What is Cybersecurity?

With all of my recent posts on different types of cybersecurity attacks, and how important it is in society today, I think it is time to give a better understanding of “What is cyber security?”. Cybersecurity is the idea of technologies, processes, networks and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In computer context, security includes both cybersecurity and physical security.

Many people ask why is cyber security so important? Year after year, the world spends billions of dollars for for cyber security continues to grow. Organizations are starting to understand that malware is a publicly available commodity that makes it easy for anyone to become a cyber attacker, and even more companies offer security solutions that do little to defend against attacks. Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization’s network. Its purpose is to defend those assets against all threat actors throughout the entire lifecycle of a cyber attack.

To ensure cybersecurity it requires coordinated efforts throughout an information system. Elements of cybersecurity include:

Application security
Information security
Network security
Disaster recovery / business continuity planning
Operational security
End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security.

An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures.

HTTP vs HTTPS

There are many people that have recently been urging you to switch your website to the HTTPS security encryption. They cite Google’s announcement that HTTPS is a ranking signal and that failure to switch could mean your ranking will take a hit. But what is the true difference between HTTP and HTTPS?

HTTP stands for Hypertext Transfer Protocol. It’s a protocol that allows communication between different systems. Most commonly, it is used for transferring data from a web server to a browser to view web pages. The problem is that HTTP (note: no “s” on the end) data is not encrypted, and it can be intercepted by third parties to gather data being passed between the two systems. This can be addressed by using a secure version called HTTPS, where the “S” stands for secure.

Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection, such as e-commerce sites that accept online card payments, or login areas that require users to enter their credentials.

Sure, there are limits to this. HTTPS is not like a web application firewall. It’s not going to prevent your website from getting hacked. It’s not going to stop phishing emails getting sent, either. If you’re using a content management system (CMS), like WordPress, or you have any other login where you host any kind of sensitive data, then setting up a secure HTTPS login is the absolute minimum precaution you should take. In reality, HTTPS is the basic price of security these days. It’s the very minimum you can offer your visitors. Aside from security, HTTPS also improves trust.

HTTPS offers the base level of website security. Whether or not you should switch to HTTPS is a decision increasingly being driven by Google’s search algorithm. Switching to HTTPS is fairly straightforward for smaller websites. For larger websites, it’s more complicated, from an SEO perspective and requires skilled technical staff to make the changes.

Mobile Hacking

We live in a mobile and technology based world where nearly a billion new mobile phones ship each year. Businesses that are most efficiently adapting to today’s app lifestyle are the ones most successful at deepening customer engagement and driving new revenues in this ever-changing world. Where business opportunities rise, opportunities for black hat Hackers that conduct illicit, illegal and malicious activity also begin to rise. Hence creating an issue with security in mobile apps.

Hackers are increasingly aiming at binary code targets to launch attacks on high-value mobile applications across all platforms. Binary code is the 0’s and 1’s people may see on movies or TV shows. It is code that machines read to execute an application, essentially it is what you download when you access mobile apps from an app store like Google Play or Apple’s app store. It is translated into words, images, encryption details, many different things. Binary code is a secure way to keeping apps secure and safe for use, however, there are backdoor ways to disrupt an app, take for example Code modification (Code Injection).

Code Modification or Code Injection is the first category of binary-based vulnerability exploits, whereby hackers conduct unauthorized code modifications or insert malicious code into an application’s binaries. Code modification or code injection threat scenarios can include a hacker or hostile user, modifying the code to change its behavior. For example, disabling security controls, bypassing business rules, licensing restrictions, purchasing requirements or ad displays in the mobile app. A hacker can injecting malicious code into the binary code, and can; repackage the mobile apps and publish it as a new (supposedly legitimate) app, distribute under the guise of a patch or a crack (crack meaning with more freedom, you can do more on the app than what it was intentionally designed for), or (re)installing it on an unsuspecting user’s device.

