Archive for August 1, 2017

App Empowering Iranian Women w/ Sexual Health & Legal Resources

Posted in Commentary with tags on August 1, 2017 by itnerd

Today, United for Iran, a Bay-Area NGO working to promote civil liberties and civil society in Iran, is announcing the release of Hamdam, the second app to come out of the organization’s app incubation project, the IranCubator.

Hamdam is a groundbreaking mobile app that serves as a one-stop-shop for information related to the reproductive and legal rights of Iranian women. Not only does the app empower women to track their menstrual calendar (based on the Persian Jalali Calendar) and sexual health including STD and contraceptive methods information, it also helps them navigate Iran’s discriminatory legal structures with information oriented to empower their lives. Hamdam provides a database with easy to understand language regarding marriage laws and how women can tackle issues related to employment, education, divorce and division of assets. The app is designed to help Iranian women stay healthy, protect their rights in a repressive country, and maintain their dignity. It also provides information on domestic violence and sexual harassment, and rape in addition to the  emergency call button. Thus Hamdam, which in Persian means companion, aims to be Iranian women’s health and rights companion.

Hamdam is available on Android devices – the most commonly used smartphone in Iran, comprising 70% of the Iranian smartphone market.

Key facts about United for Iran’s IranCubator app development project – The IranCubator:

  • United for Iran launched its new app incubation program in June 2016, seeking to match civil society activists with app developers and programmers to build smartphone applications for the 40 million smartphone users currently living in Iran.
  • IranCubator provided financial and technical support to winning developers and activists with projects that advance civil society in Iran.
  • All submissions were judged by the IranCubator Advisory Board consisting of notable technology and security experts, internet freedom advocates and social entrepreneurs including Allen Gunn, Christopher Allen and Danny Kennedy.
  • Ahead of the IranCubator competition, United for Iran conducted an extensive Community Needs Assessment with Iranian activists to determine the specific tools for advancing civil liberties.  Based on those findings, the IranCubator Advisory Judges prioritized apps and ideas that fight against the legal and socio-cultural discrimination against women, immigrants, people with disabilities and LGBTQ communities, as well as projects that promote education for underserved communities.

Click here for more information about Hamdam.

Advertisements

One-In-Four Canadian Students Cheat Using Mobile Devices: McAfee

Posted in Commentary with tags on August 1, 2017 by itnerd

A new McAfee survey of Canadian students found one-in-four respondents cheat using mobile devices, and girls more often reported being cyberbullied than boys. High school students between the ages of 14 and 18 participated in the online questionnaire between June 28 and July 5.

Here’s some highlights:

Internet connected devices at school

  • 82% of the students spend at least one hour per day using an internet connected device during school hours for school-specific work
    • One out of five of the students (22%) do so for even 5 hours or more
  • 73% of the students think that their school takes the necessary steps to ensure the school-owned devices they use are protected from cyber threats
    • 6% think their school doesn’t take the necessary steps, and 22% don’t know

Cybersecurity education/guidelines from school

  • 78% of the students have been provided with cybersecurity education/guidelines from school before they were allowed to access school-owned connected devices
    • 34% get regularly education/guidelines throughout the year
    • 32% received instructions only once before they started using connected devices
    • 12% state that their teacher tried to talk about staying safe online but that the student knew more about cyber security that the teacher
  • 22% didn’t get any cybersecurity education/guidelines before allowed access to access school-owned connected devices

Cybersecurity education/guidelines from parents

  • Slightly more than one third of the parents (36%) regularly talk with their (14-18 year old) children about how to stay safe
    • 13% of the 16-18 year old children have never talked with their parents about how to stay safe online

Cyberbullying

  • 18% of the 14-18 year old children stated to have been cyberbullied
  • Females get cyberbullied more often (21%) than in males (14%)
  • Facebook (58%), Instagram (37%) and Snapchat (28%) are mostly used for cyberbullying
  • 40% of the children 14-18 have experienced or seen cyberbullying before 9th grade
  • Most children (69%) would feel comfortable talking to a teacher, coach or school administrator if they had been cyberbullied
    • 16-18 year old females are least comfortable talking to someone of school (66%)
  • More than half of the student (52%) feel that teachers and school openly discuss cyber bullying and are trying to prevent it
    • 26% feel that school openly discuss it but are not trying to prevent it
    • 10% feel that school neither discusses nor tries to prevent it
    • 12% think that school wouldn’t know how to prevent it
  • More than one third of the students (35%) feel that cyber bullies aren’t being reprimanded or disciplined enough
    • Especially the girls feel that cyber bullies don’t get in much trouble at all (39% of the females feel that way versus 30% of the males)

