Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Scoop.it!
The nation's hacker-in-chief took up the ironic task at the Enigma Conference in San Francisco. “We put the time in …to know [that network] better than the people who designed it and the people who are securing it,” he said. “You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the things that you think are supposed to be there.” 
No comment yet.
Sign up to comment
Scoop.it!
Manage your account access and security settings. Your Google Account is protected by the most advanced online security. Keeping these settings up-to-date safeguards your account even more.
Farid Mheir's insight:
Google - Apple, Yahoo, Facebook, and others - all have security checks and solutions that are free to use. They help protect individual accounts and related data. Visit those sites today and then make a note to visit them on a regular basis, say on a monthly or quarterly basis, just to make sure. Here is a list of security links for common solutions and services for your reference:
Scoop.it!
Develop your own cybersecurity playbook for 2016 that turns quick wins into long-term results.
Farid Mheir's insight:
Covers the 10 most common security threats, then proposes a 3 month plan of action and concludes with a list of security expert blogs and twitter feeds to follow. Simple. Effective. And for your info, here are the top 10 threats. If you don't know what they are, then you are much more at risk than you think...
Scoop.it!
Sums of up to €20,000 are being offered to Apple workers from hackers.
Farid Mheir's insight:
Known as social engineering, this is a popular hack that is very low tech and can bypass most security technology by exploiting the weakest link in the security chain: humans. I wrote about this especially for famous hack of the CIA director or recent paypal hack here http://sco.lt/6A7NSb In this case - whether this particular information about Apple is true or not - it raises the concern of how valuable the digital information can be in certain cases, especially for competitive intelligence and intellectual property protection. Companies would be wise to inform their employees of the risk and have them report any suspicious activity or contacts to their leaders or security team.
Scoop.it!
Crooks who make a living via identity theft schemes, dating scams and other con games often run into trouble when presented with a phone-based challenge that requires them to demonstrate mastery of a language they don’t speak fluently. Enter the criminal call center, which allows scammers to outsource those calls to multi-lingual men and women who can be hired to close the deal.
Farid Mheir's insight:
More evidence that digital security and privacy issues often resort to "Traditional methods" to perform crimes - what is called social engineering. Here is a description of call centers to impersonate people in multiple languages when companies try to verify your identity byphone during a digital transaction. Krebs also offers a solution which would requires us all to have a voice "fingerprint" available to validate our true identity.
Scoop.it!
My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.
Farid Mheir's insight:
A detailed explanation of method by which hackers can access paypal user accounts using easily obtainable personal information. Reminds me of a similar incident where a teenager was able to fool Verizon and AOL employees into giving him access to CIA director email account: http://sco.lt/6qhN5t
Scoop.it!
With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect you and your family.
Farid Mheir's insight:
A very detailed post about potential identity theft and how to prevent it. Must read for any american. Not sure what to do in Canada or in Quebec though?
Scoop.it!
Digital Attack Map - DDoS attacks around the globe
Farid Mheir's insight:
Very informative insights by Google Idea and great questions raised by Luigi.
Scoop.it!
"The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004.
Farid Mheir's insight:
Snowden leaks revealed the many different ways NSA surveillance was using. As part of the investigations that followed the leaked, the National Security Letter (NSL) was uncovered and was very well presented in the documentary "United States of Secrets" (PBS Frontline, see http://sco.lt/6kuPfV), which I highly recommend if you want more details about what it is and how far reaching it can be. WHY THIS IS IMPORTANT Companies must be aware that this exists when going with cloud services and when they use digital communications in general. With proper encryption of data at rest and in transit, they should feel more secure that their data remains private, NSL letters or not. That being said, NSL covers mostly metadata which is not encrypted and which can reveal much about a person or group. At this point in time, I am not aware of a good method to protect against that.
Scoop.it!
You must have heard of "51 percent attack", "double spend" and other frightening phrases that disturb cryptocurrency-related communities. Although such caution is not unf
Farid Mheir's insight:
I have heard of denial of service attacks, man-in-the-middle attacks, or SQL injections, I had never heard of attacks that were specific to digital currencies such as bitcoins. Well, here we are. See OWASP for a list of attacks you should be aware of in this day and age.
Scoop.it!
With Blackhat USA behind us and Defcon in its full throes, there seems to be a trend away from purely digital hacks and toward physical devices. In that spirit, here are nineteen amazing hacks that cross the physical divide.
Farid Mheir's insight:
A review of 19 security hacks on physical devices Compromise Cars, Pacemakers, Mobile Phones, and ATMs. WHY THIS IS IMPORTANT As more devices become digital, more hacks become possible. Get used to it!
