March 2020

Some Pages that you Should notice

KB4554364 fixes the VPN Bug, download and install now.! [Download link is here]

KB4554364 was released as a fix for the ongoing issue of Windows 10 user's getting disconnected/ limited or no internet connection when connected to VPN. This news might be a good news in this Work from Home situation for lot of users. 

In a post published today, Microsoft said, "This non-security update includes quality improvements, and it will fix only these existing bug.

As of Writing this post, this update was not available via Windows update. It will be released today or soon.

But if you wish to download and install this KB4554364 then you can do that from Microsoft update catalog page linked below.

This update doesn't need any special instructions, just install like a normal one and restart if prompted.

KB4554364 Download link (Official)

And known issues as of now :)

Hope its helpful.

Internet archive gives all 1.4 Million Plus rare Books under National Emergency Library for free! - Grab your copy

Internet archive (better known as archive.org), one of the Organization who fights for the motto knowledge should be free is back again to help people who wish to gain knowledge for free. This time under the name of National Emergency Library by using the Covid-19 pandemic.  

I don't know what you are talking about, What exactly is this archive.Org ?


Archive.org is a non profit Organization, and they are actually working to preserve the digital copy of the internet (rare collections specifically), you can use this site archive.org to get almost any content which was now removed or updated. For example : If you want to know how google page looked like in 2001 then you can check that site, you will get it. Not only that, you can get a rare movie, song,etc which was not available on other sites there..

Imagine, how much data they might have, now😐😐

Why National Emergency Library ?



Internet archive gives all 1.4 Million Plus Books under National Emergency Library for free! - Grab your copy


As said earlier, this site has lot of rare books that are available and not available commercially so there was a system earlier where users can borrow books from others by joining waitlist , which some what not violates any copyright of the authors. But now due to this covid issue, the site says, waitlist time takes longer than usual, which is not acceptable. So, they had introduced this option where users doesn't need to wait they can access any books from their 1.4 Million + library collections for free.. 


This library brings together all the books from Phillips Academy Andover and Marygrove College, and much of Trent University’s collections, along with over a million other books donated from other libraries to readers worldwide that are locked out of their libraries.
And the next question, that comes in our mind, what ! Are the copyrighted contents served for free?

Hmm yes!, Copyrighted contents are contents are served for free ! We live in a society where everything was made up of Money. Of course, Money is needed for everything mainly to survive, i'm not denying that fact ! but there are people who can't afford $150 for a book, so this is for those people. 

Archive.Org also encourages users to buy books if you are in a position to buy books.!

We recognize that authors and publishers are going to be impacted by this global pandemic as well. We encourage all readers who are in a position to buy books to do so, ideally while also supporting your local bookstore. If they don’t have the book you need, then Amazon or Better World Books may have copies in print or digital formats. We hope that authors will support our effort to ensure temporary access to their work in this time of crisis. We are empowering authors to explicitly opt in and donate books to the National Emergency Library if we don’t have a copy.

If you are one of the author, doesn't want this to be done, then you can contact them directly to remove your book. ( Link.)  

And if you are the one who wish to get access to rarest books mainly of 20th century then its time for you to grab your copy! Go get it done here..


With this National Emergency Library, Internet archive's dream of making all the library at the user's finger tip is undeniable.

What do you say?

News bar beta spotted in Windows 10

There was a news that Microsoft was working on a new News Bar as it got many leaks past month, looks like the rumors are true, as its now official! the News bar is now available in Beta stage for everyone living in United states.

If you are living on other country, don't worry it will be launched soon to other areas very soon. 

What's this News bar all about?

Don't expect this to be a whole different app. Because there is nothing new, like you have a taskbar, you are going to get another bar on right side of your Screen. The difference and one useful thing is if you are the one who wants to have up-to-date information, then it will be very useful for you. 

It will reside on your right corner side of the desktop or left sidebar or top/bottom(above to taskbar) depending on your configuration and will continuously fetch all the latest updates from MSN and will display it like a story to you. If you are interested you can click and view the story.

News bar beta spotted in Windows 10


It also have many optional features, like minimizing if you feel its distracting and other features like changing the appearance, position, visualization etc..

How to change position of News bar in Windows 10 ?

If you like to change the position of News bar to bottom, rather than right side then you can change it in the settings, appearance section of the app.

All the stories that is displayed will open on your default browser.

You can get the app from this link.

As usual, don't forget to give feedback for the beta apps it will help the developers a lot.

