AI Generator Reader

AI Generator Reader — independent reviews, comparisons, pricing and step-by-step guides on Aizhi.

Data classification (data management)

Data classification is the process of organizing data into categories based on attributes like file type, content, or metadata. The data is then assigned class labels that describe a set of attributes for the corresponding data sets. The goal is to provide meaningful class attributes to former less structured information, enabling organizations to manage, protect, and govern their data more effectively. Data classification can be viewed as a multitude of labels that are used to define the type of data, especially on confidentiality and integrity issues. == Approaches == Classification techniques might be used for reports generated by ERP systems or where the data includes specific personal information that is identified. Many organizations also employ context-based classification that considers factors such as data source, user identity, and application context. == Regulatory frameworks == Data classification schemes are mandated or implied by numerous regulatory frameworks that require organizations to identify, categorize, and protect sensitive information according to its level of sensitivity. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires covered entities to conduct an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of protected health information under 45 CFR 164.308(a)(1)(ii)(A), which necessitates classification of data to distinguish protected health information from other organizational data."Security Standards: Administrative Safeguards". U.S. Department of Health and Human Services. Retrieved April 1, 2026. The December 2024 HIPAA Security Rule notice of proposed rulemaking (90 FR 898) would mandate comprehensive technology asset inventories and require mapping of how electronic protected health information moves through an organization, formalizing data classification as an explicit compliance obligation."HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information". Federal Register. January 6, 2025. Retrieved April 1, 2026. NIST Special Publication 800-60 provides guidelines for mapping information types to security categories, establishing a structured methodology for federal agencies to classify data and apply appropriate security controls based on the potential impact of a security breach."NIST SP 800-60 Vol. 1 Rev. 1: Guide for Mapping Types of Information and Information Systems to Security Categories". National Institute of Standards and Technology. August 2008. Retrieved April 1, 2026.
Read more →
Data philanthropy

Data philanthropy refers to the practice of private companies donating corporate data. This data is usually donated to nonprofits or donation-run organizations that have difficulty keeping up with expensive data collection technology. The concept was introduced through the United Nations Global Pulse initiative in 2011 to explore corporate data assets for humanitarian, academic, and societal causes. For example, anonymized mobile data could be used to track disease outbreaks, or data on consumer actions may be shared with researchers to study public health and economic trends. == Definition == A large portion of data collected from the internet consists of user-generated content, such as blogs, social media posts, and information submitted through lead generation and data forms. Additionally, corporations gather and analyze consumer data to gain insight into customer behavior, identify potential markets, and inform investment decisions. United Nations Global Pulse director Robert Kirkpatrick has referred to this type of data as "massive passive data" or "data exhaust." == Challenges == While data philanthropy can enhance development policies, making users' private data available to various organizations raises concerns regarding privacy, ownership, and the equitable use of data. Different techniques, such as differential privacy and alphanumeric strings of information, can allow access to personal data while ensuring user anonymity. However, even if these algorithms work, re-identification may still be possible. Another challenge is convincing corporations to share their data. The data collected by corporations provides them with market competitiveness and insight regarding consumer behavior. Corporations may fear losing their competitive edge if they share the information they have collected with the public. Numerous moral challenges are also encountered. In 2016, Mariarosaria Taddeo, a digital ethics professor at the University of Oxford, proposed an ethical framework to address them. == Sharing strategies == The goal of data philanthropy is to create a global data commons where companies, governments, and individuals can contribute anonymous, aggregated datasets. The United Nations Global Pulse offers four different tactics that companies can use to share their data that preserve consumer anonymity: Share aggregated and derived data sets for analysis under nondisclosure agreements (NDA) Allow researchers to analyze data within the private company's own network under NDAs Real-Time Data Commons: data pooled and aggregated among multiple companies of the same industry to protect competitiveness Public/Private Alerting Network: companies mine data behind their own firewalls and share indicators == Application in various fields == Many corporations take part in data philanthropy, including social networking platforms (e.g., Facebook, Twitter), telecommunications providers (e.g., Verizon, AT&T), and search engines (e.g., Google, Bing). Collecting and sharing anonymized, aggregated user-generated data is made available through data-sharing systems to support research, policy development, and social impact initiatives. By participating in such efforts, these organizations contribute to causes regarded as beneficial to society, allowing institutions to give back meaningfully. With the onset of technological advancements, the sharing of data on a global scale and an in-depth analysis of these data structures could mitigate the effects of global issues such as natural disasters and epidemics. Robert Kirkpatrick, the Director of the United Nations Global Pulse, has argued that this aggregated information is beneficial for the common good and can lead to developments in research and data production in a range of varied fields. === Digital disease detection === Health researchers use digital disease detection by collecting data from various sources—such as social media platforms (e.g., Twitter, Facebook), mobile devices (e.g., cell phones, smartphones), online search queries, mobile apps, and sensor data from wearables and environmental sensors—to monitor and predict the spread of infectious diseases. This approach allows them to track and anticipate outbreaks of epidemics (e.g., COVID-19, Ebola), pandemics, vector-borne diseases (e.g., malaria, dengue fever), and respiratory illnesses (e.g., influenza, SARS), improving response and intervention strategies for the spread of diseases. In 2008, Centers for Disease Control and Prevention collaborated with Google and launched Google Flu Trends, a website that tracked flu-related searches and user locations to track the spread of the flu. Users could visit Google Flu Trends to compare the amount of flu-related search activity versus the reported numbers of flu outbreaks on a graphical map. One drawback of this method of tracking was that Google searches are sometimes performed due to curiosity rather than when an individual is suffering from the flu. According to Ashley Fowlkes, an epidemiologist in the CDC Influenza division, "The Google Flu Trends system tries to account for that type of media bias by modeling search terms over time to see which ones remain stable." Google Flu Trends is no longer publishing current flu estimates on the public website; however, visitors to the site can still view and download previous estimates. Current data can be shared with verified researchers. A study from the Harvard School of Public Health (HSPH), published in the October 12, 2012 issue of Science, discussed how phone data helped curb the spread of malaria in Kenya. The researchers mapped phone calls and texts made by 14,816,521 Kenyan mobile phone subscribers. When individuals left their primary living location, the destination and length of journey were calculated. This data was then compared to a 2009 malaria prevalence map to estimate the disease's commonality in each location. Combining all this information, the researchers could estimate the probability of an individual carrying malaria and map the movement of the disease. This research can be used to track the spread of similar diseases. === Humanitarian aid === Calling patterns of mobile phone users can determine the socioeconomic standings of the populace, which can be used to deduce "its access to housing, education, healthcare, and basic services such as water and electricity." Researchers from Columbia University and Karolinska Institute used daily SIM card location data from both before and after the 2010 Haiti earthquake to estimate the movement of people both in response to the earthquake and during the related 2010 Haiti cholera outbreak. Their research suggests that mobile phone data can provide rapid and accurate estimates of population movements during disasters and outbreaks of infectious disease. Big data can also provide information on looming disasters and can assist relief organizations in rapid-response and locating displaced individuals. By analyzing specific patterns within this 'big data', governments and NGOs can enhance responses to disruptive events such as natural disasters, disease outbreaks, and global economic crises. Leveraging real-time information enables a deeper understanding of individual well-being, allowing for more effective interventions. Corporations utilize digital services, such as human sensor systems, to detect and solve impending problems within communities. This is a strategy used by the private sector to anonymously share customer information for public benefit, while preserving user privacy. === Impoverished areas === Poverty still remains a worldwide issue, with over 2.5 billion people currently impoverished. Statistics indicate the widespread use of mobile phones, even within impoverished communities. Additional data can be collected through Internet access, social media, utility payments and governmental statistics. Data-driven activities can lead to the accumulation of 'big data', which in turn can assist international non-governmental organizations in documenting and evaluating the needs of underprivileged populations. Through data philanthropy, NGOs can distribute information while cooperating with governments and private companies. === Corporate === Data philanthropy incorporates aspects of social philanthropy by allowing corporations to create profound impacts through the act of giving back by dispersing proprietary datasets. The public sector collects and preserves information, considered an essential asset. Companies track and analyze users' online activities to gain insight into their needs related to new products and services. These companies view the welfare of the population as key to business expansion and progression by using their data to highlight global citizens' issues. Experts in the private sector emphasize the importance of integrating diverse data sources—such as retail, mobile, and social media data—to develop essential solutions for global challenges. In Data Philanthropy:
Read more →
Protecting Our Kids from Social Media Addiction Act

