Why rely on others to protect our data, when we can start to do it ourselves?

Today, our digital lives are just as important as real life. The personal data you store in your online accounts and the footprint you leave behind via search and browsing history is attached to your identity, and it’s yours to protect. 

When it comes to our digital lives, last year was an extraordinary one – not only in the sheer quantity and scale of hacks and data breaches, but also in the magnitude of trust lost between the internet and the world that relies on it. In just a few months, the three biggest internet companies, Facebook, Google, and Amazon, all announced they had been hacked.

Arguably, our data and information is increasingly less secure, online transactions are far from seamless, and the legitimacy of news is something we now question. Instead of being a tool that empowers good – inspiring more human connections, knowledge sharing, and big ideas – the internet has in some cases become a source of frustration and sometimes fear.

So how do we help consumers protect themselves against these problems?

The internet doesn’t belong to anyone, it belongs to everyone. And this creates a unique challenge when it comes to fixing its issues. Governments can have a positive impact on the situation with the implementation of regulation, such as GDPR. However, we also know the answer to building a better digital world is by empowering people, all of us.

We are using more and more online accounts in our everyday lives, and that number doubles every five years. Managing passwords for all these tools has become incredibly hard. Most of us react to this problem with indifference and tend to use the same password everywhere. We bury our heads in the sand and think that everything is fine; until we get hacked. You may not be able to control the security architecture of the digital services you use every day that hold so much of your data, but you can take measures to make sure you have optimal password hygiene to secure your accounts. This approach is the digital version of the “containment” doctrine.

First steps for security your digital identity

This National Consumer Protection Week, we can all take some simple, initial steps to secure our digital accounts.

First, have a unique password for every account. This ensures that even if one account is breached your other accounts will be secure. Some breaches aren’t discovered or disclosed for years, as was the case with the Yahoo breach that happened two years ago. You never know when your information might be vulnerable. We’ve found that the average user has over 150 accounts, so it’s impossible to remember every password – password managers do this job for you.

 Make sure all your passwords are strong. The ideal password is one that is a unique and random string of letters and numbers. Again, this is where password managers are critical as they can quickly generate strong and secure passwords for all your accounts.

 Lastly, you should regularly change your passwords as breaches often go undetected for months, sometimes years, so you never know when your account might have been exposed. Using tools called password changers are critical for this process as they can instantly change your passwords for 100’s of top sites in a single click. This makes it extremely easy to ensure that your accounts are always being safeguarded against unknown threats. 

We know the answer to building a better digital world is empowering people, all of us, to take back control of our own digital identities, allowing us to keep our personal data in our own hands and no one else’s. Only then will we be able to live in a safe digital world, and once again use the internet for good, in the way that was intended.

Emmanuel Schalit, CEO of Dashlane

Go to Source

This robot brain can teach other machines to pick up unknown objects

With all the progress we’ve seen in artificial intelligence over the last few years, you could say that machines are getting smarter all the time.

Even so, most of the robots in our factories still require a fair amount of preprogramming for them to recognize the objects they handle. 

That could soon be a thing of the past as researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a system that allows robots to identify, pick up, and handle objects they haven’t encountered before.

According to The Robot Report, “the team’s major insight was to look at objects as collections of 3D keypoints that double as a sort of “visual roadmap.” 

The two most common approaches for robots picking up objects are pose-based systems (which estimate the object’s position and orientation), and geometry-based general grasping algorithms.

These can work well under certain conditions, but both have their drawbacks. A system based on poses can’t cope well with objects that are very different shapes, and grasping approaches can’t position objects with much subtlety. 

Visual roadmaps

The new system, which is called kPAM (Keypoint Affordance Manipulation), enables robots to carry out tasks like hanging mugs on a rack or putting shoes on shelves, without having seen the objects before. 

The study’s senior author, Russ Tedrake, explains that “understanding just a little bit more about the object — the location of a few key points — is enough to enable a wide range of useful manipulation tasks.”

Robot hand

Researchers at the same laboratory created this robot hand recently.
Image credit: Jason Dorfman / MIT CSAIL

(Image: © MIT)

The Robot Report says that “the team next hopes to get the system to be able to perform tasks with even greater generalizability, like unloading the dishwasher or wiping down the counters of a kitchen.”

While kitchen-cleaning robots sounds like an attractive proposition, the technology developed in this study could have a huge impact on factory machines, reducing the need for pre-programming, and making the manufacturing process more efficient. 

Still, the technology is still in its early stages, so we aren’t likely to see kPAM integrated into factory machines for a few years at least.

Via The Robot Report

Go to Source

Logitech G935 review: Slight upgrade to an old favorite

For a brief period in 2016, the Logitech G933 sat atop our recommendations for wireless gaming headsets. Retailing for about $100, less than half the price of premium options like the Astro A50, the 933 nevertheless was a great-sounding headset with an ingenious hidden microphone and a fancier look than the G930 it replaced.

But then Logitech put out the G533—cheaper, better looking, more comfortable, and built specifically for the PC. Yes, Logitech dethroned itself, and the G533 has sat on our recommendations list for nearly two years now. 

Can it happen again? It’s time to find out, as Logitech recently released the G935, rightful successor to the G933—and perhaps a new heir to the throne.

Note: This review is part of our roundup of best gaming headsets. Go there for details on competing products and how we tested them.

Familiar face

Or perhaps not. Again, one of the reasons we gave the nod to the G533 was because it looks great. For years Logitech’s been steadily dialing back the “gamer” nob, as far as its design language is concerned. Keyboards, mice, headsets, they’ve all become steadily sleeker, more minimalist, ditching jagged edges and bright blue highlights for curves and piano black. The G533 was, as far as headsets go, the culmination of that.

To its credit, the G935 is a bit more restrained than its predecessor. The aggressive horizontal slashes on the G933’s ears have been replaced with a flowing S-curve, which gives it a slightly more modern look. Also, never underestimate the value of leatherette. The G935 uses that instead of sports mesh, and it instantly classes up the overall impression.

Logitech G935 IDG / Hayden Dingman

That’s about it, though—slightly different accents, and the use of leatherette. Otherwise this is the same design as the G933. It’s not bad by any means, but the G935 does seem slightly dated with its boxy silhouette and showy angles. For some reason Logitech kept the weird triangular engravings inside the headband as well, which I really don’t understand. So superfluous, and so different from Logitech’s current minimalism.

On the other hand, the G935 keeps a lot of features I loved from the last model—and ones that weren’t present on the G533, for that matter.

How to detect and defend against insider threats

Insider threats are not the only security challenge faced by security and risk professionals. They do, however, persist as one that is troublesome. There are various reasons as to why this is the case and too many to elaborate on in a single article. It is generally agreed upon in the security community that insider threats persist due to a lack of understanding over exactly what an insider threat is, how it manifests and what basic steps can be taken to mitigate it. 

Annually, our insider threat analyst team performs assessments across our global customer base to produce our insider threat intelligence report, which is free and openly available to the security community. The report provides education about the different types of insider threats out there. It reveals some of the most high-risk insider threat trends and behaviours. Most importantly, it provides steps on how to reduce related risks.

Insider threats, who they are

This year, we identified three primary insider threats types.

The first were malicious users. These individuals use their access privileges to intentionally harm their organisations. They account for 23 per cent of the incidents we observed.

The next were negligent users. This group is comprised of people who do not intend to cause any harm. They end up placing their organisations at risk via mistakes, poor decisions and a lack of education and understanding regarding what smart security decisions are. They are responsible for 64 per cent of the incidents we identified.

Finally, we witnessed additional cases of compromised users. This group are those who have had credentials stolen or abused by nefarious sources. They account for 13 percent of the trends we spotted.

Image Credit: Shutterstock

Image Credit: Shutterstock

(Image: © Shutterstock)

Since commencing with this annual report, we’ve witnessed changes in incident types. This year there were some dramatic shifts that are worthy of noting.

  • Data in the cloud – Ninety-eight per cent of assessments discovered sensitive and confidential information exposed and available online and in the cloud. Exposed data was found primarily in Dropbox, Google G Suite, and Microsoft Office 365. This was an increase of 20 per cent over 2018.
  • Insecure data transfer – One-hundred percent of assessments detected sensitive and confidential data transfers taking place via unencrypted and encrypted USB drives, personal email accounts, and cloud applications. This was an increase of 10 per cent over 2018, which looked at transfer via unencrypted USBs only.
  • Changing lanes – Ninety-seven per cent of assessments detected employees who were flight risks. This class of insider that often steals data or IP and acts with a decreasing sense of allegiance to the companies from where they’re departing. This was an increase of 59 per cent over 2018.
  • Sidestepping – Ninety-five per cent of assessments detected employees attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage. This was an increase of 35 per cent over 2018.
  • NSFW surfing – Seventy-six per cent of assessments detected employees engaged in high-risk internet surfing. This included visiting pornography, questionable gaming and gambling sites. This was an increase of 9 per cent over 2018.

