Category Archives: Security

Everyone needs good Cyber Security knowledge

19 Tuesday May 2020

Posted by in Security

Leave a comment

Tags

Padlock Gates“Everyone needs strong good Security knowledge”. With the increase of connected devices that are entering our lives and the number of vulnerabilities being found in technologies that are becoming common place in our homes, people will need to be more savvy around Cyber Security and know what is going on with our devices and information.

Recent times have also seen an increase in the usage of devices, applications, social media and video calls. It has also seen an increase in the number of scams and security issues increase.

Sales of technology to allow remote working and to stay in touch with family and friends was rapid at the start of the pandemic and this also saw the cost of some devices increase as stocks reduced. The rush to buy was huge and lots of items were quickly plugged into devices to get online and talking. A lot wont have looked at updating any versions of these add ons firmware, drivers etc to the latest versions, which may cause issues later.

Security however cannot be an after thought and should be one of the first things you think about. Also helping your family and friends to make sure that they have updated to the latest versions and are secure.

Our devices are only as good as the last updates/patches applied and security measures that we have in place. The UK Government has previously reported planning new laws to cover smart gadgets sold which includes stronger passwords and length of time before an update. There are already a large number of devices already installed and in use. A number of these wont have had any updates or changes applied since first being installed if they are a manual process for the user to initiate.

Good practices to adopt are

  • Check the manufactures website for firmware or driver updates on a regular basis
  • If the device software allows a check to be made for updates on a regular basis make use of the tool.
  • Use strong passwords
  • Change any default passwords
  • Don’t use the same password on different systems
  • Use passwords on your video calls
  • Use a VPN if working from home
  • Turn on two factor authentication on applications that allow it

If this is all second nature to you thats great, however it may not be to others. Reach out to your family and friends and talk them through what they need to do so it becomes second nature to them.

Further Reading

 

 

Your Digital Exhaust – The data we share

06 Wednesday May 2020

Posted by in Connected Home, Security, Social Media

Leave a comment

Dont say a wordEveryone who uses a computer or mobile creates their own digital exhaust in the form of data that we leave behind and spew out of our devices – from location data to social media posts and videos. Other things we own such as cars and houses are also generating data from SatNavs to Smart Meters.

If we could measure individual volume of data and information against todays climate change measures and visualise it, we would probably call it an ecological disaster on a person by person scale, however we go about our daily lives creating data with and without knowing it.

To be clear creating data does have a climate effect as there are systems behind what we create and they all need power, cooling etc. However, putting any talk to the side around the ecological effects of this as there is enough said already about climate and climate change and focusing on the data itself.

At the beginning of 2020, the digital universe was estimated to consist of 44 zettabytes of data, which is 44 trillion gigabytes and growing. That’s a lot of data!

We go about generating data without knowing or thinking until a news article catches our attention about something someone said many years ago. Recent times have seen an almost doubling of the use of the internet. This in turn increases the amount of data being created as people discover ways to help elivate lockdown with video calls to new dances on TikTok.

To put this into perspective a bit, with a trolley full of phones you can create a virtual traffic jam, but dont try that at home. This example illustrates the data being generated from a device and how others are using it, in this case to look at traffic patterns

In this increase of posts and data about people across the many different platforms available, are you stopping to think about what your posting?  We go about generating data without thinking until a news article catches our attention about something someone said many years ago that has been found on a social platform somewhere.

Sci-Fi moment alert! – Having watched an episode of “The Orville” by Seth MacFarlane called “Lasting Impressions” where the crew of the Orville open a Time Capsule and recreate someones life in a holodeck using just the data from a iPhone (after accessing a video on the phone where the person who’s phone it is, gives their consent for the data to be used in the future) and recreate and interact with the phones original owner. This provides the crew with a view into that persons life and what they were like.

Have you through about what would happen to your data in the future?

This concept can easily be recreated today and there are TV programs that investigate and look at people to check who they really are (Catfish the TV show). Its easy to see how people leave a trail of digital evidence and clues from what they post and are not secure on what they do or think about what they post.