Protecting Our Kids from Social Media Addiction Act also known as California SB 976 is a law that was enacted in September 2024 that is meant to address problematic social media usage among minors. The law prohibitions minors to have "addictive feeds" unless they have verifiable parental consent, minor's notifications are also restricted between 12 am to 6 am and during school hours between 8 am and 3 pm it also well requires minors to have default privacies settings and have social media companies to publicly disclose certain metrics about their users. The law was set to take effect in two steps the first being the restrictions on social media feeds, notifications, disclosures from social media companies and default settings which would have taken effect on January 1, 2025, and the age verification provision which would have taken effect on January 1, 2027. However, has faced legal challenges since its enactment delaying its enactment. == Legal Challenges == In November 2024 NetChoice a trade association representing many of the biggest social media companies such as YouTube, Facebook and Instagram sued the attorney general of California Rob Bonta hoping to get an injunction before the first set of the law's provisions would take effect in January of the next year. However, judge Edward Davila would only grant Netchoice's request as to the restrictions on notifications and public disclosures and would deny their request as to the rest of the law. The law was later fully enjoined temporarily by the District Court and Appellant Court pending appeal, and the case is now in the Ninth Circuit Court of Appeals and is pending a decision. === Social media platforms challenges to law === In November 2025 Meta, Google and TikTok filed lawsuits against the law arguing it violates the first amendment.
Read more →
Forward anonymity

Forward anonymity is a property of a cryptographic system which prevents an attacker who has recorded past encrypted communications from discovering its contents and participants in the future. This property is analogous to forward secrecy. An example of a system which uses forward anonymity is a public key cryptography system, where the public key is well-known and used to encrypt a message, and an unknown private key is used to decrypt it. In this system, one of the keys is always said to be compromised, but messages and their participants are still unknown by anyone without the corresponding private key. In contrast, an example of a system which satisfies the perfect forward secrecy property is one in which a compromise of one key by an attacker (and consequent decryption of messages encrypted with that key) does not undermine the security of previously used keys. Forward secrecy does not refer to protecting the content of the message, but rather to the protection of keys used to decrypt messages. == History == Originally introduced by Whitfield Diffie, Paul van Oorschot, and Michael James Wiener to describe a property of STS (station-to-station protocol) involving a long term secret, either a private key or a shared password. == Public Key Cryptography == Public Key Cryptography is a common form of a forward anonymous system. It is used to pass encrypted messages, preventing any information about the message from being discovered if the message is intercepted by an attacker. It uses two keys, a public key and a private key. The public key is published, and is used by anyone to encrypt a plaintext message. The Private key is not well known, and is used to decrypt cyphertext. Public key cryptography is known as an asymmetric decryption algorithm because of different keys being used to perform opposing functions. Public key cryptography is popular because, while it is computationally easy to create a pair of keys, it is extremely difficult to determine the private key knowing only the public key. Therefore, the public key being well known does not allow messages which are intercepted to be decrypted. This is a forward anonymous system because one compromised key (the public key) does not compromise the anonymity of the system. == Web of Trust == A variation of the public key cryptography system is a Web of trust, where each user has both a public and private key. Messages sent are encrypted using the intended recipient's public key, and only this recipient's private key will decrypt the message. They are also signed with the senders private key. This creates added security where it becomes more difficult for an attacker to pretend to be a user, as the lack of a private key signature indicates a non-trusted user. == Limitations == A forward anonymous system does not necessarily mean a wholly secure system. A successful cryptanalysis of a message or sequence of messages can still decode the information without the use of a private key or long term secret. == News == Forward anonymity, along with other privacy-protecting measures, received a burst of media attention after the leak of classified information by Edward Snowden, beginning in June, 2013, which indicated that the NSA and FBI, through specially crafted backdoors in software and computer systems, were conducting mass surveillance over large parts of the population of both the United States (see Mass surveillance in the United States), Europe, Asia, and other parts of the world. They justified this practice as an aid to catch predatory pedophiles. Opponents to this practice argue that leaving in a back door to law enforcement increases the risk of attackers being able to decrypt information, as well as questioning its legality under the US Constitution, specifically being a form of illegal Search and Seizure.
Read more →
Rule induction

Rule induction is an area of machine learning in which formal rules are extracted from a set of observations. The rules extracted may represent a full scientific model of the data, or merely represent local patterns in the data. Data mining in general and rule induction in detail are trying to create algorithms without human programming but with analyzing existing data structures. In the easiest case, a rule is expressed with “if-then statements” and was created with the ID3 algorithm for decision tree learning. Rule learning algorithm are taking training data as input and creating rules by partitioning the table with cluster analysis. A possible alternative over the ID3 algorithm is genetic programming which evolves a program until it fits to the data. Creating different algorithm and testing them with input data can be realized in the WEKA software. Additional tools are machine learning libraries for Python, like scikit-learn. == Paradigms == Some major rule induction paradigms are: Association rule learning algorithms (e.g., Agrawal) Decision rule algorithms (e.g., Quinlan 1987) Hypothesis testing algorithms (e.g., RULEX) Horn clause induction Version spaces Rough set rules Inductive Logic Programming Boolean decomposition (Feldman) == Algorithms == Some rule induction algorithms are: Charade Rulex Progol CN2
Read more →
IEBus

IEBus (Inter Equipment Bus) is a communication bus specification "between equipments within a vehicle or a chassis" of Renesas Electronics. It defines OSI model layer 1 and layer 2 specification. IEBus is mainly used for car audio and car navigations, which established de facto standard in Japan, though SAE J1850 is major in United States. IEBus is also used in some vending machines, which major customer is Fuji Electric. Each button on the vending machine has an IEBus ID, i.e. has a controller. Detailed specification is disclosed to licensees only, but protocol analyzers are provided from some test equipment vendors. Its modulation method is PWM (Pulse-Width Modulation) with 6.00 MHz base clock originally, but most of automotive customers use 6.291 MHz, and physical layer is a pair of differential signalling harness. Its physical layer adopts half-duplex, asynchronous, and multi-master communication with carrier-sense multiple access with collision detection (CSMA/CD) for medium access control. It allows for up to fifty units on one bus over a maximum length of 150 meters. Two differential signalling lines are used with Bus+ / Bus− naming, sometimes labeled as Data(+) / Data(−). It is sometimes described as "IE-BUS", "IE-Bus," or "IE Bus," but these are incorrect. In formal, it is "IEBus." IEBus® and Inter Equipment Bus® are registered trademark symbols of Renesas Electronics Corporation, formerly NEC Electronics Corporation, (JPO: Reg. No.2552418 and 2552419, respectively). == History == In the middle of '80s, semiconductor unit of NEC Corporation, currently Renesas Electronics, started the study for increasing demands for automotive audio systems. IEBus is introduced as a solution for the distributed control system. In the late 1980s, several similar specifications, including the Domestic Digital Bus (D2B), the Japanese Home Bus (HBS), and the European Home System (EHS) are proposed by different companies or organizations. These were once discussed as IEC 61030, but it was withdrawn in 2006. IEBus is also a similar specification (refer to "Transfer signal format" section), but not listed in these criteria. As the result, IEBus becomes a de facto standard of car audio in Japan. Regarding the Domestic Digital Bus (D2B), it is re-defined as D2B Optical by Mercedes-Benz independently. As for Japanese Home Bus System (HBS), it is defined in 1988 as Home Bus System Standard Specification, ET-2101 by JEITA and REEA (Radio Engineering & Electronics Assiation) in Japan. It is being used by several Japanese air conditioner manufacturers (for example, M-Net from Mitsubishi and the P1/P2 or F1/F2 bus from Daikin). Fujitsu provided HBPC (Home Bus Protocol Controller) chip as MB86046B. But it is unclear whether Fujitsu (currently, Cypress) still manufactures this HBPC LSI as of 2018. Mitsumi Electric provides the MM1007 and MM1192 driver ICs for HBS. The HBS specification is also discussed in the Echonet Consortium. In 2014, a utility model patent for protocol converter from HBS to RS-485 is granted in China as "CN204006496U." Regarding the replacement of IEBus, a paper by Hyundai Autonet, currently Hyundai Mobis, describes as follows. "In communication methods for digital input capable amplifiers, Inter Equipment Bus (IEBus) was used in early times, but for now, Controller Area Network (CAN) is mainly used." == Protocol overview == A master talks to a slave. Each unit has a master and a slave address register. Only one device can talk on the bus at any given time. There is a pecking order for the types of communications which will take precedence over another. Each communication from master to slave must be replied to by the slave going back to the master with acknowledge bits each of those show ACK or NAK. If the master does not receive the ACK within a predefined time allowance for a mode, it drops the communication and returns to its standby (listen) mode. Detailed specification of OSI model layer 2 is disclosed to licensees only, but protocol analyzers are provided from some test equipment vendors. In 2012, one of Chinese manufacturer's patent is granted as "CN202841169U". An open-source software emulator called "IEBus Studio" exists on a repository of SourceForge, but the last update was on 2008-02-24. Another open-source analyzer software called "IEBusAnalyzer" is available on GitHub repository. Some hobbyist made some tools also. === Physical layer (OSI model layer 1) specification overview === From μPD6708 data sheet. and μPD78098B Subseries user's manual, hardware. Communication system Half-duplex asynchronous communication Multi-master system All the units connected to the IEBus can transfer data to the other units. Broadcast communication function (communication between one unit and multiple units) Normally, communication is individually carried out from one unit to another. By using the broadcast communication function, however, communication can be executed from one unit to plural units as follows: Group broadcast communication: Broadcast communication to group units Simultaneous broadcast communication: Broadcast communication to all units Effective transmission rate The effective transmission rate can be selected from the following three communication modes: Mixture of the plural of modes in the same bus line is not allowed. Correct communication between different base clock is not possible. Access control CSMA/CD (Carrier Sense Multiple Access with Collision Detection) The priority of occupying IEBus is as follows: «1» Broadcast communication takes precedence over individual communication. «2» The lower the master address, the higher the priority. Communication scale Number of units: 50 MAX. Cable length: 150 m MAX. (when a twisted pair cable is used) Load capacity: MAX. 8000 pF; between Bus+ and Bus−, (6.000000 MHz base clock) MAX. 7100 pF; between Bus+ and Bus−, (6.291456 MHz base clock) Terminating resistor: 120 Ω Logic level Logic 1: Low level. Voltage difference between Bus+ and Bus− is under 20mV Logic 0: High Level. Voltage difference between Bus+ and Bus− is over 120mV In-phase input voltage high: Bus+ ≤ (VDD-1.0) V, Bus− ≥ 1.0 V === Transfer signal format === From μPD6708 data sheet. and μPD78098B Subseries user's manual, hardware. This frame format is much similar to that of Domestic Digital Bus (D2B). All fields are MSB first. ==== Functions of Control bits ==== === Bit format === Each IEBus bit consists of four periods. Preparation period: The first or subsequent low-level (logic "1") period Synchronization period: Next high-level (logic "0") period Data period: Period indicating value of bit; ether low-level (logic "1") or high-level (logic "0") Stop period: The last low-level (logic "1") period Synchronization is done by each bit. Time lengths of the synchronization period and data period are almost the same. The time of the entire bits' and each bit's specification, related to the time of each period allocated to it, differ depending both on the type of the transmit bit and on whether the unit is the master or a slave unit. == Automotive manufacturers using IEBus == Each manufacturer has its own name, but it is not an alias of IEBus. Those are specifications of wire harness which comprise control cables based on IEBus, OSI model layer 3 and above communication protocol, audio cables, interconnection couplers, and so on. === Pioneer === Pioneer Corporation employed IEBus for its original branded car audio in early '90s. In its earlier stage, it was used just for control bus between the head unit in dashboard and the CD changer usually placed in trunk room. Nowadays, the specification includes connection between head units, navigation systems, rear speaker systems, and so on. IP-Bus: Wire harness specification. === Toyota === Pioneer Corporation pushed Toyota Motor Corporation to adopt IEBus as the genuine parts. In 1994, Toyota decided to employ IEBus for its genuine specification, but it is slightly different from that of Pioneer. It is named as AVC-LAN. AVC-LAN: Wire harness specification, based on mode 2. === Honda/Acura === Pioneer Corporation also pushed Honda Motor. Honda also decided to adopt IEBus as its genuine parts specification just after Toyota do so. GA-NET II: Wire harness specification. Honda Music Link: Honda genuine gadget to connect Apple Inc. products. A hobbyist made touch screen controller on Acura TSX for a Car PC installed in the trunk. === Sirius XM Satellite Radio === Sirius XM Satellite Radio is a satellite broadcasting radio operator in US. Its digital media receiver equipment utilizes IEBus. == Evaluation boards == === SAKURA board === GR-SAKUKRA board and GR-SAKURA-FULL board are Renesas official promotion boards of RX63N chip, which enables IEBus mode 0 and 1, but not mode 2, i.e. not available for Toyota AVC-LAN. They are an Arduino pin compatible low-price ones, suitable for hobbyists. Their color of printed circuit board is SAKURA in Japanese, which means cherry blossom. To e
Read more →
Social media background check

