Following news that hackers have stolen encrypted backups from the parent company of popular password manager LastPass, we look at what password managers are, plus the implications of the attack for businesses.

Password Challenges 

We are all used to using passwords but without extra measures (e.g. 2FA) they are now recognised as having security limitations as well as others. For example, drawbacks of relying on passwords include:

– Hunan difficulty in remembering strong, unique passwords for multiple accounts.

– Vulnerability to password reuse and weak password creation.

– Increased risk of password-related data breaches.

The risks of using passwords include:

– Password cracking through brute-force attacks, dictionary attacks, or social engineering techniques.

– Phishing scams that can trick users into revealing their passwords.

– Data breaches that expose passwords stored in unencrypted or poorly protected databases.

– Password reuse across multiple accounts, which can increase the damage from a single data breach.

What Are Password Managers, And Why Use Them? 

Password managers are software apps, typically installed as browser plug-ins, that securely store and manage passwords, credit card information, and other sensitive data. Some are free versions while others offer monthly subscription accounts. They allow users to generate strong and unique passwords for each account, automatically log in to websites, and fill out forms with a single click or keyboard shortcut. The data is encrypted and protected with a master password, providing an additional layer of security to the user’s online accounts.

Password managers, therefore, provide users with a fast, practical, and (perhaps until now) trusted way to log in to websites, platforms, apps, and other access gateways, and to mitigate some of the risks of using passwords. Even when using password managers, however, it is always important to follow best practices for password security, such as using strong, unique passwords and enabling two-factor authentication when available.

What Is LastPass? 

LastPass, owned by GoTo (previously owned by LogMeIn) is perhaps the most popular password manager. There are, however, many different password managers available, such as Google Password Manager, Microsoft Authenticator, Dashline, Sticky Password, Password Boss, Keeper (good for cross-platform uses), 1Password, LogMeOnce and others. There are also password vaults in other programs and CRMs that act as password managers, such as Zoho Vault, and Digital Vault. Google’s Chrome browser has a password manager to help to stop people from using weak passwords by suggesting combinations of characters that may be more secure. Microsoft’s Authenticator app can manage passwords for both Edge and Chrome.

What Happened To LastPass? 

On January 23, GoTo, the parent company of LastPass, gave an update of a “security incident” that it first reported in November 2022. The original “security incident” though is understood to have taken place in August 2022.

The update, following an investigation of the incident (a hack) stated that “a threat actor” had obtained “encrypted backups from a third-party cloud storage service” relating to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products. GoTo also reported that it had evidence that the threat actor had also obtained an encryption key for a portion of the encrypted backups. An encryption key is a code used to encrypt and decrypt data, i.e. the data’s unreadable to anyone without the key.

What Have GoTo And LastPass Said? 

November 2022 reports about the hack on GoTo say that it took place in the third-party cloud storage service that is currently shared by both GoTo and its affiliate, LastPass.

Reports from the LastPass blog in December 2022 say that the “threat actor accessed a cloud-based storage environment leveraging information obtained from the incident we previously disclosed in August of 2022”. LastPass says that while no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from its development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt “some storage volumes within the cloud-based storage service”.  

What Was Taken? 

According to LastPass, once the threat actor obtained the cloud storage access key and dual storage container decryption keys, they copied basic customer account information and related metadata from backup which included company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

The threat actor is also known to have taken a copy of a backup of customer vault data from the encrypted storage container. This contained both unencrypted data, such as website URLs, as well as fully encrypted fields such as website usernames and passwords, secure notes, and form-filled data.

What Was Not Taken? 

LastPass has assured users that there is no evidence that any unencrypted credit card data was accessed, and that the copy of the encrypted fields that were taken “remain secured with 256-bit AES encryption” and that they can only be decrypted with a unique encryption key derived from each user’s master password using LastPass’s ‘Zero Knowledge architecture’. Also, LastPass has reminded users that the master password is never known to LastPass and is not stored or maintained by LastPass.

What Is LastPass Doing About It? 

LastPass says that in response to the August 2022 incident it has:

– Decommissioned the development environment and rebuilt a new one from scratch to eradicate any further potential access, and replaced and hardened developer machines, processes, and authentication mechanisms.

– Added more logging and alerting capabilities to help detect any further unauthorised activity, and implemented a new, fully dedicated set of LastPass development and production environments.

In response to the most recent incident LastPass says it has:

– Started rotating all relevant credentials and certificates that may have been affected and supplementing existing endpoint security.

– Performed an analysis of every account with signs of any suspicious activity within the cloud storage service and added additional safeguards.

– Analysed all data within the environment to understand exactly what the threat actor accessed.

Notifying 

LastPass has already notified affected business customers (3 per cent of its total business customers) and recommended actions they should take.

What Should Customers Do? 

LastPass says that business customers who haven’t already been contacted needn’t take any recommended actions at this time.

However, LastPass has issued the general advice to customers to make use of its password default settings whereby it says, “it would take millions of years to guess your master password using generally-available password-cracking technology.”  Also, LastPass had advised customers against reusing their master password on other websites (password sharing).

What Are The Risks? 

Following the LastPass hack, there are several potential security risks to customers, such as:

– The hacker could use brute force attempts (software) to guess master passwords. If the hacker obtains the master passwords to the solen data encryption vaults, they may be able to decode the data.

– The unencrypted data that was taken could now lead to customers being targeted with phishing attacks, credential stuffing or other brute force attacks against online accounts associated with the LastPass vaults.

What Does This Mean For Your Business? 

LastPass is a popular, market leading password manager, used and trusted by many businesses. It is likely, therefore, to be a shock to many that there’s been (another) security incident whereby hackers have been able to steal customer data from a company that is supposed to be in the business of protecting very sensitive customer data. It’s so serious in fact that customers’ data encryption vaults have been taken, and this could mean that despite the communication from LastPass about the hack, that business customer confidence in the service and LastPass’s brand could be hugely damaged by this incident. Also, the theft of the other data could mean that business customers are now more at risk of being targeted by social engineering or phishing attacks, credential stuffing, or other brute force attacks. The data could also be sold to many other attackers, leading to increased risks going forward and the need to invest more time and money on taking extra security measures.

In this insight, we look at what a virtual machine is, where to get one, what it can be used for, plus a few of the main pros and cons.

What Is A Virtual Computer? 

A virtual machine/virtual computer is a software-based simulation of a computer system, generally created and run on cloud-based infrastructure, and managed and maintained by cloud service providers. Virtual computers can be accessed over the internet, and users can run applications and store data on these virtual machines just as they would on a physical computer.

Where And How? 

There are several ways to get access to a virtual computer:

– Local setup. You can create a virtual computer on your own physical machine using virtualization software, such as VirtualBox or VMware. This requires installing the virtualization software and setting up a virtual machine using a compatible operating system.

– Cloud-based virtual machines. You can also rent a virtual computer from a cloud service provider, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud. This allows you to run a virtual machine in the cloud and access it from anywhere with an internet connection.

– Hosted virtual desktops. Some organisations offer hosted virtual desktops, which are virtual machines that are hosted by the provider and accessible to users over the internet. These can be a cost-effective option for organisations that need to provide virtual desktops to employees or contractors.

To get a virtual computer, you’ll need to choose the type of virtual machine that meets your needs, then follow the specific instructions for setting it up and accessing it. Some virtualisation software, such as VirtualBox, is free and open source, while others, such as VMware, require a paid license. Cloud-based virtual machines are usually priced on a pay-per-use basis, based on the amount of resources you use. Hosted virtual desktops can be priced on a monthly or annual basis and may also require a per-user license.

Why Use A Virtual Machine (The Pros)? 

There are several reasons why you may choose to use a virtual computer. For example:

– Testing and development. Virtual computers can be used to test applications and operating systems without affecting the host system, making it easier to identify and fix bugs.

