The Israeli cybersecurity industry is a rapidly growing sector within Israel's technology and innovation ecosystem. Israel is internationally recognized as a powerhouse in the cybersecurity domain, with numerous cybersecurity startups, established companies, research institutions, and government initiatives. Tel Aviv itself is being ranked 7th in annual list of best global tech ecosystems, as reported by the Jerusalem Post. == History == The roots of Israel's cybersecurity industry can be traced back to the country's strong focus on national security and intelligence. The establishment of elite military units such as Unit 8200, the Israeli Intelligence Corps unit responsible for signals intelligence and code decryption, played a significant role in the development of cybersecurity expertise in the country. Many former members of Unit 8200 have gone on to establish successful cybersecurity companies or join existing organizations, bringing their unique skill sets and experience to the private sector. == Market overview == As of 2024, Israel housed more than 450 cybersecurity startups and companies. In 2023, the value of exits by Israeli tech companies reached $7.5 billion. Israel's cybersecurity industry is characterized by a high concentration of startups develop new technologies in areas such as network security, endpoint protection, data security, cloud security, and threat intelligence. In recent years, the sector has attracted significant investment from both local and international venture capital firms, as well as major technology companies such as Microsoft, Google, and IBM. Several Israeli cybersecurity companies have gained global recognition and success, with some being acquired by major corporations or conducting successful initial public offerings (IPOs). === Key Israeli cybersecurity companies === Some key Israeli cybersecurity companies include: Check Point Software Technologies CyberArk Cato Networks Radware Wiz === Financial activity === Israel’s cybersecurity sector has seen significant financial activity. As of 2023, mergers and acquisitions in the cybersecurity sector totaled $2.8 billion. In the first quarter of 2024, the sector secured $846 million in private funding. == Background == The military experience helped much. Israel's mandatory military service, combined with the expertise developed within elite units such as Unit 8200, has fostered a strong talent pool with practical experience in cybersecurity. Israel's thriving startup ecosystem, often referred to as the "Startup Nation," has fostered an environment of innovation and collaboration that has contributed to the growth of the cybersecurity industry. Israeli cybersecurity companies often collaborate with international partners, both in the private and public sectors, to share knowledge and develop joint solutions. === Government Initiatives and Support === The government also supported well through various initiatives, such as the Israel National Cyber Directorate (INCD), which works to strengthen cybersecurity defenses and promote the development of the sector. === Academic institutions === Israeli universities and research centers are involved in cybersecurity research and education, contributing to the development of new technologies and training the next generation of cybersecurity professionals. Academic Tech transfer offices in Israel also facilitate the commercialization of cybersecurity technologies. Some academic institutions with cybersecurity laboratories include: Tel Aviv University Technion Ben-Gurion University
FarPoint Spread
FarPoint Spread is a suite of Microsoft Excel-compatible spreadsheet components available for .NET, COM, and Microsoft BizTalk Server. Software developers use the components to embed Microsoft Excel-compatible spreadsheet features into their applications, such as importing and exporting Microsoft Excel files, displaying, modifying, analyzing, and visualizing data. Spread components handle spreadsheet data at the cell, row, column, or worksheet level. This article is about the last FarPoint edition of the Spread product line. Spread is now developed by GrapeCity, Inc. Since the acquisition, Spread for Biztalk Server has been removed from the product line and SpreadJS, a JavaScript version, has been added. == History == 1991 Spread released as a DLL control as the initial product offering from FarPoint Technologies, Inc. 1990s Spread VBX released. Spread ActiveX released. These components are now known as Spread COM. 2003 Spread for Windows Forms released as a completely new managed C# version prompted by the launch of Visual Studio .NET. 2003 Spread for Web Forms (now Spread for ASP.NET) released. 2006 Spread for BizTalk released. 