Imagine the cybersecurity implications of a world in which hundreds of millions of people have a physical impairment and the corrective devices they use leave them internet-connected.
Thanks to the “internet of things,” that scenario is fast becoming reality in the form of internet-connected hearing aids. But like so many aspects of the internet of things, such devices carry upsides as well as big, potential data breach downsides, according to Phil Reitinger, the chief executive of the Global Cyber Alliance. He was formerly the Department of Homeland Security’s top cybersecurity official as well as CISO for Sony.
In an opening keynote presentation Aug. 2 at the Information Security Media Group’s Fraud & Breach Prevention Summit New York, Reitinger noted that unlike some internet of things devices – toasters come to mind – internet-connected hearing aids, which are still in their infancy, offer a lot of promise for improving users’ quality of life. When a user is watching a television show, for example, their hearing aids could identify the audio and instead of simply amplifying it they could begin downloading a live audio stream of the broadcast.
But what happens when internet-enabled hearing aids enter the workplace or any WiFi enabled environment for that matter? As with smartphones, the WiFi enabled hearing aids would be a natural target for attackers, because they could be exploited and used to facilitate remote surveillance, allowing hackers to “hear” whatever the wearer hears. And that would create risks for any such device wearer who works for an organization with access to classified or sensitive information. Without appropriate safeguards being put in place, we risk a future in which attackers could perpetrate targeted breaches with little risk of their attacks being spotted or traced.
In that sort of a future, “things like the DNC [Democratic National Committee] hack, are small potatoes … because a huge number of people are walking listening devices,” Reitinger said. “Everything is connected, everything is tied together.”
Security Essential: Think Big Our everyday lives will only continue to become more connected, with more data generated; that’s our inevitable internet of things future. But from a security standpoint, it’s possible to avoid some doomsday-style scenarios, provided we make some related moves, chief among them building networks that are as big as possible.
“Right now, I think the bad guys have almost all of the advantages,” Reitinger said. “But … it’s much tougher on the good guys than the bad guys. The bad guys operate at scale much better than the good guys.”
Citing a concern that Pokemon Go players are wandering into private property and near electrical equipment, power and utility companies in Florida have asked cybersecurity company LookingGlass to pull Pokemon off the map.
“We’re now in the business of killing Pokemon,” LookingGlass CEO Chris Coleman told CNNMoney.
He said clients have asked LookingGlass to help eliminate the game’s code to get rid of the little creatures in restricted areas. Clients have pinpointed eight locations, and Coleman’s team sends those coordinates to Niantic Labs, the maker of the game, asking that the critters be removed.
Police departments around the country have issued warnings to Pokemon players to stop trespassing on property belonging to businesses, the government or religious institutions. But no one until now has figured out how to rid their property of Pokemon.
The wildly popular smartphone game instructs players to explore their surroundings to collect Pokemon, then it projects digital images of the cute creatures into the real world.
It’s a wholesome, kid-friendly video game. But the merging of digital and physical realms has also caused awkward entanglements.
One teen in Wyoming stumbled upon a dead body in a river while playing the game. Two men fell of a cliff while trying to catch Pokemon with their eyes glued to their screens. Another player crashed into a police car, because he was playing while driving.
These types of accidents aren’t stopping people from playing the game, which has already broken records for its popularity.
Coleman said his cybersecurity company is in a unique position to help eliminate Pokemon(s), because he’s friends with a member of Niantic’s board of directors: Gilman Louie.
Louie is known in cybersecurity circles, because he was the first CEO of In-Q-Tel, the CIA’s venture capital firm that the intelligence agency uses to invest in state-of-the-art technology.
The next challenge for this popular application may come from a new product soon to be available to the masses called Pokédrone. Tech brand TRNDlabs has customized its miniature drone so Pokemon Go video game players can access Pokemon in difficult places and avoid walking into hazards.
The company’s rationale for this product is that sometimes the critters appear in hard-to-reach places, like in the middle of busy roads or hovering above bodies of water – making it difficult or impossible for avid fans to catch them.
