Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Tech News

Onboarding for customers and employees made easy

(TECH NEWS) Cohere enables live, virtual onboarding at bargain prices to help you better support and guide your users.

Published

on

onboarding made easy

Web development and site design may be straightforward, but that doesn’t mean your customers won’t get turned around when reviewing your products. Onboarding visitors is the simplest solution, but is it the easiest?

According to Cohere–a live, remote onboarding tool–the answer is a resounding yes.

Cohere claims to be able to integrate with your website using “just 2 lines of code”; after completing this integration, you can communicate with, guide, and show your product to any site visitor upon request. You’ll also be able to see what customers are doing in real time rather than relying on metrics, making it easy to catch and convert customers who are on the fence, due to uncertainty or confusion.

There isn’t a screen-share option in Cohere’s package, but what they do include is a “multiplayer” option in which your cursor will appear on a customer’s screen, thus enabling you to guide them to the correct options; you can also scroll and type for your customer, all the while talking them through the process as needed. It’s the kind of onboarding that, in a normal world, would have to take place face-to-face–completely tailored for virtual so you don’t have to.

You can even use Cohere to stage an actual demo for customers, which accomplishes two things: the ability to pare down your own demo page in favor of live options, and minimizing confusion (and, by extension, faster sales) on the behalf of the customer. It’s a win-win situation that streamlines your website efficiency while potentially increasing your sales.

Naturally, the applications for Cohere are endless. Using this tool for eCommerce or tech support is an obvious choice, but as virtual job interviews and onboarding become more and more prevalent, one could anticipate Cohere becoming the industry example for remote inservice and walkthroughs.

Hands-on help beats written instructions any day, so if companies are able to allocate the HR resources to moderate common Cohere usage, it could be a huge win for those businesses.

For those two lines of code (and a bit more), you’ll pay anywhere from $39 to $129 for the listed packages. Custom pricing is available for larger businesses, so you may have some wiggle room if you’re willing to take a shot at implementing Cohere business-wide.

Continue Reading

Tech News

Smart clothing could be used to track COVID-19

(TECH NEWS) In order to track and limit the spread of COVID-19 smart clothing may be the solution we need to flatten the curve–but at what cost?

Published

on

COVID tracking clothing

When most people hear the phrase “smart clothing”, they probably envision wearables like AR glasses or fitness trackers, but certainly not specially designed fabrics to indicate different variables about the people wearing them–including, potentially, whether or not someone has contracted COVID-19.

According to Politico, that’s exactly what clinical researchers are attempting to create.

The process started with Apple and Fitbit using their respective wearables to attempt to detect COVID-19 symptoms in wearers. This wouldn’t be the first time a tech company got involved with public health in this context; earlier this year, for example, Apple announced a new Watch feature that would call 911 if it detected an abnormal fall. The NBA also attempted to detect outbreaks in players by providing them with Oura Rings–another smart wearable.

While these attempts have yet to achieve widespread success, optimism toward smart clothing–especially things like undershirts–and its ability to report adequately someone’s symptoms, remains high.

The smart clothing industry has existed in the context of monitoring health for quite some time. The aforementioned tech giants have made no secret of integrating health- and wellness-centric features into their devices, and companies like Nanowear have even gone so far as to create undergarments that track things like the wearer’s heart rate.

It’s only fitting that these companies would transition to COVID assessment, containment, and prevention in the shadow of the pandemic, though they aren’t the only ones doing so. Indeed, innovators from all corners of the United States are set to participate in a “rapid testing solutions” competition–the end goal being a cheap, fast, easy-to-use wearable option to help flatten the curve. The “cheap” aspect is perhaps the most difficult; as Politico says, the majority of people have a general understanding of how to use wearable technology.

Perhaps more importantly, the potential for HIPPA violations via data access is high–and, during a period of time in which people are more suspicious of technology companies than ever, vis-a-vis data sharing, privacy could be a significant barrier to the creation, distribution, and use of otherwise crucial smart clothing.

There is no denying that the Coronavirus pandemic has accelerated, among other things, technological advancement in ways unseen by many of us alive today. Only time will tell if smart clothing–life-saving potential and all–becomes part of that trend.

Continue Reading

Tech News

Say goodbye to browser cookies – Google wants to give you ‘trust tokens’

(TECH NEWS) Google plans to do away with third-party cookies in favor of “trust tokens”. The question is, will they gain our trust?

Published

on

Privacy concerns should be at an all-time high with the sheer number of people working from home–something that may have been factored into Google’s recent decision to begin phasing out third-party cookies in their Chrome browser.

In doing so, Chrome would join browsers such as Safari and Firefox–two popular alternatives that have been more proactive about protecting user privacy in the past, according to The Verge.

Cookies, for those who don’t know, are small pieces of information stored on your computer by websites you visit; when third-party cookies are downloaded from these sites, they can track your activity across the internet, thus resulting in unpleasantries like targeted ads and location-based services appearing in your browser.

It’s all a little too accurate to your habits for comfort, so Google is proposing a separate solution: trust tokens.

No, trust tokens are not the newest form of currency on CBS Survivor–they’re “smart” iterations of cookies that will validate your access to a specific website without tracking you once you leave that page. This way, you get to keep your website-specific data–passwords, usernames, and preferences–without having your privacy encroached upon any more than Google already does (admittedly, that doesn’t sound like much of a change, but bear with us).

The real catch for trust tokens is that they don’t actually identify you the way that cookies do, and while some of the side effects of trust tokens may resemble cookie use–e.g., advertisers knowing you clicked on their ad–tokens are a decidedly less personal, more private way to access web content.

Google isn’t just throwing out third-party cookies as a gesture, it seems. Along with the announcement about trust tokens, Google mentioned that they plan to create more transparency around ads–specifically by allowing you to see why you’re seeing a specific ad and from whom and where the ad originated. An extension to help lend additional information about ads is also in the works.

These changes are expected to be implemented within the year. For now, though, you should stick to Firefox or Safari if you’re worried about cookies–you’ll be able to get back to your Chrome tabs soon enough.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!