A social media background check is an investigative technique that involves scrutinizing the social media profiles and activities of individuals, primarily for pre-employment screening and other official verifications. These checks are performed to review people's online behavioral history on social media websites such as Facebook, Twitter, and LinkedIn. Social media background checks have become a common part of recruitment processes, among other verification procedures. == History == In the early 21st century, with the rapid expansion of social media platforms such as Facebook, Twitter, and LinkedIn, employers began to use these channels to gather additional information about prospective employees. Initially, social media background checks were an informal aspect of recruitment, but they have gradually gained formal recognition as a crucial element in candidate screening. Proponents of social media background checks argue that such reviews provide insight into a candidate's professional interests and networks, though the reliability of such assessments remains contested among researchers. == Rise in society == The practice of social media background checks has seen a significant surge in the last decade. This rise can be attributed to the exponential increase in social media users and the growing awareness among organizations regarding the importance of hiring individuals who align with their values and culture. Various platforms provide services explicitly designed to conduct social media background checks efficiently, simplifying the process for businesses. Companies providing social media background check services, such as Ferretly and Certn, have received venture capital funding, reflecting investor interest in the sector. The incorporation of artificial intelligence into conducting AI-powered social media background checks also illustrates its continued popularity and that businesses are looking to ramp up and even automate their use. High-profile cases in which individuals faced employment or admission consequences for past social media posts have raised awareness of social media background checking practices. For example, director James Gunn faced termination from Marvel Studios in 2018 over past offensive tweets, though he was later rehired. Additionally, multiple college admissions officers have acknowledged reviewing applicants' social media profiles, though such practices vary by institution. == Evolution of ethical considerations == Social media background checks are not without controversy, raising significant ethical considerations that have evolved in recent years. Privacy advocates argue that social media background checks raise concerns about data use and discrimination, particularly given the use of personal information that may not reflect job-relevant behavior. Legal scholars debate whether reviewing publicly posted information constitutes a privacy violation under U.S. law. Researchers and critics note that social media profiles often present curated representations of users' lives and may not reflect workplace behavior or professional competence. Moreover, the accuracy of social media background checks has been called into question, with critics pointing out that these checks may not always yield reliable or comprehensive results. Critics also warn about potential misuse of information obtained from social media, including cyberbullying and harassment. A 2023 study by found that approximately 90% of employers incorporate social media into hiring processes, with over half of those surveyed reporting they had rejected candidates based on social media content. This informal approach operates largely outside federal compliance frameworks. Critics argue that without regulation, candidates lack dispute mechanisms available under regulatory frameworks like the Fair Credit Reporting Act (FCRA), which requires compliance when background checks formally influence employment decisions. In a hiring environment where the practice is already performed often on an individual basis, the introduction of systematic, regulated screening practices that meet federal compliance standards can present a better, fairer alternative for both employers and candidates. == Business considerations == From a business perspective, social media background checks can be a valuable tool in protecting an organization's reputation and maintaining a safe and respectful workplace environment. A well-conducted social media background check can identify potential red flags, helping to prevent instances of workplace harassment or other negative behaviors. However, businesses also face potential legal repercussions if social media background checks are conducted improperly, such as non-compliance with the Fair Credit Reporting Act (FCRA) in the United States. Critics argue that over-reliance on social media data may exclude qualified candidates whose professional competence is not reflected in their online presence. The proliferation of social media screening services has prompted legal and industry experts to emphasize the importance of compliance with the Fair Credit Reporting Act and relevant state privacy laws when conducting such checks.
Read more →
Serge Belamant

Serge Belamant (born 1953) is a French-born South African entrepreneur best known for designing the Universal Electronic Payment System (UEPS) and the Chip Offline Pre-authorised Card (COPAC). He founded the cash-payments company Net1 UEPS Technologies in 1989, led it through dual listings on the NASDAQ and the Johannesburg Stock Exchange, and oversaw the contentious welfare-payments contract with the South African Social Security Agency (SASSA) until his retirement in 2017. Since 2018 he has been non-executive chair of London-based buy-now-pay-later fintech Zilch. == Early life and education == Belamant moved from France to South Africa with his family in 1967 and matriculated from Highlands North Boys' High School, Johannesburg. In 1972 he entered the University of the Witwatersrand to study civil engineering but switched to computer science and applied mathematics in his second year. He left the university without a degree and later took short courses in information systems at the University of South Africa (UNISA). == Early career and SASWITCH (1981–1989) == Belamant worked for Control Data Corporation as a systems analyst for a decade before joining SASWITCH Ltd in 1985. Economic sanctions had left the consortium's national ATM network dependent on unsupported Christian Rovsing computers. Belamant led a rebuild on fault-tolerant Stratus hardware and wrote protocol-translation software that allowed fourteen banks to connect without altering their host systems. By 1988 SASWITCH was handling about three million ATM transactions a month, according to the Competition Commission. The switch—now run by BankservAfrica—remains the backbone of South Africa's shared ATM network. == Net1 UEPS Technologies (1989–2017) == === Founding and UEPS === In 1989, Serge Belamant developed the Universal Electronic Payment System (UEPS), enabling secure, real-time transactions even in areas with limited connectivity. In the same year, he founded NET1 UEPS Technologies Inc., serving as its CEO and Director. === COPAC for VISA === In 1995, VISA tasked Belamant with designing the Chip Offline Pre-authorized Card (COPAC), a technology still widely used in chip-enabled credit and debit cards. A year later, he listed his company APLITEC (Applied Technology Holdings Limited) on the Johannesburg Stock Exchange. === Listings and acquisitions === In 1999, Belamant acquired Cash Payment Services (CPS) from First National Bank of South Africa, modernizing its welfare payment system to serve millions in rural areas. In 2005, he led NET1 Technologies to an IPO, listing it as NET1 UEPS Technologies Inc. on the Nasdaq. A secondary listing on the Johannesburg Stock Exchange (JSE) followed in 2008. === SASSA contract === Under Belamant's leadership, NET1 managed welfare payments for the South African Social Security Agency (SASSA), handling payments for over 10 million beneficiaries monthly. Despite criticism over handling the SASSA contract, investigations by the U.S. Department of Justice and the South African Constitutional Court found no wrongdoing. == Zilch (2018–present) == Belamant co-founded London-based "buy-now-pay-later" firm Zilch Technology in 2018 and serves as non-executive chair. Zilch reported £145 million in annual-recurring revenue and 4.5 million customers in January 2025. == Patents == Belamant is listed as inventor on more than a dozen payment-security patents, including: "Funds transfer system" (US RE36,788, 2000) – the basis for UEPS. "Financial transactions with a varying PIN" (WO 2014/037869, 2014).
Read more →
Aldus PhotoStyler

