Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

7 Shares

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Continue Reading
Advertisement
4 Comments

4 Comments

  1. PJ Brunet

    August 29, 2016 at 3:00 pm

    Update: I can’t remember if I watched that movie on Netflix or Amazon, but here’s the direct link if anyone is interested. https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X

  2. Pingback: Virusdie: Comprehensive protection for your website - The American Genius

  3. Pingback: Congress seeks to postpone super important cybersecurity change - The American Genius

  4. Pingback: Mozilla rushes to patch Firefox zero-day exploit used to unmask Tor browser users - The American Genius

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

The semantic argument of the phrase ‘Full Stack’

(TECH NEWS) As the tech industry knows, being able to classify your job qualifications is paramount.

Published

on

lean in coding full-stack

Semantics

A new debate is emerging in the web development world and it’s not about which framework is best, or which language is most marketable.

bar
In fact the debate isn’t a matter of code, it’s a matter of words.

It’s Not Just About Experience Level

“Full Stack Developer” is the title developers both new and old often use to describe themselves. According to a Stack Overflow developer survey touted as the “most comprehensive developer survey conducted” the title is among the top five respondents used to describe themselves.

However, not everyone thinks newer developers should adopt the title.

It would be easy to distill the debate to a matter of experience level, veterans earned the “full stack” title, while newer programmers haven’t. However, there’s way more layers to this debate.

What Exactly is Full Stack

First of all, a simple google search reveals several different definitions of “full stack.” There’s general consensus when it comes to the high-level definition. CodeUp sums up this definition, “The term full stack means developers who are comfortable working with both back-end and front-end technologies.”

When it comes down to the nitty-gritty of what exactly falls under back-end and front-end, there’s some disagreement.

Mastery level also matters, but again there’s disagreement over what’s acceptable. In one camp, are the proficiency pushers who require not only a breadth of understanding, but also a depth of understanding in multiple areas.

In this camp, it’s not just good enough to have exposure to SQL, one must have proficiency in SQL.

In the other camp, are the generalist. They also require a breadth of knowledge, but are happy with a basic familiarity of each stack element. When it comes to debating whether newer developers should adopt the full stack title, the lack of clarity on what full stack means in the first place is a major stumbling block.

Why Full Stack?

Besides clarifying the what behind “full stack” some folks are also clarifying the why. According to Indeed’s job trends, the number of postings and searches matching “full stack developer” on average has trended upwards since 2012 . The title’s popularity causes some to believe that new developers are adopting the title as a buzzword with no real care put into understanding what “full stack” means.

Android Programmer Dan Kim from Basecamp warns, “Just don’t fall back to labeling yourself with a bullshit buzzword that everyone else uses.”

For others, adopting the full stack title is a matter of mindset. As Web developer Christian Maioli over at TechBeacon writes: “To me, a full stack developer is someone who has the curiosity and drive to test the limits of a technology and understand how each piece works generally in various scenarios. Having this mindset will give developers more value and more power in dealing with new situations.”

In both cases, understanding why a new developer adopts the full stack title is connected to understanding whether they’re overselling their skills and how valuable their skills are to a potential employer.

Beyond Job Titles

Finally, this debate about whether new developers should use the “full stack” title brings up the need for alternative methods of measuring proficiency. This need isn’t limited to the web development world, as technology innovates job titles become convoluted.

A job title won’t be the most reliable way to communicate what you bring to a job or what you expect.Click To Tweet

Quantifying what you’ve accomplished in the past, along with what tools you used will be critical in a time where job titles aren’t trusted.

This story was first published here on April 7, 2017.

Continue Reading

Tech News

We’ve all seen job listings for UX writers, but what exactly is UX writing?

(TECH NEWS) We seeing UX writer titles pop up and while UX writing is not technically new, there are new availabilities popping up.

Published

on

writers net neutrality twitter facebook outlook email drag

The work of a UX writer is something you come across everyday. Whether you’re hailing an Uber or browsing Spotify for that one Drake song, your overall user experience is affected by the words you read at each touchpoint.

A UX writer facilitates a smooth interaction between user and product at each of these touchpoints through carefully chosen words.

Some of the most common touchpoints UX writers work on are interface copy, emails and notifications. It doesn’t sound like the most thrilling stuff, but imagine using your favorite apps without all the thoughtful confirmation messages we take for granted. Take Eat24’s food delivery app, instead of a boring loading visual, users get a witty message like “smoking salmon” or “slurping noodles.”

Eat24’s app has UX writing that works because it’s engaging.

Xfinity’s mobile app provides a pleasant user experience by being intuitive. Shows that are available on your phone are clearly labeled under “Available Out of Home.” I’m bummed that Law & Order: SVU isn’t available, but thanks to thoughtful UX writing at least I knew that sad fact ahead of time.

Regardless of where you find a UX writer’s work, there are three traits an effective UX writer must have. Excellent communication skills is a must. The ability to empathize with the user is on almost every job post.

But from my own experience working with UX teams, I’d argue for the ability to advocate as the most important skill.

UX writers may have a very specialized mission, but they typically work within a greater UX design team. In larger companies some UX writers even work with a smaller team of fellow writers. Decisions aren’t made in isolation. You can be the wittiest writer, with a design decision based on obsessive user research, but if you can’t advocate for those decisions then what’s the point?

I mentioned several soft skills, but that doesn’t mean aspiring UX writers can’t benefit from developing a few specific tech skills. While the field doesn’t require a background in web development, UX writers often collaborate with engineering teams. Learning some basic web development principles such as responsive design can help writers create a better user experience across all devices. In a world of rapid prototyping, I’d also suggest learning a few prototyping apps. Several are free to try and super intuitive.

Now that the UX in front of writer no longer intimidates you, go check out ADJ, The American Genius’ Facebook Group for Austin digital job seekers and employers. User centered design isn’t going anywhere and with everyone getting into the automation game, you can expect even more opportunities in UX writing.

Continue Reading

Tech News

Loopy is the new easy tool that helps explain hard ideas

(TECH NEWS) Loopy is a tool that can revolutionize how we explain anything from personal ideas to business complexities.

Published

on

loopy

In a world filled with complex systems, Loopy serves as a tool for people to take their time understanding them.

The tool allows users to create interactive simulations to help people explain their ways of thinking.

Loopy has found a way for people to interact with simulations without complicated code or overused drag and drop. You can create your own or collaborate with other simulations already made on the site.

It is a great way to challenge yourself while learning how each system works.

Loopy encourages you to ask hypothetical questions to better understand the systems. The model consists of circles and arrows to remain uncomplicated. When you remix or interact with simulations that were made by other users, it is as if you are having a conversation via the simulations. Loopy describes this as “talking in systems” which makes the entire experience more impactful.

Though Loopy can be used as a fun way to exercise your brain, it also has practical implications. For instance, simulations can be embedded into blog posts, live lectures and presentations. You can also develop videos to further explain complex ideas.

This is especially useful for businesses who want to simplify their models when communicating with investors and consumers.

Simulations can be a fun way to illustrate your thoughts and support your ideas. Businesses can use Loopy to create collaborative activities for their employees to mess around with as well.

The best part is that anyone can try it out for free. On their site, you can develop your own simulations or adjust ones that have already been made.

At its core, Loopy is simulation software.

However, their goal is to give everyone the tools that they need to understand complex systems. This goes for both the creators and the viewers, who are all a part of the process.

Continue Reading

Emerging Stories