You will see "Sorry, we can't upload your picture right now. Try again in a little while - when you try to set custom pic on Xbox

Sorry, we can't upload your picture right now. Try again in a little while this might be the message you will get on your Xbox when you try to upload custom gamer picture,custom club picture, custom club backgrounds and so on, Says Xbox forum. And this happens only after the latest update of March 27, 2020, reported many users. 

This might be a little bit irritating for gamer like you, and you might decide to move to PS, but Microsoft says, this is temporary and its only because to cope up with the ongoing demand. 

Here is what MS says..


As people look to gaming for social connection, Xbox is seeing record numbers across Xbox Game Pass, Xbox Live, and Mixer. To streamline moderation and ensure the best experience for the community, Xbox has made small adjustments. Some features like uploading custom gamerpics, club pics, and club backgrounds are temporarily disabled

So, what to do now? Currently there is no ETA on when this will be enabled now, but if you haven't updated then you can postpone it as old update users, say they are still able to upload those pics (not verified).

Just give it a try.

And Happy Gaming :) 

Other articles :

Your Phone's virtual assistants like Google, Siri can be hacked with <$10 device using SurfingAttack

Your 4G and 5G can be easily breached , says researchers !

Windows 10 Insider Preview Build 19041.172 iso Official download link is here..!

Windows 10 Insider preview build 19041.172 was 2 days back to slow ring insiders. And as you might have probably guessed this insider build 19041 might be the future/ upcoming Windows 10 version 2004. (So, if you are waiting for Windows 10 version 2004 iso file, then you can go for this. ) One of our blog reader contacted me and asked about the iso download link of this preview build 19041 if there is any.

I started checking on various sources, and finally ended up in Microsoft site itself(as usual, looked on various sources instead of looking on official site first😀😀).  I had shared the link to him and thought it will be great to share that here too for our other readers.

So, If you are the one who want to test this 19041 build or want to download this Insider preview build 19041 then, here is the link for you.

Links :(Opens in new window)

Download Windows 10 Insider preview 1941.172 x86 bit ISO.
Download Windows 10 Insider preview 1941.172 x64 bit iso


Any Issues on this Windows Insider Preview build 19041.172 Slow ring?

As of now, there was no big issues when using this build, but it has one issue as mentioned by Microsoft Narrator might not work well when using chromium version of Microsoft Edge. Other that that, there will be no issues.

If the download link is not working, then

  • Visit this Official Microsoft site
  • It might ask you to sign-in sometimes, so sign in if you haven't.
  • Select Edition of your choice.
  • Download your preferred language
  • Confirm, and enjoy..


And as a friendly reminder, this is an insider preview version and of slow ring type, so might have most of the bugs fixed but might have some unknown bugs. So, try at your own risk and share your feedback to Microsoft so that they fix the issues before releasing for stable version.

Keep testing :)

Other articles :

Using Windows Preview Pane ? You might be under attack and no bug fix says Microsoft !

Microsoft Edge chromium Offline download links.


Limited or no internet connection status when using VPN in Windows 10? - No, You are not alone says Microsoft !

When you turn on your device to work from home, and connected to your VPN network then you might be greeted by your windows 10 with Limited or no internet connection symbol on the network icon. Don't panic.! at that time and think, you are facing this issue alone, because this is a Known.
issue.

What is the issue ?

As the recent update, all the device which installed the Cumulative update KB4535996 released by Feb 27 are affected by this issue.

So, what are the symptoms that you are affected by this Bug😃?

With the above one being the primary one, there are couple of other things that will confirm you are affected by this bug.

Here, is What Microsoft says..

Devices using a manual or auto-configured proxy, especially with a virtual private network (VPN), might show limited or no internet connection status in the Network Connectivity Status Indicator (NCSI) in the notification area.  This might happen when connected or disconnected to a VPN or after changing state between the two. Devices with this issue, might also have issues reaching the internet using applications that use WinHTTP or WinInet. Examples of apps that might be affected on devices in this state are as follows but not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11, and some version of Microsoft Edge.

So, What can i do to fix limited or no internet connection when using VPN?

Even though Microsoft is working on a fix, i guess you don't need to wait till the fix is being rolled out (Because i know what will happen when you didn't work from Home, when you are asked to do ).  Simple, Just restart your PC. Yes, a simple restart will fix your problem.

I'm facing this issue again and again, everytime when i connect my PC to VPN network icon in the Notification area shows Limited or No internet connection what to do, any permanent Fix, available?

As said earlier, Microsoft is Working on a fix, but if its ok for you, then you can uninstall the problematic update that was installed on your PC.


How to uninstall KB4535996 in Windows 10 PC ?




1) Sign-in to your Windows 10 PC.

