Tag Archive for: Bringing

Bringing lessons from cybersecurity to the fight against disinformation | MIT News


Mary Ellen Zurko remembers the feeling of disappointment. Not long after earning her bachelor’s degree from MIT, she was working her first job of evaluating secure computer systems for the U.S. government. The goal was to determine whether systems were compliant with the “Orange Book,” the government’s authoritative manual on cybersecurity at the time. Were the systems technically secure? Yes. In practice? Not so much.  

“There was no concern whatsoever for whether the security demands on end users were at all realistic,” says Zurko. “The notion of a secure system was about the technology, and it assumed perfect, obedient humans.”

That discomfort started her on a track that would define Zurko’s career. In 1996, after a return to MIT for a master’s in computer science, she published an influential paper introducing the term “user-centered security.” It grew into a field of its own, concerned with making sure that cybersecurity is balanced with usability, or else humans might circumvent security protocols and give attackers a foot in the door. Lessons from usable security now surround us, influencing the design of phishing warnings when we visit an insecure site or the invention of the “strength” bar when we type a desired password.

Now a cybersecurity researcher at MIT Lincoln Laboratory, Zurko is still enmeshed in humans’ relationship with computers. Her focus has shifted toward technology to counter influence operations, or attempts by foreign adversaries to deliberately spread false information (disinformation) on social media, with the intent of disrupting U.S. ideals.

In a recent editorial published in IEEE Security & Privacy, Zurko argues that many of the “human problems” within the usable security field have similarities to the problems of tackling disinformation. To some extent, she is facing a similar undertaking as that in her early career: convincing peers that such human issues are cybersecurity issues, too.

“In cybersecurity, attackers use humans as one means to subvert a technical system. Disinformation campaigns are meant to impact human decision-making; they’re sort of the ultimate use of cyber…

Source…

Google and Qualcomm are bringing 4 years of OS and security updates for Android smartphones


A big selling factor of iPhones compared to Android devices is Apple’s excellent software support, where 4 year old devices receive the newest version of iOS. A separate question is how different that version is or in other words, how much slimmed down it is. In the Android world, Nokia Mobile is relatively successfully supporting all devices with 2 years of OS updates and 3 years of security updates and is one of the rare examples of a company supporting their entire portfolio.

Android version active users

Google announced that it partnered with Qualcomm to simplify the whole flow of supporting platforms with multiple OS updates, which should result in faster deploys of updates and less maintenance cost for Qualcomm. For customers, the end result will be 3 Android OS updates and 4 years of Android security updates.

The technical details are explained in this blog post, while the first Qualcomm SoC that will support the new updates flow will be the flagship Snapdragon 888. Besides Google and Qualcomm, Samsung also recently announced that its flagship Note 20 series of devices will get three Android OS updates. A reason for software support getting more and more popular is that customers tend to use their phones for a longer period of time. Basically, most people won’t change their devices until the old one breaks.

Nokia Mobile is known for supporting even the budget phones with updates, but with competitors expanding the software support for higher end phones to 3 to 4 years, the question is will Nokia Mobile do the same?

Source…

Bringing cyber security into the 21st century


Nina Paine was recently appointed to the board of the Chartered Institute of Information Security (CIISec), who have also awarded her a fellowship. teiss was fortunate to catch up with her to ask her about this new role and how she sees the future of the cyber security profession.

Nina is Global Head, Cyber Stakeholder and Government Engagement at Standard Chartered. Her role there is to build strong public-private partnerships that improve the way that cyber risks are addressed by all stakeholders. And with a background in banking and law enforcement (she spent 13 years at the National Crime Agency and its predecessors) she is well placed to act as a bridge between government and business in this area.

She told me about her work at the National Crime Unit where she worked on cyber-crime prevention, which was growing massively at the time. Cyber was seen by perpetrators as a largely risk-free crime. One of her objectives was to shift the perceived balance between risk and reward, so as to prevent more people viewing cyber-crime as an easy option.

Early intervention

Sadly, people still see cyber-crime as a low-risk/high-reward activity. As a society, we need to intervene right from the start which means education at primary school, both in how to keep safe and why cyber-crime is wrong. Later, at secondary school, we can be telling children about the range of exciting and worthwhile careers available in cyber security. Another message is that AI won’t take people’s jobs away in cyber security. Instead it will empower them to do even more interesting things.

Of course, children will always be interested in cyber-crime, for a variety of reasons. And some will go on to dabble in it. Prevention is better than cure here. We shouldn’t always be moving to strict enforcement immediately. A better approach may be to say “You have dipped your toe into cyber criminality. These are the potential consequences – for you and for others. We want to tell you that there are alternatives that are just as exciting e.g. red teaming”. 

Managing the pandemic

I asked Nina about how she viewed the effect that the pandemic is having on cyber security. Of course, we have all come…

Source…

Microsoft is bringing its antivirus software to iOS and Android – The Verge

  1. Microsoft is bringing its antivirus software to iOS and Android  The Verge
  2. Microsoft plans antivirus software for Android and iOS devices  CNBC
  3. Microsoft tasks its Defender antimalware with securing corporate Android and iOS phones  PCWorld
  4. Microsoft’s Defender security software is coming to iOS and Android  Yahoo Tech
  5. Microsoft Defender security software on way to Android, iOS – Software – News  HEXUS
  6. View Full Coverage on read more

“android security news” – read more