Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

By Byron V. Acohido

Standards. Where would we be without them?

Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be.

Related: How matter addresses vulnerabilities of smart home devices

A breakthrough is about to happen with the roll out this fall of Matter, a new home automation connectivity standard backed by Amazon, Apple, Google, Comcast and others.

Matter is intended to be the lingua franca for the Internet of Things. It’s only a first step and there’s a long way to go. That said, Matter is an important stake in the ground. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany.

For a full drill down on our evocative discussion, please watch the accompanying videocast. Here are the main takeaways:

SHARED INTEL: A breakout of how Google, Facebook, Instagram enable third-party snooping

By Federico Morelli

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, up more than 47 percent since 2018.

Related: Microsoft CEO calls for regulating facial recognition.

This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022.

This data safety section aims to help users understand how apps handle their data (especially when it comes to collection and sharing) and make more informed decisions about which apps to download.

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. The results shed light on how much data apps really share, which apps pose the biggest risks to data privacy, and how transparent developers are about their practices.

Rampant ‘sharing’

The study revealed that more than half (55.2 percent) of the apps share user data with third parties.

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

By Vivek Nair and Gonzalo Munilla Garrido

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy.

Related: The case for regulating facial recognition

Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only recently come to light.

These platforms, by their very nature, turn every single gaze, movement, and utterance of a user into a stream of data, instantaneously broadcast to other users around the world in the name of facilitating real-time interaction. But until recently, the VR privacy threat has remained entirely theoretical.

Berkeley RDI is a preeminent source of open-access metaverse privacy research. To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Users were asked to play an innocent-looking “escape room” game in VR, while in the background, machine learning scripts were secretly observing their activity and trying to extract as much information about them as possible.

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

By Scott Cleland

How did America and Americans regress to being much less secure than before the Internet?

Everyone knows the many amazing conveniences, benefits, and advances the Internet has enabled.  What everyone doesn’t know is how irrational the Internet’s utopian founding premises have proven to be concerning America’s and Americans’ security over the last quarter century.

The first irrational security-related premise is that U.S. Government policymakers decided in the 1990s to promote inherently insecure, nascent Internet technology to be the world’s primary global information infrastructure for all the world’s communications, content, and commerce.

Unfortunately, the Internet was never designed to operate at that scale, or with the necessary authentication, security, and privacy capabilities essential for such an infrastructure.  Utopia meet reality.

The Internet’s co-designer, Vint Cerf, in a 2008 Guardian interview, explained how the Internet’s 1974, essential enabling Internet-protocol had a design flaw in not enabling packet authentication, security, or privacy at scale.

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

By Eric George

The internet has drawn comparisons to the Wild West, making ransomware the digital incarnation of a hold-up.

Related: It’s all about ‘attack surface management

However, today’s perpetrator isn’t standing in front of you brandishing a weapon. They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice.

But the situation isn’t hopeless. The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. From sharing emerging threat intelligence to developing new solutions and best practices to prevent and overcome attacks, it’s possible to reduce the impact of ransomware when it happens.

Prevalence

The FBI’s Internet Crime Complaint Center (IC3) received 3,729 ransomware complaints in 2021, representing $49.2 million in adjusted losses. Healthcare and public health, financial services, and IT organizations are frequent targets, although businesses of all sizes can fall victim to these schemes.

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

By Dawid Czarnecki

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents.

Related: Damage caused by ‘business logic’ hacking

This is according to Verizon’s latest 2022 Data Breach Investigations Report (DBIR).

In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. This year, these were the top reasons for web breaches.

•A whopping 80 percent were due to stolen credentials (nearly a 30 percent increase since 2017!)

•Exploited vulnerabilities were the second leader at almost 20 percent

•Brute forcing passwords (10 percent) came in third

•Backdoors or C2 (10 percent) were the fourth runner-ups

Poor password practices are responsible for most incidents involving web applications and data breaches since 2009. Password security may seem like a simple solution for a huge problem, but it may be difficult to successfully implement in practice. Ignoring it, on the other hand, can lead to complications such as an unwarranted data breach.

Without strong, secure passwords or two-factor authentication (2FA) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers.

Consequently, sensitive data can become compromised, ending up in the wrong hands. In 2022, 69 percent of personal data and 67 percent of credentials became compromised in a web breach. This data strongly indicates that password management and 2FA are crucial for any organization or startup to become more secure from web attacks.

We’ve shared some helpful guidance on password security at Zigrin Security blog.

GUEST ESSAY: A breakdown of the cyber risks intrinsic to ubiquitous social media apps

By Mark Stamford

More than half of the world—58.4 percent or 4.62 billion people—use social media.

Related: Deploying human sensors to stop phishing.

And while that’s incredible for staying connected with friends, organizing rallies, and sharing important messages, it’s also the reason we are facing a cyber security crisis.

A record 847,376 complaints of cyber-crime were reported to the FBI by the public, according to the FBI’s Internet Crime Report 2021—a 7 percent increase from 2020. This is now catching the attention of elected leaders like Senator Mark Warner and Senator Marco Rubio.

They recently called on the Federal Trade Commission (FTC) to investigate TikTok and parent company Byte Dance over its data handling. But why is social media such a catalyst for nefarious behavior?

As the founder of the leading cyber security firm OccamSec, I’ve seen first-hand how and why social media is such a weak point, even for the most careful people and companies. Here are the three main reasons.