Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet. Show all posts
Technology
Apple Internet Internet Complexity Tech Outage Technology

Tech Outages: Exposing the Web’s Fragile Threads

Tech Outages: Exposing the Web’s Fragile Threads

Today, technology outages have become more than mere inconveniences—they’re disruptions that ripple across industries, affecting businesses, individuals, and even our daily routines. Over 1.75 million user-reported issues flooded in from across the globe.  From WhatsApp to Greggs (the UK’s popular sausage roll maker), and even tech giants like Apple and Meta, all have recently faced service disruptions due to IT outages. Let’s explore the reasons behind this trend.

Downdetector

This platform monitors web outages and provides insights into the extent of problems faced by companies. On April 3, 2024, more than 1.75 million user-reported issues were flagged worldwide for WhatsApp, with tens of thousands also reported for the App Store and Apple TV. Neither firm responded to inquiries about the cause of their outages.

Internet Complexity

The internet, like software, comprises multiple layers. Regulatory changes, consumer demands for seamless data access, and the integration of new features (such as AI chatbots) add layers and complexity. Unfortunately, more layers mean a higher risk of things going wrong. Companies are pushing for innovation, but it comes with the potential of breaking existing systems.

Moving Parts and Cloud Services

Various factors can cause internet services to fail, including typos in code, hardware faults, power outages, and cyberattacks. Severe weather conditions can also impact data centers housing powerful servers. Additionally, many companies have shifted from managing their infrastructure in-house to using cloud services. While this enables faster development, a single outage at the cloud service provider can affect multiple platforms and technologies.

Tech Giants

Glitches in services provided by major cloud providers like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud have previously led to downtime for thousands of customers.

The internet's complexity, rapid innovation, and reliance on cloud services contribute to the increased occurrence of tech outages. As companies strive for progress, maintaining stability remains a challenge.

The Quest for Progress

We crave seamless experiences. We want our apps to load instantly, our streaming services to buffer flawlessly, and our online orders to arrive yesterday. But progress is a hungry beast. It devours stability, chews on reliability, and spits out error messages. The quest for innovation pushes boundaries, but it also tests the limits of our digital infrastructure.

Read more »
Internet
AI bots bad bots Bot Traffic Bots Cyber Security Imperva Imperva Threat Research Internet

The Rise of Bots: Imperva's Report Reveals Rising Trends in Internet Traffic

 

In the intricate tapestry of the digital realm, where human interactions intertwine with automated processes, the rise of bots has become an undeniable phenomenon reshaping the landscape of internet traffic. Recent findings from cybersecurity leader Imperva unveil the multifaceted nature of this phenomenon, shedding light on the complex interplay between legitimate and malicious bot activities.
 
At the heart of Imperva's report lies a staggering statistic: 49.6% of global internet traffic originates from bots, marking the highest recorded level since the company commenced its analysis in 2013. This exponential surge in bot-driven activity underscores the growing reliance on automated systems to execute tasks traditionally performed by humans. From web scraping to automated interactions, bots play a pivotal role in shaping the digital ecosystem. 

However, not all bots operate with benign intentions. Imperva's study reveals a troubling trend: the proliferation of "bad bots." These nefarious entities, comprising 32% of all internet traffic in 2023, pose significant cybersecurity threats. Nanhi Singh, leading application security at Imperva, emphasizes the pervasive nature of these malicious actors, labeling them as one of the most pressing challenges facing industries worldwide. 

Bad bots, armed with sophisticated tactics, infiltrate networks with the aim of extracting sensitive information, perpetrating fraud, and spreading misinformation. From account takeovers to data breaches, the repercussions of bot-driven attacks are far-reaching and detrimental. Alarmingly, the report highlights a 10% increase in account takeovers in 2023, underscoring the urgency for proactive security measures. 

Geographical analysis further elucidates the global landscape of bot activity. Countries such as Ireland, Germany, and Mexico witness disproportionate levels of malicious bot traffic, posing significant challenges for cybersecurity professionals. Against this backdrop, organizations must adopt a proactive stance, implementing robust bot management strategies to safeguard against evolving threats. While the rise of bots presents formidable challenges, it also heralds opportunities for innovation and efficiency. 

Legitimate bots, such as AI-powered assistants like ChatGPT, enhance productivity and streamline processes. By leveraging generative AI, businesses can harness the power of automation to drive growth and innovation. Imperva's report serves as a clarion call for stakeholders across industries to recognize the complexities of internet traffic and adapt accordingly. 

As bot-driven activities continue to proliferate, a holistic approach to cybersecurity is imperative. From advanced threat detection to stringent access controls, organizations must fortify their defenses to mitigate risks and safeguard against evolving threats. 

Imperva's comprehensive analysis sheds light on the multifaceted nature of internet traffic dominated by bots. By understanding the nuances of bot behavior and implementing proactive security measures, businesses can navigate the digital landscape with confidence, ensuring resilience in the face of emerging cyber threats.
Read more »
Vulnerabilities and Exploits
Aiohttp Cyble Internet Ransomware Vulnerabilities and Exploits

Critical Bug in aiohttp: Ransomware Attackers On A Roll

Critical Bug in aiohttp: Ransomware Attackers On A Roll

In the rapidly changing world of cybersecurity, cyber threats have been a nuisance and Ransomware is a constant menace. In a recent incident, cybersecurity firm Cyble found a serious vulnerability that threat actors are exploiting to get unauthenticated remote access to sensitive data from server files. Let's take a look into the concerning issue.

