If you trust a website but find that some of the functionalities of that site are not working, maybe due to the high security settings of your computer, you can make an exception by adding the site to the Trusted sites list. This post shows how to add a trusted site in Windows 10. This exception is applied to all browsers, including the new Microsoft Edge, Google Chrome, Firefox, Internet Explorer, etc.

Internet Security Options offers four different zones. These four zones are-

All these zones have a specific level of security for your computer browser and files.

The default for the Internet zone is Medium-high. If you want to add an exception, you have to add the site to the Trusted sites zone so that your computer can trust the website and overwrite all the other security zone settings.

To add a trusted site in Windows 10, you need to follow these steps-

Let us see the procedure in a bit more detail.

Search for internet options in the Taskbar search box and click the result. This will open the Internet Options window

After opening, you need to switch to the Security tab. Then, click the Trusted sites option and then click the Sites button.

Now you have to enter the website URL in the Add this website to the zone box. There are two ways to list a website.

First, you can write down the specific URL like this:

Second, you can paste something like this:

Lets assume that your desired website has several subdomains, and you want to add all of them to the Trusted sites list. Instead of writing each subdomain one after one, you can use a wildcard entry like the second example.

After that, click the Close and OK buttons to save your change.

You do not need to restart your computer to apply the change, and it applies to all the installed browsers.

If you have added a website mistakenly, and you want to remove it from the Trusted sites list, you need to follow these steps-

To get started, you need to open the same Internet Options window and go to theSecuritytab. Here you need to selectTrusted siteszone and click the Sitesbutton to unveil the list.

Following that, select a URL from the list, and click theRemovebutton.

Now you need to save your settings to apply the change.

Originally posted here:
How do I add a Trusted Site in Windows 10 - TWCN Tech News

With the situation in Jammu and Kashmir returning to normality after the abrogation of the provisions of Article 370 of the Constitution, which gave it special status it is time for the Central government to take the potential risk of restoring the Internet connectivity in the region, said Lieutenant General Syed Ata Hasnain (retd), who commanded Army Corps in Jammu and Kashmir.

Taking part in the panel discussion on Kashmir: a peep into the future at the last day of Mangaluru Literary Festival 2019 here on Saturday, Mr. Hasnain said Internet connectivity has now assumed the status of human rights because of its multiple usages. Time has come to open the connectivity, without compromising on national security. The government of India has to take the potential risk, he said.

Mr. Hasnain said he has been a witness to the disturbances in 2005, 2008 and 2016 in the Kashmir valley when mobile phones were used to mobilise people. With Jammu and Kashmir now being a Union territory, the Cabinet Committee on Security will have to take an overview of the security in the Kashmir valley and take a decision on restoring Internet connection.

Senior journalist M.D. Nalpath said the mistake was made earlier by bringing in Article 370, which is based on the two-nation theory. Though we have same culture and DNA, an exception was made for Kashmir on the ground that it is a Muslim-majority State. We did a mistake earlier, he said.

On the claim by Bharatiya Janata Party that forming the government in Jammu Kashmir with the PDP was in order to facilitate abrogation the provisions in Article 370, Mr. Nalpath said alliance of BJP with Ajit Pawar in Maharashtra was more serious than its alliance with the PDP. Devendra Fadnavis gave lot of concessions to Ajit Pawar. He sat on the file seeking permission to prosecute Ajit Pawar who faced corruption charges, he said.

Senior international journalist Waeli Awwad said India should ensure that terrorist forces that destroyed Syria and Afghanistan do not gain ground in India. We (Syrians) have suffered. Do not allow them here. Build schools, provide jobs by opening industries and fight against these forces, he said, while emphasising the need to bring Kashmiris to the mainstream.

Jawaharlal Nehru University Professor Anand Ranganthan moderated the discussion.

You have reached your limit for free articles this month.

Register to The Hindu for free and get unlimited access for 30 days.

Find mobile-friendly version of articles from the day's newspaper in one easy-to-read list.

Enjoy reading as many articles as you wish without any limitations.

A select list of articles that match your interests and tastes.

Move smoothly between articles as our pages load instantly.

A one-stop-shop for seeing the latest updates, and managing your preferences.

We brief you on the latest and most important developments, three times a day.

*Our Digital Subscription plans do not currently include the e-paper ,crossword, iPhone, iPad mobile applications and print. Our plans enhance your reading experience.

Read the original post:
'Restore Internet in J&K without compromising national security' - The Hindu

People prefer biometric security authentication to passwords because PINS and passwords readily get hacked and are challenging to remember. While passwords are the current what you know method, your physical characteristics are "what you are."

And there's only one you. (Read New Advances in Biometrics: A More Secure Password.)

But, picture this: a four-year-old child noticed that Amazon dropped gifts on their doorstep after her mother swiped her pinkie on the iPad's touchpad. So, the child used her sleeping mother's pinkie to unlock the device and, going to Amazon.com, one-clicked that beautiful pink bike.

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

True story. Incidents like that happen all the time. (Read How Passive Biometrics Can Help in IT Data Security.)