2009 FarPoint Technologies acquired by GrapeCity. == Versions == Spread for Windows Forms: 5.0 Spread for Web Forms: 5.0 Spread COM: 8.0 Spread for BizTalk: 3.0 === Spread for Windows Forms === FarPoint Spread for Windows Forms is a Microsoft Excel-compatible spreadsheet component for Windows Forms applications developed using Microsoft Visual Studio and the .NET Framework. Developers use it to add grids and spreadsheets to their applications, and to bind them to data sources. In version 4.0, new cell types were added to display barcodes and fractions, and exports for XML and PDF were added. === Spread for ASP.NET === FarPoint Spread for ASP.NET is a Microsoft Excel-compatible spreadsheet component for ASP.NET applications. Developers use it to add grids and spreadsheets to their applications, === Spread for COM === FarPoint Spread 8 COM allows COM and ActiveX applications to incorporate spreadsheet features. In the 1997 book Visual Basic 5 for Windows for Dummies, Wally Wang lists an early version of Spread COM in Chapter 35: The Ten Most Useful Visual Basic Add-On Programs. === Spread for BizTalk === FarPoint Spread for BizTalk Server allows developers to integrate Microsoft Excel documents into Microsoft BizTalk applications. Spread for BizTalk Server includes two components: Spreadsheet Pipeline Disassembler - Parses data from Microsoft Excel (XLS and Excel 2007 XML, CSV, TXT) documents into XML data for processing through Microsoft BizTalk Server receive pipelines. Spreadsheet Pipeline Assembler - Assembles data from Microsoft BizTalk applications into Microsoft Excel (XLS or Excel 2007 XML) or PDF documents for transport through Microsoft BizTalk Server send pipelines. Developers find it a useful tool for organizations with Microsoft BizTalk Server Enterprise Application Integration. Prior to this release, BizTalk users wanting to use Excel data had to manually open the files and copy and paste data between the two applications. == Features == These features are common to all versions. Predefined cell types, including: currency date time number percent regular expression button check box combo box hyperlink image Formula support, including: cross-sheet referencing over 300 built-in functions Import and export: import to Microsoft Excel-compatible files export to Microsoft Excel-compatible files export to HTML files export to XML files Design-time spreadsheet designer Data-binding with customizable options Hierarchical data views, with parent rows and child views Grouping of rows or columns Sorting by row or column on multiple keys Cell spanning Multiple row and column headers Bound and unbound modes == Version-Specific Features == === Spread for Windows Forms === Support for Microsoft Visual Studio 2010 Support for Windows Azure AppFabric Integrated chart control Custom cell types Cell notes Child controls Splitter bars Built-in and custom skins and styles PDF export Microsoft Excel 2007 XML Support (Office Open XML, XLSX) Floating Formula Bar Range Selection for Formula Automatic Completion (type ahead) === Spread for ASP.NET === Support for Microsoft Visual Studio 2010 Support for Windows Azure AppFabric Integrated chart control AJAX-enabled Support for Open Document Format (ODF) files Multiple edits on multiple rows without server round trips Client-side column and row resizing Load on demand, which loads data from the server as needed for viewing Native Microsoft Excel import and export In-cell editing Multiple edits on multiple rows without server round trips Client-side column and row resizing Multiple sheets Searching Filtering Validations Cell spans PDF export === Spread COM === Custom cell types Cell notes Virtual mode for data loading Unicode support Customizable printing Text tips Import and export: Microsoft Excel 97 Excel 2000 Excel 2007 (requires the .NET Framework) Enhanced printing 64 bit DLL === Spread for BizTalk === Integration of Microsoft Excel data into Microsoft BizTalk applications Design-time spreadsheet schema wizard and spreadsheet format designer == Supported document formats == Adobe Portable Document Format PDF (.pdf) HTML Web Page (.html) Microsoft Excel Workbook (.xls) Plain Text (.txt) Comma-Separated Values (.csv) Open Document Format (Spread for ASP.NET)
MSpy
mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app monitors and logs user activity on the client device and sends the data to a personalized dashboard. Data the users can monitor includes text messages, calls, GPS locations, social media chats, and more. It is owned by Virtuoso Holding. == History == mSpy was launched as a product for mobile monitoring by Altercon Group in 2010. In 2012, the application allowed parents to monitor not only smartphones but also computers running Windows and macOS. In 2013, mSpy became TopTenReviews cell phone monitoring software award winner. By 2014, the business grew nearly 400%, and the app's user numbers exceeded 1 million. In 2015, mSpy received the Parents Tested Parents Approved (PTPA) Winner’s Seal of Approval in the United States. In 2015 and 2018, mSpy was the victim of data breaches which released user data. In 2016, mLite, a light version of mSpy, became available from Google Play. The same year, it was awarded the kidSAFE Certified Seal in the United States. In 2017, mSpy collaborated with YouTuber and journalist Coby Persin to conduct