Posts Tagged ‘IT security’

IAF-Xiaomi-Warning

When Indian Air Force (IAF) labeled ‘Medium Severity Rating’ on Xiaomi Phones it is indeed considered quite a threat to national security primarily it was meant for Air Force personals and their family members; but not far enough of a threat for indian consumers as well. So why was this threat Issued and on what basis? its because a security article shared by F-Secure wherein it was found that their mobile phones is automatically “forwarding carrier name, phone number, IMEI (the device identifier) plus numbers from address book and text messages back to its headquarters in Beijing CHINA.

Xiaomi is also facing probe in Taiwan for similar allegations. These MIUI platform-based phones keep the data synchronization on by default, so for testing the device, the security company used a boxed handset. After un-boxing, they inserted a SIM card, connected to WiFi, allowed GPS location service and then added a new contact. They then send and received SMS and MMS messages and made and received some phone calls. Finally, they found that the phone had sent telecom provider’s name to the server api.account.xiaomi.com. It had also sent the IMEI and phone number to the same server.

Following the update F-Secure did another extended test on the MIUI app. In the explanation they factory reset the phone and later updated the app and found the MIUI app is kept off by default. Later after turning on they found a base-64 encoded traffic being sent to https://api.account.xiaomi.com. Here is the detailed report – http://www.f-secure.com/weblog/archives/00002734.html

Xiaomi entered the Indian market in July this year with its Mi3 smartphone priced at Rs 13,999 through e-Commerce major Flipkart. Xiaomi currently sells Redmi 1S in India via pre-registration method. The company has already sold 108,000 Mi3 and 6,70,000 Redmi 1S units via flash sales.

Technically, in any smartphone, when you use an app it actually need to archive the data somewhere and that’s the reason behind setting up appropriate data centre for storing them. Using the app and keeping your data over the cloud means you have the consent to take responsibility of your data. All the popular cloud services like iCloud, Google Drive, Dropbox or Amazon Kindle service follows the same process for this.

After connecting to the Mi Cloud, they repeated the same procedure and found that IMSI details as well as the IMEI and phone number were sent to the same server.

After Indian Air Force Issued a warning, Xiaomi’s Hugo Barra has said in a Google+ post that they are moving their data out of China and moving to new servers. Here is the complete unedited post by him.

We’re moving your data!

User experience is hugely important to us. As a global Internet company, we really care about speed and we’re also fully committed to storing our users’ data securely at all times.

In early 2014, we kicked off a massive internal effort to expand our server infrastructure globally in order to better serve Mi fans everywhere.

Our primary goal in moving to a multi-site server architecture was to improve the performance of our services for Mi fans around the world, cut down latency and reduce failure rates. At the same time, it also better equips us to maintain high privacy standards and comply with local data protection regulations. This is a very high priority for Xiaomi as we expand into new markets over the next few years.

This server and data migration process is taking place in three phases.

Phase 1: E-commerce migration

Earlier this year, our e-commerce engineering teams started migrating our global e-commerce platforms and user data for all international users from our Beijing data centers to Amazon AWS data centers in California (USA) and Singapore. We also began using Akamai’s global CDN infrastructure to speed up static page loads.
This migration process will be completed by the end of October and will benefit users in all of our international markets — Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, and Taiwan. Users are already experiencing website speed boosts of at least 30% in markets such as Singapore, Hong Kong, Taiwan and as much as 200% in India.

Phase 2: MIUI services migration

We have also recently started migrating our MIUI services and corresponding data for all international users from our Beijing data centers to Amazon AWS data centers in Oregon (USA) and Singapore. This migration includes Mi Account, Cloud Messaging and Mi Cloud services. We are expecting to complete this migration by the end of 2014, with some parts being completed even sooner (e.g. Mi Account servers by the end of October).With this migration, we are expecting to cut network request latency for users in India by up to 350ms, and users in Malaysia to experience 2-3x faster Mi Cloud photosync.

