Cybersecurity Vulnerabilities Database

Cybersecurity.jpeg

There is a very useful article in Bloomberg about how the U.S. is taking too long to publish cybersecurity vulnerabilities. 


And the longer we take to publish the vulnerabilities with the patch/fix, the more time the hackers have to exploit it!


Generally, the U.S. is lagging China in publishing the vulnerabilities by a whopping 20-days!


Additionally, China’s database has thousands of vulnerabilities identified that don’t appear in the U.S. version. 


Hence, hackers can find the vulnerabilities on the Chinese database and then have almost three weeks or more to target our unpatched systems before we can potentially catch up in not only publishing but also remediating them. 


Why the lag and disparity in reporting between their systems and ours?


China uses a “wider variety of sources and methods” for reporting, while the U.S. process focuses more on ensuring the reliability of reporting sources–hence, it’s a “trade-off between speed and accuracy.”


For reference: 


The Department of Commerce’s National Institute of Standards and Technology publishes the vulnerabilities in the National Vulnerability Database (NVD).


And the NCD is built off of a “catalog of Common Vulnerabilities and Exposures (CVEs) maintained by the nonprofit Mitre Corp.”


Unfortunately, when it comes to cybersecurity, speed is critical.


If we don’t do vastly better, we can be cyber “dead right” before we even get the information that we were vulnerable and wrong in our cyber posture to begin with.  😉


(Source Photo: Andy Blumenthal)

Your Score Is Your Life

social-behavior-score-2

Absolutely fascinating article in the Washington Post

China is working on a plan to use big data to score people on their social behavior. 

Every interaction you make in life either increments or decrements your social score. 

You social score determines how trustworthy you are. 

The social score would vacuum up data from the “courts, police, banking, tax, and employment records.”

People in service professions like teacher, doctors, and business could be scored for their professionalism. 

Doing positive social actions like caring for the elderly earn you added points and doing negative social actions like DUI or running a red light subtracts points from your score. 

As the score includes more and more data feeds over time, you could eventually be scored for doing your homework, chores in the home, how you treat your wife and children, the community service you do, how hard you perform at work, how you treat people socially and on dates, whether you are fair in your business dealings and treat others well, whether you do your religious duties, and so on. 

People can get rated for just about everything they do.

And these rating get aggregated into your social score. 

The score is immediately available to everyone and so they know how good or bad you are on the scale of 1 to a 1,000.

If you think people are stressed out now, can you imagine having to worry about everything you do and how you will be rated for it and how it can affect your score and your future. 

If you have a bad score, say goodbye to opportunities for education, employment, loans, friends, and marriage prospects. 

Imagine people held hostage by others threatening to give you a bad score because they don’t like you, are racist, or for blackmail. 

What about society abusing this power to get you to not only follow positive social norms, but to enforce on you certain political leanings, religious followings, or policy endorsements. 

Social scores could end up meaning the ultimate in social control. 

Personal scores can manipulate your behavior by being rewarding or punitive and rehabilitative to whatever end the scoring authorities dictate. 

Moreover, hackers or the people who control the big data machinery could destroy your life in a matter of milliseconds. 

So this is what it comes down to: You are your score!

Play along and do what you are told to do…you are the Borg and you will follow. 

Conform or you are dead by number!

Transparency is everywhere. 

Pluses and minuses every day. 

What is my score today? 

Today, I am desirable and successful, and tomorrow, I am disregarded and a loser. 

Please don’t kill my score.

Please don’t destroy me. 

Please, I will be socially good. 

Please, I will not resist. 😉

(Source Graphic: Andy Blumenthal)

Preventing Cyber Disaster

prevention

So I liked this ad from Palo Alto Networks on the side of the bus, over the windows:

“Dinosaurs react.
Professionals prevent.”

That’s some very good marketing for a cyber security company.


It’s almost a daily occurrence now to hear about the infiltrations into our networks and exfiltrations or manipulations of data that is taking place across government and industry.


Just today again, another NSA contractor accused of stealing highly classified computer code.


The day before Guccifer 2.0 and Wikileaks releases trove of stolen documents from the Clinton Foundation


And again, J&J reveals that it’s insulin pump is vulnerable to hacking following allegations in August that St. Jude heart devices were subject to life-threatening hacking. 


