Tag Archive for: calls
President calls for national strategy to meet conventional, cyber warfare challenges
President calls for national strategy to meet conventional, cyber warfare challenges
President Dr Arif Alvi has called for outlining a national strategy securing the domains of both traditional and non-traditional security including cyber warfare.
Addressing the inaugural session of a two-day conference on ‘Challenges and Opportunities Evolving Global Order’ in Islamabad on Wednesday, the President said the renewed world order demands sustainable conditions ensuring internal and external opportunities for all citizens for a prosperous future.
Android’s Design Leaks Some VPN Traffic Data, Google Calls It “Intended Behavior”
Android devices with a VPN purposefully leak some traffic, including IP addresses and DNS/HTTP(S) requests, when connecting to a wireless network. According to a security audit by Mullvad VPN, leaking a small amount of data is inherent to the mobile operating system, something that third-party VPNs cannot prevent or control.
The Europe-based VPN service provider said that enabling Always-on VPN and Block connections without VPN doesn’t help either. Mullvad VPN noted that the bug (Google argues it is a feature) is built into Android.
“We have looked into the feature request you have reported and would like to inform you that this is working as intended,” a Google engineer told Mullvad VPN on the search giant’s issue tracker page. “ We do not think such an option would be understandable by most users, so we don’t think there is a strong case for offering this.”
Let us see how VPNs on Android function.
When an Android device connects to a public network, it performs certain checks before successfully establishing a connection. To perform these checks, Mullvad VPN discovered that Android sends data outside the secure tunnel that shields users from the internet.
Block connections without VPN is an Android setting designed to prevent this, which may happen during connectivity checks. Split tunneling can also leak a part of the traffic over the underlying network, Google pointed out.
“We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal [a webpage usually displayed after a device connects to a new public network] on the network, the connection will be unusable until the user has logged in to it,” Mullvad VPN wrote.
See More: Built-in iOS VPNs Leaking Traffic Data From Over Two Years Ago
“So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models,” the company added.
Indeed, because the small amount of data that the OS leaks includes DNS lookups, HTTP(S) and possibly NTP traffic, and the user IP address (as metadata), precisely what users intend to…
Cyber Security Authority calls on business to pay attention to cyber risks
The Cyber Security Authority has called on businesses to pay attention to cyber risks which pose a threat to all businesses.
Speaking on Joy Business Social, Isaac Mensah, an officer at the Cyber Security Authority, noted that cyber security just like any form of security begins with the user or individual, and as such businesses and employees should pay attention to social engineering attacks, aimed at swindling businesses.
“The issue is about awareness, if you want to do an online business, you should know the risks involved. Having the business alone or migrating your business online may be cost-effective, but we need to pay attention to the risks which exist on various platforms we list our businesses.”
He further stated that majority of the attacks on small and medium businesses recorded in Ghana are socially engineered attacks rather than hacking.
He went on to say that such attacks prey on the vulnerability of users by swindling them.
“When you look at the trend of attacks, a lot of these attacks is not hacking, it is socially engineered attacks which prey on your intelligence. It is about your level of operation and what you need to know to arm yourself”.
“Once you know the schemes, you will be able to detect an attack and find solutions to it”, he said.
On his part, Henry Cobblah, Project Lead at Skillmine Africa cautioned users to make an effort to understand the various services operating on the internet before signing up.
According to him, just as every home is not safe, no matter the levels of security put in place for protection so is the internet, therefore the users should be vigilant.
“Whenever you are getting into anything on the internet, make sure you understand the platform or service before jumping on. Read about it, ask about before investing or signing up to anything on the internet. Lack of understanding of platforms makes you more vulnerable to scamming”, he stressed.
“Ensuring cyber safety has become very important especially now that a lot of businesses are migrating online and relying on cloud services for business support. Though a lot of attacks we see here in Ghana are mainly social engineered attacks, it becomes imperative for businesses…