Tag Archive for: grip

Getting a grip on security in a chaotic world

/in


Steven van Gysel, Manager, Solutions Architect Northern Europe at Infoblox

Steven van Gysel, Manager, Solutions Architect Northern Europe at Infoblox

It is no surprise that data breaches rank number one [info.infoblox.com] as the biggest concern of numerous organisations, given the lack of control of visibility into remote access on the corporate network. At the same time, there is an increasing reliance on cloud-based applications that carry increased risk if vendors fall short on security and/or fall victim to attacks themselves.

According to recent research by Infoblox [info.infoblox.com], there are especially many concerns among security professionals around the lack of transparency about what security tools remote employees and vendors with network access are using. Moreover, according to the research, it is currently far from certain that internal systems are resilient enough to recover from attacks by state actors. But that’s not all.

Working from home + poorly secured WiFi = a big problem

Internal threats (intentional or accidental) also remain a problem. Especially now, it sometimes seems just about impossible to control how employees handle corporate data. A consequence of the rapid and massive shift to working from home, combined with the proliferation of digital consumer services, is that the likelihood of data breaches has increased. One of the most successful attack methods remains phishing, but zero-day vulnerabilities are also the cause of many successful attacks.

A security breach can undermine confidence in internal knowledge and strain relationships with vendors, especially if the breach was facilitated through a third party. Consider, for example, the Kaseya attack [blogs.infoblox.com] in 2021. Still, scepticism doesn’t help. After all, it only becomes more difficult to maintain a good defence if the defenders lack confidence in their own abilities!

With visibility, you win the race

You can’t defend against what you can’t see. Especially in a world of decentralised networks, visibility is the key to sound defence. Boarding up is not realistic. As network edges are more porous, usage shifts to the cloud and mobile devices and attackers have better tools than ever, “defenders” must assume it is only a matter of time…

Source…

Huawei drops 5G for new P50 phones as US sanctions grip

/in


Huawei Technologies updates

Huawei Technologies revealed its first premium smartphones equipped with the Chinese group’s alternative to Android software but without 5G connectivity on July 29, in a setback forced by restrictions on its access to American technology.

Huawei — the world’s second-biggest smartphone maker as recently as last year — said its latest P50 and P50 Pro phones run on HarmonyOS.

Consumer electronics group chief executive Richard Yu unveiled the phones in a low-key, Chinese-language-only online event — a stark contrast to previous launches aimed at a global audience. Yu did not say whether the new models would be available outside the Chinese market.

“Because of the US sanctions, our new smartphones cannot run on 5G wireless connections even though we are surely the global leader in 5G technology,” Yu said. “But with 4G, Wi-Fi 6 connectivity and our AI computing algorithms, we still can provide as powerful a performance as all the 5G phones.”

This article is from Nikkei Asia, a global publication with a uniquely Asian perspective on politics, the economy, business and international affairs. Our own correspondents and outside commentators from around the world share their views on Asia, while our Asia300 section provides in-depth coverage of 300 of the biggest and fastest-growing listed companies from 11 economies outside Japan.

Subscribe | Group subscriptions

Most of the new premium smartphones from Samsung Electronics, Xiaomi and other Huawei rivals are 5G models. Apple shifted to faster 5G technology last year for its top-of-the-line iPhone 12 series, and plans to add 5G to its lower-cost iPhone SE next year, Nikkei Asia has reported.

Huawei was an early adopter of 5G technology. The company’s Mate 30 series in 2019 was the first in the industry to feature an integrated 5G chipset with a built-in 5G modem — all designed by its semiconductor arm HiSilicon Technologies.

The new P50 smartphones will run on the Kirin 9000 processor developed by HiSilicon, as well as Qualcomm’s Snapdragon 888 4G processor, according to Huawei.

This marks…

Source…

Apple’s software chief blames Mac security to keep grip on iPhone App Store

/in


Apple Inc.’s top software engineer criticized the security of his own Mac operating system in a bid to explain why the company shouldn’t be forced by a judge to loosen its hold over iPhone and iPad app distribution, as Epic Games Inc. is demanding.

Craig Federighi, Apple’s senior vice president of software engineering, testified Wednesday at a trial in federal court in Oakland, California, that his experience with imported malware on the macOS system shows how security would be eroded if the company allowed iPhone and iPad users to install software from the web or other stores, as it does on the Mac.

“Today we have a level of malware on the Mac that we don’t find acceptable,” primarily because the system allows users to install software that isn’t vetted by Apple, Federighi said. That makes it less secure than iOS and iPadOS, the operating systems that power the iPhone and iPad, he said.

