Best printers for Home

Best Mixer Grinder

Best wired Earphones

Best 43 Inch TV in India

Best Wi Fi Routers

Best Home Theatre in India

Smart Watch under 5000

Best Laptops for Education

Best Laptop for Students

<keyword id="3809787" type="General" weightage="100" keywordseo="pokerbaazi" source="Orion">PokerBaazi</keyword>, <keyword id="3658" type="General" weightage="50" keywordseo="india" source="Orion">India</keyword>'s biggest online poker platform, on Monday clarified that its server did not expose any real data pertaining to users, after a cyber security research claimed that the platform suffered a significant security lapse after an internal database containing sensitive user information was left exposed online for more than 2 months. Security researcher <keyword id="14547969" type="General" weightage="50" keywordseo="anurag-sen" source="Orion">Anurag Sen</keyword> told portal XposedOrNot that the exposure was "due to a misconfiguration in the system and could be easily accessed by anyone with knowledge of the database's IP address". The size of the exposed data was more than 6GB in size, and growing, according to Sen. In a statement to IANS, a PokerBaazi spokesperson said that "we would like to clarify that there is no data breach and our server did not expose any real data pertaining to users". "This was a testing done at the dummy stage with logs of dummy users to further develop our platform. These dummy accounts/users are used by our internal testers and developers," said the spokesperson. Sen had also tweeted that India's PokerBaazi site suffered a major security lapse. "Even after multiple attempts to contact. No reply so far. Contacted," he posted, tagging the country's cyber agency <keyword id="6480513" type="General" weightage="50" keywordseo="computer-emergency-response-team" source="Orion">Computer Emergency Response Team</keyword> (CERT.in). The exposed data allegedly contained full names, email address, location, '<keyword id="1600078" type="General" weightage="50" keywordseo="oauth" source="Orion">Oauth</keyword>' tokens and internal logs. PokerBaazi said in the statement that the "server had been kept publicly open for establishing a proof of concept with an external and reputed tool which helps in monitoring applications logs so that it can give us a 360-degree view of how our applications are performing." PokerBaazi.com is India's biggest online poker platform that provides potential customers with an opportunity to play poker safely and securely. The gaming mobile and the desktop app provide 24/7 customer support, a user-friendly interface as well as a wide array of tournaments, making PokerBaazi.com an engaging platform to get involved with. Spearheaded by its Founder and CEO Navkiran Singh, the platform last reported over 2 million registered users. SEE ALSO: <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/business/news/drone-player-garuda-aerospace-raises-22-mn-from-sphiticap-others/articleshow/97855020.cms">Drone player Garuda Aerospace raises $22 mn from SphitiCap &amp; others</a> <a target="_blank" class="c-link c-message_attachment__title_link" href="https://www.businessinsider.in/tech/mobile/news/best-deals-on-mobile-phone-under-30000-in-amazon-fab-phones-fest-sale/articleshow/97855605.cms">Amazon Fab Phones Fest Sale – best deals on smartphones under ₹30,000</a>

