Health

Take care of your health

Nature of life

It goes on.

Future

welcome to the future

Present

Future just ahed

Feel

Save Nature

Sunday 29 January 2017

US Man Arrested In Hyderabad For Online Child Porn, Police Alerted By Interpol

 A 42-year-old American has been arrested in Hyderabad on suspicion of circulating child pornography on the internet, police said on Thursday, adding that they were investigating whether any of the victims had been trafficked.

The man, working for a multinational law firm in Hyderabad since 2012, was arrested on Monday after police were alerted by Interpol to an IP address linked to online images and videos of children being sexually abused.

Ukkalam Rama Mohan, the police superintendent in charge of fighting cyber crime in Telangana said the suspect had confessed to publishing and transmitting obscene images electronically.

"We found several thousands of pornographic images and videos on his laptop and iPhone which he had collected since long," Rama Mohan told news agency Reuters by phone.

Soumya Mishra, Telangana's Inspector General from the Crime Investigation Department, said police were going through the large repository of images and videos seized and would be working with Interpol to check if the children were trafficked.

"We will give the entire data to Interpol to find out who are these children in the videos and trace them. This is a big amount of research," Ms Mishra said.

The man, who is from New Jersey in the United States, could not be contacted. The US Embassy in New Delhi could not confirm the arrest or provide any details.

Police said if found guilty, the American national could face up to five years imprisonment, and a fine of up to Rs. 10 lakh ($14,665).

News of the arrest comes days after the government announced plans to establish a national alliance with charities and police to stem a surge in images of children being sexually abused on the internet.

There is no accurate data on the number of Indian children being exploited in pornographic material - either being forced to show their sexual organs or engage in sexual acts - as many victims do not go to the police due to fear and shame.

There were 96 reports of children in India being sexually exploited in online imagery in 2015 -- a rise of 140 per cent from 2014, according to National Crimes Records Bureau data.

5 Effective Home Remedies For Winter Skin Care

I personally love winters. The chilly season makes me feel fresh and alive. Cozy jumpers, boots, scarves, and what not! But, unfortunately, winter is the time when our skin does not like to cooperate with us.
During these months, our skin tends to get dry, itchy, and dull due to lack of moisture. We usually look around for good cold creams and body butters to moisturize dry skin. In our search for the best solution, we often overlook things available at our home that can enhance our skin care routine.

Here is a list of top 13 home remedies for skin care in winter. Use them, and you will fall in love with your skin all over again!

Winter Skin Care Home Remedies

1-Papaya Face Pack
2-Milk And Almond Face Pack
3-Yogurt And Buttermilk Face Pack
4-Glycerin
5-Petroleum Jelly

1. Papaya Face Pack

Ingredients

A piece of ripe papaya
A banana
2 tablespoons honey

How to Apply

1. Mash the papaya and banana so that no lumps remain.
2. Add the honey and mix well.
3. Apply this paste on your face and other dry areas on your body.

Benefits


Papayas contain antioxidants and bananas are known for their vitamin content. These two fruits also work as anti-aging agents (1, 2). Honey is a natural moisturizer for the skin (3). Using this pack will help rejuvenate your skin, making it firmer and younger looking.

2. Milk And Almond Face Pack

Ingredients

1 tablespoon almond powder
2 tablespoons raw milk

How to Apply

1. Make a paste and apply it on your face.
2. Keep it for 10 minutes.
3. Massage gently and wash off with water.

Benefits

Almonds are rich in vitamin E and essential fatty acids (4). Milk is a wonderful moisturizer for the skin. Its acid content and enzymes will exfoliate your skin and make it soft, supple, and glowing (5). Using this face pack will reduce dryness and make your skin softer.

Precautions


Do not use this face pack if you are allergic to milk and milk products.

3. Yogurt And Buttermilk Face Pack

Ingredients

1 cup yogurt
1 cup buttermilk

How to Apply

1. Mix equal quantities of yogurt and buttermilk.
2. Apply this mixture all over your body and leave it on for 15-20 minutes.
3. Wash off with water.

