It’s

now browsing by tag

 
 

#deepweb | Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion

Source: National Cyber Security – Produced By Gregory Evans

Oligarchy rules the United States: the republic has been ransacked, its commonwealth privatised, and rentierism runs amok. The richest 10% of Americans capture an estimated 97% of all capital income – including capital gains, corporate dividends and interest payments. Since the financial crisis of 2008, almost half of all new income generated in the US has gone to the top 1%. The three wealthiest people in the US now own more wealth than the bottom 160 million Americans. And the richest family in America – the Walton family, which inherited about half of Walmart’s stock – owns more wealth than the bottom 42% of the American people.

The case for bold action is clear and overwhelming. Only a deep reconstruction of economic and political rights can challenge oligarchic power and halt runaway environmental breakdown. Fortunately, Bernie Sanders has just announced a new plan that matches the scale of the crisis.

His announcement on Monday of the corporate accountability and democracy plan is the latest and boldest proposal for economic democracy in America to emerge from the Democratic presidential race. At its core, it seeks to democratise the company by redistributing economic and political rights within the firm away from external shareholders and executive management toward the workforce as a collective. This is about redistributing wealth and income, but critically, it is also about redistributing power and control. Democratising the company would transform it from an engine of wealth extraction and oligarchic power toward a genuinely purposeful, egalitarian institution, one where workers would have a collective stake and say in how their company operates, and would share in the wealth they create together.

The Sanders plan would transform and democratise economic and political rights by fundamentally rewiring ownership and control of corporate America. Companies would be required to share corporate wealth with their workers, transferring up to 20% of total stock over a decade to democratic employee ownership funds. The monopoly on voting rights that private external shareholders and their financial intermediaries have benefited from would be ended; employees would be guaranteed the right to vote on corporate decision-making at work, and have a voice in setting their pay, regardless of the kind or size of company or firm they work for. Corporate boards would be democratised, with at least 45% of the board of directors in any large corporation directly elected by the firm’s workers. And the outrageous power of asset management – whose actions have done so much to accelerate the climate crisis by continuing to invest heavily in fossil fuel companies – would be ended. Asset managers would be banned from voting on other people’s money – the collective savings of millions of ordinary workers – unless following clear instructions from the savers.

Taken as a whole, Sanders’s plan would radically re-engineer how the company is controlled and for whom. The echoes with Labour’s agenda for democratising economic power is obvious, particularly John McDonnell’s inclusive ownership fund proposal, and further evidence of an increasingly fertile transatlantic pollination of ideas and practice, from the Green New Deal to movement building. Common Wealth, the thinktank that I am the director of, is another example of this, committed to designing ownership models for the democratic economy on both sides of the Atlantic. In this, at least, there is much to learn from the right; Anglo-American conservatism and the new right have long shared intellectual and organisational resources and common aims, from the incubation of neoliberalism, to current salivations over a disaster capitalism-style US-UK trade deal. It is time progressives did the same.

An emphasis on reimagining ownership and governance is a vital step forward. We face two deep crises – environmental breakdown and stark inequalities of status and reward – both sharing a common cause: the deep, undemocratic concentration of power in our economy. Working people lack a meaningful stake and a say in their firm. Corporate voting rights are near-monopolised by a web of extractive financial institutions. The needs of finance are privileged over the interests of labour and nature. Tinkering won’t address this deep imbalance in power. To build an economy that is democratic and sustainable by design, we need to transform how the company operates and for whom.

For the left, remaking corporations must be at the heart of a radical agenda. The company is an extraordinary social institution, an immense engine for coordinating production based on a complex web of relationships. The critical question is who controls how it operates and who has a claim on its surplus. Today, the answer is a combination of shareholders, institutional investors and executive management; the company has been captured by finance and extractive economic practices, but it doesn’t have to be that way.

The company – and the distribution of rights within it – are neither natural nor unchangeable. There is nothing inevitable about the existing, sharply unequal distributions of power and reward within them. The company is a social institution, its rights and privileges publicly defined. We can organise it differently: through social control, not private dominion, via democracy, not oligarchy. Sanders’s announcement is an important step toward that democratisation, and the deeper economic reconstruction that both people and planet deserve.