Access to social media sites

  • 23% of the students successfully tried to get around the cyber restrictions put in place by school to get access to banned content
  • More than half (63%) of the students were able to access any (30%), or some (33%) social media sites on school-owned connected devices
  • Most visited social media websites, using school-owned connected devices in the classroom, are YouTube (63%), Facebook or Facebook Messenger (56%) and Instagram (40%)
    • Followed by Twitter (31%) and Snapchat (27%)

Cheat with connected devices

  • One out of four (25%) students admit to have used a connected device in the classroom to cheat on an exam, quiz, project, or other assignment
    • Most did so with a personal-owned device (16%), others with a school-owned device (5%).
    • Some did with both (4%).
  • 44% claim to have seen or heard of another student using a connected device in the classroom to cheat on an exam, quiz, project or other assignment

About this study

  • In June – July 2017 McAfee LLC. conducted a study about going back to school.
  • In multiple countries almost 4,000 high school students (9th till 12th grade) within the age of 14 – 18 years participated in the study.
  • This study reflects the answers of 500 people in CANADA.

McAfee’s Gary Davis has also written a blog highlighting top takeaways from the global results.

BlackBerry Loses Its Grip On The Canadian Government

Posted in Commentary with tags on August 1, 2017 by itnerd

For as long as I can remember, BlackBerry has been the dominant smartphone used by Canadian Government employees because of their encryption and security offerings. If you go anywhere in Ottawa, you’ll see them everywhere. But that appears to be changing according to Metro News:

Shared Services Canada (SSC), the agency that manages the government IT infrastructure, now has a small number of Samsung phones and some Apple phones that can be used.

BlackBerry was once the dominant player in the smartphone market, but has lost ground to other companies like Apple, Google and Samsung.

An SCC spokesperson said they’re moving to keep up with the times.

“SSC is committed to supporting the modernization of the Government of Canada’s telecommunications infrastructure,” said Frederica Dupuis.

“SSC is taking a new approach to mobile service to better serve its clients, use new technology and adapt to changes in the marketplace.”

Now I will point out that if someone wants to use a Galaxy S8 or an iPhone 7 Plus, it will likely have to be just as secure as a BlackBerry. Which to be frank, would be an easy bar to hit. Plus I will point out that BlackBerry devices will still be supported. But I suspect that once people get a look at BlackBerry’s competition, they may defect to it.

Guest Post: NordVPN Discusses What To Expect From Cybersecurity In 2017

Posted in Commentary with tags on August 1, 2017 by itnerd

2017 has shown us that we all are vulnerable to cyber threats, having dealt with such major scandals as election hacking, two major global ransomware attacks, and a general rise in hacking.

So what can we expect during the second half of this year? Will cyber attacks keep increasing, or are we learning to counter them?

Here is a list by NordVPN of what we could be expecting:

  1. Phishing campaigns will become even more sophisticated. Criminals are now able to create emails that look like typical invoices or letters from banks about account updates or missed payments. While 94% of Internet users say they are able to recognize a phishing email, statistics show that almost half of them will click on a dangerous link. It will get even harder when cyber criminals get even more advanced in creating sophisticated fake emails.
  2. There will be more ransomware attacks. Hackers behind the two recent global ransomware attacks proved that major world companies have serious security issues – meaning these types of attacks will keep increasing, and their scale is frightening. As long as big companies don’t start taking security seriously, there will be criminals taking advantage of it. For example, 94% of companies in the UK said they believed IT security was important, but only 56% have a strategy in place in case of cyber attacks.
  3. Government involvement in data collection will keep increasing. Governments across the world are strengthening their surveillance laws. For example, the UK’s Investigatory Powers Act, called the Snooper’s Charter, allows the British government to force companies to hack their own customers, even by inserting malware into their devices. The Australian government wants to be capable of spying on encrypted means of communications, including services built into devices like iPhone, as well as apps like Telegram, WhatsApp and so on. Many other governments are implementing similar laws that use intrusive data collection techniques. Massive collected data could be easily mishandled, ending up in the hands of hackers and cyber criminals. For example, the Swedish government has recently accidentally leaked personal details of almost all citizens in a massive data breach.
  4. ISP data collection. The U.S. has recently passed a law allowing ISPs to collect customer data without their consent and share it with third parties. Internet Service Providers are now free to collect and share their subscribers’ private data that includes precise geolocation, financial information, health information and web browsing history.
  5. Hackers will access more platforms. While currently cyber criminals mostly attack Windows platforms, they will be getting sophisticated enough to attack iOS and Android, as well as Linux and macOS.
  6. More DDoS attacks on IoT devices. With the advancement of IoT (Internet of Things), the number of properly unsecured devices has greatly increased over the past few years – and it’s only the beginning. The number of smart home gadgets will be growing exponentially in the next few years, allowing hackers to launch DDoS (distributed denial of service) attacks on a scale never seen before, involving botnets or extortion attempts.

