in this article are simple and may not offer you full protection from this type of attack. That is why you need to learn from the cyber security experts on how to reinforce your protection measures from SQL injections.
Monday, 11 June 2018
Posted by Siva Priya

What Is Social Engineering? What Are Different Types Of Social Engineering Attacks?

You might have heard the word Social Engineering. But, what exactly is Social Engineering? What are the types of Social Engineering techniques? It can be assumed as a set of methods primarily intended by the people who want to hack other people or make them do some particular task to benefit the attacker.

However, to do this, they don’t want to depend mainly on the coding part. Social Engineering scams are the art of deception used by evil-minded people to nourish their greed for money or something else.

So, What is Social Engineering?
You might’ve received phone calls or emails from people giving credit card offers. They try to take their targets into confidence and make them pay a hefty amount to claim the offers. We call such things as a fraud. That’s an example/type of social engineering, where people try confidence tricks on their targets.

This social manipulation is not just for financial benefits. Social engineering can be done for other purposes too, for instance, harvesting information from people. It involves playing with their mind to get things done.

You can find social engineers everywhere. Even your friends sitting next to you concentrating on your keyboard while you type your passwords is a social engineer. It’s just that there is no certification for this thing. So, let’s tell you what are the types of social engineering in detail.

Types of Social Engineering Attacks:
There are many social engineering tactics depending on the medium used to implement it. The medium can be email, web, phone, USB drives, or some other thing. So, let’s tell you about different types of social engineering attacks:

1. Phishing
Phishing is the most common type of social engineering attack. The attacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.

You can prevent phishing emails by using spam filters in your email accounts. Most email providers do this by default nowadays. Also, don’t open any emails coming from an untrusted source or you find it suspicious.

2. Spear Phishing
A social engineering technique known as Spear Phishing can be assumed as a subset of Phishing. Although a similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably higher in the case of spear phishing.

3. Vishing
Imposters or social engineers can be anywhere on the internet. But many prefer the old fashioned way; they use the phone. This type of social engineering attack is known as Vishing. They recreate the IVR (Interactive Voice Response) system of a company. They attach it to a toll-free number and trick people into calling the phone number and entering their details. Would you agree on this? Most people don’t think twice before entering confidential info on a supposedly trusted IVR system, do they?

4. Pretexting
Pretexting is another example of social engineering you might’ve come across. It’s based on a scripted scenario presented in front of the targets, used to extract PII or some other information. An attacker might impersonate another person or a known figure.

You might’ve seen various TV shows and movies where detectives use this technique to get into places where they’re personally not authorized, or extract information by tricking people. Another example of pretexting can be fake emails you receive from your distant friends in need of money. Probably, someone hacked their account or created a fake one.

5. Baiting
If you have seen the movie Troy, you might be able to recall the trojan horse scene. A digital variant of this technique is known as Baiting and it is one of the social engineering techniques used by people. Attackers leave infected USB drives or optical disks at public places with a hope of someone picking it up out of curiosity and using it on their devices. A more modern example of baiting can be found on the web. Various download links, mostly containing malicious software, are thrown in front of random people hoping someone would click on them.

6. Tailgating
Similarly, there are other social engineering techniques, like Tailgating, where a person takes help of an authorized person to get access to restricted areas where RFID authentication or some other electronic barrier is present.

7. Quid pro quo
Another social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they’re contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for everyday people also.

Quid pro quo involves an exchange of something with the target, for instance, the attacker trying to solve a victim’s genuine problem. The exchange can include materialistic things such as some gift in return for the information.

How to defend yourself from social engineers?

In the past, you might’ve come across the story of Ivan Kwiatkowski. He had sensed a foul customer support call before it was too late. He managed to fool the so-called executive on the other side and installed ransomware on the attacker’s computer. That could be thought of as a counter-attack on such people. You need to be alert when someone asks you to give your information or when some unknown person is giving something to you for free.

Improve your emotional intelligence
Social engineers can also try to hit on the emotional part of people’s brains. They might try to take you on a guilt trip, make you nostalgic, or even try to impact negatively. The situation becomes alarming; people tend to open up in front of the ones trying to give them emotional comfort.

Stay aware of your surroundings
One more thing you must pay attention to save yourself from different types of social engineering scams is what you do on the internet. A person trying to hack into your online account may glance through your Facebook profile and find some clues about the answers to the security questions or even your password.

Think before you act
Mostly, such questions include less important stuff like pet names, school names, birthplace, etc. Also, pay attention to what web pages you visit or what files you download. They may contain malicious tools to harvest your information.