The Aiohttp Library Vulnerability

At the core of this story lies the Aiohttp Python library, a famous web synchronous framework that makes web apps and APIs. Sadly, a bug in the library has allowed hackers to break in. 

How does the vulnerability work?

The vulnerability, known as CVE-2024-23334 is a "directory traversal vulnerability." In other words, it lets unauthorized remote actors obtain files from a server they aren't ethically allowed to. 

This is how the vulnerability works:

1. Not enough Proper Validation: When setting routes for server files, Aiohttp is unable to execute proper validation. Particularly, the problem hits when the follow_symlinks option is set to true. 

2. Accessing files outside the Root Directory: Attackers exploit this flaw to traverse directories and steal files beyond the specified root directory. In simple terms, the attackers can steal sensitive information like databases, configuration files, and other important data. 

The flaw rates 7.5 on the CVSS scale. 

The Damage

The impact of the flaw is concerning:

1. Ransomware Attacks: Ransomware as a service (RaaS) attacks are monetizing on this flaw. Threat actors gain account critical files, encrypt them, and demand heavy randoms for decryption keys. 

2. Global Penetration: Cyble has found around 43,000 web-exposed Aiohttp incidents across the world. A lot of these servers are situated in the USA, Spain, Germany, and different Asian regions. 

3. Data Exposure: Companies using Aiohttp may cluelessly expose sensitive files on the internet. Threat actors can misuse this loophole and steal important data, disrupting user privacy and business operations. 

How to control it?

Follow these steps to protect your systems

1. Security Audits: Perform routine security audits of your web apps. Keep an eye out for incidents of Aiohttp and cross-check that they are using patched versions.

2. Access Controls: Have strict access controls. Restrict the Aiohttp accessible directories to avoid unauthorized traversal. 

3. Update Aiohttp: The Aiohttp development team immediately addressed the problem by releasing version 3.9.2. Make sure to update your Aiohttp installations as soon as possible. 

The ShadowSyndicate Links

Surprisingly, one of the IP addresses related to the hackers was earlier associated with the infamous ShadowSyndicate group. The group has a notorious history of foul play in ransomware attacks. This makes the exploitation of the Aiohttp flaw even more problematic. 

What can we learn?

The digital landscape is evolving, but so do cyber threats. The Aiohttp flaw is a sign that caution and routine updates are a must. We should stay informed, patch our systems timely, and strengthen defenses against ransomware attacks. 

Prevention is better than cure, a vigilant approach today will protect us from tomorrow's data hostility. 

Read more »
Technology
Cyber Threats Risk Cyberattacks CyberCrime Device Security Hackers Hacking Rises Internet IoT Operatinoal Technology Technology

Unveiling the Underbelly of IoT: An In-Depth Analysis of Hacking Risks

 


In terms of versatility, the Internet of Things (IoT) is a technology that is easily one of the most versatile technologies in the world today. In the era of the internet, the network connection capacity is increasing and the number and diversity of connected devices are enabling the IoT to be scaled and adapted to meet the changing needs of the user. Among the industries the Internet of Things (IoT) has revolutionized are several sectors such as food production, manufacturing, finance, healthcare, and energy. 

Furthermore, it has led to the development of smart buildings, homes, and even cities at the same time. Generally, IoT attacks are malicious attempts to exploit vulnerabilities in devices connected to the internet, for example, smart homes, industrial control systems, and medical devices. There is a possibility that hackers may gain control of the device, steal sensitive information from it, or use the device as part of a botnet to accomplish other malicious acts. 

The term "IoT hacking" is frequently used by researchers to describe the process of removing gadgets, examining their software, and learning how they work. However, there are more challenges involved with IoT hacking than just technical ones. Cyber threats are evolving to reveal a world of virtual battles that go on behind the scenes. Hackers are increasingly targeting IoT (Internet of Things) and OT (Operational Technology) systems, which are extremely important for the future. 

In addition to tech gadgets, they are also the foundation for many services that keep us running in our society and economy. Hackers are not just messing with machines when they target these systems, they are threatening the very services that nations rely on every day. IoT devices can introduce several new and preventable attack vectors when not properly secured. Researchers who work in cybersecurity keep showing that critical systems are being attacked more frequently than they realize.

The risks are not that complicated to identify and understand, for example, operating systems that are not patched or insecure passwords that make it easy for brute force attackers to find them. A security team must take into account both simple and complex risk factors specific to the world of IoT to manage the operational reliance on these devices in virtually every industry. There are a few security risks and attacks associated with IoT that people should be aware of. 

Botnets 

Since IoT devices have no built-in security mechanisms, they are particularly vulnerable to malware attacks compared to more advanced machines and computers that have these security mechanisms. In general, they are machines that are primarily focused on functionality, which means they usually do not provide the same level of storage space or processing power that computers offer. In light of this, attackers tend to view IoT devices as a low-hanging fruit attack vector that they can easily attack. 

IoT devices should be secured properly to protect them from botnets, and to prevent them from getting into the wrong hands. Companies must keep a plan in place to detect and respond to DDoS attacks, as well as to change default passwords, keep firmware up to date, and limit access to the device. 