Benefits

Yogurt is rich in zinc, calcium, vitamin B6, and other useful enzymes. It cleanses the skin and also lightens blemishes (6). Buttermilk contains lactic acid that has a mild peeling property and helps to clear dry and dull skin in winter. It also soothes the itchiness that accompanies dry skin (7).

Precautions


Do not use this face pack if you are allergic to milk products.

4. Glycerin

Ingredients

Glycerin
Cotton ball

How to Apply

1. Wash your face and pat it dry. Leave it slightly damp.
2. Dip the cotton ball in the glycerin and apply on the face. Avoid the eyes and the lips.
3. Leave the glycerin on. Do not wash it off.

Benefits

Glycerin is easily available and is used to solve various dry skin problems. It is a natural moisturizer and helps to restore hydration of the skin, making it soft. This is because of its humectant and emollient properties (8).

Precautions


None

5. Petroleum Jelly

Ingredients

Petroleum jelly

How to Apply

Apply petroleum jelly all over your body and massage for a minute or two so that it is absorbed into the skin.

Benefits

Petroleum jelly is easily available and comes very cheap. It can be used on dry skin, dry lips, and cracked heels – the remnants of winter on our body. Petroleum jelly is an emollient and has skin moisturizing properties (9). It helps to get rid of the above-mentioned dry skin conditions.

Precautions


If your skin is prone to breakouts, do not use this remedy

Donald Trump defends ban on immigrants from Muslim countries

US President Donald Trump on Sunday defended his decision to issue executive orders temporarily barring refugees from seven Muslim-majority countries entering the US, by describing the world as being in 'a horrible mess.'
Facing severe criticism for his decision - both within the US as well as elsewhere - Trump took to Twitter once again to justify barring refugees from Iraq, Iran, Sudan, Libya, Somalia and Yemen for a period of 120 days. The ban on refugees from Syria is indefinite.
"Our country needs strong borders and extreme vetting," he wrote on his Twitter handle, adding that the world is in a horrible mess.
The move to bar refugees from Muslim-majority countries has been slammed by political leaders, economists, social workers and even entrepreneurs like Facebook's Mark Zuckerberg+ and Google's Sundar Pichai+ . In the UK, while PM Theresa May said the decision is a matter of the US government, the decision will not be replicated in her country.
"We do not agree with this kind of approach and it is not one we will be taking," she said.
Jeremy Corbyn, leader of opposition in the British Parliament, went several steps further by demanding that Trump be banned from UK till he lifts the ban on immigrants.
Germany too took a hard view of the decision. A spokesman for Chancellor Angela Merkel says the German leader believes the Trump administration's travel ban on people from some Muslim-majority countries is wrong.
Within the US, voices opposing the move steadily increased. The University of Michigan on Saturday defied the executive order and refused to release the immigration status+ information of its international students.
On his part, Trump is expected to speak to King Salman of Saudi Arabia and Sheikh Mohammed bin Zayed Al Nahyan, the crown prince of the United Arab Emirates capital of Abu Dhabi on the matter. Saudi Arabia and UAE are, however, not among the countries mentioned in the ban.
Stay updated on the go with Times of India News App. Click here to download it for your device.

US judge allows travellers who landed with visas to stay

WASHINGTON/NEW YORK,

A federal judge in Brooklyn, New York issued an emergency stay on Saturday that temporarily blocks the US government from sending people out of the country after they have landed at a US airport with valid visas.
The American Civil Liberties Union estimates the stay will affect 100 to 200 people detained at US airports or in transit, but government lawyers could not confirm that number.
The ruling by Judge Ann Donnelly of the US District Court for the Eastern District of New York came during a hearing called after President Donald Trump issued an executive order blocking people from seven Muslim-majority from entering the United States and putting a temporary halt to refugee admissions.
Trump's order for "extreme vetting" of visitors and legal US residents from seven Muslim-majority countries sparked outrage and protests on Saturday with activists arguing in court to try to block deportations of people stranded in US airports.
The new Republican president on Friday put a four-month hold on allowing refugees into the United States and temporarily barred travellers from Syria and six other countries. Immigration lawyers, activists and Democratic politicians reacted furiously, and many worked to help marooned travelers