Phase 3: Going local

In 2015, we are planning to take on a new challenge to further improve the performance of our services for users in large and fast-growing markets such as India and Brazil.
In these markets, where Amazon AWS services aren’t yet available, we will be working with local data center providers to set up our service infrastructure. Once that has been completed, users in these markets will be much closer to their data and enjoy even faster speeds by connecting to local servers. We will continue to keep everyone posted!

Hugo
(on behalf of the Xiaomi infrastructure teams)

Overall I think before releasing any foreign made phones or communication devices going forward in India it should be mandatory to setup a panel to review these kind of potential threats to avoid such panic rather then interrogating this post such mega sales.. What is your opinion on this ?

null

Are you one of those who never Reads to the TOS of any website, but readily clicks on the ‘I agree’ button just to proceed. Some terms and conditions are valid, some are stupid, but they can also border on the absurd and cause a busload of problems, warns ET. This was widely reported about a year back – about 7,500 people unknowingly sold their souls to Brit online gaming software retailer Gamestation. As a prank, the retailer added an ‘Immortal Souls’ clause into their terms and conditions (T&C ), legally awarding them the ‘souls’ of customers who bought from them.

But when do terms and conditions become something more than standard operating procedure – when do they become ransom notes? The consumer is forced to agree to the terms in order to proceed – whether it is to use a service or install software. Take for example, the terms and conditions as stated by one of the most popular DTH service providers in India.

“We reserve the right at any time, without prior notice to you, to add or vary all or any of these terms and conditions or to replace, wholly or in part the offers made to you or to withdraw them completely.” Take a moment to read that again. By agreeing to these terms, you are literally agreeing to anything and everything they may ask of you, now or in the future, as long as you’re availing their services. There aren’t too many ways out of it, other than opting for another service provider altogether. But needless to say, we do need to start reading through the terms more often. These are some of the things to look for before you click ‘I accept’.

Photo sharing & printing websites

You own intellectual property rights to your photographs. But what happens if you upload them to a photo sharing website? Who owns them if you upload them to a stock photo site? Or to a photo printing website? In a 2011 report by thenextweb.com, it was found that several photo sharing/ printing websites retain the right to use your photographs in any way they see fit in a “perpetual and irrevocable” manner. Check before uploading.

Sharing personal info on email

Notice how the text ads in your email inbox are creepily ‘right on the money’ ? All the baby clothing store ads appear if you’ve had a baby. Camera stores appear if you’re a photographer and local restaurants pop up if you’re discussing a dinner date with a friend.

Targeted ads – especially those that are accurately targeted with location and demographics – can earn a lot of money. You, by agreeing to the terms, become the conduit.

Buying online or booking tickets

This is one area where there can be a lot of ambiguity. Do manufacturer warranties apply on products you buy online? What happens in case of a defect or if you need to return the item?

In case of airline tickets, prices are volatile, and you need to read the fine print to make sure that you can return the tickets and get a refund if you need to. Many ‘special fare tickets’ are sold on the condition that they may not be returned/refunded.

Online shopping

Did you ever give a thought to how your name and email address finds its way to various websites you never even heard of? Whenever you sign up for newsletters, sign up to comment on an article you read or sign up for a community forum, your information could be misused.

Not only will the offending website start sending you email spam (special offers, notices), they could even sell your email ID to third parties without your consent.

Free mobile apps Many so-called free apps for your smartphone or tablet are ad-supported . But read through the terms – the app could be accessing your personal information – mainly to deliver targeted ads. Also, as mobile ads will be delivered whenever the app is active, which means they count towards your data usage at the end of the month.

Protecting Twitter & Facebook accounts

Increasing trend points towards websites allowing you to sign in and start using their services, simply by using your existing Twitter or Facebook ID. The advantages are that a registration process is skipped, encouraging more users – but the website still gets to identify visitors and get more info about them. This is officially allowed using Facebook connect and Twitter Sign in.

But beware, because you might find automated posts and tweets being sent on your behalf. Check what kind of permissions you are granting to the website or app before you allow access to your Facebook or Twitter account – if it says “allow app/site to post/ send tweet” or “Grant permission to post on your behalf to Facebook”, cancel and run.

