What is a backdoor?
By definition: «Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data,» either the backdoor is in encryption algorithm, a server or in an implementation.
Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that «could allow» an attacker, and of course the company itself, to intercept your encrypted communication.
The story involving the world’s largest secure messaging platform that has over a billion users worldwide gone viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp.
Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are always invited 🙂
What’s the Issue:
The vulnerability relies on the way WhatsApp behaves when an end user’s encryption key changes.
WhatsApp, by default, trusts new encryption key broadcasted by a contact and uses it to re-encrypt undelivered messages and send them without informing the sender of the change.
In my previous article, I have elaborated this vulnerability with an easy example, so you can head on to read that article for better understanding.
Facebook itself admitted to this WhatsApp issue reported by Boelter, saying that » we were previously aware of the issue and might change it in the future, but for now it’s not something we’re actively working on changing. »
What Experts argued:
According to some security experts — «It’s not a backdoor, rather it’s a feature to avoid unnecessarily re-verification of encryption keys upon automatic regeneration. »
Open Whisper Systems says — «There is no WhatsApp backdoor,» «it is how cryptography works,» and the MITM attack «is endemic to public key cryptography, not just WhatsApp. »
A spokesperson from WhatsApp, acquired by Facebook in 2014 for $16 Billion, says — «The Guardian’s story on an alleged backdoor in WhatsApp is false. WhatsApp does not give governments a backdoor into its systems. WhatsApp would fight any government request to create a backdoor. »
What’s the fact:
Notably, none of the security experts or the company has denied the fact that, if required, WhatsApp, on government request, or state-sponsored hackers can intercept your chats.
What all they have to say is — WhatsApp is designed to be simple, and users should not lose access to messages sent to them when their encryption key is changed.
Open Whisper Systems (OWS) criticized the Guardian reporting in a blog post saying, «Even though we are the creators of the encryption protocol supposedly «backdoored» by WhatsApp, we were not asked for comment. »
What? «…encryption protocol supposedly «backdoored» by WhatsApp…» NO!
No one has said it’s an «encryption backdoor;» instead this backdoor resides in the way how end-to-end encryption has been implemented by WhatsApp, which eventually allows interception of messages without breaking the encryption.
As I mentioned in my previous story, this backdoor has nothing to do with the security of Signal encryption protocol created by Open Whisper Systems. It’s one of the most secure encryption protocols if implemented correctly.
Then Why Signal is more Secure than WhatsApp?
You might be wondering why Signal private messenger is more secure than Whatsapp, while both use the same end-to-end encryption protocol, and even recommended by the same group of security experts who are arguing — «WhatsApp has no backdoor. »
It’s because there is always room for improvement.
The signal messaging app, by default, allows a sender to verify a new key before using it. Whereas, WhatsApp, by default, automatically trusts the new key of the recipient with no notification to the sender.
And even if the sender has turned on the security notifications, the app notifies the sender of the change only after the message is delivered.
So, here WhatsApp chose usability over security and privacy.
It’s not about ‘Do We Trust WhatsApp/Facebook?’:
WhatsApp says it does not give governments a «backdoor» into its systems.
No doubt, the company would definitely fight the government if it receives any such court orders and currently, is doing its best to protect the privacy of its one-billion-plus users.
But what about state-sponsored hackers? Because, technically, there is no such ‘reserved’ backdoor that only the company can access.
Why ‘Verifying Keys’ Feature Can’t Protect You?
WhatsApp also offers a third security layer using which you can verify the keys of other users with whom you are communicating, either by scanning a QR code or by comparing a 60-digit number.
But here’s the catch:
This feature ensure that no one is intercepting your messages or calls at the time you are verifying the keys, but it does not ensure that no one, in the past had intercepted or in future will intercept your encrypted communication, and there is no way, currently, that would help you identify this.
WhatsApp Prevention against such MITM Attacks are Incomplete
WhatsApp is already offering a «security notifications» feature that notifies users whenever a contact’s security code changes, which you need to turn on manually from app settings.
But this feature is not enough to protect your communication without the use of another ultimate tool, which is — Common Sense .
Have you received a notification indicating that your contact’s security code has changed?
Instead of offering ‘Security by Design,’ WhatsApp wants its users to use their common sense not to communicate with the contact whose security key has been changed recently, without verifying the key manually.
The fact that WhatsApp automatically changes your security key so frequently (for some reasons) that one would start ignoring such notifications, making it practically impossible for users to actively looking each time for verifying the authenticity of session keys.
What WhatsApp should do?
Without panicking all one-billion-plus users, WhatsApp can, at least:
Stop regenerating users’ encryption keys so frequently (I clearly don’t know why the company does so). Give an option in the settings for privacy-conscious people, which if turned on, would not automatically trust new encryption key and send messages until manually accepted or verified by users.
…because just like others, I also hate using two apps for communicating with my friends and work colleagues i.e. Signal for privacy and WhatsApp because everyone uses it.

© Source: http://feedproxy.google.com/~r/TheHackersNews/~3/l2HP8JPOjQE/whatsapp-backdoor-encryption.html
All rights are reserved and belongs to a source media.

Your personal brand isn’t just a buzz phrase. It’s the unique combination of skills, experience, passion and personality that makes you exactly the right fit for your dream job. Building a personal brand means going beyond simply regurgitating your resume across multiple platforms, says Gianna Scorsone, vice president of marketing and sales operations at IT staffing and recruiting firm Mondo.
«Developing a personal brand is all about standing out — you’re not going to do that if you’re just posting your resume in a bunch of different places. That’s a tactical approach that only highlights what you can do, not who you are and what your value is to an organization. You need to provide layers of different, personalized information to show that you’re results-oriented, that you can deliver ROI and that you have passion and drive that will be invaluable to a potential employer,» says Scorsone. Thankfully, creating and showcasing your personal brand is easier than ever.
When working with job seekers, Scorsone says she finds herself recommending specific tools that will help her clients move beyond the tactical and into the strategic when polishing their personal brand. Here, she shares those six tools that can help job seekers land that perfect role.
GitHub is an online software version control tool, at its heart, but it’s really so much more, says Scorsone. It’s also a social coding platform that can serve as an online code portfolio for developers to showcase their work and highlight their talents, she says, and developers can include links to their portfolio within job applications or on their personal websites.
Behance is a platform for creative professionals, including graphic designers, and UX/UI developers. You can manage and maintain a portfolio and share your work publicly with recruiters and hiring managers to showcase your skills.
The old standby is still a great way to successfully promote your professional brand, but make sure you’re constantly optimizing the content you add to your profile, keep it clean and free from clutter and only include your best or most relevant work experience, Scorsone says. «One of the most common mistakes I see on LinkedIn is candidates just reposting their resume. You have to go beyond that to create a brand, build a network and engage with those connections on the platform,» she says.
JibberJobber is an excellent resource to help keep track of those important network connections and note how they’ve helped you, Scorsone says. «Using this tool to organize your top professional contacts allows you to easily tap these individuals for testimonials or references that can then be added to your website or LinkedIn profile,» she says.
Squarespace lets job seekers create their own website, which is a great way to improve your professional brand and create a platform solely dedicated to showcasing your experience, says Scorsone. «Squarespace is designed to help you build an online portfolio and it’s really great even for folks who don’t have technical ability; it removes the stress of having to create a website from scratch with user-friendly templates,» she says.
Dunked is an online platform where business professionals can create and host an online portfolio for a small monthly fee, Scorsone says. However, it’s definitely geared toward professionals with visual and artistic experience, so it’s the perfect platform for developers, designers and/or engineers, she says.

© Source: http://www.computerworld.com/article/3157557/it-skills-training/6-tools-to-help-boost-your-personal-brand.html
All rights are reserved and belongs to a source media.

It’s not an exaggeration to say that your smartphone is the most personal device you have. The fact it’s always with you, however, sure does generate a lot of information about your habits.
Your location history, Google searches, web browsing habits, app usage, and even recordings of your voice talking to the Google Assistant.
Yes, your phone and the Google services powering it are incredibly useful in many tangible ways. And if you use a strong password and two-factor authentication, your information is likely safer on Google’s servers than just about anywhere else.
But it’s not paranoia to take stock from time to time of just how much you’re handing over to Google or if you’d rather not place all your digital privacy eggs in the same basket. Here are some simple tips about how you can stay in control of all that critical information and ensure that privacy isn’t something you have to surrender.
Since you’re on Android, using a Google account is essential in order to buy apps and use the company’s suite of services. Even the privacy-focused Blackphone puts Google services front and center.
If your goal is to maybe do a little de-Googling because you don’t want the company to know every thing about you, the first place to start is the My Activity account center. This is essentially the dashboard for every instance where your activity touches Google servers. The site is quite mobile friendly, so you can attack all these details from your phone or tablet as well as on the desktop.
My Activity is the home for everything Google remembers about your daily interactions.
The amount of information is a little staggering, especially if this is your first time there. For example, touch “Android” and you’ll see a timeline of the interactions from your phone, such as which apps you’ve used on your phone, tablet, or Android TV. Same goes for Chrome, Search, or Play. There’s also a search function, which is surprisingly a little hit and miss at finding your stuff.
The key to this section is that you can also clean things out. Touch the overflow (three vertical dots) button at the top right and you’ll have an option to delete details by a certain timeframe. You can also opt for the nuclear option and delete everything if you want a fresh start.
You can delete activity from a specific time period or send everything to the digital trash bin at once.
The most interesting addition to this section is found if you use the Google Assistant , which is what powers the artificial intelligence smarts inside the Pixel, Google Home, and Allo. Every voice interaction with Google is recorded, and you can play it back.
You can play back and also delete your voice interactions with the Google Assistant.
It’s a little creepy to know your voice recordings are saved for all time. So you can delete this if you’d like. However, you’re better off acknowledging that this is one of the tradeoffs we make for having an artificial genie always at your disposal. It remembers.
You can wipe away your voice commands all at once.
Returning here often, just to see what’s going on, is also a good idea as a way of ensuring your account is secure and nothing suspicious has taken place.
So much of how your phone interacts with different apps and services is through your location. Think Google Maps, Google search suggestions, Uber, and other services.
One area you should check is your Google location history. This is a detailed timeline of everywhere your Android device has gone. It’s actually useful, as it’s helped me remember where I went on a certain day. However, it’s easy to understand that some may not want this saved for all time.
Every move you make is traceable inside of Google Maps.
Find out which apps and devices are using Google’s location services.
Keep in mind that shutting off all location-based tracking means no more regional tips from Google Now, gift card offers from Android Pay, or other location-based alerts. You’re also likely to get far fewer Opinion Rewards surveys since many of these come from your location.
You can also get more specific and turn on or off location services for specific apps or devices if you want more control. Phones, tablets, and PCs that have used your Google account tend to hang this feature around a while, and for security your best bet is to ensure you’ve wiped them properly before resale.
Along with tightening the reins on your Google account, you can also opt to go dark with some other apps and services you use.
Just like on the desktop, you can browse the web with Chrome in Incognito mode. It’s even easier if you have a Pixel as it’s one of the app shortcuts (press and hold the Chrome icon). This doesn’t save any of your Google searches or web history to your account; however, it doesn’t mean that you’re completely invisible. Your internet service provider and other information is still visible to the server you visit.
Go Incognito mode if you want to browse without much of a trace.
For even stronger private browsing, there’s a toolset for using Tor on Android. Orbot uses Tor to create a proxy and scramble your Internet traffic. You then use the Orbox browser to surf the web securely. It’s so secure, it won’t even let you take a screenshot of the browsing section.
More technical users can also dive into node configuration, bridges, and relays.
Tor browsing isn’t just for the desktop.
If you want a more conventional solution, you can always opt out of the Chrome ecosystem by going with Firefox and a different search engine. The best mostly private option is DuckDuckGo. Not only is it a solid search engine, but none of your search history or other details are saved by the company.
On the email front, you can get by with some more private alternatives to Gmail. One of the best is ProtonMail. It’s a popular, encrypted email service with the servers based in Switzerland. You’re not going to get all the cool tricks like travel itineraries in your Google Now feed, but you can rest assured that your email account is securely hosted.
