Rich Tehrani : Communications and Technology Blog - Tehrani.com
Rich Tehrani
CEO
| Communications and Technology Blog - Latest news in IP communications, telecom, VoIP, call center & CRM space

Security

The Urban Drone War is Here

September 27, 2017



In February of 2014 we warned of the impending urban drone wars:

Criminals will soon realize a single flying gadget won’t help them so much and will be drawn into a drone arms race requiring each side to ramp up their drone numbers in order to win any encounter.

Moreover, once criminals discover the drone is a near-perfect murder weapon, they will start to invest in these devices and subsequently pull off murders without getting caught. Once again, police will have to counter with more drones which are constantly surveilling the air.

Finally, many of the drone-based murders will likely take place as night as these devices have night-vision and humans do not.




Equifax Reminds us Cybersecurity is a Corporate, not IT Problem

September 26, 2017


The largest consumer breach of all time - until now comes to us courtesy of Equifax. Americans think criminal hacking is the greatest technology risk to their health, safety and prosperity and they are right. What makes this breach so bad is this hack of the personally identifiable information (PII) of 143 million people will result in breaches related to this information for years - potentially decades to come.

In real-world terms, your bank and most other organizations you do business with use certain information to ensure you are you when you call or interact with them online. This information for over one-hundred-million of us is now out in the open.

If this news isn't bad enough, there are countless Equifax phishing scams to look out for now as well.

We could go on and list how this has been the worst year ever for cyberbreaches but you likely know that by now.

In today's news, the CEO of Equifax finally was forced to step down.








Apple iPhone X Face ID May not be Secure Enough for Many Users

September 16, 2017



While Face ID is theoretically 20 times more secure than Touch ID at 1:1,000,000 chance of a false match as opposed to 1:50,000, there are some legal and societal reasons why we still believe it is less secure in certain situations.

Touch ID requires the owner to physically place their finger on a device. Face ID does not.

This may not seem like a huge deal but it has tremendous implications both legal and societal.

We pointed these issues out recently where we said the phone could be used without the permission of the owner in certain situations:
  1. Law enforcement holds phone up to person’s face to unlock it.
  2. Person sleeping or partially passed out – another person holds phone up to their face.
If a person is arrested or crossing a border or otherwise comes into contact with law enforcement, the authorities have the ability to take the phone from the owner. With Touch ID, assuming force is not used, the owner of the device would have to physically decide to place their finger on the phone to unlock it.

Face ID however makes this potentially easier for law enforcement. Now, all they have to do is place the phone up to the user's face.

We reached out to Apple about this matter and they replied with the following statement:

Our teams have been developing the technologies behind Face ID for several years, and our users’ privacy has been a priority since the very beginning.

Face ID provides intuitive and secure authentication enabled by the TrueDepth camera system and the A11 Bionic chip, which uses advanced technologies to accurately map and match the geometry of a user's face.















Paul Ryan: Smartphones Are Cleaning FEMA Out

September 7, 2017



According to Speaker of the House, Paul Ryan, people are using smartphones to apply for FEMA assistance at unprecedented levels and as a result it is nearly out of funds.

This wasn't possible in past disasters because people needed PCs, electricity and homes which weren't flooded or destroyed to connect to the internet.

Hurricane Harvey and it's immense amount of flooding has destroyed a large number of homes (above) while Hurricane Irma has already hit land in the US territory of Puerto Rico and will hit the US mainland soon. Even worse, hurricane Jose isn't far behind Irma.

Smartphones have made the pace of everything happen more quickly and asking for assistance from FEMA is no different and while this is great for those in need, it will put inordinate strain on government budgets to ensure the emergency fund stays solvent.







Lack of Cybersecurity Training Just Cost 8 Million Dollars

August 31, 2017

The Cybersecurity problem gets worse by the day and as we have covered before, there is an increase in attacks targeting money-transfer. In fact, while ransomware isn't going away any time soon, the sheer amount of money which can be scored from a wire transfer scam is so enormous that ransomware pales in comparison.