Here are some good tips to help secure your online presence:

Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.

Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70 percent of job recruiters rejected candidates based on information they found online.

Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness and mastery of the environment.

Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes such as stalking.

Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know and trust) up to date with your daily life.

Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or seems inappropriate, let them know. Likewise, stay open minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.

Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them and report them to the site administrator.

Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.

Own your online presence: When applicable, set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.

Source: https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/social-media/

Additional tips are available at this source.

 

Further Reading

Tips on being Social Media Savvy

 

 

 

A night at the Museum – Late Session

08 Tuesday Oct 2019

Posted by in Security

Leave a comment

Tags

,

latesI recently had the opportunity to help run a stand at one of the Science Museum in London, Lates sessions with some colleagues.

The topic of the table was “Privacy vs National Security”. This was a drop in table to provoke discussion around this topic. The main point of this topic was to engage with the general public and understand their view points whilst discussing things in the news and the consequences that happen.

The brief was “Where does privacy start and end? How do you protect privacy and also provide national security? How do you monitor the bad guy? What do you think?”

The discussions ranged from the recent stories around the facial recognition cameras at Kings Cross, London to GDPR Post Brexit and is Alexa listening to everything I am doing?. A wide range of discussions. The discussions were going on and engaging that we still discussing as we dismantled the stand and left the Museum. the topics covered were discussed at length and I will write some future blog posts on some of these.

As well as the discussion I had a Raspberry Pi 4 and a USB Camera running Tensorflow and OpenCV to perform a level of people recognition displaying on a large screen in the Museum. This also helped generate conversation on the night and bring people onto the stand.

By the end of the evening we really did have a Night at the Museum, but without the exhibits coming to life.

If you are in London on a last Wednesday of the month I recommend that you visit the Lates sessions at the Museum. Book early as spaces do go quickly.

https://www.sciencemuseum.org.uk/see-and-do/lates

If you have any thoughts on the topic, please add comments on this post.

Facial Recognition – here to stay?

23 Friday Aug 2019

Posted by in Security

1 Comment

Tags

,

Facial RecognitionLove it or Hate it Facial Recognition technology is here to stay. What is now being recongnised is a need for governance and controls over systems that use it and in line with any current country legislations and data laws.

The ability to recongnise objects and faces is not new, but an evolving technology that is getting better at what it does.

When the use of ANPR (Automatic Number Plate Recognition) systems came out similar debates were had and these systems are controlled and governed by a set of strict guidelines. ANPR systems are now widely used across the world from Police Forces to Car Parks checking the time you have stayed against the ticket you have purchased.

Our acceptance of these Facial Recognition systems may take a similar route.

There have been a lot of stories recentrly about Facial Recognition and its use such as the UK Kings Cross Development which is now under investigation by the ICO around the storage and use of the data.

Many Police forces in the US have been using it and in the UK there have been trials of the technology with some trials not going forward due to human rights discussions and also some technology not picking up everyones faces correctly. Advancements are being made in the systems to resolve these issues and increase the ability to capture and recognise the information.

Some states in the US have banned the use of the technology (or are considering banning) and the EU are also starting to consider bans.

The UK Home Office and Border Force are currently looking at a version of Facial Recognition to help cut down on the queues at the border. The e-queues already do facial matching from camera pictures to passports to automate the system.

For me I am okay with the technology as long as its being used to help us police and keep us safe. Also the ability to recognise for financial and security systems. You can build your own system that you can teach it to recognise your face using a Raspberry Pi,

 

 

 

More Scam Callers – time for some fun

10 Friday Aug 2018

Posted by in Security

1 Comment

Tags

PhishingIt it just me or is this on the rise? Recently I have noticed an increase in the number of scam phone calls that I have been receiving on my land line and on mobile. All from different countries and trying various scams to get information, money or both.

ts nothing new, calls like this go on all the time and unfortunately people do get scammed as they fall for what is being said on the other end of the line.