Apparently there are disappointed fans all over the world because sometimes a Pokémon occurs on your screen but in reality there is no way for human beings to catch it. According to TRND Labs, the Pokédrone is the solution that delivers the power of catching them all!
Japan’s Funai Electric, which claims to be the world’s last VCR manufacturer, says it will cease production of the machines later this month.
VCRs for home use were first introduced in the 1960s, gaining traction after Sony brought lower-priced models to market. Other Japanese manufacturers, including Panasonic, RCA, JVC and Toshiba, were also instrumental in developing the VCR.
These electromechanical devices were used to record, store, and play back television programs using a magnetic tape cassette as well as provide pre-recorded movies of the day.
Somewhat late to the party, Funai started manufacturing video-cassette recorders in 1983, and at one point was selling 15 million units a year. Unfortunately, the clunky VCR has since been replaced by an array of new technologies: DVDs, Blu-ray, and now, streaming video services.
As consumers moved forward to smaller, faster and more convenient methods of satisfying their video needs, Blockbuster and other like them fell along the wayside – not able to embrace the changes in video delivery technology.
Last year, Funai sold 750,000 units, and found it was getting harder to find the parts to make VCRs. A Funai spokesperson said that customers have been calling the company and asking where they can find the last few products.
With a landmark decision in 1984, the U.S. Supreme Court ruled that home use of VCRs to record television didn’t constitute a violation of copyright law, paving the way for an explosion of the technology in American homes.
For a period of time, a battle raged between Sony’s Betamax and JVC’s VHS — both VCR tape formats of that time — but VHS eventually won out.
So now the end has finally come. I remember when VCR tapes were used as “high-end” data backup systems for the business computers of that time. I can’t tell you how happy I am that those times are in the past.
We’ve been talking about the slow adoption rate of Windows 10 for many months now. Microsoft’s Windows 10 upgrade policy and its increasing attempts to push users to install the upgrade – in some cases, trying to trick users into upgrading by changing the positions and the wording on some pop-up windows. Now it seems that at least one customer took the fight to court and won a small judgment against the company for how it deployed its latest operating system.
The Seattle Times reports that Teri Goldstein, of Sausalito, California, sued Microsoft after a failed Windows 10 upgrade left her system performing poorly, prone to crashing, and reportedly unusable for multiple days. Given the general issues associated with performing in-place upgrades, even successful ones, it’s not surprising that some users would run into problems. Goldstein reached out to Microsoft customer service to attempt to resolve her issues, but filed suit against the company once it failed to resolve her problems. Her $10,000 figure reflected estimated lost compensation as well as the cost of a new computer system.
Microsoft had appealed the initial judgment but dropped that appeal last month. A spokesperson for the company told the Seattle Times that it denied any wrongdoing and had dropped the appeal to avoid the additional expense of further litigation.
One $10,000 judgment against Microsoft isn’t going to make a blip in the company’s financial earnings or its overall Windows 10 trajectory. But it caps a year of self-inflicted damage regarding Windows 10 and Microsoft’s free upgrade. The repeated changes to Windows 10’s upgrade policy, mandatory data collection, and decisions to kill off patch notes and make all updates mandatory have collectively left a bad taste in many users’ mouths. None of these are fundamental reasons to stop using Windows 10, but they speak to the company’s profound trouble communicating what really should to be a winning strategy. The Windows 10 giveaway was a great concept, and the entire process could’ve been handled in a way that made people want to switch. Instead, Microsoft has been dragging people into upgrading in much the same way you might grab a cat and drag it off for a bath.
With just over a month to go until it officially stops offering free upgrades to Windows 10, Microsoft has yet to budge from its stance that once the one-year mark is done, the company will no longer offer a free upgrade to consumers. Currently, Windows 10 Home is $119, while Windows 10 Pro is $199. Prices are identical between the downloadable and USB versions of the operating system.