Ransomware 

While IoT devices do not typically store valuable data locally, that doesn’t mean they are immune to ransomware attacks. Instead of threatening an organization with a ransom payment, ransomware attacks on IoT devices usually disable their core functionality instead of stealing information. Possibly the best way to accomplish that is to shut down the operation of an industrial device, without which fundamental business operations would not be possible, or to stop the recording of the feed being monitored by a camera or microphone. 

Several security flaws in IoT devices can affect companies. One of the researchers' keen-eyed researchers discovered that a big security hole existed in a popular broadcasting device that sent audio over the internet. It's important to note that the researchers did the right thing, and notified the device manufacturer that the problem was caused by an OS Command Injection, which is a serious issue because hackers can take control of a device by doing so. This was done by researchers who did the right thing since it was an OS Command Injection. 

There was a problem with the software on the device, and they were trying to fix it by updating it so that someone from the outside would not be able to exploit it anymore. Companies often take quick measures to fix security gaps when they find out about them. The problems these companies have faced are similar to putting band-aids on a wound without actually treating it. 

Many people have witnessed how a company patched a device so that it looked safe from the outside, but the same problems were still there once people got inside. In some cases, fixes do not solve the problem. They just hide it and do not take care of it. As a result, it is as if one locks the front door and leaves the back door wide open at the same time. 

In today's digital world, ensuring the safety of the IoT world cannot be done by one individual. For this to work, it needs to be a team effort between the manufacturers, security experts, and even the government itself. The biggest priorities should be setting strict security rules, being open about the problems they find, and helping all of the people in the organization understand how they can be protected. 

As people move through the tricky territory of this online and offline world, they must do a lot more to look after the two worlds simultaneously to get the best outcome. To make sure that their connected devices are protected and managed effectively, they must be proactive and take an all-in approach.
Read more »
Web 3
Blockchain Internet New Technology online money Technology Web 3

Web3: A New Dawn for the Internet?

 

In the fast-paced world of technology, a revolutionary concept is gaining traction: Web3. Coined by computer scientist Gavin Wood, Web3 represents a paradigm shift towards a decentralized internet infrastructure, powered by blockchain technology. The traditional internet, often referred to as Web2, is dominated by centralized platforms controlled by a handful of corporations. 

However, Web3 envisions a future where power is distributed among a network of participants, rather than concentrated in the hands of a select few. Navigating Perils and Possibilities of Web3 Since 2018, momentum surrounding elements of Web3 has surged across various sectors, including equity investment, online searches, patent filings, scientific publications, job vacancies, and press reports. 

Particularly, the financial-services industry has emerged as a trailblazer in adopting emerging Web3 technologies and assets. At one juncture, the daily transaction volume processed on decentralized finance (DeFi) exchanges surpassed a staggering $10 billion. Yet, amidst this fervent progress, advancements have been marked by sporadic spurts rather than a seamless trajectory. 

However, if you find yourself grappling with the question of what exactly Web3 entails, you are not alone. A 2022 Harvard Business Review poll, encompassing over 50,000 respondents, revealed that nearly 70 percent admitted to being unfamiliar with the concept. 

In this comprehensive Explainer, we embark on a journey to demystify Web3, exploring its inherent risks and boundless potentials. Through a structured analysis, we aim to shed light on when—or if—this enigmatic vision of the internet will ultimately materialize. 

What This Technology Does? 

At the heart of Web3 lies blockchain technology, a decentralized and immutable ledger system. This foundational technology aims to democratize access and control over digital assets and information by harnessing the collective power of its network. Emerging Elements of Web3 Already, various projects are spearheading the transition to Web3. Decentralized finance (DeFi) platforms and non-fungible tokens (NFTs) are at the forefront, pioneering new methods of interacting with digital assets beyond traditional financial frameworks. 

Advantages and Advocates of Web3 Proponents of Web3 argue that it offers several benefits, including greater transparency, security, and user autonomy. Furthermore, it presents a viable challenge to the dominance of tech giants in the digital realm. 

Technologies Powering Web3: 

A Closer Look At the heart of Web3 are three key technologies driving its decentralized infrastructure: 

Blockchain: Blockchain technology forms the backbone of Web3, offering a decentralized and immutable ledger for recording transactions. For instance, consider Bitcoin, the pioneering cryptocurrency. Its blockchain ensures transparency and security by recording all transactions across a distributed network of nodes, without the need for a central authority. 

Smart Contracts: Smart contracts, coded agreements that automatically execute when predefined conditions are met, play a pivotal role in Web3. Take Uniswap, a decentralized exchange protocol built on Ethereum. Through smart contracts, users can seamlessly exchange tokens without relying on intermediaries, enhancing efficiency and reducing costs. 

Digital Assets and Tokens: Web3 thrives on digital assets and tokens, representing a myriad of value-bearing items existing solely in digital form i.e. CryptoKitties, a blockchain-based game where users collect and trade digital cats. Each CryptoKitty is represented by a unique token on the Ethereum blockchain, showcasing the potential of digital assets to revolutionize ownership and monetization. 

