Posts Tagged ‘security’

Betrayal the biggest threat to data security, says cyber sleuth McAfee

August 27th, 2015

The day after the first hack of United States adultery website Ashley Madison, a world-leading cyber security expert John McAfee was also breaking into the company’s security systems.

As someone who has spent his life battling so-called “black-hat hackers” – those who use their computer knowledge to breach security – and analysing cyber security breaches, McAfee’s purpose was to unravel the initial hackers’ crime.

In doing so, he revealed the key risk to companies: people are always the weakest link.

“There will always be the risk of someone betraying a company purposely or accidentally,” Texas-based McAfee says.

McAfee describes how he called the assistants of two executives at the company telling them he was part of the governmental investigation and their bosses were suspected of involvement in the hack.

Within moments, the assistants were handing over sensitive passwords without checking McAfee’s pretext, enabling him widespread access to information and systems. He has since propounded that the original crime was an inside job, but not involving the assistants and bosses he targeted.

“Social engineering is a means of using people to do the hacking for you, using knowledge of how people respond to stress, fear, greed and other factors,” McAfee explains.

Another danger to companies is smart devices, which hackers will increasingly target because they give easy access to central systems, he warns.

“Employees use them as work stations, for communication and remote access to systems, yet they are the most insecure devices in the world. They are architecturally designed to gather information about us,” McAfee says
Education crucial

Employee education was the best way to protect a company; a focus area in a speech he will deliver at a Lawtech summit on the Gold Coast in September.

The founder of global computer security software company McAfee Inc, which was sold to Intel in 2010, is now concentrating on a two-year-old company, Future Tense Central, that provides next generation personal and corporate security products.

Other companies are similarly developing products with algorithms that change passwords every second, meaning even if hackers gain access, the data they can download is minimal.

McAfee says the biggest beneficiaries of cases such as Ashley Madison are lawyers whose bank accounts would swell.

Those representing companies needed to prepare for the worst. Others must lock confidential records away from anything containing a “moving electron”.

McAfee sees a threat from the so-called “Internet of Things” in which everything from cars to fridges will be connected to the internet, a tremendous advantage to consumers but a huge hacking risk.

Fridges will be able to weigh the milk left in your carton and automatically place an order to replenish it. Televisions are already able to record our private conversations and yet they are hugely popular, he says.

“That’s how crazy we’ve become. We buy devices that we acknowledge listen to us, send that data to anyone they want, to do anything they want with it.”
Stronger privacy laws

McAfee has long been a proponent for stronger privacy laws to restrict the ability of governments and agencies to spy on their citizenry.

People who blindly download applications and agreed to allow access to their data also needed to take more responsibility for their lives.

“We think we have done something good for ourselves. We have not. We are about to learn that in a very drastic way.”

He said he regards the world as on a path to George Orwell’s 1984. Alternatively it could lead us to a world of total freedom, depending on how wise we are in our choices of accepting technology.

“Devices can intercept conversations within half a mile, insert software and take control of your device to listen to you 24 hours a day. That needs to be reversed.”

McAfee does not doubt his views keep him on the list of those who watch.


The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse

May 27th, 2015

Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.

But in all of those cases, even if some shenanigans were had, there was no real damage done as a result of ignoring the security advice that those organizations subsequently attempted to silence. So, what is the consequence of ignoring that device? Well, as it turns out, the consequence is anus. Very, very, tragically, unfortunately infamous anus.

The affluent denizens of Atlanta’s Buckhead neighborhood received a fun treat this week when they looked up at the corner of Peachtree and East Paces Ferry: a famous internet man’s giant, ruddy, gaping spread asshole, displayed on an enormous digital billboard.

The billboard above [Techdirt editor: which I'm not posting, because obviously I'm not] is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.

Great, so because whoever is in charge of managing that electronic billboard couldn’t be bothered to take the advice any competent technology person who came across the setup, of which there must have been at least one, the great people of Atlanta were treated to one of the most disgusting images in human existence. I’m generally loathe to blame the victim, but the owner of a public-facing billboard must have some culpability when it comes to securing their display. And I say that there was at least one person who warned them about this, because at least one has come forward publicly.

Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he’d tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were “not interested.” Even after the billboard was defaced, Tentler said the company still hadn’t secured its software.

Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.


Mobile novelties center around security, water-resistancy

March 4th, 2015

From wearables that can thwart facial recognition software to smartphones that can be doused in water without short-circuiting, DW’s Chris Cottrell presents a look at some of the highlights.

