Tech giant HP rips into companies over hacking problems

Adobe, Yahoo Mail and PlayStation users have all had their passwords and personal information hacked in large-scale security breaches in recent years. Now tech giant HP is calling for companies to “eliminate opportunities” given to attackers to access information.

These large-scale hacks have put millions of users’ personal details at risk with the Adobe hack alone exposing 38m accounts to abuse. In its annual cyber risk report, HP criticised sharing of intelligence within the industry.

The company said that the technology industry should pull together to share intelligence about security and the tactics they should use in order to disrupt malicious activities.

It looked at more than 500,000 applications for Android and found that mobile developers often fail to use encryption when storing sensitive data on mobile devices, rely on weak algorithms to do so or misuse stronger encryption capabilities which render them ineffective. Its report states that 56% of applications tested showed weaknesses that revealed information about the application, its implementation or its users.

The report will be worrying for consumers as it highlights the vulnerability of many apps and how their personal data can be accessed by those with the knowledge to do so. With smartphone users checking their mobiles up to 150 times and a total use time of more than two hours each day it amount of information we are giving to companies is increasing.

Many applications are given access to our payment details, contacts, address and more. For consumers there is a need for our personal data to be safely stored by the brands we trust.

For the developers and companies running the applications there may be more costly consequences for failing to securely protect our private information. This was shown last year as Sony were fined £250,000 for security failures after gamers’ details were leaked online in 2011. For smaller companies this scale of monetary penalty could have a serious impact on their business.

To help combat the threat of attackers being able to access users’ personal data,  HP recommends combining the right staff members, processes and technology to minimise the vulnerabilities and reduce the overall risk.

HP said: “Organisations and developers alike must stay cognizant of security pitfalls in frameworks and other third-party code, particularly for hybrid mobile development platforms. Robust security guidelines must be enacted to protect the integrity of applications and the privacy of users.”


Image courtesy of Gustavo Molina.


China uses facial recognition to monitor ethnic minorities

China has been criticised for adding facial recognition to an already obtrusive surveillance system in Xinjiang, a Muslim-dominated region in the country's far west. The "alert project" matches faces from surveillance camera footage to a watchlist of suspects, and supposedly is designed to thwart terrorist attacks.

Source: Engadget

Microsoft execs say the ultimate form of AI is a digital assistant

In an interview with Business Insider, Microsoft president Brad Smith and EVP of AI and research Harry Shum have said the ultimate manifestation of AI in 20 years will be in a digital assistant that will serve as an "alter ego." The two argue that we need to set ground rules for our AI assitants while we still can.

Facebook’s head of AI isn't impressed by Sophia the robot

Facebook's head of AI, Yann LeCun, isn't happy with Sophia the robot. Following a Business Insider interview with Sophia, LeCun took to Twitter to call the whole thing “complete bullsh*t”. He went on to say Sophia masquerading as a semi-sentient entity was "to AI as prestidigitation is to real magic”.

Source: The Verge

Drone saves the lives of two swimmers

Two teenage boys were rescued by a brand new lifesaving drone in Australia, while lifeguards were still training to use the device. When a member of the public spotted them struggling in heavy surf about 700m (2,300ft) offshore the drone was sent out and dropped an inflatable rescue pod, which allowed the pair to make their way safely to shore.

Source: BBC

Google defends the right to not let people be forgotten online

Google is going to court to defend it's right to not abide by "the right to be forgotten", which it says “represent[s] a serious assault on the public’s right to access lawful information. Two anonymous people want the search engine to take down links to information about their old convictions because search engine results attract “adverse attention”.

Source: Bloomberg

UK Police delivering daily briefings via Amazon Echo

Lancashire police have begun streaming daily briefings straight to peoples' homes through Amazon Echo. Users will get hourly updates as well as pictures of wanted and missing people sent directly to their devices. "Alexa works alongside traditional policing methods to inform the public about the important issues in their neighbourhoods," said PC Rob Flanagan.

Source: BBC

A quarter of ethical hackers don’t report cybersecurity concerns because it’s not clear who they should be reporting them to

Almost a quarter of hackers have not reported a vulnerability that they found because the company didn’t have a channel to disclose it, according to a survey of the ethical hacking community.

With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.

In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.

Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are “frequently ignored or misunderstood”.

Despite some companies lacking a VDP, the hackers surveyed in the report did say that companies are becoming more open to receiving information about vulnerabilities than they were in the past.

Of the 1,698 respondents, 72% noted that companies have become more open to receiving vulnerability reports in the past year,

That figure includes 34% of hackers who believe companies have become far more open.

Unlike a bug bounty program, a VDP does not offer hackers financial incentives for their findings, but they are still incredibly effective.

Organisations like the US Department of Defence have received and resolved nearly 3,000 security vulnerabilities in the last 18 months from their VDP alone.

India (23%) and the United States (20%) are the top two countries represented by the HackerOne hacker community, followed by Russia (6%), Pakistan (4%) and the United Kingdom (4%).

The report revealed that because bug bounties usually have no geographical boundaries the payments involved can be life changing for some hackers.

The top hackers based in India earn 16 times the median salary of a software engineer. And on average, top earning hackers make 2.7 times the median salary of a software engineer in their home country.

In terms of which demographics are attracted to a life of ethical hacking, the report found that over 90% of hackers are under the age of 35, and unsurprisingly the vast majority of hackers on the HackerOne platform are male.