A large crowd chanting "Let them stay, it's the American way!" outside the courthouse.
Hundreds of protesters gathered at airports in Dallas, Chicago, New York and elsewhere while inside, anxious family members waited and worried for travelers.
At Chicago O'Hare International Airport, brothers Bardia and Ayden Noohi waited for four hours for their father Kasra Noohi — who has an Iranian passport and a US green card — to be allowed through.
They knew Trump had pledged tougher rules but did not expect they would affect holders of green cards, which allow foreigners to live and work in the United States.
"I didn't think he'd actually do it," Bardia Noohi, 32, said. "A lot of politicians just talk."
Trump, who took office just over a week ago, had promised during his campaign what he called "extreme vetting" to do more to protect Americans from terror attacks.
He told reporters in the Oval Office that his order was "not a Muslim ban" and said the measures were long overdue.
"It's working out very nicely. You see it at the airports, you see it all over," Trump said.
"We're going to have a very, very strict ban and we're going to have extreme vetting, which we should have had in this country for many years."

Chaos

The ban affects travellers with passports from Iran, Iraq, Libya, Somalia, Sudan, Syria and Yemen. Green card holders will not be allowed back in until they are re-screened.
The order seeks to priorities refugees fleeing religious persecution. In a television interview, Trump said the measure was aimed at helping Christians in Syria.
Confusion abounded at airports as immigration and customs officials struggled to interpret the new rules, with some legal residents who were in the air when the order was issued detained at airports upon arrival.
A chaotic scene played out in the arrivals terminal at John F. Kennedy International Airport in New York, where a group of lawyers had filed a lawsuit on behalf of two Iraqi men who had worked for the US military who were in the air when Trump signed the order.
Thousands of refugees seeking entry were thrown into limbo.
Melanie Nezer of the Hebrew Immigrant Aid Society, a Jewish group that works with refugees, said she knew of roughly 2,000 who were booked to come to the United States next week.
The US technology industry, a major employer of foreign workers, hit back on Saturday, with some leaders calling the order immoral and un-American.
Colleges also spoke out on behalf of students from the countries, and warned students in the United States that they should avoid travel lest they not be allowed back in.
Arab travelers in the Middle East and North Africa said the order was humiliating and discriminatory. It drew criticism from US Western allies, including France, Germany and Britain.
Iran condemned the order as an "open affront against the Muslim world and the Iranian nation" and vowed to retaliate.  
Of the seven countries targeted, Iran sends the most visitors to the United States each year — around 35,000 in 2015, according to the Department of Homeland Security.
Sudan called the action "very unfortunate" after Washington lifted sanctions on the country just weeks ago for cooperation on combating terrorism. A Yemeni official expressed dismay at the ban.
Canadians welcome those fleeing persecution, terror and war "regardless of your faith", Prime Minister Justin Trudeau said in a Twitter post.

Legal residents stunned

During the presidential campaign, Trump promised to clamp down on immigration as a way to prevent attacks. He first proposed a ban on Muslims entering the United States, modifying that later to "extreme vetting" of immigrants from certain countries.
It was unclear how many legal permanent residents would be affected. A senior US administration official said on Saturday that green card holders from the seven affected countries have to be cleared into the United States on a case-by-case basis.
According to State Department guidance, travelers who have dual nationality of one of these countries will not be permitted for 90 days to enter the United States.
Legal residents of the United States were plunged into despair at the prospect of being unable to return to the United States or being separated from family members trapped abroad.
In Cairo, five Iraqi passengers and one Yemeni were barred from boarding an EgyptAir flight to New York on Saturday, sources at Cairo airport said. Dutch airline KLM said on Saturday it had refused carriage to the United States to seven passengers from predominately Muslim countries.

US agencies scramble

In Washington, the agencies charged with handling immigration and refugee issues grappled with how to interpret the measure, and enforcement was uneven.
US officials, speaking on condition of anonymity, said they were not consulted on the executive order and in some cases only learned the details as they were made public.
At the State Department, a senior official said lawyers were working closely with their counterparts at Homeland Security to interpret the executive order, which allows entry to people affected by the order when it is in the "national interest”. However, a federal law enforcement official said: "It's unclear at this point what the threshold of national interest is".
Senior administration officials said it would have been "reckless" to broadcast details of the order in advance of new security measures. The officials told reporters that Homeland Security now has guidance for airlines.
"I don't think anyone is going to take this lying down," said Cleveland immigration lawyer David Leopold. "This is the tip of the spear and more litigation is coming.