Keep your accounts and devices safe
With the abundance of electronic devices and internet nowadays, it’s easier than ever to get information about almost anyone. For instance, it could be some camera keeping an eye on you in the subway or on the streets that could be compromised during social engineering attacks.

So, what’s important is to keep your smartphones, PCs, and online accounts safe by adding strong passwords and other methods like two-factor authentication. Take appropriate security measures like anti-virus software, firewalls, etc. That’s the minimum you can do. Also, make sure you don’t have the habit of writing down passwords and financial details.

However, these are general ways to defend oneself from being exploited by a social engineer. Big organizations have devised more formal methods to deal with such scenarios. This can include things such as conducting regular drills on employees, training them to deal with such situations, and establishing proper methods to identify legitimate personnel.

Read More..
Friday, 8 June 2018
Posted by Siva Priya

Cyber Security - Meaning | Elements | Threats | Importance

INRODUCTION :
           Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.

        Ensuring cybersecurity requires coordinated efforts throughout an information system. 

Elements of cybersecurity include:
  • Network security
  • Application security
  • Endpoint security
  • Data security
  • Identity management
  • Database and infrastructure security
  • Cloud security
  • Mobile security
  • Disaster recovery/business continuity planning
  • End-user education

One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected against. Such an approach is insufficient in the current environment.

Some of the threats are outlined below in more detail.

Cyberterrorismis the disruptive use of information technology by terrorist groups to further their ideological or political agenda. This takes the form of attacks on networks, computer systems and telecommunication infrastructures.

Cyberwarfareinvolves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. In the U.S. and many other nations, cyberwarfare has been acknowledged as the fifth domain of warfare (following land, sea, air and space). Cyberwarfare attacks are primarily executed by hackers who are well-trained in exploiting the intricacies of computer networks, and operate under the auspices and support of nation-states. Rather than “shutting down” a target’s key networks, a cyberwarfare attack may intrude into networks to compromise valuable data, degrade communications, impair such infrastructural services as transportation and medical services, or interrupt commerce.

Cyberespionage is the practice of using information technology to obtain secret information without permission from its owners or holders. Cyberespionage is most often used to gain strategic, economic, political or military advantage, and is conducted using cracking techniques and malware.

More Common Threats are :
Ransomware
Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored.

Malware
Malware is a type of software designed to gain unauthorized access or to cause damage to a computer. 

Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.

Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber attack. You can help protect yourself through education or a technology solution that filters malicious emails.

THE IMPORTANCE OF CYBER SECURITY

        Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. 
       A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. 
         Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. 
            As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. 
        As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

To more about Cyber Security Training and Information Security contact :

Redback IT Solutions Pvt Ltd.,
No: 5/X2 Hari Ohm , 2nd Street, 
Phase III, Sathuvachari, Vellore.
Contact : +91 8189985551.
Wednesday, 25 April 2018
Posted by Siva Priya

What Is ‘Trustjacking’? How This New iOS Vulnerability Allows Remote Hacking?

Do you plug in your iPhone into someone else’s laptop for a quick charge? If yes, you might be at the risk of ‘trustjacking’ where your device could be hacked remotely.

This new vulnerability called trustjacking exploits a convenient WiFi feature, which allows iOS device owners to manage their devices and access data, even when they are not in the same location anymore.

How does Trustjacking works?
When iPhone users plug into the USB port on someone else’s computer, iOS asks them whether the computer can be trusted or not. It also prompts that the computer will gain access to their data on granting permission.

Upon granting the permission, the user allows the computer to communicate with the iOS device through iTunes Wi-Fi Sync feature. While this feature is quite helpful but the researchers at Symantec say that it leaves your phone open to the trusted computer.

This computer can be used to access photos, messages, any sensitive data, add malicious apps or even perform administrative tasks without seeking any further authorization from the iPhone owner. Hence the name “trustjacking.”

It is notable that while the initial setup requires connecting a device physically through the USB cable, the phone can be accessed even after disconnecting it with no notifications to the iPhone owners.

So how to stop Trustjacking?
As there is no way of deauthorizing one laptop after giving access, you will have to revoke access to all the authorized laptops. Just go to Settings, tap on General and find Reset option. Select Reset Location & Privacy option and enter your passcode to deauthorize all devices at once.
Tuesday, 24 April 2018
Posted by Siva Priya

How To Check If Your Facebook Data Was Leaked To Cambridge Analytica?


Facebook has taken upon itself to notify all the 87 million victims of Cambridge Analytica Scandal, whose data may have been leaked by creating a link at the top of their News Feed.


Update: In case you haven’t been able to spot the link at the top of your News Feed, you can visit this link and check if your data was passed on to Cambridge Analytica in one way or the other. Fortunately, I got this: “Based on our available records, neither you nor your friends logged into “This Is Your Digital Life.”

