White hat hackers cash in, advice on avoiding phone scams and Intel proposes a U.S. privacy law
Welcome to Cyber Security Today. It’s Wednesday November 14th. To hear the podcast click on the arrow below:
Cyber security conferences are great ways for IT professionals to learn how to protect their companies. They can also be great ways for people to earn money by displaying their skills. On Monday several White Hat hackers took away a total of $225,000 in prizes on the first day of the Tokyo Pwn2Own conference. They did it by breaking into iPhone X, Samsung Galaxy 9 and Xiaomi Mi 6 smartphones. They used a variety of tactics, including exploiting WiFi vulnerabilities, to find 13 bugs among the devices cracked. Hopefully manufacturers learned valuable lessons.
Criminals try to sucker you into all sorts of scams, usually through email. However a report out this week from security vendor RSA says gangs are also getting unsuspecting people to phone them. They do it by planting phony company support phone numbers on websites they compromise, or through messages on social media sites – something like “If you have trouble with products from Oxnard Corp., try this customer support number.” Are you searching on Google for a company help line phone number? You could be directed to a fake website. Here’s how not to be taken in: The most secure way to find contact information for your bank, phone company or any other service provider is by looking at a bill or the back of a credit card. If you do search for a number online, be sure to look carefully at the content surrounding the numbers that come up. Watch for suspicious signs such as the number combined with a message, surrounded by gibberish text, or seemingly unrelated subjects. Don’t give any personal information – like a password or PIN number – to anyone who calls you. And if you spot a scam, call police, your bank or the Canadian Anti-Fraud Centre.
Finally, Canadian listeners know we have had for 20 years a federal personal information privacy protection act that applies to all businesses unless provincial legislation takes precedence. Listeners in the U.S. know there is no national privacy legislation there, only state legislation. However, a number of people in and out of Congress believe it’s time the U.S. had such a law. Processor maker Intel wants to spark some debate and has just proposed a draft model bill. One critic says its real goal is to protect data use, not to protect consumer privacy. Maybe. If you want to look and comment on it, go to usprivacybill.intel.com. If you want tough legislation, look at California’s Consumer Privacy Act. But you should get involved in the debate. I have a couple of links on the text version of this podcast. Go to ITWorldCanada.com and find today’s podcast.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening.