Tag Archive for: secure

All Companies Have Them—And Need To Secure Them

/in


Alon Jackson is the CEO and cofounder of Astrix Security, a leading enterprise solution securing app-to-app interconnectivity.

In modern development environments, “secrets” are authentication keys that are created by research and development teams to allow access to and between different resources and data. Secrets also allow services and non-human identities, such as third-party apps, to connect to your system, enhancing overall productivity and operations for the business.

To keep pace with the competition, it’s essential—and also inevitable—that we continue integrating non-human identities and generative AI tools into our systems, ones that will help with everything from email writing to lead generation insight.

Secrets are created almost on a daily basis, but securing them is a difficult task. In fact, wondering whether these secrets are actually safe and not exposed can keep security teams up at night.

Internal Vs. External Secrets

Secrets are typically bucketed into two categories: external and internal.

External secrets are secrets (API keys, OAuth tokens, SSH keys) that you don’t own or have possession of, usually used by operating systems, i.e., plug-ins, add-on extensions and third-party applications that are connected to core critical systems like Salesforce, GitHub, and Microsoft365.

Internal secrets are API keys and other tokens created by R&D teams within the organization. These “internal” secrets are sometimes shared, however, with external entities that often haven’t gone through proper security vetting and now have the same access to sensitive information—without your security team’s knowledge.

Securing secrets is difficult to understand, and ultimately manage. Oftentimes, DevOps and R&D teams own them but are not responsible for securing them. This leaves ample room for missteps, which results in secrets being leaked by human error, such as if an employee unintentionally shares a secret through a different channel or portal, a ticket or a Slack message.

The latest Microsoft breach, for example, occurred when a key was leaked in between processes. Ultimately, this allowed the attackers to download the memory and the secret key…

Source…

BharOS, India’s answer to Android, may not be as ‘secure’ or competent as you think

/in


A cosmetic clone

BharOS, however, appears to be nothing more than a simple ‘find and replace’ job where strings originally referring to ‘GrapheneOS’ have been collectively replaced with ‘BharOS’ instead, raising questions about the intent, integrity, and competency of the team involved with its development. Claiming technology developed by open source contributors as part of what was painted as an ‘Atmanirbhar’ effort is disingenuous. It invisibilises the labour and intellectual property of open source contributors.

The BharOS project might also be in violation of the open source software licence with which GrapheneOS is shipped. While the GrapheneOS licence does permit use, modification, and redistribution of the source code, it also requires that the licence be further included in any modified distribution of the source code. The same software licence was, however, conveniently omitted from the BharOS repository.

The claims surrounding the security and privacy features of such a project should also be taken with a grain of salt. This is primarily because of a fundamental security flaw that is introduced when existing open-source software projects are forked. Vulnerabilities uncovered in the upstream (parent) source tree for a project become harder to patch in the downstream (child project) source tree, due to divergences in the code of the two projects.

This essentially means that any security updates released for GrapheneOS might not result in simultaneous security updates being released for BharOS, if at all. 

These concerns highlight the importance of transparency, ethical conduct, and respect for the contributions of others in the realm of open source technology development and innovation.

Technological mysticism

Professor V Kamakoti, director of IIT-M and a long-time proponent of BharOS, said at a that BharOS would “revolutionise the way users think about security and privacy on their mobile devices”. The Press Information Bureau, reporting from the same press conference, wrote that BharOS was already “being provided to organisations [with] stringent privacy and security requirements”.

Apart from his association with BharOS, Kamakoti is also a member of…

Source…

How to keep your IoT devices secure

/in


Investment in the Internet of Things (IoT) is booming. By 2027 it’s predicted that there will be around 30 billion IoT devices globally, double the number from 2022. IoT isn’t new but its growing popularity is down to companies being able to automate processes and reduce labor costs during a time when operational spend is at its greatest.

All great stuff but on the flip side, the more interconnected your environment, the greater the attack surface for cyber gangs to compromise. Each connected IoT device offers possible entry points for hackers and malicious threat actors, through misconfigurations and other unpatched errors. Just last month Microsoftuncovered instances of cyptojacking, through affected Linux-based IoT devices, an online threat that embeds itself within a device and uses its resources to mine cryptocurrency, also known as cryptomining.

Source…

Shark Tank Season 15 LIVE — Fans praise Arepas and ‘can’t wait to try them’ as Meggings fails to secure a deal

/in


Thousands of individuals apply to be on show

Shark Tank can receive more than 100,000 applications every season, through the show’s website or during open casting calls to “audition, according to MentalFloss.

The show has around 31 episodes per season and producers are usually looking to fill close to 100 slots.

TJ Hale, the host of Shark Tank Podcast, which follows up on contestants and keeps a log of show statistics says “The odds are against you,” appearing on the show.

Get to know the sharks: Robert Herjavec

Robert Herjavec is a businessman born on September 14, 1962, in Varaždin, Croatia.

When he was seven, he and his family moved to Canada, where he later graduated with an English and Political Science degree from the University of Toronto.

Herjavec is the founder of BRAK Systems, a Canadian integrator of internet security software.

He sold the company to AT&T Canada in 2000 for $30.2million.

Three years later, he founded the Herjavec Group, which is one of the largest information technology and computer security companies in Canada.

Herjavec has been featured on reality TV series such as CBC’s Dragons’ Den and Shark Tank.

Get to know the sharks: Daymond John

It is believed that businessman and motivational speaker Daymond John has a net worth of $350million.

“Daymond John has come a long way from turning a $40 budget into FUBU, a $6 billion fashion game-changer,” reads his website.

“Throughout his career, Daymond has continued to be an entrepreneur in every sense of the word.

“He is not only a pioneer in the fashion industry but a Shark on the 4-time Emmy Award winning Shark Tank, a New York Times best-selling author, branding guru, and highly sought-after motivational speaker.”

FUBU is an American hip-hop apparel company launched by John and others. FUBU stands for “For Us, By Us.”

Get to know the sharks: Mr. Wonderful

Kevin O’Leary was born in Montreal, Quebec, Canada, on July 9, 1954. The 68-year-old is a businessman, author, politician, and television personality.

O’Leary has appeared in the business news programs SqueezePlay and The Lang and O’Leary Exchange.

Since 2009 he’s been a main cast member on ABC’s Shark…

Source…