Flipkart, Amazon sale: 10 phones from Apple, Xiaomi and others that can be worth buying

https://ift.tt/2YC5qIT

NRHM Arunachal Pradesh Recruitment 2019 – 98 Staff Nurse, MO, Pharmacist & Other Posts

National Health Mission, Naharlagun recruits 98 Staff Nurse, MO, Pharmacist & Other Posts. Candidates with 12th Class, Diploma, Graduation,PG can apply on or before 20-08-2019.

Read More

8chan users who are migrating to 08chan, an unofficial site hosted on ZeroNet, inadvertently lose anonymity because the P2P network exposes users' IP address (Kevin Poulsen/The Daily Beast)

Kevin Poulsen / The Daily Beast:
8chan users who are migrating to 08chan, an unofficial site hosted on ZeroNet, inadvertently lose anonymity because the P2P network exposes users' IP address  —  An unofficial new version of the hate-filled forum isn't as anonymous as its users might hope.  —  Refugees from the anonymous 8chan forum …

Indians are on a smartphone upgrade mode

India is set to lose its image as a ‘budget smartphone market’ as consumer aspirations push up demand for higher priced models. https://ift.tt/2KDnSXx https://ift.tt/eA8V8J

CCI seeks third party data on India's smartphone base

CCI has sought details from third parties, including research firms thus widening probe into claims of market share misuse by Google's Android. https://ift.tt/2YEIUyP https://ift.tt/eA8V8J

India and US unlikely to sign pact for mutual access to geospatial maps

Two other foundational agreements have already been inked – one for sharing of military logistics and another that enables transfer of secure communication equipment to enhance interoperability. https://ift.tt/33pwytm https://ift.tt/eA8V8J

FCC filing reveals Sonos is working on its first-ever Bluetooth speaker (Chris Welch/The Verge)

Chris Welch / The Verge:
FCC filing reveals Sonos is working on its first-ever Bluetooth speaker  —  The portable speaker could arrive this fall  —  One of two devices recently filed by Sonos with the FCC is a Bluetooth speaker, The Verge can confirm.  In the filing for product model S17, Sonos directly states that it's …

Uber freezes engineering hires amid mounting losses

At its Unpacked event, Samsung showed off PlayGalaxy Link, a new feature to stream games directly from a PC to the Galaxy Note10 (Brian Heater/TechCrunch)

Brian Heater / TechCrunch:
At its Unpacked event, Samsung showed off PlayGalaxy Link, a new feature to stream games directly from a PC to the Galaxy Note10  —  One of the more interesting news tidbits from yesterday's Unpacked event got a bit drowned out in all of the noise.  Understandably so …

How safe are school records? Not very, says student security researcher

If you can’t trust your bank, government or your medical provider to protect your data, what makes you think students are any safer?

Turns out, according to one student security researcher, they’re not.

Eighteen-year-old Bill Demirkapi, a recent high school graduate in Boston, Massachusetts, spent much of his latter school years with an eye on his own student data. Through self-taught pen testing and bug hunting, Demirkapi found several vulnerabilities in a his school’s learning management system, Blackboard, and his school district’s student information system, known as Aspen and built by Follett, which centralizes student data, including performance, grades, and health records.

The former student reported the flaws and revealed his findings at the Def Con security conference on Friday.

“I’ve always been fascinated with the idea of hacking,” Demirkapi told TechCrunch prior to his talk. “I started researching but I learned by doing,” he said.

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Blackboard’s Community Engagement platform had several vulnerabilities, including an information disclosure bug. A debugging misconfiguration allowed him to discover two subdomains, which spat back the credentials for Apple app provisioning accounts for dozens of school districts, as well as the database credentials for most if not every Blackboard’s Community Engagement platform, said Demirkapi.

“School data or student data should be taken as seriously as health data. The next generation should be one of our number one priorities, who looks out for those who can’t defend themselves.”
Bill Demirkapi, security researcher

Another set of vulnerabilities could have allowed an authorized user — like a student — to carry out SQL injection attacks. Demirkapi said six databases could be tricked into disclosing data by injecting SQL commands, including grades, school attendance data, punishment history, library balances, and other sensitive and private data.

