No loss to customers from cyber attack: Axis Bank

New Delhi, Oct 19: Private sector Axis Bank today said there was no loss to its customers from the recent cyber attack. The malware attack was detected in time and was duly informed to the regulator RBI, Axis Bank said in a statement.


New hacker collective targets SWIFT system

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.



Google Sprayscapes lets you build surreal 360-degree landscapes

Google has long held a reputation for being an experimental company, so it was notable that it felt the need to build Android Experiments, the platform it launched last year to show developers how weird you can get when building smartphone apps. The crazy interactive "paper planes" demo Google showed off at its I/O developer conference earlier this year is a perfect example of what the company is encouraging developers to do with Android Experiments.

All developers are encouraged to build Android Experiments, but today Google is launching one of its own called Sprayscape. It’s a weird name, but fairly accurate once you start using the app: It turns whatever your camera sees into a virtual spray paint gun that lets you splash the landscape around a 360-degree virtual canvas. The phone’s gyroscope is used to orient your position inside that sphere.

I won’t fault you if that description just made things more confusing. Here’s an example of an image I created using the app. That should clear everything up.

Still confused? I don’t blame you. It took me a long while to figure out how to best use the app, partially because there’s nothing in the way of directions when you launch Sprayscape for the first time. All you see is a black screen with some white grid lines outlining a 360-degree space. It sort of feels like you’re in an empty Photo Sphere (remember those?).

After many failed experiments, I realized that if you tap and hold on the screen, it’ll "spray" whatever the camera sees onto the 360-degree canvas; if you keep your finger on the screen and move the camera around, you’ll start filling in that space with the colors of the world around you.

It’s not altogether different from creating a Photo Sphere, but Sprayscape encourages weirdness and creativity and is absolutely not well-suited to capturing an accurate representation of the world around you. Once I realized that, I started getting weird. I took my phone on a walk and started randomly spraying in whatever was around me as I walked, with no concern for stitching together a coherent scene.

Another time, I tried to "write" on the virtual wall, with little success; there’s only enough room to get in about three letters, and a lack of precision makes it a pretty tricky prospect. That’s fine, though: There isn’t a "right" way to use the app, and it’s clearly meant for experimentation. Ultimately, the creations I liked the best were when I stood in one spot, spinning around to capture as much of the scene as I could. The results evoked where I was standing, but in a blurry, surreal dream-like way. Stitching together results from various locations looked much weirder and disjointed.

Unfortunately, the app is also pretty buggy right now in some crucial ways — namely saving your creations. Once you’re done making your scene, you can tap a save button that’ll upload an image file to your Google Drive account. You can also upload the link to a Sprayscape sharing site that’ll let others view it in their browser, on web or mobile. Viewing in a browser works pretty well, actually; you can pan around the scene by moving your phone, or click and drag around if you’re on a desktop.

But a few times times my creations simply didn’t save to Drive. I’m not sure where they went, but they were gone, never to return. I didn’t exactly mourn the loss of any of my abstract, messy creations, but the overall process for saving and sharing your creations could be a bit smoother. The app also straight-up crashed on me several times, but I’m not going to fault Google too much for that. I’ve been testing a beta version, and I’ll be looking to see if the app that’s now out in Google Play is more stable. The good news is that using the "share" feature to email links around to my weirdo creations seemed to work just about every time — the files just didn’t always end up in Google Drive.

Given Google’s interest in letting people generate their own "VR-ish" content, Sprayscape is a fun tool to achieve those ends. The results can be viewed in Google Cardboard, of course, but Sprayscape creations can still be fun to view in a normal browser. I may not have come up with any great pieces of 360-degree art in the few days I had to play around with the app, but I have little doubt that more skilled souls will use this to make some pretty fascinating landscapes. The app is out now for Android, and Google says that an iOS version will launch soon.


Second Hacker Group Targets SWIFT Users, Symantec Warns

A second hacking group has sought to rob banks using fraudulent SWIFT messages, cyber security firm Symantec said on Tuesday. The group is said to be using the same approach that resulted in $81 million in the high-profile February attack on Bangladesh’s central bank. From a Reuters report: Symantec said that a group dubbed Odinaff has infected 10 to 20 Symantec customers with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system. Symantec’s research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise. SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

Share on Google+

Read more of this story at Slashdot.


