Americans Are Complacent About Online Data Breaches
November 1, 2016
Users of email, social networks, and other online services are aware of possible dangers that data breaches cause, but surprisingly are less concerned about it in 2016, a survey reveals.
Observer recently published a report titled Fears of the Web’s Dark Side—Strangely—Are Not Growing, which reveals:
People’s fears about their email being hacked have receded somewhat since 2014, bizarrely. Across the 1,071 Americans surveyed, that particular worry receded from 69 to 71 percent.
The survey commissioned by Craigconnects also reveals that online users are no longer very concerned about their data getting leaked online that may be used for identity theft; despite large scale breaches like Ashley Madison. Users, as the survey points out have accepted it as a trade-off for the convenience of Internet.
The reason for the complacency setting in probably lies in the fact that people have realized:
The business of social media company is built upon gathering as much information as possible about users and using that information to sell ads,” Michael W. Wellman, CEO of Virgil Security wrote the Observer in an email. “If the service is free, it’s the user that’s being sold.
Nearly 7 percent Americans are victims of identity theft. This, however, has not dissuaded them from taking precautionary measures to protect their identity online. Most users are aware that identity theft can be used for stealing money from bank accounts, but there are other dangers as well. For instance, prescription medication can be obtained legally using details of an identity theft victim. And then there are uses of the stolen data that only Dark Web actors know where such data of millions of victims is available for few hundred dollars.
Vishal Ingole November 1, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Be Prepared for Foggy Computing
October 31, 2016
Cloud computing allows users to access their files or hard drive from multiple devices at multiple locations. Fog computing, on the other hand, is something else entirely. Fog computing is the latest buzzword in the tech world and pretty soon it will be in the lexicon. If you are unfamiliar with fog computing, read Forbes’s article, “What Is Fog Computing? And Why It Matters In Our Big Data And IoT World.”
According to the article, smartphones are “smart” because they receive and share information with the cloud. The biggest problem with cloud computing is bandwidth, slow Internet speeds. The United States is 35th in the world for bandwidth speed, which is contrary to the belief that it is the most advanced country in the world. Demand for faster speeds increases every day. Fog computing also known as edge computing seeks to resolve the problem by grounding data. How does one “ground” data?
What if the laptop could download software updates and then share them with the phones and tablets? Instead of using precious (and slow) bandwidth for each device to individually download the updates from the cloud, they could utilize the computing power all around us and communicate internally.
Fog computing makes accessing data faster, more efficient, and more reliably from a local area rather than routing to the cloud and back. IBM and Cisco Systems are developing projects that would push computing to more local areas, such as a router, devices, and sensors.
Considering that there are security issues with housing data on a third party’s digital storage unit, it would be better to locate a more local solution. Kind of like back in the old days, when people housed their data on CPUs.
Whitney Grace, October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Big Brother Now in Corporate Avatar
October 31, 2016
Companies in the US are now tracking employee movements and interactions to determine how productive their assets are. Badges created by Humanyze; embedded in employee IDs track these key indicators and suggest appropriate measures to help improve employee productivity.
An article published on Business Insider titled Employees at a dozen Fortune 500 companies wear digital badges that watch and listen to their every move reveals:
Humanyze visualizes the data as webs of social interaction that reveal who’s talking to whom on a by-the-second basis. The goal: Revolutionize how companies think about how they organize themselves.
The badges though only track employees who have explicitly given permission to track their working hours, imagination is the only inhibiting factor that will determine how the meta-data can be used. For instance, as the badges are being embedded into employee IDs (that already have chips), it can also be used by someone with right tools to track the movement of an employee beyond working hours.
Social engineering in the past has been used in the past to breach IT security at large organizations. With Humanyze badges, hackers now will have one more weapon in their arsenal.
One worrisome aspect of these badges becomes apparent here:
But the badges are already around the necks of more than 10,000 employees in the US, Waber says. They’ve led to wild insights. One client moves the coffee machine around each night, so the next morning employees in nearby departments naturally talk more.
The ironic part is, companies are exposing themselves to this threat. Google, Facebook, Amazon are already tracking people online. With services like Humanyze, the Big Brother has also entered the corporate domain. The question is not how the data will be used by hacked; it’s just when?
Vishal Ingole October 31, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
NTechLab as David to the Google Goliath of Facial Recognition
October 27, 2016
The article titled A Russian Startup is Beating Google with Eerily Accurate Facial Recognition Technology on Business Insider positions NTechLab as the company leading the industry in facial recognition technology. In 2015, the startup beat Google to win the “MegaFace” competition. The article explains,
NTechLab sets itself apart from its competitors with its high level of accuracy and its ability to search an extensive database of photographs. At the MegaFace Championship, NTechLab achieved a 73 percent accuracy with a database of 1 million pictures. When the number dropped to 10,000 images, the system achieved a jaw-dropping accuracy of 95 percent. “We are the first to learn how to efficiently handle large picture databases,” said NTechLab founder Artem Kukharenko to Intel iQ.
