Kategorie

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ UtilsNewsroomhttp://www.blogger.com/profile/[email protected]

Scale AI, the data processing company that advertises itself as a way to train generative AI on higher-quality information, has apparently shut down access to its platform in several countries, leaving gig workers in the lurch.

The company, which does much of its data processing through a subsidiary called Remotasks, cut access to its portal for workers in Nigeria, Kenya and Pakistan in  March, according to a report by Rest of World. The gig workers used by Remotask, and by extension Scale, improve data quality by adding labels, annotations, and general human input to information set to be processed by AIs.

The idea is to help AI tools learn by shaping their perceptions of, say, lidar data from cars or other information.

According to Rest of World’s report, workers — many of whom rely on Remotasks for their main income — were greeted by a message saying that “we regret to inform you that at the moment we are unable to provide service in your location.” The report also notes that remote workers “often have few reliable ways to contact supervisors or escalate complaints,” despite the presence of hotlines and Slack channels.

Scale released a statement in September detailing its relationship with Remotasks, which it calls the “data annotation” side of its business. The company said it partners with the Global Living Wage Coalition and conducts quarterly pay analyses to “ensure fair and competitive compensation” for the gig workers annotating its data. Scale also criticized “misunderstandings and mischaracterizations” about the way it treats its workers through Remotasks.

Scale could not be reached for comment on Rest of World’s report, which said that many of the workers affected by the apparent shutdown only found out about it when they attempted to log in and work. According to Rest of World, a company spokesperson blamed the lack of communication with workers on an administrative error, while saying that the shutdowns were put in place for “enhanced security protocols.”

In addition to the shutdowns in Pakistan, Nigeria and Kenya, Rest of World reported that new signups for Remotask work had been blocked in several other countries, including Thailand, India, Poland and Vietnam.

Rest of World’s report ran a day after The Information reported that Scale — which has been one of the AI industry’s early success stories — was up for a new round of funding, courtesy of VC firm Accel, which was an early investor in Scale. The proposed funding round would raise the company’s value to $13 billion, a rise of 80%.

The company joins several other big names in the generative AI industry, including AI-powered robot creators Figure AI, LLM creator Anthropic, and market powerhouse OpenAI in lining up hundreds of millions in new funding from investors desperate to capitalize on the much-hyped technology, according to a report from siliconAngle.

Artificial Intelligence, Generative AI, Remote Work, Technology Industry

With WWDC 2024 now set, Apple continues to work on bringing itself more in line with US government demands. What we don’t know yet is the extent to which these changes will be restricted to the EU, or whether Apple intends to make them available worldwide in an attempt to quell regulatory zeal.

That regulators want to diminish the Apple user experience to open up additional digital competition is not in doubt. What isn’t known is whether these decisions will make things better or worse in the long run.

So, what else does Apple plan to do to bring itself into line with regulatory demands?

Android switchers get an easier life

If you end up with an Android phone and need to port all your information across from your iPhone, you can either follow this guide or wait until the end of the year; that’s  when Apple will introduce tools other mobile operating system providers can use to create user-friendly migration solutions to transfer data from iPhones to Android.

This won’t actually arrive until late 2025.

Big changes in Safari

By the end of this year or possibly early in 2025, Apple will introduce a browser switching solution for exporting and importing relevant browser data into another browser on the same device. Later this year, Apple will also make it possible to completely delete Safari from iPhones in favor of an alternative web browser.

For some, this is a step forward from what is possible in the EU, where developers can now use alternative browser engines in browsers and apps with browsing experiences inside.

RCS for Messages

Another big change is the adoption of Rich Communication Service (RCS) messaging support. Google hinted (and subsequently deleted) a claim that such support was coming this fall, which strongly suggest Apple intends to make it available in this year’s major operating system updates. This is not a total shock — Apple said it was working on this last year.

What this means is that it will be possible for Android and iPhone to exchange higher resolution media. It’s a modern messaging standard that will eventually replace SMS/MMS messaging, lack of support for which has drawn regulatory angst.

Navigation apps

It’s not ready yet, but by March 2025 Apple intends to introduce a new default control for users for navigation apps. Presumably this will let you choose which navigation app your device uses as a default – you might ask Siri how to get to your next appointment but receive instructions from Google Maps, for example.

