Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Scoop.it!
Worried about new ransomware attacks infecting your systems? Learn how ransomware works + get tips to block ransomware and deal with ransomware recovery. 
culturesoinker's comment,
January 27, 2017 2:33 AM
nice
Sign up to comment
Scoop.it!
Tens of thousands of personal and possibly proprietary databases that were left accessible to the public online have just been wiped from the Internet, replaced with ransom notes demanding payment for the return of the files. Adding insult to injury, it appears that virtually none of the victims who have paid the ransom have gotten their files back because multiple fraudsters are now wise to the extortion attempts and are competing to replace each other's ransom notes.
Farid Mheir's insight:
A very good review of a database ransom hacks that target mongoDB databases with a link to another very interesting article on the immutable truths about data breaches. https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-breaches/
Scoop.it!
A world beyond passwords is possible--technology is on the verge of rendering passwords obsolete, bolstering security as well as making users and customers happier.
Farid Mheir's insight:
A very good overview of the limitations of passwords and the many new mechanisms that exist to protect your digital assets.
Scoop.it!
Training materials obtained by the Electronic Privacy Information Center show Palantir plays a role in a far-reaching customs system
Farid Mheir's insight:
Just follow the link to the 2012 report and find out what it means to cross reference different digital databases.
WHY THIS IS IMPORTANT Our lives are digital and we leave digital exhaust behind us everywhere we go. This paper shows what the US government uses to put together a composite picture of your digital twin. For now, they plan to use this for border crossing but in the future - 10 or 20 years down the road - what will this info be used for? Also, knowing that military and very advanced technology always makes it into the corporate world, how will this be used by corporations?
Scoop.it!
This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer.
Farid Mheir's insight:
A very good, detailed retrospective of major sources of security risk in the enterprise.
WHY THIS IS IMPORTANT As pretty much every asset in a corporation is digital or bound to be, security is getting more importance within IT teams. However, this post very clearly shows that the most important security protection comes from end users, both from the tools and the education they have.
Security thus should be a global company consideration, not an IT one.
Scoop.it!
Floodwatch is a Chrome extension that tracks the ads you see as you browse the internet. It offers tools to help you understand both the volume and the types of ads you’re being served during the course of normal browsing, with the goal of increasing awareness of how advertisers track your browsing behavior, build their version of your online identity, and target their ads to you as an individual. We want to assemble the largest amount of advertising data we can— and then not give it to the advertisers.
Farid Mheir's insight:
WHY THIS IS IMPORTANT Knowing what information is captured about you, stored and the digital profiles that is created behind the scenes as you browse the web is a first step in regaining control over our digital twin so we can have better digital lives.
Scoop.it!
Why #AdBlockers May be as Bad as the #Ads they are blocking: they need to make $$ using ads+tracking
For publishers and advertisers, Internet ad blockers are a scourge. But the blockers also have to pay the bills.
Farid Mheir's insight:
WHY THIS IS IMPORTANT Surveillance is part of the web browsing experience mostly due to ads and social beacons. Trying to block them off not only degrades the user experience but may not provide the expected benefits as it may provide a different type of surveillance. Ad blocking does not appear to be the solution after all. So what can provide more privacy when surfing the web? The question remains open.
Jean-Marie Grange's comment,
December 20, 2016 1:12 PM
Maybe one solution would be for content publishers to offer the choice of paying a fair amount for ad-free content... http://sco.lt/7CrAVl
Scoop.it!
A world beyond passwords is possible--technology is on the verge of rendering passwords obsolete, bolstering security as well as making users and customers happier.
Farid Mheir's insight:
A very good review of the limitations of passwords and the multiple new methods we will have to enhance our digital security.
WHY THIS IS IMPORTANT To go digital, being secure is very high on the list of priorities. Maslow had put security as the second layer in the pyramid of needs - and I believe this is also true in the new pyramid of digital needs!
Scoop.it!
When it comes to the myriad risks companies face across digital channels — social, mobile, and web — security and risk (S&R) pros track a much smaller portion of their environment than they realize. Without comprehensively and persistently monitoring risk in digital channels, companies remain susceptible to a wide variety of brand, cyber, and physical risk events. Despite the high stakes, many organizations struggle to improve digital risk visibility and mitigate related risks.
Farid Mheir's insight:
Use this link to access the Forrester report for free on solutions to help protect your organization from the digital threats your corporation faces on its brand, cyber presence or physical locations.
WHY THIS IS IMPORTANT First, the paper describes the various risks you may face in a digital world. If you don'T know the difference between OSINT, TECHINT, SIGINT, HUMINT, CHINT then you must read it. Good to know. Second, it lists the various ways in which you can protect yourself. Interesting. Finally, it lists tools you can use to secure your company. Useful.
