now browsing by tag
How to talk to your partner about dating safely during the pandemic | #tinder | #pof | romancescams | #scams
During the pandemic, many couples and singles have had to find safe ways to date and see each other. As it gets colder, it is now time to have another […] View full post on National Cyber Security
This article first appeared on MyHackerTech.com
This week we had the pleasure of talking to Laurie Mercer, Security Solutions Engineer at vulnerability coordination and bug bounty platform, HackerOne. Security Engineers are tasked with designing and building systems that remain dependable against malicious cyber attacks, vulnerabilities, and even natural disasters.
To be a security engineer you need a hybrid and knowledge and experience in several areas of IT. These areas include network engineering, system engineering, and security architecture, but other areas of IT may come into play as well.
Laurie started his IT career in software development and transitioned into penetration testing as his interest in IT Security strengthened. Today, Laurie’s focus is on responsible disclosure, vulnerability management, and risk reduction. He has worked in several roles including software, security, and education and has a diverse set of professional experiences.
For example, Laurie has worked on government security projects, including projects for the Chinese government, and the British Royal Family. Let us take a look at what Laurie had to say.
How did you get started in the industry?
I’ve been hooked on computers from a young age when I got my very first computer — a blue screen Amstrad!
By Bill Bertram – Own work, CC BY-SA 2.5, Link
I spent my teenage years building and breaking Linux boxes and, after reading Computer Science at the University of East Anglia, I began developing software professionally for projects large and small.
At the time I was coding everything from Ruby web apps to real-time communication services in C++STL. This was 3 years after the “Manifesto for Agile Development” was published and engineering practices, while rapidly changing, were still archaic. My first project had as much documentation as code and the system was updated every year, onto physical servers!
My career as an ethical hacker started rather accidentally. I had just returned from a Chinese language course in Kunming, China, when I was approached by a London based boutique consultancy. They were looking for a fast learner with a background in software engineering: if you can learn Chinese in 3 years, then ethical hacking should be a breeze, they said!
I retrained from a builder to a breaker and worked as a pen-tester for several years, alongside visionary researchers like James Forshaw (now ar Google’s Project Zero, the first-ever researcher to be awarded a US$100,000 bug bounty), James Kettle (now head of research at Portswigger) and Black Hat Conference regular, Alex Chapman.
As a “builder turned breaker”, my responsibilities have focused on both testing software and also trying to build security practices into software development teams.
In my current role as a security solutions engineer at HackerOne, I help to run bug bounty programs, coordinating thousands of the world’s best hackers to find vulnerabilities in software developed by companies and open source projects. Rather than having one or two people looking vulnerabilities once or twice a year, we can leverage thousands of people with diverse skill sets to continuously perform security assessments.
Bug bounty programs have become the number one source of high and critical vulnerabilities, and bounties are being paid out daily — some organizations are offering as much US$250,000 for a single critical bug.
What do you think are the biggest cybersecurity challenges the world is facing in 2019?
There are many cybersecurity challenges that we will have to overcome this year, and in the years that follow, but I’ve come up with three main areas.
As a user, I’m concerned that we put our trust in so many different systems and services every day, both in our personal and professional lives. These services may be incredibly beneficial to us, but how can we trust that they are safe and secure?
The scalability of security capabilities is a major concern. We live in a world where the number of digital services is increasing at a seemingly exponential rate. We need to design systems that scale appropriately to the number of people that will be using them now, but also 10 years from now.
In order to trust organizations to manage our data responsibly, we need to build frameworks for them to prove they are secure. At present, some companies are more transparent than others. Even when a company shares the information, sometimes it’s hidden layers and layers deep into a website, making it difficult to access. We need to set expectations for security and a process by which organizations can prove they have met these expectations.
How do you see the cybersecurity industry evolving in the next decade?
Hackers are the immune system of the internet. This immune system will grow to a community of millions of hackers, inclusive of security and IT professionals, hobbyist breakers and builders, developers, CISOs, presidents.
As new technology platforms are invented and adopted, new vulnerabilities will be introduced and discovered. Security will foster more collaboration and transparency will breed trust.
What are some simple steps that organizations can take to secure their data?
Have a Vulnerability Disclosure Program. A study recently conducted by the company I work for, HackerOne, found that 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies. This means that there’s no way for good-faith security researchers to report the bugs they find. If more companies implemented a Vulnerability Disclosure Program, the future will be safer for everyone.
Implement continuous security testing. New vulnerabilities are discovered all the time and sometimes things are missed. This is why continuous security testing is a must.
What advice would you give to aspiring ethical hackers and security professionals?
– Go to HackerOne and make a profile!
– Watch the Hacker101 training videos.
– Install Burp: A popular and useful tool for testing web application security.
– Complete the Hacker101 Capture The Flag.
– Report some vulnerabilities!
– Learn to code! There is no point in finding vulnerabilities if we can’t fix them!
Together we can build a safer internet!
View full post on National Cyber Security
Times have changed. Talk around the Thanksgiving table is a lot different in this tech age than it used to be.
I can picture kids gathered with their electronic devices and adults talking about the latest technology at work or their latest game console. All of this is going on while parents and grandparents are trying to keep up and learn this new language and terminology.
While kids are used to parents talking to them about things in their best interest, the tide has turned. It’s now time for us to have that security talk with mom and dad about protecting them in the cyber world.