India's PokerBaazi suffers security lapse, users' data exposed: Researcher

<ul class="summary-list"><li>Zulie Rane makes six figures as a content creator after being fired from her job at a tech company. </li><li>Being fired was difficult, but it was a blessing in disguise and now she loves her job. </li></ul>Today, I'm a six-figure content creator. But three years ago I was far from that.In October 2019, I moved from the UK to the US to start what I thought was my dream job as an account manager for an incredible tech company that I'd admired for years.I had to make sacrifices to make that happen: I left my now-husband behind in the UK and I moved back in with my parents in Georgia. But it was all worth it, because I thought I loved my amazing job.<h2>But things weren't going as smoothly as I hoped</h2>I had a sneaking suspicion I wasn't that great at my job, no matter what my colleagues or clients told me. I just didn't understand the technology we sold, so I had a hard time selling it to our customers.My peers and mentors told me it was normal to have a slow start, but I had my doubts. Long after other new hires had settled in and were closing big deals, I was still struggling.I managed to convince myself it was imposter syndrome. In reality, I was experiencing the opposite of imposter syndrome. I wasn't as good as everyone else, and I was concealing it. <h2>Nine months in, my boss called me in for a surprise meeting without an agenda</h2>I went into it fearing the worst. Agenda-less meetings at short notice are never a good sign, and I was right. She told me I was in danger of being fired for not being good enough at the sales part of my job — I had too much customer churn. I had a very low expansion rate, which means that even when customers renewed their annual deals, they spent the same amount of money, instead of buying more products.In short, I was the lowest-performing sales person by a considerable margin. She gave me three months to turn it around. Not only did I have to meet my original sales goal for the quarter, but I had to exceed it by 10% to demonstrate my improvement.I came within 95% of meeting that target, but it wasn't good enough. I was fired after almost a year to the day of accepting an offer at my dream company.<h2>Getting fired always sucks, but this was especially tough for me</h2>For so long, I'd built it up in my head as a dream job, the kind of job I would never willingly leave throughout my entire career. Contrary to my dreams, I was suddenly unemployed because I sucked at sales. I was still living at home with my parents with no real prospects. I had no idea what was going to come next for me.But getting fired turned out to be a blessing in disguise. After being unceremoniously ousted, I had two choices. I could try to find another job in account management, or I could take a risk and go freelance.Over the next two years, I worked to build my real dream job in content creation. I went in on YouTube, publishing quality videos every day. I built products to sell to my audience, growing my mailing list. I started taking my personal website seriously. I went from having a single client to having five regular clients. <h2>Today, I make more than I did in my old job — and I work half the hours</h2>I took the hard choice and trusted myself to build my own company as a freelance content creator. Within two years, I went from being a mediocre account manager at a tech company to a six-figure content creator who loves her job and works 20 hours a week.Here's how I did it. <h2>1. I let go of my "dream" job</h2>As soon as I got hired, I told everyone how excited I was to be working at my dream job. I then spent the next 12 months trying to persuade myself of that, too. So many people told me how lucky I was to get in, how great the company culture was, and how fun the work was. I made myself believe it, too.In hindsight, I hated my job. I dreaded Monday mornings and check-in meetings with my colleagues. I had an anxiety attack at my first in-person conference. But I thought these were all normal things that happened when you worked, and a low price to pay for getting into my ideal career. I was extremely fortunate in that I wasn't in dire financial straits. I was living at home rent-free, for one. I had a small blog going on Medium, a modest YouTube channel, and one freelance client for whom I did an article a month. I also had a comfortable savings cushion thanks to the year of living with my parents. I wish I had just accepted that this wasn't my dream job. If I'd let go of that sooner, I could have started on my real dream job much earlier. Today, I love my job. I work on projects that excite me, I collaborate with creators I adore, and I am thrilled to create useful content for my audience. <h2>2. I learned things I'm good at</h2>Back at my old job, I didn't really understand the products I was selling. I didn't know how to recognize good sales opportunities and I always felt like I was being too pushy when I mentioned new products on calls — I could never explain the features in a persuasive way. I still have terrifying flashbacks to trying to describe OAuth functionality to the CTO of a company when six figures were on the line. And because I was still trying to persuade myself I was a normal, good salesperson, I stuck my head in the sand and pretended my ignorance was normal, instead of trying to learn and improve.Today, I learned everything I need to be successful from scratch, like how search engine optimization (SEO) works or how to build a mailing list and develop a relationship with my readers.It took time to learn those things, but it was so much easier because those are things I have a natural affinity for.<h2>3. I faced problems, found ways to solve them, and sold those methods</h2>In my new career as a content creator, I have to sell myself every single day and I'm good at it. This is because I am confident in my ability to solve my customers' problems. I sell my articles. I use my reputation, my article titles, and my article images to convince the reader to "buy" with a click. Then I convince readers to sign up to my email list with downloadable freebies that are jam-packed with value. I also sell products. For example, I noticed that one particular type of article always got way more clicks and views than any other. So I turned it into a r<a href="https://www.zuliewrites.com/for-writers/p/the-asd-article-template" target="_blank" rel="noopener">epeatable template that anyone could use</a> and sold it to my email list.Most importantly, I sell myself. I have to convince companies to hire me to create their content. I can't do that by being modest and shy — I know my strengths inside and out, and that means I know how to get people to buy my services.I developed a strategic method to create articles in niches I know are profitable, like data science and fintech, which I optimize for search and publish on my blog. Companies find my articles organically, realize I know my way around SEO, then hire me.In short, I build my audience by being an expert problem-solver for them. I know exactly what obstacles my customers face – because I faced and overcame them myself. Whether it's a new blogger unsure of how to monetize a newsletter or a small data science startup not sure how to increase organic traffic, I know exactly how I'm the right person to solve them.<h2>Getting fired was the best thing that could have happened to me</h2>I needed that reality check to take the plunge. If I hadn't been fired, I would have quietly and unhappily continued along as a mediocre account manager, lying to myself every single day.Thanks to that push, I took a risk on myself and now live a much happier life. Today, I'm an expert in my field: my YouTube channel to over 23,000 subscribers and my blog has over 80,000 followers.Not only do I earn six figures, but I only work about 20 hours per week. Not only am I good at sales, but I love doing it.Zulie Rane is a content creator, cat mom, and freelancer.

I got fired from my dream tech job but now I make more money and work less hours a week as a content creator. Here's how I built it up.

