Connect with us

Tech News

Why the term “zero day” needs to be in your brand’s cybersecurity vocabulary

(TECH NEWS) What’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy. Better get to know the term “zero day.”

Published

on

Mobile trust and security

The other day I wandered into Best Buy at the mall. Nobody’s around and I’m alone with the sales guy. “Umm, what’s the most secure device you have here?” He takes a step back.

bar
Paraphrasing our brief conversation, Apple and Samsung make up 95% of his sales and he thinks Apple is safer. “Is Apple safer because they screen apps better?” Head nods.

“I heard Blackberry is working to secure Android for business users.” Sales guy had nothing to say about that.

Why do people trust Apple?

I wouldn’t take security advice from a Best Buy sales guy, but it does seem that people trust Apple more. Maybe because Apple stood up to the FBI in a very public way. Great marketing, Apple.

Most likely, Apple does care about the slippery slope of security, in terms of unlocking devices. (The same way Google cared about user data intercepted under the ocean.) But I don’t know Tim Cook personally. Even if I did, I wouldn’t feel more or less confident using Apple products because Tim’s not omniscient – he can’t see or control everything going on within Apple.

What’s different about Android?

I think people can generally trust me, but they can trust me exactly because they know they don’t have to.” –Linus Torvalds

What does that even mean? Well, Linus created the core “kernel” of the Android operating system, a customized version of Linux.

In other words, Linus Torvalds is the core genius inside every Samsung-Android smartphone at Best Buy.

Linux is “open source” which means anyone can look at the code and point out flaws. In that sense, I’d say Linus Torvalds doesn’t have to be as omniscient as Tim Cook. Linux source code isn’t hidden behind closed doors. My understanding is, all the Linux code is out there for anyone to see, naked for anyone to scrutinize, which is why certain countries feel safer using it–there’s no hidden agenda or secret “back door” lurking in the shadows. Does that mean Android phones are safer? That’s up for debate.

How security has changed

For a long time, Apple had the “security through obscurity” thing going for it. In simple terms, that means the bad guys go for low-hanging fruit first, the easy score. Is Apple hanging lower? Windows was the low-hanging fruit. But now that Apple is more popular, it has a bigger target on its back.

As we depend more and more on smartphones, and there’s more people, more money and more at risk, consequently there’s more incentive for hackers to penetrate deep into our devices.

If you read the book “Hackers” by Steven Levy, you know the original hackers were all about the “Hacker Ethic” which boils down to “Information wants to be free.” Sounds harmless enough. For whatever reason, the original hackers found secrets offensive, or they just saw “locked doors” as a technical challenge. Maybe they were idealists, but somewhere along the way, other interests crept in.

That leads us to the zero-day Apple exploit that has people concerned about their iPhones.

The origins of “zero day”

First, what does “zero day” even mean?

Back in the early 90s, a couple of my classmates were into downloading “0 day warez” which was nerd speak for “the latest video games released today.” Games had copy protection. So you couldn’t just buy a game and copy it for your friends, you had to buy your own copy. Hackers figured out how to break the copy protection and called themselves “crackers.” Crackers were competitive, in terms of who could crack a new game first.

For bragging rights, their goal was to crack a game within 24 hours, and that was the “zero day” game, as a full day had not gone by yet.

Fast-forward 20 years. Now you can watch the “Zero Day” movie on Netflix and the original meaning has morphed to mean “software that’s still secret.” Potentially harmful code could lurk undetected in your computer for years. But if your anti-virus scanner hasn’t detected anything suspicious yet, pop culture would consider that a “zero day exploit.” As far as the actual terminology used among hackers, who knows?

Should you be concerned? Almost by definition, most people aren’t targeted by zero-day exploits. Once an exploit is released into the wild and exposed, it’s no longer as useful to attackers, because then it can be studied and whatever hole it used (to penetrate your phone) can be “patched” to block future intrusions. Then again, older unpatched phones could remain vulnerable and ordinary people could be affected.

Patches for Apple vs. Android

In Apple’s case, they’re able to patch these holes within days. For Google, it might not be as fast, depending on the problem. It might take months to get a patch pushed out to everybody, or the fix might never come. For example, it sounds like Samsung is mostly concerned about security updates for its flagship phones.