The game is how long you can keep them on the phone so they can’t spend time trying to scam someone who doesn’t know they are being scammed.

Recently an automated call with a computer voice called my home number saying that my internet router was going to be shutdown from my service provider as it had been identified as being hacked. Yeah – Right! So I played along and decided to record the call, which I will probably use in a future podcast. I got put onto a woman in India who evidently didn’t know what type of scam front end had put me through. She then went on to tell me my computer had a virus. Eventually I did ask “How many people had she scammed today”. The reply was lots and she put the phone down. – Time on call 30 Mins

Another call today was one of those, insurance accident ones, but this time they tried a different tack. Saying it was a follow up call to my wife about the accident she had. Again scam and I asked the lady who called if she had job satisfaction scamming people. This call came from London so I have reported it to the action fraud centre. – Time on call 5 Mins.

And as I am writing this post another call comes in – Can you spare me 20 seconds to answer 2 questions, then starts to ask me to confirm my phone number and tries to ask me about my home ownership. When I ask whats the end part of the the call, are they trying to sell me something or scam information out of me they hang up. Another call from London so again have reported it to the action fraud centre. – Time on call 5 Mins.

At least that’s 40 mins that other people haven’t been bothered or scammed by these callers.

A lot more can be done though and needs the teleco’s and authorities to go after the numbers where these calls come from and start prosecuting or at least shutting them down. That said the police get these calls as well – here is a great video on youtube of an IRS scammer trying to scam a police officer and he gets the scammer to explain how that particular scam works.

Lots of people already add numbers to online systems such as Who Called Me, and these are normally the first place I go when number comes up I don’t recognise. You can also put the number in the search engine which bring up sites where its been logged as a problem/scam caller.

If you don’t know how to protect yourself on the phone, one of the best place to get tips is from your or other banks websites. Plenty of good information on keeping safe on there.

Just because you call saying your from my bank doesn’t mean I’m going to answer your security questions.

 

 

 

 

 

Joining the World of Dashcams

10 Tuesday Jul 2018

Posted by in Security, Tools

Leave a comment

Tags

,

DashcamI have decided to be a lemming and follow everyone in the move to equipping my car with Dashcams. Although not a new thing a recent boom in the use of cameras in vehicles has made this  now a very common practice to have one. It is easy to fit a Dashcam to any vehicle to record the driving habits of the driver and other road users.

These range from cheap Dashcams that can record to an SD Card through to more expensive models that send recordings to the cloud (Servers on the Internet) that can then be viewed through a mobile phone app.

So why be a Dashcam lemming? Following a near miss the other day with a car pulling out of a junction (give way) on me without looking at the traffic coming from the right, whilst I was coming along the road, I have decided its time to add some evidence just in case! Well I get this most mornings as the estate I live on is used as a short cut to miss out the main roads and queues of traffic. Time to join the masses.

Also because this is becoming the next thing on being able to easily upload footage to the authorities.

Dashcam footage submission website goes live

Advice from Cheshire Police on submission Dashcam footage

I have noticed that since getting camera’s on the car that there has been a reduction in the number of people that have tried to drive in my boot.

Perhaps with enough evidence I can get a Give Way Junction changed to a Stop Junction. I’m not looking to increase the number of drivers prosecuted, just make the estate I live on safer to drive.

And where do Dashcams fit with GDPR? Some good advice on the link below.

Dashboard Cams – do you need notify the ICO?

Digital Fit in 2018: Social Data Security

11 Wednesday Apr 2018

Posted by in Digital, Security

1 Comment

Tags

,

SocialDataWhen you mention personal data at the moment, most people think straight away of the recent Facebook/Cambridge Analytica new story and how your personal data is being used. However when you take a step back from this story and look across your own digital ecosystem you are generating a lot of data across a lot of systems. Are you really secure and do you help yourself over data security?

The drive of the social platforms has been to get people to post and upload lots of data about what they are doing and it has become a Social Norm to just tweet about this or post a photo on Instagram or Facebook, upload a video, Snapchat with friends etc…

As these things are now second nature to some people, the question of “Should I actually post that or say that” doesn’t get asked or thought about.

Here an example of this – I often see my feeds full of holiday snaps and people “Checking In” at a location such as an airport with a line off “Off on Holiday for 2 weeks”. Not the best plan if you haven’t secured your settings on your social feed of who can see your post. This doesn’t cover other people re-posting your post though to their friends.  This is evident in the Facebook/Cambridge Analytica news as once someone used a web link the system went out and picked up details of that persons friends details.

There have been lots of stories in the news of postings being directly related to house burglaries. How many people know that these types of social posts could effect your house insurance.

  • Check your social platform security settings
  • Remove any location tagging from photos you take (Check your camera apps as well – it may be putting gps locations into the photo metadata)
  • Consider posting after the event if you can
  • Think about your location check ins
  • Think before you post

 

References

https://globalnews.ca/news/2831282/are-your-vacation-pictures-putting-your-home-at-risk-of-robbery/

https://www.telegraph.co.uk/news/2017/03/04/john-terrys-mansion-burgled-footballer-posted-holiday-pictures/

https://www.confused.com/home-insurance/guides/burglars-turn-to-facebook-and-twitter-to-target-victims

 

Further Reading:

Digital Mindset

Smart Home – How many Hubs?

07 Tuesday Nov 2017

Posted by in Connected Home, Digital, IoT, Security

2 Comments

Tags

, , ,

Planning a Connected HomeWith the typical home now being enticed into the world of the “Smart Home”, IoT (Internet of Things) and Connected Everything the number of hubs being offered with each service is growing.

So what is a hub? A hub is a device or service running on a device/computer that acts as a connection point for devices to connect to the internet.

Lets assume that you have 4 devices that need connecting to the internet so that you can control them via a personal assistant (Alexa, Siri, Google, etc) or an app on your mobile phone. For this example think of the devices as light bulbs.

The devices (light bulbs) connect using a wireless protocol to a hub. This will be a protocol that has been chosen by the vendor and is not able to be changed, such as:

  • 6LowPan
  • ZigBee
  • Z-Wave
  • Wi-Fi
  • Bluetooth

See “IoT Device Security Considerations and Security Layers – Network Communication

The hub will then be connected to your home router either by a wired connection or another wireless protocol (Wireless Protocol 2). This will typically be set to the same level that your home WiFi is set to (i.e. WPA2).

The hub will then send its data to which every internet service is providing the service and allow connection to your controlling devices.

Connected Home Hub Diagram

Typical device and hub design

As the number of services grows that you can consume, the number of hubs required will also grow.

Connected Home Multiple Hub Diagram.jpg

Multiple Hubs in the Home

There is currently not much drive for integration of the hubs or a central generic hub to bring these devices together and a home may have between 1 to 5 hubs as the smart home grows.

The services that we consume is currently down to personal choice, however there are developments that will force a level of connectivity onto home owners.  The first will be the Smart Meters, although this is sometime off as the target is 2020 for installations of Smart Meters.

One of the latest developments is the insurance market, looking at the use of IoT to help bring down insurance premiums.

We may not think too much about hubs as they may be hidden within another device, such as the latest Alexa with inbuilt Philips Hue Hub, however they are there.

The hub is here to stay, but how many do we really need within a connected home.

Further Reading:

Blog Series on:  IoT Device Security Considerations and Security Layers. 

 

A to Z of Digital

19 Monday Jun 2017

Posted by in Automation, Cobotics, Digital, Innovation, IoT, Machine Learning, Open Source, Programming, Robotics, Security, Social Media, Tools, Wearable Tech

26 Comments

Tags

, , , , ,

ABCBeing Digital, Journey to Digital, Digital, 21st Century Humans, are phrases that are common place in many conversations around business and technology. But what does it mean to be “Digital”.  This is a wide subject to cover in a single blog post, so here is an A-Z of Digital to help.

