Avast blog: How license plate scanners challenge our data privacy

A security camera at one of ...As more communities install automated license plate readers (APLRs) to monitor vehicle traffic, there are growing concerns about the privacy and efficacy of these tools. Stories have appeared in local newspapers, such as those in St. LouisLouisville and Akron that document the rapid rise of Flock license plate camera data and how it can be a central source of vehicle movements.

These stories highlight some of the privacy implications of APLRs and also recall some of the same issues with the growth of other massive private data collections. In my latest blog for Avast, I describe what’s going with these APLR systems, some of the issues raised by privacy advocates, and how they compare with the DNA/genetic testing data collections.

 

 

Avast blog: How to defeat social engineering attacks

ImageIf you have heard of the process of social engineering, the ability of a hacker to trick you into divulging your private details, then you might have come across ethical hacker Rachel Tobac. She’s the CEO of SocialProof Security and board member of Women in Security and Privacy. I virtually attended one of her more recent talks, during which she explained her craft and gave some suggestions on how we all can improve our personal security and make her job more difficult.

Tobac has carried out some notable security stunts in the past, such as live hacking a CNN report’s accounts and stealing his airline points. “I hack so people can understand how hackers think and hopefully you will avoid these mistakes,” she told her audience.

You can read more about her talk — and how to harden your own defenses against social engineering attacks — in my latest blog for Avast here. And if you want to watch a great documentary about the teens behind the 2020 Twitter hack, you can find it streaming on Hulu here,

Avast blog: Just because your iPhone is powered off doesn’t mean it can’t be attacked

Did you know that even when your iPhone is turned off, some of its components are still getting power? Researchers have found this to be one of the reasons why a new attack vector can operate without your knowledge. The issue lies with the iPhone’s Low Power Mode (LPM) and the fact that while using this functionality, certain communications chips continue to operate. Apple’s LPM features were introduced as part of iOS 15 and enable things such as Find My Phone, which can continue to track and function when a phone is turned off. You can find out more about this, and how it stacks up with air-gap research and NSO’s Pegasus, in my latest blog for Avast here.

 

CSOonline: How to choose a certificate management tool

Many years ago, Madonna sang about sharing her secrets with us. While the IT version may not be as entertaining as what was discussed in that song, there are still important reasons to understand your corporate encryption secrets and how they are provisioned, managed and deployed. The tools to do this go by various monikers, including SSL/TLS certificate or key management tools, machine identity management, or PKI as a service.

These secrets are found all over the IT map, including those for servers, for applications, to encrypt your email messages, for authenticating to connect with IoT devices, to allow you to make edits to a piece of code, and for user identities to have access to a particular shared resource.

cso email security suites table

I mention the above products and some of their important features, along with other aspects  about how to manage your certs in my post for CSOonline here.

Red Cross blog: Brian Mintner Delivers Blood and Much More

Saving lives isn’t just some abstract concept for the American Red Cross. Volunteer Brian Mintner not only delivers lifesaving blood to people he’ll never meet, he is directly responsible for saving one specific life. Brian is the manufacturing transportation supervisor for the Missouri-Arkansas region of the Red Cross, coordinating the movement of blood products collected from donors and ensuring they are transported to various hospital blood banks. He oversees a vast transportation network that, he admits, “is a brutal chain of custody.”

In my blog for the Red Cross, Brian (whom I also work for as I am one of his volunteer drivers) is profiled.

Avast blog: How to make a successful transition to a hybrid work schedule

Employers should migrate to a hybrid environment only after building a solid foundation to support remote workers. As Covid-19 pandemic restrictions have eased, employers are adjusting their work-from-home policies. Some companies, including Airbnb, have doubled down and made substantial commitments to remote working. Others, like Google, have begun to shift to more in-person and hybrid office policies. This range just among the two tech giants is an example of the different possibilities being considered by other employers. According to a 2017 Gallup poll, 43% of U.S. employees worked remotely all or some of the time.

Part of the reason for this difference has to do with how all of us have adjusted to working in the face of the pandemic. I explain more in this post for Avast’s blog.

Network World: Lessons learned from the Atlassian network outage

Last month, software tools vendor Atlassian suffered a major network outage that lasted two weeks and affected more than 400 of their over 200,000 customers. It is rare that a vendor who has been hit with such a massive and public outage takes the effort to thoughtfully piece together what happened and why, and also provide a roadmap that others can learn from as well.

In a post on their blog last week, they describe their existing IT infrastructure in careful detail, point out the deficiencies in their disaster recovery program, how to fix its shortcomings to prevent future outages, and describe timelines, workflows and ways they intend to improve their processes. I wrote an op/ed for Network World that gleans the four takeaways for network and IT managers.

Avast blog: Top MFA myths busted

Today is World Password Day. Ideally, every day you should take some time to improve your password collection, and the best way to do that is to use MFA. But for all of its utility, MFA still has its resistors. If you need some ammunition to fight for its acceptance across your company, we’ll bust a few MFA myths in my latest post for Avast and hopefully help you convince folks to get onboard.

Avast blog: The U.S. government wants to expand the use of social media for visa vetting

For the past several years, millions of foreign visitors and potential immigrants entering the US have divulged the contents of their social media accounts to the US Department of Homeland Security (DHS). This requirement is part of the Visa Lifecycle Vetting Initiative (VLVI) that began in 2014 and has been expanded in 2019.

You can read more about the evolution and dangers of this program in my post for Avast’s blog here.

Avast blog: Obama on strengthening our democracy and reforming social media

Last week, Barack Obama delivered a keynote address at an event, “Challenges to Democracy in the Digital Information Realm”, co-hosted by The Stanford Cyber Policy Center and the Obama Foundation. He discussed the role of government in online technologies, the relationship between democracy and tech companies, and the role of digital media to elevate authoritarian rulers. He touched on the point that we all now occupy entirely different media realities that are fed directly into our “personal information bubbles” of our smartphones.

You can read my post for Avast’s blog here to see what else he had to say to this audience and what he recommends we do to fix social media to make it better for democracy.