Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Tech News

Daily Coding Problem keeps you sharp for coding interviews

(CAREER) Coding interviews can be pretty intimidating, no matter your skill level, so stay sharp with daily practice leading up to your big day.

Published

on

voice and SEO

Whether you’re in the market for a new coding job or just want to stay sharp in the one you have, it’s always important to do a skills check-up on the proficiencies you need for your job. Enter Daily Coding Problem, a mailing list service that sends you one coding problem per day (hence the name) to keep your analytical skills in top form.

One of the founders of the service, Lawrence Wu, stated that the email list service started “as a simple mailing list between me and my friends while we were prepping for coding interviews [because] just doing a couple problems every day was the best way to practice.”

Now the service offers this help for others who are practicing for interviews or for individuals needing to just stay fresh in what they do. The problems are written by individuals who are not just experts, but also who aced their interviews with giants like Amazon, Google, and Microsoft.

So how much would a service like this cost you? Free, but with further tiers of features for additional money. Like with all tech startups, the first level offers the basic features such as a single problem every day with some tricks and hints, as well as a public blog with additional support for interviewees. However, if you want the actual answer to the problem, and not just the announcement that you incorrectly answered it, you’ll need to pony up $15 per month.

The $15 level also comes with some neat features such as mock interview opportunities, no ads, and a 30 day money back guarantee. For those who may be on the job market longer, or who just want the practice for their current job, the $250 level offers unlimited mock interviews, as well as personal guidance by the founders of the company themselves.

Daily Coding Problem enters a field with some big players with a firm grasp on the market. Other services, like InterviewCake, LeetCode, and InterviewBit, offer similar opportunities to practice mock interview questions. InterviewCake offers the ability to sort questions by the company who typically asks them for that individual with their sights targeted on a specific company. InterviewBit offers referrals and mentorship opportunities, while LeetCode allows users to submit their own questions to the question pool.

If you’ve really got your eye on the prize of receiving that coveted job opportunity, Daily Coding Problem is a great way to add another tool in your tool box to ace that interview.

Continue Reading

Tech News

Quickly delete years of your stupid Facebook updates

(SOCIAL MEDIA) Digital clutter sucks. Save time and energy with this new Chrome extension for Facebook.

Published

on

facebook desktop

When searching for a job, or just trying to keep your business from crashing, it’s always a good idea to scan your social media presence to make sure you’re not setting yourself up for failure with offensive or immature posts.

In fact, you should regularly check your digital life even if you’re not on the job hunt. You never know when friends, family, or others are going to rabbit hole into reading everything you’ve ever posted.

Facebook is an especially dangerous place for this since the social media giant has been around for over fourteen years. Many accounts are old enough to be in middle school now.

If you’ve ever taken a deep dive into your own account, you may have found some unsavory posts you couldn’t delete quickly enough.

We all have at least one cringe-worthy post or picture buried in years of digital clutter. Maybe you were smart from the get-go and used privacy settings. Or maybe you periodically delete posts when Memories resurfaces that drunk college photo you swore wasn’t on the internet anymore.

But digging through years of posts is time consuming, and for those of us with accounts older than a decade, nearly impossible.

Fortunately, a Chrome extension can take care of this monotonous task for you. Social Book Post Manager helps clean up your Facebook by bulk deleting posts at your discretion.

Instead of individually removing posts and getting sucked into the ensuing nostalgia, this extension deletes posts in batches with the click of a button.

Select a specific time range or search criteria and the tool pulls up all relevant posts. From here, you decide what to delete or make private.

Let’s say you want to destroy all evidence of your political beliefs as a youngster. Simply put in the relevant keyword, like a candidate or party’s name, and the tool pulls up all posts matching that criteria. You can pick and choose, or select all for a total purge.

You can also salt the earth and delete everything pre-whatever date you choose. I could tell Social Book to remove everything before 2014 and effectively remove any proof that I attended college.

Keep in mind, this tool only deletes posts and photos from Facebook itself. If you have any savvy enemies who saved screenshots or you cross-posted, you’re out of luck.

The extension is free to use, and new updates support unliking posts and hiding timeline items. Go to town pretending you got hired on by the Ministry of Truth to delete objectionable history for the greater good of your social media presence.

PS: If you feel like going full scorched Earth, delete everything from your Facebook past and then switch to this browser to make it harder for Facebook to track you while you’re on the web.

Continue Reading

Tech News

Google’s reCaptcha better secures sites, but comes with wild privacy risks

(TECHNOLOGY) Google has made some serious advances when it comes to reCaptchas, and they’re extremely impressive. Unless you value your privacy…

Published

on

google's recaptcha v3

Check here if you are not a robot. If you are not a robot, can you read this nonsensical string of letters and numbers that looks like it’s been wrung out like a wet towel? Can you choose the picture of a car out of these nine street scenes?

Over the years, Google has come up with a number of ways to verify that internet users, especially when signing into accounts, are not, in fact, bots. The most up-to-date system, reCaptcha v3, stands to big up web security, but comes with some serious privacy compromises.

The new reCaptcha is invisible to the user. No more clicking through pictures of street signs and dogs. According to Cy Khormaee, product lead for reCaptcha, “Everyone has failed a Captcha,” but from now on, users will no longer have to worry about it.

That’s because the new reCaptcha v3 detects bots by analyzing a user’s navigation of the site itself. Unusual or malicious actions generate a higher risk score. Website administrators receive users’ risk scores, and can respond according by, for example, requiring further verification from suspicious users.

This new method should make it much more difficult for bots to crack a site, because mimicking a whole string of human behaviors is much more complicated that breaking the old Captchas.

Over 4 million sites are still using the old Captchas, while 65,000 new sites are testing out reCaptcha v3. While some sites will display the reCaptcha logo at the bottom of the page, you mostly won’t be able to tell which sites are using the new service.

One major trade off is consumer privacy. As part of assessing a user’s risk score, reCaptcha v3 checks to see if you already have Google’s cookie installed – the one that allows you to open new tabs without re-signing in to Google. The logic is that, if you have a Google account, you are more likely to be a real person. The downside is that this means that Google is receiving data from every site you visit that uses reCaptcha v3.

And what will they do with this data? Google told Fast Company that reCaptcha gathers “hardware and software information, including device and application data” and that this data was used only “to fight spam and abuse.” They claim that data won’t be used to target advertising to users.

As of yet, Google’s Terms of Service does not include any language about reCaptcha. Once again, consumers have nothing more than the good word of the corporation to trust when it comes to their privacy.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!