Allowing apps from other stores or places on the iPhone would create a “very, very bad situation for our customers,” including “a huge decrease in their safety,” Federighi said. He also said iPhones and iPads have security protections, including the App Store review process, to keep the products free from malware.

Later in his testimony, Federighi said that despite its malware problems, the Mac is the safest choice among personal computers and is more secure than those running Microsoft Corp.’s Windows operating system.

Federighi said that the rival Android operating system, which allows third-party stores, faces similar security challenges. “It’s well understood in the security community that Android has a malware problem.” Apple’s iOS, on the other hand, has succeeded in blocking malware, he said.

Responding to a hypothetical situation in which third-party app download stores would be allowed, Federighi said that Apple’s “security stack” is built end-to-end in a way that it would be challenging to let third parties in to manage user security and privacy. He would have “grave concerns” if Apple had to hand off control over security to third parties, he said.

Earlier in the trial, Epic tried to make the point that if installing software…

Source…

Voluntary Virus Tracking Apps Seek To Get A Grip On The Coronavirus Problem

/in

Be the surveillance you don’t necessarily want to see in the world. That’s the plan detailed in this report by Thomas Brewster for Forbes. Dozens of countries are kicking around large-scale privacy violations to track the spread of the coronavirus. A handful of other countries are already doing this, including China, India, and Hong Kong.

But if you’re willing to give up your own privacy to help government entities track the virus and monitor those who are infected, there’s an app for that.

It was only last Friday when a team of 14 software engineers and data scientists at little-known health and nutrition startup ZOE started piecing together what would become the hottest coronavirus app on Apple’s App Store by Wednesday: the COVID Symptom Tracker.

Now claiming to have hit 1.2 million downloads in the U.K. alone, it asks people to upload their rough location and the details of any ailment they’re suffering, whether they’re related to coronavirus or not. Even if they don’t have any, users are being asked to share how they’re feeling. All the data is then anonymized by turning names into nonidentifiable codes, before being handed to a team of epidemiologists at King’s College London and the National Health Service.

A purely voluntary monitoring system is vastly preferable to some of the ideas being tossed around by government officials. Governments have a difficult relinquishing control once they’ve acquired it. There’s also the very real possibility of mission creep which would turn harmless disease tracking into warrantless tracking of people’s movements over a long period of time — something law enforcement would love to have, and these agencies are well-versed in the art of parallel construction.

Promising anonymization of data is a non-starter. With a little effort, nearly anyone can be identified even if their identifying info has been stripped from their location data. Considering most of the efforts being made right now rely on voluntary compliance by citizens (handwashing, isolation, social distancing), the relinquishment of location data should also be opt-in, rather than mandated.

Over in Israel, the government is doing a bit of both. The country’s prime minister has already authorized its national security agency to tap into a massive trove of location data to track the spread of the virus. Somewhat redundantly, the Ministry of Health is offering a voluntary virus-tracking app.

In Tel Aviv, Israeli Under 30 alum Omri Moyal has been overseeing the security and privacy of Ministry of Health app Hamagen (or “Protector”), which promises to let users know if they’ve been near infected citizens. He says he believes it’s now hit well over a million downloads—with at least 500,000 recorded on Google’s Play store alone—which would mean a ninth of the entire Israeli population has downloaded the tool since its release late last week.

The difference here is users don’t share their location data with the government. There’s no anonymization either. Users voluntarily hand over info about where they’ve been. In return, they’re notified if someone who’s been in the same locations they have has tested positive for the virus. Meanwhile, the approved surveillance by the Shin Bet intelligence agency continues to hum along in the background, with the agency notifying citizens if they’ve been exposed.

Voluntary efforts like these have yet to take off in the United States, Brewster reports. An app developed by the MIT Media Lab and Harvard University has less than 50,000 downloads so far. Another app developed by Harvard asks for location information from users, but the site’s stats make it clear very few people are visiting it, much less providing information.

Maybe US citizens value their privacy more than the benefits giving it up voluntarily could create. Maybe citizens believe this is still an abstraction, rather than the looming threat it actually is. Whatever the case is, it’s going to be difficult to persuade millions of Americans to opt into a voluntary tracking system — even when most Americans seem indifferent to the incredible amount of tracking being performed by wireless carriers and social media companies 24/7/365. Even so, I’d rather see under-utilized voluntary options than any mandated harvesting of location info by government agencies. There’s no reason to give agencies a new power they’ll be in no hurry to give up once the pandemic threat has passed.

Techdirt.