How to protect oneself from the increasing dangers lurking online?

According to Marty P. Kamden, CMO of NordVPN (Virtual Private Network), “Internet users should regularly delete cookies, maintain strong spam filters and authentication. It’s crucial to install anti-virus and anti-tracking software, and make sure not to enter personal passcodes and credit card information when using open Wi-Fi networks. Organizations should train their employees to recognize phishing scams and they should have a system where such scams can be quickly reported.”

“With the new level of the Internet surveillance arising, privacy becomes a luxury that is not so easy to obtain. There is more than one example when our personal data is being mishandled even in presumably safe hands. Therefore, one of the best-known methods to keep your information private and encrypted is a VPN. A VPN encrypts user data through a secure tunnel before accessing the Internet – this protects any sensitive information about one’s location by hiding their IP address.”

NordVPN is determined to hide and secure users’ data with features like double encryption and a strict no logs policy. From the moment a user turns on NordVPN, their Internet data becomes encrypted. It becomes invisible to governments, ISPs, third party snoopers and even NordVPN.

NordVPN has recently added a CyberSec feature that can be activated along with VPN in order to protect from malware, annoying ads and phishing attempts. It checks each website the user tries to access against a list of malicious sites. Any site included in the phishing blacklist is blocked before any harm can be done.

White House Staffers Pwned By Prankster Via Email

Posted in Commentary with tags on August 1, 2017 by itnerd

Cyber security was supposed to be a top of mind item for the folks running the US right now. But if I had to grade them on their efforts, that grade would be “F” based on the news that White House staffers fell victim to a social engineering attack:

A self-described “email prankster” in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official’s private email address unsolicited.

“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Jared Kushner on an Outlook account wrote to the official White House email account of Homeland Security Adviser Tom Bossert. “It would be great if you could make it, I promise food of at least comparible (sic) quality to that which we ate in Iraq. Should be a great evening.”

Bossert wrote back: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is” (redacted).

Bossert did not respond to CNN’s request for comment; the email prankster said he was surprised Bossert responded given his expertise. The emails were shared with CNN by the email prankster.

Now, you’re likely wondering what the big deal is. As famed hacker Kevin Mitnick pointed out in his book The Art Of Deception, all the firewalls and security software in the world won’t save you from someone who leverages people to get the information that they want from computer systems. Thus, if this wasn’t a prankster, but instead it was a nation state looking to pwn the White House, the lack of security awareness by these people could be catastrophic.

It looks like the US Government needs some remedial education when it comes to cyber security.

Amber Rudd To Planet Earth: “Real People” Don’t Need Encryption

Posted in Commentary with tags on August 1, 2017 by itnerd

From the “that was a stupid thing to say” department comes these comments from U.K. home secretary Amber Rudd via Yahoo News:

“Who uses WhatsApp because it is end-to-end encrypted, rather than because it is an incredibly user-friendly and cheap way of staying in touch with friends and family? 

“So this is not about asking the companies to break encryption or create so-called ‘back doors’. 

“Companies are constantly making trade-offs between security and ‘usability’, and it is here where our experts believe opportunities may lie. 

“Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.”

Clearly she has no clue as to what she is talking about. And it’s actually kind of insulting too. But to be fair, Amber Rudd has a reputation for not being the sharpest tool in the shed. Instead she has a reputation of being a tool. At best her comments are naive. At worst they’re dangerous because in short, if you use WhatsApp or a service like it, you’re with the terrorists. Just even thinking about it is a #fail. Now tech giants are pushing back on this hard, and I fully expect Rudd to get an earful on this subject as I cannot see a scenario where this goes over really well.

Game Of Pwns: Hackers Pwn HBO

Posted in Commentary with tags on August 1, 2017 by itnerd

Hackers are clearly fans of HBO as EW is reporting that HBO has been pwned by hackers and info related to the network has been leaked:

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” the network confirmed in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

Hackers claimed to have obtained 1.5 terabytes of data from the company. So far, an upcoming episode of Ballers and Room 104 have apparently been put online. There is also written material that’s allegedly from next week’s fourth episode of Game of Thrones. More is promised to be “coming soon.” 

I guess that winter has come for HBO.

It appears that the hackers are looking for fame and not fortune. At least for now because no ransom demand has been made. But this is part of a trend of movie and TV studios and networks being pwned by hackers to leak content. After all, content is king.