The startup based its technology in deep learning and a neural network. The company has held several public demonstrations at festivals and amusement parks. Attendees share selfies with the system, then receive pictures of themselves when the system “found” them in the crowd. Kukharenko touts the “real-word” problem-solving capabilities of his system. While there isn’t a great deal of substantive backup to his claims, the company is certainly worth keeping an eye on.
Chelsea Kerwin, October 27, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Google Introduces Fact Checking Tool
October 26, 2016
If it works as advertised, a new Google feature will be welcomed by many users—World News Report tells us, “Google Introduced Fact Checking Feature Intended to Help Readers See Whether News Is Actually True—Just in Time for US Elections.” The move is part of a trend for websites, who seem to have recognized that savvy readers don’t just believe everything they read. Writer Peter Woodford reports:
Through an algorithmic process from schema.org known as ClaimReview, live stories will be linked to fact checking articles and websites. This will allow readers to quickly validate or debunk stories they read online. Related fact-checking stories will appear onscreen underneath the main headline. The example Google uses shows a headline over passport checks for pregnant women, with a link to Full Fact’s analysis of the issue. Readers will be able to see if stories are fake or if claims in the headline are false or being exaggerated. Fact check will initially be available in the UK and US through the Google News site as well as the News & Weather apps for both Android and iOS. Publishers who wish to become part of the new service can apply to have their sites included.
Woodford points to Facebook’s recent trouble with the truth within its Trending Topics feature and observes that many people are concerned about the lack of honesty on display this particular election cycle. Google, wisely, did not mention any candidates, but Woodford notes that Politifact rates 71% of Trump’s statements as false (and, I would add, 27% of Secretary Clinton’s statements as false. Everything is relative.) If the trend continues, it will be prudent for all citizens to rely on (unbiased) fact-checking tools on a regular basis.
Cynthia Murrell, October 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Machine Learning Changes the Way We Learn from Data
October 26, 2016
The technology blog post from Danial Miessler titled Machine Learning is the New Statistics strives to convey a sense of how crucial Machine Learning has become in terms of how we gather information about the world around us. Rather than dismissing Machine Learning as a buzzword, the author heralds Machine Learning as an advancement in our ability to engage with the world around us. The article states,
So Machine Learning is not merely a new trick, a trend, or even a milestone. It’s not like the next gadget, instant messaging, or smartphones, or even the move to mobile. It’s nothing less than a foundational upgrade to our ability to learn about the world, which applies to nearly everything else we care about. Statistics greatly magnified our ability to do that, and Machine Learning will take us even further.
The article breaks down the steps of our ability to analyze our own reality, moving from randomly explaining events, to explanations based on the past, to explanations based on comparisons with numerous trends and metadata. The article positions Machine Learning as the next step, involving an explanation that compares events but simultaneously progresses the comparison by coming up with new models. The difference is of course that Machine Learning offers the ability of continuous model improvement. If you are interested, the blog also offers a Machine Learning Primer.
Chelsea Kerwin, October 26, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Partnership Aims to Establish AI Conventions
October 24, 2016
Artificial intelligence research has been booming, and it is easy to see why— recent advances in the field have opened some exciting possibilities, both for business and society as a whole. Still, it is important to proceed carefully, given the potential dangers of relying too much on the judgement of algorithms. The Philadelphia Inquirer reports on a joint effort to develop some AI principles and best practices in its article, “Why This AI Partnership Could Bring Profits to These Tech Titans.” Writer Chiradeep BasuMallick explains:
Given this backdrop, the grandly named Partnership on AI to Benefit People and Society is a bold move by Alphabet, Facebook, IBM and Microsoft. These globally revered companies are literally creating a technology Justice League on a quest to shape public/government opinion on AI and to push for friendly policies regarding its application and general audience acceptability. And it should reward investors along the way.
The job at hand is very simple: Create a wave of goodwill for AI, talk about the best practices and then indirectly push for change. Remember, global laws are still obscure when it comes to AI and its impact.
Curiously enough, this elite team is missing two major heavyweights. Apple and Tesla Motors are notably absent. Apple Chief Executive Tim Cook, always secretive about AI work, though we know about the estimated $200 million Turi project, is probably waiting for a more opportune moment. And Elon Musk, co-founder, chief executive and product architect of Tesla Motors, has his own platform to promote technology, called OpenAI.
Along with representatives of each participating company, the partnership also includes some independent experts in the AI field. To say that technology is advancing faster than the law can keep up with is a vast understatement. This ongoing imbalance underscores the urgency of this group’s mission to develop best practices for companies and recommendations for legislators. Their work could do a lot to shape the future of AI and, by extension, society itself. Stay tuned.
Cynthia Murrell, October 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Half of the Largest Companies: Threat Vulnerable
October 24, 2016
Compromised Credentials, a research report by Digital Shadows reveals that around 1,000 companies comprising of Forbes Global 2000 are at risk as credentials of their employees are leaked or compromised.
As reported by Channel EMEA in Digital Shadows Global Study Reveals UAE Tops List in Middle East for…
The report found that 97 percent of those 1000 of the Forbes Global 2000 companies, spanning all businesses sectors and geographical regions, had leaked credentials publicly available online, many of them from third-party breaches.
Owing to large-scale data breaches in recent times, credentials of 5.5 million employees are available in public domain for anyone to see. Social networks like LinkedIN, MySpace and Tumblr were the affliction points of these breaches, the report states.
Analyzed geographically, companies in Middle-East seem to be the most affected:
The report revealed that the most affected country in the Middle East – with over 15,000 leaked credentials was the UAE. Saudi Arabia (3360), Kuwait (203) followed by Qatar (99) made up the rest of the list. This figure is relatively small as compared to the global figure due to the lower percentage of organizations that reside in the Middle East.
Affected organizations may not be able to contain the damages by simply resetting the passwords of the employees. It also needs to be seen if the information available is contemporary, not reposted and is unique. Moreover, mere password resetting can cause lot of friction within the IT departments of the organizations.
Without proper analysis, it will be difficult for the affected companies to gauge the extent of the damage. But considering the PR nightmare it leads to, will these companies come forward and acknowledge the breaches?
Vishal Ingole, October 24, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Sugar Polluted Scientific Research
October 19, 2016
If your diet includes too much sugar, it is a good idea to cut back on the amount you consume. If also turns out if you have too much sugar in your research, the sugar industry will bribe you to hide the facts. Stat News reports that even objective academic research is not immune from corporate bribes in the article, “Sugar Industry Secretly Paid For Favorable Harvard Research.”
In the 1960s, Harvard nutritionists published two reviews in medical journals that downplayed the role sugar played in coronary heart disease. The sugar industry paid Harvard to report favorable results in scientific studies. Dr. Cristin Kearns published a paper in JAMA Internal Medicine about her research into the Harvard sugar conspiracy.
Through her research, she discovered that Harvard nutrionists Dr. Fredrick Stare and Mark Hegsted worked with the Sugar Research Foundation to write a literature review that countered early research that linked sucrose to coronary heart disease. This research would later help the sugar industry increase its market share by convincing Americans to eat a low-fat diet.
Dr. Walter Willett, who knew Hegsted and now runs the nutrition department at Harvard’s public health school, defended him as a principled scientist…‘However, by taking industry funding for the review, and having regular communications during the review with the sugar industry,’ Willett acknowledged, it ‘put him [Hegsted] in a position where his conclusions could be questioned. It is also possible that these relationships could induce some subtle bias, even if unconscious,’ he added.
In other words, corporate funded research can skew scientific data so that it favors their bottom dollar. This fiasco happened in the 1960s, have things gotten worse or better? With the big competition for funding and space in scientific journals, the answer appears to be yes.
Whitney Grace, October 19, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Malware with Community on the Dark Web
October 14, 2016
While Mac malware is perhaps less common than attacks designed for PC, it is not entirely absent. The Register covers this in a recent article, EasyDoc malware adds Tor backdoor to Macs for botnet control. The malware is disguised as a software application called EasyDoc Converter which is supposed to be a file converter but does not actually perform that function. Instead, it allows hackers to control the hacked mac via Tor. The details of the software are explained as follows,
The malware, dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and PHP-capable web server on the infected computer, generating a .onion domain that the attacker can use to connect to the Mac and control it. Once installed, the malware grants full access to the file system and can run scripts given to it by its masters. Eleanor’s controllers also uses the open-source tool wacaw to take control of the infected computer’s camera. That would allow them to not only spy on the victim but also take photographs of them, opening up the possibility of blackmail.
A Computer World article on EasyDoc expands on an additional aspect of this enabled by the Dark Web. Namely, there is a Pastebin agent which takes the infected system’s .onion URL, encrypts it with an RSA public key and posts it on Pastebin where attackers can find it and use it. This certainly seems to point to the strengthening of hacking culture and community, as counterintuitive of a form of community, it may be to those on the outside.
Megan Feil, October 14, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
