DD
MM
YYYY

CATEGORIES

PAGES

DD
MM
YYYY

spot_img

CATEGORIES

PAGES

Home Blog Page 7443

How IoT is creating a new practicing engineering field called Continuous Engineering

By
Tekedia Editors
-
0

The hype around the Internet of Things is now rapidly giving way to the reality of implemented products and services.

Analyst firm IDC predicts that the worldwide IoT market spend will grow from approximately USD 690 billion in 2015 to USD 1.46 trillion in 2020 with a compound annual growth rate of 16.1 percent. The installed base of IoT endpoints will grow from 12.1 billion in 2015, exceeding 30 billion in 2020.

Connectivity has moved from being an interesting feature to being a so-called “price of entry” requirement to achieve competitive product value and differentiation in many of today’s markets.

IoT products and services can range from the basic to the critical: cost-critical, availability-critical, brand-critical, even safety-critical. Therefore, the makers of products and services must understand and respond appropriately to the challenges of engineering for the IoT.

As connectivity increases the capabilities of IoT products and services, so it also increases their complexity. New capabilities bring new failure modes. Added complexity—unless managed appropriately—can increase the likelihood of failures occurring. Furthermore, the consequences of failure can themselves be hard to predict.2

Therefore, increasingly critical products and services require robust IoT engineering. The primary challenges include:

  • Delivering compelling functionality (where the requirements might be continuously changing)
  • Delivering appropriate dependability, in the form of safety (freedom from harm), reliability (availability of services) and security (freedom from intrusion, interference or theft)
  • Delivering the solution in an open context—where some of the technologies and components that contribute to the solution are not under direct commercial or engineering control
  • Delivering the solution with appropriate speed and at appropriate cost to respond to competitive threats and changing market demands

IoT-related products and applications will require a more systems-oriented approach to engineering. Systems thinking, especially the concept of emergent behavior (both wanted and unwanted) is crucial for high-quality IoT development and design. Systems engineering, especially system-of-systems engineering, can help reinforce the agility and quality of IoT development and design, especially if the product being designed needs to respond to other products and systems that are not under the designers’ control.

However, systems engineering approaches must be right-sized to apply to IoT, between the two extremes of, on the one hand, extremely agile ad hoc development projects and, on the other, meticulous and expensive aerospace-grade systems engineering. Special attention must be given to safety and security aspects of IoT systems, more so than for conventional apps and software products. Tools supporting such engineering approaches must be flexible and integrated so they can provide the right amount of control and rigor, but also meet the needs of fast development cycles and time-to-market pressures.

To make the most beneficial impact on IoT development, systems engineering approaches should be part of a comprehensive continuous engineering methodology. Continuous engineering makes use of the feedback available from connected products and systems to continuously inform product refinement and new design. It consists of proven principles and practices combining systems thinking and systems engineering, embedded software development and IoT application software development, together with appropriate automation to enact those practices efficiently in a real product development environment.

 

You need this new design thinking in your IoT projects. IBM is pioneering this Continuous engineering construct under WatsonIoT.

The most effective Gmail and Yahoo Mail phishing attacks and how to avoid them

By
Tekedia Editors
-
0

This is huge and I am sure you have received this clever phishing attack. A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

Researchers at WordFence, a team that makes a popular security tool for the blog site WordPress, warned of the attack in a recent blog post, noting that it has been “having a wide impact, even on experienced technical users.”

Attack Procedure

Here’s how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google  login page. And this is where the scam gets really devious.

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline (“One account. All of Google.”). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser’s address bar.

Screenshot of Google login page 

Even there, it can be easy to miss the cue. The text still includes the “https://accounts.google.com,” a URL that seems legitimate. There’s a problem though; that URL is preceded by the prefix “data:text/html.”

Via WordFence

In fact, the text in the address bar is what’s known as a “data URI,” not a URL. A data URI embeds a file, whereas a URL identifies a page’s location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. This is the trap.

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person’s inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person’s contacts.

And so the vicious cycle of hijackings continues.

How to Stay Safe

Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. Because scammers have been known to create HTTPS-protected phishing sites, which also display a green lock, it’s also important to make sure this appears alongside a proper, intended URL—without any funny business preceding it.

In addition, people should add two-step authentication, an added layer of security that can help prevent account takeovers. Experts recommend using a dedicated security token as well.