Starting from April 9, users will be able to a see a link titled “Protecting Your Information” on their News Feed. Here, you can find out which apps are connected to your Facebook feed and what kind of information you have shared with those apps.
In case you no longer use an app or wish to stop sharing data with them, Facebook will provide you the option to disable those apps and completely remove third-party access.
Moreover, users whose data was leaked to Cambridge Analytica will receive an additional notice from the company. There are three versions of the messages that are being sent to Facebook users based on whether their data was usurped by the app “This Is Your Digital Life.”
In case of data leak caused by direct logging into This Is Your Digital Life app by a user, the following message would be displayed on the screen.

If a user’s data was leaked due to a friend who logged into the app, this message given below would be displayed. It says that your basic information such as public profile, page likes, birthday, etc., have been shared.
For users whose data remain unharmed, Facebook will send the following message along with the new privacy control settings.
Although Facebook is taking corrective measures, yet scores of people feel unsafe on the platform and are shutting down their accounts as details of the data leak emerged. If you feel the same,delete your account permanently.
Saturday, 21 April 2018
Posted by Siva Priya

Artificial Intelligence And It’s Role In Mobile App Development

               Since mobile app development is transforming our lives by turning unfeasible things into reality, Artificial Intelligence is not only a hot topic in the field of science but also a topic of exploration and development in the business industry, purposely in the industry of mobile app development.

             These days, AI is not limited to Apple’s Siri anymore, but it is growing much more than our imaginations and the time is here to see mobile app developers putting more of artificial intelligence together in their endeavors.

Introduction to Artificial Intelligence :

           Well, AI or artificial intelligence is the branch of science that usually design and develop intelligent machines that totally work and react like humans. It is a brilliant way of impacting aptitude to advanced machines so they can troubleshoot problems themselves even more accurately, efficiently and rapidly than before.

          A big number of well know companies and organizations are successfully using artificial intelligence in their business operations not only to accomplish their business process efficiently but to boost the productivity as well.

             As mobile app development companies are using AI in business app development projects, it can boost competency of a company or business as it provides more personalized, relevant and flawless customer services at the end. Companies can easily understand customer behavior just by using the data collected by artificial intelligence in mobile apps.

Role of AI in Mobile App Development :

            Affirmative business growth and user engagement are the core factors that are proving the significance of the use of artificial intelligence in mobile app development services.

                 There are a lot of things that make huge difference between mobile apps developed with and without artificial intelligence such as
  • Collection of users’ data by analyzing the behavior and usage pattern of the app.
  • Use of the location, contacts and daily behavior to allow the app to serve users better than before.
  • Generating the maximum revenues with satisfactory and user-friendly user interfaces.

           There is nothing wrong to say that it is the time to experience big change in performances and process as we are now getting more AI and machine learning-driven apps from mobile app development companies. We have a lot of live examples of trending mobile app technologies in our mobile phones that are using artificial intelligence such as Google assistant, Siri and Contra etc.

            Now in this digital age we can feel free to say that increasing growth of artificial intelligence is empowering new opportunities and possibilities in mobile app development services. A mobile application developed with artificial intelligence is designed in a way that it can make right decisions itself, resource your finances and most importantly consider advantages or disadvantages for you. Similarly, devices and machines created with artificial intelligence technology have beaten the humans in almost all walks of life.

            In the same way, increased use of AI in the mobile app development services has enabled the mobile users to entirely refill the existing user-experience with an amazing one. Due to the availability of artificial intelligence in mobile application development, gigantic amount of data is available to the businesses or organizations in terms of customer spending hours, purchasing behavior, user interest and so on that can be used for productive business decision making process.

           Thorough this way, mobile app technology can understand the customer behavior quickly and provide thorough insights of the customer preferences to the concerned entities for making the business process more efficient accordingly.

               Predictive reply is one of the plus points for mobile app developers that they can use to make their apps better than ever as it is the communication between user and the device where artificial technology used in the app understands the conversation and responds it accurately without mixing things together. For example, Gmail app (powered by Google) has been designed with a latest feature of Smart Reply that uses artificial neural networks to arrange and send suitable responses to the emails received.

                Artificial intelligence and its role in mobile app development is just undeniable as it enables a business or brand to provide personalized user experience to make things easier and efficient. For instance, My Starbucks Barista is a mobile application and the user just have to tell the app what they want and the app would automatically place the order for its user based on the given partialities by its own.
Thursday, 19 April 2018
Posted by Siva Priya

Follow by Email

Google+ Followers

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -