Security Companies Exaggerating Hackers’ Skills?

The technical director of the UK’s National Cyber Security Centre has said in a security conference speech that computer security companies may be exaggerating the abilities of malicious hackers.

Exaggerating to Boost Security Sales

During a speech at the Usenix Enigma security conference, Dr Ian Levy of the National Cyber Security Centre appeared to say that computer security companies who specialise in cyber security, may be simply playing up the abilities hackers’ as a means to boost sales of their own security hardware and services to frightened businesses.

Like Witchcraft

During the speech, Dr Levy is reported as saying that the extent to which the hackers’ skills had been overplayed, and the way in which security companies appeared to be saying that only they could defeat them, were similar to the idea of medieval “witchcraft”. Carrying on the theme, Dr Levy is reported to have said that security companies have therefore been able to depict their hardware as being a kind of “magic amulet” that could defeat hackers.

Dr Levy reportedly drew attention to the fact that the security companies were incentivised to define, often using frightening language, a false public perception of hackers as being like highly skilled masterminds.

Not Always That Sophisticated

One example that Dr Levy used in the speech to illustrate the point that cyber attacks are often not very sophisticated, was from last year. Dr Levy highlighted the case of a UK telecommunications company that had been attacked using a technique that was even older than the teenager who was thought to be responsible for the attack.

NCSC Already Protecting Government Departments

One key message of the speech was that the work of the UK’s National Cyber Security Centre (NCSC), which was only set up in October, has already been responsible for protecting a government department from spam, phishing and other web-borne attacks. The system used by the NCSC for that department had been so successful that it may now be rolled out to other departments.

What Does This Mean For Your Business?

Although Dr Levy made some good points, it should be viewed in the context of a speech made by someone with detailed insider knowledge, just before a Commons Public Accounts Committee issued a report that questioning the effectiveness of the UK’s digital defences.

For Businesses, who are not experts on cyber threats and security, and who are faced with anecdotal evidence, regular media reports, perhaps personal experience, and reports showing cyber crime levels as being high, an assumption that cyber criminals are sophisticated and skilled is a healthy one. The NCSC does offer some useful cyber security advice to and recommendations to business. It is also important for businesses to take the threat of data breaches and cyber crime seriously and to, at the very least, set up simple systems and methods to tackle the basic known threats. This could include:

  • Making sure that staff receive the relevant awareness raising messages and training to ensure compliance, best practices, and to help avoid costly human errors.
  • Making sure that default passwords aren’t used, passwords are made strong and /or are changed frequently and / or making 2 factor authentication compulsory.
  • Keeping up with patching and updates for all computers, even the old ones that don’t get used often. Make sure that third-party CMS plug-ins are patched too.
  • Helping to defend against phishing by making sure that your email filtering works well, segmenting your network, and using layered authentication rather than static passwords when moving around networks.

Facebook Provides Secure Keys

Facebook’s 1.79 billion users can now benefit from new login security measures which use a security key alongside the password.

Security Keys.

The new security upgrade involves the introduction of a security key for Facebook users. The FIDO U2F is a physical key which can be inserted into the USB port of any device. After the user types in their Facebook login password, they can then press the small button.

The key therefore provides the user with as 2nd factor of authentication, thereby increasing security.

Other Services Also Protected By Key.

The security key can also be used when logging in to a number of other websites including Google, Dropbox, GitHub, GitLab, Salesforce, Bitbucket, Dashlane, RSA, PushCoin and Sentry.

Phishing and Man-in-the Middle Threats.

It has long been known that simple password protection can leave individuals and businesses vulnerable to cyber crime. This is the reason why many companies now use two-factor authentication for logging in e.g. an on-screen password login, coupled with an SMS verification code that is then typed in. Even some two-factor authentication methods however, including SMS authentication and mobile push apps, are thought to be vulnerable to the most sophisticated phishing and man-in-the middle attacks. This, therefore, is an important reason why security keys are now being introduced.

Hackers Blocked.

With the new security key system, hackers will effectively be blocked because they would need the login details as well as the physical key to get in to an account. Mobile users are also likely to benefit form the new system thanks to the two-factor authentication, and users of Android phone can use a YubiKey NEO to authenticate to Facebook’s mobile site.