(Credit sources)

How malicious code hidden within innocent looking images helped attackers hijacked WhatsApp accounts

By
Tekedia Editors
-
0

Check Point researchers have revealed a new vulnerability on WhatsApp online platform – WhatsApp Web  – the world’s most popular messaging service. By exploiting this vulnerability, attackers could completely take over user accounts, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more.

WhatsApp has over 1 billion users worldwide, making it the most prevalent instant messaging service available today. The company’s web version is available on all browsers and WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and Nokia smartphone

The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp storage data, thus giving full access to the victim’s account. The attacker can then send the malicious file to all the victim’s contacts, potentially enabling a widespread attack.

Check Point disclosed this information to the WhatsApp security teams on March 8, 2017. WhatsApp acknowledged the security issue and developed fixes for worldwide web clients. “Thankfully, .

WhatsApp uses end-to-end message encryption as a data security measure, to ensure that only the people communicating can read the messages, and nobody in between. Yet, the same end-to-end encryption was also the source of this vulnerability. Since messages were encrypted on the side of the sender, WhatsApp was blind to the content, and were therefore unable to prevent malicious content from being sent. After fixing this vulnerability, content will now be validated before the encryption, allowing malicious files to be blocked.

Check Point Security Tips

While WhatsApp has patched this vulnerability, as a general practice we recommend the following preventive measures:

  1. Periodically clean logged-in computers from your WhatsApp & Telegram. This will allow you to control the devices that are hosting your account, and shut down unwanted activity.
  2. Avoid opening suspicious files and links from unknown users.

 

 

Technical Details – WhatsApp

WhatsApp upload file mechanism supports several document types such as Office Documents, PDF, Audio files, Video and images.

Each of the supported types can be uploaded and sent to WhatsApp clients as an attachment.

However, Check Point research team has managed to bypass the mechanism’s restrictions by uploading a malicious HTML document with a legitimate preview of an image in order to fool a victim to click on the document in order to takeover his account.

Once the victim clicks on the document, the WhatsApp web client uses the FileReader HTML 5 API call to generate a unique BLOB URL with the file content sent by the attacker then navigates the user to this URL.

The attack on WhatsApp consists of several stages that mentioned below.

First, the attacker crafts a malicious html file with a preview image:

WhatsApp web client stores the allowed document types in a client variable called W[“default”].DOC_MIMES this variable stores the allowed Mime Types used by the application.

Since an encrypted version of the document is sent to WhatsApp servers it is possible to add new Mime type such as “text/html” to the variable in order to bypass the client restriction and upload a malicious HTML document.

After adding the malicious document Mime Type to the client variable, the client encrypts the file content by using the encryptE2Media function and then uploads it encrypted as BLOB to WhatsApp server.

Moreover, changing the document name and extension and creating a fake preview by modifying the client variables will make the malicious document more attractive and legitimate to the victim.

This is the result:

Once he clicks on the file, the victim will see a funny cat under blob object which is an html5 FileReader object underweb.whatsapp.com. That means the attacker can access the resources in the browser under web.whatsapp.com

Just by viewing the page, without clicking on anything, the victim’s Local storage data will be sent to the attacker, allowing him to take over his account.

The attacker creates a JavaScript function that will check every 2 seconds if there is new data in the backend, and replace his local storage to the victim.

Part of attacker’s code:

The attacker will be redirected to the victim’s account, and will be able to access anything in it.

WhatsApp web does not allow a client to have more than one active session at a time so after the attacker steal the victim account the victim will receive the following message:

It is possible to overcome this situation from the attacker perspective by adding a JavaScript code like this:

The malicious HTML file that will cause the client browser window to get stuck and allow the attacker to control the account without interference, although the attacker will be connected to victim account until the victim will log from the account. Closing the browser wills not logout the attacker from the account and the attacker will be able to login to user account as long as he wants.

How technology destroys value in some industries even though consumers benefit

By
Ajayi Bode
-
0

This happens all the time. A new technology is introduced and you think more value will be created because of the innovation. But the reality is that most times, despite the efficiency, technology destroys monetary value for the industry even though the consumers benefit significantly.

Consider WhatsApp, it is destroying monetary value for telecoms in Africa even though WhatsApp itself, directly we may say, is not creating further value by making money (being profitable). Sure, the valuation of Facebook which owns the product is indirectly associated with the number of users but the hard fact is that WhatsApp is not translating the value destroyed to itself in simple revenue numbers.

