Cyber
security has become more and more of a widespread topic over the last several
decades. People are always trying to find the best way to preserve their
secrecy on their home computers, phones, and all other electronic devices.
However, ever since Apple came out with their Mac computers, people have been
saying, "Macs never get viruses." I was always very doubtful that
this was the case. In my article, security experts claim that in the past, Macs
were a very small percentage of the total PC population when compared to Linux
and Windows machines. Because of this, hackers and people with other nefarious
intentions didn't bother to develop malware and viruses when there was so much existing
knowledge on the subject for Windows machines .
However,
lately Macs have been gaining a large amount of popularity. Because of this,
security professionals are looking more into the exact number of
vulnerabilities. A vulnerability is a weakness in code that allows an attacker
to reduce a system's information assurance. To my knowledge, what this means is
that it tricks the code into thinking it's doing one function while it's
actually doing what the attacker wants. In the article I found, professional
security experts found that the Mac OSX actually had more vulnerabilities than
both Windows and Linux. The increased security vulnerabilities plus the
increase in Mac users is an enticing target for hackers. However, more
importantly, Apple's iOS is second on the list. The popularity of the iPhone is
unparalleled when compared to other smart phones. With so much important
information that we keep on phones nowadays, security vulnerabilities could be
one of the biggest potential threats we face day-to-day. Just think about it.
Maybe you have a banking app, you've signed in to your Amazon and have it set
to remember your password, you have your emails automatically sync to your
phone's mailbox. Now all that information is available for hackers to pluck at
their convenience.
Even
more so than the various OSs, many internet browsers also have vulnerabilities.
Surprisingly, two of the most common browsers, Internet Explorer and Google
Chrome both have a large amount of vulnerabilities with IE having twice as many
as Chrome. Not only does IE have a large amount of vulnerabilities, it has
almost 90% of its vulnerabilities as "HIGH" vulnerabilities. This
means that they're especially easy to exploit. This means that hackers would be
able to obtain information from the browser you use and thus get records of the
sites you visit and other information. Things such as "Autfill"
options would be easy to obtain. This means passwords, date of birth, credit
card info, etc would all be easy pickings.
As
technology advances, so do the inherent risks. Because of this, cyber security
is a hot topic more and more. In addition, cyber security is growing as a
career path and many schools are offering it as a major. I believe it is almost
impossible to create code that has no vulnerabilities or weaknesses, but
precautions and advances in IDEs and programming can help to minimize the
amounts of vulnerability our day to day technologies use.
One thing that I believe is pushing software development in the right direction is Google’s Project Zero. Project Zero is a team employed by Google to search out zero-day vulnerabilities (previously unknown vulnerabilities) in popular software such as Windows, Mac OS, and web browsers, the team then notifies the party responsible for the code so that they may patch the vulnerability. The thing is, after they notify the team responsible a clock starts and after 90 days pass the Project Zero team will make the exploit publicly known (it had been a strict 90 days but they have since changed the policy slightly to allow for update release timelines). The goal of Project Zero is not only to find and get these security vulnerabilities fixed but also to pressure the industry to fix vulnerabilities faster once they’re known, its methods may not be the safest but I think they definitely have been putting pressure on the industry to move faster. I think that as Project Zero matures and everyone gets used to the way they do things we may end up seeing much faster security patches and updates.
ReplyDeleteHi Daniel. I agree with your sentiment that cyber security will grow as an issue due to the vulnerabilities in devices we use every day. As technology such as smartphones becomes more and more proliferated, security of these technologies certainly takes on an ever greater importance. Not only do smartphones pose a great risk, but so too do increasingly digitized and connected cars, as well as other connected devices such as wearables. And as these technologies become more widespread, people put more of their information into them and rely more every day. Companies will have to spend time to consider and review their security policies, and spend more money to hire security professionals. Developers, too, will have to be mindful of security risks when writing code in order to minimize vulnerabilities.
ReplyDeleteWhile I agree that security is a major concern in the field, I would like to add that it is not perhaps as troubling as some people think. There are very few things today that people don't 'share willingly' (lets be honest, if it hits a social media it does not matter what your privacy settings are, someone who wants that information can get it), and those they don't have more open security protocols. By open, it would not be a problem if I put my credit card number and ccv on this blog, or really anywhere - while it may be a hassle to click a button to change my card and wait the week for a new one, I would never be out any money - my bank would ensure that. There are very few things I am actually worried about losing and those I have in much safer locations than exposed in my OS. I am familiar with how easy it is to obtain access to a machine's OS (4 minutes on windows including boot time, about 20 on mac depending on the settings: ps I'm a white hat, relax). It is my opinion that attempting to making things more secure is only a lure for those who wish to access it - for many black hats it isn't always about the information they can gain, its more about the challenge of gaining it.
ReplyDelete