ONGC to invest $5.1 bn for developing oil finds off AP coasta

State-owned Oil and Natural Gas Corp (ONGC) on Friday signed an MoU with Andhra Pradesh government for investing $5.07 billion in developing oil and gas finds off the state's coast by 2019-20.

ONGC will invest $5.07 billion in bringing to production 10 oil and gas discoveries in the Bay of Bengal block KG-DWN-98/2 (KG-D5), which sits next to Reliance Industries' flagging KG-D6 fields.

First gas production is envisaged by June 2019 and oil would start flowing from March 2020. Gas from the offshore field will be brought via sub-sea pipeline to Andhra Pradesh before being transported to end users.


The MoU was signed by ONGC Chairman and Manging Director Dinesh K Sarraf and the state government's Industries Director Kartikeya Misra.

The 7,294.6 sq km deep-sea KG-D5 block has been broadly categorised into Northern Discovery Area (NDA - 3,800.6 sq km) and Southern Discovery Area (SDA - 3,494 sq km).

The NDA has 11 oil and gas discoveries while SDA has the nation's only ultra-deepsea gas find of UD-1. These finds have been clubbed in three groups - Cluster-1, Cluster-II and Cluster-III.

Gas discovery in Cluster-I is to be tied with finds in neighbouring G-4 block for production but this is not being taken up currently because of a dispute with RIL over migration of gas from ONGC blocks, officials said.

From Cluster-II a peak oil output of 77,305 barrels per day is envisaged within two years of start of production. Gas output is slated to peak to 16.56 million standard cubic meters per day by end-2021.

How to secure a smartphone for the tweeter-in-chief

As President Donald Trump takes office, he has also taken up a new, digital symbol of the presidency. Before, during and since the campaign, he used an Android smartphone to conduct his business and tweet prolifically, directly reaching millions of followers. But when he was inaugurated, Trump surrendered that device and accepted in its place a smartphone that has somehow been made more secure.

It is a key move for a man who might now be not only the 45th commander-in-chief but also America’s first president with such devotion to Twitter. Many private companies deal with issues like this, in which employees joining the ranks already have a mobile phone they use for their personal life. Should that device be connected to company systems? Or should workers be issued a cumbersome second phone for work-only purposes? There are federal recommendations about that, but few firms are handling data as sensitive as the president’s phone might be.


A presidential smartphone is probably the most attractive target imaginable for foreign governments’ hackers. Attacking the phone could provide access to the highest secrets of national security, and near-constant real-time information about exactly where the president is, raising the potential for physical threats. Securing a phone like that requires several layers of protection.

Exactly what has been done to protect the president’s phone is intentionally left unclear to the public. But as a scholar of mobile security, I know that beyond overall network security measures, there are several technological approaches to securing a smartphone for special use. The most secure, however, is also among the least practical and least likely: ensuring the phone cannot connect to the internet at all. So how might have government cybersecurity specialists locked down Trump’s new phone?

Hiding key information

One level of protection is what is called “security by obscurity.” Many people presumably had Trump’s pre-presidential phone number. Now, relatively few people will have his new number. Similarly, his old phone’s internal device identifiers, such as its unique 15-digit International Mobile Equipment Identity number, or IMEI, may not have been as carefully guarded as those for his new phone. Keeping that information secret means the first hurdle for potential attackers involves figuring out which phone to attack in the first place.

Another layer of security involves ensuring the device was made by a trusted manufacturer, using trusted components, reducing the risk that the hardware would have any vulnerabilities that an attacker could exploit. Similarly, anyone who worked with or handled the phone at any step would have to be prevented from tampering with it to introduce any weaknesses.

Adding even more security in the physical device itself would be a specialized computer chip to add significant encryption capability for data stored on the phone or transmitted to or from it. Called a “Trusted Platform Module,” this hardware element is required by the Defense Department in all new devices handling military information. In addition, it could be used to ensure that any attempts to tamper with the phone, its settings or the operating system installed would be identified immediately.