Mathew Lawrence is director of the thinktank Common Wealth

Source link
——————————————————————————————————

The post #deepweb | <p> Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | What it is and why it’s not so scary

Source: National Cyber Security – Produced By Gregory Evans

What you don’t know about the dark web might be exploited by a ‘dark web intelligence’ vendor. Forrester’s Josh Zelonis offers a simple explanation and some helpful pointers.

The dark web is nothing fancy. It’s really just a different series of protocols.

Commonly, when surfing the web, transport layer security (TLS) is the cryptographic protocol that provides confidentiality for your communication with the server. The green lock on your URL bar is an assurance, but not a guarantee, that you’re communicating confidentially with who you think you are.

While TLS is designed to provide confidentiality and identity, dark web protocols are designed to provide confidentiality and anonymity. There are many of these dark net protocols, but Tor is by far the most common, likely because of its use of exit nodes to allow a user to obtain anonymity on the public internet by routing traffic across the Tor network.

Don’t trust anything

The quality of your collection strategy dictates how confident you can be in your analysis – garbage in, garbage out. This is an often-ignored part of dark web marketing.

Anonymous networks help segment your actual identity from the persona (or avatar) you develop on these dark nets. Because of this, the reputation of your developed persona is the only currency you truly have. On anonymous networks, reputation is everything.

Also, remember that there’s no guarantee the person behind the persona you are interacting with isn’t a criminal, a threat intelligence company or possibly even law enforcement. The story of the Besa Mafia is a great example of criminals scamming criminals, getting hacked themselves, and then law enforcement arresting people who were trying to hire these fake hitmen. It’s also not uncommon for law enforcement to take control of a hidden site and continue hosting it in the hope of de-anonymising users.

Basically, trust nothing on the dark web.

‘There is some really bad stuff on dark nets, but they also are a critical resource’

Developing personas to obtain and, more importantly, maintain access is time-consuming and most of the work involved with good tradecraft on the dark web. Be wary that some ‘dark web intelligence’ offerings skip the hard part and are just using technical collection to scrape information from essentially public markets and forums.

To say this is a commodity capability would be a major understatement as the ability to automate the scraping of websites is as old as the internet and, as we’ve established, dark networks really just reflect a difference in protocol selection.

The use of the iceberg metaphor is a clever bit of psychological warfare – I mean, ‘marketing’ to remind you that they have access to all this stuff under the surface that you don’t. As someone who evaluates these vendors, many of them don’t either. You mind find yourself saying, ‘I registered for access and all I got was this low-confidence assessment’.

Intelligence v collection

Any company selling you on dark web intelligence is only talking about its collection strategy, and there are big problems with that.

After collection, the next challenge would be processing and exploitation. Processing is frequently discussed as stripping out things such as HTML tags from the raw data that has been collected. If you think that is a big deal, I have a regular expression (regex) to sell you.

Where things get interesting is trying to exploit this data to get something useful on an analyst’s desk. For example, very few, if any, public sector vendors have swathes of analysts translating everything on the dark web on a daily basis from languages such as Arabic, Farsi, Spanish, Russian and Mandarin. How is this being done at the same scale as collection?

Furthermore, how does your translation software handle slang? Without specific knowledge of a particular group, you would have no idea if they are using the code name ‘Iowa’ when describing a target in Iran.

Then there’s something I call ‘the Target problem’. Target is a retail chain with stores in the US, Canada and India – many of you may be familiar with the brand. Now, imagine the data problem created in attempting to parse out relevant chatter about the Target brand from the rest of the noise on the internet. Incidentally, the string ‘target’ appears five times in this article and only three times in the context of the retailer.

A vendor cannot have an appreciation of these problems and not talk about their solution to them. If they are just trying to sell you on their ability to collect data from the dark web and then show you their platform, you don’t need to see the platform.

The bright side of the dark web

There is some really bad stuff on dark nets, but they also are a critical resource. Anonymous networks are critical to journalists, whistleblowers, survivors of domestic abuse, people with sensitive medical conditions, the politically oppressed and more.