a social experiment on the dangers of social media and online predators. A social experiment, conducted with parental consent, involved Coby Persin to befriend three children—aged 12, 13, and 14—via Snapchat and then invite them to meet personally. Each of the participants agreed to the meeting and arrived at the designated location. The video of the experiment received widespread attention and helped to raise awareness about the importance of online security and parental controls. In early 2021, mSpy released a new feature - Screenrecorder. The feature allows parents to take screenshots of the kid's screen when they are browsing certain apps. In 2024, mSpy's Zendesk was compromised by an unknown threat actor, revealing their customer list. As of 2025, mSpy is compatible with Android, iPhone, and iPad devices. It provides access to various types of data stored on the device, including contact information, calendar entries, emails, SMS messages, browser history, photos, videos, and installed applications. Functions also include GPS tracking, geofencing, keyword alerts etc. == Reception == It was noted that since MSpy runs inconspicuously, there is risk of the software being used illegally. mSpy was called "terrifying" by The Next Web and was featured in NPR coverage of spyware used against victims of stalking and other domestic violence. In response mSpy released security updates aimed at reducing the risk of misuse and stated that it "uses encryption protocols to protect user data and that access is restricted to the account holder". In May 2015, Brian Krebs reported that mSpy was hacked, leaking personal data for hundreds of thousands of users of devices with mSpy installed. mSpy claimed that there was no data leak, but that instead, it was the victim of blackmailers. In September 2018, Krebs claimed and demonstrated that anyone could easily gain access to the mSpy database containing data for millions of users. The company responded by stating that the exposed data consisted primarily of error logs and incorrect login attempts. Following the incident, mSpy implemented new security measures, changed encryption keys, and reset passwords for affected accounts. A 2024 Sky News story characterised mSpy as "stalkerware". Leaked customer support messages from mSpy reveal misuse of its app for illegally monitoring partners and children.
Render layers
When creating computer-generated imagery, final scenes appearing in movies and television productions are usually produced by rendering more than one "layer" or "pass," which are multiple images designed to be put together through digital compositing to form a completed frame. Rendering in passes is based on a traditions in motion control photography which predate CGI. As an example, for a visual effects shot, a camera could be programmed to move past a physical model of a spaceship in one pass to film the fully lit beauty pass of the ship, and then to repeat exactly the same camera move passing the ship again to photograph additional elements such as the illuminated windows in the ship or its thrusters. Once all of the passes were filmed, they could then be optically printed together to form a completed shot. The terms render layers and render passes are sometimes used interchangeably. However, rendering in layers refers specifically to separating different objects into separate images, such as a layer each for foreground characters, sets, distant landscape, and sky. On the other hand, rendering in passes refers to separating out different aspects of the scene, such as shadows, highlights, or reflections, into separate images.
Autocommit
In the context of data management, autocommit is a mode of operation of a database connection. Each individual database interaction (i.e., each SQL statement) submitted through the database connection in autocommit mode will be executed in its own transaction that is implicitly committed. A SQL statement executed in autocommit mode cannot be rolled back. Autocommit mode incurs per-statement transaction overhead and can often lead to undesirable performance or resource utilization impact on the database. Nonetheless, in systems such as Microsoft SQL Server, as well as connection technologies such as ODBC and Microsoft OLE DB, autocommit mode is the default for all statements that change data, in order to ensure that individual statements will conform to the ACID (atomicity-consistency-isolation-durability) properties of transactions. The alternative to autocommit mode (non-autocommit) means that the SQL client application itself is responsible for ending transactions explicitly via the commit or rollback SQL commands. Non-autocommit mode enables grouping of multiple data manipulation SQL commands into a single atomic transaction. Some DBMS (e.g. MariaDB) force autocommit for every DDL statement, even in non-autocommit mode. In this case, before each DDL statement, previous DML statements in transaction are autocommitted. Each DDL statement is executed in its own new autocommit transaction.
