Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Continue Reading
Advertisement
4 Comments

4 Comments

  1. PJ Brunet

    August 29, 2016 at 3:00 pm

    Update: I can’t remember if I watched that movie on Netflix or Amazon, but here’s the direct link if anyone is interested. https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X

  2. Pingback: Virusdie: Comprehensive protection for your website - The American Genius

  3. Pingback: Congress seeks to postpone super important cybersecurity change - The American Genius

  4. Pingback: Mozilla rushes to patch Firefox zero-day exploit used to unmask Tor browser users - The American Genius

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Nate app: $38M Series A fintech startup you should keep an eye on

(TECHNOLOGY) The nate app combines the best of social media and shopping into one platform, streamlining the check-out process for hassle-free purchases.

Published

on

African American woman holding iPhone scrolling through the Nate App homepage.

No one likes to hop around from store to store searching aimlessly in aisles for all of their necessary items. That’s why the big guys win, like Walmart, Amazon, and Target – they have all you need in one swoop! Users choosing to shop online feel the same way. Having to reenter payment, billing, and shipping information over and over again becomes a pain – or worse, a deterrent to purchase, resulting in cart abandonment- that’s where the nate app comes in.

Nate combines the best of social media and shopping into one platform.

The well-funded, series A startup utilizes artificial intelligence (AI) to complete purchases seamlessly without all of the fluff a user discovers when checking out at various online retailers. Once a user inputs shipping and payment information into the app during sign-up, nate keeps the data on file for subsequent purchases, virtually eliminating the time-consuming check out process. If a user sees a product they like from an online merchant, they simply have to “share” the item to the nate app, and it will take care of the rest.

Unicorner’s startup analysis states, “In essence, nate is bringing the benefits of shopping on a centralized platform like Amazon to a decentralized shopping ecosystem.”

Brown leather wallet with tip of credit card sticking out next to a iPhone showing a shoe purchase on the Nate App.

With a nod to Pinterest and LikeToKnowIt, the platform allows for users to create visual product lists on a personal account that can be shared with followers. If a follower likes an item they see, they can purchase the item in-app in just a click or two.

In contrast to the big wigs of the social media world, the nate app hopes that users will purchase based on true inspiration and not a targeted algorithm suggesting what they should buy. Instead, the app runs its business model on a $1 fee for each transaction which covers the ability to issue virtual cards, protect online privacy, and apply available discounts.

The nate app simplifies gift giving as well. Users are able to select a gift item and enter the recipients phone number – if the recipient is a nate app user, it can be shipped directly – otherwise, they will receive a text asking them where to send their new gift! This makes it a perfect choice for the upcoming holidays (yes, 2021 is almost over…whew).

To stay up to date on everything nate, download it now on the App Store.

Continue Reading

Tech News

Facebook deletes developer over ironic browser extension invention

(TECHNOLOGY) Think a muted week for a nipple shadow is bad? Facebook just permabanned this inventor for…helping others to use the platform less.

Published

on

African American hand holding iphone on Facebook's login page.

It must be true that corporations are people because Facebook is pulling some seriously petulant moves.

In a stunt that goes beyond 24hr bans for harmless hyperbole, and chopping away at organic reach (still bitter from my stint in social media management), Facebook straight up permanently banned one of their users for the high crime of…aiming to get people to use the platform a little less.

Developer Louis Barclay came up with Unfollow Everything, an extension that basically instantly deleted your feed without having you unfriend anyone or unlike anything. Rather than have users manually go through and opt out of seeing posts, they’d now opt IN to keeping who they wanted front and center.

In his own words on Slate: “I still remember the feeling of unfollowing everything for the first time. It was near-miraculous. I had lost nothing, since I could still see my favorite friends and groups by going to them directly. But I had gained a staggering amount of control. I was no longer tempted to scroll down an infinite feed of content. The time I spent on Facebook decreased dramatically. Overnight, my Facebook addiction became manageable.”

Since more time spent on Facebook means more ads that you’re exposed to, means more you spend, the add-on started slowly making headway. I myself pretend to be a ranch owner to keep ads as irrelevant to me as possible (though my new addiction to hoof trimming videos is all too real), and Unfollow Everything probably would have been a great find for me if it hadn’t been killed by a cease and desist.