I’m going to wrap this piece with a bit of a personal appeal. Please consider supporting projects such as the Tor Project or Tails. And, if you’re in a decision-making position at an organisation where people might assemble or seek to obtain information, please ensure that your site is useable when coming from a Tor exit node with JavaScript turned off.

Unlike so much that we do in the cyberdomain, this can actually save lives.

By Josh Zelonis

Josh Zelonis is a principal analyst at Forrester serving security and risk professionals by helping them continuously adapt their architecture, policies and processes to evolving threats. His research focuses on threat intelligence, vulnerability assessment and management, malware analysis and incident response.

A version of this article originally appeared on the Forrester blog.

Source link
——————————————————————————————————

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference
_______________________________________________________________________________

The post #deepweb | What it is and why it’s not so scary appeared first on National Cyber Security.

View full post on National Cyber Security

Diversifying #IT #investment: It’s not #just #cyber-security

It is important that the company continues to look at all areas of the business in order to build a robust IT infrastructure.

Investing in a company’s IT systems is now a regular part of planning. However, it is easy for the team to focus on only a few areas of the business instead of taking a holistic approach. An overemphasis on data protection, for example, can overshadow other areas of the business; this has been seen most recently with Deloitte’s decision to increase its cyber-security investment to $600 million. In order to avoid this scenario, it is important that the company continues to look at all areas of the business in order to build a robust IT infrastructure.

When it comes to improving IT, many businesses are put off by the challenge of migrating legacy systems and platforms. It is a time-consuming process, especially if the business has expanded through M&A activity or partnerships. In most cases, data will be stored on different systems and in different formats, so a consolidation exercise is quite significant and will inevitably require a sizeable investment.

advertisement:

This issue can often go ignored as staff grow used to working with disparate data sets and systems. However, the impact on productivity and output is severely hampered as employees navigate through multiple programs to find client information or historical data. It is also likely that mistakes can be made when the data does not exist on a single accessible platform. Through well-thought migration and consolidation, processes will be streamlined, and the business can focus on delivering results rather than searching for and manipulating information.

Bringing on help

To achieve the best possible results, IT investment often needs to go beyond in-house systems and tools. As competition increases, businesses need to improve both their output and processes; this is where investment in outsourcing providers can prove invaluable. This solution is often overlooked, however, largely due to how outsourcing is historically viewed by IT and the business as a whole.

It is important for these groups to remember that outsourcing does not mean removing the internal team and replacing them with a third party – that is an option but is by no means the only choice available. More often than not, outsourcing is used to provide enhanced support on projects and services, alleviate the burden of certain processes or simply get advice on current business practices. If outsourced effectively, the IT team will have more time to develop and improve processes and applications for the business, while the third party can deal with the other day-to-day Business as usual (BAU)tasks.

Planning for the worst

IT investment typically aims to improve current technology or streamline certain processes, but there can be a huge gap when it comes to planning. Businesses are so familiar with using technology they often forget to strategically plan how to mitigate risks and unforeseen issues that can occur when things go wrong – be it a sudden office closure, a system failure, a catastrophic security incident or transport strikes. At a simple level, when the company is hit by an unexpected event, staff can often scramble to continue their working day. Without a clear strategy in place, the business risks losing vast sums of money due to the inability for staff to work effectively and efficiently. This doesn’t even take into account areas, such as reputational damage and regulatory penalties the company may face.

 

IT has a vital role to play in providing a comprehensive, structured and strategic business continuity plan that is able to respond to any challenges that can impact company operations. A key barrier to making improvements in this area is due to how the company views its IT priorities. Regulation, data protection and the general running of the hardware can seem like the most important parts of the business. However, if the day-to-day is not accounted for, these large-scale IT challenges will not matter – the business will simply suffer from lack of planning.

Here’s What’s at Stake for Companies That Don’t Comply With GDPR

IT investment is a vital part of how a company operates. However, it cannot be focused on a single area or aspect of the business. Simply investing in cyber security alone will not improve internal processes or streamline activity. As such, there needs to be a balanced approach to this activity, one that takes into account all aspects of the business in order to build a comprehensive and fully functioning IT operation.