San Francisco, July 9 (IANS) As app-based consent phishing grows multifold on Cloud services, Microsoft has said it will double down on its investments and efforts to ensure its application ecosystem is secure, by enabling customers to set policies on the types of apps users can consent to as well as highlighting apps that come from trusted publishers. The company has seen more apps leveraging Microsoft's identity platform to ensure seamless access and integrated security as cloud app usage explodes, particularly in collaboration apps such as Zoom, Webex Teams, Box and Microsoft Teams. While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services. "While you may be familiar with attacks focused on users, such as email phishing or credential compromise, application-based attacks, such as consent phishing, is another threat vector you must be aware of," Microsoft said in a statement on Wednesday. In consent phishing, attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user's password, the hackers seek permission for an attacker-controlled app to access valuable data. This is how it works. An attacker registers an app with an OAuth 2.0 provider, such as Azure Active Directory. The app is configured in a way that makes it seem trustworthy, like using the name of a popular product used in the same ecosystem. "The attacker gets a link in front of users, which may be done through conventional email-based phishing, by compromising a non-malicious website, or other techniques," informed Microsoft. The user clicks the link and is shown an authentic consent prompt asking them to grant the malicious app permissions to data. If a user clicks accept, they will grant the app permissions to access sensitive data. "If the user accepts, the attacker can gain access to their mail, forwarding rules, files, contacts, notes, profile and other sensitive data and resources," warned the company. How to protect your organization Microsoft has identified and took measures to remediate such malicious apps by disabling them and preventing users from accessing them. "In some instances, we've also taken legal action to further protect our customers," it added. Microsoft said the users must check for poor spelling and grammar. If an email message or the application's consent screen has spelling and grammatical errors, it's likely to be a suspicious application. "Keep a watchful eye on app names and domain URLs. Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app," the company suggested. Make sure you recognize the app name and domain URL before consenting to an application. "Publisher verification helps admins and end-users understand the authenticity of application developers. Over 660 applications by 390 publishers have been verified thus far," said Microsoft. --IANS na/

Microsoft goes after app-based consent phishing attacks in Cloud

Indian security researcher Bhavuk Jain has grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with <keyword id="9320578" type="UNKNOWN" weightage="20" keywordseo="apple-account-authentication">Apple account authentication</keyword>. The Zero Day vulnerability could have allowed a hacker to break into an Apple user's account who log into third-party apps like like Dropbox, Spotify, Airbnb and Giphy (now acquired by <keyword id="6354576" type="COMPANY" weightage="20" keywordseo="facebook">Facebook</keyword>) and more. Jain who holds a bachelor's degree in electronics and communication discovered Zero Day bug in 'Sign in with Apple' that affected third-party applications which were using it, and didn't implement their own additional security measures. "This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not," Jain said in a statement on Saturday. "For this vulnerability, I was paid $100,000 by Apple under their <keyword id="9320577" type="UNKNOWN" weightage="20" keywordseo="apple-security-bounty-programme">Apple Security Bounty programme</keyword>," he announced. Jain is a full-stack developer interested mostly in mobile app development using React Native. He is currently a full-time bug bounty hunter "trying to make the internet a safer place for everyone". Launched in 2019, 'Sign in with Apple' is aimed to be a more privacy-focused alternative to third-party logins. Jain disclosed the flaw to Apple which led to an award from Apple's bug bounty programme. Apple has since patched the bug. According to Jain, the 'Sign in with Apple' works similarly to 'OAuth 2.0'. "There are two possible ways to authenticate a user by either using a JWT (JSON Web Token) or a code generated by the Apple server. The code is then used to generate a JWT," he explained. In the second step, while authorizing, Apple gives an option to a user to either share the Apple Email ID with the third party app or not. If the user decides to hide the Email ID, Apple generates its own user-specific Apple relay Email ID. "Depending upon the user selection, after successful authorization, Apple creates a JWT which contains this email ID which is then used by the 3rd party app to login a user," said Jain. He found that he could request JWTs for any email ID from Apple and when the signature of these tokens was verified using Apple's public key, they showed as valid. "This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim's account," Jain noted. The impact of this vulnerability was quite critical as it could have allowed full account takeover. A lot of developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins. Before patching the bug, Apple did an investigation of their logs and determined there was no misuse or account compromise due to this vulnerability. SEE ALSO: <a href="https://www.businessinsider.in/science/news/spacex-just-launched-its-historic-mission-to-fly-nasa-astronauts-to-space/articleshow/76114304.cms" data-type="tilCustomLink">MUSK MAKES HISTORY: SpaceX just launched 2 people into orbit for the first time, kicking off the rocket company's most important mission since its founding 18 years ago</a> <a href="https://www.businessinsider.in/india/news/covid-19-india-records-highest-single-day-spike-of-8380-cases-death-toll-climbs-to-5164/articleshow/76116076.cms" data-type="tilCustomLink">India records highest single-day spike of 8,380 coronavirus cases— death toll climbs to 5,164</a>

A 27-year-old Indian developer bags ₹75 lakh for reporting a critical flaw in ‘Sign in with Apple’

