Wednesday 26 March 2014

Top Ten Most Peaceful Countries in the World

 RankCountryScore
11Iceland1.113
22Denmark1.239
32New Zealand1.239
44Canada1.317
55Japan1.326
66Austria1.328
76Ireland1.328
88Slovenia1.33
99Finland1.348
1010Switzerland1.349
1111Belgium1.376
1212Qatar1.395
1313Czech Republic1.396
1414Sweden1.419
1515Germany1.424
1616Portugal1.47
1717Hungary1.476
1818Norway1.48
1919Bhutan1.481
2020Malaysia1.485
2121Mauritius1.487
2222Australia1.494
2323Singapore1.521
2424Poland1.524
2525Spain1.548
2626Slovakia1.59
2727Taiwan1.602
2828Netherlands1.606
2929United Kingdom1.609
3030Chile1.616
3131Botswana1.621
3232Romania1.627
3333Uruguay1.628
3434Vietnam1.641
3535Croatia1.648
3636Costa Rica1.659
3737Laos1.662
3838Italy1.69
3939Bulgaria1.699
4040France1.71
4141Estonia1.715
4242South Korea1.734
4343Lithuania1.741
4444Argentina1.763
4545Latvia1.774
4646United Arab Emirates1.785
4747Kuwait1.792
4848Mozambique1.796
4949Namibia1.804
5050Ghana1.807
5151Zambia1.83
5252Sierra Leone1.855
5353Lesotho1.864
5454Morocco1.867
5555Tanzania1.873
5656Burkina Faso1.881
5756Djibouti1.881
5858Mongolia1.884

Malaysia: Missing flight crashed in Indian Ocean

KUALA LUMPUR, Malaysia (AP) — It was the unwelcome, anguishing news that families of the missing had dreaded, and when they heard it from Malaysia's prime minister Monday night there were shrieks and intense heartbreak: The missing Malaysian Airlines flight whose fate was a mystery that consumed the world had crashed into a remote corner of the Indian Ocean.
The news, based on fresh evidence gleaned from an unprecedented analysis of satellite data, meant it was all but impossible that any of the 239 passengers and crew on board the jetliner could have survived.
That realization may help bring some closure to families 17 days after their nightmare began when the Boeing 777 inexplicably disappeared from Asian skies during what was supposed to be a routine overnight flight from Malaysia's capital to Beijing on March 8. But the latest clue is also only a small step toward solving one of the greatest puzzles in aviation history.
With the location of Flight 370 itself still unknown — most likely somewhere at the bottom of the sea in a remote part of the southern Indian Ocean — profound questions remain unanswered about what brought down the aircraft and why.
And the grueling search for the wreckage and the plane's black boxes could take years. The task, involving a multinational force sweeping a vast region of ocean whose dark floor is up to 7,000 meters (23,000 feet) deep, has been daunting. So much so, that it is also possible that what is left of the plane may never be found.
In Beijing, family members who have followed every twist and turn in the search shrieked and sobbed uncontrollably when they heard the news. One woman collapsed and fell on her knees, crying "My son! My son!"
Dressed in a black suit, Malaysian Prime Minister Najib Razak somberly announced the news in an unexpected late night statement to reporters in Kuala Lumpur. The information, he said, was based on a study of data from a satellite that had received the final known signals from the plane as it tracked southward.
The data indicated that the jetliner flew "to a remote location, far from any possible landing sites," Najib said.
"It is therefore with deep sadness and regret that I must inform you that, according to this new data, Flight MH370 ended in the southern Indian Ocean."
In China's capital, family members had been called to a hotel near the airport to hear the announcement. Afterward, they filed out of a conference room in heart-wrenching grief.
Medical teams arrived with several stretchers and at least one elderly man was carried out of the conference room on one of them, his faced covered by a jacket. Minutes later a middle-aged woman was taken out on another, her face ashen and her eyes blank and expressionless.
Nan Jinyan, whose brother-in-law Yan Ling was aboard the flight, said she had been prepared for the worst but the announcement was still "a blow to us, and it is beyond description."
In Kuala Lumpur, family members also broke down in sobs.
Selamat Omar, the father of a 29-year-old aviation engineer who was on the flight, said: "We accept the news of the tragedy. It is fate."
In a statement to the families, Malaysia Airlines said: "We know there are no words that we or anyone else can say which can ease your pain."
The airline said it would transport families to the western Australian city of Perth if parts of the plane are found and brought to a military base there now being used by search planes. It said the "ongoing multinational search operation will continue as we seek answers to the questions which remain."
The plane's disappearance has baffled investigators, who have yet to rule out mechanical or electrical failure, hijacking, sabotage, terrorism or issues related to the mental health of the pilots or someone else on board.
Malaysian authorities have said that evidence so far suggests the plane was deliberately turned back across Malaysia to the Strait of Malacca, with its communications systems disabled. They are unsure what happened next.
Earlier Monday, Malaysia's police chief, Inspector General Khalid Abu Bakar, reiterated that all the passengers had been cleared of suspicion. But he said the pilots and crew were still being investigated and declined to comment on whether officials had recovered files that were deleted a month earlier from the home flight simulator of the chief pilot.
Officials have said the plane automatically sent a brief signal — a "ping" — every hour to a satellite belonging to Inmarsat, a British company, even after other communication systems on the jetliner shut down.
The pings did not include any location information, but an initial analysis showed that the location of the last ping was probably along one of two vast arcs running north and south.
Najib said Inmarsat did further calculations "using a type of analysis never before used in an investigation of this sort," and had concluded that the plane's last position was "in the middle of the Indian Ocean, west of Perth."
He gave no indication of exactly where in the Indian Ocean the plane was last heard from, but searchers have sighted possible debris in an area about 2,000 kilometers (1,240 miles) southwest of Perth, and Najib said more details would be released Tuesday.
Search teams from 26 nations have pored over radar data and scoured a wide swath of Asia for weeks with advanced aircraft and ships, but no confirmed wreckage has been found.
The hunt is now considered a race against time because of the battery life of the "pinger" in the black box is running out and may have less than two weeks left.
On Monday, an Australian navy support vessel, the Ocean Shield, headed toward the search zone and was expected to arrive in three or four days, a defense official said. The ship is equipped with acoustic detection equipment that can search for the black box.
The U.S. Pacific Command said it is also sending a black box locator in case a debris field is located, one that can be pulled behind a vessel at slow speeds and could hear the pinger down to a depth of about 20,000 feet (6,100 meters), Cmdr. Chris Budde, a U.S. 7th Fleet operations officer, said in a statement.
The deployment is part of "a prudent effort to pre-position equipment and trained personnel closer to the search area," he said.
U.S. Deputy National Security Adviser Ben Rhodes on Monday stopped short of saying the U.S. had independent confirmation of the status of the missing airliner. He noted the conclusion of Malaysian authorities that the Boeing 777 had plunged into the Indian Ocean and said the U.S., which has been assisting the search effort, was focused on that southern corridor of the ocean.