Some of the SQL injection flaws were blind attacks, meaning dumping the entire database would have been more difficult but not impossible.

In all, over 5,000 schools and over five million students and teachers were impacted by the SQL injection vulnerabilities alone, he said.

Demirkapi said he was mindful to not access any student records other than his own. But he warned that any low-skilled attacker could have done considerable damage by accessing and obtaining student records, not least thanks to the simplicity of the database’s password. He wouldn’t say what it was, only that it was “worse than ‘1234’.”

But finding the vulnerabilities was only one part of the challenge. Disclosing them to the companies turned out to be just as tricky.

Demirkapi admitted that his disclosure with Follett could have been better. He found that one of the bugs gave him improper access to create his own “group resource,” such as a snippet of text, which was viewable to every user on the system.

“What does an immature 11th grader do when you hand him a very, very, loud megaphone?” he said. “Yell into it.”

And that’s exactly what he did. He sent out a message to every user, displaying each user’s login cookies on their screen. “No worries, I didn’t steal them,” the alert read.

“The school wasn’t thrilled with it,” he said. “Fortunately, I got off with a two-day suspension.”

He conceded it wasn’t one of his smartest ideas. He wanted to show his proof-of-concept but was unable to contact Follett with details of the vulnerability. He later went through his school, which set up a meeting, and disclosed the bugs to the company.

Blackboard, however, ignored Demirkapi’s responses for several months, he said. He knows because after the first month of being ignored, he included an email tracker, allowing him to see how often the email was opened — which turned out to be several times in the first few hours after sending. And yet the company still did not respond to the researcher’s bug report.

Blackboard eventually fixed the vulnerabilities, but Demirkapi said he found that the companies “weren’t really prepared to handle vulnerability reports,” despite Blackboard ostensibly having a published vulnerability disclosure process.

“It surprised me how insecure student data is,” he said. “School data or student data should be taken as seriously as health data,” he said. “The next generation should be one of our number one priorities, who looks out for those who can’t defend themselves.”

He said if a teenager had discovered serious security flaws, it was likely that more advanced attackers could do far more damage.

Heather Phillips, a spokesperson for Blackboard, said the company appreciated Demirkapi’s disclosure.

“We have addressed several issues that were brought to our attention by Mr. Demirkapi and have no indication that these vulnerabilities were exploited or that any clients’ personal information was accessed by Mr. Demirkapi or any other unauthorized party,” the statement said. “One of the lessons learned from this particular exchange is that we could improve how we communicate with security researchers who bring these issues to our attention.”

Follet spokesperson Tom Kline said the company “developed and deployed a patch to address the web vulnerability” in July 2018.

The student researcher said he was not deterred by the issues he faced with disclosure.

“I’m 100% set already on doing computer security as a career,” he said. “Just because some vendors aren’t the best examples of good responsible disclosure or have a good security program doesn’t mean they’re representative of the entire security field.”

As per emails sent to job applicants, Uber has been canceling scheduled interviews this week, due to a hiring freeze in engineering teams in the US and Canada (Krystal Hu/Yahoo Finance)

Krystal Hu / Yahoo Finance:
As per emails sent to job applicants, Uber has been canceling scheduled interviews this week, due to a hiring freeze in engineering teams in the US and Canada  —  Uber isn't letting tech workers join the ride, at least for now.  —  The ride-hailing giant has been canceling scheduled …

West Bengal Police 2019 – Constable Final Result Released

West Bengal Police released final result for the post of Constable.

Read More

West Bengal Police Constable Result 2019 – Final Result Released

West Bengal Police released final result for the post of Constable.

Read More

Bharti Telecom may become a foreign entity, seeks government's nod

Bharti Telecom is the single-largest shareholder in Bharti Airtel with about 41 per cent equity stake. https://ift.tt/33mpWfb

Apple Offers Record 'Bounty' to Researchers Who Find iPhone Security Flaws

Apple is offering cyber security researchers up to $1 million to detect flaws in iPhones, the largest reward offered by a company to defend against hackers. https://ift.tt/2M7Ievj