Mobile hacking is something that is very important but has gone a little under the radar within the cybersecurity world. There a couple of methods to prevent such a thing from happening to an app you may be developing, or to your favorite app. By using a secure mobile management system this ensures that all the content that you are sending is being sent securely to users. What I think is the most important is the use of Two-Factor Authentication. Two-Factor Authentication is simply an extra step measure that is put in place to help determine you are who you say you are. If you are an admin and what access to the code, then you will be granted access, but if you are an intern not assigned to work on the code, then your credentials to sign in will not work, thus helping keep who sees what to a minimum. If you like to read more, like and share this article and follow my Facebook page. Thank you and Enjoy!

What is Encryption?

Encryption (or Cryptography) is a form of cyber security created

by altering information before transmission. Only an authorized sender and receiver can encode or decode the information. It is an effective form of information security. Encryption has been around for centuries, most notably as a province of war rather than commerce. If intercepted by an enemy, it is unreadable. The method of security protects vital information from reaching enemy hands.

Over the years many people have made it their job to attempt to decode encrypted messages. If a person was successful they could gain access to the Nation’s most sensitive assets one of which could be the Nuclear launch codes, and the loss of intellectual property rights, this could lead to a catastrophic disaster. While most encryption attacks have proven themselves to be harmless attempts to exploit the weaknesses of  encryption methods, the implications of these attacks has demonstrated that more secure methods and techniques of encryption across networks is imperative in the near future.

The main purpose of encryption, as it pertains to any type of exchange of information across networks, is to ensure that the transactions will be executed with confidence that they will not be intercepted and viewed by anyone other than the intended receiver(s).

There are two primary ways to ensure encryption: Symmetric Encryption, or Asymmetrical Encryption. Symmetric Encryption is also known as secret-key encryption, this cryptosystems requires the sender and receiver to have the same secret key in order to decrypt the message/information. Asymmetrical Encryption is also referred to as Public Key encryption systems. The idea of public key encryption is that both parties, the sender as well as the receiver, have a pair of keys. The one key does not have to be kept secret and is called the public key. The two different keys held by the parties have different uses one is used for encryption and the other for decryption..

Our government takes encryption (cryptography) very seriously. In today’s society so much information is passed along using a secure network. Even the use of your phone is encrypted. Your phone uses the symmetrical system, where both the sender and receiver have the same key, this is how we are able to read one another’s text messages. Without encryption on your phone,  at any moment someone can openly see your  private messages. The dual purpose of encryption is for both end users to enjoy privacy. If you like to read more, like and share this article and follow my Facebook page. Thank you and Enjoy!

Biometric Authentication

What is Biometric Authentication? Biometric Authentication is a way someone can personally access devices, personal information in their company, or even a way to gain access to a building. Biometric Authentication is one of the most recent ways to securing almost anything. Originally known as realistic authentication, in computer science it is a form of identification or access control. Biometric authentication is a security process that relies on the unique biological characteristics of an individual to verify that they are who they claim to be. Flawless you would think right? Nobody can copy certain biological features on someone else right? Wrong!
There are a many different types of Biometric Authentication systems:
• Retina Scan – produce an image of the blood vessel pattern in the light-sensitive surface of someone eye
• Iris Recognition – Used to identify people from the unique patterns of their pupil of the eye
• Fingerprint scanning – the digital version of fingerprint processing. Takes the pattern of a particular finger
• Finger vein ID is based on the unique vascular pattern in an individual’s finger.
• Facial recognition- systems work with numeric codes called face prints, which identify 80 nodal points on a human face.
• Voice Identification – System relies on characteristics created by the shape of a person’s mouth, lips, and throat
• Walk Pattern Recognition – Not widely used, however this biometric system determines how a person walks. So in case someone has the credentials to impersonate someone, by walking through a walk pattern recognition, the system will determine if he is who that person says they are or not
Biometric is a great way to keep information, buildings, and people secure. However, there are ways to get around these secure authentications. It isn’t as simple as changing your face or something simple as changing your walk, no, things are much more difficult than that. Facial Recognition for instance is a great security measure; no two people are born with the exact same facial features, not even twins. (If you would like detail about facial recognition see the blog titled “Are you the Real you?”). Another common and well-used biometric feature is the Fingerprint scanner.
For the last 3 years companies have seen a major decrease in smart phones and tablets being stolen. The result comes from implementing fingerprint scanning in mobile devices. To date, iPhones use this finger print scanning system in their iPhones, and it has brought a more security to someone’s personal information on their phone. Are there ways around the fingerprint scanner? Yes, unfortunately, nothing is perfect. The primary issue especially on mobile devices is a tactic where someone uses their breath to resurface your most recent fingerprint impression. By doing this, then using a clear plastic wrap, you could gain access to a person’s phone. (This does not work that often but it has worked for a couple people just trying it out on their own phones). Do not fear there are ways to prevent such an attack happening to you, the main on is to clear your screen and scammer after every use. This way if it is stolen there will not be a trace of your fingerprint, essentially making the phone useless to some on else.
Biometric Authentication is wonderful. It keeps you safe from outside people. No more covering your phone to type a password in. The next big thing is retina scan. Some computer companies have started to install a facial recognition feature and a retina scan feature, hence taking security to the next level. “If you like to read more, like and share this article and follow my Facebook page. Enjoy!”