This Infographic Shows the Common Ways Scammers Try to Phish Your Account

Chances are if your email or social media account has ever been compromised, you accidentally gave your credentials to the scammers yourself. The most common way to infiltrate an account is called phishing, in which people trick you into handing over your login info to false websites that look legitimate.

Phishing attacks aren’t new, of course, and there’s likely a deluge of such emails in your spam folder, but it’s still the leading cause of compromised accounts. This graphic from Digital Guardian highlights how you can spot phishing attempts in your inbox and how to avoid them. Whether it’s weird attachments that prey on your curiosity or spoofed links that take you to a false login page that imitates a familiar brand, there are a variety of techniques that scammers use to engineer their way into your account (often just to proliferate more spam). And it’s not just email; beware of shady text messages from unknown numbers or people posing as IRS agents requesting your private info.

Have a look at the graphic below for a thorough look at common phishing methods.

Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks (Infographic) | Digital Guardian


The Difference Between Two-Factor and Two-Step Authentication

You know you should use two-factor authentication everywhere you can, but there’s also “two-step” authentication, which may come off like the same thing. They’re really not. Here’s the difference, and what you should know about both.

Old security heads will know the difference here just because of the names, but since they’re often used interchangeably by companies looking to obfuscate the difference, it’s worth highlight the separation between them. This thread at StackExchange sums up the difference well for anyone unfamiliar, or who doesn’t get the nuance. This answer from tylerl teases out the nitty details:

Two-factor authentication refers specifically and exclusively to authentication mechanisms where the two authentication elements fall under different categories with respect to “something you have”, “something you are”, and “something you know”.

A multi-step authentication scheme which requires two physical keys, or two passwords, or two forms of biometric identification is not two-factor, but the two steps may be valuable nonetheless.

A good example of this is the two-step authentication required by Gmail. After providing the password you’ve memorized, you’re required to also provide the one-time password displayed on your phone. While the phone may appear to be “something you have”, from a security perspective it’s still “something you know”. This is because the key to the authentication isn’t the device itself, but rather information stored on the device which could in theory be copied by an attacker. So, by copying both your memorized password and the OTP configuration, an attacker could successfully impersonate you without actually stealing anything physical.

The point to multi-factor authentication, and the reason for the strict distinction, is that the attacker must successfully pull off two different types of theft to impersonate you: he must acquire both your knowledge and your physical device, for example. In the case of multi-step (but not multi-factor), the attacker needs only to only pull off one type of theft, just multiple times. So for example he needs to steal two pieces of information, but no physical objects.

The type of multi-step authentication provided by Google or Facebook or Twitter is still strong enough to thwart most attackers, but from a purist point of view, it technically isn’t multi-factor authentication.

So what does this all mean for you? Well, nothing really—if a service offers two-step or two-factor, you should absolutely enable it, and it’s not like a service will give you a choice between the two. There are differences between types of two-factor, and you should absolutely choose the best one for you, but the bottom line is that being aware of the differences will help you understand exactly how secure your most important accounts really are.

Two-Step vs. Two-Factor Authentication – Is there a difference? | StackExchange

Photo by Brianetta.


Google WiFi is a router that simplifies whole-home wireless

Those rumors of Google giving WiFi routers another shot? They’re true. Meet Google WiFi, a router designed entirely in-house… and with a few nice advantages over the OnHub line. Apart from being much smaller (no vase-like design here), its big trick is its ability to create an Eero-style mesh network. You only have to add additional units to your network to improve coverage — there’s a Network Assistant app that makes it easy to add more routers and improve your signal.

Companion software also lets you control the devices linked to the router, such as enabling or disabling their connections. You’ll have to wait until December to get Google WiFi (pre-orders start in November), but the pricing at least hits the sweet spot. Routers cost $129 each, and you can get a three-pack for $299 if you need to blanket your home.

Click here to catch all the latest news from Google’s fall event.