Why the difference? My understanding is, Google can fix apps and push out patches at the “app level” as fast as Apple, if the problem is specific to a certain app. The main difference is that the Android market is larger and has more devices, and each Android phone manufacturer has a slightly different, tweaked version of the core Android operating system. Different Android manufacturers will push out updates on their own timeline.

Your best bet

If you want the latest (hopefully safest) operating system straight from Google as soon as possible, you’ll want an official Google phone, probably a “Nexus” branded device. According to something I read last night, I believe Android 7 directly addresses this shortcoming to some degree with a new auto-update feature. But for now, the Android ecosystem remains fragmented.

For the average person, what’s at risk? Identity theft, botnet spam, corporate espionage, and loss of privacy.

#ZeroDay

PJ Brunet is a writer, full stack developer, and abstract artist. His first computer was a Texas Instruments TI-99. As a teen, he interned at IBM in Boca where the first PC was born. Graduating with a BFA, he gave California and New York a shot, but fell in love with Texas in 2004, the same year he started blogging about technology.

Tech News

Amazon Ring exposed wifi passwords; let’s talk ethics

(TECH NEWS) Ring has a security slip up is part of an alarming tech trend! Can industry insiders turn things around before the government forces their hand?

Published

on

Ring doorbell

Knock knock!

Who’s there?

WiFi.

WiFi who?

Why Fi…ght external regulation, if you won’t implement higher standards on your end?

Amazon’s Ring smart doorbell/camera services left customers in the ding-dong ditch by letting hackers exploit a flaw that exposed homeowners’ WiFi passwords to neighborhood hackers up until September of this year. I thought putting a ring on things locked them down, but I guess that’s only for people…

Truth be told, I honestly didn’t think a wifi password in the wrong hands could do too much. I figured neighborhood freeloaders would drag my speed down playing some MMORPG on my network or get me slapped by pirating Disney stuff on my dime.

Apparently, what a serious hacker is MORE likely to do is use that connectivity to share a keystroke tracking program with my computer, then sell my passwords to whoever wants them.

Imagine someone in Cairo clogging up my precious Netflix queue with a bunch of romcoms. Eww.

In all seriousness, that’s a pretty big flaw in the Ring. It took Bucharest-based Bitdefender (a merry band of cybersecurity researchers) to point it out. Amazon’s tech ninjas jumped on it, and the issue’s been fixed for a couple of months as of time of writing. But all’s not quite well yet.

The burning questions on my mind are: Who was supposed to catch it first? And why weren’t people told before the fix?

If you’re in the tech industry, know this, and know it well: John Q Public is not your beta tester.

Releasing a product with something as small as a typo on the packaging is embarrassing enough, but when you leave yourself open to something like letting your customers be vulnerable to identity theft, your face gets considerably more eggy.

And, as usual, leaving doors like this opened doesn’t just make your company look bad, or let competitors get the edge on you.

Consistent lack of inner standards means you’re going to be up against outer standards you’ll like even less. Sure, you might think that govt. regulation is going the way of the dodo, but the tech industry and recently emancipated pork industry aren’t the same.

If you’ll pardon the generalization, the more someone leans towards less government oversight, it’s more likely that they’ll view technology as a necessary evil than anything. And that means tech industry slip ups will be the first to be monitored if internal quality control keeps deteriorating. People are getting wise to how much information their smart devices are tracking, and how vulnerable they can become when that information isn’t secured.

Amazon execs will be fine if things go to the courts. Your startup? Probably not as much.

Look, tech nerds have it going on. I really WANT to advocate for leaving you all alone and letting you do your thing, but the constant corner cutting on security testing makes that difficult. Leaving consumers in the dark until the fix is done, meaning no one even had the chance to take precautions like instituting password changes, is a huge no-no, and the fact that I even have to rant about it is alarming.

You know that cliche, ‘It’s not that you DID xyz, it’s that you LIED about it’? It goes for lying by omission as well. Consider this case the coal mine canary.

