Insecurities of the Heart on the Internet- Heartbleed

Its been all over the web, the story of Heartbleed, sometimes dubbed the biggest internet security leak of the century, and for good reason too. When people say that nothing on the web is private, nothing on the web is safe, well I hate to say it, but it is very true. Everything that you send, everything that you do, someone can easily be watching and tracking every single one of those moves, then saving that data to get at you on a rainy day. The security leak called HeartBleed has made it easier. 

What exactly is HeartBleed? To put it simply it's that padlock icon on the url containing "https" not doing its job. For the technical people, its a security vulnerability in OpenSSL and it allows a hacker to easily access the memory of data servers. Being able to access those data servers means that a hacker can farm all of a users data such as password, username, and credit card information. The scary thing about it is that many websites use OpenSSL, not only that this security bug which was recently discovered, has actually existed for almost two years. Yes, that's right two years- that means that even if a website were compromised they wouldn't know it because it leaves no trace. 

There are a plethora of questions when it comes to this bug, one question you may be wondering is, "how was it finally found out?" The credit for this find is given to a Google researcher named Neel Mehta, and a security firm called Codenomicon. Both parties found the bug independently of each other, but the weird thing is, is that they both discovered it on the same day. The other question would probably be, "how did this bug start out?" According to some sources it is believed that a programmer by the name of Robin Seggelmann was the one responsible for the glitchy code that was created during his years as a Ph.D from 2008 to 2012. However, since OpenSSL is actually an OpenSourced project blame cannot be put solely on one person, especially because so many were working on it together, and everyone had equal access to it. 

The bigger question is how does a consumer protect him/herself? The first step is to wait and see if the specific website sends a notification saying that they have patched their site. Then, go ahead and set up new passwords. I say this because not every site was afflicted since not all sites use the same kind of encryption. Therefore, it would be a pain to change every single password without really knowing whether it was hit, also you can potentially be giving the hacker a new password. Thankfully though, cnet has been busy compiling a list of sites that were affected and their status on the issue. 

The moral of this story is that nothing on the internet is safe, and nothing on the internet is private. When a user puts him/herself on the internet they are potentially allowing another human being to gather data from them, but since we live in the this modern day and age not being on the internet cannot happen. So, readers, keep yourself updated on security news and frequently check bank statements and any such things for any suspicious activity. Be safe! 

XP Support Ending- What to do?

It's finally happening...support for the beloved platform, Microsoft XP has come to an end. Since it's initial release on October 25th, 2001 it has been a platform that many have used and a whole generation has grown up with. It's a platform that mostly everyone is accustomed to and comfortable using. However, starting April 8th, 2014 Microsoft will discontinue supporting it, curious about the reasons? According to the official Microsoft website this is the reason, "...the time has come for us, along with our hardware and software partners, to invest our resources towards supporting more recent technologies so that we can continue to deliver great new experiences." 

What does this mean for users of Windows XP? It means that from now on users will no longer get automatic updates that helps protect their PCs. Don't panic though, this doesn't mean that your computer will suddenly cease to function it just means that your computer will be more vulnerable to attacks because their will be no patches or fixes for any new bugs found. Not only that, but Microsoft has also stopped providing Microsoft Security Essentials for download on Microsoft XP- the worst part is that even Microsoft Security Essentials for XP will no longer get security updates. 

You're probably thinking, "Well this is going to be a problem since probably over 500 million households and other organizations still use XP as their primary platform", and guess what, you're right, it's going to be a huge problem. Already some governments have tried to negotiate with Microsoft in the hopes of extending the support contract so that users can stay protected. According to sources at bbc.com the United Kingdom has signed a 5.5 million pounds deal for extended support for Microsoft XP. The United Kingdom aren't the only ones shelling out big bucks to keep the operating system going the Dutch are also, many governmental agencies in the U.S. In fact it has become a bit chaotic everywhere with this news of discontinued support because now everyone has to update or be stuck with a vulnerable system. This especially causes a problem for items running Windows XP that houses sensitive data. This includes ATMs (already there are cases of ATMs spitting out money to hackers), and also government agencies that hold secret data. Everywhere, this discontinuation of security service is causing a problem for everyone. 