Study Confirms Security Claims.

The results of a security key study by Google have confirmed that U2F security keys are secure, as well as being cost efficient, and easy to use. Users can have backup keys, and the fact that the keys aren’t liked to the users’ real identities means that users can have multiple, secure identities, thus making it incredibly difficult for cyber criminals to get around.

What Does This Mean For Your Business?

Security keys like U2F and YubiKeys appear to provide businesses with a simple, affordable, and effective way of beating many of the many annoying, disruptive, and often costly hacks and attacks that have been a threat for many years now. Security keys are practical, easy to use, and easily replaceable, and these qualities are valuable to all businesses, particularly in the complicated and often confusing world of internet security.

No Gmail From December … Via Chrome, In XP and Vista

From December this year, if you are still using Windows XP or Vista, you will no longer be able to access your Googlemail / Gmail account in anything other than basic HTML interface.

Upgrade a Familiar Story.

Since the introduction of Windows 10, and since the ceasing of support for previous operating systems XP and soon Vista, Windows users have become used to Microsoft’s message that an upgrade is necessary and inevitable. It’s no big surprise, therefore, that Google is also now singing more loudly from the same upgrade hymn-sheet.

56 Next Version.

Google will soon be upgrading from version 55 to 56 of its Google Chrome browser, and Google actually stopped releasing Chrome updates for Windows XP and Vista version 49 more than year ago. Windows XP and Vista users will also have noticed that Google Drive is now inaccessible via those Operating systems.

Nag, Nag, Nag.

So-called ‘nag screens’ are one of the main ways that we are reminded that applications and systems will soon no-longer be supported or accessible. Google will therefore be using nag screens to remind anyone running versions of Chrome below the current version 55 that GSuite apps will stop working soon in Chrome prior to 53.

What’s So Good About The New Version of Chrome?

The big changes and the real necessity for the upgrade order is the fact that Google Chrome will essentially have much better security, and should be more able to handle more of the demands that modern browsers face with today’s content.
Version 56 of Chrome will use HTML5 as its default, and this will contribute greatly to improving the user experience of the browser. Version 56 will also not need many of the plug-ins that previous versions relied upon, and that contributed to many operational and security issues.

What If You Just Do Nothing?

If you’re going to stay with Windows XP or Vista user for now, and you’re planning to keep using you’re current version of Chrome, it won’t be long until you try and log into your Gmail account, and you will see the most basic of HTML interfaces that is likely to prove quite difficult, and frustrating to use.

What Does This Mean For Your Business?

With all Windows Operating Systems prior to 10 being killed off, and moved the as-a-service model, and if you’re sticking with Windows rather than Apple, upgrading looks inevitable and helpful if you want to use many other many of the most up-to-date applications. If you use a Googlemail account and the GSuite apps as part of your business activities, and if you’re used to be using Chrome, and if you’d like to improve your online security, it looks as though an upgrade of your Operating System to 10, and of your Chrome browser to version 56 are decisions you may soon need to consider making.

FBI Given Access To Your Emails Stored Outside U.S.

Google have been told by a US magistrate that they must comply with an FBI search warrant that would allow US law enforcement agencies to access emails that are stored outside of the US.

The order, by Judge Thomas Rueter, refers to the fact that Google uses data centres around the world to store customer emails on. In essence, the order, if complied with, will require Google to move the emails back to data centres in the U.S.

Move But Not Show.

This latest ruling is one several court battles involving big tech companies and privacy / security issues that have been launched since 2013. One bizarre twist of this case is that, even though the order would require Google to move the emails form its data centre in Ireland to the US, it could actually be illegal for the FBI to then access / view the emails because that would constitute an infringement of privacy

Departing From Precedent.

Google’s argument against moving the emails appears to be that Judge Thomas Rueter’s ruling may have departed from precedent.

The precedent is the Microsoft Corporation v. United States of America case known as “Microsoft Ireland”. In this case, which began back in December 2013, the US government issued a warrant to Microsoft to allow a search of Hotmail emails which were stored in a data centre in Dublin. The emails were sought by investigators as part of a narcotics case.