The post Diversifying #IT #investment: It’s not #just #cyber-security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #Expert on #Tech #Giants Collecting Our #Data: ‘It’s Not #Surprising’

Software developer Dylan McKay discovered that Facebook has been collecting caller history and SMS data from outside the app. According to McKay, he became interested in what Facebook had collected on him after political consultancy Cambridge Analytica was accused of improperly harvesting the information of nearly 50 million Facebook users.

According to reports, Facebook became aware of Cambridge Analytica’s access to personal data back in 2015, after which it demanded that the acquired information be deleted.

While the firm assured the tech giant that its requirements have been fulfilled, Facebook recently learned that the data has not been completely destroyed.

Radio Sputnik discussed this with Kenneth Shak, senior cybersecurity consultant at LGMS, a professional information security service firm from South Asia.

Kenneth Shak: It’s not surprising that these tech giants are actually collecting our data. For example, from my own experience, I have come across when discussing some sort of information with my colleagues or my friends, for example, and, all of a sudden, in my Facebook or in my Google I can see ads targeted to what I was actually discussing. So there’s actually no fine line on how much these tech giants are actually collecting data from, so it’s quite scary, to be honest. All in all, it all boils down to the permissions given to the applications. It is not only the main Facebook application.

You have the Messenger application; you have the Messenger Lite application. I’m not sure that you realized upon installing and using these applications the first time on your phone you are actually asked a few questions. In the first, installing and using this application they will actually ask if you would like to link and upload your phone’s contacts to Facebook because you will make things easier for users to find or add friends on Facebook with all this contact data.

This step, though, is optional but not only on the Facebook application. Messenger will actually ask users for permission to access the SMS and call data on your phones for a similar purpose. But for Messenger, in particular, not the plain Facebook app, you’ll also be able to access your SMS messages and also your call log logs directly from your Messenger application. Think of it as an all-in-one messenger. When you have given all these permissions to Facebook to access all this data that was actually how they have managed to update all this data they have stored. Outside of the application and not just inside what you have given to Facebook and all these things are actually stored on your phone.

Sputnik: Do you think that in the future we can expect that there will be some kind of way to opt out of certain permissions?

Kenneth Shak: They should give a bit more convenience to the users to choose what they want to share. Actually, on your phones you can explicitly disable what you can share, for example the phone, the contacts, the storage, the camera. You can actually disable all those but they need all these permissions in order to work properly.

I’m not sure if you know, back February this year, Germany actually came to a ruling that how Facebook actually collects and uses the personal data of these users to be illegal. The reason is because there is insufficient information provided by Facebook to the users in order for the users to run their meaningful consent. So the users actually don’t know what exactly they are giving consent to. Facebook actually asked the users to agree to give access to camera, to the contacts, to the SMSs, to the address books but they do not tell the users to what extent they are giving or how much data they’re actually giving. This is actually a very-very vague consent given to Facebook.

Sputnik: So, now after that ruling, were there any changes made or was Facebook subjected any fines? What happened with Facebook in that situation?
Kenneth Shak: It depends very much from country to country. Since Facebook actually asked the users for their consents, no matter how vague they are, to gather and store this data during the installation, it may actually be legal for Facebook to do so. It’s a very-very fine line. It also boils down to the regulations imposed by different countries or their governments and where the Facebook actually operates. Germany can’t do much.

They can just rule that, this information, how they gather it, is very illegal. But since Facebook operates in Ireland and the US, users outside of these countries mainly are not able to do anything except filing a lawsuit from where Facebook is operating from, for example US or Ireland. For example, from our side, users from Malaysia definitely wouldn’t be able to do anything in regards to this issue because Facebook is not sanctioned under our Malaysian laws.

Sputnik: Do you think that we could see some serious legal action that’s going to have some really huge impact, not only on Facebook but on other tech companies as well?