The important thing here is, "How can I protect myself?" Microsoft's solution is to upgrade to the current environment. Thankfully for us they have sent out an upgrade wizard called, Windows Upgrade Assistant that helpfully checks to make sure your system meets the requirements to upgrade to their latest 8.1 system. Just as a side note, if you already run Windows 8 it is very likely that you can also upgrade to 8.1 since both have very similar requirements, if not then it might actually be time to get a new PC/laptop. If you're using an old PC/laptop then this might not be a bad time for considering an upgrade especially because nowadays there are so many new, light, slim, powerful machines on the market. The most important thing is being safe when using your device because any sort of sensitive information that leaks out can potentially ruin one's life. It's better to be safe than sorry. 

In the end it's sad to see Windows XP slowly being phased out because for many of us it has been a huge part of our lives. However, it is understandable what Microsoft is trying to do, one cannot look on and appreciate the new if they are always stuck on the old. They become too comfortable and comfort is especially hard to leave behind. Right now this transition is a huge problem, but soon it will be nothing more than a memory. Only the future holds the answers to what will happen to Microsoft with this transition. Will they still stay at the top of the food chain with their Office suites or will competitors like Apple take over the market? Only time will tell. 

The Target issue at Target

There has been many speculations that the famous Target cause could've been easily maintained and handled better. However, just as most people know, it wasn't handled well at all, instead it blew up and made a big mess for Target. The question here is, what exactly happened that caused this security breach to happen in such a well grounded company?

Let's first get some background information. According to most sources the hack affected over 10 million customers that had an account with Target between the timespan of November 27- December 15, 2013. When a cnet reporter spoke to several of Target's former employees it came to light that actually Target did have a very sophisticated 1.6 million dollar malware detection system in place designed by security firm FireEye. This design was set up specifically to find any intrusions that might have tried to exploit the program (intrusions such as hacks and cyber attacks), before any real damage could be done to the heart of the system. The security system is actually a very clever one. It utilizes parallel networks so that to the hacker it's like seeing a doppelgänger, but they still wouldn't know which one is the real one. The security system creates a parallel network on virtual machines which leads hackers to believing that they have actually accessed the real system. In this way the "fake" system will be made aware of the problems before it actually gets anywhere in the "real" system, since every single step the hacker has taken to hack the system would be seen.

Now, we know that there actually was sound security in place. So, does that mean the monitoring system was down, or that notification wasn't sent early enough? According to some trusted sources this was not the case- in fact there was a team of professionals specializing in security set up in Bangalore monitoring the entire Target network servers. When they found the intrusion they immediately notified operators in Minneapolis that a problem was detected. However, the problem seems to have arisen from the fact that the function to automatically delete malware upon detection was turned off, so therefore a person needs to go in and manually remove the malware. The drawback to this is that sometimes decisions will not be made quick enough, and by then it may be too late.

In the end it almost seems like it was a chance of fate. No matter how one is to look at it, there were too many circumstances that led up to this. The fact that one unsophisticated little malware triggered such a large storm is almost unimaginable unless a set, a very specific set of things were to happen. Whatever the case may be Target presently faces many potential class action lawsuits and actions from banks as they demand millions for reimbursements and losses from credit card replacement and fraud.

It has yet to be seen what will happen to Target in the future, but for other corporations it would be wise to learn a thing or two from this Target incident. More corporations should be more aware of what kind of malicious code comes floating into their network, and at the same time they should know that to act fast is to be safe.

There's No Such Thing as Privacy

Logically people would think that the item that is closest to them is the most secured, most private thing, because if it's always on your person then no one could take it. I'm referring to that block shaped object people often call the cellphone. In actuality since it is always near you, it is more likely that it is an information gold mine for the people who want to hack into your network and steal sensitive data.

Actually, just for a second think about how often you are on your cellphone. Then, think about what you do on your cellphone. Do you purchase or download items from apps such as Amazon, or the Play Store? Do you surf the internet looking for items that might peak your interest? Do you call people to catch up? Do you email clients, or friends? Do you send text messages? On average most people would do at least three of these actions on their phone a day. People think that sending a text message is innocent enough, and that there is no way someone would find the information they are sending to be of any interest, but in actuality, any kind of information you can offer about yourself to a hacker is beneficial. Don't think so? Think about this. When people set up passwords, it is very likely that they will link the password to something specific, maybe a birthday or a special date. That little bit of information that was just sent to your friend can potentially become usable knowledge to a hacker. Therefore everything you do on a phone is sensitive information. The funny thing is, is that the majority of people do not realize just how much information their beloved cellphones share about them on a daily basis, a cellphone doesn't only beam information to cell providers, but it can also give sensitive information to who ever is in the business of mining information for hacking purposes. All it takes is the right information, and knowledge.