Custom configuration

The phone also might be configured to connect only with certain predetermined phone and data networks that are regularly screened against intrusions. Limiting its contact with the internet would, of course, be key – though that would also significantly limit the phone’s usefulness to a president whose routine involves constant connection.

To handle that middle ground – finding a compromise between a full, unrestricted internet connection and a completely disconnected device – Trump’s phone likely has some degree of customization. This could include a custom operating system, such as the Android variants the Department of Defense has developed. These would contain security features not typically found in commercial systems, such as special restrictions on logging in and unlocking the phone, as well as specialized encryption settings.

A more limited app store

The apps allowed on the president’s phone should be few and limited only to those verified in advance. There should be little, if any, ability to automatically download and install apps, which could carry with them security-breaching code. For similar reasons, automatic updates to apps or the operating system might be restricted.

What happens inside a phone’s processor and memory when it’s running an app is already fairly secure even on commercial smartphones. Parts of the memory storing data and other parts handling the software instructions for working with those data are typically separated and identified. For smartphones such as those used by the president, this memory tagging should be done in hardware. This can prevent a number of different types of attacks that try to trick the device into running software code from areas of memory set aside to handle data.

Also important is determining which data an app can use. Most operating systems allow users to make that decision. To improve security even more, the phone could be programmed with mandatory limits provided by, say, the secret service. To some degree, this ability is present on many smartphones, preventing users or attackers from corrupting key elements of the system.

But it could be stepped up – even enforcing that a particular file could be shared only with people or apps holding a certain level of security clearance, and having the system prevent sharing it elsewhere. For example, even if the president inadvertently told the Twitter app (if it’s installed on his phone) to share a piece of classified information, the phone’s software could step in and prevent that from happening.

Additional steps

Separately encrypting the memory spaces used by each app can boost security further. That would ensure that even if a malicious app makes its way onto the phone, it cannot see what other apps are doing, nor read the data they are working with.

Academic researchers have developed other ways that could be incorporated into a more secure presidential smartphone. The concept of “data tagging” can ensure that data that have been accessed by a certain app are accessed only in restricted ways. For example, the phone could be instructed that information that has passed through the White House’s secure wireless networks should not be accessible to the Twitter app.

Additionally, context-dependent settings could monitor the phone’s location and take note of surrounding devices. Perhaps the phone’s microphone and camera could be shut off, and any active Twitter link disconnected, if the phone itself is in the Oval Office, and whenever the president is meeting with members of his national security team.

How exactly the president’s phone is protected is vitally important to our national security. Trump’s agreement to stop using his previous, commercial-grade phone in favor of a government-secured one is a good step toward keeping the president informed and engaged while he and the nation also stay safe.

Sunday 22 January 2017

US Pushes Cybersecurity Acquisition Tools as Contracts Flow

Vendors of cyber security offerings are finding that the U.S. government is serious about improving the protection of federal IT assets. A steady stream of data protection contracts has been flowing to providers, including some notable high-value transactions during the last half of 2016.

One example is a Department of Homeland Security contract, with a potential value of US$395 million, for various cyber security protection services designed to prevent, detect, contain and eradicate cyber threats. While DHS went through the process of selecting a vendor last year, a final award is pending due to a legal challenge. Still, the magnitude of the DHS project indicates the significant level of potential federal investments in cyber security.

Federal contracting is never easy, of course, and the providers who have received cyber security contracts have had to meet all the requirements of doing business with the government. While those requirements remain in force, federal agencies, especially the General Services Administration, are trying to improve the processing of cyber protection acquisitions through expansions or enhancements to various federal procurement vehicles.

GSA's recently selected Adobe as a provider of data protection capabilities for federal agencies. The administration last month revealed it had engaged Adobe for a "new, government-wide enterprise software acquisition agreement for best-in-class, data-centric security and electronic signature solutions."