Leah CulverLeah Culver paid $3.55 million in cash for the home. Now she's planning on blogging the estimated $3 million renovation process on social media.<ul class="summary-list"><li>A San Francisco tech veteran has bought one of the city's iconic Painted Ladies homes for $3.55 million, well over its asking price of $2.75 million.</li><li>The home is a "fixer-upper" - it needs a full-house renovation, with interior photos showing peeling paint and dilapidated rooms.</li><li>Culver is a software engineer by trade who has worked in the industry since the early days of the internet and is now running a podcast app company.</li><li>She told Business Insider that she intends to undertake a full renovation of her new home, which she estimates will cost $3 million.</li><li><a href="https://www.businessinsider.com/?hprecirc-bullet">Visit Business Insider's homepage for more stories</a>.</li></ul>Tech industry veteran Leah Culver wasn't looking for a home renovation project when she set out to invest in San Francisco's housing market.She has lived in the same apartment in the city for 10 years, Culver told Business Insider, before she set out to find a realtor to help her on her house hunt. And one of the items on her wishlist for a new home was that it be a famous and iconic San Francisco home, perhaps even one of the iconic Victorians on Steiner Street for which the city is known.It was a wishlist item that Culver ended up fulfilling - except that it came bound with a necessitated multimillion-dollar home restoration on top of the home's price tag.The pink Painted Lady at 714 Steiner Street is a "fixer-upper," <a href="https://www.businessinsider.com/san-francisco-painted-ladies-home-for-sale-fixer-upper-pictures-2020-1">the home's listing agent told Business Insider</a> when the home was still on the market in early January. <a href="https://www.businessinsider.com/san-francisco-painted-ladies-home-for-sale-fixer-upper-pictures-2020-1">Interior photos</a> show peeling paint, dusty windows, grimy walls, and discolored tile flooring. Courtesy of Jeremy Rushton with Coldwell BankerA bathroom in the home needs some work.But despite the needed TLC, Culver bought it in late January for $3.55 million, well over its asking price of $2.75 million. The 37-year-old software developer has 14 years of experience in the Bay Area's lucrative tech industry and a slew of big names listed in her resume, including <a href="https://www.linkedin.com/in/leahculver/">Dropbox.</a> <a href="https://www.fastcompany.com/person/leah-culver">She's the co-creator of OAuth</a>, an open-standard authentication that was integral to the early days of the web. She's also an author of OEmbed, another specification that helps run some of the most ubiquitous aspects of our digital lives - OEmbed is supported by Instagram, Twitter, and Youtube.Culver said she intends to live in the home, which marks the first time she's done that with one of her real-estate investments. She paid in cash, a common and, in most cases, necessary step if prospective Bay Area homeowners are wanting to snag a house. Even so, Culver said that she wasn't the highest bidder and yet still won the sale. The selection of real estate in San Francisco is tight - which exacerbates both a housing crisis and a homelessness crisis - and buyers with the means to purchase property often pay above the listing price, <a href="https://sanfrancisco.cbslocal.com/2019/04/16/quirky-san-francisco-home-that-looks-like-artwork-sells-over-asking-price/">and in cash.</a>That trend is magnified when we're talking about the city's historic home stock. There are seven Painted Ladies on Steiner Street, or what is sometimes called Postcard Row or the Seven Sisters. It's a rare feat to own one - only <a href="https://www.businessinsider.com/san-francisco-painted-ladies-home-for-sale-fixer-upper-pictures-2020-1">two were listed for sale</a> in the past ten years. Katie Canales/Business InsiderCulver's new Painted Lady is the home painted in a pink-red trim in the center, left of the blue house.The homes sprung into the global consciousness in part through their appearance in the sitcom "Full House," which first aired in the late 1980s. Since then, the homes have become one of the most popular tourist attractions in the city, right up there with the Golden Gate Bridge and the Transamerica Pyramid Building. The septuplet of houses shows up on city postcards and other paraphernalia in almost any gift shop you stumble into. It's a picturesque part of town, beloved by tourists and locals alike, and is one that Culver is now apart of.But first comes the daunting renovation process, one that she'll have loads of help with thanks to a project manager she's hired. Culver estimates everything will cost an additional $3 million, rounding out her home investment to at least $6.5 million. And while she said she intends to embrace the Victorian home's character rather than override it, there is still some tweaking that needs to be done to the house, which hasn't been kept in the best condition in its more than 100-year history."It hasn't been preserved, so I can't keep preserving it," Culver said.Here's how she's gearing up for the renovation.

A San Francisco software developer paid $3.55 million for one of the city's iconic Painted Ladies homes that's a 'fixer-upper.' Now she's embarking on an estimated $3 million renovation process.

