Whilst we see many sources talk about the need of blaming North Korea, we see an abundance of changes that are now not just changing the way we think, but these changes will also change the way we live and act. As we are soon to be lulled into more false sense of security, we must now content with the thought, what is real and what is not.
In IT these issues have existed on several layers for a long time, yet the overall lack of Common Cyber Sense has been absent for a massive amount of time. Bradley Edward Manning, now known as Chelsea Manning is only one of several parts of this puzzle. Wikileaks has added its own levels of damage and let us not forget the acts of Julian Assange and Edward Snowden. This is not on how things were done; it is about a lack of proper measures and controls. In the age of people screaming that they have a right to know, they will publish whatever they can for the need of ego and then scream on how the government is abusing their right to privacy.
These are all elements that link back to ‘Common Cyber Sense’.
CCS as I call it has in its foundations a few branches. The first is proper use and knowledge. Many still laugh and sneer at manuals and proper use of equipment, yet when other people started to ‘look’ through their webcams on laptops into their privacy, smiles disappeared quickly. We live in an age where everything is set around the fake image of comfort, it is fake because comfort at the expense of security is never comfort, it is just an added level of danger into your own life. At this point people forget that what is set into software, can usually be switched on and off at the leisure of a skilled ‘someone else’.
Buying what is cheap and what is right are worlds apart, that part is more and more a given fact. The bulk of people are lulled into ignoration when it comes to a simple easy tool that can be used everywhere, at which time they forget to ask ‘by everyone?’. Consider the HP laptop (one of many brands) has a build in webcam at the top of the screen, instead of relying on a software switch, these makers could have added a little slide that covers the lens, literally a low-tech solution making the lens see nothing, as far as I can tell, no one took that precaution for the safety and security of the consumer, is that not nice?
The second branch is access. If I got $.50 for every person that uses their name, ‘qwerty’ or ‘password’ or even ‘abc123’ for their login, I could buy a small Island like Hawaii or New Zealand, probably even both. Even though many websites and systems demand stronger passwords, there is always that bright person who uses the same password for every site. This is part of a larger problem, but let’s move on for now.
Third is the connection branch, places where we can ALWAYS connect! You think that not having passwords on your home Wi-Fi makes you safe? Wrong! You could add loads of problems on every device that connects to it by not properly setting things up. I wonder if those with an automotive router have considered the dangers of not setting it up properly and letting all the people they pass access to whatever is connected to it in the car.
The fourth branch is for the unknown. This might seem like a weird option, but consider how fast movable technology is growing, I am using ‘movable’ and not mobile, because this changing field includes phones, laptops, PDA’s, tablets and other not yet defined devices (like the apple watch, handheld game systems and consoles).
At the centre of all this is proper usage, but not just your hardware, it also includes your software, a fact many have remained oblivious to.
At this point, I will take a temporary sidestep and let you consider the following term ‘non-repudiation’.
Non-repudiation is about identity and authentication. Basically it states, ‘you and you alone‘ have sent this item (message, photo, financial transfer). In legal reasoning this will be the strong shift that will most likely hit many people in 2016 and onwards, it could hit you this year, but there are more than just a few issues with this situation for the immediate now. So when you lose your money and you state you were hacked, then you might soon have to prove it, which means that any evidence that you EVER gave your password or pin-code to a spouse, lover, boy/girl friend or sibling means that you nullified your rights. You get to pay for the consequences of THEIR acts at that point.
So when we see biometrics, we think fingerprint, we expect to be a lot safer. WRONG! Only last month did a group in Germany show how they recreated the finger print of the German Defence minister from simple digital photos, which means that this could have given them access to a whole collection of items, events and information they should not have gotten access to. So what to do? Well, that market is growing really fast. ‘Vein’ is the latest. It does not rely on fingerprint, but on the veins in a finger or hand, it is just as unique as a fingerprint, it is a 3d issue, making it even more secure and it requires an actual living hand. It also will lack the dangers of influence that a retinal scan has when a woman gets pregnant, or in case of a diabetes patient or alcohol levels. These all can shift retinal scans, with the added problem that this person stays outside the lock, becoming the valid person ‘no-more’. Yet, ‘Vein’ is still a new technology and not currently (or in the near future) available for movable devices, which gives us the issue on what devices are actually decently secure.
Let’s not forget, that even though this is not an immediate issue, the people will need to change their possible ‘lacking’ approach with more than just slow muffled interest, whilst they rely on the comfort of not having to comprehend the technology. That part is still not completely disregarded in several cases, the issue at Sony being likely the most visible one for some time to come. There is still a massive amount of actual intelligence missing. Most speculate, including me (yet I have been looking at these speculators and claimers of facts). Whilst Sony is visible, there are still unanswered issues regarding the NSA and how a place like that had the implied intrusion Edward Snowden claimed to have made.