Gartner, a leading research and advisory company, claims certain physical and behavioral characteristics, like your facial features or the way you type, are more secure than your password.

In contrast, critics count millions of data breaches and they're growing every day.

Over the last decade, scientists unleashed various biometric verification identifiers to dramatically improve enterprise security.

The most common biometric identifiers are:

Join this interactive round table to learn more about HCI and how this technology helped a mid-sized, service-oriented, and process-intensive company to simplify its IT while providing better services, aligned to increasing business needs.

Used to unlock door panels, devices or computers of approved users, among other user cases.

More specifically the iris, sclera or retina, where devices equipped with cameras scan the unique patterns of your eyes.

For example, prompt server room doors to swing open automatically when cameras recognize the faces of trusted system administrators.

For example, digital assistants and telephone-based service portals use voice recognition to identify users and verify customers. (Read Voice Recognition Technology: Helpful or Painful?)

Other image-based authentication methods include facial contortions, veins in your hand, the shape of that hand, body odors, and the shape of your ears.

More recently, researchers at the University of Buffalo developed a way that you can use heartbeats for your new pass-code, while, at the same time, a $1,000 pocket-sized scanner hit the market for scanning DNA.

According to a recent Ping Identity survey, 92% of IT and security respondents rated biometric authentication as two of the top five most effective security controls, and 80% said it is effective for protecting data stored in a public cloud.

Around the same time, a Spiceworks survey reported that 62% of companies are already using biometric authentication, and another 24% plan to deploy it within the next two years.

The Amazon-grubbing child is one of scores of incidents that plays havoc with biometrics authentication. Two years ago, on a Qatar Airways flight a woman used her husbands fingerprint to unlock his phone while he was asleep, to divulge his infidelity.

It's super easy to copy fingerprints as cybersecurity and emerging technologies advisor, Joseph Steinberg remarks:

For well over a decade, I have been outspoken against the widespread use of fingerprints and most other forms of biometric authentication as a means for authenticating people among the serious problems with such schemes are the fact that biometric information is not secret (you leave your fingerprints on everything that you touch, and often show them in pictures, for example).

You want to know the cheapest simplest fastest way to crack into your boss iPad? Use play-dough.

And look for high-definition photos where your boss high-fives, makes the Vulcan peace sign or raises his hand to ask a question just like the hacker who recreated a German ministers fingerprints using photos of her hands in 2014.

There are bundles of other tricks that include researchers using voice scanners to impersonate your voice, iris scanners that match your retinas and face scanners that trick facial recognition login with photos from, say, Facebook even 3D-printed heads.

Aside from that, facial recognition devices can readily be fooled by false positives, such as if your voice is hoarse, you switch hair-styles, you wear sunglasses, or don a mask for Halloween.

So, fingerprints, voices and faces are out, but so, too, are heart-beats, DNA, body odors, and eyes. If they get compromised, you can't just roll out your eyeball and replace it with another

Biometric authentication is convenient, but privacy advocates fear biometric security erodes your privacy. Companies could easily collect and exploit your data on, say, where and when you typically use your phones.

Hackers could replicate and sell these biometrics for tracking and marketing your behavior and movements. As Robert Capps, VP of Business Development at NuData Security warns, Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a users accounts and identity will persist for that persons lifetime.

Even the multi-factor security model of Indias Aadhaar the worlds largest biometric identification system succumbed to hackers in 2018.

Had you been interested, you could have bought the personal data of more than one million citizens of India on WhatsApp for less than $10.

Susan Rebner, CEO of Cyleron, national security company, said she believes that's the next step and something her company's working on.

For example: devices analyze the way typists slide their fingers across desktops while sliding doors discern the person's stride; computers kick up at a person's finger impact on the keyboard, while mobiles recognize a user's hand tremor when punching numbers, among other items.

Other methods include speech recognition (used, for example, by USAAs mobile app) , well as signature verification (used, for instance, by banks on letterheads and other documents).

Any user behavior that veers from their norms and the device or system locks those users out.

You can protect passwords by hashing them into chains of digits and letters. Scientists say you can do the same with biometrics, encrypting them on a secure server.

In an interview for Biometric Update, Infinitys CEO Alfred Chan said their company's Quantum-Crypt technology developed hashed solutions for iris, fingerprints, and 2D face modalities, and is now exploring 3D modalities.

You can combine biometrics authentication with blockchain technology, or the decentralized ledger, where platforms are open-ended and shared by other participants. (Read Can the Blockchain Be Hacked?)

This means, any attempt to modify the data is detected by other users who subscribe to the platform.

While behavioral biometrics seems the most secure by far, analysts warn that the system needs to be regulated for data privacy and security and that the method needs broader testing to screen out false positives or false negatives.

On blockchain technology and hashed biometrics, MIT researchers recently showed how hackers could breach the allegedly "unhackable" blockchains.

Certainly, the same goes for cracking your hashed password to retrieve those biometrics.

Europeans have the General Data Protection Regulation (GDPR) that gives consumers protection over their personal data including biometrics. (Read How Cybercriminals Use GDPR as Leverage to Extort Companies.)