I will break these down in further blog posts going into each subject in more detail.

A – Automation

The manual tasks of today should be the automated tasks of tomorrow, achieved using tools that interface with systems using API’s and commands that join them together to carry out tasks. From turning your heating on using an application to automatically carrying out a set of repetitive tasks to allow other more complex tasks to be undertaken.

B- Blockchain

A blockchain is a distributed database that is used to maintain a continuously growing list of records, called blocks. Each block contains a timestamp and a link to a previous block. A blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for validating new blocks. By design, blockchains are inherently resistant to modification of the data. (Wikipedia).

C – Cobots

Cobots are Robots that are adapted and programmed to work and interact with humans in various tasks and levels of activity. Imagine you’re working buddy is a cobot that can perform tasks hand in hand with you, take over if you need to do something else, increase its speed of completing the tasks, then sense your return and slow to the speed your working at.

D – Digital

“Digital” is an umbrella word that covers many different topics. There are many definitions available, but for me this is about how we unlock the capabilities available today and use them to better our lives and society. From a business view this is about growth and transforming through processes and technology. Being Digital is not necessarily about having the latest gadgets, but more around how you are using them and what you do.

E – Evolution

Evolution covers the advancements and new technologies that are being discovered and created every day.  There are lots of new ideas and products coming out of sites such as crowdfunding and crowdsourcing sites, some work however some do fail. These sites are worth tracking to see what developments are coming around the corner.

F – Fitness Trackers

Fitness trackers are probably one of the most common wearable that is available today and have been around for a number of years.  Trackers have developed to include a wide range of functionality including heart rate, blood pressure, location, altitude making the data useful to the health and medical industries to understand how we lead our lives.

G – Geolocation

Geolocation ties into a lot of the items in this list and provides a basis for providing location and tracking capabilities for devices and applications. It is also used to locate and pinpoint where users are. Some services cannot be consumed these days without agreeing to having this information shared with a site. The most common type of application in wide use is a Sat Nav.

H – Hybrid

Hybrid is used as a term to describe a mix of public and private services, such as a Hybrid Cloud where services can be mixed between traditional on premise/data centre services and cloud services, providing some control or orchestration layer across both to allow users to consume based on policy or requirements.

I – IoT

IoT (Internet of Things) is where physical things are connected by the internet using embedded sensors, software, networks and electronics. This allows the items to be managed, controlled and reported on. There are many reports estimating the number of IoT devices likely to be connected in the future, these are between 20 and 50 Billion devices by the year 2020.

J – Jacking

Jacking is a term used when you plug into something. Body Jacking is a growing area where the body is being used from generating power through movement to implanting chips to interact with the environment such as open a door or unlock a computer. This also covers Bioables which collect data on your body such as glucose levels using sensors that penetrate into the under the skin.

K – Knowledge

Understanding what is going on in your streams, market places and industries is a big task. Lots of information coming in on a daily basis – drinking from the fire hose, not able to consume it all. Creating your Personal Knowledge Management System will help navigate the sea of information and pick out what is key to your situation and what can be dropped.

L – Legal

With the increasing about of things interacting with our daily lives, the area of Legal and Security play a big part. There are a number of important questions to ask – Where is your data being stored and who actually owns it. Is your data secure and have you implemented all the right controls? What does Legistlation such as GDPR mean to you?

M – Machine Learning

Machine Learning (ML) allows a computer to learn and act without being explicitly programmed with that knowledge. An example of Machine Learning Algorithm is a web search engine that brings up a number of results based on your search criteria and shows which could be most relevant to what you are looking for.

N –  Networks

Networks and connectivity form the backbone of the systems in use today. Using a number of different types of network from Cellular (3G, 4G) to traditional networking and futures of 5G and Neural Networks speeding up how we create, consume and process data.

O – Organisation

Infrastructure as Code looks at making hardware being able to controlled at a code level, allowing Microservices and the ability to consume capability quickly. The next stage is the Organisation as Code. A great example of an Organsation as Code is Uber, building services and the supporting organisation in the cloud that allows it to be consumed anywhere and the drivers to login and become part of that organistation for the period that they are employed.

