A Software Bug, that Early Released 3200 Prisoners

Washington State Department of Corrections (DoC) is facing an investigation after it early released around 3,200 prisoners over the course of 13 years, since 2002, when a bug was introduced in the software used to calculate time credits for inmates' good behavior.

The software glitch led to a miscalculation of sentence reductions that US prisoners were receiving for their good behaviour.

Over the next 13 years, the median number of days of those released early from prison was 49 days before their correct release date.

"This problem was allowed to continue for 13 years is deeply disappointing to me, totally unacceptable and, frankly, maddening," Washington State Governor Jay Inslee said in a statement. "I've [many] questions about how and why this happened, and I understand that members of the public will have those same queries."

What's the Bug and How did it Remain Undetected for 13 Years?

The issue lies in DoC software that is used for calculating the release date for prisoners who showed good behavior while imprisoned.

The software bug was introduced in 2002, when the state's supreme court implemented a change to the "good time" credit system, allowing prisoners to claim credits for good behaviour while they are in:

• State Prisons 
• County jails

These credits are then used to shorten the length of prisoner’s sentence. To apply these changes, DoCs around the United States released the new versions of software but unfortunately, the code that calculated prison sentences was faulty.

DoC First Informed of the Issue 3 Years Ago

What's even more disappointing is that the authorities first learned of the bug in December 2012, when the family of an assault victim alerted DoC that the attacker was going to be set free too soon.

At that time, DoC filed a request, labelling the error as "time sensitive" and to be implemented as quickly as possible.

However, the Washington DoC hired a new IT manager in November, who alerted the authorities of how serious the bug had become. Inslee assures that a full fix for the bug is expected to be rolled out by 7th January.

Until then the DoC has been ordered not to release any prisoner without manually checking their actual release date

RED STAR OS - NORTH KOREA's First Operating System - looks like MAC OSX - Spies on his own people

North Korea has its own homegrown computer operating system that looks remarkably just like Apple’s OS X, which not only prevents potential foreign hacking attempts but also provides extensive surveillance capabilities.

Two German researchers have just conducted an in-depth analysis of the secretive state's operating system and found that the OS does more than what is known about it.

Dubbed Red Star OS, the operating system based on a Linux 2009 version called Fedora 11 limits its users to a government-approved view of the world and has the tendency to 'watermark' files on USB sticks to track user’s shuttling contraband material.

Red Star OS Tracks User's Every Move

In short, whenever a user inserts a USB storage device containing photos, videos or other documents, into a computer running Red Star, the OS takes the current hard disk's serial number, encrypts that number, and writes that encrypted serial into the file, marking it.

The purpose of watermarking files is to track who actually has the particular file, who created that file, and who opened it.

Researchers previously reported this watermarking feature after analysing Red Star OS, but Florian Grunow and Niklaus Schiess of German IT company ERNW GmbH currently presented dive into Red Star OS goes further.

Makers have Full Control Over Red Star OS

Most of the Red Star's unique features, including its own version of encrypting files, were designed to grant its makers complete control over the operating system, making it independent from any code that could be compromised and exploited by foreign intelligence services, the duo said as they presented their findings at the Chaos Communication Congress in Hamburg on Sunday.

The researchers analysed the latest – third – version of Red Star OS coming out around 2013 and it is clear that software is as authoritarian as the country that developed it.

"This is a full-blown operating system where they control most of the code," Grunow said as quoted by Reuters. Moreover, the OS rigorously resists any changes made by its user and closely monitors every move of a user.

The Red Star OS provides its own firewall, antivirus system and web browser point to internal North Korean servers, and even the encryption is custom-developed.

No Tampering

However, the small program included in the OS constantly monitors the computer for any changes made to the system files.

As a result, any attempt by a user to tamper with the operating system's core functions, like disabling antivirus or firewall, would lead to the computer displaying an error message or rebooting itself.

Since, there is no sign in the OS of the kinds of cyber attack capability North Korea has been accused of, Red Star OS is also designed to crack down on the growing illegal exchange of foreign media content, including films, music or document files.

At the current, the duo has no information on how many computers in North Korea are using this operating system, as they found the OS from a website located outside the country, while visitors to North Korea say most computers there still use Windows XP.

Muhammad Haris - First Developer to Earn $10 Million on Envato Marketplace

It appears that Muhammad Haris, the developer-extraordinaire from Karachi, has finally achieved a new global milestone.

The Karachi-based Haris and his designer-partner Luke Beck made history in 2013 to score $1 million in income with their ultra-popular WordPress theme called Avada on the Envato Marketplace.