In the past, Skype reduced the revenue base of most telecom operators in Europe on international calls. But Skype as a company did not absorb that lost revenue into its balance sheet. What happened was the value was destroyed even though customers enjoyed largely free product.

McKinsey Study

McKinsey, on the same construct, has the  view that the digital dawn in insurance actually destroys value—transferring power from the carrier to the customer and eroding profits.  In the United States, McKinsey estimates auto insurance premiums could decline by as much as 25 percent by 2035 due to the proliferation of safety systems and semi- and fully-autonomous vehicles.

For a long time, the traditional insurance business model has proved to be remarkably resilient. But it too is beginning to feel the digital effect. It is changing how products and services are delivered, and increasingly it will change the nature of those products and services and even the business model itself.

Data and analytics are changing the basis of competition. Leading companies use both not only to improve their core operations but to launch entirely new business models. Insurers have valuable historical data. Yet in a few years’ time, will they be able to keep pace and still add underwriting value when competing with newcomers that have access to more insightful, often real-time new data culled from the Internet of Things (IoT), social media, credit card histories, and other digital records. Knowledge about how fast someone drives, how hard they brake, or even (more controversially) what they get up to as displayed on social media is arguably more revealing data on which to assess risk than simply age, zip code, and past accident record. (Facebook recently moved to prevent its users’ online activity being used by insurers in the United Kingdom—proof of the potential power of access to good data.)

And what if those with the necessary data and analytical skills and platforms that reach millions—a Google or an Amazon—not only offered well-targeted, tailored products, but also began to cherry-pick low-risk customers? If they did so in significant numbers, the insurers’ business model, whereby premiums collected from low-risk policyholders contribute to the claims of high-risk ones, could fall apart.

Auto manufacturers are arguably close to changing the game for insurers. The fitting of connected devices as standard in cars is not far off, potentially giving manufacturers unique access to data that could accurately ascertain the risk of their customers, as well as ready-made access to drivers in need of an insurance product.

The Future

In the near future, it is possible that insurance may not need to be offered by insurance companies. Google has a better chance of selling home appliance insurance with all the sensors coming from Nest. The same argument that car companies can simply use the collected data from their OBD sensors to sell insurance to car owners.

What happens to insurance companies? They will be cut-off of the loop.

Insurance companies may need to aggressively redesign their business models to ensure they can compete in this age because while we need insurance, we do not necessarily need insurance companies.

 

Full text of EFCC Chairman Ibrahim Magu’s Response to Buhari/Attorney General Query

By
TI Partners
-
0

EFCC Ag Chairman Ibrahim Magu was asked to respond to a query on allegations tabled against him by the SSS as Nigerian Senate failed to confirm him the first time. The query originated from the Attorney General of the Federation and Minster of Justice under the instruction of the Presidency. (The Senate has since rejected the confirmation of Mr Magu the second time, based again on a  report from the SSS)

 

This is the full text of his response.

EFCC/EC/JUS/07/263 21st December, 2016
THE HONOURABLE ATTORNEY-GENERAL OF THE FEDERATION
& MINISTER OF JUSTICE
Federal Ministry of Justice,
Shehu Shagari Way,
Abuja.

RE: REQUEST FOR COMMENTS
RE: REPORT BY THE DEPARTMENT OF STATE SERVICES

I most respectfully refer to your letter referenced HAGF/EFCC/2016/Vol.1/23 dated 19th December, 2016, asking me to respond within 48 hours to the allegations contained in a report written by the Department of State Service, DSS, and which provided the basis for the non-consideration of my confirmation on December 15, 2016, by the Senate.

2. Having carefully considered all the issues, I hereby present a point-by-point response as follows:

i. Missing EFCC Files
It is true that my residence was searched on the orders of Mrs. Farida Waziri, shortly after she succeeded Mallam Nuhu Ribadu as Chairman of the EFCC and some documents relating to cases under investigation were found in my house. At the time of the raid, I was yet to formally hand over to my successor, Umar Sanda, as head of the Economic Governance Unit.

My schedule at the time warranted that I work round the clock and it was impossible to conclude all assignments without working at home. The documents found in my house were actually found in my office bag where I kept documents relating to investigations. I was in the process of handing over and it would be wrong to suggest that I willfully kept the Commission’s files at home.