The New Age Car

Your next car might be one that you don’t need to sit in the driver’s seat to operate. They are called autonomous Cars. More and more cars and car companies are transitioning to automated car services. After years of trials on city streets, driverless vehicles are now nearing the live phase. Last month, a driver less bus began carrying passengers through Lyon, France. Most in the automobile industry think self-driving vehicles will be on the road by 2020 or before, says Richard Holman, who is head of trends at General Motors.

Driverless cars will initially coexist with human-driven cars. But the first places where they will become dominant are dense urban areas precisely the spots most damaged by the automobile age. This is “a chance to have a do-over for cities,” Chase told this month’s Autonomy conference in Paris. Many advanced cities are already reducing the role of cars. Driverless cars will hasten that process. Nissan, Tesla, and Mercedes-Benz all have a leading role in bringing autonomous cars to the front running of cars. Tesla has since developed autonomous a line of different models of autonomous cars. These cars are a combination of driver less cars and manual cars.

Cities don’t want everyone to own their own driver less car. That would prolong congestion, and isn’t necessary anyway. A driver less car is the perfect cheap taxi — it can drop you at work, and then go off to collect somebody else. If you still insist on driving your own car, cities will probably charge you for the privilege: motoring will become a luxury, like owning and flying your own plane. Driver less cars could allow cities to cut vehicle numbers by about 90 per cent while transporting the same number of people. They will bring us enormous benefits:

• Driverless cars will reduce accidents by around 90 per cent, predicts Pascal Demurger, director-general of French insurer MAIF. That’s big — the annual death toll on the world’s roads is about 1.2 million a year, or double the toll from armed conflict and homicides combined.

• Pollution and carbon emissions will drop, because urban driver less cars will be electric.

• The elderly, the disabled and teenagers will suddenly gain safe mobility.

• People will save fortunes by ditching their cars. The average cost of owning a car in Europe is about €6,000 a year. If you think personal cars will survive as a status symbols, remember that horses were once a “status symbols”.

iPhone 2k17

2017 will mark the 10th anniversary of the what many say is one of the greatest inventions; iPhone smartphone. For this 10 year anniversary Apple has something major planned to celebrate the occasion. There are still a couple months to go until the launch of the iPhone 8, but because of Apple’s ambitious plans for the device, there are already an abundance of rumors leaked hinting at the impressive features coming in the 2017 iPhone.

Apple is rumored to be testing more than 10 prototype iPhone models , so it’s not entirely clear what we’re going to see, and because there are so many test devices in play, rumors are also conflicting and murky at this time.

Rumors suggest the iPhone 8 will feature a radical redesign, with an edge-to-edge display that does away with the top and bottom bezels where features like the Touch ID fingerprint sensor and the front-facing camera are housed. Instead, most rumors suggest Touch ID will be built directly into the display, meaning there will be no physical home button. Apple was rumored to be having trouble implementing Touch ID under the display, but the company may overcome those issues.

The display itself is said to be flexible plastic OLED rather than an LCD, allowing Apple to introduce a thinner device that consumes less power and offers a better display with higher contrast ratio and more true to life colors. Early rumors suggested it could feature edges that are curved on both sides like the Samsung Galaxy S7 Edge, but it’s looking more like it will have the same highly curved 2.5D display that’s similar to the display used in the iPhone 7 because Apple suppliers still have difficulty  producing more curved displays.

