Tag Archive for: good

US won’t prosecute ‘good faith’ security researchers • The Register

/in


The US Justice Department has directed prosecutors not to charge “good-faith security researchers” with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

Good-faith, according to the policy [PDF], means using a computer “solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability.”

Additionally, this activity must be “carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The update clarifies that conducting security research for the purposes of finding flaws in devices or software, and then extorting the owners, “is not in good faith.”

Hopefully, the policy changes will make security researchers’ lives less stressful

“Computer security research is a key driver of improved cybersecurity,” stated Deputy Attorney General Lisa Monaco. “The Department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The new policy clarifies CFAA language that prohibits accessing a computer “without authorization,” but has long been criticized by security researchers and some lawmakers for not defining what the term means. Anyone charged with violating the law can face up to a long time behind bars.

Critics of the CFAA often point to the death of Aaron Swartz, who died by suicide in 2013 after federal prosecutors charged him under the computer-fraud law for…

Source…

Motorola Moto G Stylus 5G (2022) review: a good, midrange stylus phone

/in


The Motorola Moto G Stylus 5G gets some significant upgrades in this year’s model, taking it firmly into midrange territory. If you’re looking for a well-performing stylus phone but the Samsung Galaxy S22 Ultra feels like overkill, then the G Stylus 5G is what you want.

Don’t confuse the Moto G Stylus 5G (2022 edition) with last year’s Moto G Stylus 5G or this year’s non-5G Moto G Stylus (2022). Somehow, these are all distinctly different phones. While the previous Moto G Stylus 5G wasn’t much of a step up spec-wise from last year’s 4G-only G Stylus, it’s a different story this year. This time around, the G Stylus 5G includes an upgraded Qualcomm chipset, a stabilized main camera, and more RAM. That doesn’t sound like much, but those improvements help to really set the G Stylus 5G apart from the $300-and-under budget class.

Naturally, those upgrades come with a higher price: $499 for the unlocked version with 256GB of storage and 8GB of RAM, a steep increase from last year’s $399. But I think that extra $100 makes the Stylus G 5G into a worthwhile midrange phone rather than a forgettable device on the high end of the budget range. It’s more of a Galaxy Note Light rather than an inexpensive phone that happens to have a stylus tucked inside.

The G Stylus 5G’s 6.8-inch screen is an LCD panel with a fast 120Hz maximum refresh rate.

The G Stylus 5G features a huge 6.8-inch screen with good-enough 1080p resolution and a fast 120Hz refresh rate. Scrolling and animations look smooth as a result, and the phone does use that top 120Hz rate fairly often in auto mode, which is easier on battery life than leaving 120Hz enabled at all times.

This screen is an LCD, so blacks are not as dark, and contrast isn’t as rich as…

Source…

Practise good cyber hygiene habits to thwart hackers, scammers and other malicious parties

/in


In 2013, World Password Day was introduced by Intel to raise awareness on the role strong passwords play in safeguarding our digital lives.

The event, which falls on every first Thursday in May, invites users to evaluate their own security measures and take the necessary steps to protect their accounts.

Simply using lengthier passwords consisting of unique characters is no longer sufficient today as users are advised to turn on multi-factor authentication for better protection.

Experts also urge users not to recycle passwords as they may have been inadvertently exposed in data breaches, and to utilise other security measures such as biometrics authentication using fingerprints or facial recognition wherever possible.

Here are some recent cybersecurity incidents involving bad password habits to convince you to make the change.

As easy as 123

First reported in 2020, the SolarWinds hack has been described as one of the most devastating security breaches in US history.

According to a Reuters report, hackers breached SolarWinds’ software and could have gained access to an estimated 18,000 companies and multiple US government agencies that used its products. These included emails at the US Treasury, Justice and Commerce departments, among others. A subsequent investigative report published by the company claimed that fewer than 100 customers were actually affected by the hack.

Investigations into the cause of the hack led to the initial discovery that SolarWinds had suffered a lapse in password security back in 2019, when an intern allegedly posted the password “solarwinds123” onto their private Github account.

The researcher who found the leaked password, Vinoth Kumar, told CNN that the password had been accessible online since 2018 and that by using the password, he was able to log in and deposit files onto the company’s server.

He warned that any hacker could upload malicious programs to SolarWinds using the tactic.

SolarWinds CEO Sudhakar Ramakrishna later admitted that the password had been in use from as far back as 2017 and that he had taken measures to fix the issue.

The…

Source…

What the heck is so good about Cybersecurity ASX ETF, HACK?

/in


a man in a hoodie grins slyly as he sits with his hands poised on a keyboard. He is superimposed with a graphic image of a computer screen asking for a password, suggesting he is a hacker.

Image source: Getty Images

The Betashares Global Cybersecurity ETF (ASX: HACK) is one of the well-liked exchange-traded funds (ETFs) on the ASX.

According to BetaShares, this ETF is around $770 million in size.

Part of its popularity has come from the returns the ETF has produced. Since its inception in August 2016, the HACK ETF has produced an average return per annum of 20.6%. Though, past performance is not a reliable indicator of future performance.

Expert rates the HACK ETF as a buy

Talking on a ‘buy hold sell’ Livewire video, Felicity Thomas from Shaw and Partners was asked to name an ETF that every investor should have in their portfolio. Her pick was Betashares Global Cybersecurity ETF. Here is the reasoning:

The reason I’ve chosen this is because cybercrime is meant to cost the world $10.5 trillion by 2025, which is huge. It also has amazing names in it like CrowdStrike. In a connected world where everyone is attached to their devices, it’s becoming the biggest problem that we’re all facing.

Betashares Global Cybersecurity ETF holdings

Thomas noted that there are some “amazing” names in the portfolio.

The fund holds around 40 positions in all. Crowdstrike is the heaviest of the portfolio with a 6.7% weighting.

But there are plenty of other businesses involved in the cybersecurity world including: Palo Alto Networks, Zscaler, Cisco Systems, Cloudflare, Splunk, Akamai Technologies, Booz Allen Hamilton, Mandiant, Leidos, Juniper Networks, Check Point Software, F5 Networks, Verisign, Cyberark Software, Fortinet, and more.

What is helping the earnings of the cybersecurity sector?

BetaShares says that with cybercrime on the rise, the demand for cybersecurity services is expected to grow strongly for the foreseeable future.

According to Statista, global cybersecurity revenue is projected to increase from US$137.63 billion in 2017 to US$248.26 billion in 2023.

Australian cybercrime presents just a microcosm of this growing problem. COVID-19 has led to more Australians relying on the internet to work remotely, to access services and information, and to communicate. The Australian Cyber Security Centre (ACSC) says this environment has generated more opportunities…

Source…