– Isolation and security. Virtual computers can be used to create isolated environments that are separate from the host system, reducing the risk of contamination from malware or other security threats.

– Cost-effectiveness. By running multiple virtual computers on a single physical machine, organisations can reduce hardware costs and increase the utilisation of their computing resources.

– Scalability. Virtual computers can be easily scaled up or down based on changing needs, allowing organisations to quickly respond to changing demands for computing resources.

– Accessibility. With cloud-based virtual computers, users can access their virtual machines from anywhere with an internet connection, making it easier for remote workers and teams to collaborate and access their applications and data.

– Compatibility. Virtual computers can be used to run older software or operating systems that are no longer compatible with current hardware, thereby preserving access to legacy applications.

– Portability. Virtual machines can be easily transferred from one physical machine to another, making it easier to migrate to new hardware or migrate to the cloud.

Examples 

Examples of uses for virtual computers, therefore, include:

– Running multiple operating systems on a single physical machine.

– Providing virtual desktop infrastructure (VDI).

– Hosting web applications.

– Testing and development of software applications.

– Provisioning isolated environments for security purposes, such as penetration testing.

Reducing The Risk of Being Tracked 

Using a virtual computer can also increase privacy and reduce the risk of being tracked in several ways. For example:

– By using a virtual machine, users can separate their online activities from their main computer, making it more difficult for others to track their activity.

– A virtual machine can be assigned a different IP address than the host computer, making it more difficult for websites and online services to track the user’s location and online activity.

– Virtual machines can be wiped clean and reset to their original state, effectively erasing any evidence of previous activities. This can be useful for users who want to reduce the risk of tracking by temporary files, browser history, and other forms of digital footprints.

– Virtual machines can be used to run alternative operating systems, such as a privacy-focused version of Linux, that are designed to protect user privacy and security.

However, it’s important to note that using a virtual computer does not guarantee complete anonymity and privacy. Online activities can still be monitored or tracked by various entities, including internet service providers, governments, and malicious actors. It’s important to use a combination of privacy and security tools, such as encrypted communication and VPNs, to maximize privacy and security when using a virtual computer or any other device connected to the internet.

The Cons Of Using A Virtual Computer 

There are, of course, quite a few disadvantages to using virtual computers. These include, for example:

– Performance issues. Virtual machines can sometimes run slower than physical machines, particularly when running resource-intensive applications or when there is contention for hardware resources.

– Complexity. The use of virtual computers can be complex and requires a certain level of technical expertise to set up and maintain.

– Dependence on host system. Virtual machines are dependent on the host system, and if the host system fails or experiences problems, it can affect the performance and availability of the virtual machines.

– Resource overhead. Running virtual machines requires additional resources, such as memory and processing power, which can add to the overall cost of running virtual machines.

– Networking limitations. Virtual machines can have limited networking capabilities, particularly when using bridged networking, which can make it more difficult to configure and manage virtual machine networking.

– Data storage. Virtual machines can have limited storage capacity, which can be a concern for users who need to store large amounts of data.

– Licensing. Some software applications and operating systems have licensing restrictions that limit their use in virtual environments, which can be a concern for organizations that want to use virtual machines for these purposes.

– Security concerns. Virtual machines can be vulnerable to security threats, just like physical machines, and require ongoing maintenance and security measures to minimize risks.

What Does This Mean For Your Business? 

Virtual computers, therefore, have a number of benefits and drawbacks for businesses, thus the decision of whether to use them or not will depend on the specific needs and circumstances of each organisation. Virtual computers can be a cost-effective solution for businesses that need to run multiple operating systems or applications, as they allow for better utilisation of hardware resources and reduce hardware costs. They also offer improved accessibility and scalability, making it easier for remote workers and teams to collaborate and access their applications and data. However, it’s also worth remembering that virtual computers can be complex to set up and maintain and may not offer the same performance as physical machines, particularly when running resource-intensive applications.