As we just wrote:

  • Money transfer attacks occur when company employees are tricked into wiring money to a hacker account through what looks like a legitimate email from their boss or other authorized authority. By hacking mailboxes, malicious users can learn patterns and terms used by an organization and subsequently use these terms against them. Tens or hundreds of millions of dollars are lost by corporations each year through such attacks.

Some time back we wrote about Portnox and how they add visibility and control to help secure networks.

Intermedia Anti-Phishing Tools for Small Business

August 21, 2017



Large companies generally have IT teams to deal with phishing attacks but really, there is no perfect defense from a determined phisher who wants to get you to click on a link. Once you click, they could install a backdoor which gives them access to your passwords or perhaps they could start installing ransomware.

All a company can do is be as protected as possible. One way to achieve this is with strong anti-phishing tools - similar to the ones rolled out by Intermedia last week.

The company says they have unveiled Enterprise-grade anti-phishing protection, designed for SMBs - otherwise knows and small and medium businesses.

The new Intermedia Email Protection features include:

  • Similar domain check: Spear-phishing campaign authors will typically register an email domain that looks 'similar' to a company's email domain (e.g., iintermedia.net with two i's instead of intermedia.net). Intermedia's domain check feature uses a similarity algorithm to confirm that the sending domain is in fact is someone from within the organization.
  • User impersonation check: Spear-phishing attacks target specific employees within an organization, by impersonating someone they know – most typically the CEO or other high-profile individuals.








The Long Tail of Cybersecurity

August 9, 2017

The long-tail, a term coined to describe the ability for organizations to sell vast amounts of products in small quantities accurately describes how a music store like iTunes can generate massive quantities of profit selling virtually limitless inventory.

The online world made this possible. Try as they might, Barnes & Noble could not match the inventory of Amazon in all its stores. Online wins because inventory is near-infinite.



In the cybersecurity world there is is a similar phenomenon taking place. The same bell curve applies but in this case, we can assign it to the value of a target.





StaffAlerter Provides Value in Emergency Notification and IoT

July 8, 2017

With terrorist attacks and other shooting incidents becoming commonplace, the need to quickly notify large groups of people regarding dangerous situations seems to have never been greater. While many of the solutions on the market are targeted at governments or large police departments, the emergency notification system on a budget market has been neglected.

Enter StaffAlerter, the infinitely flexible solution which combines the power of IoT-like sensors with IFTTT real-world flexibility. By this we mean that the system can be easily programmed to sense an emergency button being activated in the freezer and then proceed to unlock the freezer door.

Portnox Adds Visibility and Control To Help Secure Networks

June 20, 2017

Networks have become so complex that securing them has become an increasingly complex challenge. As the number of attack vectors increase seemingly endlessly, corporations need to have a commensurate solution which scales with device growth, allowing IT to protect their networks from the various threats they encounter.

Ofer Amitai the CEO of security vendor Portnox believes visibility is the first step in protecting yourself followed by monitoring the devices to control the risk. He continues by saying that networks should be segmented to ensure things like cameras are not on the same network as users – or available from the outside.

Tempered Networks Boosts Trust with Identity-Defined Networks

June 19, 2017

If you missed Paula Bernier’s article (free registration required) in our IoT Evolution Magazine, you may not have known Tempered Networks is the new name for Asguard – which is pronounced the same way as Thor’s home-world but spelled with and added letter u.

The idea behind the company is to build trust between systems to go beyond encryption by using Host Identity Protocol for encryption and IF-MAP. “This is a way to have inherent security in your network because it doesn’t happen at the application layer, it happens at the protocol,” said Jeff Hussey, who established F5 Networks and is now President and CEO of Tempered Networks.

Some months later the company outlined their vision – or the problem they are out to solve in more detail:

Featured Events