Category Archives: Best Practice

Lawmakers Demand Social Network Execs Reveal What They Spend to Fight Terrorism


Photo: Sean Gallup (Getty)

By Dell Cameron, Staff Reporter at Gizmodo  April 11, 2019

The head of the House subcommittee on intelligence and counterterrorism is on a quest to find out precisely how much money YouTube, Microsoft, Facebook, and Twitter are spending each to combat extremism across their myriad platforms. Since representatives of the companies seemed unequipped to answer that question during a briefing late last month, their CEOs are now being asked to cough up those figures.

Representative Max Rose, who chairs the subcommittee, sent a letter on Thursday to each of the four companies asking for among other details their annual budgets for counter-terrorism efforts and related programs, “expressed as absolute numbers as well as percentages of your company’s total annual operating budget.”

“We’ve seen in graphic detail the extent that terrorist organizations and extremists have used social media to amplify their reach and message in recent years,” he said. “While social media companies tell us they’re taking this seriously, I want to see the numbers to back that up—and won’t stop until we get answers.”

The letter also requests the number of employees dedicated solely to countering terrorists, including, it says, domestic terrorists, far-right extremists, and white supremacists, who’ve “made use of online platforms to connect with like-minded individuals and spread their ideologies.”

The letter is cosigned by Representatives Shiela Jackson Lee, James, Langevin, and Elissa Slotkin, each of whom also serves on the subcommittee.

“As you all know, a budget is a statement of values,” the letter continues. “We believe that the level of resources your companies allocate to containing and combating online terrorist content is a reflection of the seriousness with which you are approaching this issue.”

The letter also cites a number of incidents involving acts of terrorism committed by people who first posted hateful content online, including the terrorist behind the Christchurch massacres in New Zealand that resulted in 50 dead, another 50 injured; the far-right extremist who mailed pipebombs to Democratic politicians and journalists last year; and an anti-Semitic terrorist who murdered 11 worshipers at a synagogue in Pittsburgh, who regularly posted on the alt-right platform Gab.

“From the rise and spread of ISIS, to the recent attack in Christchurch, New Zealand which was livestreamed live on Facebook, serious questions remain as to how and what the companies are doing to combat the spread of terrorism and extremism,” Rose said.

Ensuring cybersecurity and privacy in IoT Adoption

By Jack Warner, Tech blogger/Content marketer (Online security and privacy) at TechWarn

The Internet of Things is still in its beginnings, but as devices become increasingly networked, the security implications are starting to cause headaches for businesses. Unlike consumers, companies “getting hacked” translates much more immediately into reputational damage, lost revenue, or even compensation claims.

The biggest risk to a company’s online security comes from the employees, says Jack Warner, cybersecurity expert at TechWarn. Poorly trained staff or a lack of clear IT policies encourages reckless behaviour and careless handling of sensitive data. Employees might not be aware of a device’s features and risks, or have the security averse mindset to notice potentially damaging leaks.

More than ever before it is important for corporations to have all office equipment reviewed by a security-conscious team of engineers. There must be clear policies in place for what data is allowed to be collected by devices, and rules to which the data must adhere. This policy must apply equally to data collected by devices owned and deployed by the company, as well as owned by employees.

Case study: Fitness app data

In November 2017, the fitness app Strava released data collected by its users. Even though the data was already anonymised, it still created large attention as analysts discovered the data revealed the location of secret military bases, as soldiers would wear their fitness IoT devices while jogging around the base, going on patrol, or working out.

The workout routes outlined the size and location of bases, gave an estimation of how many soldiers are stationed there, and even what the rough patrol frequency could be. The Strava data leak represents a massive security risk for the operation of U.S. forces and is entirely self-inflicted.

Information like this can easily harm a commercial organisation as well. Testing locations, scouting locations, or delivery routines may well be the well-guarded intellectual property of an organisation.