Certainly, we can’t afford to sit back and wait to react to the next attack…damage control and remediation is much harder than getting out in front of the problem in the first place. 


Prevention and deterrence is really the only solution…keep the hackers out and make sure they know that if they mess with us and our systems that we can identify who they are, find them, and take them out. 


These are the capabilities we need and must employ to dominate the cyber realm. 


In the presidential debates, candidates struggled to articulate how to deal with cybersecurity


But this is not a game of cyberopoly, rather national security, critical infrastructure, vital intellectual property, and our economy is at risk. 


Giving away Internet control and trying to plug leaks after the fact on a sinking cyber ship is no way to manage our vital technology resources.


It’s high time for the equivalent Cold War determination and investment that ensures we win a free and safe cyberspace with all our networks and data intact. 


This is the only way that we don’t go the way of the dinosaurs. 😉


(Source Photo: Andy Blumenthal)

My Ashley Madison

Lady
So Ashley Madison is now a well-known adulterous website, particularly after hackers stole 37 million records on the site participants, and have released that information to the public.


These tens of millions of users seek companionship for loveless or sexless marriages or perhaps are just plain liars and cheaters–who knows? 


But yikes, now everyone knows!


Huffington reports that divorce lawyers are anticipating a deluge of new clients seeking divorces


And BBC reports that two people have already taken their lives in Canada as a result of the release. 


What is incredible as well are the 15,000 people who used their .gov or .mil accounts presumably to hide their infidelity from their spouses, but now are in potentially huge trouble with their government agencies.


I assume that Ashley Madison prided themselves on their discretion in handling their clients accounts, but lo’ and behold the discretion is for naught compliments of some very naughty hackers. 


Privacy is becoming a very lonely and meaningless word whether you are faithful or a cheater–it’s all open fodder on the net. 😉


(Source Photo: Andy Blumenthal)

tURNING yOUR dEVICE aGAINST yOU!

Eavesdropping
So interesting article in BBC about the Samsung’s “Listening TV.”



This TV has voice activated controls and they don’t just take commands, but…



“If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”



So aside from hackers (and spies) being able to turn your phone and computer mics, cameras, and GPS location data on and off to surveil and eavesdrop on you, now the dumb television set can listen in as well. 



You can be heard, seen, and found…whether you know it or not. 😉



(Source Photo: Andy Blumenthal with eyes and ears from here and here with attribution to Firas and Simon James)

Data 4 Ransom

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 


Once the hacker has control of it, with or without exfiltration, they will attach malware to it–like a ticking time bomb.


A simple threat will follow:


“I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history.”


So how valuable is your data to you?  


– Your personal information–financial, medical, legal, sentimental things, etc.


– Your corporate information–proprietary trade secrets, customer lists, employee data, more.


How long would it take you to reconstitute if it’s destroyed?  How about if instead it’s sold and used for identity theft or to copy your “secret sauce” (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 


Data is not just inert…it is alive!


Data is not just valuable…often it’s invaluable!


Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 


When the time comes, how much will you pay to save your data?


(Source Comic: Andy Blumenthal)

Shining A Light On Your Privacy


Check out this special report…



~Half a billion~ downloads of the top 10 Flashlights Apps–the ones we all have on our smartphones–and guess what?



All/most are malware/spyware from China, India, and Russia that are spying on you!



Your contacts, banking information, even your location, is being intercepted by hackers abroad,



The cybersecurity experts Snoopwall (that conducted this study and are offering a free opensource “privacy flashlight”) are recommending that you don’t just uninstall these flashlight apps, because they leave behind trojans that still are functioning behind the scene and capturing your information.



So instead doing a backup of key information and then a factory reset of the smartphone is advised.



Pain in the you know what, but these flashlight apps are shining a light and compromising your personal information.



Snopes points out that the flashlight apps may be no more vulnerable to spyware than other apps you download and that perhaps the screening process from the app stores help to protect us somewhat.



When the cyber hackers decide to exploit those apps that are vulnerable, whether for political, military, or financial gain, it will likely be ugly and that flashlight or other app you use may prove much more costly than the download to get them. 😉



(Thank you Betty Monoker for sharing this.)