A cell phone by nature is programmed to constantly send out probes to look for wireless networks and to interact with all the other signals that come in. This is good for the consumer because it means that we are all constantly connected, but at the same time it can be harmful because these probes made by our phones make it possible for hackers to take advantage and hook onto our networks to steal information. It is actually quite possible for anyone to set up wireless sensors to record the appearance of anyone's cellular probes. These probes show information such as where you currently are, and where you've been- essentially it is an effective GPS system for stalkers. The only piece of information that is needed for such a task is the unique identifier that every cellphone has called the MAC address. Every cellphone has this identifier and in essence it is what separates one Iphone 5 from another Iphone5. A MAC address is special because it always remains the same regardless of the network and can be transmitted whether you're connected to the internet or not.

The bottom line is: Cellphones, as we rely on them more and more for our daily needs it becomes a better and more appealing target to hackers. One little slip, and a user may end up in a lot trouble. Luckily there are ways to protect ourselves from people who seek to harm us. Here are several precautionary actions we should all take to secure our sensitive information. Make sure to set a passcode on your phone, in case you aren't around to keep it secure. Download things from sources that you trust. Install a trusted security app such as Lookout to your device so that you can track where it is when you lose or phone, wipe it remotely, and to scan incoming data while surfing the internet. Also, always be up to speed on security news regarding hacks, and understand how your phone carrier can help you protect your privacy. Be safe everyone!

The Fluffy White Thing Called the Cloud- The Cloud and Security

There's this thing floating around the web these days. It's become quite the big deal since its first mention in the 1960’s. A man by the name of Joseph Carl Robnett Licklider or J.C.R. was at the time one of America’s leading computer scientists. He foresaw the future of computers and how we interact with it; he believed that one day we would create a world-wide computer network where people could access programs and data from anywhere. If only he were alive today to see his technology forecast come true, not only that, but I bet he would be shocked by how much technology has progressed and how it has changed our lives.

A little background on the cloud- just in case. A cloud, unlike its name holds data, not water. It doesn't pour rain around its surroundings, but actually feeds data to the source that is requesting it. In essence its an all accessible storage area that doesn't take up any space on your computer. A user can store pictures, documents, videos, anything on it so that they can access it from anywhere in the world that has an internet connection. Another pro to the cloud is that a user does not need to worry about losing their data (unless their cloud provider crashes...) this means that you can rest assure that all your data will always be there. That's where the problems with the cloud starts. Think about it- all that data, when uploaded to your cloud storage provider means that it's now no longer in your possession. It's now out in the endless world of cyber space and whoever is smart enough can easily access it- from anywhere.

There are many providers of cloud service, popular ones include, Dropbox, Google Drive and SkyDrive. However, there are several issues with the cloud. One of the biggest fears for those who are thinking about transitioning to cloud storage is that other people can access their files online without their knowledge. This is a scary thought especially if the user has a tendency of uploading personal information such as business revenues, and bank statements. As a rule of thumb, be sure to check with your cloud provider whether there is another option for your business or sensitive information. Security issues for the cloud do not stop there. Just like logging into a social network site, the only thing needed to log in is an email/user id and a password. This shows that the cloud has an authentication and authorization problem-their first level of security isn't robust enough to keep unwanted people out.

The world of the cloud isn't as care free as some people make it out to be. A user should know what they are getting themselves into when they are uploading things to the cloud. They should be aware of what kind of encryption they need for their data, and should also be aware that by doing so they are allowing their information to be put outside and whoever has the credentials can easily access it. The cloud is a great service, but currently it needs some other options so that their security systems are stronger and can combat those that are trying to get into other people's information. Even family photos- that would be awkward and uncomfortable if others could see your personal pictures. Make sure to take care of your stuff, be secure, and be careful even if the name of the service sounds fluffy and nice.