DuckDuckGo, Signal, and many other apps are good choices if you want to elevate your privacy.
The other area that gets a lot of attention is messaging. There are many good, private messaging options for you. Personally I’m a fan of Signal, as I find it to have the best feature set and a robust development pace. It uses end-to-end encryption , which means that only the sender and recipient are able to see the message.
Privacy and security are just as much a mindset as they are about using specific apps, however. The real key is to think about apps that you interact with and what privacy tradeoffs you may be making for their services. In many cases it’s worth it. Yet as technology creeps ever more into our lives, it’s best from time to time to decide just how much is enough.

© Source: http://www.infoworld.com/article/3157778/android/how-to-set-up-your-android-phone-for-ultimate-privacy.html
All rights are reserved and belongs to a source media.

The Apple-related headlines were slow to roll out at the beginning of this year, but going into the second week of 2017, the news picked up. Check out the important Apple headlines from the past week in this slideshow. Just click on the link to get more information.
A Consumer Reports recommendation carries a certain amount of prestige with lots of consumers, and the lack of one for the new MacBook Pro not only ends a streak, but it gives the impression that the new laptop isn’t up to snuff. This could be a chance for Apple to earn that recommendation back and regain consumer confidence.
Also:
Consumer Reports updates its MacBook Pro review with a recommendation (Macworld)
New MacBook Pros stop Apple’s skid in worldwide PC shipments (IDG News Service)
Apple’s competitors are shifting their focus from phones to voice assistants, an area where Apple was ahead with Siri but now lags behind rivals like Amazon.
The new iPad models coming our way include the second-generation update to the 12.9-inch iPad Pro that was first introduced in 2015, a brand-new 10- or 10.5-inch model with a narrow bezel design, as well as a budget-friendly 9.7-inch option.
Apple isn’t trying to compete with Hollywood studios, nor is it even taking on Netflix and Amazon. Apple is seeking an advantage over Spotify, which has 40 million paying subscribers to Apple Music’s 20 million.
Also:
‘Carpool Karaoke’ on Apple Music Will Bring Together Billy Eichner and Metallica (Variety)
It seems the rumored upheaval in Apple’s Project Titan self-driving car project team, which has reportedly pivoted to autonomous car software development from hardware, has been a boon for Tesla.
The size limit of a tvOS app bundle has increased from 200 MB to 4 GB, so you can include more media in your submission and provide a complete, rich user experience upon installation.
The U. S. Court for Appeals for the Ninth Circuit reversed Thursday a decision by a lower court and ruled that the app buyers filing the lawsuit are direct purchasers of iPhone apps from Apple, rather than from app developers, and hence have standing to sue.
Also:
Revenue from Apple’s App Store grows 60% to $5.4 billion (AppleInsider)
According to [Greenpeace], Apple has “played a catalytic role within its IT supply chain, pushing other IT data center and cloud operators who help deliver pieces of Apple’s corner of the internet to follow their lead in powering their operations with renewable energy.”
2017 Apple

In this century, there’s too much competitions among tech firms around the world. Tech-companies coming up with innovative ideas every single day, enhancing their product; smartphones, laptops, gaming console, and forth, to the fullest. This brings or accumulates the companies customer base, and having more customers is all what that matters.
Apple Inc. has proven to be the best tech-firm in the world, where the company this week celebrated the achievement of one of their biggest product in the history of smartphones, the birth of the iPhone. According to online reports, the iPhone contributes almost 60% of the company’s revenue since it’s birth in 2007.
The list below was generated from Forbes Lists, showing the ten most valuable technology brands in the world, and how worth the brand is.
1 Apple (Brand Value: $154.1 Billion)
Apple Inc. engages in the design, manufacture, and marketing of mobile communication, media devices, personal computers, and portable digital music players. The firm offers products and services under the iPhone, iPad, Mac, iPod, Apple Watch, and Apple TV brands, whereas consumer and professional software applications under the iOS, OS, X, and watchOS brands; and operating systems under the iCloud and Apple Pay brands.
In other news, the Cupertino-based tech firm, Apple Inc. earlier this week celebrated the 10th anniversary to one of it’s outstanding innovative products; the iPhone. Read Full Story.