These technologies collectively pave the way for a decentralized internet, empowering users with greater control and autonomy over their digital interactions. As Web3 continues to evolve, its impact on various industries and sectors is poised to be transformative, reshaping the digital landscape as we know it.
Read more »
Technology
Artificial Intelligent ChatGPT Cybersecurity Internet OpenAI Technology

With ChatGPT, Users Can Now Access Updated Information on The Internet

 


According to OpenAI Inc., the company that created ChatGPT, a chatbot that provides users with information tailored to their specific needs, the chatbot can now browse the internet for up-to-date information. 

It has previously been learned with the help of artificial intelligence using only the data up until September 2021. With this move, some premium users will now be able to ask the chatbot questions about current affairs, access news, and ask the chatbot questions about current events.  

It was reported on Sept. 27 that OpenAI, a company that specializes in artificial intelligence (AI) products, has created a chatbot that can browse the web and incorporate up-to-the-minute information into its replies. Users of GPT-4 Plus and Enterprise who are currently using the GPT-4 model should be able to download the updates as soon as possible. 

OpenAI stated in its announcement that the feature will be available to non-premium users soon, without specifying whether this would mean that users without a premium subscription will have access to GPT-4, or whether it will be available to users with a GPT 3.5 subscription. 

In the past, this artificially intelligent system has been trained based on data that was only available from September 2021 onwards. Using this new feature, some premium users will be able to engage the chatbot on current events and be able to access up-to-the-minute news and information. 

Shortly, OpenAI intends to extend this service to all users, including non-paying users, so that everyone can take advantage of it. ChatGPT is now equipped with a browsing feature that will allow users to perform tasks such as technical research, planning a vacation, or selecting a device that requires up-to-date information, according to OpenAI. 

As part of its browsing features, ChatGPT has created an extension that can be installed in Chrome and is entitled 'Browser with Bing'. Interestingly, ChatGPT's biggest competitor so far, Google's Bard, has also launched an extension that allows the use of Bing to browse the web for free. The rivals of ChatGPT have already developed their browsing capabilities. 

However, ChatGPT will now have the ability to access the internet via an extension called "Browser with Bing". Before now, ChatGPT had only been able to answer real-time events or events that occurred after September 2021, because ChatGPT's knowledge was limited to September 2021. 

It was also a turn-off for many of ChatGPT's users who wanted to use the features of ChatGPT with the most up-to-date information. When the chatbot was asked about anything current, it would always answer "I'm sorry, but I cannot provide real-time information." 

ChatGPT Plus and Enterprise users will have access to the feature. Users can also make use of it by going to Settings within the app, selecting the option for New Features, and then selecting Browse with Bing extension from the list of options. 

A chatbot for its mobile app for iOS and Android has been updated with new features which allow it to operate using voice and image capabilities. This will allow users to speak with the chatbot and receive responses according to what they have said. 

OpenAI announced that the option of browsing using Bing is now available to ChatGPT users who are paying, as well as for all users in the future. As part of its premium ChatGPT Plus offering, OpenAI had previously tested an option where users could use the Bing search engine to find the most current information. 

Regarding their functionality, the new integration works similarly to the Bard, a chatbot developed and launched by Google in March this year that has been integrated since May but was disabled two months later due to concerns that it could allow users to bypass paywalls. 

It is very unlikely that ChatGPT had access to the foreign material that good actors (bad actors) might have planted on the internet to spread misinformation about politics or healthcare issues because it did not have access to such information. This is because ChatGPT did not have access to the foreign material that bad actors might have planted on the web. 

ChatGPT was held back from searching the internet for current information due to several factors, such as the high cost of computing and concerns regarding accuracy, privacy, and ethical issues. There is the concern that ChatGPT may introduce inaccuracies to data provided in real-time, as well as the risk of reading copyrighted material without authorization, as a result of providing real-time data. 

ChatGPT's new features underline the important dilemma the AI business sector is confronted with as a result of its growth. AI systems need to be more flexible and free to make them truly useful. However, this also increases the likelihood of misuse and the possibility of misleading or incorrect information being exchanged. 

The ChatGPT application now can be integrated with various applications, including Slack and Zapier, giving it the ability to increase productivity by integrating with Google Sheets, Gmail, and Trello. A Python-based experimental plug-in offers more complex functions for handling more complex tasks, such as deciphering codes, managing data analysis, and visualizing data, and is also available for handling more complicated tasks. 

In addition to this, it is now capable of managing downloads and uploads, changing file types, and resolving numerical and qualitative mathematical issues which may arise. Several collaborators have partnered with OpenAI to make these things possible, including Fiscal Note, Instacart, Klarna, Milo, Kayak, OpenTable, Shopify, Slack, and Zapier, just to name a few. OpenAI plans to expand the launch of this update after any technical problems with version 1 have been resolved once the current version of the update is available to select users.
Read more »
threats
Awareness Budget Cyber Security Cyberattacks CyberCrime Data Education Internet National Cyber Security Centre phishing Protection Ransomware Schools SonicWall Students threats

Fortifying Cybersecurity for Schools as New Academic Year Begins

 

School administrators have received a cautionary alert regarding the imperative need to fortify their defenses against potential cyberattacks as the commencement of the new academic year looms. 

The National Cyber Security Centre has emphasized the necessity of implementing "appropriate security measures" to safeguard educational institutions from potential threats and to avert disruptions.