Microsoft hasn’t specified how it will price upgrades after the free offer has expired. In the past, upgrade-only versions of the OS typically sold for $50-$70 less than full versions, though this has varied depending on the OS in question. As for whether Microsoft’s recent actions have damaged the company’s long-term relationship with customers, it’s still too soon to tell. Some users claim to have sworn off all Microsoft products or to have disabled Windows Update altogether to avoid the Windows 10 upgrade. I’m sure that such actions don’t reflect average user behavior (and I certainly don’t recommend turning off all OS updates to avoid the inevitable Windows 10 upgrade).
The bigger issue for Microsoft isn’t necessarily the loss of Windows users, but its failure to establish consumers trust and a cooperative relationship at a time when the company is still trying to make major changes to its software distribution model. Microsoft needs enthusiastic buy-in for its various plans from both developers and customers. Unfortunately, that has not yet been the case for Windows 10.
Just when you think they couldn’t sink any lower, internet based criminals are now exploiting the tragedy in Orlando. Unfortunately, once again we need to warn people about these lowlifes just like we’ve done when earlier, similar incidents like this happened.
Phishers are now sending a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Additional attack vectors are messages that promise exclusive or inside information or — even worse– smartphone videos shot at the scene. Unfortunately, this type of scam is the worst kind of phish-bait we’ve seen lately.
These criminals are now sending out phishing campaigns that try to trick you into clicking on a variety of links about blood drives, charitable donations, “inside” information or “exclusive” videos. Don’t let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for!
With anything you receive about the Orlando shootings, be very, very suspicious – think three times before you click. It’s very possible that it is a scam, even though it might look legitimate or was forwarded to you by a friend — be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may have been hacked.
If you want to donate to help those affected by this tragedy, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, taking these precautions is just as important at home as in the office, and don’t forget to warn your family members. It’s unfortunate that we continue to have to warn against the bad guys on the internet that try to leverage these tragedies for their own benefit.
Below are just a few of the email subject lines you should be extremely cautious about when opening:
- A friend has asked you to donate blood – find your nearest blood drive/blood center.
- Donations for Families of Orlando Shooting Victims.
- New ISIS Video Celebrating Orlando Attacks Turns Up On Dark Web – CNN headline
In a stunning move, Microsoft on Monday announced its plan to buy professional social network LinkedIn for $26.2 billion in cash and debt, which, if successful, would make it Microsoft’s highest-valued acquisition in its 41-year history.
The deal has already been approved by the boards of directors of both companies and is expected to close by year’s end. Microsoft said LinkedIn will remain independent, with LinkedIn’s Jeff Weiner remaining as its CEO.
Besides Microsoft’s failed bid to acquire Yahoo for $44.6 billion back in 2008, the LinkedIn buy is three times the value of Microsoft’s acquisition of Skype in 2011, which had been Microsoft’s largest deal until now.
By acquiring LinkedIn for a 50 percent premium over its closing price on Friday, Microsoft CEO Satya Nadella is making his biggest move yet to grow his company’s business. Despite Microsoft making huge strides in reshaping itself for the post-PC era, investors and analysts have shown impatience with its pace of growth.
Microsoft’s decision to acquire LinkedIn also demonstrates that the company is looking to play in a market it has largely avoided so far. While Microsoft acquired social networking technology with Yammer and invested $240 million in Facebook in 2007, this deal marks the first time Microsoft will try to run a huge social network in a market dominated by Facebook and Twitter. LinkedIn boasts a roster of 433 million registered users, of which 105 million unique visitors access their accounts at least once a month.
The deal raises questions about what benefits adding a huge public social network will bring to Microsoft’s existing portfolio. In a 90-second video created by Microsoft, Nadella and Weiner gave brief statements on the rationale for the deal. Nadella said he has long contemplated acquiring LinkedIn, believing it fits in with Microsoft’s overall productivity-and-platforms focus.