P – Programming

Everyone should learn to code. Learning to code (Programme) in a language like Scratch, Python, Java, C, etc. The ability to code will allow someone to understand how they can automate a task using tools and API’s.

Q – Quantum Computing

A computer which makes use of the quantum states of subatomic particles to store information (Dictionary). Quantum Computers are being developed with the ability to compute data at an exponential rate allowing for quick computing of complex data.

R – Robots

The vision of Robots has been around in early Science Fiction and are very much a reality today. From an automated manufacturing plant to a robot to help you shop and carry out tasks. The field of robotics is advancing bring in Artificial Intelligence and Machine Learning to boost their capabilities and means to learn, self-think and complete tasks.

S – Social

Being social is not just around how you use the tools and what you tweet, but also what you don’t say and being Social Media savvy on your communications. There is a large number of social tools available with some well-known such as Twitter, Facebook and Linked in to those not so. It is also about how you organise your life with these tools and use them for productivity and security.

T – Twenty First Century Digital

The term 21st Century Digital applies to the current century and how you are using Digital to better your organisation and yourself. The LEF (Leading Edge Forum) has information that covers these two topics as the 21st Century Organisation and 21st Century Human.

U – Usability

The usability and user experience of devices is key.  Understandoing and being able to interact with devices is important. If a someone can’t use the application or device they may start looking for an alternative that they can use.

V – Visionables

Visionables moves the wearables market to technologies that help enhance our experiences through what we see. This covers things like Smart Glasses, Virtual Reality, Augmented Reality and Mixed Reality.

W – Wearables

The field of wearables is expanding with more ways to attach sensors and record data about our daily lives. This typically covers anything that you can wear or attach to your body and in the main interfaces with a mobile to be the central data point, although many devices operate separately and can transmit data themselves.

X – Xperience

Xperience covers how we use these technologies and advancements to shape our lives and the effects that they have on them. How we have moved from the days of the first computer to today’s wearable and interactive society.

Y – Yottabyte

Yottabyte is a term used to define an amount of storage.  The prefix yotta indicates multiplication by the eighth power of 1000 or 1024 (Wikipedia). The amount of storage used today is seeing huge daily growth with systems currently using petabytes of data. The trends will increase the amount of storage needed to hold data.

Z – Zabeta

Zabeta is a noun meaning Tarrif or Tax. As we move to a more automated society there is a view point that automation and robots should be Taxed.

This is my current A to Z and some of the entries may be different in your version. Do you agree with the list? Whats in your “A to Z of Digital”?

 

How much trust should we give apps with device permissions

13 Tuesday Jun 2017

Posted by in Digital, Security, Tools

Leave a comment

Tags

, ,

spyware-2319403_640Have you every gone to the app store and just installed something on there because it looks good and something you want to look at, or purchased a product and then installed the app without thinking or checking it out first? Lots of people do, but do they really know what is going on under the covers?

How often do you install an application onto your personal device without checking the permissions that it requires or know what the app has access to and what its doing?

These are relevant questions that we should be asking ourselves as we become more connected and joined together sharing our personal data. This is a subject that I have written about before on app permissions and is still relevant today.

I have recently been asked to look at a fitness braclet that someone had who wanted to install the app. What struck me about this app that basically allows you to control a basic fitness tracker was the permissions to allow access to the Camera and Microphone, when there is clearly no reason within the product or app to have them. Is this a lazy programmer who hasnt set the right permissions on the app or is there something else going on.

Invite

One of the great things I like about mobile devices now is the ability to actually turn these off myself.

So do I want my coffee app to know where I am all the time, maybe not, but I do know that it may need access to the storage to download the latest offers and store those discount vouchers.

Of course stopping a permission may cause application issues, however the important thing is that a user can say no.

So when was the last time you checked the apps installed on your device and their permissions?