Security flaw detected in Android versions'

'Security flaw detected in Android versions'

In an advisory Indian cyber security researchers have said that smartphones running Android 4.3 and Android 4.4 are vulnerable to hackers who could use a known flaw in the phones to steal sensitive information. The flaw is in the way the latest versions of Android implement virtual private network (VPN), a technology mostly used by enterprises. 

This flaw can be used hackers and others to read and capture the information exchanged between the phone running Android 4.3 or Android 4.4 and a VPN server. According to data published by Google, the company behind Android, on February 4, 8.9% of all Android phones were running version 4.3 while 1.8% were on version 4.4. 

The VPN flaw is a low-risk vulnerability for most users. But for companies that implement VPN and that allow employees to use Android phones, it can be of significant risk. The vulnerability was first found by researchers in an Israeli university in middle of January. Google is aware of the flaw and is likely to fix it in the next version of Android. 

In India, the researchers at CERT-IN, the governments agency that monitors cyber threats, issued the advisory about the VPN flaw a few days ago. 

"A critical flaw has been reported in Android's VPN implementation, affecting Android version 4.3 and 4.4 which could allow an attacker to bypass active VPN configuration to redirect secure VPN communications to a third party server or disclose or hijack unencrypted communications," noted CERT-In. 

VPN is used by companies to establish secure connection between their own servers and devices like smartphones and laptops that their employees may use during work. Under ideal conditions, a VPN network offers end-to-end encryption and makes it almost impossible for anyone to snoop onto the communication taking place between a phone/laptop and a web server. This is the reason why VPN is also used by many people in countries like China to access web services that are banned in the country and by many dissent groups in countries with repressive regimes. 

CERT IN added that if an Android phone has been compromised due to VPN flaw, hackers may also collect information on text messages, emails and contacts stored on the device. 

Israeli researchers found the vulnerability when they were testing Knox, a security feature for enterprise users created by Samsung. Later they found that the flaw affected all Android phones and not just Samsung phones. 

Samsung issued a statement on the VPN flaw and said that it was not as serious as it seemed. "Android development practices encourage (apps to use) SSL/TLS. Where that's not possible Android provides built-in VPN. Use of SSL/TLS would have prevented an attack based on a user-installed local application, (which exploited VPN flaw)," noted the company. 

In its advisory, CERT IN suggested that Android users should apply OS updates when they are available, should not install applications from untrusted sources and should not click on unidentified web links received in messages or emails.

होली : हिन्दी

होली एक रंगबिरंगा मस्ती भरा पर्व है। इस दिन सारे लोग अपने पुराने गिले-शिकवे भूल कर गले लगते हैं और एक दूजे को गुलाल लगाते हैं। बच्चे और युवा रंगों से खेलते हैं। 

FILE

फाल्गुन मास की पुर्णिमा को यह त्योहार मनाया जाता है। होली के साथ अनेक कथाएं जुड़ीं हैं। होली मनाने के एक रात पहले होली को जलाया जाता है। इसके पीछे एक लोकप्रिय पौराणिक कथा है। 

भक्त प्रह्लाद के पिता हरिण्यकश्यप स्वयं को भगवान मानते थे। वह विष्णु के विरोधी थे जबकि प्रह्लाद विष्णु भक्त थे। उन्होंने प्रह्लाद को विष्णु भक्ति करने से रोका जब वह नहीं माने तो उन्होंने प्रह्लाद को मारने का प्रयास किया। 

FILE

प्रह्लाद के पिता ने आखर अपनी बहन होलिका से मदद मांगी। होलिका को आग में न जलने का वरदान प्राप्त था। होलिका अपने भाई की सहायता करने के लिए तैयार हो गई। होलिका प्रह्लाद को लेकर चिता में जा बैठी परन्तु विष्णु की कृपा से प्रह्लाद सुरक्षित रहे और होलिका जल कर भस्म हो गई। 

यह कथा इस बात का संकेत करती है की बुराई पर अच्छाई की जीत अवश्य होती है। आज भी पूर्णिमा को होली जलाते हैं, और अगले दिन सब लोग एक दूसरे पर गुलाल, अबीर और तरह-तरह के रंग डालते हैं। यह त्योहार रंगों का त्योहार है। इस दिन लोग प्रात:काल उठकर रंगों को लेकर अपने नाते-रिश्तेदारों व मित्रों के घर जाते हैं और उनके साथ जमकर होली खेलते हैं। बच्चों के लिए तो यह त्योहार विशेष महत्व रखता है। वह एक दिन पहले से ही बाजार से अपने लिए तरह-तरह की पिचकारियां व गुब्बारे लाते हैं। बच्चे गुब्बारों व पिचकारी से अपने मित्रों के साथ होली का आनंद उठते हैं। 

WD

सभी लोग बैर-भाव भूलकर एक-दूसरे से परस्पर गले मिलते हैं। घरों में औरतें एक दिन पहले से ही मिठाई, गुझिया आदि बनाती हैं व अपने पास-पड़ोस में आपस में बांटती हैं। कई लोग होली की टोली बनाकर निकलते हैं उन्हें हुरियारे कहते हैं। 

ब्रज की होली, मथुरा की होली, वृंदावन की होली, बरसाने की होली, काशी की होली पूरे भारत में मशहूर है। 

आजकल अच्छी क्वॉलिटी के रंगों का प्रयोग नहीं होता और त्वचा को नुकसान पहुंचाने वाले रंग खेले जाते हैं। यह सरासर गलत है। इस मनभावन त्योहार पर रासायनिक लेप व नशे आदि से दूर रहना चाहिए। बच्चों को भी सावधानी रखनी चाहिए। बच्चों को बड़ों की निगरानी में ही होली खेलना चाहिए। दूर से गुब्बारे फेंकने से आंखों में घाव भी हो सकता है। रंगों को भी आंखों और अन्य अंदरूनी अंगों में जाने से रोकना चाहिए। यह मस्ती भरा पर्व मिलजुल कर मनाना चाहिए।

Happy Holi to you and your family. We wish

your health, prosperity and business 

achievements at this prismic colour eve.

