Paranoid Technology All things cybersecurity


Security Predictions (& Resolutions) for 2020

Our predictions from 2018, were still valid for 2019, so we skipped a year ūüėČ Since the decade has come to a close, sharing predictions for 2020 and beyond seems in order‚Ķ starting with a strategic view of the trends and emerging business problems affecting CISOs today‚Ķ

Predictions for 2020
1. Year of the IoT CISO ‚Äď we did not reach Gartner‚Äôs 20 billion connected devices by 2020, but we are almost there‚Ķ The attack surface is increasing rapidly ‚Äď from personal wearables to medical devices to connected cars to toasters and more ‚Äď as the proverb goes ‚Äúwhere there‚Äôs entropy there is chaos‚ÄĚ ūüėČ At least initially‚Ķ


Simple OpSec Resolutions for Outside the Office

The New Year has citizens and organizations alike reviewing their operational security practices; the expectation is that privacy rights will diminish, government surveillance will increase, and yet attacks and breaches will continue unabated.  To protect yourself and to strengthen the human element of your organization, review the below list of 2017 operational security (OpSec) resolutions.  Improving organizational security maturity starts with you.

General Hygiene

  1. Browse privately: move to Firefox; it's highly functional and Mozilla doesn't track your web browsing; that said, Firefox does use Google Safe Browsing in the background, which means that Firefox checks sites for phishing risk before proceeding; the net result being that if you want truly private browsing, you need to turn safe browsing off.
  2. Protect your passwords: don't keep them on a post-it, or use the same password over and over again.  It's easy to get lazy with this one.  Use a password manager like KeePass, or if you can't bring yourself to invest in a tool, at least make your common passwords more complicated (yet understandable); something like "thing#year#iD".  We recommend that our clients use complex passwords, use long passwords, and rotate passwords.  Your corporate information security program is hopefully enforcing something similar already.
  3. Take care with sensitive searches: search companies make money by tracking what you search; if you have something sensitive to search for, even if it's just something health related, use an alternative browser like DuckDuckGo.  The results are less targeted, but your privacy remains intact.
  4. Avoid public wi-fi: it's free for a reason - large retailers and their wireless partners love your usage data; wi-fi networks of any sort are riskier, easier to spoof (and therefore hack), and cause your device to automatically broadcast to those connection points in the future, thus increasing your risk; if you must use public wi-fi, go through a VPN, or to avoid it, use a tethered smart phone connection.
  5. Treat PII like cash: be selective on when and who you disclose your personally identifiable information (PII) to, to avoid future headaches. For example, avoid disclosing your email or phone number to retailers in exchange for discounts; if you do, be aware that you've just become a permanent member of their database, to be marketed to and sold, over and over again, until you die (or change your identity).
  6. Beware of the shoulder surfers: if you are the kind of person who works in public places a lot, seriously consider investing in a privacy filter to protect yourself from prying eyes.
  7. Don’t get Phished: Although it's 2017, phishing is still in style; it's the single biggest attack vector, so be paranoid about every e-mail  you receive. Pay special attention to the ones with attachments and links; hover over the links and verify that the link is going to the address displayed in the message. Do not open attachments unless it is a trusted source.
  8. Anti-Virus (AV): Todays threat landscape is dynamic and while AV vendors are having a tough time keeping up, AV software will still protect you from a wide variety of known threat vectors.

Eyelock – Eyes Mobile Security

eyelock-logoCellphones these days are more powerful than ever. People take them everywhere... With all the sensors a cellphone packs these days, it makes an ultimate tracking device and a juicy target for hackers. We have not seen a massive cyber espionage initiative like we have recently seen on PCs (e.g. Flame, Stuxnet, Red October Cyber Espionage Ring and etc...), but it is only a matter of time.

Our mobile devices contain some much information in conjunction with so many sensors imagine this scenario - a hacker taps into your phone (or your government) knows your location, knows your calendar appointments. They can turn on the camera and microphone based on your schedule and your location; acquire the information they need. It is more dangerous now if you think about it; instead of tapping into only your computer, which is usually pretty static compared to a mobile phone - they now can tap into your life. And the beauty is we are all carrying these profiling and eaves dropping devices voluntarily.


FBI has 12 million iPhone user information – You are being tracked!??

According to a posting by Anonymous to paste.bin, FBI has requested 12 million some odd iPhone user's information from Apple and using this for a tracking project initiated earlier this year. For details see the source @ the

Thank you DigiBitch for sharing this one!


US Drone Strike Tracker App Gets Rejected

Apple rejects an app (Drone++) for tracking US Military drone strikes - the reason; questionable content.

After the British newspaper The Guardian ran an interactive map of American drone strikes earlier this month, pinpointing the locations in Pakistan where missiles from unmanned aerial vehicles (UAVs) struck suspected terrorist bases, New York University student Josh Begley took the data to develop an iPhone app...


Google Bouncer

In the shadow of ever increasing mobile threats on February 2nd Google announces a program code named Bouncer - Bouncer aims to scan the Android app market and detect applications that can disrupt a user's Android experience. In this announcement Google emphasizes avoiding a manual approval process is very important to them, hence the automated program. Here’s how it works:


RIM, Nokia and Apple Provided Backdoor to Governments?


As you might have heard, an Indian Hacker group called Lords of Dharamraja claims that they accessed to Symantec's Norton Antivirus Software source code. Symantec one of the world's leading security software vendors, says it is investigating this claim. A message posted by one the group's


carrierIQ Scandal – Federal Offense or Not?

The Federal Wire Tapping Law says that it is a federal crime to intercept or disclose another person's telephone or electronic communications without his prior consent or a court order.

When I heard the news about carrierIQ earlier this month, I was outraged - nothing is sacred anymore; in the name of making a better product makers of smart phones are embedding tracking software onto their devices and sending our every click, every action to a 3rd party to be analyzed. Apparently all the major players are involved in this scandal (including iPhone).