Few relationships in cybersecurity more delicate than the one between a security researcher who discovers a vulnerability in commercial software or hardware and the company they notify.
The company may not care about the flaw or its impact on customers or downplay the severity to avoid media attention. The researcher on its potential for harm or believe that a timelier public disclosure will incentivise the business to develop a quick patch to protect end-users.
While the industry has addressed some of these problems through coordinated vulnerability disclosure policies, there’s still a fair amount of disagreement and mismatched incentives that can…
Google Chrome has a new way to track you, in a method that the company called Federated Learning of Cohorts, or FLoC. The company has claimed that it is a better way to give advertisers what they want and leave some semblance of privacy to users. However, privacy advocates have since spoken out against it, and especially its automated imposition of FLoC trials upon a randomised selection of users. What’s particularly surprising to note is how Google has begun its preparations without any clear disclosure of the same, and FLoC trials for 0.5% …
Text messaging (SMS) based authentication is the weakest link in securing anything online. However, using SMS for two-factor authentication is not considered safe anymore. The National Institute of Standards and Technology (NIST) published a guideline warning about SMS authentication as a strong authentication method. Also, Google and other leading online services are either moved or in the phase of moving to prompt-based authentication. So why is SMS not safe anymore? What should we use then?
Before we jump into why SMS authentication is not safe anymore, let’s go over what two-factor authentication is and why everyone should use it if…
Safeguard yourself from data breaches.
The recent Facebook data breach is all around the news, and 533 million users across 106 countries had personal data leaked online, including email accounts, phone numbers, birthdates, and the list goes on.
Everyone’s first question will be how to check whether you’re part of that breach. There are a couple of ways to identify, but I would recommend the two best resources.
Cyber Security Professional by heart. Enabling enterprises to transform digitally with effective security practices in place.