Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Tech News

FCC Chairman confirms fears, jokes about being a Verizon shill

(TECH NEWS) FCC Chairman Ajit Pai jokes about being a shill for Verizon, feeding into what many suspected when he was appointed.

Published

on

ajit pai speaking

Leaked video shows FCC Chairman Ajit Pai joking about being a shill for Verizon, as we all suspected when he was nominated. Last week Pai was a speaker at the Federal Communications Bar Association, an event similar to the White House Correspondents Dinner.

Major telecom companies and the FCC gather at this annual event for dinner, mingling, and enduring awkward political policy jokes. At the event, Pai roasted himself about major headlines from the past year, like his decision to kill net neutrality against the wishes of the majority of the nation. Hilarious.

Pai also brought up the whole thing where he refused to cooperate with an investigation into the validity of comments filed in support of ending net neutrality.

Although cameras weren’t officially present at the event, someone surreptitiously filmed and sent the clip to Gizmodo. The kicker comes around twenty minutes into Pai’s speech when he jokes, “in collusion—I mean, in conclusion, sorry, my bad—many people are still shell-shocked that I’m up here tonight.”

He goes on, “they ask themselves, how on earth did this happen? Well, moments before tonight’s dinner, somebody leaked a fourteen-year-old video that helps answer that question, and in all candor, I can no longer hide from the truth.”

Pai then starts a video, which opens with 50 Cent’s “In Da Club” playing in the background. This is the only thing I’ll give him points for on this amateur drama class project.

The skit is set in 2003 at “Verizon’s DC Office”, when Pai was an attorney for the company. In the video, Kathy Grillo, current Verizon senior VP and deputy general counsel, tells Pai, “As you know, the FCC is captured by the industry, but we think it’s not captured enough, so we have a plan.”

“What plan?” Pai asks. Grillo tells him, “We want to brainwash and groom a Verizon puppet to install as FCC chairman. Think ‘Manchurian Candidate.’” To which Pai responds, “That sounds awesome!”

Gizmodo posted the video on Friday after the dinner, and the internet exploded with reactions to Pai’s gag. Reddit in particular went nuts, to the point that one thread in r/technology was locked—as in no one else can comment—for “too much violence.”

In a thread on the r/television subreddit, a moderator reminds users, “please refrain from encouraging or inciting violence or posting personal information […] don’t post anything inviting harassment, don’t harass, and don’t cheer on or upvote obvious vigilantism.”

While some of the threads were full of awful remarks, other posters commented in the spirit of reasonable conversation. The general sentiment of those engaged in non-harassing discussions is that Pai is a symptom, not the cause of FCC’s problems.

However, many argued that the video showed Pai’s willingness to bend (then joke about) FCC regulations indicates he’s not a puppet so much as a willing participant in corruption. Pai’s appointment to FCC Chairman was suspicious from the beginning considering his ties to Verizon.

Although Pai is obviously joking in the leaked video, the general public isn’t find it nearly as funny as those at the dinner.

Check out the clip for some cringe-worthy digs at net neutrality and have fun questioning the integrity of the FCC.

Continue Reading

Tech News

FCC Grinches plan to steal poor peoples’ Internet access

(TECH NEWS) Merry Christmas! The FCC is trying to take away poor people’s Internet access, pointing the finger one way to distract you from the other.

Published

on

ajit pai net neutrality

In case anybody with enough bandwidth to read this wasn’t sufficiently terrified by the FCC’s ongoing campaign to break the internet by dismantling net neutrality, the nation’s communication authority has kindly provided another reason for any digital-enabled American to expatriate and/or secede.

The FCC’s most recent reform proposal proposes to reform the absolute Hell out of Lifeline, the $2.25 billion program to provide low-income Americans with broadband Internet access. Also, phones. The Lifeline Program has been doing its job since 1985, when noted socialist firebrand Ronald Reagan instituted it to subsidize phone service in underprivileged communities. It was expanded to include broadband Internet access in 2016, and right now 12 million households benefit from Lifeline-subsidized phone and Internet access.

That’s apparently a problem.

The FCC’s stated concern is that the General Accounting Office recently found $1.2 million of the $2.25 billion Lifeline budget was being used fraudulently. Fraud is bad! But in case you don’t have your TI-85 handy, that’s less than a tenth of 1 percent. That is not very much fraud. Not enough to nix an entire program, at least.

The greater concern, as usual, appears to be about profit. Under the current Lifeline guidelines, many subsidized companies are small ISPs and resellers providing access to third-party networks. Often, these services are the only Internet access available in rural areas, tribal lands, and other underserved communities.

That doesn’t work for Commissioner Pai.

Earlier this year, Pai used “delegated authority,” the FCC’s version of executive orders, to bypass oversight and personally rescind subsidy access from 9 ISPs providing services to rural areas and tribal lands.

These reforms continue that trend. They ban subsidies for no-cost Internet service, which is the business model of 70% of current Lifeline subsidy recipients. It is notably not the business model of large ISPs that rhyme with Buhrizon. I’m sure that’s a coincidence.

They also impose an absolute budget cap, meaning that millions of poor households could lose their Internet access, and the increased opportunities for education and employment that come with it, if someone in a comfy office a thousand miles away effs up the accounting.

In short, it sucks.

The proposed reforms to the Lifeline Project are another example of the FCC, deliberately or through negligence, rigging the market in favor of major conglomerates at the expense of consumers, small businesses and the general public.

Lifeline isn’t perfect, but it’s doing its job. Whether the same can be said for Ajit Pai’s FCC is, at best, an open question.

Continue Reading

Tech News

Get motivated with a ding sound every time someone visits your new site

(TECHNOLOGY) This tool provides motivation for new websites by ding-donging every time a new visitor stops by! Talk about a dopamine rush!!

Published

on

ding sound site visitor

It seems like everyone these days has a brand new website they can’t wait to share with the world. All these micro-businesses are starting their journeys at the very beginning: with zero website visitors, big plans, and a lot of hope. A new chrome extension has found a way to help motivate these big dreamers at the very beginning of their business’ lives.

Startup Bell – a doorbell for Google Analytics – audibly rings every time a website gets a new user and shows the number of current active users right in their browser’s toolbar.

That simple ding-dong could soon provide a dopamine rush to any founder that uses it. In the early days of startups and passion project websites’ visitors- though initially, typically the founder’s mom and their Facebook friends – are a positive indication that business is growing and that reassuring ding-dong is real time motivation to keep doing what you’re doing.

Marketing a business is now as inexpensive as it’s ever been with cheap Instagram and Facebook ads reaching a prime millennial audience. With to-the-minute feedback, this Chrome extension can give you insight into which marketing strategies work and which flop. It’s also an immediate payoff to that ten dollar Facebook ad.

While this lean extension only provides a ding-dong for every new visitor and has very few settings, maker Branimir hopes that future versions will include the option to have dings at certain intervals (like every 100 visitors) to support websites as they grow and don’t ding incessantly.

Branimir also stated on Product Hunt, that future versions of the plug-in may offer a similar tool for sales. When the noise played means money in your pocket, that dopamine rush could get even more addictive.

This is simple little plug-in could provide much needed motivation for startups and new businesses alike. With real-time feedback, companies will get a morale boost in the early stages of their company’s life. The next step is to make sure users’ dogs don’t go crazy every time someone visits their website and they hear that ding-dong.

Continue Reading
Advertisement

The
American Genius
News neatly in your inbox

Join thousands of AG fans and SUBSCRIBE to get business and tech news updates, breaking stories, and MORE!

Emerging Stories