Walking around the sprawling halls of this year’s World Mobile Congress in Barcelona, visitors could not overlook the catchy slogans emblazoned on some companies’ towering stands.

“Tomorrow never waits,” read one. “In search of incredible,” read another.

The words highlighted the level of cutting-edge innovation on display here. From eyeglasses that can cloak a wearer’s identity from facial recognition software, to invisible layers of repolymerized molecules that make electronics water-resistant – the novelties varied in their levels of utility, but very few failed to impress. Here is a look at some of the highlights:

More smartphones for less money

It was also evident this year that major smartphone manufacturers were keen on expanding their foothold in emerging markets in parts of Africa, Asia and South America.

Internet companies and network providers around the world are working hard to entice more people in developing countries to invest in smartphones to access the Internet.

To increase the number of people online, companies like Facebook and Google have begun experimenting with novel ways to beam Internet signals to remote areas via hot air balloons or solar powered drones.

But as some industry experts noted here in Barcelona, oftentimes the price of a smartphone is more prohibitive than paying the phone or data bill. In response, a number of companies are offering a range of low-cost smartphones.

Lenovo, the Chinese manufacturer, will release a budget smartphone around September called the A7000. For approximately $169 (150 euros), customers will get a 64-bit, 1.5 GHz processor, a 5.5-inch HD display and 2 gigabytes of RAM.

Microsoft also has some less expensive models, notably the Lumia 435, 532 and 535, which respectively cost 69, 79 and 89 euros.

Microsoft’s Nokia phones are aimed at consumers who either cannot or do not want to spend more than 100 euros on a smartphone. The Nokia 215 and 225 are both low-end models that cost $29 and between $45 and $48.

“Those are our emerging markets Windows phones,” a company spokesman said

And these aren’t the Nokia phones of yesteryear with the pixely green-and-black screens and the game Snake – these phones have Facebook installed right out of the box and allow the user to set up push notifications. (They do not, however, have WhatsApp.)

Acer also had two budget phones on display. The Liquid M220, which runs Windows and costs 79 euros, has half a gigabyte of RAM. The other model, the Z220, runs Android, costs 89 euros but has a full gigabyte of RAM.

Electronics that can get wet

Manufacturers, it seems, have resigned themselves to the fact that users occasionally drop their phones into puddles, toilets or spill all sorts of liquids on them. To protect their devices from short-circuiting, companies have begun making them water-resistant.

Sony, for instance, was showing off its Xperia M4 Aqua – in a glass display case full of water. The device is mechanically sealed, meaning the smartphone’s “innards” are protected by frontal and rear covers that are closed with gaskets to prevent water from entering.

Kazam, a British smartphone maker, had a similarly water-resistant model, the Tornado 455L.

But simply making the outside of a smartphone able to repel water wasn’t enough for one Belgian company. Europlasma, based in Oudenaarde, can apply a water-repellant plasma coating to every surface within an electronic device. That means water can get inside, but it won’t harm the phone’s processors.

The nano coating is achieved by adding electromagnetic energy to gas inside a special chamber designed to hold dozens of electronic devices – like a big, high-tech dishwasher. Inside the chamber, molecules break apart into negative and positive particles and repolymerize, sticking to the devices and leaving behind an invisibly thin residue between 50 and 500 nanometers thick. (That’s about 1/1,000 as thick as a human hair.) The effect is an object that repels water.

One company representative, Kristof Hoornaert, demonstrated with a tissue that Europlasma had coated with nanoparticles. When held under running water, the liquid just rolled off.

Privacy wearables

Security and privacy also seem to be growing concerns in consumers’ minds and there were a number of innovative solutions to address them.

Qualcomm’s new ultrasonic fingerprint sensor uses soundwaves to detect the grooves in your fingertips and works even if your hands are sweaty or dirty. The technology allows for there to be layer of glass or plastic between a user’s finger and the sensor, setting it apart from the iPhone 5 and 6, which require direct contact. A Qualcomm phone with the new technology will be released in the second half of this year, but a company spokesman declined to say which device that would be or what it would cost.

Researchers at AVG have begun tinkering with glasses that can thwart smartphone cameras’ facial recognition. Known as “privacy glasses,” it’s the next step in wearables that cloak one’s identity from automated facial recognition software. AVG’s prototype uses built-in infrared LEDs to confuse smartphone cameras and obscure the user’s face from automated recognition. The glasses are still in the concept phase.

“It’s not about being invisible to other people, it’s about keeping a level of privacy against automation,” said Michael McKinnon.


Get Adobe Flash player