Aarogya Setu
Aarogya Setu (lit. 'The bridge to health') is an Indian COVID-19 "contact tracing, syndromic mapping and self-assessment" digital service, primarily a mobile app, developed by the National Informatics Centre under the Ministry of Electronics and Information Technology (MeitY). The app reached more than 100 million installs in 40 days. On 26 May, amid growing privacy and security concerns, the source code of the app was made public. == Full view == The stated purpose of this app is to spread awareness of COVID-19 and to connect essential COVID-19-related health services to the people of India. This app augments the initiatives of the Department of Health to contain COVID-19 and shares best practices and advisories. It is a tracking app which uses the smartphone's GPS and Bluetooth features to track COVID-19 cases. The app is available for Android and iOS mobile operating systems. With Bluetooth, it tries to determine the risk if one has been near (within six feet of) a COVID-19-infected person, by scanning through a database of known cases across India. Using location information, it determines whether the location one is in belongs to one of the infected areas based on the data available. This app is an updated version of an earlier app called Corona Kavach (now discontinued) which was released earlier by the Government of India. == Features and tools == Aarogya Setu has four sections: User Status (tells the risk of getting COVID-19 for the user) Self Assess (helps the users identify COVID-19 symptoms and their risk profile) COVID-19 Updates (gives updates on local and national COVID-19 cases) E-pass integration (if applied for E-pass, it will be available) See Recent Contacts option (allows the users to assess the risk level of their Bluetooth contacts) It tells how many COVID-19 positive cases are likely in a radius of 500 m, 1 km, 2 km, 5 km and 10 km from the user. The app is built on a platform that can provide an application programming interface (API) so that other computer programs, mobile applications, and web services can make use of the features and data available in Aarogya Setu. == Response == Aarogya Setu crossed five million downloads within three days of its launch, making it one of the most popular government apps in India. It became the world's fastest-growing mobile app, beating Pokémon Go, with more than 50 million installs 13 days after launching in India on 2 April 2020. It reached 100 million installs by 13 May 2020, that is in 40 days since its launch. In an order on 29 April 2020 the central government made it mandatory for all employees to download the app and use it – "Before starting for office, they must review their status on Aarogya Setu and commute only when the app shows safe or low risk". The Union Home Ministry also said that the application is mandatory for all living in the COVID-19 containment zone. The government gave the announcement along with the nationwide lockdown extension by two weeks from the 4 May with certain relaxations. On 21 May 2020, the Airport Authority of India issued a Standard Operating Procedure (SOP) stating that all departing passengers must compulsorily be registered with the Aarogya Setu app. It added that the app would not be mandatory for children below 14 years. However, the next day, Civil Aviation Minister Hardeep Singh Puri clarified that the app would not be mandatory for any passengers. On 26 May 2020, the Aarogya Setu app code was made open to developers across the globe to help other countries manage contact tracing in their fight against COVID-19 pandemic. In March 2021, Co-WIN portal was integrated with the app. This allowed users to schedule an appointment through the app for COVID-19 vaccine by registering their phone number and providing relevant documents. == Effectiveness == NITI Aayog CEO revealed that "the app has been able to identify more than 3,000 hotspots in 3–17 days ahead of time." However, users and experts in India and around the world say the app raises huge data security concerns. The app collects name, number, gender, travel history, and uses a phone's Bluetooth and location data to let users know if they have been near a person with COVID-19 by scanning a database of known cases of infection, and also share it with the government simultaneously. This is the major area of concern as the app's constant access to a phone's Bluetooth imposes a form of security threat. But it stood to clarify itself that the informations received are not going to be made public. Amidst all these, the app hits a record of about one-hundred million downloads. == Reception == Rahul Gandhi, leader of the Congress party, termed the Aarogya Setu application a "sophisticated surveillance system" after the government announced that downloading the app would be mandatory for both government and private employees. Following this, others raised the same concerns about the Aarogya Setu app. The Ministry of Electronics and Information Technology (MeitY) responded to these concerns by asserting that Gandhi's claims were false, and that the app was being appreciated internationally. On 5 May, French ethical hacker Robert Baptiste, who goes by the name Elliot Alderson on Twitter, claimed that there were security issues with the app. The Indian government, as well as the app developers, responded to this claim by thanking the hacker for his attention, but dismissed his concerns. The developers