Could it one day be reality?

Entrepreneurial Idea: "There's an app for that." Or so they say, but there's no app for changing the language interface on an Android phone. We are forced to go with an Iphone or a weird unresponsive smartphone to get the language setting we want. Android is getting better and better every passing day, but they are still losing out on a lot of customers because of no option to change the language setting like one can do on an Iphone. My idea is for an app that can do that. The day we can all have ANY phone of our choice with the language we understand will be the day cellular devices take a great leap into the future.


The idea above seems very simple in words, right? It's not-not anymore that is. After many additions to the program it's a lot more than what it use to be. It's an idea that came out of a want to help my parents, now if it were to ever come to fruition it may help many more in the world than just my parents. It's a big idea, bigger than what I originally intended because of all the additions. Ready for a run through?

In this day and age, news spreads in an instant. Gone are the days of waiting until something became old news. Now we have things like IM and social networks. One of the most well known and frequently used one is Facebook. If people really thought about it Facebook is actually a free advertising website. The number of "likes" on just website alone can generate enough notice for an idea that it may eventually take off. After letting the public know more about this app it's time to make the app more customer friendly so that more people will more likely use it and rate it well.

In order to keep up with customers it's wise to also keep up with the company internally. Inside the operations of the company things must be in order. Using software such as Microsoft Excel and Microsoft Access keeps the company in order. As the app gains more and more followers better equipment is needed for all the improvements that the app has integrated into it's original design (i.e. the addition of cloud storage, and saving translations.) Included with the extra pieces of equipment would be m RAM and cache.

This is IF this can be accomplished. This is a big IF. In order for this to happen more people have to have the desire to help the people in our country who do not speak or read English really well and therefore has a very hard time using their electronic devices. A lead programmer would be needed in order to create this program. Then after this somehow get it to the public through one of the app stores.

After this- we may or may not make enough revenue to continue, but if we do; would that be enough revenue to get all the new gear that may be needed to expand even further? Probably not so more investors would be needed. When there is a good amount of money to use, then it's back to work. We can then start adding a lot more improvements and make the app a global thing and a lot more than what it use to be so that it can stick around to help others from all around the world. Maybe it'll happen one day, maybe.

Safety First

Entrepreneurial Idea: "There's an app for that." Or so they say, but there's no app for changing the language interface on an Android phone. We are forced to go with an Iphone or a weird unresponsive smartphone to get the language setting we want. Android is getting better and better every passing day, but they are still losing out on a lot of customers because of no option to change the language setting like one can do on an Iphone. My idea is for an app that can do that. The day we can all have ANY phone of our choice with the language we understand will be the day cellular devices take a great leap into the future.

Ok, let's backtrack. Remember that idea in the blog titled "Technical Improvements" where one can save their speech translations and then save it on a cloud? There can be a lot of security risks if this app is used by a corporation. Some of the conversations may contain very sensitive information that other people (outsiders) shouldn't have access to. In a world that is becoming more technologically advanced by the second there are also people out there who work every second on how to break the security on these advancements. These people include hackers- who just basically try to hack into a database. Then there are "crackers" who will probably try to access an employees recorded messages by trying to figure out their username and password. Finally comes the hardest to deal with and hardest to fish out threats, "corporate spies" i.e. unethical employees, they try to gain  high level access in a corporation in order to access information. Great...what to do now?

Just like every second technology is being improved, and every second people try to break the security measures put in place to protect sensitive information, there are also people working on trying to stop these people from accessing this information. These kind of people are the saviors of privacy on the internet. They have developed a system called, "Firewalls" that protects data from unauthorized intrusions by constantly monitoring transmissions to and from the computer. So, in the event that something malicious, like a virus were to attack, the system would know right away so that the virus can be quarantined immediately. I guess putting out a few extra bucks won't hurt, if you want your data safe.

So, are you afraid that your data will be stolen, or accessed without your permission? Don't worry the translation app has you covered. It already comes with all the necessary protection software that it needs to keep everything safe and away from prying eyes. Rest assured that everything that needs to be kept private, will be kept private. Then, to add icing to the cake you can also customize the app's security settings- that is also protected by an encryption (people who do not have the proper access codes cannot tamper with the security settings) so that you can monitor exactly what goes in and out.