The agreement will help agencies "comply with current information security and electronic government policy recommendations and requirements," including the Cyber security National Action Plan, the Cyber security Strategy and Implementation Plan, the Cyber security Act of 2015, the Government Paperwork Elimination Act, and the E-Sign Act of 2000, according to GSA.
Contract Vehicle Available to All Agencies

As part of a government-wide initiative, all federal agencies will be able to use the GSA vehicle to acquire the various cyber protection capabilities offered by Adobe. GSA did not conduct a request for proposals to set up the acquisition. Instead, the administration used its existing IT contracting capability, known as "Schedule 70."

The agreement "came as a result of vendor engagement and market research conducted by our IT software category, with the goal of identifying software publishers that would be interested in a GSA IT Schedule 70 modification of this nature," said John Radziszewski, GSA IT software category manager.

"Adobe was identified at that time as a publisher who was interested in participating," he told the E-Commerce Times. The transaction was facilitated through Carahsoft, an existing Schedule 70 provider and designated re seller of Adobe offerings.

The agreement covers two basic Adobe products. One is an Enterprise Digital Rights Management Product Grouping, which allows only agency personnel with specific credentials to apply persistent protection to sensitive documents and information.

That level of protection allows agencies to revoke or change document permissions regardless of location, GSA noted, which is helpful in guarding against fraud. In addition, agencies can add certificate-based digital signatures to PDF documents used with Acrobat.

A second capability is the Adobe Document Cloud for Enterprise -- Premium eSign Services solution. It is a cloud-based, enterprise-class e-signature service that lets agencies replace paper and ink processes with fully automated electronic signature workflows, GSA said.

GSA's 'Win-Win' Program

The Adobe agreement also provides other benefits, according to GSA, such as assisting federal agencies in modernizing IT acquisitions and generally improving operational efficiency.

In addition, the negotiated offer with Adobe will provide government agencies with "significant savings over previous pricing," said Mary Davie, assistant commissioner for information technology in GSA's Federal Acquisition Service. GSA estimates the value of the potential savings at $350 million.

The pricing element is a significant benefit, observed David Wennergren, executive vice president at the Professional Services Council.

"This is an enterprise software agreement, which always is with a single company. These agreements are designed to provide an easy mechanism for agencies to get a good price on software licenses by leveraging the government's buying power," he told the E-Commerce Times.

"Enterprise software agreements can be win-wins. For the government, they aggregate demand and buying power to get the best price for buying software, and then make that good rate available for multiple agencies. For companies, they reduce the administrative burdens of negotiating and managing a plethora of licensing agreements and may help drive demand for their software and other products and services," Wennergren explained.

"There are enterprise licensing agreements in place with a number of software companies through GSA's SmartBuy program, the Defense Department's Enterprise Software Initiative, and other programs," he noted. The agreement with Adobe is just one of multiple initiatives and adds one more tool to federal acquisition capabilities, especially in the cybersecurity area.

Yet agencies will have alternatives to consider.

"There are ... similar types of products being provided by other software providers on IT Schedule 70," GSA's Radziszewski said.

Recent contract awards demonstrate the federal effort to utilize a variety of acquisition vehicles to pursue that goal. They include the following:

ManTech: GSA last summer awarded two contracts with a potential total value of $110 million to ManTech International on behalf of DHS. Tasks will include continuous diagnostic monitoring for cybersecurity purposes and protecting cloud operations.
The transaction vehicle was a government-wide acquisition contract through GSA's Alliant program. Mantech last fall received a contract from the National Geospatial-Intelligence Agency, which carried a potential value of $322 million over five years. The award included the provision of IT enterprise management services and enterprise cybersecurity services to NGA.

Iron Vale: The Center for Medicare and Medicaid Services last year awarded a contract to Iron Vale for providing a comprehensive cybersecurity support.
CMS used a competitive GSA schedule program procurement that simplifies the process of obtaining commercial supplies and services, the agency said. CMS used GSA's e-Buy website to post the opportunity.

The contract combined two existing agreements into a single entity and provided a one-year base period with four additional option years. Its total potential value is $67.6 million.

Advanced Concepts and Technologies International: The company last month received a contract to provide cyber acquisition support services to the DHS National Protection and Programs Directorate, Office of Cyber security and Communications, over a period of four years. Valued at $21 million, the contract was facilitated through the GSA OASIS Small Business Pool.
Defense Department Activities

In addition to civilian agencies, the Defense Department has remained active in the cyber technology market. For example, Engility Holdings will provide cyber-research, security assessments, and analysis for the U.S. Air Force under a $31 million contract awarded last month.