Kenneth Shak: Definitely this is just the tip of the iceberg, but again as you know this is not the first kind of problem relating to personal data that actually surfaced. So for Facebook we actually see quite a number of lawsuits coming in and several governments are actually inquiring into this particular issue. Of course, all this amounts to Facebook losing nearly $50 billion off their share price. There is a long road ahead for Facebook trying to recover from all this. In light of all these issues Facebook, and not just Facebook, in particular and social media platforms like Instagram may be imposed with further regulations as well. This problem brings to light many other enhancements and additions of the regulations for other companies or tech giants as well in the future, not just for Facebook. The world will actually start to learn from this particular big issue and we will see further developments to this question as investigations on this issue are still on going.

advertisement:

The post Cybersecurity #Expert on #Tech #Giants Collecting Our #Data: ‘It’s Not #Surprising’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s #apparently #insanely easy to #hack #Apple #MacOS High #Sierra, and here’s how you can #protect yourself

Source: National Cyber Security – Produced By Gregory Evans

Most of us sleep better at night knowing that the data on our computers is safe from prying eyes. That’s why we have our trusty usernames and passwords. Well, turns out…not so much. Some tech-minded people found a super easy way to hack Apple MacOS High Sierra, and anyone can do it.

Usually, when you hear “hack” you think of some crazy complicated computing code that only the really dedicated can figure out, like Huck on Scandal or something. But to get into a computer that has the High Sierra operating system, all you have to do is type “root” as the username and leave the password field blank. Once you hit enter, you’re in.

We told you it was insanely easy.

The main user of a computer is called the “root user” and has “root access,” hence the name of the bug. The best way to protect yourself for now, according to Apple, is by setting a password for your main user account if you don’t already have one. Security experts and researchers have had varying experiences in replicating the bug, so it’s still being figured out. According to Wired, Apple is aware of the issue and working out a long- term fix, so hold tight for their update if you’re worried about your security.

Oh, and to make this even scarier, apparently the software can be hacked via malware too, meaning a hacker can get into your computer remotely.

So make sure you set your admin password and keep your eye out for anything out of the ordinary on your Mac or MacBook if you have Sierra. Hopefully, Apple will fix the bug ASAP.

The post It’s #apparently #insanely easy to #hack #Apple #MacOS High #Sierra, and here’s how you can #protect yourself appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Artificial #Intelligence is #Important for #Cybersecurity, But It’s Not #Enough

Source: National Cyber Security – Produced By Gregory Evans

The advent of Artificial Intelligence has brought with it a new scope for cybersecurity. Why the artificial intelligence is important for cybersecurity?

The advent of Artificial Intelligence has brought with it a new scope for cybersecurity. After all, an intelligent security system is expected to overcome any sophisticated threats. However, many security experts believe that AI is a double-edged sword and hence it could become dangerous at an epic level if it gets into the wrong hands. Let us make a quick analysis on the unison between cybersecurity and AI.

Cybersecurity is the need of the day. As if we didn’t have enough to worry about with terrorists running wild – always looking to inflict damage – we now have to worry about Cybercriminals as well. And in many cases, they can be a lot more dangerous than your average terrorist.

The significance of having a perfect cybersecurity strategy or solution has grown over the years. All the credit goes to the proliferation of smart devices on the Internet. Also, because of the growing endpoints that are always connected to the cyberspace, cybercriminals now have a plethora of opportunities to infiltrate devices.

Not only do hackers have more entry points to breach, but they also have more sophisticated tools to penetrate even into highly-secured devices or networks. How are they doing it? By mass producing sophisticated malware.

According to the 22nd threat report by Symantec, it is found that over 300 million malware were detected in 2016 alone. Not only this! John – the contributor at thebestvpn, shared the shocking statistic that one in every 131 emails contains a malware. The massive figure presents quite a shocking blow to businesses who then rush to come up with a more potent cybersecurity solution.

Moreover, we can’t ignore the fact that with the passage of time, cybercriminals have become smarter and more adept at countering traditional security practices. A survey conducted in 2017 of 70 professional hackers and pen testers found that 60% of hackers claim they can compromise a system within just 6 hours. Plus, over 80% of the hackers and testers said they could remain hidden from the network for 100 days after stealing sensitive data.