You are your own industry’s gatekeepers. Take the job seriously before the job gets taken. Seriously

Continue Reading

Tech News

Earbuds that are noise cancelling hit the market just in time for the holidays

(TECH NEWS) There are no shortage of earbuds on the market, however, Nuheara’s noise cancelling, bluetooth earbuds are sure to top everyone’s wish list.

Published

on

earbuds noise cancelling

Noise cancelling earbuds are efficient for blocking out the world around you – when all you want to hear is your music and nothing else. However, for those who want a smaller, sleeker alternative, Nuheara is the perfect fit.

Nuheara are wireless audio earbuds that are customizable to your hearing needs. Even though they have the same power as noise cancelling headphones, they can be adjusted to amplify or minimize sound based on each situation.

You can choose to blend the sounds of the streets and your new favorite album in order to be aware of the world around you. The earbuds are ideal for any situation.

The noise cancelling earbuds use SINC (Superior Intelligent Noise Control) technology, which lets every user create their custom hearing experience.

There are numerous times when it’s hard to hear because of the noise around us. This may be in crowded restaurants, concerts or even when you’re at home trying to avoid the noisy neighbor in the apartment above you.

The SINC technology applies a frequency filter to sounds you choose to hear or want to avoid. Additionally, the left and right earbuds have their own settings, so that they can be customized individually. Everything is customized through the app, so it’s up to each user to decide!

Prior to founding Nuheara, Justin Miller and David Cannington worked in the oil and gas companies creating industrial strength hearing headsets.

The feedback they received during these experiences paved the way for inventing Nuheara. People wanted a sleek headset that they could wear in everyday life, not just at their job.

The earbuds will set you back a few hundred bucks, but they come with accessories like a battery charger, carrying case and 8 different silicone tips. The battery charger provides three full charges. Nuheara earbuds are also sweat and water resistant, but they are not yet waterproof.

As wireless headphones, Nuheara are also compatible with most Bluetooth connected devices. The earbuds also use tap-touch control to make hands-free phone calls, control music and adjust settings.

There is no need to connect Nuheara to external devices to use their noise cancelling capabilities.

Continue Reading

Tech News

Turn your FAQ page into a chatbot without knowing how to code

(TECH NEWS) An easy way to add a chatbot to your site and automate some of your work is through this new simple tool that doesn’t require any tech know-how.

Published

on

faqbot chatbot

Reduce your workload and personalize customer service engagement with Faqbot, the tool that turns your online FAQ into a customized chatbot.

Co-founded by Denny Wong and CEO Mathis André, Faqbot uses machine learning to streamline frequently asked questions into a handy chatbot pal.

Based on your existing FAQ content, Faqbot builds a database that learns from every conversation to improve responses. Faqbot can also be used to automate sales and lead generation.

You get to design the conversation flow, mapping out a custom path to guide users to a desired outcome. Set predefined choices or free text, customize the bot’s responses, and determine what leading questions the bot should ask.

For example, on the Faqbot site, I was given two pre-set choices to click after each response from the bot. Clicking “Thanks for helping” gets the polite response “You are welcome! ;-)” complete with an old-school emoji featuring a nose.

If you select “not my question,” Faqbot uses its general response to any unanswerable question: “Sorry, I’m a chatbot. I am constantly learning and have answers to frequently asked questions. Thank you for leaving your email and we will get back to you shortly.”

Choose your own responses based on already defined FAQ or come up with new messaging to better engage and inform your customers as needed. The free text option is also available if customers wish to continue asking questions.

Of course, I had to try out some less than frequently asked questions. When I asked Faqbot “are we friends?” it kindly replied, “Absolutely. You don’t have to ask.” So I’m smitten.

However, when I tried to take it to the next level by asking “Do you love me?,” which seems to be the internet’s favorite way to harass a bot, I got the “Sorry, I’m a chatbot” response.

That’s okay. I’ll recover. Faqbot isn’t here to love, it’s here to answer questions.

You can easily install the chatbot by either copy/pasting the snippet of codes directly into your webpage, or connect Faqbot to your company’s Facebook page. No coding skills required.

Pricing is based on number of users per month, but all levels include the same service offerings of FAQ database management, messaging interface, a ticketing system, and DIY guided conversation flow. You can try out Faqbot free for 14 days by signing up on their site.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!