Scoop.it!
When it’s hundreds of thousands of children including their names, genders and birthdates, that’s off the charts. When it includes their parents as well – along with their home address – and you can link the two and emphatically say “Here is 9 year old Mary, I know where she lives and I have other personally identifiable information about her parents (including their password and security question)”, I start to run out of superlatives to even describe how bad that is.
Farid Mheir's insight:
This security expert performs an investigation into the VTECH security breach that revealed 4.8M user accounts and children photos and chat logs.
Scoop.it!
List of sites with Two Factor Auth support which includes SMS, email, phone calls, hardware, and software.
Farid Mheir's insight:
2 factor authentication (2FA) is an essential tool to keep your personal information secure. 2FA sends an SMS when you login to a website from a new computer - or again every 30 days or so - to validate that you are indeed who you say you are - not some hacker in Russia.
This service provides a very complete list of websites that support multi-factor authentication - and highlights those that do not. Looking at the list, it is for example very surprising to see so few banks supporting 2FA but that LinkedIn protects your resume more diligently!
Moreover because it is open source, new sites are addedd consantly, so the list should remain fresh.
Great tool to use as a checklist to ensure you have turned on at least SMS verification in your key accounts.
Scoop.it!
There is no indecision in saying that, in the contemporaneous stage of internet, one cannot benefit the luxury of privacy. It is becoming somewhat impossible with the development in technology. You may get the impression that it is safe to save all of your personal data and information which comprise all of your pictures, videos and other documents in Google Drive
Farid Mheir's insight:
A good reminder of the different ways that Google gathers data about us via its many online solutions, including search and advertising but increasingly via other methods too: Android, Email, etc.
Scoop.it!
Under a cloud passport, a traveller's identity and biometrics data would be stored in a cloud, so passengers would no longer need to carry their passports and risk having them lost or stolen. DFAT says 38,718 passports were registered as lost or stolen in 2014-15, consistent with the 38,689 reported missing the previous year.
Farid Mheir's insight:
Part of a brainstorming exercise by the Foreign Affairs Minister of Australia. WHY THIS IS IMPORTANT Not having to carry papers and documents with you is always a good idea. We do it for our personal information and contacts, our emails, calendars, documents and pictures, and soon with our money (apple pay, google wallet, etc.). Moving to the cloud for your government identification makes perfect sense as well. Security will need to be bullet proof, but given the number of stolen or lost passports (due mostly to human error I am sure), I would bet that technology would do a much better job. Concerning privacy and global surveillance, that's a different story...
Farid Mheir's comment,
November 6, 2015 6:07 PM
Yes indeed, all good points - but I don't see them as showstoppers but rather as technical constraints, that may ultimately the solution impractical until cloud access maturity is there. But I thought it is a great example of digital transformation, no? ;-)
Ms. Stephens's curator insight,
November 9, 2015 9:41 AM
This could revolutionize travel, but will your information be safe from hackers?
Scoop.it!
Insurers and reinsurers face growing demand for cyber insurance, but how can they capitalise on this opportunity, whilst managing their risk exposure?
Farid Mheir's insight:
Amazing research and data from PWC on the cyber crime future forecast. WHY THIS IS IMPORTANT As everything becomes digital, companies must prepare for the cyber crime threat to go beyond an annoyance and into a top10 risk.
Scoop.it!
SIRI MAY BE your personal assistant. But your voice is not the only one she listens to. As a group of French researchers have discovered, Siri also helpfully obeys the orders of any hacker who talks to her—even, in some cases, one who’s silently transmitting those commands via radio from as far as 16 feet away.
Farid Mheir's insight:
This article describes a research experiment where radio waves were used to control a phone - from a distance of up to 16 feet - to make phone calls, visit websites or other activities that may profit a thief. WHY THIS IS IMPORTANT As we carry cell phones everywhere with us, we extend the digital threat that we are exposed to. Having someone access our phone from 16 feet may not appear to be much of a threat, it may in fact be very useful in crowded environments as the article states. Moreover we've seen from the Snowden leaks that NSA has been creating remote hacking solutions to read keyboard keystrokes from a distance - or remote control the camera or microphone. As we carry digital devices with us - now it is phones and watches, but soon implants will come - this further opens threats to our digital selves. Let's be careful! Also read stuff I wrote about this in the past: http://www.scoop.it/t/digital-transformation-of-businesses?q=nsa
Scoop.it!
How a teen hacker used social engineering to get into the email account of the CIA director.