Marketplace setting

A new Setting on iPhones will appear that lets users enable and disable third-party apps on their device. The idea here is that users can very easily stop using apps they don’t like or don’t trust sourced from outside the App Store.

User data sharing

On the very slim chance you’re prepared to share your personal data with developers (which I don’t recommend), Apple will by the end of the year introduce a new solution that lets users authorize developers to access such information. The idea is that users will get asked if they are willing to share this information and to what extent, while developers will be able to access that information subject to that approval.

This particular piece of privacy erosion comes from the EU.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS, iPhone, Regulation

Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based

Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based Newsroomhttp://www.blogger.com/profile/[email protected]

A critical vulnerability has been found in the wall command of the util-linux package that poses a severe security threat to Linux systems. This vulnerability, known as WallEscape and tracked as CVE-2024-28085 , has been present in every package version for the past 11 years.

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at LumenNewsroomhttp://www.blogger.com/profile/[email protected]

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to The Hacker Newshttp://www.blogger.com/profile/[email protected]

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper Newsroomhttp://www.blogger.com/profile/[email protected]

The marketing hype surrounding AI broadly — and generative AI (genAI) more specifically — is becoming tiresome. You can’t open an article or watch a news video without running into at least a reference to it. We may be approaching the point at which we stop breathlessly extolling its virtues (and dreading some of its outcomes).

The hype is so extreme that a fall-out, which Gartner describes in its technology hype cycle reports as the “trough of disillusionment,” seems inevitable and might be coming this year. That’s a testament to both genAI’s burgeoning potential and a sign of the technology’s immaturity.

The outlook for deep learning for predictive models and genAI for communication and content generation is bright. But what’s been rarely mentioned amid the marketing blitz of recent months is that the challenges are also formidable.

Machine learning tools are only as good as the data they’re trained with. Companies are finding that the millions of dollars they’ve spent on genAI have yielded lackluster ROI because their data is filled with contradictions, inaccuracies, and omissions. Plus, the hype surrounding the technology makes it difficult to see that many of the claimed benefits reside in the future, not the present.

In short, we’re not all the way there yet, especially with genAI-based chatbots, which have the tendency to “hallucinate” or crash repetitively. Many genAI chatbots were only recently announced and are undergoing rapid development even though they’ve been released for a beta-like general use. And frankly, the market is still figuring out how best to utilize large language models (LLMs) that underpin many chatbots. (For more on LLMs, see below.)

Google, Microsoft, and OpenAI have rushed to develop and release genAI tools, but that haste has caused an exceptional level of immaturity from many tools. Chatbots create content, but staking your company’s reputation on the content they’re able generate right now could be career limiting. Here are some of the ways a genAI chatbot can get into trouble:

• Misinformation and disinformation
• Deepfakes (photos, videos, voice clones), impersonation, synthetic pornography, phishing scams
• Chatbot hallucinations and other malfunctions
• Biases and unintentional inaccuracies
• Copyright issues
• Potential government regulations that could upend the genAI market
• Investments that haven’t paid off as handsomely as expected
• Productivity gains that have been overestimated, with corporate demands for results not being met

Enterprises and biz tech workers should at least be experimenting with machine learning, deep learning, and genAI, but 2024 may not be the time for your company to go all-in. Wait for the fake news and possible disinformation of the election to shake out. Wait for the tools to have their rough edges smoothed out  and additional rounds of training. Wait for government regulations to be invoked (or at least until you get a better sense of what they’re aiming to regulate). If productivity is the goal, wait for the promised productivity gains to be realized by others.

GenAI is still the new big thing, but it hasn’t advanced as much as the hype might make you think.

Still confused about the difference between AI, generative AI, machine learning and LLMs? The links below can get you up to speed.

Jumpstart your AI knowledge

Artificial intelligence (AI), as defined by Coursera, is an umbrella term for computer software that mimics human cognition to perform complex tasks and learn from them. AI, machine learning, deep learning, and generative AI are sometimes used interchangeably, but they are each distinct terms with separate meanings.

Machine learning is a subfield of AI that uses algorithms trained on data to produce adaptable models that can perform a variety of complex tasks. 

Deep learning is a subset of machine learning that uses several layers within neural networks to do some of the most complex ML tasks without any human intervention.

Generative AI, also referred to as genAI, is the technology behind chatbots and other tools. It’s a type of AI that generates images, text, videos, and other media in response to inputted prompts.

Large language model (LLM) is the term for the algorithmic foundation of chatbots like OpenAI’s ChatGPT and Google’s Gemini. An LLM is a computer algorithm that processes natural language inputs and predicts the next word based on what it’s already seen. Then it predicts the next word, and the next word, and so on until its answer is complete.

Emerging Technology, Generative AI, Productivity Software

Though most companies have settled on return-to-office (RTO) policies now that COVID-19 is no longer considered a global health emergency, many continue to adjust their practices, often to the detriment of their workforce.

Several workforce surveys over the past three months have revealed that employees do not view mandated RTO policies favorably, even when hybrid, because the guidelines are often too rigid.

During the pandemic, employees became comfortable with flexible work arrangements. When people have the chance to work flexibly, 87% of them take it, according to a 2022 study by global management consulting firm McKinsey & Co.

“Multiple studies confirm these types of [RTO] mandates reduce job satisfaction and employee retention without improving productivity or company performance,” said Jessica Kriegel, chief scientist of workplace culture at management consultancy Culture Partners.

Faced with mandates to be in the office, many employees are doing the bare minimum to satisfy those requirements, simply showing up long enough to get credit for being there before returning home to work — a practice known as “coffee badging.”

To determine what stops people from coming into the office, workplace management software maker Robin Powered surveyed nearly 600 full-time employees at companies that had flexible work policies.

The survey revealed that RTO mandates are everywhere, but they aren’t sticking. Forty-five percent of those surveyed said their company’s mandates required them to be in the office at least four days a week, yet only 24% of them reported adhering to the policy.

Twenty-three percent of employees surveyed said they don’t feel motivated to come into the office. Many survey respondents said they felt they lost time due to a lack of resources, poor office design or complicated processes.

In fact, 46% of respondents said that the reason they don’t come into the office is because they believe they are more productive with their at-home work setup. When asked about why they don’t come into the office, respondents frequently cited reasons like feeling more productive at home (71%) and not having the right resources at their desk (76%).

At the same time, 76% of employees felt they would be more productive in the office if they had all the equipment they needed set up on their desk. And 89% of those surveyed indicated that they spend up to 20 minutes looking for the right equipment when they get to the office.

Robin Powered’s survey showed several other “barriers” to employee willingness to obey RTO mandates. The first two groups of barriers had to do with time, including time lost getting to the office and time lost once in the office. For the former, the complaints at the top of the list were:

• Commute is too long 41%.
• Gas prices are too high 32%.
• Parking is too expensive 20%.

“A little more than 50% of respondents would need anywhere from $50 to $75 to make the trip into the office. We tried something similar at Robin and increased office attendance by 40% in one quarter,” Robin stated in its report.

Some survey respondents cited factors at home that prevent them from coming into the office, such as childcare costs and pets. Those concerns were some of the least cited barriers, despite 71% of respondents having children and 79% having pets at home.

In contrast to workers who felt RTO policies harmed their productivity, nearly three out of four respondents (73%) said that when they did return to their offices, they felt more connected to colleagues.

Other studies have indicated that remote work actually improves worker productivity. For example, a June 2023 survey published by Tech.co found that slightly less than half (47%) of companies experienced higher productivity by remote employees.

According to a survey by freelance worker platform Upwork, one-third (32%) of hiring managers say productivity has increased since remote work policies were implemented, and 22.5% found that it decreased.

Another survey of 2,080 knowledge workers released in January by Gartner Research measured employee retention after mandated RTOs. On average, when companies forced workers back to the office, those workers’ intent to stay with the organization declined by 8%, according to Gartner.

“Mandated on-site requirements can carry very steep costs for talent attraction and retention,” said Catilin Duffy, a research director in Gartner’s HR practice. “This is especially true for high performers, women, and millennials — three employee segments who greatly value flexibility. Often, these costs far outweigh the moderate benefits to employee engagement and effort. We also found no benefit to performance.”