Nevertheless, the incident was thoroughly investigated by the police as I was placed on suspension without pay for 20 months. But in the end, I was reprimanded, recalled and promoted to Assistant Commissioner of Police.

It is important sir, to draw your attention to the fact that some of us that worked closely with Ribadu were victimized after his exit. And my ordeal was orchestrated as punishment for being the chief investigative officer for most of the high profile cases involving politically exposed persons some of whom became very influential in government at the time.

ii. Return to EFCC under Lamorde
I was Assistant Commissioner of Police in Charge of Operations at the Anambra State Police Command when I was recalled to the EFCC in 2012. I did not lobby to return to the EFCC. It is preposterous for anyone to suggest that I was recalled to do a hatchet job for Lamorde as alleged in the DSS Report. My job schedule as Deputy Director, Department of Internal Affairs, under Lamorde, was simply handling issues of professional responsibility in the Commission. I had no inputs in core operations duties of the Commission.

iii. Tenancy of My Official Residence
I live in the official residence of the Chairman of the Economic and Financial Crimes Commission (EFCC). This accommodation, contrary to the report of the DSS is not my private home, neither was it rented and furnished for me by Commodore Umar Mohammed (rtd). It was rented and furnished by the Ministry of the Federal Capital Territory through the Abuja Metropolitan Management Council, under the safe house scheme.
It is also false that the house was rented for N20million per annum and furnished for N43million. The entire cost for both two-year rent and the furnishing of the house is N39.628million.
Details of the transaction are contained in the contract award letter and payment schedule which are attached to this letter.

iv. Expensive Air Travels
Honourable Minister, the claim that I have a penchant for expensive air travels in a private jet belonging to Commodore Mohammed is baseless The two times I can recall travelling in Commodore Umar’s aircraft, were on a trip from Kano to Abuja, and Abuja to Maiduguri. In the first instance, I had gone to Kano on an official assignment with two of my directors, and Mohammed who was on his way back to Abuja offered us a ride in his jet. The second occasion was when I was going to see my sick mother in Maiduguri. These, for me, were harmless gesture as we were both members of the presidential investigative committee on arms procurement. At the time I had no knowledge that he was under investigation for any alleged crimes.

Claims that I flew in Mohammed’s jet to Maiduguri in company of the Managing Director of Fidelity Bank, Nnamdi Okonkwo is false. I have never flown in a private aircraft with any managing director of any bank let alone one that was under investigation by my agency. I have no personal relationship whatsoever with him.

v. High Profile/Dual Lifestyle
The allegation that I live a flamboyant lifestyle is also surprising to me. While it is true that I did travel first class on Emirates Airline to Saudi Arabia for Umrah, this action to the best of my knowledge, did not contravene the directive of Mr. President on First Class travels as suggested by the DSS Report.

My trip to Saudi Arabia was a private journey to perform my religious obligation and it was not financed with public funds. More importantly, my decision to fly first class was not borne out of quest for luxury but compelled by necessity. The trip was made during the last ten days of the Ramadan and other classes of ticket were not availbale.I had no other choice

That I flew first class in one instance is not enough evidence to suggest an extravagant lifestyle as alleged by the DSS Report. It is also not enough to suggest a dual personality. Any one that has associated closely with me will attest to the fact that I am not known for ostentatious living. And my new office as acting chairman of the EFCC has not changed this.

vi. Mutually Beneficial Relationship with Commodore Mohammed Umar (rtd)
Sir, it is important to situate my relationship with Commodore Mohammed Umar (rtd), in proper perspective. Our paths crossed when we became members of the Presidential Committee on the investigation on arms procurement. He was instrumental in getting some of the information that helped the committee to make significant breakthrough in its assignment.

Beyond that, the relationship between Umar and myself is one of professional acquaintance, devoid of issues of conflict of interest. So, it comes to me with shock, the imputation by the DSS that we have a “mutually beneficial relationship”. This appears suggestive that Mohammed and I were involved in activities that could be said to be untoward. I certainly have no knowledge of such activities.
The claim that EFCC documents, including EFCC letters addressed to the Vice President and being investigation reports on the activities of Emmanuel Kachikwu and his brother Demebi Kachikwu, were found in his home during a search by the DSS came to me as a surprise. If that is correct, he should be made to disclose how he came by such documents. I never discussed my official duties with him let alone give him documents pertaining to investigations being conducted by the Commission.