<div class="KonaFilter image-container display-table"><div><div class="image"></div></div></div><ul class="summary-list"><li>Facebook is asking some new users to provide the password to their email account.</li><li>The move has alarmed security experts, who warn it could encourage users to engage in "risky" behaviour and increase their chances of being hacked.</li><li>The social network also appears to be accessing these users' contacts without asking for permission.</li><li>The company now says it is discontinuing this login tool, though it didn't give a timeframe. </li></ul>Facebook asks some new users to provide the social network with the password to their email accounts, a move that security experts say has concerning security implications - and that could teach people to engage in "risky" behaviour online.Typically, people are urged by security experts never to share their passwords or enter them into any services other than the one for which they are intended, to avoid the risk of "phishing attacks" where users' passwords and personal information are stolen. But on Facebook, when users try to register with certain email providers, including Yandex and GMX, it asks to "confirm your email address" by entering their password directly into Facebook, <a href="https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords">as previously reported on by The Daily Beast</a>. Users of other email providers like Google's Gmail don't see the option, as it makes use of authorization tool OAuth - a common tool for securely verifying your identity without requiring you to input your password as Facebook is doing here. Business Insider has also found that if a new user chooses to enter their e-mail account password into Facebook, a pop-up appears saying that Facebook is "importing contacts" - despite not asking the user for permission to do so. It is not immediately clear if this tool actually imports these contacts, as it apparently didn't pull in contact list entries we made for the purposes of testing, though these contacts were only minutes-old.<div class="KonaFilter image-container display-table"><div><div class="image"></div></div></div>Reached for comment, a Facebook spokesperson said the company is now discontinuing the feature, though the company did not provide a timeframe. <h2>'Basically indistinguishable from a phishing attack'</h2>Bennett Cyphers, a security researcher with advocacy group the Electronic Frontier Foundation, was harshly critical of Facebook's actions. "This is basically indistinguishable to a phishing attack," he said on a call, pointing out that people are ordinarily urged never to provide their passwords to anyone other than the site they were created from."This is bad on so many levels. It's an absurd overreach by Facebook and a sleazy attempt to trick people to upload data about their contacts to Facebook as the price of signing up. Even when you consent to uploading contact information to Facebook, you should never have to put in your email password to do it," Cyphers wrote in a follow-up email. "No company should ever be asking people for credentials like this, and you shouldn't trust anyone that does. This goes against all conventional security wisdom, basic decency, and common sense," he wrote.Troy Hunt, a security expert and operator of the hack-notification-service Have I Been Pwned, was also critical. "It's certainly a security anti-pattern insofar as it involves sharing the secrets of one platform (the email provider) with another platform (Facebook)," he wrote in an email. "Whilst Facebook would certainly be taking precautions to protect the email account password, it feels unnecessary when there's an easy alternative (i.e. the approach they take with Gmail accounts) and does condition people to partaking in risky behaviour," he wrote. The password entry form says that passwords are not stored by Facebook, but there's no way to independently audit this and confirm that it's the case. <a href="https://www.businessinsider.com/facebook-millions-users-passwords-stored-plain-text-2019-3">It was recently revealed that the company was storing hundreds of millions of users' passwords in plain text</a>, in a violation of widely-held security best practices. In a statement, a Facebook spokesperson said: "These passwords are not stored by Facebook. A very small group of people have the option of entering their email password to verify their account when they sign up for Facebook for the first time. People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email."The spokesperson added: "That said, we understand the password verification option isn't the best way to go about this, so we are going to stop offering it." Got a tip? Contact this reporter via encrypted messaging app Signal at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, Telegram or WeChat at robaeprice, or Twitter DM at <a href="https://twitter.com/robaeprice">@robaeprice</a>. (PR pitches by email only, please.) You can also <a href="https://www.businessinsider.com/how-to-tip-business-insider-securely-guide-signal-securedrop-2017-6">contact Business Insider securely via SecureDrop</a>.

Facebook is asking some new users for their email passwords and appears to be harvesting their contacts without consent

