now browsing by tag
#cybersecurity | #hackerspace | Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure
At Sonatype we’ve been the stewards of the Central Repository (Central), the world’s largest component repository of Java and other JVM related components since 2007. Based on this experience, I’ve learned first hand how challenging it can be to serve as the steward for a public repository. I know how hard it is to gain and keep the trust of millions of open source software developers. In my humble opinion, earning trust starts with “picking up a shovel” and solving a problem on behalf of a community to help it grow and flourish. Community trust is further amplified when you can muster enough resources to solve the same problem in a reliable and scalable manner over a period of many years.
But, here’s the thing; operating a public repository in support of millions (Read more…)
View full post on National Cyber Security
Over the past two years a cottage industry has emerged of media experts and journalists warning of the potential dangers of “deep fakes.” Videos of Vladimir Putin or Barack Obama saying whatever a video-editor wants them to say have been widely shared on mainstream networks to raise fears over privacy and the dangerous “post-truth” world of the Internet.
While most mainstream networks have a vested interest in questioning the legitimacy of digital and citizen-led news, there is no doubt that verifying video content is becoming more difficult.
On the one hand, deep fakes are likely to become a central component of internet culture, fueling the political caricature and memes of tomorrow. On the other hand, there is a darker side. It’s not unrealistic to envision a future in which videos from inside Syria or a protest in Iraq are doctored in a way that could alter our understanding of key events.
It’s not unrealistic to envision a future in which videos from inside Syria or a protest in Iraq are doctored in a way that could alter our understanding of key events.
The blockchain may have a solution. According to Amy James of Alexandria Labs, one of the fundamental problems of the web is that there is no public index. Today when we search the web, we’re searching a private index. This makes detecting changes to search rankings, or the de-platforming of certain ideas and even individuals, very difficult to determine.
Amy James of the’Open Index Protocol’ explains how a distributed global index for the web could help fight deepfakes.
There’s also a less obvious reason why a public index might be a good idea. James argues that “because the web doesn’t have a transparent, secure and version-controlled index it can be difficult to discern truth from fiction online.”
“the web was intended to be fully decentralised.”
On a blockchain immutable index in which every ‘transaction’ is public and recorded, it should be easier to notice when a video is first uploaded and edited, or if different versions of the exact same video are in existence.
James adds “the web was intended to be fully decentralised.” The apps we all know and love – from Spotify, to Netflix – provide customization and allow networks to scale. At the same time, “private companies build the walled garden infrastructure that we have today so the web could scale and be convenient.” While this model maybe profitable, it centralizes information and control in the hands of closed platforms. “When the web was developing in the early 90s the technology didn’t exist yet to build an index as an open standard protocol,” states James.
“When the web was developing in the early 90s the technology didn’t exist yet to build an index as an open standard protocol”
Alexandria Labs believes the future is a “fully decentralized open protocol for indexing and distribution.” Instead of artificial barriers to content access, an open-source and decentralized protocol would index all public data on the Web, recording it on the blockchain. That’s one way of figuring out if a video of Nancy Pelsoi drunk is actually real.
Full disclosure: Al Bawaba is exploring blockchain solutions on the Open Index Protocol.
View full post on National Cyber Security
#infosec | #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public
Speaking at the Cloud Security Alliance (CSA) summit at the RSA Conference in San Francisco, Alex Stamos, adjunct professor at Stanford University’s Freeman-Spogli Institute, said that issues and decisions made by technology companies have angered people.
Stamos, who previously served as CISO of both Facebook and Yahoo, said that once he stepped out of those roles and “out of constant emergencies” he could see the bigger picture.
He said that “tradeoffs from a policy perspective are poorly understood by the public and usually go back to the engineering adage of do you want it done correctly, cheaply, or quickly—pick 1 of 3.” Stamos said that this is a basic problem of society, as people say that they don’t want companies looking at their data, but to stop bad things happening you need to see bad things. “Politicians say companies have to find the bad guys, but you cannot have two things.”
Another issue Stamos highlighted is the balance that technology companies have for “solving societal ills,” as he pointed out that technology companies provide platforms while “every bad thing [that] happened [was] done by people.”
He said that companies have to “embrace transparency and make decisions in a transparent manner.” However, the line has to be drawn around bullying and harassment, as “nothing has changed since the last election.”
Stamos said that Google, Facebook, and Twitter came up with policies on political advertising “in closed rooms with no transparency,” and these will be the rules that the 2020 election will be fought on.
He recommended that the tech industry adopt a regulatory framework similar to what Germany did regarding what speech is allowed online, but should consider how this can be adopted by countries with reduced democratic freedoms. “Or you end up with tech companies who are happy if they get regulated if they can make money, as most people who use the internet don’t live in democracies, or if they do, it is with reduced free speech.”