Scoop.it!
As many of you know, my site was taken offline for the better part of this week. The outage came in the wake of ahistorically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor.
(...) Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.
Farid Mheir's insight:
Brian Krebs exposes the attack his security blog has recently suffered, along with clear explanation of the attack and ways to prevent it.
WHY THIS IS IMPORTANT It is by sharing stories like this one that we can all learn of potential danger that any website faces when a properly motivated opponent targets you.
Scoop.it!
From
duo
5 key recommendations
Farid Mheir's insight:
DUO security publishes a report on security findings from over 2M devices its software is installed on and provides recommendations from its findings
WHY THIS IS IMPORTANT Security is better, it seems, when users use software that update themselves automatically. Unfortunately, because enterprises have to pay to keep software up to date, most computers are out of date from a security standpoint. Leaders should prioritize keeping systems up to date or favour solutions with automated and free updates. As the paper describes, there are many out there, you just have to look for them carefully.
Scoop.it!
This talk was given at a local TEDx event, produced independently of the TED Conferences. Bram is a PhD student in computer science at the Expertise Centr
Farid Mheir's insight:
An 8 minute video that will make you rethink your hunt for free wifi in public spaces...
Scoop.it!
Open Source Biometric Recognition A communal biometrics framework supporting the development of open algorithms and reproducible evaluations.
Farid Mheir's insight:
Face recognition, gender detection, and age estimation are all now possible with this open source suite of software code. This should pave the way for wide adoption in all kind of applications, from retail store security cameras to hand held camera devices such as the narrative camera or others. I can think of so many use cases - both good and bad - where this technology can be deployed. Just a question of time...
https://www.indiegogo.com/projects/parashoot-smart-wearable-video-mini-hd-camera http://www.getperfectmemory.com/
Scoop.it!
The nation's hacker-in-chief took up the ironic task at the Enigma Conference in San Francisco. “We put the time in …to know [that network] better than the people who designed it and the people who are securing it,” he said. “You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the things that you think are supposed to be there.”
Farid Mheir's insight:
Excellent article and video from NSA chief on hacking network security. Hackers will spend the time to understand a network and its vulnerabilities. Something most companies don't. And I believe it. Security, to be effective, requires a lot of time and effort, which most companies are not willing to invest - because it is for prevention and thus may appear to be an unnecessary cost if there are no security breaches! Moreover, applying the security best practices that are presented here mean that access to network is difficult, requires special tools and software, prevents users from bringing their devices to work, etc. So it is actually very annoying for users to have secure networks. Thus, users will find ways to bypass it by using cloud solutions or installing shadow IT solutions. If you feel technically inclined and want to investigate further, read wikipedia entry on packet injection and head out to airpwn for a simple tool that will make you never trust an open wifi connection (Startbucks free wifi anyone) in the future... https://en.wikipedia.org/wiki/Packet_injection http://airpwn.sourceforge.net/Airpwn.html Credits to La Sphere, Radio Canada's very good weekly show on all things web and digital.
Scoop.it!
Digital Attack Map - DDoS attacks around the globe
Farid Mheir's insight:
Very informative insights by Google Idea and great questions raised by Luigi.
Scoop.it!
You must have heard of "51 percent attack", "double spend" and other frightening phrases that disturb cryptocurrency-related communities. Although such caution is not unf
Farid Mheir's insight:
I have heard of denial of service attacks, man-in-the-middle attacks, or SQL injections, I had never heard of attacks that were specific to digital currencies such as bitcoins. Well, here we are. See OWASP for a list of attacks you should be aware of in this day and age.
Scoop.it!
With Blackhat USA behind us and Defcon in its full throes, there seems to be a trend away from purely digital hacks and toward physical devices. In that spirit, here are nineteen amazing hacks that cross the physical divide.
Farid Mheir's insight:
A review of 19 security hacks on physical devices Compromise Cars, Pacemakers, Mobile Phones, and ATMs. WHY THIS IS IMPORTANT As more devices become digital, more hacks become possible. Get used to it!
Scoop.it!
List of sites with Two Factor Auth support which includes SMS, email, phone calls, hardware, and software.
Farid Mheir's insight:
2 factor authentication (2FA) is an essential tool to keep your personal information secure. 2FA sends an SMS when you login to a website from a new computer - or again every 30 days or so - to validate that you are indeed who you say you are - not some hacker in Russia.
This service provides a very complete list of websites that support multi-factor authentication - and highlights those that do not. Looking at the list, it is for example very surprising to see so few banks supporting 2FA but that LinkedIn protects your resume more diligently!
Moreover because it is open source, new sites are addedd consantly, so the list should remain fresh.