<div class="KonaFilter image-container display-table"><div><div class="image on-image"><a href="http://www.apimages.com/metadata/Index/APTOPIX-Election-2018-Georgia/c0c2653a5cff44eeb562ada74c3d17bc/1/0">AP Photo/David Goldman</a></div></div></div><ul class="summary-list"><li>In the past few years, there has been a rise in targeted hijacking towards the online accounts of politicians and other high-profile figures.</li><li>In response, Google launched an Advanced Protection Program last October and works with politicians and campaigns to protect them from spear phishing, or when hijackers attack a specific person or organization.</li><li>Guemmy Kim, product manager of Google's Account Security Team, also offers tips for people to secure their accounts.</li></ul>Two years ago, hackers aligned with the interests of the Russian government created chaos within Hillary Clinton's election campaign when they hacked and <a href="https://www.businessinsider.com/inside-story-of-how-russians-hacked-the-democrats-emails-2017-11">stole the emails</a> of Clinton campaign chairman John Podesta.Attacks like this aren't going to stop anytime soon. In the past few years, the public has seen an increase in targeted hijacking - usually towards politicians, activists, business leaders, cryptocurrency users, and journalists. So last October, <a href="https://www.businessinsider.com/google-drops-out-of-10-billion-jedi-contract-bid-2018-10">Google</a> launched the Advanced Protection Program to protect these people who are most at risk.The Advanced Protection Program, which <a href="https://www.businessinsider.com/none-of-googles-employees-get-phished-because-of-yubikey-security-key-2018-7">Google</a> offers to select users for free, is the highest form of <a href="https://www.businessinsider.com/google-introduces-titan-security-key-2018-8">personal account security</a> the company offers. This managed security program deals with phishing, malware, hijacking, and cryptographic techniques. Guemmy Kim, product manager of Google's Account Security Team, told Business Insider about some of the recent trends her team has encountered in the months leading up Tuesday's US midterm elections, and shared her advice for staying safe. Politically motivated "hijackers" will often ramp up attacks agains politicians and their campaign staffers in the months leading up to a big election such as Tuesday's, Kim said. But, she noted, there are many misconceptions of what kind of people hijackers are."There's this notion of a hijacker being some guy in a dark room typing at night," Kim said. "Hijacking activities actually follow a regular schedule. These are sophisticated <a href="https://www.businessinsider.com/google-hacker-ian-beer-challenges-apple-ceo-tim-cook-to-donate-millions-to-charity-2018-8">hackers</a> targeting politicians."Read more: <a href="https://www.businessinsider.com/google-drops-out-of-10-billion-jedi-contract-bid-2018-10">Google drops out of contention for a $10 billion defense contract because it could conflict with its corporate values</a>That's important to know because these hackers usually target politicians during business hours, when it's more realistic and easier to trick people, rather than in the middle of the night.<h2>Don't expect to find obvious typos</h2>Hijackers often personalize attacks for high-profile people. Using techniques like spear phishing, they may imitate a politician and send emails to the campaign subscribers. They might also try to embarrass a candidate or spearhead an attack that undermines the candidate's credibility, like looking through emails for embarrassing information or posting personal pictures. And the emails sent to victims look very professional - these aren't the typo-filled junk emails people usually see in their spam inboxes.<div class="KonaFilter image-container display-table"><div><div class="image on-image">GoogleGuemmy Kim, product manager of Google's Account Security Team</div></div></div>"Security is always evolving," Kim said. "We constantly monitor what's happening on the landscape. Our goal is to evolve that program to keep you constantly and automatically protected."The Advanced Protection Program requires that users have two security keys, which are devices that use two-factor authentication to protect from phishing. It protects <a href="https://www.businessinsider.com/google-is-not-reading-your-gmail-except-in-all-these-cases-2018-7">personal email accounts</a>, which can be a gateway to other accounts. The program can also protect users using OAuth, or Open Authorization, which allows a user to use an account for third-party services like Facebook without exposing the account's password. Otherwise, Politicians may be tricked into granting access to email and contact data to malicious apps."Campaign apps often use third party services," Joe Hall, Chief Technologist of the Center for Democracy and Technology, told Business Insider. "They can share people's information with marketers. That's more of a <a href="https://www.businessinsider.com/google-chrome-changed-login-requirements-matthew-green-2018-9">privacy problem</a>."<h2>Never let your guard down</h2>To stay secure, Kim recommends that users at least sign up for two-factor authentication. In addition, they should create unique passwords and make sure they're not reusing them. She also recommends a Chrome extension called Password Alert, which detects when users enter their <a href="https://www.businessinsider.com/googles-security-bug-dragonfly-and-maven-show-its-not-trustworthy-2018-10">Google</a> password into any websites other than the <a href="https://www.businessinsider.com/google-could-abandon-chrome-automatic-login-2018-9">Google's login</a> page.Although Election Day is in full swing, the 2020 election is just around the corner, and politicians are already thinking about their upcoming campaigns. Still, attackers are always evolving, and the team must make sure it stays ahead of that curve."People were really vigilant in 2016 after high-profile attacking," Kim said. "Some talk about helping politicians with security. I kind of want to emphasize that we can't let that guard down. People have to keep vigilant." Get the latest Google stock price<a href="http://markets.businessinsider.com/stock/GOOG-Quote"> here.</a> <div class="margin-top"> <h3>NOW WATCH: <a href="https://www.businessinsider.com/what-happens-when-you-dont-get-enough-sleep-2017-12">A sleep expert explains what happens to your body and brain if you don't get enough sleep</a></h3> <div> </div> </div>

Here's how security engineers at Google have been protecting politicians during election season

<div class="KonaFilter image-container display-table float_right"><div><div class="image on-image"></div></div></div>As Business Insider continues its tremendous growth, we are adding a key role to our tech team! As our Android engineer you will take ownership of our existing Android mobile app. The ideal candidate will be able to evangelize concepts and standards and collaborate with our backend engineers to produce a world class app. We face exciting challenges every day due to the demands of our growing audience and the 24/7 news cycle. Your work will reach millions of people-60+ million every month around the globe. Business Insider is a dynamic company reaching the new generation of business leaders. SUMMARY OF JOB REQUIREMENTSMust Have:<ul><li>Excellent Java knowledge (min. 3 years experience) and extensive experience with the Android SDK</li><li>Hands-on experience integrating/working with RESTful APIs and specific experience integrating mobile applications with server-side systems</li><li>Experience working with push notifications and messages</li><li>Experience with Android Web View, Oauth, loopJ</li><li>Some Javascript + CSS knowledge</li><li>Experience with Agile development methodologies</li><li>Able to bring creative solutions to problems</li></ul>Nice-to-Have:<ul><li>Other development experience (such as iOS or Web-App) a plus</li></ul>If you're interested in joining the team, please <a href="http://jsco.re/17ao" target="_blank">apply online</a> and tell us a bit about yourself. Thanks in advance. <div class="margin-top"> <h3>NOW WATCH: <a href="http://www.businessinsider.com/prevent-blisters-jogging-running-shoes-sneakers-athletic-shoelace-hole-2015-5">Someone figured out the purpose of the extra shoelace hole on your running shoes - and it will blow your mind</a></h3> <div> <div> <div class="ooyala-video-player" data-video-autoplay="false" data-video-id="lyNnMwdToPHeoBdqEnriXIBVrqyIR6er" data-player-variable="ooyalapopvideo" id="ooyalaplayer_popvideo" style="width:1280px;height:720px"></div> </div> </div> </div>