To combat such threats, we need to come up with a disruptive security technology that is not only efficient, but also proactive, faster and more intelligent. One such disruption that can prove itself an ideal security solution is Artificial Intelligence (AI).

Artificial Intelligence & Cybersecurity: A Perfect Unison or a Calamity

When we talk about Artificial Intelligence, the first thing that pops into our mind are technologies like Tesla’s self-driving cars or the Amazon Echo. This is because we take AI only as a “Buzzword” and nothing else.

Regardless, AI can offer more firepower when it comes to cybersecurity. It can cover the lack of manpower that we see in this highly complex field. Likewise, it can run things faster and hence detect threats before they could compromise a system and inflict damage.

Although there is a lot of potential in Artificial Intelligence for tackling complex cyber threats for good, there are some aspects that make it a double-edged sword. Before we move on to the other aspects of AI, let’s take a look at why it seems to be a great cybersecurity tool.

The Significance of AI as a Security Solution

IT experts at a company have a lot on their hands to monitor and analyze. They are always challenged with sifting through loads of security logs and activities, finding security threats that could pose a serious threat and coming up with mitigation strategies to contain it.

Moreover, there are weeks and months of logs that need to be scrutinized and vetted for security purposes. Identifying any abnormality in such vast amount of data and then formulating the right solution require not only more manpower but also more tools and resources.

However, an AI-powered machine can greatly assist IT personnel in monitoring, tracking and detecting anomalies efficiently.

Ryan Permeh, Cylance Chief Scientist, said in an online interview conducted by CSOOnline, “Historically, an AV researcher might see 10,000 viruses in a career.  Today there are over 700,000 per day.” He further states that his security firm uses AI to tackle such attacks.

Apart from that, AI as a security tool can help with the lack of manpower that the cybersecurity industry is currently facing. Over 40% of organizations claim that they suffer from a “problematic shortage” of talent in cybersecurity.

Shahid Shah, the CEO of Netspective Communications, claims that there is a lot of skill shortage in different cybersecurity areas such as advanced malware prevention, compliance, IDS/IPS, identity and access management, etc.

Shah further states that by implementing AI, security firms can depend on “computers to do the grunt work and leave humans to the decision-making.”

Why AI Currently Isn’t a ‘Perfect’ Cybersecurity Solution

If AI can be used to shield our systems or networks from cyber-attacks, it is rational to expect the technology being used for more attacks. Shortly, when AI becomes more automated and developed, we might see more sophisticated cyber-attacks carried out by intelligent malware or viruses.

In fact, Endgame’s security expert, Hyrum Anderson has proved just that at the DEF CON 2017. The team demonstrated an intelligent application that can re-engineer a malware and make it undetectable to even a smart antivirus. A group of researchers was successful in circumventing the protective layers of the AI-powered antivirus with its AI-powered malware 16% of the time.

The research was conducted to show that even AI can have blind spots that could be used to compromise systems.

The demonstration Hyrum Anderson presented isn’t the only research that indicates the negative implications of relying solely on AI. In fact, another research conducted by a security firm, Cylance, predicts AI “weaponization” soon.

According to the research, 62% of security experts believe that AI-powered cyber-attacks will increase in the near future, and hence the technology will be used as an intelligent cyber weapon.

“While AI may be the best hope for slowing the tide of cyberattacks and breaches, it may also create more advanced attacker tactics in the short-term,” says Cylance.

Final Say

AI-powered systems may reinforce our cybersecurity infrastructure, enabling our workforce to detect, contain, mitigate or stop cyber threats. However, relying solely on an intelligent technology that could be molded at our will can be dangerous. Plus, an AI-enabled attack may prove to be detrimental at an epidemic level.

The post Artificial #Intelligence is #Important for #Cybersecurity, But It’s Not #Enough appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IBM’s #Schneier: It’s #Time to Regulate #IoT to Improve #Cyber-Security

Source: National Cyber Security – Produced By Gregory Evans

The time has come for the U.S. government and other governments around the world to start regulating internet of things (IoT) security, according to Bruce Schneier, CTO of IBM’s Resilient Systems.

