Tuesday, December 29, 2015

Muhammad Haris - First Developer to Earn $10 Million on Envato Marketplace



It appears that Muhammad Haris, the developer-extraordinaire from Karachi, has finally achieved a new global milestone.

The Karachi-based Haris and his designer-partner Luke Beck made history in 2013 to score $1 million in income with their ultra-popular WordPress theme called Avada on the Envato Marketplace.

This time around, Mr. Haris and Mr. Beck have made history once again. Their current claim to fame? To become the first sellers on Envato aka Themeforest, to cross $10 million mark!
Together the two of them have achieved a significant milestone not just in Envato’s history as a provider of world-class WordPress themes, but for those who want to pursue freelancing as a serious career option.

The Story Behind ThemeFusion


Haris and Beck founded their company ThemeFusion in 2012. The Karachi-based specialist did the development heavy lifting while Beck designed the overall aesthetic of what was to be the world’s most popular paid WordPress framework called Avada.

Avada allows for virtually limitless theming and customization options, with responsive optimizations that make it a breeze to use it on mobile devices and desktops alike.
Now, with 181,000+ satisfied customers, ThemeFusion has grown into a 20-strong company, providing around-the-clock support to its dedicated user base.

Pakistani Freelancers are Putting Pakistan on the World Map for the Right Reasons


It’s efforts like these that put the best of what Pakistan has to offer the world. Pakistani freelancers happen to be one of the most sought-after in freelance work providers such as UpWork, Freelancer.com and eLance.  We hope that companies like PayPal and the rest set up shop here sooner in order to facilitate Pakistani freelancers who are hamstrung by a litany of charges and hidden costs when it comes to transferring their earnings here.

We wish the ThemeFusion team all the best in their future endeavors. Hopefully Mr. Haris’ efforts will go a long way in convincing people to invest in making freelance work their full-time career that can prove to be lucrative than a regular old 9-to-5 gig.
Posted by at No comments:
Labels: , , , , ,

Google is testing a new way to login -without password



Passwords seem to be so yesterday. There’s a growing chorus of voices that want a painless yet secure alternate way of logging into your accounts that eschews the use of passwords altogether. Google is testing out a suitable replacement to attain this objective; using a smartphone as a key for logging into the company’s services online. However, in a region like Pakistan, where mobile theft is rampant, could it actually be used as a better alternative?

Can Google’s New Security Alternative Provide a More Secure Alternative?

Online security happens to be a very important aspect of our digital lives, and while keeping a track of passwords might be difficult, it is still considered a better approach compared to just using your entire smartphone to bypass the security wall. After all, in case the smartphone happens to be misplaced, or worst case scenario, stolen, then all those authentication processes will be gone with it as well.
However, it looks like Google has a trick up its sleeve in order to make passwords a thing of the past.
google-smartphone-unlock

As you can see from the above image, it is possible to sign into Google services on a computer by using an Android smartphone as the primary authentication device. Details of the image state that the login process commences from the user logging into his/her Google account using their Gmail address, but instead of receiving a password prompt, the Android smartphone or tablet that is associated with that account will be contacted and asked whether the account login is to be authorized or not.

The smartphone or tablet will also need to be secured itself, through a password, a PIN, or even more secure features such as a fingerprint scanner. Google has not stated why it is attempting to make passwords a thing of the past, and neither has the company stated that when is the new security feature going to appear in mobile devices but we do know this. Google is not the only company working on getting rid of passwords, but it looks like some users will prefer to stick with the old, traditional ways.
Posted by at No comments:
Labels: , , , ,

ADOBE'S RELEASES EMERGENCY SECURITY UPDATE- PATCH NOW.!!



The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches.

Adobe released an out-of-band security update on Monday to address Nineteen (19) vulnerabilities in its Flash Player, including one (CVE-2015-8651) that is being exploited in the wild.

All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely.

So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs.

Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 updateposted Monday afternoon:
  • A Type Confusion Vulnerability that could lead to arbitrary code execution (CVE-2015-8644)
  • An Integer Overflow Vulnerability that also leads to code execution (CVE-2015-8651)
  • Use-After-Free() Vulnerabilities that could also lead to code execution
  • Memory Corruption Vulnerabilities that could also lead to code execution
The company did not provide many details about the attacks exploiting the Integer Overflow Vulnerability (CVE-2015-8651) discovered by Huawei, other than describing them as "limited, targeted attacks."