As for the body, rumors suggest Apple is finally going to move away from the aluminum used in the iPhone 5, 5s, 6, 6s, 7, and SE that could be so easily bent, to instead re-adopting a glass body that’s similar to the body that was used in the iPhone 4. At least one iPhone model coming in 2017 will use a glass body, according to Apple supplier Catcher Technology, and according to analyst Ming-Chi Kuo, the glass will be built around a polished stainless steel frame that’s similar in design to the Apple Watch.

The appearance of phone sounds beautiful, but you don’t just look at a phone, you have to use it, and the biggest question a lot of people always have is “What about space?” “How can i get more space on my phone?” With this new phone, will come a new update, iOS 11. iOS 11 will feature a great deal of useful features. The biggest being “Offload unused Apps” What this feature will do is once you storage is low, a new feature will automatically remove apps that you done use very often. the selected apps are removed and you get back what can possibly be massive portions of your storage back. Your phone will keep all data that was associated with the phone if you ever need to re-download the app. All in all this very well be the biggest and best update to the iPhone yet. IN about 4 months many of us will be able to see for our selves.

Artificial Intelligence

Artificial Intelligence or weak AI as it is referred to in today’s society is a field and area that is developing every day. I read an article that pitched the pros and the cons of why AI can be very good, but at the same time very dangerous. AI is a part of our everyday lives as max Tegmark, President of The Future of Life Institute. What most people do not know is that we carry an AI with us every day just about everywhere we go. That AI’s name is SIRI. We are currently at the point of self-driving cars, in order for a vehicle to be self-sustained; it must have an AI in place to handle to duties. AI’s can be a great and wonderful invention. These systems could potentially undergo self-improvement, triggering an intelligence explosion resulting in leaving human intelligence far behind. By inventing revolutionary new technologies, such as super intelligence, might help us eradicate the concept of war, help find the cure to diseases, and help end poverty and world hunger. The creation of a strong AI system may very well be one of the biggest stepping stones in human history. However, many believe that if we do not set the ground rules firm and clear with that of humans, than with the growth of the super intelligence could inevitable become our down fall. Many experts believe that there are two major possibilities in a belief that an AI system could become so advanced that it starts to cause harm instead of good. Some believe that an AI system may become so advanced that it begins to create something beneficial, but it develops a destructive method. For example if you ask a car with AI to take you to the airport as fast as possible, it very well may get you there, however you also would be chased by police, and doing outrageously dangerous speeds. The AI car is doing not only what you wanted it to do, but literally what you asked for it to do. Another; if an AI is programmed to do something devastating. For example dangerous weapons are artificial intelligence systems that are programmed to kill. In the hands of the wrong person, these weapons could easily cause mass casualties. In an AI arms race could inadvertently lead to an AI war that also results in mass casualties. To avoid being thwarted by the enemy, these weapons would be designed to be extremely difficult to simply “turn off,” so humans could plausibly lose control of such a situation. With this being said, it is very difficult to determine how an AI system could develop over time. On one hand you have an AI in your pocket that you use daily and can tell to search something in your phone, or turn the brightness down, on the other, there is a substantial possibility that the AI could turn and do something detrimental to civilization. I will leave you with this one last thought; can an AI control human(s) down the road? Think about it like this, intelligence enables control. We as humans can control animals by being smarter, having more intelligence.

Are you the real you?

