Article: Are open-source password managers safe to use?

Cyber-Security, Open Source, Software

Are open-source password managers safe to use?

It’s easy to understand why some users might be put off by open-source password managers. However, the reality is that they’re generally more trustworthy and safe than closed-source alternatives.

When you enable multiple users to audit the code, you can be more confident that anything that may have been missed is identified. This extra level of scrutiny leaves users less open to vulnerabilities. Although you can never fully guarantee the security of a password manager, they most certainly encourage better practices, like not using the same credentials for multiple accounts and creating more complex passwords.

However, open or closed source is just one thing to consider. Before you make a decision, do your research to ensure you’re choosing one of the best password managers for you and your needs.

Read full article

Article: Blockchain Floated As A Solution For Medical Data Hacks

Blockchain, Cyber-Security, Data

Blockchain Floated As A Solution For Medical Data Hacks

Ally Medina, director of the Blockchain Advocacy Coalition in California, said that using verifiable credentials could be the solution. With this model, patients are the only people with access to information.

Verifiable credentials are the digital form of physical identification. Exchanging health records using verifiable credentials ensures health records have been transferred from doctor to patient. It does not store the record itself, making it an advocated option for new health tech companies.

Third parties holding personal information spark cybersecurity concerns, but verifiable credentials make hacking more difficult. The most recent technology developments are for proof of Covid-19 testing or vaccination.

Read full article

Article: How the open source community helped firms investigate their network activity following SolarWinds

Cyber-Security, Open Source, Software

How the open source community helped firms investigate their network activity following SolarWinds

The ramifications of the SolarWinds attack are still unfolding more than four months since the breaches were revealed to the public. One underappreciated facet of the wide-ranging scandal that has engulfed much of the U.S. government and hundreds of major companies involves the powerful role the open source community played in helping enterprises respond to the crisis, according to Greg Bell, co-founder and CSO of cybersecurity company Corelight.

“What happened with the Sunburst malware is that when FireEye/Mandiant discovered the attack and made this sort of amazingly detailed disclosure, they released information about the attack—so called indicators of compromise—in open formats on GitHub, the platform where open source tools are built and where information is shared,” Bell said.

Read full article

Article: Decentralization Demands Better Security for End-Users

Blockchain, Cyber-Security, Web 3.0

Decentralization Demands Better Security for End-Users

We are slowly transitioning to Web3.0, which is a version of today’s internet but it follows the principles of decentralization. And while today, hackers can easily exploit central servers to steal information, data, and funds, it will not be possible on Web3.0. That’s because there will be no central servers hosting platforms and applications.

Everything will be based on top of the infrastructures driven by decentralization. When that happens, hackers will have to rely on exploiting the systems of end-users. Whether it be for stealing information or funds, hackers will try and crawl into the systems of end-users to extract what they need.

This calls for users to be more aware of their security as decentralization and Web3.0 become mainstream. One of the best ways to stay secure from hackers on Web3.0 is to use decentralized private networks (DPNs), which are decentralized versions of VPNs, such as that by Deeper Network.

Read full article

Article: Myanmar Protesters Turn to Obscure Apps to Avoid Detection

Autonomous Internet, Cyber-Security, Decentralized Internet

Downloads of Tor, an open-source network that thoroughly anonymizes data, surged, too.

Myanmar citizens also embraced lesser-known software like Bridgefy, which bypasses the internet altogether by using Bluetooth to wirelessly send messages to other users of the app within a certain range. Another tool that was widely shared: Mysterium Network, which says it offers the privacy of Tor with the speed of a traditional VPN.

Read full article

Article: Complimenting Cyber Security Tools With Software Composition Analysis

Cyber-Security, Open Source, Software

Complimenting Cyber Security Tools With Software Composition Analysis

Open source vulnerabilities can leave sensitive data exposed to a breach, complex license requirements can jeopardize your intellectual property, and outdated libraries can place unnecessary support and maintenance burdens on your development teams.

A way to reduce these risks is to add Software Composition Analysis (SCA) to complement the software security tools that are most likely already in use. The real key is to select an SCA solution that can be fully integrated with your software development tools, supports internal and external standards for risk tolerance and compliance, and gets detailed insight into the hands of people who need it.

Read full article

Article: DuckDuckGo Announces Plans to Block Google’s FLoC

Cyber-Security, Software

DuckDuckGo Announces Plans to Block Google’s FLoC

DuckDuckGo announces plans to block FLoC, Google’s new way of tracking users’ web browsing activity in Chrome.

DuckDuckGo finds it especially concerning that getting tracked via FLoC is not optional – all Chrome users are automatically opted into it.

“We’re disappointed that, despite the many publicly voiced concerns with FLoC that have not yet been addressed, Google is already forcing FLoC upon users without explicitly asking them to opt in. We’re nevertheless committed and will continue to do our part to deliver on our vision of raising the standard of trust online.”

Read full article

Article: The coronavirus pandemic has forced parents’ hands on data collection and privacy issues

Academia, Cyber-Security

The coronavirus pandemic has forced parents' hands on data collection and privacy issuesThe coronavirus pandemic has forced parents’ hands on data collection and privacy issues

The 2018 Auditor General’s report on cybersecurity raised many concerns about technology in schools. Many — if not most — Ontario school boards struggle to grasp the basic concepts of cybersecurity and privacy, let alone ensure that teachers are properly educated to protect student information. The report reveals that a surprising 74 per cent of respondents indicated that they do not provide formal security or privacy training to staff who use technology at boards and schools.

Read full article

Article: Privacy activist takes on Google over Android tracker

Cyber-Security, Software

Privacy activist takes on Google over Android tracker

A pressure group set up by Austrian privacy activist and lawyer Max Schrems has launched a new campaign in France, this time complaining that Google’s Android advertising tool violates European Union rules by failing to get users’ consent.

noyb (none of your business), established by Schrems to take on the Internet giants and others over perceived privacy violations in Europe, said it launched action against the Android Advertising Identifier (AAID) claiming that the “somewhat hidden ID” allows Google and all apps on the phone to track a user and combine information about online and mobile behavior.

“While these trackers clearly require the users’ consent (as known from ‘cookie banners’), Google neglects this legal requirement,” said noyb.

Read full article

Article: How to Know If You Are Under DDoS Attack

Cyber-Security, Software

How to Know If You Are Under DDoS Attack

Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.

In this article, we’ll focus on how to know if your website is under attack and how to protect it.

Hopefully, we can help you handle DDoS attacks without having a full blown meltdown.

Read full article