While there are no specific indicators of heightened threats as schools prepare to reopen, the onset of a fresh academic term underscores the potential severity of any cyberattacks during this period. 

Don Smith, the Vice President of the counter-threat unit at Secureworks, a cybersecurity firm, has highlighted the current transitional phase as an opportune moment for cybercriminals. He pointed out that the creation of new accounts for students and staff, as well as the school's approach to portable devices like laptops and tablets, can introduce vulnerabilities.

Smith explained, "Summer is a time when people are using their devices to have fun, play games, that sort of thing. If you've allowed teachers and pupils to take devices home, or let them bring their own, these devices may have picked up infections and malware that can come into the school and create a problem."

Last September, six schools within the same academy trust in Hertfordshire suffered internal system disruptions due to a cyberattack, occurring shortly after the new term had started. 

Additionally, just recently, Debenham High School in Suffolk fell victim to a hack that temporarily crippled all of its computer facilities, prompting technicians to work tirelessly to restore them before the commencement of the new term.

Schools are generally not the primary targets of concentrated cyberattack campaigns, unlike businesses, but they are considered opportunistic targets due to their comparatively less robust defenses. 

Don Smith emphasized that limited budgets and allocation priorities may result in schools having inadequate cybersecurity measures. Basic digital hygiene practices, such as implementing two-factor authentication and keeping software up to date, are crucial for safeguarding vital data.

Moreover, it is imperative for both students and teachers to be regularly educated about cybersecurity threats, including the importance of strong passwords, vigilance against suspicious downloads, and the ability to identify phishing attempts in emails. Mr. Smith noted that cybersecurity is no longer solely the responsibility of a small IT team; instead, all users are on the frontline, necessitating a general understanding of cybersecurity fundamentals.

A recent study revealed that one in seven 15-year-olds is susceptible to responding to phishing emails, especially those from disadvantaged backgrounds with weaker cognitive skills. Professor John Jerrim, the study's author, emphasized the need for increased efforts to help teenagers navigate the increasingly complex and perilous online landscape.

The National Cyber Security Centre, a division of GCHQ, has previously issued warnings regarding the growing prevalence of ransomware attacks targeting the education sector. Ransomware attacks involve criminals infiltrating a network and deploying malicious software that locks access to computer systems until a ransom is paid. Although ransomware attacks temporarily declined during the first quarter of 2023, they have been steadily increasing since then.

SonicWall, a cybersecurity company, emphasized that schools, being repositories of substantial data, are attractive targets for hackers pursuing financial and phishing scams. As schools rely more heavily on internet-based tools in the classroom, they must prioritize cybersecurity, both in terms of budget allocation and mindset, as the new school year approaches.

In response to these concerns, a spokesperson for the Department for Education affirmed that educational institutions bear the responsibility of being aware of cybersecurity risks and implementing appropriate measures. This includes establishing data backups and response plans to mitigate potential incidents.

"We monitor reports of all cyberattacks closely and in any case where there has been an attack, we instruct the department's regional team to offer support," they added. "There is no evidence to suggest that attacks like this are on the rise."
Read more »
Web 3
AI Data Data Safety Internet Internet Identity Security Technology Tools Web 3

Understanding Internet Identity: Exploring its Functionality and Operation

 

Passwords have long been a hassle for daily online logins, even with the help of password managers. However, the DFINITY Foundation's Web3 experts are developing a promising alternative called Internet Identity (II), which has the potential to transform online security. 

Internet Identity is a Web3 service that enables users to create a secure "anchor" for their devices, allowing them to log in to compatible services without using passwords. Instead, it utilizes a chip embedded in modern devices to generate disposable passkeys protected by Chain Key cryptography.

The concept behind Internet Identity is to provide a fast and secure way to authenticate oneself when accessing services. It aligns with other Web3 concepts, such as the ability to create multiple online identities, which explains its name. In addition to enhancing security, Internet Identity also offers benefits like hiding one's digital footprint and protecting against identity theft. All of this is made possible through the DFINITY Internet Computer blockchain project.

To understand how Internet Identity works, users create an anchor identity embedded in the Internet Computer blockchain and associate their devices with it. These devices utilize a specialized TPM chip to generate hidden passkeys for signing in to Web3 services and decentralized applications (dapps).

The passkeys are enabled through biometric authentication or a similar secure process, eliminating the need for passwords. A handshake protocol combines a public key and private key, enabling automatic sign-in to compatible services.

This approach offers several advantages for online identity protection. Firstly, there are no passwords to be hacked, and the TPM passkeys remain entirely private, inaccessible to anyone else during the sign-in process. This significantly enhances data security. Additionally, since a new session is created for every login, it becomes more challenging for external entities to track user activities.

While Internet Identity is based on Web3 and blockchain technologies, it differs from many blockchain-related endeavors that often raise concerns. 

Using Internet Identity does not require owning a blockchain token or incurring any costs. Developers cover the blockchain computations, ensuring the focus remains on privacy rather than financial motivations.

Internet Identity exclusively functions with services supported by the Internet Computer Protocol, primarily Web3 dapps. DFINITY and others anticipate that blockchain authentication methods like Internet Identity will become the norm, and they aim for broad support of their protocol. 