Businesses should also be aware of the potential for security threats and be prepared to take appropriate measures to secure their virtual machines. Ultimately, whether a virtual computer is the right choice for your business will depend on your specific needs and budget, as well as your technical expertise and resources. It may be helpful to consult with an expert or a cloud service provider to determine the best solution for your business.

Engineers at the University of New South Wales (UNSW) say they have modified a conventional diesel engine to run on mostly on hydrogen which could lead to CO2 emissions being cut by up to 85 percent.

Engine Converted 

The UNSW Sydney engineers have reported taking an automotive-size inline single-cylinder diesel engine, and modifying it to install an additional hydrogen direct injector. The modification maintained the original diesel injection into the engine, but added a hydrogen fuel injection directly into the cylinder. This allowed them to run the engine on a mix of hydrogen (90 per cent) and a small amount of diesel, thereby creating a hydrogen-diesel hybrid engine.

Results 

Test results of this new patented Hydrogen-Diesel Direct Injection Dual-Fuel System technology show that CO2 emissions are reduced to to just 90 g/kWh – 85.9 per cent below the amount produced by a normal diesel powered engine.

Also, compared to existing diesel engines, the the diesel-hydrogen hybrid showed an efficiency improvement of more than 26 per cent.

Another benefit of the technology is that, unlike alternative hydrogen fuel cell systems, it does not require extremely high purity hydrogen. This brings the relative costs down considerably.

Retrofit To Any Diesel Engine 

The researchers say that any diesel engine e.g., those used in trucks and power equipment in the transportation, agriculture, and mining industries could be retrofitted to the new hybrid system in just a couple of months.

Professor Shawn Kook from the School of Mechanical and Manufacturing Engineering who led the team that spent 18 months developing the new system says: “Being able to retrofit diesel engines that are already out there is much quicker than waiting for the development of completely new fuel cell systems that might not be commercially available at a larger scale for at least a decade.  

“With the problem of carbon emissions and climate change, we need some more immediate solutions to deal with the issue of these many diesel engines currently in use.” 

Put To Best Use Now At Mining Sites Where Hydrogen Available 

The team say that the most immediate potential use for the new technology is in industrial locations, such as Australia’s mining sites, where permanent hydrogen fuel supply lines are already in place. Studies have shown, for example, that 30 per cent of greenhouse-gas emissions at mining sites are caused by the use of diesel engines, largely in mining vehicles and power generators.

What Does This Mean For Your Organisation? 

This new hydrogen hybrid fuel system is an exciting development with many benefits. For example, the fact that it can be easily retroffited as a bolt-on to existing diesel engines and doesn’t require more expensive high purity hydrogen mean that it can be put to use now on reducing CO2, and can keep costs down. The costs could be futher reduced due to the system making the diesel engine run more efficiently anyway. As the team pointed out, it could be put to good use now in reducing the significant amount of CO2 being produced by diesel vehicles in Australia’s mining industry. The big promise, of course, is that once commercialised (in the next 12 to 24 months), it could be used around the world to hopefully make a big reduction in CO2 emissions from all kinds of diesel vehicles, thereby helping the planet, and helping industries and countries to hit their green targets.

If you’d like a fast method of highlighting paragraphs of text (e.g. for copying and pasting) without having to click and drag your mouse to a specific point, here’s how to do it.

To quickly highlight a paragraph/several paragraphs of text you’re viewing in a browser:

– Click in front of the words you want to select.

– Holding down the shift key, click at the end of the passage you want to highlight.

– The whole section between those clicks should now be highlighted.

– The same method also works in reverse, e.g. clicking first at the end of the passage you’d like to highlight.

Facebook, Instagram, and other social media sites may soon face lawsuits alleging that the way their algorithms work may be a factor in causing mental illness in some users.

A Defective Product? 

In the US, a reported consolidation of lawsuits across multiple districts that are rumoured to be filed next month in the Northern District of California will allege that these social media giants are causing eating disorders, anxiety and depression in their users through the use of algorithms that are “defective products”.