Tuesday 25 March 2014

The Election System of India

The Electoral System of India

1.   Introduction.
2.   Indian Elections -Scale of Operation.
3.   Constituencies & Reservation of Seats.
4.   How Constituency Boundaries are drawn up?
5.   Reservation of Seats.
6.   Parliament.
7.   Rajya Sabha - The Council of States.
8.   State Assemblies.
9.   President and Vice-President.
10. Independent Election Commission.
11. Who can vote?
12. The Electoral Roll.
13. Computerisation of Rolls.
14. Electors' Photo Identity Cards.
15. When do elections take place?
16. Scheduling the Elections.
17. Who can stand for Election.
18. Number of Candidates.
19. Campaign.
20. Polling Days.
21. Ballot Papers & Symbols.
22. How the voting takes place?
23. Political Parties and Elections
24. Registration with Election Commission.
25. Recognition and Reservation of Symbols.
26. Limit on poll expenses.
27. Free Campaign time on state owned electronic media.
28. Splits and mergers and anti-defection law.
29. Election Petitions.
30. Supervising Elections, Election Observers.
31. Counting of Votes.
32. Media Coverage.
33. Parliament.
34. The Electronic Voting Machine – An Electronic Marvel.

One-time password

one-time password (OTP) is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will be no longer valid. On the downside, OTPs are difficult for human beings to memorize. Therefore they require additional technology to work.

How OTPs are generated and distributed[edit]

OTP generation algorithms typically make use of pseudorandomness or randomness. This is necessary because otherwise it would be easy to predict future OTPs by observing previous ones. Concrete OTP algorithms vary greatly in their details. Various approaches for the generation of OTPs are listed below:
  • Based on time-synchronization between the authentication server and the client providing the password (OTPs are valid only for a short period of time)
  • Using a mathematical algorithm to generate a new password based on the previous password (OTPs are effectively a chain and must be used in a predefined order).
  • Using a mathematical algorithm where the new password is based on a challenge (e.g., a random number chosen by the authentication server or transaction details) and/or a counter.
There are also different ways to make the user aware of the next OTP to use. Some systems use special electronic security tokens that the user carries and that generate OTPs and show them using a small display. Other systems consist of software that runs on the user's mobile phone. Yet other systems generate OTPs on the server-side and send them to the user using an out-of-band channel such as SMS messaging. Finally, in some systems, OTPs are printed on paper that the user is required to carry.