There are plenty of other IoT devices that employees might casually use that reveal sensitive data. Staff phones might record their location as well as be used to take pictures. Employees might inadvertently share their location through social media, or use a smart scanner app on their phone to convert sensitive data to pdf. Passwords might be pasted into the draft folder of personal email accounts, or customer information might land in an employee’s personal contact list, from where it gets uploaded to various apps.

Networked devices in offices

When information security is not put into consideration from the very start, the typical office might be already full of devices that do not respect privacy and create security leaks. For example, a printer may retain printed documents for a long time (or even upload them online) and air purifiers may make collected data available to a central server.

 

 

Even systems like thermostats, lamps, or door locks often come with network capabilities and might share their data with advertisers or at least a central cloud service. At a minimum, this opens to opportunities for intruders or competitors to get access to company secrets.

Company networks and intranets

While we have become more sensitive to publicly facing information, internal databases and networks of organisations are still too often seen as “safe.” It is often here that hackers have free rein and, once inside the network, can leverage their privileged position to connect to databases, infect computers with viruses or sabotage critical equipment.

Routers are among the most neglected equipment in office networks. While the devices of employees receive regular automatic updates, and servers are of high concern, routers are rarely inspected and don’t receive updates. Yet all company traffic will pass through them, and anybody in control of the router can intercept, malform, inject or alter any data sent to the internet and other internal devices.

A good VPN router is not hard to come by, but price differences between models can be immense and their benefit not obvious to the buyer and operator.

Reliance on third-party hosting providers

The biggest threat to an organisation’s privacy needs has become the widespread use of hosted services including email, chat, and file management.

While a few years ago it would have still been relatively common for at least large organisations to manage their own email servers and store documents on internal servers, today it’s almost exclusively third-party cloud providers. Emails, chats, documents, software code—there is almost nothing left inside of the offices of many companies.

An everlasting struggle

The way internet services and Internet of Things devices are developing is very much contrary to the privacy and security needs of corporations. So far there is little pushback or demand for more security conscious services.

The most sustainable strategy for corporates may be to limit the amount of information they collect from their customers, and host this information along with their intellectual property, on self-maintained physical infrastructure in-house.

________________________________________________________________________________________________

About the author

Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on topics such as whistleblowing and cybersecurity tools.

Why community is at the heart of every tech hub


Image Credit: Shannon Ramos / EyeEm / Getty Images

By Kyle York, Guest Author (VentureBeat) and VP of Product Strategy, Oracle Cloud Infrastructure  @KYORK20          April 7, 2019 4:44 PM

 

When people think of technology, they often think in general terms like “the cloud” or “artificial intelligence.” But technology is physical. It is cables and servers and the mobile device in your pocket. Technology is also human.

I don’t mean this in some philosophical sense. I mean that the physical components that make up technology are built by human beings. And human beings vary, as do the communities in which they live.

Technology may be flattening the world, but we are still in many ways reflections of our local communities and their histories — particularly in less transient communities where people have established deep roots. These communities aren’t usually what we have in mind when talking about great startup ecosystems, but they can actually become thriving tech hotbeds.

I saw great examples of this — and the ways that large companies can help foster these communities — at the VentureBeat BLUEPRINT 2019 event in York, Pennsylvania.

York, Pennsylvania

The York Plan of the 1940s allowed different industries within York County to come together and build the parts needed to help the United States win World War II. Today, John McElligott, Founder and CEO of York Exponential, is heading a York Plan 2.0 and wants the area to become the robot mechanic capital of the world. He said he was not authentic with his first startup and tried to turn York into a new Silicon Valley. He realized that wasn’t playing to the community’s strength. So instead he tapped into the community’s roots — hard-working people who are good with their hands and machines — to come up with the idea of repairing robots.