Upgrade your machines to the following patched versions of Flash Player:
  • Flash Player versions 20.0.0.267 and 18.0.0.324 for Windows and Mac users.
  • Flash Player version 20.0.0.267 for Google Chrome
  • Flash Player version 20.0.0.267 for Microsoft Edge and Internet Explorer 11 on Windows 10
  • Flash Player version 20.0.0.267 for IE 10 and 11 on Windows 8.x
  • Flash Player version 11.2.202.559 for Linux
You can also get the latest Flash Player versions from Adobe's website.

However, if you really want to get rid of these nasty bugs, you are advised to simply disable or completely uninstall Adobe Flash Player immediately.

Flash has plagued with several stability and security issues, which is why developers had hated the technology for years.

Moreover, this is the reason Adobe plans to kill Flash Player and re-brands it as Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content.
Posted by at No comments:
Labels: , , , , ,

WhatsApp free video calling- on the way- screenshot leaked




Raise your hands if you want Free Video Calling feature in WhatsApp.

I am in, and I think most of you people.

And the good news is that it looks like WhatsApp's much-awaited Free Video Calling feature is on its way, according to the recently leaked screenshots.


Free Video Calling Feature in WhatsApp


German technology blog Macerkopf.de has posted what it claims are screenshots from an unreleased version of the popular messaging client WhatsApp for iOS.

The screenshots are from an unreleased version of the software (version 2.12.16.2), which is currently being tested internally, but at present it is not clear whether or not those screenshots are legitimate.

But, if the leaked screenshots are real, and WhatsApp adds the Free Video Calling feature, then the company could take an enormous bite out of some of its top rival.

WhatsApp Video Calling feature will allow you to make video calls to your friends and family anywhere in the world for free as long as you have a Wi-Fi network or an effective data plan on your registered number.


Here are the allegedly leaked images of video calling feature in action:
WhatsApp has added several new features to its messaging service in order to enhance the user experience. Just this year, WhatsApp finally added free voice call feature, and with the launch of video support, the messaging app will more firmly lock users into its ecosystem.
Posted by at No comments:
Labels: , , , , , ,

Decred - A new Digital currency by core developers of bitcoin


Some of Bitcoin’s Core developers have left the Bitcoin project and started building their separate cryptocurrency called DECRED.

Decred aims to prevent the issues Bitcoin is currently facing regarding project governance and development funding.

CEO of 'Company 0', Mr. Jacob Yocom-Piatt, who has funded Bitcoin development since early 2013, said the actual development of the Bitcoin cryptocurrency is funded by external entities that forms a conflict of interests between the groups and the project's core developers.

According to Bitcoin's developers, these group puts limitations on input in Bitcoin's governance, selecting options that are favorable to their own interests only, and generally ignoring the developers' and project's best interests.

"The Bitcoin software is controlled by a small group of people who decide exclusively what can and cannot be changed," Jacob says in a press release.

"This is in part due to a lack of mechanisms and pathways for funding development work directly from the community, and, as a result, Bitcoin development is funded by external entities that create conflicts of interest between the developers and the representative power of the community that uses Bitcoin."

So, in order to address this issue, some of the Bitcoin developers have joined hands with the makers of the widely used BTCsuite and are now building their own new digital currency called DECRED.


What is DECRED?


Decred, managed and funded by Company 0 LLC, is an open and progressive cryptocurrency that will adopt a more decentralized community-based governance integrated into its blockchain.

The team has the advantage to make Decred a really great product as they already have experience with Bitcoin.

Some Highlights of DECRED


Decred intends to include a long list of features such as:
  • Implementation of consensus system based on proof-of-work and proof-of-stake system
  • Decred development is self-funded and open with block subsidy
  • Decred uses Blake-256 hashing algorithm
  • Decred may be compatible with Bitcoin
  • Decred community members will be involved in making bottom-up non-financial decision making easier
  • It will use secp256k1 signature scheme or Ed25519/secp256k1-Schnorr for better integration into existing software and make good use of the features offered by Schnorr signatures respectively
  • Decred uses Go as a codebase for development
Decred has an Airdrop scheduled for next month (20 days and a few hours from now) where they’ll be giving out 4 percent of the total Decred supply to all participants.

Interested developers can take part in the Airdrop by filling in their details on Decred website.
Posted by at No comments:
Labels: , , ,

Offer Money to install Malware on Raspberry Pi


The Raspberry Pi is now gaining attention from malware distributors who want the popular mini-computers to deliver with pre-install malware.

The Raspberry Pi Foundation has made a shocking revelation that the charitable foundation has been offered money to install malware onto the Raspberry Pi machines before they were shipped out to users

The Raspberry Pi is an extremely simple computer that looks and feels very basic, but could be built into many geeky projects. Due to the low-cost appeal of the Raspberry Pi, the Foundation has sold over 4 million units.