However, this is still uncertain, and currently, many mainstream services, including popular social media platforms, may not support Internet Computer technology unless users are deeply involved in the blockchain tech community.

To utilize Internet Identity, users need standard biometric login features available on everyday devices, such as fingerprint readers and facial identification. For those desiring additional security measures, Internet Identity also supports real-world passkey technologies like YubiKey.

Internet Identity is entirely free and open-source, emphasizing privacy and transparency for user data.

Comparing Internet Identity to passwords, it offers greater convenience when using dapps and ensures robust security. It also reduces the profiling potential of big tech and social media companies like Google. 

Internet Identity allows users to create multiple social identities for enhanced privacy, and personal information is not required. However, it's crucial to properly manage recovery options in case of any issues.

While Internet Identity prevents tracking, it leaves a trail within the blockchain, accessible only by the user via their seed phrase. This trail exists independently of physical devices.

To get started with Internet Identity, users can visit the official website and follow the step-by-step instructions provided by their preferred search engine. The process involves authenticating oneself, choosing a recovery method (such as a seed phrase or security key), and adding specific devices, such as an Android phone, to the anchor to ensure proper functionality. For more technical details, users can explore the code on GitHub or seek guidance from the Internet Identity community.

In conclusion, Internet Identity is a worthwhile solution for those using Web3 services or interested in privacy-friendly dapps. While its future, like that of all Web3 technologies, remains uncertain, it serves as a solid foundation for authentication software. 

The best part is that it's entirely free and doesn't involve questionable blockchain investment schemes. This aligns with the preferred Web3 approach, although Internet Identity still needs to demonstrate that it is a significant step forward for the decentralized internet.
Read more »
User Security
Cyber Security email security Internet Remote Security User Security

Safeguarding Your Digital Life: Navigating the Evolving Landscape of Cybersecurity

digital security

In today's interconnected world, the Internet has become an indispensable resource, particularly for the younger generation. Gone are the days of flipping through encyclopedias or visiting travel agencies to book flights or hotels.

The Internet has revolutionized the way we accomplish tasks, offering unprecedented convenience and opportunities, such as remote work and instant mobile transactions. However, this rapid evolution also brings forth numerous threats from cybercriminals. As we dive deeper into the digital age, it becomes increasingly crucial to address these dangers and fortify our digital security.

The Growing Cybersecurity Landscape

The realm of cybercrime has evolved significantly since the days of floppy disk viruses and the 1988 Morris worm, which infected the early Internet. Today, cyberattacks have escalated by 38% in 2022 compared to the previous year, averaging 1,168 attacks per week per organization, as highlighted in the 2023 Security Report from Check Point Software Technologies Ltd.

This concerning trend is expected to worsen in the coming years, necessitating our preparedness to combat these threats effectively.

1. Neglecting Passwords

One of the most common yet detrimental mistakes we make is recycling passwords across various accounts. We often use the same password for both personal and work-related emails, compromising sensitive data.

Sharing passwords, such as those for streaming services or online platforms, further exacerbates the problem. Millions of users fall victim to account breaches each year due to poor password management. To mitigate these risks, it is essential to create robust passwords with a minimum of 12 characters, including a combination of uppercase and lowercase letters, numbers, and special characters.

Regularly updating passwords and avoiding reuse across multiple accounts or platforms is highly recommended.

2. Update, Update, Update

Frequent software and device updates are crucial for enhancing usability and addressing potential vulnerabilities. However, we often delay or disregard these updates, considering them inconvenient or time-consuming.

Unknown to us, postponing updates unknowingly leaves us susceptible to cyberattacks. By regularly updating our devices, we can preemptively safeguard against many potential vulnerabilities.

3. Falling Prey to Disinformation

While data theft remains a prevalent focus of cyberattacks, recent trends reveal an uptick in hacktivist practices and state-sponsored threats. These practices often involve spreading disinformation through fake news or biased messages designed to incite discord.

To counteract this, it is advisable to gather information from multiple sources and verify news or chain messages before blindly disseminating them. The common sense remains one of the cornerstones of internet security.

4. Using Free Wireless Networks

To conserve personal data usage, it has become commonplace to connect to public Wi-Fi networks in restaurants, airports, hotels, and other public spaces. However, security researchers have repeatedly demonstrated the lack of security in such networks.

It is best to avoid connecting to unknown networks. If necessary, limit usage to basic browsing and refrain from entering passwords or using sensitive applications like banking or payment platforms.

5. Reviewing Privacy Policies and Permissions

How often do we truly read the terms and conditions of data usage? The lengthy and complex nature of these texts often leads us to accept all terms without scrutiny. While this expedites our access to applications, it can pose significant security risks and compromise our data.

Cybercriminals may exploit popular applications to distribute malicious code, while unscrupulous developers may include hidden clauses for unauthorized data collection, storage, or trading. Taking a few minutes to review permissions and conditions before installing a program can help prevent deception or exposure of personal information.

6. Browsing and Trusting Unsafe Websites

Identifying fraudulent websites can be done by looking for subtle errors like typos, poorly written text, or low-quality images. However, the most effective method involves scrutinizing the website's URL.

Look for security indicators such as SSL certificates, denoted by a padlock icon next to the web address. Additionally, remain vigilant for irregular characters or subdomains that may signify potential risks.