Business Insider is hiring an Android developer

<keyword id="1737805" type="UNKNOWN" weightage="60" keywordseo="Social-Media-Insights">Social Media Insights</keyword> is a daily newsletter from <a href="https://intelligence.businessinsider.com/most-popular-social-platforms-among-iphone-users-and-what-they-share-2013-7?utm_source=House&amp;utm_medium=Edit&amp;utm_term=SMI&amp;utm_content=link&amp;utm_campaign=BIIMobile%20">Business Insider Intelligence</a> that collects and delivers the top <keyword id="6354632" type="COMPANY" weightage="60" keywordseo="Social-media">social media</keyword> news first thing every morning. You can <a href="http://e.businessinsider.com/517ed0731e240a9c3f6f0929zlj2.2ms/TE8v3-u4vLlm-G7aBc9c4" target="_blank">sign up</a> to receive Social Media Insights <a href="http://e.businessinsider.com/517ed0731e240a9c3f6f0929zlj2.2ms/TE8v3-u4vLlm-G7aC94e9" target="_blank">here</a> or at the bottom of this post.

<a href="http://www.brandwatch.com/"> <div class="image-container float_right click-to-enlarge"><div class="image"><a title_source="Brand Watch" title_caption="" class="zoomin" href="http://static1.businessinsider.com/image/5213de4decad04cb40000007-960/bii-brands-twitter.png"></a>Brand Watch</div></div>Brands Ramp Up Twitter Usage</a> (Brand Watch) According to a recent study, half of brands surveyed this year are tweeting 30 or more messages each week. For comparison, half of the monitored brands tweeted fewer than seven times per week in 2012.
What's more, 63% of brands surveyed now manage multiple accounts on <keyword id="6354616" type="CITY" weightage="60" keywordseo="Twitter">Twitter</keyword>. In 2011, just 7% had multiple accounts. We've noticed some companies setting-up dedicated Twitter accounts for customer service, and now we might see that trend spilling over into other departments. <a href="http://www.brandwatch.com/">Read &gt;</a>
<a href="http://allthingsd.com/20130820/twitters-little-video-app-that-could-continues-to-grow/?mod=atd_homepage_carousel">Vine Fends Off Instagram Video — It's User Base Keeps Growing</a> (All Things Digital) Twitter's video-sharing app, Vine, has grown to over 40 million registered users. That's up from 27 million just two and a half months ago. In that span, Instagram also launched its own video-sharing feature, which created much concern about the future of Vine. <a href="http://allthingsd.com/20130820/twitters-little-video-app-that-could-continues-to-grow/?mod=atd_homepage_carousel">Read &gt;</a>
<a href="http://mashable.com/2013/08/20/what-is-twitter-oauth/">Everything You Need To Know About Twitter OAuth</a> (Mashable) OAuth is an authorization tool that approves third-party applications to use and access your Twitter account, without you having to share your password. 
Mashable has assembled a quick overview of how to use OAuth and how to keep your apps secure. <a href="http://mashable.com/2013/08/20/what-is-twitter-oauth/">Read &gt;</a> 
<a href="http://www.comscore.com/Insights/Press_Releases/2013/8/comScore_Releases_July_2013_U.S._Online_Video_Rankings" target="_blank">Facebook's Video Audience Remained Flat Between June And July</a> (comScore) comScore released its monthly data on the top online video video properties by audience size. Google Sites (driven primarily by YouTube) swelled 6% to 168 million in July, followed by <keyword id="6354576" type="CITY" weightage="60" keywordseo="Facebook">Facebook</keyword> — which remained flat — with 61.3 million, and AOL with 57.9 million. <a href="http://www.comscore.com/Insights/Press_Releases/2013/8/comScore_Releases_July_2013_U.S._Online_Video_Rankings">Read &gt;</a>
<a href="http://allfacebook.com/joe-sullivan-khalil-shreateh_b123780">Facebook's Chief Security Officer Defends White Hat Program</a> (All Facebook) White Hat is a program that rewards developers with cash when they report a bug in Facebook's code. When Khalil Shreateh found a loophole in Facebook's code that allowed him to post on Mark Zuckerberg's wall without being friends with him, people expected him to be rewarded. However, he wasn't. In fact, Facebook said he had violated its terms of service and his account was temporarily suspended. Facebook's Chief Security Officer Joe Sullivan defends the chain of events. <a href="http://allfacebook.com/joe-sullivan-khalil-shreateh_b123780">Read &gt;</a>
<a href="http://mashable.com/2013/08/20/facebook-android-sdk-update/">Facebook Levels Playing Field For Android, iOS Developers</a> (Mashable) Facebook launched an update to its Android software developer kit (SDK) that adds features to the app that will put it on par with the Facebook for iOS version. This eliminates all differentiation between apps on the two platforms — there is nothing an Android user can't do on the Facebook app that an iOS user can. <a href="http://mashable.com/2013/08/20/facebook-android-sdk-update/">Read &gt;</a>
<a href="http://techcrunch.com/2013/08/19/instagram-cracks-down-on-connected-apps-using-insta-and-gram/">Instagram Cracks Down On Apps Using "Insta" And "Gram"</a> (TechCrunch) Instagram has updated its Brand Guidelines to stress the fact that apps working with Instagram are not permitted to use "Insta" or "Gram" in their name. Apps such as Luxogram, which is used by 1 million users every month, were notified of the Guideline change in an e-mail from Instagram. Now that Instagram has reached widespread popularity, you can't blame Facebook for protecting the Instagram name. <a href="http://techcrunch.com/2013/08/19/instagram-cracks-down-on-connected-apps-using-insta-and-gram/">Read &gt;</a>
<a href="http://sproutsocial.com/insights/2013/08/google-plus-translations/">Google+ Now Translates Text Into Your Native Language</a> (Sprout Social) Now, whenever there's a public post or comment on Google+ that isn't in your native language, you'll have the option to translate the text. <a href="http://sproutsocial.com/insights/2013/08/google-plus-translations/">Read &gt;</a>