Stamos concluded by saying that we “have to realize that technology has made changes in good and bad ways” and take responsibility for that.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans by Alice Duckett Over the past couple of years, Sophos’ Director of Security Craig Jones has discovered a worrying amount of personal data on public Trello boards. Mark says companies shouldn’t microchip their employees and Duck discusses a bug that could have blown a hole in […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers claim 3,2020 government emails have been leaked. The report claimed that the email IDs of 11 departments, including the Bhabha Atomic Research Center and the Ministry of Information, exist on the dark web. Sai Krishna Kothapalli, an IIT-Guwahati alumnus and founder of the cybersecurity […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans SEIU reaches tentative agreement at Cleveland Public Library in attempt to avert strike By Isaac Finn 25 January 2020 On the evening of January 23, Cleveland Public Library (CPL) and Service Employees International Union (SEIU) 1199 reached a tentative agreement covering roughly 400 librarians, assistants […] View full post on AmIHackerProof.com
#school | #ransomware | Las Cruces Public Schools computers still offline a week after hacking attack
Source: National Cyber Security – Produced By Gregory Evans Education LAS CRUCES, New Mexico — The computer network for the Las Cruces Public Schools remained offline a week after a ransomware attack by hackers forced the shutdown of the entire system. After originally trying to get existing servers for dozens of schools back online late […] View full post on AmIHackerProof.com
ALPHARETTA, GA — The City of Alpharetta is warning the public to be cautious when using online dating websites after a citizen was recently blackmailed.
The Alpharetta Department of Public Safety recently took a report from a citizen who was using a dating app and made a decision to send intimate pictures to the person they connected with, the city said.
“The victim has now paid thousands of dollars to the person to keep those pictures off social media channels,” the city said. “The perpetrator, in this case, has not gone away and continues to threaten and demand more money from the victim.”
Cyber dating and the apps that make it possible attracts millions of people. Many in search of companionship, many seeking long-term relationships, and many seeking to steal identities or worse, the city said. The world of online dating is fraught with top-of-mind risks (Is that photo really the person I’m talking to? Could this person be a predator?), but there is also a growing list of concerns related to data privacy.
“The fact is, dating sites and apps have a history of being hacked,” Alpharetta said. “For example, in 2018 BeautifulPeople.com was hacked and the responsible cyber criminals sold the data of 1.1 million users, including personal habits, weight, height, eye color, job, education and more, online. In early 2019 detailed user records of more than 42 million dating app users were found on a Chinese database that was not even protected by a password. The user records found on the data base contained everything from IP addresses and geo-locations to ages and usernames, giving potential hackers plenty of information to take advantage of.”
But, there are also many stories of people who found each other via online dating apps and are in very happy relationships today, Alpharetta wrote. So, the city said it does not want to scare any adult away from using them. The city said it wants everyone to be safe with their online dating activities.
With that in mind, here are a few tips that the city encourages all online daters to use:
As with all of your Internet accounts, use a strong, unique password and two-factor authentication, if it’s available.
Beware of anyone sending you links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites that can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it to see the address.
Only ever access your dating app on a secure WiFi network. An even better option is to protect the Internet connection of your dating app with a trustworthy VPN. This will add an extra layer of security to the app’s encryption.
Privacy And Social Engineering
Never share your full name, address, or place of work in your profile. Tinder, Bumble and Happn all allow users to add information about their job and education. With just this information and a first name, Kaspersky researchers were able to match a dating app profile to a LinkedIn or Facebook account 60 percent of the time.
Do not link your account on a dating app to your Facebook account. This makes it easier for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach.
Using the same logic, do not link your Instagram, Twitter, or WhatsApp accounts to your dating app or share them in your profile.
For accounts or relationships based on your email, don’t use your everyday email address. Instead, get a separate, anonymous email just for that specific app or relationship.
Always disable any location-sharing features in your accounts on dating apps.
If you are uncomfortable sharing your cell phone number with someone you just met online, there are services that allow you to create a separate phone number. These services give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.
If an account looks suspicious, try doing a reverse image search of the profile pictures. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.
Eventually, you will have to share information about yourself. You are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences and avoid specific information that could identify you. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.
Avoid sending digital photos to users you do not trust. Digital photos can contain metadata about when and where the photo was taken along with other information that could be used to identify you. If you must share a photo, be sure to remove its metadata first. Also, always keep in mind that any explicit pictures you send could be used for blackmail.
If you are chatting with someone and they are responding incredibly fast or if their responses seem stilted and full of non-sequitur questions, you should proceed carefully. While it is possible you have enchanted someone so thoroughly that they are struggling to respond coherently, it is more likely you are chatting with a bot. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)
This may seem obvious, but if someone asks you over a dating app to send them money, your answer should always be “No.”
Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them.
Have a mutual understanding of boundaries. No matter what kind of date you have planned, it is always safer to know exactly what you’ll be doing. By discussing a plan beforehand, you can both go into the situation knowing what you are and aren’t comfortable with.
Meet in a public place first. No matter what kind of date you’re going on, it is always safer to meet in an open and public place first. Avoid meetings that take place in remote areas, vehicles or anywhere that makes you feel uncomfortable.
Always let someone know where you are. Before meeting up with someone, let a friend or family member know where you’ll be. Some apps let you share your location with others so that someone can keep an eye on you during your date.
The post #cyberfraud | #cybercriminals | Alpharetta Warning Public About Online Dating Scams, Threats appeared first on National Cyber Security.
View full post on National Cyber Security