Minneapolis/St. Paul, Minnesota

Matt Lewis, Director of Make It. MSP, an organization that works with more than 100 local companies on strategies to retain talent, shared an interesting fact about Minneapolis/St. Paul: It has the largest collection of Fortune 500 headquarters per capita of any place in the United States. He discussed a variety of reasons for why that was the case, but regardless of how it happened, entrepreneurs are using that to their advantage now. That is why enterprise tech is a huge market within this area: There is a need, and startups are popping up to fill that need.

Manchester, New Hampshire

My own city, Manchester, was once a booming textile manufacturing mecca but struggled with hard economic times for decades. The city has now reinvented itself as a hot bed for entrepreneurial activity in technology, biomedical, and higher ed innovation (led by Southern New Hampshire University and Alumni Ventures Group). These are three industries that lend themselves to the types of hard-working, mission-driven folks who occupy southern New Hampshire.

The role of large companies

During the event, I participated on a panel in which we discussed the effects that large companies can have on helping these types of ecosystems. Shelley McKinley, Head of Technology & Corp. Responsibility Group, Microsoft, said large companies can use their influence to work with governments, both federal and local, on laws and regulations that help startups and industries grow.

Kate Kaufman, Director of Account Operations, Uber Freight, discussed the amount of data that a company like Uber has access to. Their focus is to put that data in the hands of small businesses, allowing them access to information they historically didn’t have, which can help their businesses compete.

Startups rarely succeed on their own. They often need the collective resources of their communities. Embrace your community. Don’t try to change it. If you can find a niche that makes sense for the talent that already exists in your community, then both your startup and your whole entrepreneurial ecosystem have a chance to do something great.

Kyle York is VP of Product Strategy for Oracle Cloud Infrastructure.

________________________________________________________________________________________________

Join Ted Price, Brock Pierce, Nolan Bushnell and other game industry rock stars at GamesBeat Summit April 23-24. Limited tickets available.

Texting or chatting while walking, the new phone addiction you need to stop

James Wanzala , Reporter for the Standard Group (StandardMedia, StandardDigital News)
20th Jan 2019 00:00:00 GMT +0300

You might have been hit by a person busy chatting or texting as he or she walked along the street. Or, you might have seen someone hitting a pole, a transparent window or falling into a pool of water while using the phone while walking. This is the new smartphone addiction that experts are warning is costing people their lives or leaving them with injuries. Experts now say distracted walking is a growing problem around the globe, as people of all ages become more dependent on electronic devices for social and professional engagements. The advent of smartphones that comes with social media sites like Facebook, Twitter and Instagram has accelerated this problem. Multitasking is common, and can be dangerous if one is not careful. “The phone distracts you from minding your safety while walking. We used to call out the youth for this behaviour but now it spans nearly all age groups,” says Sam Wambugu, an information specialist. Authorities in some countries have come up with laws to curb texting or chatting while walking. In South Australia for instance, the Under the Road Traffic Act states that a person “must not walk without due care or attention or without reasonable consideration for other persons using the road,” lest they face a $105 (Sh10,500) fine.