of the app stated that the fetching of location data is a documented feature of the app, rather than a flaw, since the app is designed to track the distribution of the virus-infected population. They also asserted that no personal information of any user has been proven to be at risk. On 6 May, Robert Baptiste tweeted that security vulnerabilities in Aarogya Setu allowed hackers to "know who is infected, unwell, [or] made a self assessment in the area of his choice". He also gave details of how many people were unwell and infected at the Prime Minister's Office, the Indian Parliament and the Home Office. The Economic Times pointed out that a clause in the app's Terms and Conditions stated that the user "agrees and acknowledges that the Government of India will not be liable for ... any unauthorised access to your information or modification thereof". In response, several software developers called for the source code to be made public. On 12 May, former Supreme Court Judge Justice B.N. Srikrishna termed the government's push mandating the use of Aarogya Setu app "utterly illegal". He said so far it is not backed by any law and questioned "under what law, government is mandating it on anyone". MIT Technology Review gave 2 out of 5 stars to Aarogya Setu app after analyzing the COVID contact tracing apps launched in 25 countries. The app got stars only for the policy which suggests that data collected is deleted after a period of time and that the data collection, as far as user inputs go, is minimal. It also highlighted that India is the only democracy making its app mandatory for millions of people. The rating was further downgraded from 2 to 1 for collecting more information than the app needs to function. Following this, the MeitY made the source code of the Android app public on GitHub on 26 May, which will be followed by iOS and API documentation. Further, the Government has also launched a "bug bounty program". This was done to "promote transparency and ensure security and integrity of the app". However, experts stated that the server-side code had not yet been publicly released, which meant that public opinion on security and privacy was yet to be completely assuaged. Following this, ZDNet noted that the source code seemed to confirm the government's claim that user location data, if collected, would be anonymised and would be deleted after 45 days, or 60 days for high-risk individuals.
Computer security compromised by hardware failure
Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft. Computer security can be compromised by devices, such as keyboards, monitors or printers (thanks to electromagnetic or acoustic emanation for example) or by components of the computer, such as the memory, the network card or the processor (thanks to time or temperature analysis for example). == Devices == === Monitor === The monitor is the main device used to access data on a computer. It has been shown that monitors radiate or reflect data on their environment, potentially giving attackers access to information displayed on the monitor. ==== Electromagnetic emanations ==== Video display units radiate: narrowband harmonics of the digital clock signals; broadband harmonics of the various 'random' digital signals such as the video signal. Known as compromising emanations or TEMPEST radiation, a code word for a U.S. government programme aimed at attacking the problem, the electromagnetic broadcast of data has been a significant concern in sensitive computer applications. Eavesdroppers can reconstruct video screen content from radio frequency emanations. Each (radiated) harmonic of the video signal shows a remarkable resemblance to a broadcast TV signal. It is therefore possible to reconstruct the picture displayed on the video display unit from the radiated emission by means of a normal television receiver. If no preventive measures are taken, eavesdropping on a video display unit is possible at distances up to several hundreds of meters, using only a normal black-and-white TV receiver, a directional antenna and an antenna amplifier. It is even possible to pick up information from some types of video display units at a distance of over 1 kilometer. If more sophisticated receiving and decoding equipment is used, the maximum distance can be much greater. ==== Compromising reflections ==== What is displayed by the monitor is reflected on the environment. The time-varying diffuse reflections of the light emitted by a CRT monitor can be exploited to recover the original monitor image. This is an eavesdropping technique for spying at a distance on data that is displayed on an arbitrary computer screen, including the currently prevalent LCD monitors. The technique exploits reflections of the screen's optical emanations in various objects that one commonly finds close to the screen and uses those reflections to recover the original screen content. Such objects include eyeglasses, tea pots, spoons, plastic bottles, and even the eye of the user. This attack can be successfully mounted to spy on even small fonts using inexpensive, off-the-shelf equipment (less than 1500 dollars) from a distance of up to 10 meters. Relying on more expensive equipment allowed to conduct this attack from over 30 meters away, demonstrating that similar attacks are feasible from the other side of the street or from a close by building. Many objects that may be found at a usual workplace can be exploited