The U.S., to date, only has a hodgepodge of overlapping and contradictory laws from industry groups and federal as well as local government agencies - and that's despite its June 2015 hack of the US Office of Personnel Management where cybercriminals pilfered more than 5.6 million fingerprints of government officials.

If you're a business that wants to use biometrics authentication to shield your data, you're likely to benefit from this 1-2-3 proactive approach.

Regularly educate your staff on the biometrics security system you use and on how to ensure data privacy. You would also want to use strong passwords and store your biometrics in three places at best. Further, keep your operating system and Internet security software current so hackers can't crack it.

For greater security, use a combo of identifiers, so, for example, add fingerprints to facial recognition, like the new LG V30 smartphone that combines facial and voice recognition with fingerprint scanning. Some security systems also include additional features, such as age, gender, and height, in biometric data to thwart hackers.

Humans can dupe facial scanners by wearing a mask or makeup. Add a human to your security checkpoint for ultimate security.

Oh, and by the way...

You may want to observe the Illinois 2008 Biometric Information Privacy Act, where a company that collects its employees data must notify them on how the data will be used and stored and get their consent. Doing so saves you from privacy lawsuits from employees and customers whose biometric data you store.

Hackers are always going to be one step ahead of you.

Beat them to the trick by combining passwords with biometrics authentication systems and putting humans in the loop to improve security.

Also remember those privacy concerns.

While biometrics authentication technology is not foolproof, you may find it gives you less problems than passwords - as long as you keep on top of the system.

Original post:
Understanding Biometric Security: The Growing Threats and How to Beat Them - Techopedia

Internet-connected gadgets like lightbulbs and fitness trackers are notorious for poor security. That's partly because theyre often made cheaply and with haste, which leads to careless mistakes and outsourcing of problematic parts. But its also partly due to the lack of computing power in the first place; it's not so easy to encrypt all that data with limited resources. Or at least thats how the conventional wisdom goes.

But real-world data suggests that many of those ubiquitous tiny gadgets can run versions of traditional, time-tested encryption schemes. A team from the Swiss IoT encryption firm Teserakt argues that there's no need to reinvent the wheel when the real solution is simply holding IoT manufacturers to higher standards. They made their case at a National Institute of Standards and Technology conference in Maryland this month focused on developing lightweight cryptography for embedded devices.

But traditional cryptography, particularly the stalwart Advanced Encryption Standard, often works just fine in IoT devices, says Antony Vennard, Teserakt's chief engineer. The researchers have even observed a number of situations where security-conscious manufactures found ways to incorporate it, like in the embedded systems of cars. And other, independent studies have had similar findings.

"The lightweight competition is based on the idea that for embedded devicesthings like industrial controllers and smart cards like chip credit cardsAES is too heavy, too big. Using it takes up too much space and power," Vennard says. "But my passport has a chip in it that can run AES. Modern smart cards can run it. Fitness trackers like FitBits can run it. In our experience, AES is pretty much everywhere, even in embedded devices."

"Where it could get confusing is where people arent sure what level of security they need."

Antony Vennard, Teserakt

Its important to talk about the actual utility of lightweight encryption now, because it takes years for the cryptography community to develop and vet a new encryption scheme to ensure that its safe to use. NIST has already been working on lightweight cryptography since 2015. And once those standards are in place, it takes even more time to gain real-world experience implementing the scheme to catch mistakes. It adds a lot of time and potential risk to the process of securing these devices. If you can make existing encryption algorithms work on them instead, all the better.

In February, for example, Google debuted a method for encrypting most low-end Android devices regardless of how piddly their processors. Rather than a novel encryption scheme, it relied on clever implementations of AES and other existing cryptographic methods to reduce the chance of introducing a fundamental flaw. The method, dubbed Adiantum, is an impressive solution to one of Android's more daunting problems. But Johns Hopkins cryptographer Matthew Green points out that the lengths Google had to go to to achieve it may actually indicate a need for lightweight cryptography, rather than showing that it's worth sticking with AES. "It's not actually a great argument for 'AES is fast enough,'" Green says.

Though it may be possible to implement traditional encryption more widely than the IoT industry currently believes, Vennard admits that there are situations where lightweight encryption would be useful. Certain devices, particularly things like simple sensors in industrial control settings, are powered by microcontrollers so rudimentary that they really would require special encryption techniques to secure. But Vennard argues that the key is clearly defining these categories rather than creating a situation where developers and manufacturers don't know which cryptographic techniques should be used where.

"There are some cases where you might need lightweight crypto, but where it could get confusing is where people arent sure what level of security they need," Vennard says. "If people can use AESwe have about 20 years of experience implementing AESbut don't, that's a risk, because implementing something new is tricky."

It's also always possible that the US government knows something private researchers don't. Along with NIST, the National Security Agency, for example, has stressed the importance of developing next-generation cryptography schemes. That's partly because of the threat to encryption posed by the rise of quantum computing, but it's also because of the IoT security crisis.

View post:
The Debate Over How to Encrypt the Internet of Things - WIRED