Banned texting

In 2012, Fort Lee, a municipality in New Jersey, banned texting while walking. Violations come with an $85 (Sh8,500) ticket. Back home, the National Transport and Safety Authority (NTSA) traffic rules only prohibit a driver from using a phone while driving, which sets him back Sh2,000. According to a study published in 2012 by researchers from New York’s Stony Brook University, 60 per cent of people texting while walking veered off their walking path. Over a decade’s time, texting and walking has caused more than 11,100 injuries. In fact, according to the National Highway Traffic Safety Administration, pedestrian deaths numbered 5,376 — and were the only group of road users whose fatality numbers increased. A report from the American Academy of Orthopedic Surgeons also revealed that 78 per cent of American adults believe that distracted walking is a serious issue — but only 29 per cent owned up to doing it themselves. Our brains have evolved to focus attention on primarily one task at a time, a phenomenon psychologists refer to as inattention blindness. Wambugu adds: “People get carried away while texting and miss their flight at the airport because they become oblivious of their surroundings despite repeated calls to board the plane. Some people text while riding on a fast-moving boda boda, possibly another reason for increased road accidents.” Sociologist Kiemo Karatu agrees that chatting and texting while walking is a life risk and a solution must be found. “A lot of us are oblivious of the dangers we are exposing ourselves to. Inability to know when to stop doing two things at the same time is the challenge,” says Karatu. He proposes creating awareness probably through posters on the dangers of using one’s phone while walking. The Washington DC-based Safe Kids Worldwide organisation report dubbed Walking Safely, A Report to the Nation in 2012 found that pedestrian deaths among teens aged 15 to 19 now account for about 50 per cent of pedestrian fatalities. The study discovered that one in five high school students were found crossing the street distracted either by texting, playing video games or listening to music. “We suspect one cause of this disturbing trend is distraction; since the increase in teen injuries seems to correlate with the prevalence of cell phone use, both among walkers and drivers,” says Kate Carr, president and CEO of Safe Kids Worldwide. Just like children at school are taught how to wash their hands regularly to stay healthy, Wambugu says healthy use of the now ubiquitous mobile phones and other hand held devices may be an important addition.

Benefits of mobile passwordless authentication

 


By Kevin Beaver, Independent Information Security Consultant, Principle Logic, LLC
for SearchSecurity –TechTarget   05 Apr 2019

With an authentication method for mobile devices that goes beyond password and username credentials, IT can prevent social engineering attacks, while maintaining device usability.

 

Passwords can be a pain — especially when they’re not implemented properly and users are not adequately trained.

Traditional password methods expose user devices to phishing attempts and related attacks. Passwordless authentication for mobile devices attempts to eliminate the complexities and hassles associated with traditional passwords.

What is passwordless authentication?

When users log in to a portal that uses passwordless authentication, they receive a one-time authentication code via a text message, mobile app notification or email. This code takes the place of a standard password and enables users to log in to the application automatically. IT can use passwordless authentication for applications, mobile web apps or mobile site portals, but it can also work for connecting to Wi-Fi or a mobile VPN.

Newer offerings from vendors such as Yubico provide a hybrid approach to mobile passwordless authentication. Yubico relies on its YubiKey security token — a small piece of hardware that provides a layer of authentication — to authenticate users for mobile web browsers or app portals. Security keys can function as a single factor or as part of a multifactor authentication approach.

Amazon, Cisco and Microsoft offer passwordless authentication in some capacity, but there are lesser-known vendors in the market as well, such as Auth0 and Hypr. Auth0 enables text messages and email notifications as authentication methods. Microsoft’s Authenticator app for Apple iOS and Google Android enables users to approve logins to other Microsoft apps with a mobile push notification.

When should IT deploy passwordless authentication?

Passwordless authentication provides value to IT because it keeps mobile users from making poor security decisions. Password-based authentication opens the door for numerous user errors that negatively affect an organization’s security. Under password-based authentication, users can set and use short or easily guessed passwords, comingle personal and business passwords, or reuse the same password across multiple applications and systems. With passwordless authentication, organizations can avoid all of these vulnerabilities.

Passwordless authentication isn’t automatically secure, and its security depends on its implementation.

Passwordless authentication for mobile devices isn’t automatically secure, however, and its security depends on its implementation. There are certain threat scenarios in which attackers could exploit passwordless authentication, such as when they have access to the user’s mobile device or email account. Still, passwordless authentication is more secure than what most organizations have in place: taking the path of least resistance with weak passwords, shared passwords and more.

Passwordless authentication provides both convenience and added security, especially for larger organizations that have trouble keeping track of mobile users’ login information. This authentication method simplifies an end-user task that can be frustrating.

IT professionals looking to implement passwordless authentication should do their due diligence, develop requirements and goals for the technology and then perform a proof of concept with a vendor or two to see how the technology works. If an organization implements it correctly, passwordless authentication is a secure means for addressing the login challenges that users and IT face daily.
________________________________________________________________________________________________

« Older Entries