Top 10 Websites for Advanced Level Java Developers

This is my collection of websites for advanced level Java developers. Those website provide news, answers to general questions or interview questions, great lectures, etc. Quality is the key factor of good websites. In my opinion, they all have the highest quality. In the following, I will also share how I use these websites for learning or for fun. You may think some sites are good for any level developers, but I think it is how they are used determines whether they are good sites for an advanced level Java developer.

1. Stackoverflow

Stackoverflow.com is probably the most popular website in the programming world. There are millions of good questions and answers. Learning an API or a programming language often rely on code examples, stackoverflow has a lot of code segments.
Another good thing about stackoverflow is that it is social. You can view questions under some certain tags, e.g. “java” and “regex”, then you can see what question is most frequently asked and most voted. This can serve as a good resource for learning, also a good resource to write popular topics of Java bloggers.

URL: http://www.javased.com

2. DZone
I would say this website is fun, lots of developers share their blog articles. It is like an adventure, you never know what you are going to read next from this site.

URL: http://www.dzone.com

3. LeetCode
If interview question is java specific, like “what array look like in memory in Java”, you can get answers from a lot of Java tutorials. However, if the question is something like “how to convert an sorted array to a balanced tree”, then leetcode is the right place to go. It is a social platform for preparing IT technical interviews and contains a collection of algorithm related questions. The best part is that it also has an online judge which can check if your code is correct or not by feeding different size of data. To be successful in a technical interview, they believe it is mainly repeating these three important steps: code → read → discuss.

URL: http://leetcode.com/

4. Java SE Technical Documentation
This website contains all documents you will need to use API of Java SE. Even if you are an advanced level Java developer, I’m pretty sure that you will find something useful and official here. For example, you can read some tutorials of “Essential Java Classes”, “Deployment”, etc.

URL: http://docs.oracle.com/javase/

5. Github
You probably know that you can host your projects for free there, but you may not know it is an excellent resource for learning popular Java libraries and frameworks. For instance, if you want to learn Spring MVC framework, you can search and find some open source projects. As the “monkey see monkey do” rule works for learning frameworks, you will be able to learn the frameworks quickly by examples, especially if you already have some experience with similar frameworks.

URL: https://github.com/

6. Coursera
This is the best site for video lectures. You can find a lot of good computer science courses from famous professors of top schools. Some of them are even the inventor of some computer science areas.

URL: https://www.coursera.org/

7. Java World
This site contains a large collection of Java tutorials on various kinds of topics. A lot of articles are well written and has pictures/diagram for illustrations. It can be used as a book for deep learning.

URL: http://www.javaworld.com/
8. Javased
Nowadays a large portion of Java development is using APIs provided by some libraries or frameworks. We almost always use some classes from some libraries to program a task. Javased.com is a site that provides code examples for popular API classes. More than 10,000 API classes are covered.

URL: http://stackoverflow.com/

9. Wikipedia
This is one of the best resources for looking up and learning almost any concepts. For example, as an experienced Java developer you may just want to know some concept, but not learn much. This is a great place to find updated information for free. For example, what is service-oriented programming. It can also serve as a huge collection of clues and ideas for your writing. For example, the same word may stand for totally different concepts in different areas. Sometimes it is interesting to know the concept in other areas.

URL: http://en.wikipedia.org/wiki/

10. Program Creek
Comparing with the above 10 websites, the size of programcreek.com is much smaller. However, programcreek.com is the one of the top 100 Java blogs all over the world. You can find some topics that haven’t been written by any other websites, and each of the articles always contains nice diagrams or code examples. It contains articles written by people from both research and industry, and always share good-quality materials to Java developers. Hopefully, it will also be mentioned in someone's top 10 list some day.

Easy Repair With Only One Diode Shorted In LED Monitor

This e-wis LED Monitor came in for repair with the complaint of no power. The power LED was not lighted even the main ac was connected.

Once the cover was removed I could see the two circuit boards i.e; power and mainboard-see the photo below:

The main fuse was found to be good so I had to perform the on board voltage test to see if the power supply is producing any output voltages or not. The two output voltages that I had tested were 5 volt and 12 volt. There were no output voltage and this confirmed that the power supply indeed have problem.

I removed the power supply and checked on the two output diodes first. Surprisingly the first component (diode) that I had tested was shorted when checked with my digital multimeter.

This was the diode that was found to be shorted.

I checked further downstream to see if there is any other components found to be faulty but all checked to be good. Even all the secondary filter caps were checked to be good too. I concluded that there was only one output diode shorted and after the replacement of the diode look at the result below: