Tag Archive for: change

Effecting positive change in the Internet of Things

/in


Way back when…

We started our journey back in the day when the IoT was in its infancy. Our first published research was in June 2015 with a post about extracting the Wi-Fi PSK from Fitbit’s Aria weighing scales. This led to a challenging disclosure process with Fitbit, though it ended positively and constructively, with Fitbit supporting our efforts to educate and improve cyber security. This included us delivering workshops and briefings at the world-famous DEFCON and BlackHat hacking conferences.

Seven years on and the security challenges that IoT device manufacturers, IoT platform providers and API coders fail to handle have not gone away. The growth in the market for smart ‘things’ and the persistence of poor practice has amplified the problems. Our ever increasing catalogue of IoT security research (160+ posts and counting) is anecdotal evidence of this. That’s not to say that some responsible manufacturers haven’t listened. There are many great examples of secure smart devices but it’s not ubiquitous.

Headlines

Along the way, we discovered a number of high profile vulnerabilities that made international media headlines. These included the fact that many Samsung smart TVs were listening to the viewer and sending text of conversations to the US for decoding in to text, but unencrypted. We discovered smart refrigerators that leaked the owners email credentials to passers-by. We demonstrated the first ever proof of concept ransomware on an embedded device (a smart thermostat) and many other world-leading pieces of research.

Independent research

We spend a lot of time carrying out independent research, compromising devices, then convincing vendors to fix the issues. Seeing these problems fixed is good for us, and good for consumers, but it doesn’t always address the root causes at the vendors involved. These stem from:

  • A lack of security understanding
  • A lack of sufficient care for users
  • Not factoring security in to their product roadmaps
  • A lack of comprehensive legislation to prevent bad vendors bringing products to market
  • Discrepancies in regulation across different regions
  • A lack of active enforcement of the regulations that do exist

Our flagship piece of…

Source…

Scam-free trading apps that will change your crypto experience

/in


Many exchange platforms are unreliable and unsafe. There is a lot of history of investment scams in the crypto world. Therefore, you need to choose reliable and secure platforms with caution. You won’t want to gamble with your investment. Pick a good platform that leads the market and watch out for signs of investment scams. You can always complete profitable trades when you exchange on the following reliable platforms.

Image source: https://unsplash.com/photos/CXklL5ca71w

Warning Signs of Scams

When claims of high returns are made, consider them to be doubtful. Investment returns cannot be promised because assets might succeed as well as fail. Any cryptocurrency deal that claims to make you money is a scam. 

Additionally, if there is overwhelming advertising, it very well could be a scam. All organisations advertise themselves, but one method that cryptocurrency scammers draw customers is by spending on substantial advertising, such as digital marketing, sponsored influencers, physical advertising, etc. This is meant to appeal to as many people as necessary in the shortest amount of time possible in order to generate revenue quickly if you think that the advertising for a cryptocurrency transaction seems presumptuous or makes foolish claims without evidence and deeper study.

If there are any anonymous teams, it can also be a scam. Identifying who the team is behind the majority of investment platforms should be feasible. This typically indicates the accessible backgrounds of the company’s founders as well as functional visibility through online content. Be mindful if you can’t identify the developer of a digital platform. Ultimately, any market opportunity guaranteeing money for free is probably a scam, whether it is in fiat or digital currency.

Image source: https://unsplash.com/photos/xKmXZ4Fv63w

Tested Crypto Platforms

Traders can purchase and trade a variety of digital currencies on crypto platforms. They are essential for the volume at which digital currencies are traded today. Some trades provide the highest rates or prices, while others offer specific investment funds. The following are the top 5 platforms that are trusted by…

Source…

UM Today | Students | Schulich Scholarship recipients ready to change the world

/in


September 1, 2022 — 

Two remarkable incoming UM students have been awarded Schulich Leader Scholarships. Rebekah Soneye, a student from Murdoch MacKay Collegiate and Marina Caracas Le-Fort from Nelson McIntyre Collegiate will be bringing their extraordinary talents to UM this fall.

Since 2012, UM has awarded Schulich Leader Scholarships to high school graduates beginning their post-secondary education in the Science, Technology, Engineering or Math (STEM) areas of study. The Schulich Leader Scholarship selects students across Canada annually, with awards valued at $80,000 and $100,000.

Rebekah Soneye

Schulich Leader Rebekah Soneye

For Soneye, one introductory computer science class in high school eventually unfolded into an entire passion. Her fascination for the subject grew with every class she took and learning new aspects enthused her every day. She is now beginning her postsecondary education in computer science within the Faculty of Science, as one of this year’s two Schulich Leader Scholarship recipients at the University of Manitoba.

As a student whose only goal is to learn more about what she loves, the disparity between men and women in the field baffles her. “In my [first] computer science class, I was one of three females, and the other two dropped the class in the years that followed,” says Soneye.

This reality propelled her to make a difference. She attended many conferences and followed opportunities that set her up to advance in the field not just as an individual but also as a woman of colour. Inspired by female mentors in the industry, Soneye wants to do the same for those after her.

She started the Girls Tech Club at Murdoch MacKay Collegiate where she taught coding skills to other female students and showed them that pursuing a successful and rewarding career in computer science is achievable despite it being a male-dominated industry.

Having grown up in Nigeria before immigrating to Canada, her experiences and background offer a unique outlook on education. She sets high standards for herself and works diligently to achieve them.

Moving to a new country was a significant transition for Soneye and her whole family, yet she remained consistently excellent. She…

Source…

Microsoft Will Change a Windows Security Default to Block Ransomware

/in


This site may earn affiliate commissions from the links on this page. Terms of use.
499983-ransomware-feature

Most of the new Windows features we talk about are user-facing, be it a new taskbar gimmick or a return of third-party widgets. But what’s going on behind the scenes can be even more important. In the latest Insider builds of Windows 11, Microsoft has changed a security default that could keep ransomware out of your PC. Why it didn’t do this years ago is anyone’s guess. 

Ransomware is a relatively new phenomenon on the internet, the rise of which appears to mirror that of cryptocurrency. Ransomware is a specific type of malware designed to encrypt a victim’s files and then charge for the key needed to recover them. Those affected might have to cough up hundreds or thousands of dollars in crypto to get their files back, and it’s not just individuals who are targeted. Large businesses and even hospitals have been compromised with ransomware, and the cost to decrypt data can be much steeper. Game developer CD Projekt Red (CDPR) was hit just last year in the wake of its disastrous Cyberpunk 2077 launch

In the newest Insider builds (starting with 22528.1000) Windows 11 will use a security lockout protocol for Remote Desktop Protocol (RDP). Dave Weston, Microsoft’s head of OS security, provided some details on Twitter. After 10 incorrect password attempts, RDP access will be shut off for 10 minutes. After that timer has expired, you get ten more tries. 

Weston notes that brute forcing RDP credentials is one of the most common ways ransomware operators gain access to systems. There are even groups online that…

Source…