2 Google (Brand Value: $82.5 Billion)
Google Inc. primarily focuses on the areas which include search, advertising, operating systems, platforms, enterprise and hardware products. The search area consists of a vast index of websites and other online content which is made available through its search engine to anyone with an Internet connection.
In other news, Mountain View-based internet firm, late last year launched their ever first make smartphones, Google Pixel and Google Pixel XL during a press event on October 4th, 2016. Read Full Story.
3 Microsoft (Brand Value: $75.2 Billion)
Microsoft Corp. engages in the provision of developing and marketing software and hardware services. Its products include operating systems for computing devices, servers, and phones. It also offers server applications for distributed computing environments, productivity applications, business solution applications, desktop and server management tools, software development tools, video games, and online advertising.
In other news, the Redmond-based software firm, is building a new web-based privacy dashboard that will allow users to see and control their data, including; location tracking, searching and browsing histories, and Cortana Notebook data accrued through every Windows device the user owns. Read Full Story.
4 Facebook (Brand Value: $52.6 Billion)
Facebook Inc. is a social networking company, which allows people to communicate with family, and friends globally. Its services include news feed, messages, mobile apps, and so forth. It’s other social products include; photo-sharing platform; Instagram, Messenger, messaging platform; Whatsapp, and Virtual Reality firm; Oculus VR.
In other news, Menlo Park-based social networking firm, last year announced it will introduce tools to prevent fake news stories from spreading on its platform, an about-face in response to rising criticism that it did not do enough to combat the problem during the U. S. presidential campaign. Read Full Story.
5 IBM (Brand Value: $41.4 Billion)
International Business Machines Corp. (IBM) provides integrated solutions that leverage information technology and knowledge of business processes operating them through five segments: Global Technology Services, Global Business Services, Software, Systems & Technology and Global Financing.
In other news, Armonk-based IT firm, last year acquired cloud consulting firm Bluewolf for $200 Million. However, the terms of the deal weren’t officially been disclosed but the price was reported to be $200 million. Read Fully Story.
6 Samsung (Brand Value: $36.1 Billion)
Samsung Electronics Co., Ltd. operates its business through; Consumer Electronics (such as – monitor, printer, air-conditioners, refrigerators, and washing machines), Information Technology & Mobile Communications, Semiconductors, Home appliances and Device Solutions.
In other news, the South Korean-based Electronics firm, at one of the biggest Tech-Events in the world; CES, launched two Chromebooks with stylus support built to support Android apps. Read Full Story.
7 Amazon (Brand Value: $35.2 Billion)
Amazon Inc. provides online retail shopping services to four primary customer sets; consumers, sellers, enterprises, and content creators. Other services they provide like any other online shopping market include; marketing and promotional services, such as online advertising. It serves consumers through its retail websites with a focus on selection, price, and convenience.
In other news, the Canadian online shopping market was threatened by India’s Foreign Minister – to deny Indian visas to Amazon employees if the company didn’t withdraw all products insulting the Indian national flag immediately from it’s website. Read Full story.
8 CISCO (Brand Value: $28.4 Billion)
Cisco Systems Inc. designs, manufactures, and sells Internet Protocol based networking products (such as; Switching, Routing, Data Center, Wireless, Security, to name a few) and services related to the communications and information technology industry.
9 Oracle (Brand Value: $28 Billion)
Oracle Corp. provides enterprise software and computer hardware products and services and is organized in; Hardware Systems, Enterprise software, and Cloud Computing.
10 Intel (Brand Value: $27.7 Billion)
Intel Corp. develops advanced integrated digital technology products, primarily integrated circuits, for industries such as computing and communications. Some of the products the company produces include; chip-sets, motherboards, microprocessors, and so forth.
Other listed most valuable tech brands include; SAP (11), HP (12), Ebay (13), Sony (14), Nextflix (15), Panasonic (16), and Canon (17).
source: Forbes List and Wikipedia

© Source: http://pctechmag.com/2017/01/the-worlds-ten-most-valuable-brands-in-technology/
All rights are reserved and belongs to a source media.