Just Last month, Raspberry Pi unveiled its latest wonder: The Raspberry Pi Zero – a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer.

Last Wednesday, the Foundation tweeted a screenshot of an email in which "business officer" Linda effectively asked Foundation's director of communications Liz Uptonto to install a suspicious executable file onto Raspberry Pis for which the officer promised to offer a "price per install."

The email further explained that installing the executable file would create a shortcut icon on the user's desktop and opening the shortcut would take the user to the company's website. "Then this is our target,"the email reads.

Here's the screenshot of the full email:
raspberry-pi-malware
However, the name of the company represented by Linda was not revealed by the Raspberry Pi Foundation.

Obviously, the paid-for-malware distributor pitched the wrong organisation, who declined the offer, describing the company as "evildoers," but the incident once again raises the question about this common, widespread issue.
Posted by at No comments:
Labels: , ,

Tuesday, December 15, 2015

FBI Directors Pleadge to Tech companies don't offer for End to End Encryption


FBI declared War against Encryption.

Encryption is defeating government intelligence agencies to detect terrorist activities and after the recent ISIS-linked terror attacks in Paris and California, the issue has once again become a political target in Washington.

Meanwhile, Kazakhstan plans to make it Mandatory for its Citizens to Install Internet Backdoor, allowing the government to intercept users' traffic to any secure website and access everything from web browsing history to usernames and passwords.

FBI: For God's Sake, Don't Use End-to-End Encryption


At a Senate hearing on Wednesday, FBI's Director James Comey called for tech companies currently providing users with end-to-end encryption to reconsider "their business model" and simply stop doing that, reported The Intercept.

Yes, instead of asking companies for a "backdoor" this time, Comey suggested them to adopt encryption techniques that help federal agencies intercept and turn over end-to-end encrypted communications when necessary.

"The government doesn't want a backdoor, but [it] hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own the best way to do that," said Comey.

Comey: Keep Readable Version of Customers' Messages


End-to-end Encryption is a secure communication that encrypts the data on the sender's system before passing it to a company server. The company then passes the encrypted data to the intended recipient, who is the only person who can decrypt it.


Nobody in between, be an application service provider, an Internet service provider (ISP), hacker, or even law enforcement officials, can read the data or tamper with it.

However, Comey is asking for the technology companies to retain a readable version of that initial data, just in case the authorities need it.

"There are plenty of companies today that provide secure services to their customers and still comply with court orders," he said. "There are plenty of folks who make good phones [and] are able to unlock them in response to a court order."
Posted by at No comments:
Labels: , ,

MacKeeper Hacked- 13 Millions Users - 21 GB data Breached


MacKeeper anti-virus company is making headlines today for its lax security that exposed the database of 13 Million Mac users' records including names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information.

MacKeeper is a suite of software that claims to make Apple Macs more secure and stable, but today the anti-virus itself need some extra protection after a data breach exposed the personal and sensitive information for Millions of its customers.

The data breach was discovered by Chris Vickery, a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data.

21 GB Trove of MacKeeper Customer Data Leaked


31-year-old Vickery said he uncovered the 21 GB trove of MacKeeper customer data in a moment of boredom while searching for openly accessible databases on Shodan – a specialized search engine that looks for virtually anything connected to the Internet – that require no authentication.
"The search engine at Shodan.io had indexed their IPs as running publicly accessible MongoDB instances (as some have already guessed)," Vickery said in a Reddit post. "I had never even heard of MacKeeper or Kromtech until last night. I just happened upon it after being bored and doing a random "port:27017" search on Shodan."
As a result, four IP addresses took him straight to a MongoDB database, containing a range of personal information, including:
  • Customer Names
  • Email addresses
  • Usernames
  • Password hashes
  • Mobile phone numbers
  • IP addresses
  • System information
  • Software licenses and activation codes

Security Product Using Weak Algorithm to Hash Passwords


Although the passwords were encrypted, Vickery believes that MacKeeper was using weak MD5 hashes to protect its customer passwords, allowing anyone to crack the passwords in seconds using MD5 cracking tools.

The company responded to the issue after Vickery posted it on Reddit, saying that the company had no evidence the data was accessed by malicious parties.
"Analysis of our data storage system shows only one individual gained access performed by the security researcher himself," Kromtech, the maker of MacKeeper, said in a statement"We have been in communication with Chris, and he has not shared or used the data inappropriately."
Though the company claims Vickery was the only person to access the MacKeeper users’'information; you should still change your MacKeeper passwords and passwords on websites that use the same password.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)