The contract was facilitated through the Defense Technical Information Center, a centralized agency within the Defense Department. The DTIC has a coordinating arrangement with the Air Force Life Cycle Management Center. Among other tasks, the Air Force unit tracks life cycle performance of weapons systems.

Also, the U.S. Army engaged Booz Allen Hamilton for cyber security enterprise support through a $13.2 million firm-fixed-price contract with options. The award was issued last year for a five-year period. It was facilitated through a conventional acquisition by the Army Contracting Command.

Whether through conventional acquisition vehicles or enhanced procurement procedures, it appears that federal agencies will continue to seek significant assistance to bolster their cybersecurity capabilities.

Microsoft Hardens Latest Windows Version Against Hackers

Microsoft has fortified the latest version of Windows to make it more secure than previous editions, but the strongest protections will be available only to those willing to pay a steep price for them.

Windows 10 Anniversary Update has introduced many mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities, Matt Oh and Elia Florio of Microsoft's Windows Defender ATP Research Team wrote in an online post last week.

Countering unidentified vulnerabilities -- also known as "zero day" vulnerabilities -- is particularly important because they are a powerful tool used to penetrate systems and steal data by attackers, especially those working for nation-states.

Rather than focus on a single vulnerability, Microsoft is focusing on mitigation techniques that counter classes of exploits, Oh and Florio explained.

"As a result, these mitigation techniques are significantly reducing attack surfaces that would have been available to future Zero-Day exploits," 
Paying for Protection

For the most effective post-breach protection, customers should sign up for Windows Defender ATP, Oh and Florio suggested, a service that is available only to users of Windows Enterprise E5.

That appears to be a departure from how Windows security was treated in the past, observed Michael Cherry, an analyst with Directions on Microsoft.

When Microsoft launched its Trustworthy Computing initiative in 2002, there was a commitment to making all versions of Windows equally secure, he recalled.

"Now, what Microsoft is saying in a subtle way," Cherry told Tech News World, is that "to be the most secure on Windows, you should be using Windows Defender Advanced Threat Protection -- but we're saving that for our best customers, our customers willing to pay for the enterprise edition. That's a big change that's happening in Windows security."

What Users Get

Nevertheless, the security improvements in the new Windows 10 Anniversary Update are worthwhile for consumers.

"This is great news for users," said Jerome Segura, a senior security researcher for Malware bytes.

"Microsoft is addressing zero days and exploits in general by sand boxing a lot of the components in the operating system," he told Tech News World.

Sand boxing is a technique used to isolate activity in a space where it can be observed without affecting its surroundings. If it behaves badly in the sandbox, then it won't be allowed to play with the other parts of a system.

Sandbox techniques were used in Windows 10 to neutralize an exploit that used corrupt fonts to gain escalated privileges on a system, Microsoft's Oh and Florio explained. Escalated privileges allow an intruder greater freedom to roam and access data on a network.

Room for Improvement

While Microsoft is making good progress in hardening the Windows kernel, it could improve the operating system's security in other areas, too. One of those areas is third-party applications and components.

"While it's trying to ensure that its operating system is secure, it still depends on Flash, Java and other pieces of software. At the end of the day, the security of the system is going to depend on all the pieces, not just what Microsoft ships," Malware bytes' Segura observed.

"You can have an OS that's safe, but if you have an outdated Flash plug-in, you can still get infected," he pointed out.

Hackers also are exploiting Microsoft Office documents.

"Microsoft needs to tighten up legacy code like macros -- either disable it or sandbox it," Segura said.

Threat to Security Vendors?

As Windows security improves, will it threaten the security ecosystem that has grown up around the OS?

"Ultimately, Microsoft's new anti-exploit features in Windows calls into question the value of legacy antivirus protections," said Simon Crosby, CTO of Bromium.

"However, it is important to note that relatively few enterprises use Windows 10 yet, so any Microsoft mitigation in Windows 10 that fails to address the legacy Windows installed base cannot address threats targeting [the security ecosystem]," he told Tech News World.