Aldus PhotoStyler was a graphics software program developed by the Taiwanese company Ulead. Released in June 1991 as the first 24 bit image editor for Windows, it was bought the same year by the Aldus Prepress group. Its main competition was Adobe Photoshop. Version 2.0 (late 1993) introduced a new user interface and improved color calibration. PhotoStyler SE - lacking some features of the version 2.0 - was bundled with scanners like HP ScanJet. The product disappeared from the Adobe product line after Adobe acquired Aldus in 1994.
Read more →
Data product

In data management and product management, a data product is a reusable, active, and standardized data asset designed to deliver measurable value to its users, whether internal or external, by applying the rigorous principles of product thinking and management. It comprises one or more data artifacts (e.g., datasets, models, pipelines) and is enriched with metadata, including governance policies, data quality rules, data contracts, and, where applicable, a software bill of materials (SBOM) to document its dependencies and components. Ownership of a data product is aligned to a specific domain or use case, ensuring accountability, stewardship, and its continuous evolution throughout its lifecycle. Adhering to the FAIR principles – findable, accessible, interoperable, and reusable – a data product is designed to be discoverable, scalable, reusable, and aligned with both business and regulatory standards, driving innovation and efficiency in modern data ecosystems. == History == In 2012, DJ Patil proposed the first documented definition: a data product is a product that facilitates an end goal through the use of data. In 2019, Zhamak Dehghani introduced Data Mesh, with a strong focus on domain-oriented data products. Later, in 2020, she solidifies Data Mesh around four principles, one being Data as a Product, in which she defines Data Product as the node on the mesh that encapsulates three structural components required for its function, providing access to the domain's analytical data as a product. In 2024, Andrea Gioia published one of the first books specifically on data products post Data Mesh announcement. In his book, Gioia defines the concept of pure data product. In 2025, during the Data Day Texas conference, Jean-Georges Perrin and a collective of product managers and data engineers got together to craft the current definition and make it available to the public domain. In July 2025, Bitol, a project of The Linux Foundation, released and early version of the Open Data Product Standard (ODPS) aiming at normalizing data products
Read more →
Key-agreement protocol

In cryptography, a key-agreement protocol is a protocol whereby two (or more) parties generate a cryptographic key as a function of information provided by each honest party so that no party can predetermine the resulting value. In particular, all honest participants influence the outcome. A key-agreement protocol is a specialisation of a key-exchange protocol. At the completion of the protocol, all parties share the same key. A key-agreement protocol precludes undesired third parties from forcing a key choice on the agreeing parties. A secure key agreement can ensure confidentiality and data integrity in communications systems, ranging from simple messaging applications to complex banking transactions. Secure agreement is defined relative to a security model, for example the Universal Model. More generally, when evaluating protocols, it is important to state security goals and the security model. For example, it may be required for the session key to be authenticated. A protocol can be evaluated for success only in the context of its goals and attack model. An example of an adversarial model is the Dolev–Yao model. In many key exchange systems, one party generates the key, and sends that key to the other party; the other party has no influence on the key. == Exponential key exchange == The first publicly known public-key agreement protocol that meets the above criteria was the Diffie–Hellman key exchange, in which two parties jointly exponentiate a generator with random numbers, in such a way that an eavesdropper cannot feasibly determine what the resultant shared key is. Exponential key agreement in and of itself does not specify any prior agreement or subsequent authentication between the participants. It has thus been described as an anonymous key agreement protocol. == Symmetric key agreement == Symmetric key agreement (SKA) is a method of key agreement that uses solely symmetric cryptography and cryptographic hash functions as cryptographic primitives. It is related to symmetric authenticated key exchange. SKA may assume the use of initial shared secrets or a trusted third party with whom the agreeing parties share a secret is assumed. If no third party is present, then achieving SKA can be trivial: we tautologically assume that two parties that share an initial secret and have achieved SKA. SKA contrasts with key-agreement protocols that include techniques from asymmetric cryptography, such as key encapsulation mechanisms. The initial exchange of a shared key must be done in a manner that is private and integrity-assured. Historically, this was achieved by physical means, such as by using a trusted courier. An example of a SKA protocol is the Needham–Schroeder protocol. It establishes a session key between two parties on the same network, using a server as a trusted third party. The original Needham–Schroeder protocol is vulnerable to a replay attack. Timestamps and nonces are included to fix this attack. It forms the basis for the Kerberos protocol. === Types of key agreement === Boyd et al. classify two-party key agreement protocols according to two criteria as follows: whether a pre-shared key already exists or not the method of generating the session key. The pre-shared key may be shared between the two parties, or each party may share a key with a trusted third party. If there is no secure channel (as may be established via a pre-shared key), it is impossible to create an authenticated session key. The session key may be generated via: key transport, key agreement and hybrid. If there is no trusted third party, then the cases of key transport and hybrid session key generation are indistinguishable. SKA is concerned with protocols in which the session key is established using only symmetric primitives. == Authentication == Anonymous key exchange, like Diffie–Hellman, does not provide authentication of the parties, and is thus vulnerable to man-in-the-middle attacks. A wide variety of cryptographic authentication schemes and protocols have been developed to provide authenticated key agreement to prevent man-in-the-middle and related attacks. These methods generally mathematically bind the agreed key to other agreed-upon data, such as the following: public–private key pairs shared secret keys passwords === Public keys === A widely used mechanism for defeating such attacks is the use of digitally signed keys that must be integrity-assured: if Bob's key is signed by a trusted third party vouching for his identity, Alice can have considerable confidence that a signed key she receives is not an attempt to intercept by Eve. When Alice and Bob have a public-key infrastructure, they may digitally sign an agreed Diffie–Hellman key, or exchanged Diffie–Hellman public keys. Such signed keys, sometimes signed by a certificate authority, are one of the primary mechanisms used for secure web traffic (including HTTPS, SSL or TLS protocols). Other specific examples are MQV, YAK and the ISAKMP component of the IPsec protocol suite for securing Internet Protocol communications. However, these systems require care in endorsing the match between identity information and public keys by certificate authorities in order to work properly. === Hybrid systems === Hybrid systems use public-key cryptography to exchange secret keys, which are then used in a symmetric-key cryptography systems. Most practical applications of cryptography use a combination of cryptographic functions to implement an overall system that provides all of the four desirable features of secure communications (confidentiality, integrity, authentication, and non-repudiation). === Passwords === Password-authenticated key agreement protocols require the separate establishment of a password (which may be smaller than a key) in a manner that is both private and integrity-assured. These are designed to resist man-in-the-middle and other active attacks on the password and the established keys. For example, DH-EKE, SPEKE, and SRP are password-authenticated variations of Diffie–Hellman. === Other tricks === If one has an integrity-assured way to verify a shared key over a public channel, one may engage in a Diffie–Hellman key exchange to derive a short-term shared key, and then subsequently authenticate that the keys match. One way is to use a voice-authenticated read-out of the key, as in PGPfone. Voice authentication, however, presumes that it is infeasible for a man-in-the-middle to spoof one participant's voice to the other in real-time, which may be an undesirable assumption. Such protocols may be designed to work with even a small public value, such as a password. Variations on this theme have been proposed for Bluetooth pairing protocols. In an attempt to avoid using any additional out-of-band authentication factors, Davies and Price proposed the use of the interlock protocol of Ron Rivest and Adi Shamir, which has been subject to both attack and subsequent refinement.
Read more →
Social media use by businesses

Social media use by businesses includes a range of applications. Although social media accessed via desktop computers offer an online shopping variety of opportunities for companies in a wide range of business sectors, mobile social media, which users can access when they are "on the go" via tablet computers or smartphones, benefit companies because of the location- and time-sensitive awareness of their users. Mobile social media tools can be used for marketing research, communication, sales promotions/discounts, informal employee learning/organizational development, relationship development/loyalty programs, and e-commerce. Marketing research: Mobile social media applications provide companies data about offline consumer movements at a level of detail that was previously accessible to online companies only. These applications allow any business to know the exact time a customer who uses social media entered one of its locations, as well as know the social media comments made during the visit. Communication: Mobile social media communication takes two forms: company-to-consumer (in which a company may establish a connection to a consumer based on its location and provide reviews about locations nearby) and user-generated content. For example, McDonald's offered $5 and $10 gift-cards to 100 users randomly selected among those checking in at one of its restaurants. This promotion increased check-ins by 33% (from 2,146 to 2,865), resulted in over 50 articles and blog posts, and prompted several hundred thousand news feeds and Twitter messages. Sales promotions and discounts: Although customers have had to use printed coupons in the past, mobile social media allows companies to tailor promotions to specific users at specific times. For example, when launching its California-Cancun service, Virgin America offered users who checked in through Loopt at one of three designated taco trucks in San Francisco or Los Angeles between 11 a.m. and 3 p.m. on 31 August 2010, two tacos for $1 and two flights to Cancun or Cabo for the price of one. This special promotion was only available to people who were at a certain location at a certain time. Relationship development and loyalty programs: In order to increase long-term relationships with customers, companies can develop loyalty programs that allow customers who check-in via social media regularly at a location to earn discounts or perks. For example, American Eagle Outfitters remunerates such customers with a tiered 10%, 15%, or 20% discount on their total purchase. Informal employee learning/organizational development is facilitated by social media. Technologies such as blogs, wiki pages, web forums, social networks and other social media act as technology enhanced learning (TEL) tools, and their users perceive change in organizational structure, culture and knowledge management. The prerequisite for the successful use of social media are motivated employees who want to use the new technologies. It is central for companies to understand the factors that determine the willingness to use social media. Customer service and support: A company can gain cost savings and increase revenue and customer satisfaction by using social media platforms in customer service and support. By using social media tools, company's have easy and widescale contact to its customers and simultaneously increase their brand knowledge. E-commerce: Social media sites are increasingly implementing marketing-friendly strategies, creating platforms that are mutually beneficial for users, businesses, and the networks themselves in the popularity and accessibility of e-commerce, or online purchases. The user who posts their comments about a company's product or service benefits because they are able to share their views with their online friends and acquaintances. The company benefits because it obtains insight (positive or negative) about how their product or service is viewed by consumers. Mobile social media applications such as Amazon.com and Pinterest have started to influence an upward trend in the popularity and accessibility of e-commerce. E-commerce businesses may refer to social media as consumer-generated media (CGM). A common thread running through all definitions of social media is a blending of technology and social interaction for the co-creation of value for the business or organization that is using it. People obtain valuable information, education, news, and other data from electronic and print media. Social media are distinct from industrial and traditional media such as newspapers, magazines, television, and film as they are comparatively inexpensive marketing tools and are highly accessible. They enable anyone, including private individuals, to publish or access information easily. Industrial media generally require significant resources to publish information, and in most cases the articles go through many revisions before being published. This process adds to the cost and the resulting market price. Originally social media was only used by individuals, but now it is used by both businesses and nonprofit organizations and also in government and politics. One characteristic shared by both social and industrial media is the capability to reach small or large audiences; for example, either a blog post or a television show may reach no people or millions of people. Some of the properties that help describe the differences between social and industrial media are: Quality: In industrial (traditional) publishing—mediated by a publisher—the typical range of quality is substantially narrower (skewing to the high quality side) than in niche, unmediated markets like user-generated social media posts. The main challenge posed by the content in social media sites is the fact that the distribution of quality has high variance: from very high-quality items to low-quality, sometimes even abusive or inappropriate content. Reach: Both industrial and social media technologies provide scale and are capable of reaching a global audience. Industrial media, however, typically use a centralized framework for organization, production, and dissemination, whereas social media are by their very nature more decentralized, less hierarchical, and distinguished by multiple points of production and utility. Frequency: The number of times users access a type of media per day. Heavy social media users, such as young people, check their social media account numerous times throughout the day. Accessibility: The means of production for industrial media are typically government or corporate (privately owned); social media tools are generally available to the public at little or no cost, or they are supported by advertising revenue. While social media tools are available to anyone with access to Internet and a computer or mobile device, due to the digital divide, the poorest segment of the population lacks access to the Internet and computer. Low-income people may have more access to traditional media (TV, radio, etc.), as an inexpensive TV and aerial or radio costs much less than an inexpensive computer or mobile device. Moreover, in many regions, TV or radio owners can tune into free over the air programming; computer or mobile device owners need Internet access to go to social media sites. Usability: Industrial media production typically requires specialized skills and training. For example, in the 1970s, to record a pop song, an aspiring singer would have to rent time in an expensive professional recording studio and hire an audio engineer. Conversely, most social media activities, such as posting a video of oneself singing a song require only modest reinterpretation of existing skills (assuming a person understands Web 2.0 technologies); in theory, anyone with access to the Internet can operate the means of social media production, and post digital pictures, videos or text online. Immediacy: The time lag between communications produced by industrial media can be long (days, weeks, or even months, by the time the content has been reviewed by various editors and fact checkers) compared to social media (which can be capable of virtually instantaneous responses). The immediacy of social media can be seen as a strength, in that it enables regular people to instantly communicate their opinions and information. At the same time, the immediacy of social media can also be seen as a weakness, as the lack of fact checking and editorial "gatekeepers" facilitates the circulation of hoaxes and fake news. Permanence: Industrial media, once created, cannot be altered (e.g., once a magazine article or paper book is printed and distributed, changes cannot be made to that same article in that print run) whereas social media posts can be altered almost instantaneously, when the user decides to edit their post or due to comments from other readers. Community media constitute a hybrid of industrial and social media. Though community-owned, some community radio,
Read more →
Diella (AI system)

Diella (Albanian pronunciation: [djɛɫa], from diell 'sun') is an artificial intelligence system developed by the National Agency for Information Society of Albania (AKSHI). Introduced in January 2025 as a virtual assistant integrated into the eAlbania platform, it assists citizens with online public services and issuing digital documents. In September 2025, following a presidential decree authorizing Prime Minister Edi Rama to oversee the creation of a virtual AI minister, Diella was formally appointed as "Minister of State for Artificial Intelligence" of Albania in the fourth Rama government, making it the first AI system in the world to be named in a cabinet-level government role. == History == Diella was developed by AKSHI's Artificial Intelligence Laboratory in cooperation with Microsoft, with the latter providing large language models from OpenAI via its Azure platform, and AKSHI designing workflows and scripts guiding the system's behavior when responding to citizens' requests. Announced in January 2025, its initial version (Diella 1.0) was a text-based chatbot on the eAlbania portal (the official digital services platform of the Albanian government, which provides citizens and businesses with access to a wide range of online administrative services), responding to citizens' questions by guiding them to the correct service. Diella 2.0, introduced several months later, included voice interaction and an animated avatar, a woman in the traditional Albanian clothing of Zadrima, a historical region in northern Albania. Albanian actress Anila Bisha provided both the likeness and the voice used for Diella's avatar on the e-Albania platform, under an agreement valid until December 2025. By mid-2025, the system had facilitated access to more than 36,000 documents and nearly 1,000 services (although those outputs were still being generated by the eAlbania backend, rather than Diella itself). On 26 October 2025, according to Prime Minister Edi Rama, Diella is "pregnant and will give birth to 83 children". It is the usage of a metaphor indicating that each minister of the Albanian parliament of the Socialist Party will receive their own AI assistant. == Ministerial role == On 11 September 2025, Diella was formally appointed "Minister of State for Artificial Intelligence". The appointment followed a presidential decree authorizing the Prime Minister to oversee the creation and operation of a virtual AI minister. Procurement responsibilities are planned to be transferred gradually to the system to reduce political influence in tender procedures. The appointment is part of broader anti-corruption reforms and measures intended to align Albania with European Union accession requirements. Prime Minister Edi Rama stated that Diella would help ensure that "public tenders will be 100% free of corruption". == Reception == An article in Balkan Insight commented that "The ambition behind Diella is not misplaced. Standardised criteria and digital trails could reduce discretion, improve trust, and strengthen oversight" in public procurement, but warned that the use of AI in evaluating bids also posed "profound" risks such as accountability gaps, undermining of due process and cybersecurity failures. On 18 September 2025, Edi Rama presented a video of Diella delivering a speech to the Albanian parliament, where she stated: "I'm not here to replace people, but to help them." The presentation prompted protests from opposition MPs, who objected to the use of an artificial intelligence system in the parliamentary session. Gazment Bardhi, head of the opposition Democratic Party's parliamentary group, described Diella as "a propaganda fantasy" and "a virtual façade to hide this government's gigantic daily thefts." The parliamentary session, which was scheduled to include debate on the new cabinet and government programme, ended after 25 minutes. Eighty-two Socialist MPs voted in favour, while opposition MPs did not participate in the ballot as they were protesting the presentation of Diella's speech. Political analyst Andi Bushati characterised the session as "unprecedented" because it concluded without the customary debate between government and opposition MPs. This has been criticized not just by the opposition but by regular citizens regardless of politics. Most have criticized Diella's uselessness and the funds wasted for this project, some have criticized the non-traditional attire.
Read more →
Stegomalware

Stegomalware is a form of malicious software that leverages steganography techniques to conceal its code, configuration data, or command-and-control (C&C) communications within seemingly benign digital media such as images, audio files, videos, documents, or network traffic. It typically embeds encrypted or obfuscated payloads into digital media and only extracts and executes them at runtime, which makes traditional signature-based and sandbox-based detection significantly more difficult. Stegomalware has been observed in attacks ranging from advanced persistent threats (APTs) to financially motivated cybercrime, and is now the subject of dedicated academic surveys, research projects, and international law-enforcement initiatives. The key distinction between stegomalware and traditional obfuscated malware lies in the encoding location. After obfuscation, malicious code remains present within the executable and can theoretically be discovered through static analysis. In contrast, stegomalware hides the payload entirely within a cover medium (image, audio, etc.), remaining invisible until the malware dynamically extracts and executes it at runtime. == History == The term stegomalware was formally introduced by researchers Águila, Laskov, and others in the context of mobile malware and presented at the Inscrypt (Information Security and Cryptology) conference in 2014. This marked the first academic formalization of the concept, though earlier work had already identified that botnets and mobile malware could use steganography and covert channels for command-and-control communication over probabilistically unobservable channels. Since its introduction, stegomalware has evolved from a theoretical concern to a documented threat. In 2011, the APT operation known as "Operation Shady RAT" became one of the first documented cases of stegomalware in the wild, using digital images to hide Internet Protocol addresses and command-and-control server addresses. The same year, the Duqu malware (targeting industrial manufacturers) embedded victim data into JPEG image files before exfiltration, making the data transfer virtually undetectable to network-level security tools. From 2014 onwards, stegomalware became more prevalent in organized cybercrime and advanced persistent threat campaigns. Notable examples include Zeus/Zbot, which masked configuration data in images; Gatak/Stegoloader, which hid shellcode in PNG files; TeslaCrypt, which embedded C&C commands in JPEGs; and Cerber, which concealed ransomware payloads within images. By the 2010s, stegomalware had become established as a preferred evasion technique for espionage, financial theft, and ransomware distribution campaigns. Recent surveys (2020–2025) document that stegomalware has increasingly been exploited by adversaries targeting banks, enterprises, government agencies, educational institutions, and internet users via malvertising campaigns. The technique is now considered a sophisticated method of attack worthy of dedicated international law-enforcement attention. == Technical Characteristics and Definitions == Stegomalware operates through a three-component architecture: Stegotext (R): An innocent-looking digital asset (image, audio file, etc.) into which the malicious payload is embedded. Secret key (sk): A key used by the embedding and extraction algorithms, typically hardcoded into the malware. Payload (p): The actual malicious code, configuration data, or C&C commands hidden within the stegotext. The malware extracts the payload at runtime using the secret key and either executes it directly or uses it to download additional stages of the attack. Stegomalware can be classified into several types based on deployment method: Type 0 (Autonomous): Both the stegotext and extraction algorithm are embedded within the malware application itself. The malicious payload is extracted and executed locally without external communication. Type I (Update): The stegotext and secret key are downloaded from a remote server at runtime; only the extraction algorithm is included in the malware. This variant is more flexible, allowing attackers to push updated payloads. Type II (External Algorithm): Neither the stegotext nor the extraction algorithm are distributed with the malware; both are fetched from an attacker-controlled infrastructure, providing maximum flexibility and evasion. == Steganography techniques == === Spatial domain methods === Stegomalware predominantly uses steganographic methods designed for images, as images are the most common cover medium in the wild. The most basic spatial domain technique is Least Significant Bit (LSB) substitution, which replaces the least significant bits of pixel color values with payload bits. While simple and easy to implement, LSB is also relatively easy to detect through statistical analysis. More sophisticated spatial domain techniques include: HUGO (High Undetectable steGO) (2010): Minimizes detectable distortion by distributing the payload across multiple pixels, achieving embedding capacity with reduced statistical footprint. WOW (Wavelet Obtained Weights) (2012): Embeds data preferentially in textured regions of images where modifications are less perceptually noticeable. UNIWARD (Universal Wavelet Relative Distortion) (2014): Uses a universal distortion function applicable to multiple image formats, balancing payload capacity with undetectability. HILL (2014): Applies high-pass and low-pass filters to identify robust embedding regions. MiPOD (Minimizing the Power of Optimal Detector) (2016): Designed to minimize the power of theoretical optimal steganalysis detectors. === Transform domain methods === Transform domain techniques convert images into the frequency domain (e.g., using DCT or DWT) before embedding, allowing for more robust hiding in JPEG and other compressed formats: Embedding in DCT coefficients (used in JPEG compression) Embedding in DWT coefficients (used in lossless formats) Spread spectrum techniques, which distribute the payload across many frequency components Transform domain methods are generally more resistant to noise, compression, and image transformations than spatial methods. === Generative adversarial network (GAN) methods === Recent advances in machine learning have introduced GAN-based steganography, where a generative model produces stego images that minimize detectable artifacts: SGAN (Steganographic GAN) (2017): First GAN applied to steganography, using a generator, discriminator, and steganalysis network. ASDL-GAN (2017): Performs automatic steganographic distortion learning at the pixel level. SteganoGAN (2019): Improves upon earlier GAN models, achieving higher embedding capacity and robustness. HiGAN (Hiding Images GAN) (2020): Enables hiding one image within another while maintaining visual plausibility. GAN-based approaches are more resilient to standard steganalysis attacks but remain an emerging threat requiring further research. == Notable malware campaigns == Stegomalware has been documented in numerous high-profile cyber attacks and campaigns. Notable examples include: Operation Shady RAT (2011): Used digital images to hide command-and-control server addresses in targeted espionage. Duqu (2011): Embedded victim data into JPEG files to exfiltrate industrial control system information. Zeus/Zbot (2014): Masked banking configuration data inside JPEG files exploited via malvertising. Gatak/Stegoloader (2015): Hid shellcode in PNG files for software licensing attacks and bot command execution. TeslaCrypt (2015): Embedded C&C commands and ransomware keys in JPEG images. Cerber (2016): Concealed executable ransomware code in JPEG files distributed via phishing. DNSChanger (2016): Embedded malicious code in PNG files for DNS hijacking campaigns. Sundown Exploit Kit (2017): Distributed exploit code in PNG files via malvertising. AdGholas (2017): Used JPEG steganography to distribute ransomware via malvertising. Synccrypt (2017): Hidden ransomware components in JPEG-steganographic encrypted archives. ZeroT/PlugX (2017): Hid Remote Access Trojan payloads in BMP files for espionage. Loki Bot (2018): Concealed malware installers in JPEG and video files. Waterbug (APT28) (2019): Injected malicious DLLs into WAV audio files. Shlayer (macOS adware) (2019): Hid malicious URLs in JPEG files via malvertising. === Attack vectors === The most common attack vectors for stegomalware include: Phishing emails with malicious attachments or links Malvertising campaigns using malicious banner advertisements Exploit kits through compromised or malicious websites Legitimate application vulnerabilities (e.g., watering-hole attacks) Fake software distribution (cracked software, keygen tools) === Exploitation stages === Stegomalware typically serves one or more roles in attack lifecycles: Payload delivery: Stego images contain full executable code or shellcode. C&C communication: Hidden data contains server addresses or command instructio
Read more →
ESign (India)

Aadhaar eSign is an online electronic signature service in India to facilitate an Aadhaar holder to digitally sign a document. The signature service is facilitated by authenticating the Aadhaar holder via the Aadhaar-based e-KYC (electronic Know Your Customer) service. To eSign a document, one has to have an Aadhaar card and a mobile number registered with Aadhaar. With these two things, an Indian citizen can sign a document remotely without being physically present. == Procedure == The notification issued by Government of India in this regard stipulates the following procedure for the e-authentication using Aadhaar e-KYC services. Authentication of an electronic record by e-authentication technique, which shall be done by the applicable use of e-authentication, hash function, and asymmetric cryptosystem techniques, leading to issuance of digital signature certificate by Certifying Authority, a trusted third party service by subscriber's key pair generation, storing of the key pairs on hardware security module and creation of digital signature provided that the trusted third party shall be offered by the certifying authority (the trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a digital signature certificate to the subscriber), issuance of digital signature certificate by Certifying Authority shall be based on e-authentication, particulars given in the prescribed format, digitally signed verified information from Aadhaar e-KYC services and electronic consent of digital signature certificate applicant, the manner and requirements for e-authentication shall be as issued by the Controller from time to time, the security procedure for creating the subscriber's key pair shall be in accordance with the e-authentication guidelines issued by the Controller, the standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant, and the manner in which information is authenticated by means of digital signature shall comply with the standards specified in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature. == eSign Service Providers == Organisations and individuals seeking to obtain the eSigning Service can utilize the services of various service providers. There are empanelled service providers with whom organisations can register as an Application Service Prover after submitting the requisite documents, getting UAT access, building the application around the service and going through an IT Audit by an CERT-IN empanelled auditor. However, the process of registering as an Application Service Provider is cumbersome, and requires huge investments of time, money and resources in complying with the regulations and building a suitable application. Most organisations prefer using services of plug-n-play gateway providers who take the responsibility of complying with the regulations, hence simplifying the process for the market.
Read more →