Schneier delivered his message during a keynote address at the SecTor security conference here Nov. 15. Today everything is basically a computer, whether it’s a car, a watch, a phone or a television, he said. IoT has several parts, including sensors that collect data, computing power to figure out what to do with the collected data and actuators that affect the real world.

“Sensors are the eyes and ears of the internet, actuators are the hands and feet of the internet, and the stuff in the middle is the brain,” Schneier said. “We’re creating an internet that senses, thinks and acts—that’s the classical definition of a robot.

“We’re building a robot the size of the world, and most people don’t even realize it,” he said.

What that means is that internet security is now becoming “everything” security, according to Schneier. As such, he noted that computer security expertise is now needed in the auto industry because cars are now computers and all the lessons of the cyber-world are applicable everywhere.

“Availability and integrity threats are important as real risks to life and property now,” he said. “So now vulnerabilities have very different consequences. There is a difference between when a hacker crashes a computer and you lose your data and when a hacker hacks your car and then you lose your life.”

In Schneier’s view, many of the existing security paradigms fail in the new world of IoT. Whereas traditional software firms and big mobile vendors like Apple and Google have dedicated security teams, the same is not always true for IoT vendors. As such, Schneier said that IoT devices are often not patched quickly, if at all.

“A home DVR could have been part of the Mirai botnet, and likely most people just don’t care so long as the device works,” Schneier said. “Defending against Mirai is hard because it’s not just dropping a patch on Windows and making it go away.”

Time for Regulation

The challenge of cyber-security cannot be effectively solved by industry alone, according to Schneier. Instead, he advocated for government involvement to help regulate technology security. As internet connected devices move into regulated industries, Schneier expects that computer software that has largely been regulation-free will need to change. There are also historical precedents for new technology usage leading to new government agencies and regulations. For example, the emergence of cars, airplanes, radio and television have all led to government agencies and regulation.

“In the 20th century, new technology led to the formation of new agencies all the time,” he said.

There are a lot of problems that markets cannot solve on their own, since markets are typically short-term profit motivated and can’t solve collective action problems, he said. Additionally, Schneier said there is a need to have a counter-balancing force for corporate power.

“Government is how we solve problems like this,” he said.

Schneier expects that there will be a lot of issues that will need to debated and resolved about connected technology regulations, but in his view there really isn’t a better alternative to ensuring cyber-security safety than government regulations. That said, the reason why he was speaking at SecTor was to help raise awareness and get cyber-security professionals engaged in government policy conversations, he said.

“As technologists, we need to get involved in policy, since IoT brings enormous potential and enormous risks,” Schneier said. “As internet security becomes everything security, all security has strong technological components.

“We’ll never get policy right if policy makers get technology wrong,” he said.

The post IBM’s #Schneier: It’s #Time to Regulate #IoT to Improve #Cyber-Security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Possible (and Fairly Easy) to Hack a PC With a Vape Pen

Source: National Cyber Security – Produced By Gregory Evans

It’s Possible (and Fairly Easy) to Hack a PC With a Vape Pen

E-cigarette smokers consider yourself warned: that vape pen you love to puff on could expose your computer to malware. According to a report from Sky News, security researcher Ross Bevington recently demonstrated how to hack a PC with a vape pen during a presentation at BSides London. Bevington showed how…

The post It’s Possible (and Fairly Easy) to Hack a PC With a Vape Pen appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Trustwave says it’s hiring hundreds to grow its cybersecurity business in Chicago

Source: National Cyber Security – Produced By Gregory Evans

Trustwave says it’s hiring hundreds to grow its cybersecurity business in Chicago

Trustwave, the Chicago-based information security firm that helps businesses protect against cyberattacks, unveiled its expanded headquarters and announced an internship program with the City Colleges of Chicago Monday at an event with Mayor Rahm Emanuel. CEO Robert McCullen said he plans to hire about 100 employees in Chicago this year….

The post Trustwave says it’s hiring hundreds to grow its cybersecurity business in Chicago appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It’s almost time for summer camp for kids around the tri-state area. As you pack and plan for the perfect summer, there’s a conversation you may want to have about bullying. …

The post It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp appeared first on Become007.com.

View full post on Become007.com