Windows users still need to use antivirus programs, added Jack E. Gold, founder and principal analyst with J.Gold Associates. "Microsoft is pushing its antivirus program," he told Tech News World, "so it's not saying you don't need antivirus anymore."


Will Trump end globalisation? The doubt haunts Davos' elite



It’s been impossible to escape the shadow of Donald Trump at this year’s gathering of the business elites at the World Economic Forum in the Swiss ski resort of Davos.

Uncertainty over what Mr. Trump will do once he takes office Friday and whether his presidency will mark the end of globalization dominated discussions all week at this event, which more than any has become synonymous with international business.

Sure, lofty ambitions were discussed, from fighting epidemics to dealing with inequalities across the world. But inevitably all talk turned to Mr. Trump, who has promised to rewrite free trade deals and even slap tariffs on China, the world’s second-largest economy.

“Do I really think we’re going back to protectionism? I don’t really know yet and I can promise you I’m paying a lot of attention to it because trade matters to us,” said David Cote, chairman and CEO of industrial conglomerate Honeywell. “It’s a little too early to press the panic button; we ought to see what ends up happening here.”

Roberto Azevedo, director-general of the World Trade Organization, the institution that oversees global trading rules, reminded delegates that in the 1930s, unilateral actions to raise tariffs led to a “domino effect” that wiped out two—thirds of global trade in three years.

“That would be a catastrophe of untold proportions,” he said. “I think we should try not to talk ourselves into a trade war and I think we’re seeing a lot of that.”

The case against globalization


Whether or not world trade goes into reverse, it’s evident that globalization the commitment to lower barriers to doing business around the world s under threat like no other time in decades.

The main allegations are that it has increased inequalities in wealth, eroded job security for the middle and lower—income families in developed countries, and kept a lid on wages as businesses seek low—cost workers in poorer countries. The breakneck pace of technological innovation is making jobs redundant, particularly in industries like manufacturing.

Anti—poverty charity Oxfam illustrated the issue of inequality starkly in a report this week in which it said that eight billionaires own as much wealth as half the world’s population, or 3.6 billion people.

There’s a perception among many middle— and lower—income households in developed economies like the U.S. and Europe that globalization hasn’t worked for them and it’s their anger that supported Trump’s victory and Britain’s vote to leave the European Union this year.

The case for it


Globalization has helped lift hundreds of millions to escape poverty over the past decades. Populous countries like China and India have enjoyed phenomenal growth, improved standards of living, life expectancy, literacy and employment rates.

As though to underscore that value of that, China’s leader visited the Davos forum this year for the first time ever.

In a historic address, Chinese President Xi Jinping cast his country as a champion of free trade and stability. Though China does in fact put big limits on foreign companies in the country, Xi’s message was clear- that China wants to take a bigger role on the global stage and keeping business flowing.

“We must remain committed to promoting free trade and investment through opening up, and say no to protectionism,” Xi said, without directly referencing Trump. “Pursuing protectionism is like locking oneself in a dark room. While wind and rain may be kept outside, so are light and air ... No one will emerge as a winner in a trade war.”

Way ahead


The key will be what policies Trump actually puts in motion, and whether other countries follow the temptation to throw up bigger barriers to business.

Britain will this year renegotiate its trade relations with the rest of the EU, the region it does most business with. And populist political movements have risen in countries like the Philippines and are increasingly prominent in developed economies like France, the Netherlands and Italy.

“We may be at a point where globalization is ending,” said Ray Dalio, founder of hedge fund Bridgewater Associates.

Beyond Trump, Christine Lagarde, the managing director of the International Monetary Fund, said the broader international system must change.

Dealing with inequality will have to become a central concern for governments, she said, adding that could mean greater redistribution of wealth a tough message to deliver to a crowd of millionaires and billionaires.

Theresa May, Britain’s prime minister, sought to convince the Davos elite that Britain was not retreating from the global scene. But she did concede that policymakers from the mainstream have to support those for whom globalization is not working.

“The forces of liberalism, free trade and globalization that have had, and continue to have, such an overwhelmingly positive impact on our world ... are somehow at risk of being undermined,” she said.