follow

help me to improve quality

donate

Pages

Friday, 30 December 2016

how to change google plus url 2017


How to edit and Get a Custom URL / Username for your Google Plus Profile

GOOGLE PLUS IS THE NEW SOCIAL NETWORK BY GOOGLE ESTABLISHED SINCE 2011. IT IS REPORTED THAT GOOGLE+ NOW HAS A TOTAL OF 300 MILLION ACTIVE USERS EVERY MONTH.

If you have been active on Google+ now, you possibly notice that the URL of your profile looks quite ugly, for example, here is one profile URL:
https://plus.google.com/u/0/102636862068585441105
Google+ is now using a long ID at the end of URL which is difficult for people to remember. Here are some solutions to set username to shorten your Google+ URL so that it would be cleaner and more recognizable.


►Google+ officially offers custom URLs

Google is offering variety URLs for verified accounts and normal accounts. You just need to type in short URLs like “plus.google.com/+pctrickscybersecuritytest” to reach those pages.
When you have a custom URL, you can give people a short, easy-to-remember web address to find your Google+ profile (like google.com/+pctrickscybersecuritytest). it will be preassigned based on things like your name. And you may also need to add a few letters or numbers to make it unique to you.

►Rules for getting a custom URL

There are a few rules to keep in mind when you’re trying to get a custom URL. If you’re having trouble, make sure:
-You have ten or more followers (people who have added you to their circles)
-Your account is at least 30 days old
-Your profile has a profile photo
-Your account is in good standing
Note: Custom URLs must meet the Google+ User Content and Conduct Policy and the Google+ custom URLs terms of use.

Google has rolled out the feature and it is available to most users. You will just need to have a profile photo, at least 10 followers and an account that is at least 1 month old. Then Google will send you an email to confirm that you’ve got a custom URL for your Google Plus profile. You will also see a notification when you log in to your account. After clicking on the button “Get URL”.
In most cases, you will have to accept the URL they offer, however, some established accounts will have to option to request a different one.
Notice that you won’t be able to change your username once you set it. You only can change its format by going to Profile -> About -> Links and choose Edit, then you will see the option as shown in above video

Recently, Google has announced the a search-specific feature called Google+ Direct Connect. The feature gives visibility for Google Plus pages as the pages will show up when people type query in Google+ Search, for example, when people type in "+pctrickscybersecuritytest”, they will see the icon and link to the Google+ page of the brand. To make your page eligible for this feature, you just need to install the Google+ badge on your website.
Google will determine your page’s relevancy and popularity based on its algorithms, you will be able to get a custom URL if your page qualifies. We can understand that Google encourages us to be more active on Google Plus by engaging people, updating posts regularly and driving people to add your page to their circles. You absolutely get a better chance when your page becomes more popular..

Police Ask for Amazon Echo Data to Help Solve a Murder Case



Hey, Alexa! Who did this murder?

Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things.

Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic.

As first reported by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins.

Just like Apple refused the FBI to help them unlock iPhone belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the information that the Echo logged on its servers.

Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder.

As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system.

Always-ON Listening Feature


Echo typically sits in an idle state with its microphones constantly listening for the "wake" command like "Alexa" or "Amazon" before it begins recording and sending data to Amazon's servers.

However, due to its always-on feature, it's usual for the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded.

Some of those voice commands are not stored locally on Echo but are instead logged onto Amazon's servers.

Presumably, the authorities believe that those audio records that the Echo device might have picked up the night of the incident and uploaded to Amazon servers could contain evidence related to the case under investigation.

Amazon Refused (Twice) to Hand over its User's Data


Amazon, however, denied providing any data that the authorities need. Here's what a spokesperson for the company told CNBC:
"Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course."
While the online retail giant has twice refused to serve police the Echo data logged on its servers, Amazon did provide Bates' account information and purchase history.

The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.

According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins.

Should Amazon Share the Data or Not?


The authorities in the Collins murder case are asking for data on Amazon's servers that could help bring a criminal to justice. If so, authorities should get access to it.

In the case of Apple vs. FBI, Apple was forced to write a backdoor software that could bypass the security mechanism built into its iPhone, while the company already handed over the data stored on its server.

The broader takeaway: IoT devices automating your habits at home could be used for or against you, legally.

The Collins murder case appears to be a first-of-its-kind, and we are very much sure to see more such cases in the future.

It will be interesting to see how the companies that make smart home devices would serve its customers while maintaining a balance between keeping their customers' privacy safe and aiding the process of justice.

New Android Malware Hijacks Router DNS from Smartphone



Another day, another creepy malware for Android users!

Security Researchers have uncovered a new Android malware targeting your devices, but this time instead of attacking the device directly, the malware takes control over the WiFi router to which your device is connected to and then hijacks the web traffic passing through it.

Dubbed "Switcher," the new Android malware, discovered by researchers at Kaspersky Lab, hacks the wireless routers and changes their DNS settings to redirect traffic to malicious websites.