Among high-performing employees, their desire to stay with their employer dropped by 16%. And among millennials and women, plans to stay in their current role declined by 10% and 11%, respectively.

Gartner’s study followed research published in December by the Katz Graduate School of Business at the University of Pittsburgh; that study found RTO mandates don’t help an organization’s financial performances, and can make workers less satisfied with their jobs and work-life balance.

The UPenn study compared a sample of Standard & Poor’s 500 firms that had RTO mandates to those that appeared not to have such mandates. (The sample covered 457 firms and 4,455 quarterly observations between June 2019 and January 2023.)

The UPenn study found significant declines in employees’ ratings of overall job satisfaction, work-life balance, senior management, and corporate culture after a firm announced an RTO mandate.

“Also, we show that employees’ other ratings that are not closely related to RTO do not significantly change,” the study stated. “The RTO push is eyewash for investors to prove that drops in revenue and profitability aren’t a result of poor managerial decisions but the result of lazy workers sitting at home in their pajamas.”

Employee Experience, IT Management, Remote Work

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. PyPI said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at 12:56 Newsroomhttp://www.blogger.com/profile/[email protected]

Microsoft’s Copilot AI could soon run locally on PCs rather than relying on the cloud.

Intel told Tom’s Hardware that the chatbot could run on future AI-enabled PCs that would need to incorporate neural processing units (NPUs) capable of exceeding 40 trillion operations per second (TOPS) — a performance level not yet matched by any consumer processor currently available.

Intel mentioned that these AI PCs would be equipped to handle “more elements of Copilot” directly on the machine. Copilot currently relies predominantly on cloud processing for most tasks, leading to noticeable delays, especially for minor requests. Enhancing local computing power is expected to reduce such delays, potentially boosting performance and privacy.

Intel did not immediately respond to a request for comment from Computerworld.

Copilot on your PC

As previously reported, using Copilot on Windows 11, ChatGPT, Adobe Firefly, or similar genAI tools doesn’t actually process tasks on your computer but rather in remote data centers using significant resources and electricity. While it’s possible to run applications like the Stable Diffusion text-to-image model or the Llama language model locally, achieving high-quality results typically requires a PC with substantial processing capabilities, especially a high-speed GPU, previously sought after for cryptocurrency mining.

Recent advancements in hardware, particularly the inclusion of neural processing units in the latest Intel Meteor Lake chips and AMD’s offerings, have sparked discussions about AI-powered PCs. These NPUs, designed as dedicated, low-power components, aim to facilitate the local execution of generative AI models, enhancing AI processing efficiency. The expectation is that NPUs will become a standard feature in future PCs, enabling genAI tasks to operate seamlessly in the background, even on battery power.

For example, MSI’s latest AI engine recognizes your laptop activities and automatically adjusts the battery profile, fan speed, and screen settings to suit your task. When you’re gaming, it boosts performance to the max; switch to working on Word documents, and it dials everything back.

AI on the go

The local AI trend isn’t limited to PCs. For instance, Google’s Pixel 8 and Pixel 8 Pro smartphones are equipped with the Tensor G3 chip, which Google claims sets the stage for on-device generative AI. This technology already supports AI-driven functionalities like audio summarization in the Recorder app and intelligent response generation in the Gboard keyboard. However, despite these advances, such hardware is currently not capable of running extensive AI models like Google’s Bard AI, Copilot, or ChatGPT locally. Instead, these devices run more compact models.

One benefit of local AI processing is that it could enhance cybersecurity. Cybersecurity consultant John Bambenek pointed out that a significant risk companies encounter when integrating AI into intellectual property tasks is managing data flow and access.

“We’ve seen enough third-party breaches of cloud services to know that even with promises, the data can be lost,” he added. “If organizations can do Microsoft’s Copilot AI locally, the CISOs still feel they have control of their data, and it will remove what is likely the largest barrier to adoption that exists.”

CPUs and Processors, Generative AI, Intel, Microsoft

Tianhao Chi and Puneet Sood, Google Public DNS

The Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communicate with each other. When a user enters a domain name in their browser, the DNS resolver (e.g. Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.