Law firm Perkins Coie, representing the internet giant, let Barclay know in their notice that Unfollow Everything violated the site’s rules on automated collection of user content, and was muscling in on Facebook trademarked IP.

They also added, in what I can only assume was a grade-school narc voice, that the add-on was “encouraging others to break Facebook’s rules.”

Barclay, not having the resources to fight a company with the finances of a small country, promptly ceased and desisted. Practical.

Officially speaking, Facebook might have actually have some ground to stand on vis-à-vis its Terms Of Service. The letter and legal team may have been warranted, not that we’ll ever truly know, since who’s taking Facebook to court? But then they followed up with a ‘neener neener’ deletion of Barclay’s 15 year old account – which was still very much in use.

Look, Facebook is the only way I connect with some of my friends. I don’t take enough pictures to make full use of Instagram, I fully hate Twitter, my Tumblr is inundated with R-rated fanfiction, and any other social media platform I’m happy to admit I’m too haggish and calcified to learn to use. So a complete WIPE of everything there with no notice would be pretty devastating to me. I can only imagine how Barclay felt.

And in light of the fact that the browser extension wasn’t hurting anyone, taking money, or spewing hateful rhetoric, there’s really only one thing to say about Facebook’s actions…they’re petty.

Sure, they may have the legal right to do what they did. It’s just that when you notice every fifth post is an unvetted advertisement, their high ground starts to sink a little. I mean nothing says ‘We’re being totally responsible with user information’ like the number of add ons and user tactics popping up to avoid seeing the unnecessary. This isn’t the first time we’ve seen Facebook put up a fight against losing ad traffic.

We all know all those stores with amazing deals aren’t actually going out of business, or even using their own photos right? Right?

Barclay added in his article, “Facebook’s behavior isn’t just anti-competitive; it’s anti-consumer. We are being locked into platforms by virtue of their undeniable usefulness, and then prevented from making legitimate choices over how we use them—not just through the squashing of tools like Unfollow Everything, but through the highly manipulative designs and features platforms adopt in the first place. The loser here is the user, and the cost is counted in billions of wasted hours spent on Facebook.”

Agreed, Mr. Barclay.

Now I’m off to refresh my feed. Again.

 

Graffiti wall with image of Facebook founder, Mark Zuckerberg, with the saying "You've been Zucked."

Continue Reading

Tech News

Glowbom: Create a website, using just your voice

(TECH NEWS) Talk about futuristic! This app allows you to create quizzes, surveys, an online store, and even a website in minutes–without typing.

Published

on

Colleagues looking at Glowbom website homepage

In the past, we’ve discussed things like simplified coding and no-code app creation. Now, a San Francisco startup has taken the process a step further with no-type app creation.

Glowbom is a voice app that allows you to dictate steps to an AI – from adding information all the way to exporting code–in order to create a simple app, survey, or game. While the built-in options for now are limited to four simple categories, the power of the app itself is impressive: By asking the Glowbom AI to complete tasks, one is able to dictate an entire (if small) program.

It’s an impressive idea, and an even more impressive product. Glowbom founder and CEO Jacob Ilin showcases the power of Glowbom in a short demonstration video, and while he only uses it to create a simple survey, the entire process–up to and including the exportation of the API–is accomplished via voice commands.

Furthermore, Glowbom appears to process natural inputs–such as phrases like “Let’s get started”–in the context of an actual command rather than the colloquial disconnect one tends to expect in AI. This means that users won’t need to read a 700-page manual on phrases and buzzwords to use before jumping on board–something the Glowbom user base was probably hoping to avoid anyway.

As of now, the options one can use Glowbom to create include a quiz, a survey, an online store, and a website. It seems reasonable to expect that, as support for the app grows, those categories will expand to comprise a larger library.

Glowbom certainly opens a few doors for people looking to take their businesses or ideas from an offline medium into the digital marketplace. As coding becomes less centralized in computer language and more contingent on processes such as this, we can expect to see more products from folks who may have missed the coding boat.

Perhaps more importantly, Glowbom and products like it make coding more accessible to a wider base of disabled users, thus taking a notable step toward evening the playing field for a marginalized demographic. It’s not true equality, but it’s a start.

This story was first published here in October 2020.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!