Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”



Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.


PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Tech News

Snap a business card pic, Microsoft app finds ’em on LinkedIn

(TECH NEWS) Microsoft Pix is teaming with LinkedIn in a neat way that will benefit networking, especially if you have any lazy bones in your body.



microsoft pix

Have you ever been watching some sort of action-adventure movie where there’s a command center with all sorts of unbelievable technology that kind of blows your mind? Well, every day we come closer and closer to living within that command center.

You may think that I’m talkin’ crazy, but check this out – there is a new technology that can scan a business card, and find the business card’s owner on LinkedIn. (Can I get a “say what????!”)

This app is courtesy of Microsoft and goes by the name Pix (it’s not new, but this function is).

The way it works is simple: Bill Jones hands you his business card, you fire up the Pix app (currently only on the iPhone. Sorry, Droids), you snap a picture of the card and the app takes the details (phone number, company, etc.) and finds Bill on LinkedIn. Bingo.

It also will automatically take that information and will create a new profile for Bill Jones within your phone’s contacts. After you scan the business card through Pix, Microsoft will ask if you want to take action.

At this point, Pix will recognize and capture phone numbers, email addresses, and URLs. If your phone is logged into LinkedIn, the apps will work together to find Bill’s profile. Part of me wants to think that this is kind of creepy but a larger part of me thinks that it’s really cool.

According to Microsoft Research’s Principal Program Manager, Josh Weisberg, “Pix is powered by AI to streamline and enhance the experience of taking a picture with a series of intelligent actions: recognizing the subject of a photo, inferring users’ intent and capturing the best quality picture.”

“It’s the combination of both understanding and intelligently acting on a users’ intent that sets Pix apart. Today’s update works with LinkedIn to add yet another intelligent dimension to Pix’s capabilities.”

Pix itself originally launched in 2016 as a way to compete against AI’s ability to edit a photo by use of exposure, focus, and color. This new integration in working with LinkedIn is a time saver, and is beneficial for those who collect business cards like candy and forget to actually do something with them.

Continue Reading

Tech News

Walmart and the blockchain, sitting in a tree

(TECH NEWS) Say goodbye to #foodwaste with Walmart’s new smart package delivery proposal featuring everyone’s favorite pal, blockchain.




Following the trend of adding “smart” as a prefix to any word to make it futuristic, Walmart now proposes “smart packages.” The retail giant filed for a new patent to improve their shipping and package tracking process using blockchain.

Last week, the U.S. Patent and Trademark Office (USPTO) released the application, which was filed back in August 2017.

Officially, the application notes the smart package will have “a body portion having an inner volume” and “a door coupled to the body portion” that can be open or closed to restrict or allow access to the package contents.

In other words, they’ve patented a box with a door on it that also has lots of monitoring devices.

Various iterations lay claim to all versions of said box include smart packaging utilizing a combination of monitoring devices, modular adapters, autonomous delivery vehicles, and blockchain.

Monitoring devices would regulate location tracking, inner content removal, and environmental conditions of the package like temperature and humidity. This could help reduce loss of products sensitive to environmental changes, like fresh produce.

Modular adapters perform these actions as well, and also ensure the package has access to a power source and the delivery vehicle’s security system to prevent theft.

Blockchain comes into play with a delivery encryption system, monitoring, authenticating, and registering packages. As it moves through the supply chain, packages will be registered throughout the process.

The blockchain would be hashed with private key addresses of sellers, couriers, and buyers to track the chain of custody. Every step of the shipping process would be documented, providing greater accountability and easier record keeping.

This isn’t Walmart’s first foray into the world of blockchain. Last year they teamed up with Nestle, Kroger, and other food companies in a partnership with IBM to improve food traceability with blockchain.

Walmart also took part in a similar food tracking program in China with last year as well.

And let’s not forget Walmart’s May 2017 USPTO application to use blockchain tech for package delivery via unmanned drones. Their more recent application builds on the drone idea, which also proposed tracking packages with blockchain and monitoring product conditions during delivery.

In their latest application, Walmart notes, “online customers many times seek to purchase items that may require a controlled environment and further seek to have greater security in the shipping packaging that the items are shipped in.”

Implementing blockchain and smart package monitoring as part of the shipping process could greatly reduce product loss and improve shipment tracking.

Continue Reading

Tech News

Experts warn of actual AI risks – we’re about to live in a sci fi movie

(TECH NEWS) A new report on AI indicates that the sci fi dystopias we’ve been dreaming up are actually possible. Within a few short years. Welp.



AI robots

Long before artificial intelligence (AI) was even a real thing, science fiction novels and films have warned us about the potentially catastrophic dangers of giving machines too much power.

Now that AI actually exists, and in fact, is fairly widespread, it may be time to consider some of the potential drawbacks and dangers of the technology, before we find ourselves in a nightmarish dystopia the likes of which we’ve only begun to imagine.

Experts from the industry as well as academia have done exactly that, in a recently released 100-page report, “The Malicious Use of Artificial Intelligence: Forecasting, Prevention, Mitigation.”

The report was written by 26 experts over the course of a two-day workshop held in the UK last month. The authors broke down the potential negative uses of artificial intelligence into three categories – physical, digital, or political.

In the digital category are listed all of the ways that hackers and other criminals can use these advancements to hack, phish, and steal information more quickly and easily. AI can be used to create fake emails and websites for stealing information, or to scan software for potential vulnerabilities much more quickly and efficiently than a human can. AI systems can even be developed specifically to fool other AI systems.

Physical uses included AI-enhanced weapons to automate military and/or terrorist attacks. Commercial drones can be fitted with artificial intelligence programs, and automated vehicles can be hacked for use as weapons. The report also warns of remote attacks, since AI weapons can be controlled from afar, and, most alarmingly, “robot swarms” – which are, horrifyingly, exactly what they sound like.

Read also: Is artificial intelligence going too far, moving too quickly?

Lastly, the report warned that artificial intelligence could be used by governments and other special interest entities to influence politics and generate propaganda.

AI systems are getting creepily good at generating faked images and videos – a skill that would make it all too easy to create propaganda from scratch. Furthermore, AI can be used to find the most important and vulnerable targets for such propaganda – a potential practice the report calls “personalized persuasion.” The technology can also be used to squash dissenting opinions by scanning the internet and removing them.

The overall message of the report is that developments in this technology are “dual use” — meaning that AI can be created that is either helpful to humans, or harmful, depending on the intentions of the people programming it.

That means that for every positive advancement in AI, there could be a villain developing a malicious use of the technology. Experts are already working on solutions, but they won’t know exactly what problems they’ll have to combat until those problems appear.

The report concludes that all of these evil-minded uses for these technologies could easily be achieved within the next five years. Buckle up.

Continue Reading

American Genius
News neatly in your inbox

Join thousands of AG fans and SUBSCRIBE to get business and tech news updates, breaking stories, and MORE!

Emerging Stories