Recently many people have been exposed to different biometrics tactics in a positive way whether they know it or not. Many phones now have you use your fingerprint to unlock your phone, or to complete a transaction as opposed to using a alpha-numeric password. This is a more secure way to keep your phone and its contents private from others. While every biometric is supposed to enhance your privacy and security, some can be used in the opposite way. Facial Recognition  is a feature meant to be used to verify you are who you proclaim to be. As many people do not know, while driving on highways our faces are being scanned from roughly 60 feet away from a camera. Not many people know there are cameras on the highway. Next time you go through and ezpass, or under a bridge simple look up. Recently there was a hoax going around on Facebook, involving a fake app called “Facezam”. This app claimed it could track anyone down by scanning their Facebook photos. While this app is nonexistent, the theory of such a thing is very possible between different apps, and sites. Of all the different biometric features, facial recognition is by far the most dangerous. Other biometrics require permission in to be used (for the most part, excluding the things you see in action movies). Someone can not knowingly take your fingerprint, or take a 3D picture of your eye structure. But when in terms of Facial Recognition, one does not need permission. Any photo of the person that is accessible will be enough. Someone can take your photograph from a distance and you would never know. Every time you use an ATM, you are having your picture taken, to cross check to make sure you are the correct account holder. Pictures of faces are easy to connect to names. Once you have someone’s name, you can essentially find other important information about the person: Their home address, a list of their relatives, their phone number etc. The Russians have developed a system called FindFace, where you take a picture, upload it to their site, and it will give you the results of multiple social media accounts. From there you can copy and paste the individual’s picture to then find out their full name. But that is Russian, there is nothing like that over here. . .is there? In fact there is, and most people use it everyday, its called Facebook. Facebook has facial recognition on their photos when someone uploads them. Ever wonder why that box appears on everyone’s face in your photo? Yes, that is a facial recognition technique. They have developed an algorithm that determines someone’s face in a photo. The truth is that your face is being constantly photographed for facial recognition databases, and your face will be increasingly used for identification behind the scenes without your knowledge or permission. There is a brighter side to all of this. Facial recognition is being used all around the world in a positive light. Take Uber for example. Uber uses real-time face recognition in China and India. Drivers must scan their face before accepting any ride to verify that they aren’t impostors or criminals looking to pick up unsuspecting passengers. So the question really comes, is facial recognition doing more harm, or giving more security to people in the everyday world?

Are we really safe Online?

As we are making the push past the halfway mark for 2017, some say we are beginning a slight decline when it comes to cybersecurity. Less security in the sense that there is an increasing number of people who are able to hack into personal information like banking statements, social media accounts, phone records etc. These “Hackers” are learning more and more advanced ways to bypass firewalls, elude anti-spyware, and are even capable of planting viruses, worms and Trojan horses. Like technology, things adapt, grow, develop and get better in the foreseeable future, however, when we discuss cybersecurity, we can not necessarily say the same. There often tends to be a new cybersecurity reports throughout the year with the latest report coming from Cisco. Reports shows that things are not necessarily getting better in the cybersecurity world. As of late, threats have been accelerating at an alarming rate, and many companies are not taking them seriously. As reported by Rob Endele, spam in recent years is at an increased level, up 65%. Over these past few years much of the spam was at an all time low. Out of that 65% increase 8% is malicious. Threats now are more so about the theft, and benefiting from stealing from companies in order to resell. Attackers have transitioned from attacking users PC’s to stealing passwords and ID’s that can be used to access personal and secure data. Attackers are on the update. Many attackers are effectively finding out which malware is no longer working and updating it. While detection time has has gotten better, there is little reason to celebrate because attack speed and the effectiveness of attacks is increasing even more quickly.
More than two-thirds of those surveyed believe their security system and tools are extremely effective, however, about 40 percent of the alerts these systems receive are never investigated. Of the 56 percent that are investigated, more than one in four are legitimate attack, and more than half of these are not fixed. A lot of companies systems do not get the alerts, which suggests that their security solutions are not working properly. With all that being said, there are many recommendations that can help a company’s security system. The majority of companies need to take the next step in their security system and take these issues far more seriously than they currently appear to be doing. Look into how hackers manage to slip back door into secure areas online, and work backwards on being able to make sure it can not happen to anyone. Some people refuse to heed the warnings of what cybersecurity analysts have to say. There are always people and companies who do not take it this matter in full understanding, by not paying attention, you leave yourself vulnerable and susceptible to being breached. For example, Rob Endele held a security showcase for IBM. They made the system as secure as possible yet it was still breached because the paid attacker got in through a trusted link by way of poorly secured vendor. If you aren’t auditing your vendors’ security preparedness and limiting their access, you are just as likely to suffer a breach as the folks that aren’t taking all of this as seriously as need be.

Skip to toolbar