The court, in this case, ruled that American companies could not be compelled to produce data stored outside the US, and, On July 14, 2016, a three judge panel of the Second Circuit ruled unanimously in favour of Microsoft.

Move To Reverse Decision.

Even though the decision was welcomed by technology and media companies, privacy advocates, and the American Civil Liberties Union, in January this year, appeals court judges called on the US Supreme Court or Congress to reverse the decision. Their given reasons for wanting to reverse it were that the original decision had hurt law enforcement and raised national security concerns.

Outdated Act?

The cases against Google and Microsoft have both involved warrants issued under the 1986 federal law ‘Stored Communications Act’ which many people now feel is outdated

Google To Appeal.

Google, which receives more than 25,000 requests annually from US authorities for disclosures of user data in criminal matters, has said that it plans to appeal against this latest ruling.

What Does This Mean For Your Business?

The Google and Microsoft cases help to illustrate the importance and complexity of data security issues, and how governments, including our own, are now seeking greater powers to access and monitor our online communications and activities. For businesses it is therefore important to be clear on, and to comply with the current data security law and to prepare adequately for the introduction of GDPR early next year.

Tech Tip  : Solve Network Problems With a One-Click Reset

Windows 10 Anniversary Update has a feature that lets you run a troubleshooter, or use a one-click reset to solve network problems.

To find it:

Open Settings > Network & Internet > Status.

If there’s not a network problem, you’ll see a solid dialog box with network details.

If there is a problem, you are offered 2 tools:

Troubleshoot button – this runs a short suite of tests.

Network Reset button (at the bottom of the Settings page) – clicking on it will delete all networ

Dropbox Delights

To kick off 2017, Dropbox has announced new productivity enhancements to its services, which include availability of its Paper document collaboration service and a Smart Sync feature that gives access to all shared files.

More Attractive in a Crowded Market.

Technical commentators have suggested that the new Dropbox enhancements are part of a strategy to help give the product more appeal, and a competitive edge in a market cloud storage market that has become very crowded in recent years. For example, Box has already just unveiled a version of Notes which offers similar functionality to the new Dropbox ‘Paper’ enhancement.

Some good news about the enhancements to the product may also help to cover over some of the bad publicity that Dropbox received in September 2016 when the customer usernames, email addresses and encrypted passwords of a staggering 68 million customers, which were stolen in a hack back in 2012, re-surfaced in a very public leak.

Paper.

The ‘Paper’ document collaboration service is the new enhancement that is designed to enable customers to be able to get to work quickly on business ideas, by allowing them to be able to easily collate information from many different sources, rather than being faced with the challenges of information fragmentation. Although it is essentially in a similar ball-park of tools such as Microsoft Office or Google Drive, Dropbox are keen to point out that it helps more with a “lifecycle of ideas”, and therefore also includes other applications. One such application is the new task management functionality within Paper, which simplifies the process of enabling users to assign people to tasks, and to set due dates, all contained within a Paper document.

Although Dropbox has publicly named several high profile companies who have worked with the beta version, it is too early to say how commercially successful Paper will become, particularly as it has already up against similar new competitor products.

Smart Sync.

The big advantage of the new a Smart Sync enhancement is that it allows each individual user to see a synced version of a potentially large team folder with multiple user inputs, without having to worry about hard drive space on their own computer, because the file is stored and synced in the cloud.

There have been some concerns about how some levels of functionality in Smart Sync could cause challenges for Mac users, who may need a kernel extension that could cause performance or security issues. Dropbox however have been quick to point out that, if businesses aren’t sure about the level of functionality, they can turn it off and Dropbox will continue to work without Smart Sync.

What Does This Mean For Your Business?

These enhancements are likely to be good news for business Dropbox users because they are designed to dovetail with existing functionality and could be tools that could help users to reap more of the performance and competitive benefits that the cloud has to offer. For business generally, Dropbox is one well known branded route in what is now a vast array of different cloud storage options.

Each week we bring you the latest tech news and tips that may relate to your business, re-written in an techy free style. 

Archives