When DNS was launched in the early 1980s as a trusted, content-neutral infrastructure, security was not yet a pressing concern, however, as the Internet grew DNS became vulnerable to various attacks. In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.

DNS Cache Poisoning Attacks

DNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like. Google Public DNS). The path from a client to the resolver is usually on a local network or can be protected using encrypted transports like DoH, DoT. The resolver queries authoritative DNS servers to obtain answers for user queries. This communication primarily occurs over UDP, an insecure connectionless protocol, in which messages can be easily spoofed including the source IP address. The content of DNS queries may be sufficiently predictable that even an off-path attacker can, with enough effort, forge responses that appear to be from the queried authoritative server. This response will be cached if it matches the necessary fields and arrives before the authentic response. This type of attack is called a cache poisoning attack, which can cause great harm once successful. According to RFC 5452, the probability of success is very high without protection. Forged DNS responses can lead to denial of service, or may even compromise application security. For an excellent introduction to cache poisoning attacks, please see “An Illustrated Guide to the Kaminsky DNS Vulnerability”.

Cache poisoning mitigations in Google Public DNS

Improving DNS security has been a goal of Google Public DNS since our launch in 2009. We take a multi-pronged approach to protect users against DNS cache-poisoning attacks. There is no silver bullet or countermeasure that entirely solves the problem, but in combination they make successful attacks substantially more difficult.

RFC 5452 And DNS Cookies

We have implemented the basic countermeasures outlined in RFC 5452 namely randomizing query source ports and query IDs. But these measures alone are not sufficient (see page 8 of our OARC 38 presentation).

We have therefore also implemented support for RFC 7873 (DNS Cookies) which can make spoofing impractical if it’s supported by the authoritative server. Measurements indicate that the DNS Cookies do not provide sufficient coverage, even though around 40% of nameservers by IP support DNS Cookies, these account for less than 10% of overall query volume. In addition, many non-compliant nameservers return incorrect or ambiguous responses for queries with DNS Cookies, which creates further deployment obstacles. For now, we’ve enabled DNS Cookies through manual configuration, primarily for selected TLD zones.

Case Randomization (0x20)

The query name case randomization mechanism, originally proposed in a March 2008 draft “Use of Bit 0x20 in DNS Labels to Improve Transaction Identity”, however, is highly effective, because all but a small minority of nameservers are compatible with query name case randomization. We have been performing case randomization of query names since 2009 to a small set of chosen nameservers that handle only a minority of our query volume. 

In 2022 we started work on enabling case randomization by default, which when used, the query name in the question section is randomized and the DNS server’s response is expected to match the case-randomized query name exactly in the request. For example, if “ExaMplE.CoM” is the name sent in the request, the name in the question section of the response must also be “ExaMplE.CoM” rather than, e.g., “example.com.” Responses that fail to preserve the case of the query name may be dropped as potential cache poisoning attacks (and retried over TCP).

We are happy to announce that we’ve already enabled and deployed this feature globally by default. It covers over 90% of our UDP traffic to nameservers, significantly reducing the risk of cache poisoning attacks.

Meanwhile, we maintain an exception list and implement fallback mechanisms to prevent potential issues with non-conformant nameservers. However we strongly recommend that nameserver implementations preserve the query case in the response.

DNS-over-TLS

In addition to case randomization, we’ve deployed DNS-over-TLS to authoritative nameservers (ADoT), following procedures described in RFC 9539 (Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS). Real world measurements show that ADoT has a higher success rate and comparable latency to UDP. And ADoT is in use for around 6% of egress traffic. At the cost of some CPU and memory, we get both security and privacy for nameserver queries without DNS compliance issues.

Summary

Google Public DNS takes security of our users seriously. Through multiple countermeasures to cache poisoning attacks, we aim to provide a more secure and reliable DNS resolution service, enhancing the overall Internet experience for users worldwide. With the measures described above we are able to provide protection against passive attacks for over 90% of authoritative queries.

To enhance DNS security, we recommend that DNS server operators support one or more of the  security mechanisms described here. We are also working with the DNS community to improve DNS security. Please see our presentations at DNS-OARC 38 and 40 for more technical details.

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbspNewsroomhttp://www.blogger.com/profile/[email protected]