“For sure, I am a deep believer in productivity tools and communication tools because that’s what empowers people to be able to be great at their job,” Nadella said in the video. “But think about taking that, and connecting it with the professional network and really having the entirety of what is your professional life be enhanced, more empowered, where you’re acquiring new skills and being more successful in your current job and finding a greater, bigger next job. That’s that vision. ”
Keeping an acquired company like LinkedIn independent is not unusual for Microsoft, at least at the outset of such deals. When Microsoft acquired Yammer, Skype and Nokia’s handset business — three of its largest acquisitions — similar structures were established initially, only for the companies to eventually become more integrated into the Microsoft corporate structure. That has had mixed results. Most of the core Yammer team is now gone and Microsoft has pared back most of the Nokia handset operations. Skype has been more successful so far and is evolving into a key component of Office 365.
Microsoft also appears to be betting that leveraging a large and established community of professional users will enable new opportunities. LinkedIn has had more than 45 billion quarterly member page views, which has grown 34 percent year over year. LinkedIn also hosts 7 million job listings, which has grown 101 percent over the past year, while 60 percent of its users access the service from mobile devices.
Initial reaction to the deal has been mostly surprise, with many speculating over the possibilities of Microsoft/LinkedIn offerings such as Office 365, SharePoint, Dynamics and Azure in some way. One key task for the “New” LinkedIn will be to find ways to engage with the many users who find the service has become a platform full of clutter and unwanted connection requests.
Microsoft’s World Domination Roadmap continues …….
If the founders of a new face recognition app get their way, anonymity in public could soon be a thing of the past. FindFace, launched two months ago and currently taking Russia by storm, allows users to photograph people in a crowd and figure out their identities, with 70% reliability.
It works by comparing photographs to profile pictures and in the future, the designers imagine a world where people walking past you on the street could find your social network profile by sneaking a photograph of you, and shops, advertisers and the police could pick your face out of crowds and track you down via social networks.
In the short time since the launch, Findface has amassed 500,000 users and processed nearly 3m searches, according to its founders.
Unlike other facial recognition technology, their algorithm allows quick searches in big data sets. Three million searches in a database of nearly 1billion photographs: that’s hundreds of trillions of comparisons. With this algorithm, you can search through a billion photographs in less than a second from a standard desktop computer. The app will give you the most likely match to the face that is uploaded, as well as 10 people it thinks look similar.
The technology can work with any photographic database, though it currently cannot use Facebook, because even the public photographs are stored in a way that is harder to access. I’m sure it’s just a matter of time before this challenge is resolved. We might even see Facebook leading the charge if they see a way to monetize this technology.
Some security analysts have sounded the alarm about the potentially disturbing implications. The app has already been used by a St Petersburg photographer to snap and identify people on the city’s metro line.
But the FindFace app is really just a shop window for the technology, the founders said. There is a paid function for those who want to make more than 30 searches a month, but this is more to regulate the servers from overload rather than to make money. They believe the real money-maker from their face-recognition technology will come from law enforcement and retail.
The pair claims they have been contacted by police departments in other regions, who told them they started loading suspect or witness photographs into FindFace and came up with results. “It’s nuts: there were cases that had seen no movement for years, and now they are being solved,” said Kabakov.
The startup is in the final stages of signing a contract with Moscow city government to work with the city’s network of 150,000 CCTV cameras. If a crime is committed, the mugshots of anyone in the area can be fed into the system and matched with photographs of wanted lists, court records, and even social networks.
It does not take a wild imagination to come up with sinister applications in this field; for example being able to tag and identify participants in street protests, sporting events or any large group or gathering in places where CCTV cameras are installed.
The pair also has big plans for the retail sector. Kabakov imagines a world where cameras identify you looking at, say, a stereo in a shop, the retailer finds your identity, and then targets you with marketing for stereos in the subsequent days.
Again, it all sounds more than a little disturbing. In today’s world we are constantly surrounded by gadgets. Our cell phones, iPads, tablets, televisions, fridges, everything around us is sending real-time information about us to the internet. We already have large data files on people’s movements, their interests and so on, cataloged on massive internet servers around the world – next they’ll be matching our interests to our photographs and perhaps when a camera picks us up on the street – everyone will know exactly where we are. Now we can really kiss our privacy goodbye. From the Washington Post: https://www.washingtonpost.com/news/morning-mix/wp/2016/05/18/russias-new-findface-app-identifies-strangers-in-a-crowd-with-70-percent-accuracy/
Adobe’s Flash Player will be switched off by default at the end of this year, meaning Chrome users will need to actively turn it on for all but a handful of top websites.