Source: Google WiFi


High-Tech Card Rolled Out By French Banks Replaces CSC Number Every Sixty Minutes To Prevent Fraud

French digital security firm Oberthur Technologies has come up with a method for making stolen cards useless after an hour. Called the Motion Code, the card replaces the fixed, three-digit Card Security Code (CSC) that sits next to your signature with a miniature display that shows a new number every 60 minutes. From a PopularScience report:In order to combat the rise of online credit card theft, several French banks are partnering with security company Oberthur Technologies to create a credit card with a security code that is constantly changing so that within an hour, a stolen number will be useless. Online credit card fraud is a rapidly growing problem. Thieves can steal your credit card info in a number of ways, such as hacking various consumer websites, or phishing, where they trick you into handing over your information yourself. Once they have your credit card numbers, thieves can go on a spending spree until you or your bank notice, and by the time that happens you can wind up with thousands of dollars in debt. Many banks try and combat this problem by flagging suspicious transactions, but this is an imperfect system that can miss real fraud and accidentally catch legitimate use. Now, two French banks, Societe Generale and Groupe BPCE, are introducing a new system to prevent fraud.

Share on Google+

Read more of this story at Slashdot.


Checklist: IoT security and privacy

The Online Trust Alliance (OTA) released the consumer IoT security and privacy checklist, which contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies.

checklist IoT security

OTA recommends consumers utilize this checklist to regularly reassess their security and privacy settings on their IoT devices. Not unlike changing the batteries on a smoke detector once a year, consumers should tune up and optimize IoT device settings regularly.

While many people cite safety as a top reason for buying smart devices and homes, conclusive research shows that security and privacy concerns are the biggest barriers to IoT adoption. OTA hopes that by having consumers play an active role in their smart device’s security and privacy, it will not only increase the security and privacy of those devices but also boost consumer confidence in them.

“In this increasingly complex world of connected devices, consumers cannot take it for granted that their devices remain safe, secure and private year after year,” said Craig Spiezle, Executive Director Online Trust Alliance. “As people acquire more devices, the long term risks to their family and community rise exponentially.”

From connected home to health and fitness devices, consumers are realizing significant benefits from the Internet of Things, but the devices’ growing complexity and popularity make them difficult to manage. As devices age and become unsupported, many risk becoming insecure while still collecting and potentially sharing vast amounts of personal data.

Checklist: IoT security and privacy

  • Inventory all devices within your home and workplace that are connected to the Internet and network. Router reports can help determine what devices are connected to your network. Disable unknown and unused devices.
  • Contact your ISP to update routers and modems to the latest security standards. Change your router SSID to a name which does not identify you, your family or the device.
  • Check that contact information for all of your devices are up-to-date including an email address regularly used to receive security updates and related notifications.
  • Confirm devices and their mobile applications are set for automatic updating to help maximize protection. Review their sites for the latest firmware patches.
  • Review all passwords creating unique passwords and user names for administrative accounts and avoid using the same password for multiple devices. Delete guest codes no longer used. Where possible implement multi-factor authentication to reduce the risk of your accounts being taken over. Such protection helps verify who is trying to access your account—not just someone with your password.
  • Review the privacy policies and practices of your devices, including data collection and sharing with third parties. Your settings can be inadvertently changed during updates. Reset as appropriate to reflect your preferences.
  • Review devices’ warranty and support policies. If they are no longer supported with patches and updates, disable the device’s connectivity or discontinue usage of the device.
  • Before discarding, returning or selling any device, remove any personal data and reset it to factory settings. Disable the associated online account and delete data.
  • Review privacy settings on your mobile phone(s) including location tracking, cookies, contact sharing, bluetooth, microphone and other settings. Set all your device and applications to prompt you before turning on and sharing and data.
  • Back up your files including personal documents and photographs to storage devices that are not permanently connected to the Internet.

“As millions of cars, apps and household devices connect to the Internet, we need to discuss the privacy implications and resolve key questions about data ownership and management,” said Washington State Chief Privacy Officer, Alex Alben. “For the IoT to thrive in the long term, consumers will have to trust that their data and concerns about personal privacy are addressed, and OTA’s recommendations are a positive step to accomplishing this.”