Brand Activity On Twitter Is Skyrocketing This Year

<div class="image-container float_right" style="width:400px"><div class="image"></div>AP</div>A developer found a way to access any and all <keyword id="6354576" type="CITY" weightage="60" keywordseo="Facebook">Facebook</keyword> accounts. He reported this to Facebook, which responded by fixing the problem.
Developer Nir Goldshlager found a flaw in Facebook's code that allowed him to take full control over any Facebook account.
"By exploiting this flaw I could steal unique access tokens that provides me full control over any Facebook account," <a href="http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html">Goldshlager writes in a blog post.</a>
He says the flaw gave full permission allowing access to the messages inbox, outbox, page management, ad management, and private photos and videos.
<a href="##slideshow##">Click here to see how he did it &gt;</a>
Goldshlager said that the flaw even allowed access to accounts that are protected with 2-step verification.
Fortunately, Goldshlager reported the broken code to Facebook, which has now fixed the problem.
A Facebook PR rep told us:
We applaud the security researcher who brought this issue to our attention and for responsibly reporting the bug to our White Hat Program. We worked with the team to make sure we understood the full scope of the vulnerability, which allowed us to fix it without any evidence that this bug was exploited in the wild. Due to the responsible reporting of this issue to Facebook, we have no evidence that users were impacted by this bug. We have provided a bounty to the researcher to thank them for their contribution to Facebook Security.
He even gives step by step instructions of how he made the exploit work.
just to clarify there is no need for any installed apps on the victim's account, Even if the victim never allowed any application in his Facebook account, I could still be getting full permissions (This bug works on any browser)
<div style="padding-left: 60px;">To make this exploit work, The victim only need to visit a webpage, So OAuth is used by Facebook to communicate between Applications and Facebook users, Usually users must allow/accept the application request to access their account before the communication can start.</div>
<div style="padding-left: 60px;"> Any Facebook application might ask for different permissions.</div>

You Searched For "oauth" and got 10 results

India's PokerBaazi suffers security lapse, users' data exposed: Researcher

IANS

I got fired from my dream tech job but now I make more money and work less hours a week as a content creator. Here's how I built it up.

Zulie Rane

Microsoft goes after app-based consent phishing attacks in Cloud

IANS

A 27-year-old Indian developer bags ₹75 lakh for reporting a critical flaw in ‘Sign in with Apple’

IANS

A San Francisco software developer paid $3.55 million for one of the city's iconic Painted Ladies homes that's a 'fixer-upper.' Now she's embarking on an estimated $3 million renovation process.

Katie Canales

Facebook is asking some new users for their email passwords and appears to be harvesting their contacts without consent

Rob Price

Here's how security engineers at Google have been protecting politicians during election season

Rosalie Chan

Business Insider is hiring an Android developer

Sarah Whalen

Brand Activity On Twitter Is Skyrocketing This Year

Cooper Smith

A Developer Found A Hole In Facebook's Security That Gave Him Access To Every Account

Kevin Smith

Popular Keywords

Buying Guides