This time around, Mr. Haris and Mr. Beck have made history once again. Their current claim to fame? To become the first sellers on Envato aka Themeforest, to cross $10 million mark!

Together the two of them have achieved a significant milestone not just in Envato’s history as a provider of world-class WordPress themes, but for those who want to pursue freelancing as a serious career option.

The Story Behind ThemeFusion

Haris and Beck founded their company ThemeFusion in 2012. The Karachi-based specialist did the development heavy lifting while Beck designed the overall aesthetic of what was to be the world’s most popular paid WordPress framework called Avada.

Avada allows for virtually limitless theming and customization options, with responsive optimizations that make it a breeze to use it on mobile devices and desktops alike.

Now, with 181,000+ satisfied customers, ThemeFusion has grown into a 20-strong company, providing around-the-clock support to its dedicated user base.

Pakistani Freelancers are Putting Pakistan on the World Map for the Right Reasons

It’s efforts like these that put the best of what Pakistan has to offer the world. Pakistani freelancers happen to be one of the most sought-after in freelance work providers such as UpWork, Freelancer.com and eLance.  We hope that companies like PayPal and the rest set up shop here sooner in order to facilitate Pakistani freelancers who are hamstrung by a litany of charges and hidden costs when it comes to transferring their earnings here.

We wish the ThemeFusion team all the best in their future endeavors. Hopefully Mr. Haris’ efforts will go a long way in convincing people to invest in making freelance work their full-time career that can prove to be lucrative than a regular old 9-to-5 gig.

Google is testing a new way to login -without password

Passwords seem to be so yesterday. There’s a growing chorus of voices that want a painless yet secure alternate way of logging into your accounts that eschews the use of passwords altogether. Google is testing out a suitable replacement to attain this objective; using a smartphone as a key for logging into the company’s services online. However, in a region like Pakistan, where mobile theft is rampant, could it actually be used as a better alternative?

Can Google’s New Security Alternative Provide a More Secure Alternative?

Online security happens to be a very important aspect of our digital lives, and while keeping a track of passwords might be difficult, it is still considered a better approach compared to just using your entire smartphone to bypass the security wall. After all, in case the smartphone happens to be misplaced, or worst case scenario, stolen, then all those authentication processes will be gone with it as well.

However, it looks like Google has a trick up its sleeve in order to make passwords a thing of the past.

As you can see from the above image, it is possible to sign into Google services on a computer by using an Android smartphone as the primary authentication device. Details of the image state that the login process commences from the user logging into his/her Google account using their Gmail address, but instead of receiving a password prompt, the Android smartphone or tablet that is associated with that account will be contacted and asked whether the account login is to be authorized or not.

The smartphone or tablet will also need to be secured itself, through a password, a PIN, or even more secure features such as a fingerprint scanner. Google has not stated why it is attempting to make passwords a thing of the past, and neither has the company stated that when is the new security feature going to appear in mobile devices but we do know this. Google is not the only company working on getting rid of passwords, but it looks like some users will prefer to stick with the old, traditional ways.

ADOBE'S RELEASES EMERGENCY SECURITY UPDATE- PATCH NOW.!!

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches.

Adobe released an out-of-band security update on Monday to address Nineteen (19) vulnerabilities in its Flash Player, including one (CVE-2015-8651) that is being exploited in the wild.

All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely.

So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs.

Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 updateposted Monday afternoon:

• A Type Confusion Vulnerability that could lead to arbitrary code execution (CVE-2015-8644)
• An Integer Overflow Vulnerability that also leads to code execution (CVE-2015-8651)
• Use-After-Free() Vulnerabilities that could also lead to code execution
• Memory Corruption Vulnerabilities that could also lead to code execution

The company did not provide many details about the attacks exploiting the Integer Overflow Vulnerability (CVE-2015-8651) discovered by Huawei, other than describing them as "limited, targeted attacks."

Upgrade your machines to the following patched versions of Flash Player:

• Flash Player versions 20.0.0.267 and 18.0.0.324 for Windows and Mac users.
• Flash Player version 20.0.0.267 for Google Chrome
• Flash Player version 20.0.0.267 for Microsoft Edge and Internet Explorer 11 on Windows 10
• Flash Player version 20.0.0.267 for IE 10 and 11 on Windows 8.x
• Flash Player version 11.2.202.559 for Linux

You can also get the latest Flash Player versions from Adobe's website.

However, if you really want to get rid of these nasty bugs, you are advised to simply disable or completely uninstall Adobe Flash Player immediately.

Flash has plagued with several stability and security issues, which is why developers had hated the technology for years.

Moreover, this is the reason Adobe plans to kill Flash Player and re-brands it as Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content.