There were more insider threat activities taking place than just these five. I’ve highlighted them here as they represent a cross section of incidents caused by the three types of insider threats we track — malicious, negligent and compromised. This grouping also shows areas where threats that frequently place data and systems at risk are on the rise.

Key takeaways

Just knowing what some of the more alarming trends are isn’t enough to reduce associated risks. Understanding how to address them is where the real security value is gained. In the case of each of these trends, there is a solid set of security best practices that can greatly reduce the chances of any of them showing up inside of organisations.

First, set enforceable and realistic security and compliance policies. All of the rules in the world will end up meaning nothing if employees, contractors and other third parties who have access to networks don’t follow them and if they can’t be enforced effectively. It may be very unrealistic to create a rule that forbids anyone from using a cloud sync-and-share drive. It is, however, far more likely that employees will follow security protocols if they are provided with the ability to use such productivity tools along with a set of user-friendly security guidelines.

Next — educate, educate, educate. Let’s face it, organisations may never be able to actually create an overall cybersecurity-conscious culture. Thinking “security” is typically reserved to those of us who are active or familiar with the profession. Companies can increase the likelihood of users adopting more secure habits if, at first, they know what those habits are and how to practice them. One of our clients, CIO Graeme Hackland of Williams Formula 1 Racing, is a major proponent of security education. He frequently holds “town hall” style meetings with employees to educate them on best practices. An approach he says works tremendously well.

Finally, understand behaviours. There are various ways of gaining insight and visibility of user behaviours and activities taking place within environments. Many solutions and techniques, in practice, do end up collecting a fair amount of data. Unfortunately, information collected and poured over frequently provides more false alarms than real actionable insights. To truly understand what activities all users are engaged in, programs need to give analysts the ability to quickly get to the heart of high-risk behaviors and determine who is behind them.

Katie Burnell, Insider Threat Specialist at Dtex Systems

  • We’ve also highlighted the best antivirus to help protect your business from the latest cyber threats

Go to Source

Christchurch shootings: Social sites struggle to contain attack video

Facebook says it has deleted more than 1.5 million copies of the video of the mosque attacks in New Zealand in the first day after the incident.

In a tweet, it said that 1.2 million of those copies were blocked while they were being uploaded.

Fifty people died and dozens were injured in Friday’s twin shootings.

Facebook said it would also remove edited versions, to stop “graphic content” being shared, although copies still appear to be available online.

Tributes removed

The social network released the information as politicians and commentators called for more to be done to police live-streaming.

New Zealand Prime Minister Jacinda Ardern said that Facebook and other social media giants had “further questions” to answer about how they responded to the event.

“Obviously these social media platforms have wide reach,” she said. “This is an issue that goes well beyond New Zealand.”

Spark NZ, the biggest telecoms firm in New Zealand, told Reuters that it had cut off access to “dozens” of websites redistributing video of the attack.

Police in New Zealand said the video was now classified as an “objectionable publication”, making it an offence to distribute or possess the material.

An 18-year-old has appeared in court in New Zealand charged with allegedly distributing a live-stream of the attack. He could face up to 14 years in jail if convicted.

‘Tributes’

Social media sites including Twitter and YouTube have also been chasing down and removing copies of the video uploaded by users.

Reddit has also banned a discussion forum on its site called “watchpeopledie”, because clips of the Christchurch attack were being shared and because it was “posting content that incites or glorifies violence”. It also issued a plea to users to report anyone uploading footage.

The social news site said it had also taken down posts that linked to the video or which showed the attack.

Valve, which runs the Steam gaming network, also said it removed more than 100 “tributes” by its members that sought to memorialise the alleged shooter. Some changed their profiles to include the gunman’s name or image and others used gifs of the attack in their bios.

The inability of social sites to stop the video circulating was having an effect in other ways in New Zealand.

Lotto NZ said it had pulled all advertising from social media sites and the country’s ASB Bank said was “considering” a similar step.

Industry groups representing advertisers issued a statement asking their members if they wanted to be “associated” with platforms that did not take responsibility for the content being shared.