Farid Mheir's insight:
Explains how a teenager was able to fool VErizon and AOL employees into giving him access to CIA director email account. This shows that the weak link in all of our technology remains the people. The solution thus is not more technology or information security restrictions (because everyone will bypass them anyways), but rather better education and technology that is transparent so that people don't bypass it or make insecure by their actions.
Scoop.it!
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
Farid Mheir's insight:
Boarding pass barcodes contain a lot of private and personally identifiable information. Krebs provides an account of what that information allows you to find on the boarding pass holder. WHY THIS IS IMPORTANT Very private information is often stored in plain sites on things that we do not even think about trowing in the garbage. Let's be careful!
Scoop.it!
Farid Mheir's insight:
A visual representation of most common passwords
Scoop.it!
To build a truly private product, you have to build a truly private company.
Farid Mheir's insight:
SilentCircle is the company behind the Blackphone and is now launching software and services, not only devices. I wrote about the blackphone before and why it matters: http://www.scoop.it/t/digital-transformation-of-businesses?q=blackphone WHY THIS IS IMPORTANT The niche of extreme privacy and extreme secrecy will grow, as user and organizations are willing to pay a premium for security and privacy. Blackberry had the upper hand in this, not sure where they'll be in the future but it would make sense for them to consolidate this emerging market. Also read: https://gigaom.com/2015/03/02/silent-circle-shows-off-more-powerful-blackphone-2-privacy-phone/
Scoop.it!
In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing to stop attackers from gaining direct and complete access to every single cash register in every Target store.
Farid Mheir's insight:
Detailed description of what happened to make the 2013 Target breach possible. WHY THIS IS IMPORTANT Many IT professionals have been claiming for years that cloud services were often more secure than in house solutions. Target breach - and the confidential report presented here - show how true this statement is. Corollary to that, if your organization remains in house, then investments in security are mandatory and can deliver secure system without compromising accessibility.
Scoop.it!
The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.
Farid Mheir's insight:
A great analysis of the Target breach and how it happened.
Scoop.it!
Privacy is a serious consideration for anyone that uses digital products, services and social networks. LinkedIn recently made it possible for its users to download an archive of all the information it has about you. After all, it is our data: we should be able to get retrieve it easily. Below is a screengrab of all the information LinkedIn has emailed back to me when I placed my request.
Farid Mheir's insight:
A recent post of mine on the information that LinkedIn allows you to download, and the other information it does not let you to download. WHY THIS IS IMPORTANT All the data transparency and privacy policies of social networks and cloud providers often hides a lots of very private and personal information. It raises the questions on how to access this information, in world where more and more of our lives is in the hands of others without our knowledge (but often with our consent).
Craig Broadbent's curator insight,
September 20, 2015 10:25 PM
Interesting article to start you thinking about all the personal info that is now available about you on the internet.
Scoop.it!
Learn how LinkedIn protects our members and businesses. Read our best
Farid Mheir's insight:
In a recent post, LinkedIn shared how their security experts roam the dark web to capture all passwords that have been breached and compares them to their users. If a stolen password is found, LinkedIn automatically resets the user password to protect the account. WHY THIS IS IMPORTANT This practice shows that large cloud service providers have security practices that are way more evolved than most corporations. Indeed I do not know any company that protects its systems in a way that LinkedIn claims to be doing here. It demonstrates how important security is to these cloud providers and the level of protection their users have against hackers. I often feel that my information is safer on cloud services than it is on my own laptop. Privacy, on the other hand, is a different matter altogether.
|
Curated by Farid Mheir
Get every post weekly in your inbox by registering here: http://fmcs.digital/newsletter-signup/
|
Excellent article and video from NSA chief on hacking network security. Hackers will spend the time to understand a network and its vulnerabilities. Something most companies don't.
And I believe it. Security, to be effective, requires a lot of time and effort, which most companies are not willing to invest - because it is for prevention and thus may appear to be an unnecessary cost if there are no security breaches!
Moreover, applying the security best practices that are presented here mean that access to network is difficult, requires special tools and software, prevents users from bringing their devices to work, etc. So it is actually very annoying for users to have secure networks. Thus, users will find ways to bypass it by using cloud solutions or installing shadow IT solutions.
If you feel technically inclined and want to investigate further, read wikipedia entry on packet injection and head out to airpwn for a simple tool that will make you never trust an open wifi connection (Startbucks free wifi anyone) in the future...
https://en.wikipedia.org/wiki/Packet_injection
http://airpwn.sourceforge.net/Airpwn.html
Credits to La Sphere, Radio Canada's very good weekly show on all things web and digital.