Over a week ago, Proofpoint researchers discovered similar attack targeting PCs, but instead of infecting the target's machines, the Stegano exploit kit takes control over the local WiFi routers the infected device is connected to.

Switcher Malware carries out Brute-Force attack against Routers


Hackers are currently distributing the Switcher trojan by disguising itself as an Android app for the Chinese search engine Baidu (com.baidu.com), and as a Chinese app for sharing public and private Wi-Fi network details (com.snda.wifilocating).

Once victim installs one of these malicious apps, the Switcher malware attempts to log in to the WiFi router the victim's Android device is connected to by carrying out a brute-force attack on the router's admin web interface with a set of a predefined dictionary (list) of usernames and passwords.
"With the help of JavaScript [Switcher] tries to login using different combinations of logins and passwords," mobile security expert Nikita Buchka of Kaspersky Lab says in a blog post published today. 
"Judging by the hard coded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers."

Switcher Malware Infects Routers via DNS Hijacking





Once accessed web administration interface, the Switcher trojan replaces the router's primary and secondary DNS servers with IP addresses pointing to malicious DNS servers controlled by the attackers.

Researchers said Switcher had used three different IP addresses – 101.200.147.153, 112.33.13.11 and 120.76.249.59 – as the primary DNS record, one is the default one while the other two are set for specific internet service providers.

Due to change in router's DNS settings, all the traffic gets redirected to malicious websites hosted on attackers own servers, instead of the legitimate site the victim is trying to access.
"The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection," the post reads.
"A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on."
Researchers were able to access the attacker’s command and control servers and found that the Switcher malware Trojan has compromised almost 1,300 routers, mainly in China and hijacked traffic within those networks.

The Bottom Line


Android users are required to download applications only from official Google's Play Store.

While downloading apps from third parties do not always end up with malware or viruses, it certainly ups the risk. So, it is the best way to avoid any malware compromising your device and the networks it accesses.

You can also go to Settings → Security and make sure "Unknown sources" option is turned off.

Moreover, Android users should also change their router's default login and passwords so that nasty malware like Switcher or Mirai, can not compromise their routers using a brute-force attack.

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!



Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language.

The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies.

Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and discovered "three fresh and previously unknown vulnerabilities" in the mechanism.

While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5.

Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaws can be exploited in a similar manner as a separate vulnerability (CVE-2015-6832) detailed in Check Point's August report.
The first two vulnerabilities, if exploited, would allow a hacker to take full control over the target server, enabling the attacker to do anything from spreading malware to steal customer data or to defacing it.

The third vulnerability could be exploited to generate a Denial of Service (DoS) attack, allowing a hacker to hang the website, exhaust its memory consumption and eventually shut down the target system, researchers explain in their report [PDF].

According to Yannay Livneh of Check Point's exploit research team, none of the above vulnerabilities were found exploited in the wild by hackers.

The check Point researchers reported all the three zero-day vulnerabilities to the PHP security team on September 15 and August 6.

Patches for two of the three flaws were issued by the PHP security team on 13th October and 1st December, but one of them remains unpatched.

Besides patches, Check Point also released IPS signatures for the three vulnerabilities on the 18th and 31st of October to protect users against any attack that exploits these vulnerabilities.

In order to ensure the webserver’s security, users are strongly recommended to upgrade their servers to the latest version of PHP.

Obama Expels 35 Russian Spies Over Election Hacking; Russia Responds With Duck Meme



The United States has expelled 35 Russian spies in response to Russia's alleged interference in last month's presidential election, further escalating tensions between the countries.

The US state department has declared 35 diplomatic intelligence officials from the Russian embassy in Washington DC and the consulate in San Francisco "persona non grata," giving them and their families 72 hours to leave the country.

President Barack Obama has also announced the closing of two Russian compounds, in New York and Maryland, used by the Russian officials for intelligence-gathering, from noon on Friday.

"I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations," President Obama said in a statement.
"In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information."

Obama accused Russia of "aggressive harassment," saying "all Americans should be alarmed by Russia's actions." He believes that hacking "could only have been directed by the highest levels of the Russian government."

The move follows calls from senior US senators to sanction Russian diplomats who are believed to have played a role in the last month’s election-hacking against the Democratic Party and Hillary Clinton's campaign.

Russia Tweeted A Duck Meme In Response


Of course, Russia—who has denied any involvement and called the decision "ungrounded"—is not happy with the decision in the dying days of the Obama administration.

After Obama had announced sanctions against the Russian diplomats on Thursday, the Russian Embassy in London tweeted a photo of a duckling with the word "Lame" over it.

The photo was posted in an obvious reference to Obama as he nears the end of his "lame duck" period in White house after almost eight years as US president.

Donald Trump — It’s time for our country to move on


Ultimately, it depends on President-elect Donald Trump, who will take over from President Obama next month, if he carries the new sanctions against the Russian diplomats.

However, Trump has dismissed the hacking claims as "ridiculous" and the US threat to increase sanctions against Russia and said Americans should "get on with our lives," adding that "it’s time for our country to move on to bigger and better things," instead of speculating over the impact Russia had on last month's election.

"Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week to be updated on the facts of this situation," Trump told reporters Thursday.

The US intelligence agencies have described the Russian hacking as a "decade-long campaign," which includes spear phishing; campaigns targeting government organizations, and critical infrastructures like think-tanks, universities, political organizations, and corporations; theft of information from these agencies; and public release of stolen information.

Several US agencies, including the CIA and FBI, have concluded that the emails stolen from Hillary Clinton's campaign manager and Democratic National Committee servers were released during the 2016 presidential election by Wikileaks to cause damage to Clinton.

Update — Russia Plans to expel 35 US Diplomats in tit-for-tat response


Russian Foreign Ministry has announced plans to expel 35 US diplomats in a tit-for-tat response to US decision over allegations of hacking the US presidential election.

Foreign Minister Sergey Lavrov proposed President Putin to kick out the same number of diplomats, 31 staff members from the US Embassy in Moscow and 4 from the consulate in St Petersburg.

Monday, 26 December 2016

Hackers threaten to take down Xbox Live and PSN on Christmas Day



Bad news for gamers!

It's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what happens on every Christmas holidays.

On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the PlayStation Network and Xbox Live offline for many gamers by launching massive DDoS attacks against the gaming networks.

This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks.

Calling itself R.I.U. Star Patrol, the hacking group, posted a video on YouTube, announcing that they’re planning to take down Sony’s PSN and Microsoft’s Xbox Live on Christmas Day by launching coordinated DDoS attacks.
"We do it because we can," the group said. "We have not been paid a single dollar for what we do."
On Wednesday, when R.I.U. Star Patrol took down Tumblr, the group contacted Mashable and explained its reason for attacking: "There is no sinister motive. It’s all for light hearted fun."

Neither Sony nor Microsoft has yet responded to the hackers' warning.

However, both Sony and Microsoft previously promised to enhance the protection of their systems to block any attack disrupting their networks, but downtime and short outages happened almost every Christmas time.

Knowing the current abilities of hackers to launch DDoS attack that can reach 1 Tbps, it goes without saying that both the companies should be prepared to see DDoS attacks targeting its servers on this Christmas that can go beyond their expectations.

We saw coordinated DDoS attacks against DNS hosting provider Dyn last fall that broke large portions of the Internet, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

The massive DDoS attack was launched just by a botnet of an estimated 100,000 so-called Internet of Things (IoT) – everyday devices and appliances that are connected to the web – that closed down the Internet for millions of users.

So, it remains to be seen if gamers would be able to enjoy this Christmas or not.

Cyanogen Shutting Down All Services; No More Android ROM Updates



A bittersweet Christmas and New Year for users and fans of the most popular custom Android ROM, Cyanogen OS.

Cyanogen that tried and failed to kill Google's Android operating system is now shutting down the custom services that it provides to phones that run its Cyanogen OS as we know it and the "nightly builds" of said OS on December 31st.

Cyanogen came with an ambition to build better versions of the Android operating system than those created by Google itself, but following some technical and potential legal issues, the startup has decided to quit.

The planned shutdown of Cyanogen was officially announced late Friday through a very brief blog post made by the company, saying "as part of the ongoing consolidation of Cyanogen," it's shutting down all services and nightly builds on December 31.

"The open source project and source code will remain available for anyone who wants to build CyanogenMod personally," the blog reads.

What About Cyanogen OS-Powered Smartphones?


From January 2017, there will be no further updates to the Cyanogen OS, no more nightly builds, and no more security updates.

Eventually, smartphones running on the Cyanogen OS, like the original OnePlus One and Lenovo ZUK Z1, will have to switch to the open-source version of the CyanogenMod operating system.


CyanogenMod OS is not a commercial operating system and is managed by a community of developers led by Steve Kondik, the co-founder of Cyanogen.

'Death Blow' to CyanogenMod


However, the CyanogenMod team believes that the shutdown of Cyanogen is a "death blow" to CyanogenMod, the team announced just after the closure announcement by Cyanogen.

CyanogenMod team pays respects to the community as it served for more than eight long years and announced the next open-source Android project.

Embracing the spirit of Cyanogen, the CyanogenMod team of developers, designers, device maintainers, and translators are now working to produce a fork of the CyanogenMod source code and pending patches.

Next? CyanogenMod Team Launches Lineage OS


While both Cyanogen and CyanogenMod are saying goodbye this year, the spirit of CyanogenMod will continue to live on in the new open source project.

Dubbed LineageOS, the new OS is still in its inception phase and would take some time for people to see any progress from the newly formed unit.

According to the CyanogenMod (CM) team, Lineage "is more than just a ‘rebrand’" and "will return to the grassroots community effort that used to define CM while maintaining the professional quality and reliability you have come to expect more recently."

A website is being developed for LineageOS, and the GitHub repository can be found populated with CM files, called Lineage Android Distribution. The beginning of this new open source project "will be a continuation of what CyanogenMod was."