Now let us take a step back to the four branches. I showed the webcam issue in the first branch, but the lack of consideration by the user is often a bigger problem. You see, many ‘lock’ their device, or just walk away and switch their screen off. Their computer remains connected and remains accessible to whoever is looking for a place to hack. I know that waiting 45 seconds is a bother at times, but learn to shut down your computer. A system that is switched off cannot get hacked, the same applies to your router (which actually has the added benefit of letting your adapter cool down, making the device last longer) and your overall electricity bill goes down too, all these benefits, all neglected for the fake comfort of accessing your social media the second you come home. Yet proper usage also includes software upgrades. Many do them, but more often than not, they tend to be made when the system reboots, when this is not done (or the software upgrades are not made) your system becomes increasingly at risk for intrusions of all kinds. Windows 7, which is a lot better than either Vista or Windows 8, still required 84 patches in 2014. With over half a dozen being either critical or important, you see why even in the best of times, under all conditions met, you still run some risk. And this is just Windows; in 2013 they had to fix 47 vulnerabilities regarding Outlook, explorer and the Windows kernel. There was a massive issue with remote execution, which means that your system was open to the outside without the need for a login (source: PCWorld). Now, to their defence, Windows and office are massive programs, but still, it seems that Microsoft (not just them) have taken a strong stride towards ‘comfort’ whilst ignoring ‘safety’ (to some extent).
Branch two is usually the biggest flaw. Even though many websites will require a decent level of strength (usage of small and capital letters, numbers and a special character), but that list is still way too small. The amount of people that I have met that use the lamest of simple words (like ‘abc123’) and these people cry the loudest when their money is gone. You see, it is easier to just hack your computer or device and use that system to order online via other means then it is to hack into your bank account. Yes, it is a bother (at times) to remember every password, yet in that regard you could be clever about it too. There is nothing stopping you from creating variations on a password whilst making sure it is a completely different one. I learned that someone had used her dictionary app to use a version of word of the day, she changed ‘adscititious’ into something like ‘Adsc1t!tious’. Good luck figuring that one out! (I had to look up the word in all honesty), the options become even more interesting if you speak additional languages. So, branch two is something that you the user largely control.
Branch three is actually the growing danger. It is not just when we connect, but when things connect automatically that becomes an issue (and where from). Insurance companies are more and more about your visibility, even though no official moves have been made, the day that junior uploads that catch of the day to his Facebook with dad in the background. That is the option for the members from the ‘institute of discrete entry and removal operations’ to help you with your old stuff (the missing items when you get home). The information you ‘give’ when you connect (especially on free Wi-Fi places), you see, when you connect to free Wi-Fi, more than one danger exists that others can connect to you, yes, you could learn that free Wi-Fi was the most expensive part of your vacation soon thereafter. It however moves more and more to your area of usage. As we get more connections and as we can connect from more places (like the automotive router), we will receive additional responsibilities in setting devices up properly for our safety and the safety of our children.
Now, to take a second sidestep. This is not about scaring you (a nice benefit for sure), some of these things can be prevented from point zero. Knowing what you switch off, switching off when not used are first easy and elemental steps. You see, a hacker looks for a place to get into, when your computer and router are switched off, the hacker will not spot these devices at all and move on. Hackers do not like to waste time, so when you use proper passwords, that same hacker will lose a lot of time getting access to your devices, time he could be having ‘fun’, so these two elements are already diminishing the chance of you getting transgressed upon. But in the end, there is another side. Makers of hardware and software need to become increasingly aware that their ‘toys’ have malicious usage. It was Geek.com that had the article ‘Yes, Xbox One Kinect can see you through your clothes‘ (at http://www.geek.com/games/yes-xbox-one-kinect-can-see-you-through-your-clothes-1576752/), which gives an interesting demo (without showing off anything indecent) how defined and articulate the scan system worked and it is a hackable solution, even there we see the mention that a lens cover would not have been a bad idea.
Yet we have digressed away from the heart of the matter. All these are linked, but the crown in the hardware is an increasing need for non-repudiation, showing that you and only you acted. A lack of this evidence could also go a long way in proving that you were innocent and that you were the victim. It is easy to claim that the makers are at fault and to some degree they are, but there is a growing need to have the right solution, and so far having any clean solution remains absent, whomever comes up with that could own the cornerstone of the global technology sector, an area that represents a massive amount of long term revenue.