Methods of generating the OTP[edit]

Time-synchronized[edit]

A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). It might look like a small calculator or a keychain charm, with an LCD display that shows a number that changes occasionally. Inside the token is an accurate clock that has been synchronized with the clock on the proprietary authentication server. On these OTP systems, time is an important part of the password algorithm, since the generation of new passwords is based on the current time rather than, or in addition to, the previous password or a secret key. This token may be a proprietary device, or a mobile phone or similar mobile device which runs software that is proprietary, freeware, or open-source. An example of time-synchronized OTP standard is Time-based One-time Password Algorithm (TOTP).
All of the methods of delivering the OTP below may use time-synchronization instead of algorithms.

Mathematical algorithms[edit]

Each new OTP may be created from the past OTPs used. An example of this type of algorithm, credited to Leslie Lamport, uses a one-way function (call it f). The one-time password system works by starting with an initial seed s, then generating passwords
f(s), f(f(s)), f(f(f(s))), ...
as many times as necessary. Each password is then dispensed in reverse, with f(f(...f(s))...) first, to f(s). If an indefinite series of passwords is wanted, a new seed value can be chosen after the set for s is exhausted. The S/KEY one-time password system and its derivative OTP are based on Lamport's scheme.
An intruder who happens to see a one-time password may have access for one time period or login, but it becomes useless once that period expires. To get the next password in the series from the previous passwords, one needs to find a way of calculating the inverse function f−1. Since f was chosen to be one-way, this is extremely difficult to do. If f is a cryptographic hash function, which is generally the case, it is (so far as is known) a computationally infeasible task.
In some mathematical algorithm schemes, it is possible for the user to provide the server with a static key for use as an encryption key, by only sending a one-time password.[1]
The use of challenge-response one-time passwords requires a user to provide a response to a challenge. For example, this can be done by inputting the value that the token has generated into the token itself. To avoid duplicates, an additional counter is usually involved, so if one happens to get the same challenge twice, this still results in different one-time passwords. However, the computation does not usually[citation needed] involve the previous one-time password; that is, usually this or another algorithm is used, rather than using both algorithms.
The methods of delivering the OTP which are token-based may use either of these types of algorithm instead of time-synchronization.

Methods of delivering the OTP[edit]

Text messaging[edit]

A common technology used for the delivery of OTPs is text messaging. Because text messaging is a ubiquitous communication channel, being directly available in nearly all mobile handsets and, through text-to-speech conversion, to any mobile or landline telephone, text messaging has a great potential to reach all consumers with a low total cost to implement. However, the cost of text messaging for each OTP may not be acceptable to some users. OTP over text messaging may be encrypted using an A5/x standard, which several hacking groups report can be successfullydecrypted within minutes or seconds,[2][3][4][5] or the OTP over SMS might not be encrypted by one's service-provider at all. In addition to threats from hackers, the mobile phone operator becomes part of the trust chain. In the case of roaming, more than a single mobile phone operator has to be trusted. Anyone using this information may mount a man-in-the-middle attack.
Recently Google has started offering OTP to mobile and landline phones for all Google accounts. The user can receive the OTP either as a text message or via an automated call using text-to-speech conversion. In case none of the user's registered phones is accessible, the user can even use one of a set of (up to 10) previously generated one-time backup codes as a secondary authorization factor in place of the dynamically generated OTP, after signing in with their account password.

Mobile phones[edit]

A mobile phone keeps costs low because a large customer-base already owns a mobile phone for purposes other than generating OTPs. The computing power and storage required for OTPs is usually insignificant compared to that which modern camera-phones and smartphones typically use. Mobile phones additionally support any number of tokens within one installation of the application, allowing a user the ability to authenticate to multiple resources from one device. This solution also provides model-specific applications to the user's mobile phone. However, a cellphone used as a token can be lost, damaged, or stolen.

Proprietary tokens[edit]

RSA SecurID security tokens.
EMV is starting to use a challenge-response algorithm (called "Chip Authentication Program") for credit cards in Europe. On the other hand, in access control for computer networks, RSA Security's SecurID is one example of a time-synchronization type of token. Like all tokens, these may be lost, damaged, or stolen; additionally there is an inconvenience as batteries die, especially for tokens without a recharging facility or a non-replaceable battery. A variant of the proprietary token was proposed by RSA in 2006 and was described as "ubiquitous authentication", in which RSA would partner with manufacturers to add physical SecurID chips to devices such as mobile phones.
Recently, it has become possible to take the electronic components associated with regular keyfob OTP tokens and embed them in a credit card form factor. However, the thinness of the cards, at 0.79mm to 0.84mm thick, prevents standard components or batteries from being used. Special polymer-based batteries must be used which have a much lower battery life than coin (button) cells. Semiconductor components must not only be very flat but must minimise power used in standby and when operating.
Yubico offers a small USB token with an embedded chip that creates an OTP when a key is pressed and simulates a keyboard to facilitate easily entering a long password.[6] Since it is a USB device it avoids the inconvenience of battery replacement.
A new version of this technology has been developed that embeds a keypad into a payment card of standard size and thickness. The card has an embedded keypad, display, microprocessor and proximity chip.

Web-based methods[edit]

Authentication-as-a-service providers offer various web-based methods for delivering one-time passwords without the need for tokens. One such method relies on the user’s ability to recognize pre-chosen categories from a randomly generated grid of pictures. When first registering on a website, the user chooses several secret categories of things; such as dogs, cars, boats and flowers. Each time the user logs into the website they are presented with a randomly generated grid of picalphanumeric character overlaid on it. The user looks for the pictures that fit their pre-chosen categories and enters the associated alphanumeric characters to form a one-time access code.[7][8]

Hardcopy[edit]

Paper-based OTP web-site login
In some countries' online banking, the bank sends to the user a numbered list of OTPs that are printed on paper. Other banks send plastic cards with actual OTPs obscured by a layer that the user has to scratch off to reveal a numbered OTP. For every online transaction, the user is required to enter a specific OTP from that list. Some systems ask for the numbered OTPs sequentially, others pseudorandomly chose an OTP to be entered. In Germany and many other countries like Austria and Brazil,[9] those OTPs are typically called TANs (for 'transaction authentication numbers'). Some banks even dispatch such TANs to the user's mobile phone via SMS, in which case they are called mTANs (for 'mobile TANs').

Comparison of technologies[edit]

Comparison of OTP implementations[edit]

The cheapest OTP solutions are those that deliver OTPs on paper, and those that generate OTPs on an existing device, without the costs associated with (re-)issuing proprietary electronic security tokens and SMS messaging.
For systems that rely on electronic tokens, algorithm-based OTP generators must cope with the situation where a token drifts out-of-sync with its server if the system requires the OTP to be entered by a deadline. This leads to an additional development cost. Time-synchronized systems, on the other hand, avoid this at the expense of having to maintain a clock in the electronic tokens (and an offset value to account for clock drift). Whether or not OTPs are time-synchronized is basically irrelevant for the degree of vulnerability, but it avoids a need to re-enter passwords if the server is expecting the last or next code that the token should be having because the server and token have drifted out-of-sync.
Use of an existing mobile device avoids the need to obtain and carry an additional OTP generator. The battery may be recharged; as of 2011 most small card devices do not have rechargeable, or indeed replaceable, batteries. However, most proprietary tokens have tamper-proof features.

OTPs versus other methods of securing data[edit]

One-time passwords are vulnerable to social engineering attacks in which phishers steal OTPs by tricking customers into providing one or more OTPs that they used in the past. In late 2005 customers of a Swedish bank were tricked into giving up their one-time passwords.[10] In 2006 this type of attack was used on customers of a US bank.[11] Even time-synchronized OTPs are vulnerable to phishing, by two methods: The password may be used as quickly by the attacker as the legitimate user, if the attacker can get the OTP in plaintext quickly enough. The other type of attack—which may be defeated by OTP systems implementing the hash chain as discussed above—is for the phisher to use the information gained (past OTP codes which are no longer valid) by this social-engineering method to predict what OTP codes will be used in the future. For example, an OTP password-generator that is pseudo-random rather than truly random might or might not be able to be compromised, because pseudo-random numbers are often predictable once one has the past OTP codes. An OTP system can only use truly random OTPs if the OTP is generated by the authenticator and transmitted (presumably out-of-band) to the user; otherwise, the OTP must be independently generated by each party, necessitating a repeatable, and therefore merely pseudo-random, algorithm.
Although OTPs are in some ways more secure than a static memorized password, users of OTP systems are still vulnerable to man-in-the-middle attacks. OTPs should therefore not be disclosed to any third parties, and using an OTP as one layer in layered security is safer than using OTP alone; one way to implement layered security is to use an OTP in combination with a password that is memorized by the user (and never transmitted to the user, as OTPs often are). An advantage to using layered security is that a single sign-on combined with one master password or password manager becomes safer than using only 1 layer of security during the sign-on, and thus the inconvenience of password fatigue is avoided if one usually has long sessions with many passwords that would need to be entered mid-session (to open different documents, websites, and applications); however, the disadvantage of using many forms of security all at once during a single sign-on is that one has the inconvenience of more security precautions during every login—even if one is logging in only for a brief usage of the computer to access information or an application that doesn't require as much security as some other top-secret items that computer is used for.