You might not want to bring it up while mom or dad takes a bite of turkey and mashed potatoes, but at some point during Thanksgiving Day, you should talk to them about keeping their personal information safe online.
Unfortunately, we’ve seen too many high-profile hacks over the last year. With just the Equifax breach alone, half of Americans were impacted.
So, look at Thanksgiving as a chance to provide security tips to all of your family members. But you might have to explain it in a way they understand. Many don’t know that a virus also infects a computer and you might get a cold stare when you mention the word “phishing.”
Ransomware and varying types of encryption are also words you might want to stay away from, at least in the beginning.
Explain to them that phishing is when someone pretends to be someone else in order to steal information such as a credit card number, password or anything else that could be used in another attack. This is usually done through email and often contains a link to a website designed to trick you. Verizon’s data breach investigations report says 91 percent of data breaches happen this way. It’s also the most common way to get hit with viruses.
In simple terms, let your loved ones know that by avoiding phishing emails now they won’t have to deal with a stolen credit card months or even a year down the road.
There are three main ways to spot a phishing email: bad grammar, a thinly-veiled email disguise such as facebookk.com instead of facebook.com and weird links. You can hover your mouse over photos and links to see where they’ll lead you before clicking on them. If an email claiming to be from a legitimate site is actually going to a suspicious website, that’s a good sign it’s a scam.
Let your parents know there are password managers that can help you in remembering different passwords for all of your accounts. It’s not necessary for them to keep track of all of them.
You only have to remember one password when you use a password manager. You just simply log onto that and it’ll sync your browsers and devices, creating security and convenience.
Other misc advice
Some of this might be a little complicated to those who are in the beginning stages of learning technology. Instead of going into too much detail, here are simple ways to explain these terms.
HTTPS and SSL: If you see a green lock next to the URL on a website (that means you’re on an HTTPS page), that means you’re on a website that has a Secure Sockets Layer (SSL).
Ransomware: This is a virus that locks up your files and sometimes your entire computer unless you pay the ransom. The best solution is to back up your files regularly.
Patching: If you get sent an update from a company like Microsoft and Apple, go ahead and update your device. This can prevent hackers from accessing your computer.
Two-factor authentication: Think of this as the equivalent of having two locks on your door. It’s an extra layer of security on top of your computer password. The most common version is a code texted to your phone after entering your password. This makes it tougher for hackers to gain access to your accounts.
The best way of explaining computer security to your loved ones is to compare it to things they’d do at home like locking windows and doors. Showing them statistics of all the millions who’ve been impacted by these security breaches is another good method. Statistically, you’re more likely to be robbed online than you are in person.
The post How to #give your #parents the #cyber-security #talk over the #holidays appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
With such swift changes in smart-home technology these days, vendors area cranking out new-and-improved IoT devices faster than ever. How are we to secure our connected homes when manufacturers move to the next big thing and discontinue support – including firmware updates for the latest security threats – for existing…
The post We Need to Talk about Cybersecurity for Older, Unsupported IoT Devices appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ With divorce comes turmoil, tears, heartbreak, and pain — all things parents want to protect their children from. Which is why knowing how to talk to your kid about you and …
The post How To Talk To Your Kid About You & Your Partner’s Divorce In A Way They’ll Understand appeared first on Become007.com.
View full post on Become007.com
We’re dating differently now. Often on multiple apps at once, users can swipe through dozens of profiles every minute and plan multiple dates, whether in hopes of a love match or a hook-up. Decisions to meet arise from limited information: A convenient location; a sultry glance captured in pixels; a mutual interest in “banter.” In 2014, Tinder users were spending as long as 90 minutes a day on the site. But fake profiles abound, sexual predators use the sites, and some common online dating behavior—like meeting alone after scant acquaintance, sharing personal information, and using geolocation—puts users at risk. Read More…. View full post on Dating Scams 101
Parents can shield their children from only so much before they catch on that something is amiss. Sooner or later parents must have a talk with their children about an issue that is usually kept quiet.
For a countless number of Kern County families, parents who are in the country illegally confront the reality of telling their kids that one day they might come home from school and find mom and dad have been picked up and deported by immigration agents known as ICE.
“I just couldn’t find the words to explain this to my teen-age son who was born here,” said a Bakersfield parent who asked not to be named because of what he sees as increased ICE arrests.
View full post on Parent Security Online
Industry officials told lawmakers at a House Homeland Security Committee’s cybersecurity panel hearing Thursday that that U.S. government is hesitant to facilitate cyber threat data sharing with stakeholders in the private sector, Nextgov reported Thursday. Scott Montgomery, a vice president …
View full post on National Cyber Security Ventures
A group of 10-16 year olds sat down to talk honestly about what it’s like to be bullied in 2017.
While bullying has been a widespread issue for many years, kids today are dealing with a whole knew set of problems.
Mila Barbuto, one of the children in the group, didn’t hesitate to discuss her experience with cyber bulling.”They created a whole other Instagram account to hate on me.” said Barubuto.
Many of the other children had similar stories.
We hear from them tonight, and discuss how parents can help their children overcome these obstacles.
The post Kids talk honestly about what it’s like to be bullied in 2017 appeared first on Parent Security Online.
View full post on Parent Security Online