While the Internet remains a relatively young tool, we have accumulated substantial experience to protect ourselves from cyber attackers. Education and common sense remain pivotal in creating a secure digital space for everyone.


Read more »
Web Advertisement
Cyber Attacks FBI Google Internet Web Advertisement

Search Results Contain Imposter Ads, FBI Warns

 


Bogus advertising: a tightrope walk 

Since the early days of the Internet, rogue ads have been a particular plague on the Internet. As a user, you never quite know what's waiting in the browser, such as an irritating pop-up window or spinning banner that announces that you have won a prize in an advertisement that contains a malicious redirect or malvertising when you request a web page. 

The FBI has issued a warning regarding fake ads that impersonate the original thing to deceive potential victims into traveling to remote areas. 

Several advertisements appear at the top of your Google or Bing search results. They are standard search engine advertisements. There are two ways in which ads are displayed in search engines. (Depending on the search engine used, the word "sponsored" or "ad" is used to indicate ads.) A group of FBI officials is warning about fake ads, that are paid for by criminals. It uses similar domain names, as well as links to legitimately appearing web pages that are similar to the official website of the impersonated business. 

It is disappointing to discover, that the FBI's release on this scam is surprisingly light on details, but it does propose a few ways to avoid becoming a victim. 

How to avoid these rogue ads?

Generally, the FBI advises people to follow the following guidelines:

  • To ensure the authenticity of a website, you should check the URL before clicking on an advertisement. Generally, malicious domain names are similar to the intended URL but can have typos or misspelled letters similar to the intended URL. 
  • To access a particular business's official website directly from an Internet browser's address bar enter the URL of the company’s official website instead of searching for the company online. 
  • When you are performing Internet searches, it is a good idea to use an extension that blocks ads. Internet browsers allow users to add extensions to their browsers, which can include extensions to prevent advertisements and other forms of advertisement. In a browser, one can toggle between these ad blockers. This means that advertisements can appear on certain websites while they are blocked on other websites. This depends on what the website is about. 

For businesses, the FBI has the following advice: 

  • To avoid spoofing domains, businesses can use domain protection services to alert them to the registration of similar domain names. 
  • Users are advised to be aware of spoofed websites and to confirm the correctness of the URLs they are directed to when visiting them. 
  • Provide users with information about where they can find legitimate downloads of the company's software.
Are shady ads out of control or a step too far? 

Blocking advertisements remains a controversial topic in some quarters, as noted by Techspot. The odds are that many of the sites you use rely on advertising revenue to keep the lights on. However, others are moving towards subscriptions, paywalls, and other kinds of models to make money. 

To block ads in their browsers, some people and organizations use dedicated ad blocker extensions, while others prefer script blocker apps that provide additional options. In addition to blocking ads, some companies use security tools to detect and neutralize exploits and malvertising campaigns. 

Faulty ads cluttering up sponsored search results, no matter what your approach or opinion is towards paid advertising online, will be a problem for quite a while to come. What the FBI released might indeed make people think that fake listings in search results are a new threat. However, the truth is that this is nothing new. Despite this, criminals are well aware that it works and that it often results in success. 

It is very important to pay attention to those paid results that are at the top of your search engine results page. This is when you are shopping around or looking for financial advice and services. You may be able to save yourself a few hours of annoying calls to customer support by taking a few minutes to consider the situation.
Read more »
User Security
Cyber Security Internet New Jersey School Class User Security

6,000 Students in New Jersey Affected Due to Internet Issue by 'Unauthorized Third Party'

 

In a Gloucester County school district, in New Jersey, classes were canceled for the third day in a row owing to technological issues brought on by an "unauthorized third party," according to notifications from the district. 

Classes were canceled by the Monroe Township School District on Tuesday, Wednesday, and Thursday last week impacting 6,000 students. 

Anthony DeFelice, a sophomore at Williamstown High School, claims that several of his classes extensively use computers and the internet. He wasn't shocked when school was canceled as a result of a technical issue that caused an internet outage at the school. 

DeFelice stated, "something was going on Monday, and then they just called off that night at about 8. We were informed that Tuesday is a non-school day.” 

On Wednesday, a notice stating that all activities were postponed until further notice was posted on the door of Williamstown High School.

Parents received a notice Monday night from Superintendent Susan Ficke stating that there may be a technical problem that caused the school's internet service to be disconnected. It continued by stating that holding classes offline would bring logistical and security issues. 

Action News, a local media outlet discovered on Wednesday night that district officials claimed the technical issues were brought on by an "unauthorized third party" in an email sent to parents and that efforts to reinstall the internet and look into the issue were ongoing. 

Many parents expressed their frustration at the lack of information prior to the notification's release on Wednesday night and asked if there had been a security breach. When Action News called Monroe Township Mayor Richard DiLucia, he said the school board hadn't gotten in touch with him and that he was unaware of any details. 