Why? 

It is alleged that social media algorithms can encourage addictive behaviour by encouraging users to view certain posts, e.g. posts that could lead them into mental illness.

Evidence  

It’s been reported that some of the evidence will relate to comments made by former Facebook Product Manager turned whistleblower Frances Haugen. In 2021, for example, she alleged that Facebook (now Meta) knew that Instagram users were suffering ill health effects and that Facebook had been putting profit over safety. Her reported (unproven) allegations about Facebook at the time included:

– There were conflicts of interest between what was good for the public and what was good for Facebook.

– Facebook knew that Instagram was worsening body image issues among teenagers and had a two-tier justice system.

– Facebook uses engagement-based ranking algorithms (in Instagram) knowing that these algorithms can’t adequately identify dangerous content and may even amplify negative content and help to fuel violent rhetoric and ethnic violence.

– Facebook hid most of its own data and when asked directly about how it impacts the health and safety of children, it chose to mislead and misdirect.

– Facebook failed to act on internal research showing that Instagram had a negative impact on the mental health of teenage girls.

Despite calls for regulation from some members of Congress and President Biden since Haugen’s initial allegations, the lawsuits may argue that nothing substantial has been done.

Known About For A Long Time 

It has been reported (Portico) that Previn Warren, an attorney for Motley Rice (a leading firm involved in the case) has said that Frances Haugen’s allegations suggest that Meta may have known for some time about the negative effects of Instagram on children, and that “It’s similar to what we saw in the 1990s, when whistleblowers leaked evidence that tobacco companies knew nicotine was addictive.” 

Product Liability 

Since the focus may be on social media algorithms as possibly being defective products, the case will relate to product liability law. Although algorithms being treated as products is a relatively new area, an algorithm could be considered a product under U.S. product liability law. If, for example (as the lawsuits may allege) an algorithm is a defective product, it may fall under the category of “strict liability” which means that the manufacturer of the product can be held liable for damages caused by a defect, regardless of whether they were at fault or not. The defectiveness of the algorithm must have existed at the time it was sold or supplied to the user. The determination of whether the algorithm is defective is likely to be a complex part of the legal argument and could depend on factors like industry standards and the foreseeable uses of the algorithm.

Protected From Product Liability Claim? 

It has, however, been noted by some tech commentators that the Section 230 provision of the 1996 Communications Act may currently protect social media companies by restricting lawsuits against them relating to content users posted on their sites. This could potentially protect Meta and Instagram from a product liability claim.

What Does This Mean For Your Business?

These lawsuits, if successful, could have a significant impact both for the social media companies and for users. For example, if it were proven in court that the algorithms used by social media companies are defective products and cause harm to users, the social media companies could, of course, face significant legal and financial consequences, including large damage awards to affected users. This could also have implications for their business operations and reputation.

Regarding Section 230 of the 1996 Communications Act, if the court finds that the algorithms are defective products, this could lead to a re-evaluation of the protections provided by Section 230 to social media companies. Section 230 provides immunity from liability for third-party content posted on their platforms, but if the algorithms themselves are deemed to be the cause of harm, this immunity may no longer apply. This could lead to increased regulation and oversight of the algorithms used by social media companies, resulting in a potential shift in the balance of power between these companies and the users they serve.

With OpenAI’s ChatGPT making the headlines and quickly becoming a useful tool for many businesses, here we look at some of the more novel ways to use this innovative technology.