The slow and steady slide to a world without Flash continues, with Google revealing plans to phase out support for Adobe’s Flash Player in its Chrome Web browser for all but a handful of websites. And the company expects the changes to roll out by the fourth quarter of 2016.
While it says Flash might have “historically” been a good way to present rich media online, Google is now much more partial to HTML5, thanks to faster load times and lower power use.
As a result, Flash will still come bundled with Chrome, but “its presence will not be advertised by default.” Where the Flash Player is the only option for viewing content on a site, users will need to actively switch it on for individual sites. Enterprise Chrome users will also have the option of switching Flash off altogether.
Google will maintain support in the short-term for the top 10 domains using the player, including YouTube, Facebook, Yahoo, Twitch and Amazon. But this “whitelist” is set to be periodically reviewed, with sites removed if they no longer warrant an exception, and the exemption list will expire after a year.
A spokesperson for Adobe said it was working with Google in its goal of “an industry-wide transition to Open Web standards,” including the adoption of HTML5.
Given that Flash continues to be used in areas such as education, web gaming and premium video, the responsible thing for Adobe to do is to continue to support Flash with updates and fixes, as we help the industry transition,” Adobe said in an emailed statement. “Looking ahead, we encourage content creators to build with new web standards.”
Many other tech firms, including Apple, Microsoft and Mozilla, have taken steps to stop Flash running. In 2015, Facebook’s security chief Alex Stamos called for it to be killed off once and for all. However, it still lives on because many sites still make heavy use of it and many games employ it in ways that are hard to replicate with other web technologies.
Security hole. Shortly before Google announced its plans, security firm Fire-eye revealed the latest reported vulnerability in Flash was being actively exploited by cyberthieves. The malicious campaign began only days after the bug was first discovered.
In a blogpost, a Fire-eye researcher said attack code was being included in Flash files embedded in Microsoft Office documents. Adobe has published patches that stop Flash being used as an attack route via this flaw.
Writing on the Sophos security blog, Paul Ducklin said this was the third time in three months that Adobe had needed to produce patches for vulnerabilities that, if exploited, would let attackers compromise a victim’s computer.
Many security firms now recommend that people uninstall Flash player to avoid falling victim to malicious attachments or booby-trapped webpages. A lot of web firms have now stopped using Flash in a bid to thwart attackers.
Interesting thought…. FREE Wi-Fi from Facebook? There are over a BILLION people with Facebook accounts and Facebook wants to interact with all of them.
Would you check in on Facebook in exchange for free Wi-Fi at a hotel, restaurant, retailer or your Doctor’s office? That’s the pitch Facebook has cooked up to hook its social network into companies big and small.
Here’s potentially the next big security / privacy intrusion. Facebook wants businesses to provide FREE Wi-Fi to their customers as long as the customer checks in using their Facebook credentials.
When customers check in to use a business Wi-Fi, their friends can discover the business by seeing the check in on their news feed. After checking in, people will be asked if they also want to like the business page so you can continue to connect with them on Facebook
For Facebook, the Wi-Fi-with-check-in initiative is part of a broader plan to attack the local market by encouraging merchants to set up and maintain Pages on the social network. Participating merchants will get additional distribution with each check-in, receiving exposure that could help bring in more customers or inspire more “likes.” They’ll also benefit from aggregate, anonymous demographic data such as age, gender, and interests on customers who sign-in to Facebook Wi-Fi, and can then use that data for targeting purposes in whatever Facebook advertising campaigns they run.
In essence, Facebook, which is not profiting directly from any revenue share through the partnership, hopes to attract more merchants that go on to buy ads. The idea is also to become a formidable player in local search, an area where everyone from Google and Yahoo to Yelp and Foursquare are competing for attention and advertising dollars.