On Wednesday, the media outlet made numerous attempts to contact the superintendent but received no response. Police in Monroe Township also declined to comment. However, the FBI's Philadelphia office said in a statement on Wednesday that while they couldn't confirm or deny their involvement, they normally lend support and resources in cases of cyberattacks. The district claims that the inquiry is still going on.
Read more »
Russia
Cyber Security CyberWar DDoS DNS domains Internet Runet Russia

Experts Estimated the Probability of Disconnecting Russia From the Internet

 

On 5th March, a telegram signed by Deputy Head of the Ministry of Digital Andrei Chernenko was sent to federal executive authorities and subjects of the Russian Federation with a number of recommendations for the protection of information infrastructure of the country. It does not contain direct instructions on disconnecting Russian users from the global network, but a number of experts saw in it indirect preconditions for the isolation of Runet. 

According to the document, by March 11, state websites and services must switch to using DNS servers located in the Russian Federation; remove from HTML page templates all JavaScript code downloaded from foreign resources (banners, counters, and so on); in case of using foreign hosting, switch to Russian; move to the domain zone.ru; complicate the "password policy". 

The Ministry of Finance stated that the sending of telegrams is connected with cyberattacks on Russian websites from abroad. The proposed "set of the simplest recommendations on cyber hygiene" is designed to ensure the availability of web resources of the Russian Federation. "There are no plans to turn off the Internet from the inside," the ministry assured. 
 
Mikhail Klimarev, executive director of the Internet Protection Society, said that the items listed in the telegram are absolutely banal rules of information security, but they may also indicate the preparation of state agencies for any force majeure. He found it difficult to say why the document appeared only now but suggested that this was due to the ongoing cyberwar between Russia and other states. 

"Anonymous hackers, DDoS attacks, attacks on DNS servers - it's really serious, and the Russian authorities really need to worry about how it should work," Klimarev explained. "There's really nothing to worry about, but it's all terrifying. From the outside, it looks like preparation for a sovereign Runet," he added.  

The norm on DNS servers may also indicate preparation for possible shutdowns of the Runet. However, the main logic of the document works to reduce cyberattacks and switch to local root servers to provide access to sites in the Russian domain zone. 

According to experts, disconnecting Russia from the Internet is extremely dangerous for the state, as it carries unpredictable social and financial consequences. 


Read more »
Internet
Cybersecurity Ethical Hacker Ethical Hacking Hacking Internet

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.
Read more »
Privacy
Anonymous Banksy Internet internet privacy internet Security Online Privacy

Can we control our internet profile?

"In the future, everyone will be anonymous for 15 minutes." So said the artist Banksy, but following the rush to put everything online, from relationship status to holiday destinations, is it really possible to be anonymous - even briefly - in the internet age?

That saying, a twist on Andy Warhol's famous "15 minutes of fame" line, has been interpreted to mean many things by fans and critics alike. But it highlights the real difficulty of keeping anything private in the 21st Century.

"Today, we have more digital devices than ever before and they have more sensors that capture more data about us," says Prof Viktor Mayer-Schoenberger of the Oxford Internet Institute.

And it matters. According to a survey from the recruitment firm Careerbuilder, in the US last year 70% of companies used social media to screen job candidates, and 48% checked the social media activity of current staff.

Also, financial institutions can check social media profiles when deciding whether to hand out loans.

Is it really possible to be anonymous in the internet age?

Meanwhile, companies create models of buying habits, political views and even use artificial intelligence to gauge future habits based on social media profiles.

One way to try to take control is to delete social media accounts, which some did after the Cambridge Analytica scandal, when 87 million people had their Facebook data secretly harvested for political advertising purposes.

- Netflix Cambridge Analytica film- Social media is 'like a crime scene'

- Facebook to pay $5bn to settle privacy concerns

- Is leaving Facebook the only way to protect your data? While deleting social media accounts may be the most obvious way to remove personal data, this will not have any impact on data held by other companies.

Fortunately, in some countries the law offers protection.
Read more »
Personal Data
Data Brokerage Internet Personal Data

Data Brokerage A Serious Concern?



With the increasing worth and volume of personal data, Data Brokers have begun to gain a gigantic amount of 'traction' as of late, offering to oversee and monetize consumers' personal data sets. Utilizing a variety of assets to assemble data, the firm gathers consumer data and offers to sell them to other business.

The data gathered is typically sold as profiles which are offered to different business, hoping to target individuals for various ad campaigns.

For some people over the world, data brokerage may be an extremely new term; however, this 'plan of action' has turned out to be one of the most profitable ones in this period — it is a $200 Billion industry.

So as to keep your information from getting sold or utilized by somebody, out of the considerable number of data brokers in the business, 43% of them enable consumers to 'opt-out' for free while others may need to pay a certain amount.

There was a rather shocking incident from India where in 2017, The Economic Times reached out as a purchaser to a data broker, selling personal data, and what they found was quite surprising, for just ₹10,000 and ₹15,000, the company was selling personal data of up to 1 lakh citizens in urban areas like Bengaluru, Hyderabad and Delhi.

While there have been many unlawful exercises and approaches by Data Brokers, this business frequently is known to operate following the law. They may get hold of a 'huge amount of data'; in any case, the manner in which they accumulate it doesn't appear to be illegal in any way.

Data Brokerage in the wake of turning into a genuine worry in the on-going long periods of its ascent, it has fallen under cautious examination and governments of numerous countries have already begun watching out for the operations of these companies.

In any case, the internet is something to be careful about as one of the common ways for gathering information is via the internet for the openly accessible information i.e. public data and people there can do things way beyond our imagination.

Read more »
Subscribe to: Posts (Atom)