20 Ways

Here are 20 ways to use ChatGPT that you may not have heard about:

1. Writing in the style of a known person or character. ChatGPT can be used to mimic the writing style of a known person or character, such as a famous author, historical figure, or even a fictional character. This can be used for creative writing exercises or for generating humorous or satirical content.
2. Writing song lyrics. Yes, ChatGPT can actually be used to generate original song lyrics based on a prompt or theme, or to help writers overcome creative blocks and come up with new ideas. The model can also generate a melody to accompany the lyrics!
3. Writing poems. Similar to song lyrics, ChatGPT can be used to generate original poems based on a prompt or theme, or to help poets overcome creative blocks and come up with new ideas. The model can also generate haikus, sonnets, or any other type of poem.
4. Writing speeches. This can be a very handy feature. ChatGPT can be used to generate inspiring speeches or persuasive arguments on a particular topic. The model can also generate speeches in the style of a particular speaker or from a certain historical era.
5. Generating headlines. ChatGPT can be used to generate headlines for news articles, blog posts, or other forms of written content. This can be particularly useful for content creators who are struggling to come up with a catchy or attention-grabbing headline.
6. Generating product names. For businesses this can sometimes take a bit of thinking about. ChatGPT, however, can be used to generate unique and memorable names for new products, services, or businesses. This can help companies stand out from the competition and make a lasting impression on potential customers.
7. Generating jokes. If you’d like to have a bit of fun with ChatGPT, it can be used to generate jokes, puns, or other forms of comedic content. This can be a great way to entertain friends, family, or followers on social media.
8. Writing fiction. It sounds strange but ChatGPT can be used to generate original works of fiction, such as short stories, novellas, or even full-length novels. The model can be used to generate plot outlines, character descriptions, or entire scenes.
9. Generating product descriptions. ChatGPT can be used to generate descriptive and persuasive product descriptions for online marketplaces, such as Amazon or Etsy. This can help increase sales and improve the customer experience.
10. Generating legal documents. Although this may seem a little risky (it’s always best to check with a legal professional) ChatGPT can be used to generate legal documents, such as contracts, agreements, or patents. This can save time and resources for lawyers and legal professionals.
11. Generating customer reviews. Rather questionable, nevertheless ChatGPT can actually be used to generate fake customer reviews for a product or service. This can be useful for companies who want to showcase positive reviews on their website or social media pages. Naturally, this practice is not encouraged or endorsed in any way!
12. Generating restaurant menus. Yes, it can actually be used to generate unique and appetising descriptions of menu items for restaurants. This can help attract more customers and increase sales.
13. Chatbot roleplay. It’s certainly a novel use, but ChatGPT can be used to create chatbots that simulate conversation with famous or fictional characters, such as celebrities, movie characters, or historical figures.
14. Writing fan fiction. ChatGPT can be trained on existing stories, characters, and worlds, and can be used to generate new, original fan fiction based on those sources.
15. Interactive storytelling. ChatGPT can be used to create interactive stories, where users can influence the plot and outcome through their interactions.
16. Automated script writing. ChatGPT can be used to generate scripts for movies, TV shows, plays, and more, based on specific criteria such as genre, tone, and characters.
17. Writing personal letters. It’s not always easy to find the right words, so it’s handy that ChatGPT can be used to generate personalised letters, such as love letters, apology letters, or condolence letters, based on user input.
18. Writing horoscopes. For those interested in astrology, ChatGPT can be used to generate daily or weekly horoscopes based on user input, such as their birth date, sign, and personal preferences.
19. Creating personal shopping lists. For quite a practical as well as a novel use, ChatGPT can be used to generate shopping lists based on specific criteria, such as dietary restrictions, preferred brands, and local availability.
20. Generating recipes. For those into cooking, ChatGPT can be used to generate new, original recipes based on user input, such as preferred ingredients, cooking methods, and dietary restrictions. How they actually taste, however, is another matter!

What Does This Mean For Your Business? 

Not only does ChatGPT have the ability to save time and money for many different kinds of businesses with the speed and quality of its responses, its ability to handle a wide range of topics, and its continuity and context awareness, but it can also create some novel, fun, and unexpected things. In fact, as it learns more, which it is now doing as it is being used free by millions of people, there may be few limits to the subjects it can generate text about and its potential. ChatGPT is certainly a step forward in AI chatbots and, as well as having multiple, value-adding applications for many businesses, it’s also something you can have a lot of fun with.