This article does not have to do with Cyber Security, but shares an interesting point how Facebook has a good idea of who each and every one of us are, based on how we react to certain things. Last year, Facebook introduced reactions to posts, which differed from simply just liking a post. Many users in the past argued for a dislike button, but instead Facebook released reactions. Now you can love something, like it, be shocked, angry, etc. Facebook gathers information about how we react to posts containing certain words, and will show information we like or love in our feeds more often than posts containing key-words that we were angry about.
Week 05
Voice Biometrics Prone To Error, Study Shows
New research found that the pitch and speed human voice would likely change over a period of several months and years, and therefore voice biometrics might not be considered as adequate evidence for authentication any more. Organizations need to consider multifactor authentication when using voice biometrics. The research team analyzed former-Present Obama’s speech from 2009 to 2017, and found his voice accuracy dropped by 23%. They also tracked 122 speakers in six languages and found the error rate of voice biometrics doubled from 4% to 8% in two years. This was because human used up to 100 muscles to speak and these muscle would change or age as we aged. This article is interesting that it demonstrates that voice biometrics is not reliable enough as I thought before. Therefore, organizations indeed need to consider multifactor authentication including password, fingerprinting, hand geometry, facial recognition, and iris and retinal scanning.
Link: http://www.darkreading.com/endpoint/voice-biometrics-prone-to-error-study-shows/d/d-id/1328211
Organizations ‘concerned by cybersecurity skills gap’
Organizations across the world have a gap in cyber security talent. With the RSA conference concluding this week the news articles this week seem to have the same theme that cyber security talent is lacking. Christos Dimitriadis, ISACA board chair, says that companies are worried that these unfilled positions in their companies can make them vulnerable to attacks. In the UK the government has put a plan in place to develop a greater interest in cber security amongst younger people. For us as cyber security students this is good news, however, we should be weary that even though many jobs are available companies will want to make sure that you are the right fit and could require higher credentials in order for you to become employed in their company.
Article – http://www.welivesecurity.com/2017/02/16/organizations-concerned-cybersecurity-skills-gap/
Only 3% of Orgs Can Address Top Threats like Ransomware
When it comes to how successful business will be at defending against the top attacks of the day, the results are sadly lackluster: research reveals that only 3% of organizations have the technology and only 10% have the skills in place to address them. Ransomware alone has the potential to inflict the most significant damage to organizations in 2017, yet not even half of those surveyed have the skills (44%) or the technology (43%) to effectively combat it.
The survey didn’t tell us that 3% organizations are all the organizations or only those which were attacked. If it is only those which were attacked, then I think this number is fair because I believe hackers will do researches before hacking, so they will choose organizations which didn’t have enough skills or technologies. I would like to think big companies most having the abilities to address top treats like ransomware, or they will do a great job on protecting themselves from these attacks.
Link: https://www.infosecurity-magazine.com/news/only-3-of-orgs-can-address-top/
Please stop charging your phone in public ports
Let me start with Selena Larson’s (a CNN tech reporter) opening idea of this article, “I know the feeling: Your battery is low, but you have to keep tweeting. You see a USB port or an outlet in public, plug in your device and feel the sweet relief of your phone charging.”
It is explained in the article that if a port is compromised, there’s no limit to what information a hacker could steal. Security researchers call “Juice jacking” a method hacker utilized to steal mobile devices’ information such as: email, text messages, photos and so forth via a loaded charging station. I believe this is the case of a lot of people out there, especially when travelling. To a surprise, even I.T. security professionals.
One of the best ways to avoid being hacked via a public charging station is to use your own portable USB battery pack. Other good suggestions can also be found in the article below.
http://money.cnn.com/2017/02/15/technology/public-ports-charging-bad-stop/
Insecure Android apps put connected cars at risk
In this article, it is discussed how many of the Android apps that are used to locate and unlock their vehicles are missing many security features. Some of these features include: obfuscation, which is used to make it harder for hackers to reverse engineer the code, code integrity checks, encryption of credentials, and a check to see if the phone is running rooted. Another security flaw is a lack of check to see if there is an overlay on top of the app that displays a fake login, used to expose the login credentials.
The article states that while these types of apps might not enable theft, it could make the job easier. Some of the apps have the ability to unlock the car and disable the alarms. Also, per Kaspersky, “Accessing the car and deliberate tampering with its elements may lead to road accidents, injuries, or death.” As cars become more connected and transitioning to be an IoT, security will become paramount.
http://www.csoonline.com/article/3171671/security/insecure-android-apps-put-connected-cars-at-risk.html
“Best Cyber Military doesn’t belong to Russia….”
Written in August of last year, this article from Reuters discusses the hacking of the Democratic National Committee’s computers. It essentially uses this event to show that the history of one country spying on and exploiting another country has been going on for a long, long time. Since the 1950s or after the second world war in general, the world’s super powers have been launching programs designed to undermine the goals of their adversaries. The Campaign of Truth was launched by Harry S Truman to expose to the Russian people the “lies” of their government. The article references several US campaigns focused on Latin American countries as well. Led by the NSA and now Cyber Command, the United States has the best cyber military in the world. What’s truly fascinating, however, is how cyber warfare is growing and the US is at the forefront of this change. According to the article, this new arena of warfare will feature a traditional approach with a Cyber Army, Cyber Navy, Cyber Air Force, and Cyber Marine Corps. “The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. ‘The next major conflict will start in cyberspace,” says one of the secret NSA documents. One key phrase within Cyber Command documents is ‘Information Dominance.””
http://www.reuters.com/article/us-election-intelligence-commentary-idUSKCN10F1H5