Interestingly, Mohammed was detained for several months by the DSS. In all those months, did he claim that I mandated him to commit any crime or that I was an accomplice to any crime? If there is any such claim, I will wholeheartedly like to be confronted with the allegation.

It is interesting to note that when Mohammed was eventually charged to court, the charges against him were money laundering and illegal possession of firearms, and nothing related to my purported “shady” relationship with him.

vii. Perceived Reluctance to Arraign Vice Marshall Adesola Amosun
The DSS Report that the reason EFCC delayed the arraignment of a former Chief of Air Staff, Air Vice Marshall Adesola Amosun, was because Mohammed never wanted Amosun to be prosecuted is astonishing. Anyone familiar with the EFCC under my watch knows that I perform my duties with the highest sense of responsibility. The reason Amosun was not arraigned when the likes of Alex Badeh and Umar were arraigned was because he cooperated with the Commission in terms of assisting the process of recovering the proceeds of crime.

Indeed, among the suspects arrested over the arms procurement scandal, he was most cooperative. The Commission recovered N2.835billion cash from him, aside from property worth One Billion Five Hundred and Eighty One Million Naira (N1,581, 000, 000), Two Million One Hundred and Fifty Thousand United States Dollars ($2,150, 000) and One Million Pounds Sterling (£1, 000, 000).

Since a key focus of the investigation was to recover as much proceeds of crime as possible, the Commission took its time to ensure it had recovered what was possible before arraigning the suspect in court. This had nothing to do with the wish of any individual. Moreover, the suspect has since been arraigned before a court of competent jurisdiction.

viii. Alleged Vendetta Against Stanley Lawson
The suggestion by the DSS Report that Stanley Lawson, a former Group Executive Director of the Nigerian National Petroleum Corporation (NNPC) was placed on a watch list, to settle scores with him is strange. It may interest you to know that I do not know Stanley Lawson personally and could not be settling personal scores by framing somebody that I do not know.

Lawson’s encounter with the EFCC is in relation to the investigation into the mismanagement of $118million public funds for electioneering campaign involving former petroleum resources minister, Diezani Alison Madueke. It was discovered that he made payment of $25million into Fidelity Bank and also facilitated the purchase of Ogeyi Place Le Meridien Hotel in Port Harcourt for Mrs. Alison Madueke, for which he collected Ninety Four Million Five Hundred and Sixteen Thousand Naira (N94, 516,000) as commission. Lawson was arrested and he made a refund of the N94.5million traced to him. He was never placed on any watch list.

ix. Work through Police Cronies in EFCC
I do not understand what the report meant by working with cronies. If what was implied is that I have preferred officers that I work with and who go about their work in unethical manner, my response is that nothing of such exists in the EFCC. Officers who work with me know that the easiest way to lose your job is to be found to be involved in unethical or corrupt activities. Indeed, when I assumed office as acting chairman, my first action was to return police officers with integrity issues back to the Nigeria Police Force. If the DSS finds that there are police officers in the EFCC who are working closely with me and have properties that their incomes cannot support, the Service is at liberty to expose them.

3. Conclusion
Honourable Minister, Sir, I invite you to take notice of the fact that the DSS authored two separate vetting reports on me, one referenced SV.114/3 addressed to the Clerk of the National Assembly and the other referenced SV.114/3 addressed to the Senior Special Assistant to the President on National Assembly Matters (Senate). Both letters were dated 3rd October, 2016, and signed by the same Officer, Folashade Bello, on behalf of the Director General. While one of the reports advised the senate against my confirmation, the other asked it to favourably consider my confirmation. The two reports emanating from the same agency raises questions of sincerity and motive.

You will want to find out why they came up with two conflicting reports on the same subject on the same day.

It is important to note that in all this, I was not given the opportunity of fair hearing.

Above all sir, I am persuaded by my conviction in my innocence that in all the issues supposedly raised against me, no one has accused me of receiving gratification to act against my conscience or the interest of the country.

I have attached to this letter all supporting documents and materials that would enable you arrive at fair position on all the issues raised.

4. Be assured of my usual respect and highest consideration.

IBRAHIM MAGU
Ag. EXECUTIVE CHAIRMAN

1...7,4427,4437,444...7,994Page 7,443 of 7,994

© Tekedia. All rights reserved.

Term & Privacy

© Tekedia. All rights reserved.

Term & Privacy