This would appear to be a good thing for business owners but what does the consumer get out of it? Not much beyond the Wi-Fi access except perhaps that it’s a real time report of where a person is at any moment in time.
A friend of ours recently “checked in via Facebook” to use the FREE Wi-Fi at a car dealer and didn’t realize how that information would be used. All of a sudden, he got a text message from another friend asking – “hey… are you looking for a new car?”
Let’s take this a bit further – how about your doctor or dentist office offering the same Facebook Wi-Fi access. (remember Facebook is trying to get EVERY business signed up for this) Now everyone you know on Facebook and their “friends” will know exactly where you are for the next hour or so. Does that thought scare you just a little? It’s like checking into a restaurant while traveling in another state – announcing to the Facebook world that you’re not home – so maybe it’s a good time to come by your house and rattle a door or window.
Whatever the reasoning behind Facebook Wi-Fi, there’s no question that millions of people will find the prospect of free Wi-Fi too good to pass up, which raises a number of privacy issues. What does it mean when you link your Facebook account to your browsing history, especially when merchant and social network would seemingly benefit from knowing more about you?
Social media is getting more intrusive each and every day. It’s up to you and me to protect our privacy and physical location when were out and about on our daily rounds. If a local business offers you FREE Wi-Fi just for logging in with your Facebook account – think twice about it. If you really need Wi-Fi access while you’re sitting in a waiting room somewhere, ask them for their guest access code
RING Video doorbell. An internet-connected doorbell isn’t a new idea. The Doorbot of a few years ago was clunky and ugly, but the concept was good: someone rings your doorbell, your smartphone beeps and buzzes, and with a tap, you can initiate a videochat with the visitor. It doesn’t matter if you’re in the kitchen, at the office, or on vacation in the mountains. You can talk to them and see them. They can hear you, but they can’t see you. If it’s a delivery, you can give the guy permission to leave a package and instructions on where to stash it.
The Ring Video Doorbell offers a more refined and comprehensive approach. It adds motion sensing, so it can alert you via your phone when somebody walks through your yard or onto your porch. It also records video and audio of each event (a ringing of the bell or a motion detection) and stores it in the cloud for later review.
The Ring unit costs $199, and you can easily install it yourself. Below the 180 degree camera eye is a circular button surrounded by an LED ring. At the bottom is a speaker allowing you to chat with your friendly FedEx or UPS driver. The companion app is a free downlaod, as is the user account that lets you access the Ring’s features. The cloud storage runs $3 per month or $30 per year.
The Ring Video Doorbell doesn’t offer a live video feed or the ability to constantly record footage, but Ring does say it will allow remote camera access at some point in the future, so you can take a peek out your doorbell even when nothing triggers the camera.
Knock, Knock, Who’s There?
All the tools necessary for installation are included—even caulk and a miniature level. Before you mount the Ring, you charge it using USB (you’ll probably have to take it down and recharge it once per year) and connect it to your Wi-Fi network, which happens through the smartphone app. (Ring is set to release their next generation doorbell that would in place of your current wired bell.)
When someone presses the button on Ring, your smartphone begins to, well, ring. The same goes for the unit itself—it rings to let the person at your door know something is happening. Opening the notification brings up a live video feed, where you can Reject or Accept the invitation to interact.
Bodies in Motion
Using motion sensors built into the camera, Ring can alert you when someone is at your door before they even press the doorbell. This is especially useful when the UPS or FedEx driver leaves a package and refuses to ring your doorbell. Also, before the button is even pressed, Ring detects motion at your door and begins recording video. This makes it possible to view what happened at your door before the bell was pressed. This video recording feature can provide you with the peace of mind in knowing any activity at your door is being recorded – well worth the minimal monthly fee. Not to mention, you can download any of the videos to your mobile device for easy sharing with family members, or in the hopefully unlikely case where it’s necessary, the authorities.
Video of how the Ring Video Doorbell works: https://www.youtube.com/watch?v=f9TRo7JDxFg
Check out their product line: https://ring.com/products