2) Press Windows (logo) Key, it will open search option.

3) Type Update history on it and select the top most result.

4) Now, it will open view Update history option inside the settings App, click on Uninstall updates

5) Now, scroll down and find out KB4535996 on the installed updates section.

6) Click/tap uninstall and wait for Sometime.

That's it.

Restart and continue your Work as usual.

Stay Safe:)

Other articles :

How browsers works on Mobile phone [Beginner's guide]


Your 4G and 5G can be easily breached , says researchers !

5G is the hot topic here around the world for a couple of months either its because of its ultra speed connectivity and being advanced than 4G or for new research showing lot of birds dying because of its radiations. And there joins another research from positive technologies that shows all the current 4G and first generation 5G networks are vulnerable to DOS attack.

" 100% of 4G networks are susceptible to denial-of-service attacks and 5G is not immune - Positive Technologies"

If you are not familiar with the word DOS, then i will explain it simple line. DOS is a kind of attack used by malicious person where lot of requests are sent from the one machine requesting for a particular source(mostly),hmmm i guess it would be better if i explain in this way. Imagine like this, you will be able to drink water only till a particular level right ? for example: 1.5 liter continuously after that what will happen ?, you willn't be able to drink or even if you drink you will feel vomiting or something right? . Servers (a group of computers) work in the same way. A Computer will be able to handle only upto a specific kind of requests so post that, it will fail for other requests. And there comes a another terms DDOS which might be useful for you at some place, this ddos is nothing but distributed denial of service. The difference is only one thing. If a attacker uses one computer then its dos and if he uses multiple to attack then its ddos.

Pretty hard to digest, uh!  but how is it done? simple its because of the vulnerability exists in the Diameter base signalling protocol.  What is this Diameter signal protocol ? first what is a protocol?


"A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and center of any network design," Dmitry Kurbatov, CTO at Positive Technologies, said in a press release.

A protocol is a set of instructions that are needed to be followed by the system. And most 4G networks follows the above protocol, and this protocol performs AAA function. I.e; Authentication, Authorization and Accounting. 

So, when there is a vulnerability in this protocol , imagine the consequences. Anyone can view your (subscriber) detAils, location and even redirect to insecure networks, ofcourse, its worst.. 

So, why 5G is affected? its just a new technology right? If we think like that, then we are wrong because the team says, the first generation 5g network is built only on top of 4G only.So,"If left unchecked, the 5G networks will not be immune from the same vulnerabilities of previous generation networks."

Any action we can take ? though we cannot take action directly, the only option available is operators has to start enforcing the specialized threat detection systems which can analyze the good one and bad signals by following GSMA guidelines and all i wish is it should be ad-hoc because IoT devices are getting increased day by day and we can't predict which network will be breached next as this is news is out.


Interested in knowing about this further?



Diameter Base protocol : https://tools.ietf.org/html/rfc6733


Related posts:


Using Windows Preview Pane ? You might be under attack and no bug fix says Microsoft !

If you are using Windows Preview Pane to view your PDF files, then its time to pause for a minute and change your options. Because a new vulnerability ADV200006 (Type 1 Font Parsing Remote Code Execution Vulnerability) which uses the unpatched Adobe library to affect our systems  has been discovered by the security team. 

So, what is it for now? Am i infected ?

Right now, this issue is affecting mainly Windows 7 users and if you are using Windows 10 then you are little bit safe as Microsoft claims Windows 10's default security mechanism will prevent this type of attack on Windows 10.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Is there any update that we can install ?


No right now, even the most updated system will be affected because of this bug. And there is no bug fix available even though Microsoft is already working on a fix.

So, what to do now, any Work around?

There are three workarounds, suggested by Microsoft for this issue.

1) Disabling Webclient service

2) Renaming ATMFD.Dll file 

and 3) Disabling Preview Pane.

But, to be on safer side you can disable this preview pane for sometime, which is the easiest one if you are a beginner.

Here, is how to disable Preview Pane :


  • Open Windows Explorer
  • click Organize, and then click Layout. 
  • Select both the Details pane and Preview pane menu options. 
  • Click Organize, and then click Folder and search options.
  • Click the View tab. Under Advanced settings, clear the Always show icons, never thumbnails box. 


Click Apply , OK

That's it.

Just disable it and keep your system safe from hackers.

Enjoy.