As we see with economy now crawling back to normalcy, companies have once again hit the hiring button. Overall, companies are so dependent on IT that they can’t lay off the people who keep their data center operations humming, and they’re loath to let go of the developers who are working on next-generation Internet applications. So, which are the technologies that will be in hot demand in the job market in 2010, any idea? The technologies that will help you give your career a boost. Read on to know the hot technology jobs of demand in 2010. So let’s hit the demand queue..

tech jobs encore

tech jobs encore

    1) Rich internet Applications:

Have you seen anyone without a twitter or a Facebook accounts these days, better they forget there wallet these days but I bet not these, with Web 2.0 becoming `the’ word in Internet space, there’s an increased emphasis on adding interactivity and improving user experience. This has resulted in the evolution of Rich Internet Applications or RIAs. The Web standards are also said to be incorporating RIAs.

Companies today look at adding more disparate functionalities to their applications, also user experience is rated as one of the top parameter on any software development project. With so much happening on the technology front, having an RIA experience can be the key resume differentiator for the coming year.

    2) Java and .Net

It’s like humans can’t be living with hot cup of java or tea 😉 Topping again the lists is what the news article calls evergreen fields Java and .Net. There are primarily two career paths that these pros can take: one towards Web development and the other to enterprise-class applications. With application development on both fronts, Web and enterprise level, buzzing with opportunities, the IT pros with core expertise in these areas can expect to remain in demand.

With a natural progression towards Web-based applications, it is essential for a developer to add skillsets for Web technologies to his core expertise. With Web 2.0 front brewing with activity, a developer can also build skills on technologies like Sliverlight, AJAX, WPF etc.

    3) Cloud Computing

Cloud computing is one of the hottest buzzwords for 2010. With technology companies betting big on cloud computing, a career based around it is surely a good bet. Google AppEngine, Microsoft Azure, Amazon are some of the cloud platforms for which developers can build and deploy applications these days.

Several popular enterprise applications like CRM, ERP too are being hosted on Cloud platform. Also, companies setting up their private clouds would need to shift their existing applications to the new platform. The transition process would need both developers and testers. I predict a solid future for IT professionals with experience in IT optimization, including virtualization and cloud computing. However, these jobs may end up in service providers, rather than IT departments. 🙂

    4) Project management

Project Management certifications are increasingly being seen as a must for employment or advancement as a Project Manager in most companies. There are several industry recognised certifications like PMP and PRINCE2. These certifications help you in making a career for yourself not only in IT industry but in other business verticals too. Project management skills are going to be more important over the next few years.
Even more important is experience managing complex IT projects and delivering results on time and on or under budget.

    5) Embedded Technologies

With mobile and smart devices going mainstream, the demand for embedded software developers has gone up. Today, embedded technologies are used in almost all gadgets camera, TV, mobile phone, etc. The seeping in of embedded technologies into digital devices of daily use has created demand for both software and hardware professionals.

According to the news story, with devices mostly being based on ARM chips or x86, it is important for embedded software developers to have complete knowledge of the architecture and C/C+ languages for programming purposes. A developer needs to know the varied architectures of the chipset and how to deploy an application across.

    6) Mobile development

Today mobile phones are not just hardware! There’s a lot of software that goes inside them. The software that also goes a long way in making them a huge success or a big dud. The software that packs the Apples, Nokias Blackberries have also created a new career avenue. With enterprises too going mobile, the career has got a further boost. As smartphones gain in popularity and replace laptops, companies want applications like CRM, BI to be made available to their employees on these handheld devices.

Mobile platforms are based on disparate frameworks like Java, Windows or Symbian. To carve a career in the mobile development domain, a developer is required to gain core expertise in one of the frameworks.

    7) IT security

A slew of security certifications – including the CompTIA Security+, GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler and Check Point Certified Security Administrator, etc.. will have increased value in 2010. The value of security skills is going up, and more importantly these jobs are pretty stable, as there some crooks always want to shows of there screwing skills 🙂

There maybe many others fields which will continuously as we have seen this year, but this seems to be the big areas again in 2010 which is gonna shine, so a keep watch for it..