Great tool to use as a checklist to ensure you have turned on at least SMS verification in your key accounts.
Scoop.it!
Farid Mheir's insight:
We think that having a fingerprint reader on your phone is a secure options but these guys show that it is not fool proof. Attention: technical read!
Scoop.it!
Praetorian tracking all IoT devices in Austin, Texas running on ZigBee protocol, similar to the Shodan scanner.
Farid Mheir's insight:
A project has been devised to map all internet of things devices in the Austin Texas area, and identify vulnerabilities. Cool demonstrations of what you can do with a drone and some technology skills. See the full map here: https://www.praetorian.com/iotmap/ WHY THIS IS IMPORTANT? There will be 9B IoT devices soon and many more in the future. Great opportunities but it needs to be safe and private.
Tracy Harding's comment,
September 1, 2015 9:19 AM
You need to work on formatting of your replies. This is one giant sentence. Remember the requirements. You need a 2-3 sentence summary, at least 1 sentence of IR implications and 1 sentence about your thoughts.
Farid Mheir's comment,
September 1, 2015 9:23 AM
@Tracy Harding: not sure I understand your comment re: formatting. Can you be more specific and email me a screengrab? thank you!
Scoop.it!
Looking back at the discovery of Flame, here are some lessons we learned.
Farid Mheir's insight:
A short account of the level of sophistication that computer viruses have achieved. And a video that pleades for the need to keep computers secure.
Scoop.it!
In 2010 I asked Professor Eben Moglen to speak to the Internet Society of New York about software freedom, privacy and security in the context of cloud computing and social media. In his Freedom in the Cloud talk, he proposed the FreedomBox as a solution: a small inexpensive computer which would provide secure encrypted communications in a decentralized way to defeat data mining and surveillance by governments and large corporations. Via Peter Azzopardi
Farid Mheir's insight:
Security and privacy concerns are top of mind for corporations and individuals looking to move their data to the cloud. This very technical story provides some insights into what may be offered in the future: fully encrypted data, as soon as it leaves the browser, with minimal overhead. Let's hope we can see this in commercial offerings soon.
Peter Azzopardi's curator insight,
April 18, 2014 6:54 PM
Homomorphic encryption allows data to be processed in an encrypted form so that only the end user can access it in a readable form. So far it has been too demanding for normal computers to handle.
Scoop.it!
From
qz
The morning of Friday, Feb. 7, the prominent Japanese bitcoin exchange Mt. Gox announced that, due to technical problems, it would be putting bitcoin withdrawals on hold. Customers would still be able to cash their bitcoins in for other currencies, or trade on the market. But getting bitcoins out of Mt. Gox would be impossible. The...
Farid Mheir's insight:
Contains a high level description of the way bitcoins work. But be careful, slightly technical read ahead! ;-)
Scoop.it!
Tesla and GM have both issued fire-related recalls, but Tesla’s fix doesn’t require owners to bring their cars in.
Farid Mheir's insight:
Benefits of having an Internet connected device - here a car - is that it can be remotely updated to fix issues or tune performance. Convenience and fast improvements. Remember that this means it can also be remotely monitored, both for good and bad reasons, which may also raise security and privacy concerns.
Scoop.it!
As you surf the Web, information is being collected about you. Web tracking is not 100% evil -- personal data can make your browsing more efficient; cookies can help your favorite websites stay in business.
Farid Mheir's insight:
If you don't know what behavioral tracking is about, this may be an "awakening" video: be prepared.
WHY THIS IS IMPORTANT I've been following the Firefox "collusion" add-on since its inception (it is now called "lightbeam" and you can find it here: https://www.mozilla.org/en-US/lightbeam/). I use it on a regular basis to remember the digital breadcrumbs I leave behind as I roam around on the Internet. Unfortunately, the lightbeam software add-on can only help by blocking the digital ads that track us and cannot minimize the behavioral tracking itself.
On this Data Privacy Day 2017, we must use this opportunity to raise our knowledge of the digital tracking that occurs in both the virtual world and the physical world. It is now a reality that we are being tracked as much in the physical world because we carry in our pockets smartphones that track our every moves - literally. Be aware, and be careful.
Farid Mheir's curator insight,
September 14, 2013 12:02 PM
I've been following collusion addon since its inception and I use it on a regular basis to remember all the digital breadcrums I leave behind as I roam around on the Internet. This is an awakening video but unfortunately the collusion software fail to offer us paths to minimize what behavioural tracking - aside from blocking all ads. |
Curated by Farid Mheir
Get every post weekly in your inbox by registering here: http://fmcs.digital/newsletter-signup/
|
Amazing reference concerning ransomware: what they are, trends, recommendations, etc. Very well done, very useful.