The groups said: “The events in Christchurch raise the question, if the site owners can target consumers with advertising in microseconds, why can’t the same technology be applied to prevent this kind of content being streamed live?”

Go to Source

Chrome will soon make it harder for websites to spy on you

A new feature coming to Chrome in the near future will allow users to limit the kind of data certain websites collect about them by blocking access to motion and light sensors on their device.

Laptops, smartphones and tablets have a number of sensors, such as gyroscope, accelerometer and light sensors, which websites can access to collect data about what kind of device you’re using, where you’re using it and even how you’re using it.

For anyone who is uncomfortable with websites accessing this kind of information, there’s some good news: Google is working on adding a feature to its popular Chrome web browser that will allow users to quickly and easily block access to these sensors.

Coming soon

The new feature appears in the latest Chrome Canary build, which is an early version of Chrome that allows people to test out upcoming releases and check for any bugs or issues.

The feature will alert you if you visit a website that wants to access your sensors. A pop-up window will appear saying “This page is using motion or light sensors” and offers you the choice of allowing access to the sensors or blocking access on a page-per-page basis.

Chrome allows you to block websites accessing your device's sensors (Image Credit: TechRadar)

Chrome allows you to block websites accessing your device’s sensors (Image Credit: TechRadar)

This is on the desktop version of Chrome, which is used on laptops and PCs. There is also an option for blocking access to the sensors on Android, but at the moment this is only a simple switch that blocks access for all websites, not just ones you’ve selected.

If you’re using Chrome Canary, you can access the settings at chrome://settings/content/sensors. According to MSPowerUser, the feature should be coming in Chrome 75, which will be made public in a few months.

Via TechDows

Go to Source

Edifier W860NB ANC headphones review: Excellent active noise cancellation, but not the best audio performance

Headphones with active noise cancellation (ANC) allow you to retreat from the din of modern life. And who doesn’t want to do that now and then? Even better, you can listen to your favorite tunes at lower levels, thus protecting your hearing. After thoroughly testing Edifier’s W860NB ANC headphones, I can say they’re better for the former than the latter.

Features

The Edifier W860NB is an over-ear (circumaural) Bluetooth headphone with artificial-leather earpads and headband, weighing in at just over 10 ounces. It utilizes 40mm drivers with neodymium magnets to achieve a specified frequency response from 20Hz to 20kHz (no tolerance given).

As mentioned at the top, the W860NB offers active noise cancellation. Four microphones, two in each earcup, sample ambient noise, which is then phase-inverted and mixed with the original signal to reduce the perceived level thanks to phase cancellation. (There’s also a fifth mic for phone calls.) Unfortunately, the W860NB has no transparency mode, which would temporarily disable ANC so you can hear things in your environment, such as safety instructions in an airplane.

edifier w860nb lifestyle Edifier

Wireless headphones like the W860NB offer freedom from wires that usually end up in a tangled mess.

The W860NB supports Bluetooth 4.1 with the HSP, HFP, A2DP, and AVRCP profiles, and it supports the high-quality aptX codec. In addition to conventional pairing with Bluetooth sources, it can be paired with devices that support NFC (Near-Field Communication). In that case, all you have to do is hold the W860NB close to the source device and accept the connection.

Interestingly, you can pair up to two Bluetooth source devices to the W860NB and play audio from either one. According to the manual, “When two Bluetooth devices have different operating systems (e.g., one has Android and the other is iOS), some cross-system operations (e.g., pause music in Android and play music in iOS) may experience delays. Please be aware that this is normal.”

The only other audio input is a 3.5mm two-channel analog-audio jack at the bottom of the left earcup. When you connect to a source using such a cable (which is included with the W860NB), the headphone powers off, becoming a passive headphone with an impedance of 32 ohms. This is great news if the battery is dead but you still want to listen.

edifier w860nb in case Edifier

The W860NB comes with a nice hardshell case.

You charge the internal battery by connecting any USB power source (5V, 500 mA) to the microUSB connector near the bottom of the left earcup. A suitable cable is included with the headphone, but the connector is hidden behind a small plastic cover that seems certain to break off and get lost in short order. Charging takes about four hours, after which the battery will last about 25 hours with ANC engaged or 45 hours without ANC. That’s a very long battery life!

Like most such headphones, the W860MB lets you answer phone calls while listening to music. In that case, the music pauses during the call, and then resumes when you hang up.