Your Phone's virtual assistants like Google, Siri can be hacked with <$10 device using SurfingAttack

Yup, you read at that right. As per the new research paper published by  Qiben Yan at SEIT Lab, Michigan State University, Kehai Liu at Chinese Academy of Sciences
Qin Zhou at University of Nebraska-Lincoin, Hanqing Guo at SEIT Lab, Michigan State University, Ning Zhang at Washington University in St. Louis... your phone's virtual assistants like Google assistant, Siri, Bixby can be activated using ultrasonic sound waves (inaudible for humans). And can execute commands like read the text messages, make a call or send text messages, etc possibly most of the commands an assistant can do for the user to steal personal information.

The researchers actually tested 17 different phone models, and out of those 15 devices were successful at the first attempt itself/ without changing any OS or code. Those 15 devices were nothing but the popular devices like Pixel , Google Pixel 2, Google Pixel 3, Moto G5, Moto Z4, Samsung Galaxy S7, Samsung Galaxy S9,Xiaomi, Mi 5, Xiaomi Mi 8,Xiaomi Mi 8 Lite,Huawei Honor View 10,Apple iPhone 5, Apple iPhone 5s, Apple iPhone 6+ and Apple iPhone X.

all running at different latest and Old version of Android and iOS.

So, how did they did this or how SurfingAttack works?


Calling it as a Surfing Attack, the team demonstrated that whenever your device is kept on the table,and if they decided to hack then,  an attacker can send a voice command, which is of inaudible to normal humans to $5 PZT transducer kept at the bottom of the table. This device will accept the signals and will send the ultrasonic signals to your device. Your device will accept the signals and will reply back to their commands. 

Device on table -> Hacker decides to hack ... Attacker sends signal to transducer -> Transducer sends the ultrasonic waves -> Your device microphones picks the signal -> Activates assistant


For example :

If an attacker sends the OK Google or Hey siri, read the text message command then your device's  microphone will pick the signal from the transducer. Which will then activate the virtual assistant. This virtual assistant thinking that the you are the one asking the assistant to do the command will read the text message which will be then picked by the device kept under the table and then sent back to the attacker. And if you think your phone will read that aloud, then researchers say we were wrong, because the first step they will do before asking your assistant to read messages is they will reduce your Phone's volume to less than 3. Using the same concept. If they sent reduce volume command, then your device will decrease your volume😞😞So, you might not hear that it is reading out.



Our researchers has actually attempted a communication between another human asking for password like we ask and it was successful (and Of course, your device is capable of that when there is a technology like Google duplex). Another question, What about the vibration ? they have solution for that too..

To activate the voice assistants, the baseband signal v(t) will embed the wake words such as “OK Google” in front of the attack commands. We use existing speech synthesis techniques to generate the wake words of a specific voice, and the attack commands can be simply generated using TTS systems. However, in our experiments, we discover that after the activation command wakes up the assistant, the device creates a short vibration for haptic feedback to indicate the assistant is ready. This vibration may negatively affect the mechanical coupling, and thus reduce the attack success rate of the subsequent attack commands. In response, we insert a multi-seconds gap between the wake words and attack commands to eliminate the vibration’s impact.

This attack was successful on most of the solid materials and upto a distance of 30ft distance, concludes researchers.

I Said 15 out of 17 are successful, So what are the Other two devices that escaped/ Survived?

It was Mate 9 and Samsung Galaxy Note 10 +. those two devices has likely survived because of their curved nature. One has curved back cover and the other one has Curved front screen as well.

"In order to trace the root cause behind the failure, we install LineageOS 16.0 on both Xiaomi Mi 8 and Samsung Note 10+. With the same Android OS, we eliminate the variation brought by different OSs. We launch SurfingAttack towards these two phones equipped with the same LineageOS, and the result shows that SurfingAttack successfully attacks Xiaomi Mi 8, but still fails to attack
Samsung Note 10+, which indicates that the attack failure cannot be attributed to the OS customization. Moreover, we notice that the recorded sound of the ultrasound commands
from Samsung Note 10+ has a very weak strength, which is likely caused by signal dampening over the body of the phone. Therefore, our conclusion is that the failure of the attack is most likely attributed to the structures and materials of the phone body. "

So, what can we do to prevent this kind of attacks ?

Simple disable the assistant on your lock screen and lock your device when putting your device down. And if you are the person who thinks i don't have any sensitive data on my phone then remember here not only your data is at risk, its your Loved one's too (Remember your assistant is capable of sending message to your contact asking me for password, pictures,etc.. thinking its you).

One of the best way to protect Our loved ones is by we actually staying Safe//

What do you say..?

Credits/ and if you like to read the complete paper : https://www.egr.msu.edu/sites/default/files/surfingattack.pdf

Update : The site is now available in github as well.