to retrieve information on a computer's display by an outsider. Particularly good results were obtained from reflections in a user's eyeglasses or a tea pot located on the desk next to the screen. Reflections that stem from the eye of the user also provide good results. However, eyes are harder to spy on at a distance because they are fast-moving objects and require high exposure times. Using more expensive equipment with lower exposure times helps to remedy this problem. The reflections gathered from curved surfaces on close by objects indeed pose a substantial threat to the confidentiality of data displayed on the screen. Fully invalidating this threat without at the same time hiding the screen from the legitimate user seems difficult, without using curtains on the windows or similar forms of strong optical shielding. Most users, however, will not be aware of this risk and may not be willing to close the curtains on a nice day. The reflection of an object, a computer display, in a curved mirror creates a virtual image that is located behind the reflecting surface. For a flat mirror this virtual image has the same size and is located behind the mirror at the same distance as the original object. For curved mirrors, however, the situation is more complex. === Keyboard === ==== Electromagnetic emanations ==== Computer keyboards are often used to transmit confidential data such as passwords. Since they contain electronic components, keyboards emit electromagnetic waves. These emanations could reveal sensitive information such as keystrokes. Electromagnetic emanations have turned out to constitute a security threat to computer equipment. The figure below presents how a keystroke is retrieved and what material is necessary. The approach is to acquire the raw signal directly from the antenna and to process the entire captured electromagnetic spectrum. Thanks to this method, four different kinds of compromising electromagnetic emanations have been detected, generated by wired and wireless keyboards. These emissions lead to a full or a partial recovery of the keystrokes. The best practical attack fully recovered 95% of the keystrokes of a PS/2 keyboard at a distance up to 20 meters, even through walls. Because each keyboard has a specific fingerprint based on the clock frequency inconsistencies, it can determine the source keyboard of a compromising emanation, even if multiple keyboards from the same model are used at the same time. The four different kinds way of compromising electromagnetic emanations are described below. ===== The Falling Edge Transition Technique ===== When a key is pressed, released or held down, the keyboard sends a packet of information known as a scan code to the computer. The protocol used to transmit these scan codes is a bidirectional serial communication, based on four wires: Vcc (5 volts), ground, data and clock. Clock and data signals are identically generated. Hence, the compromising emanation detected is the combination of both signals. However, the edges of the data and the clock lines are not superposed. Thus, they can be easily separated to obtain independent signals. ===== The Generalized Transition Technique ===== The Falling Edge Transition attack is limited to a partial recovery of the keystrokes. This is a significant limitation. The GTT is a falling edge transition attack improved, which recover almost all keystrokes. Indeed, between two traces, there is exactly one data rising edge. If attackers are able to detect this transition, they can fully recover the keystrokes. ===== The Modulation Technique ===== Harmonics compromising electromagnetic emissions come from unintentional emanations such as radiations emitted by the clock, non-linear elements, crosstalk, ground pollution, etc. Determining theoretically the reasons of these compromising radiations is a very complex task. These harmonics correspond to a carrier of approximately 4 MHz which is very likely the internal clock of the micro-controller inside the keyboard. These harmonics are correlated with both clock and data signals, which describe modulated signals (in amplitude and frequency) and the full state of both clock and data signals. This means that the scan code can be completely recovered from these harmonics. ===== The Matrix Scan Technique ===== Keyboard manufacturers arrange the keys in a matrix. The keyboard controller, often an 8-bit processor, parses columns one-by-one and recovers the state of 8 keys at once. This matrix scan process can be described as 192 keys (some keys may not be used, for instance modern keyboards use 104/105 keys) arranged in 24 columns and 8 rows. These columns are continuously pulsed one-by-one for at least 3μs. Thus, these leads may act as an antenna and generate electromagnetic emanations. If an attacker is able to capture these emanations, he can easily recover the column of the pressed key. Even if this signal does not fully describe the pressed key, it still gives partial information on the transmitted scan code, i.e. the column number. Note that the matrix scan routine loops continuously. When no key is pressed, we still have a signal composed of multiple equidistant peaks. These emanations may be used to remotely detect the presence of powered computers. Concerning wireless keyboards, the wireless data burst transmission can be used as an electromagnetic trigger to detect exactly when a key is pressed, while the matrix s