Tag Archives: cybersecurity

The Clear and Present Danger of Corporate Access to Your Data

By Ernest Worthman

There is little doubt that, in this era, data is power. Players like Microsoft, Google, Amazon, wireless carriers, content providers, retailers…hmmm, come to think of it, I cannot really find any company that is not head over heels in love with data.

Not that this quest is not useful, it certainly is. The more you know the better you are able to accomplish any number of advantageous things. In this day of intense competition, those with the best data win.

However, there is a dark side and it has been around for a while in various forms. From smart TV’s spying on you to Internet crawlers mining your data to carriers following your every move to the latest Amazon Echo and Google Home, data is flying.

Concern about data is finally beginning to get some attention. Some have been warning about the massive data collection process by everyone and anyone since the beginning and now they are finally being heard. The questioning is starting. Google, Amazon and Facebook, are being assaulted by those who feel their data collection methods are questionable. There are questions over antitrust issues, Russian interference, consumer privacy and device security.

The concern is over the huge amounts of personal data that such mega corporations are amassing, A poignant point is brought up by Frankin Foer, author of the new book titled World Without Mind: The Existential Threat of Big Tech over the buckets of data these companies are collecting. Foer points out that such “troves of data are portraits of our psyche.”

The scary part about all of this is that the more data collected about you, the more able these players are to affect and alter our behavior.

The argument can be made that we are responsible for our data. In the end, that is true, unless the data is collected without out consent, in one form or another. And therein lies the rub. Collecting private data whether it is wireless or otherwise, has become an art form by the “collectors.” And while their methodologies are legal, if only by a hair, they tend to coerce us, not necessarily by force, but more by wearing us down with endless diatribes in print so small no human can possibly read it without getting a headache or worse, or denying us something if we don’t accept. Yes, we give them consent, but not by reputable means in many cases.

Take for example the End User License Agreements (EULA) that come with software. How many of us really read them, let alone understand them? These EULAs, basically, give away all of your rights to privacy, confidentiality and any type of performance assurance. And what about web sites? Do most people really understand what it means when that little blurb on the bottom says we are required to let you know we use cookies. That is all they say, they do not tell you that these cookies are a data-mining tool nor do they give you the opportunity to say no. Nor do they disclose all the other data being collected as you trip, merrily, across the web.

Now let us move on to smartphones. If you try to limit the data collection (location tracking, for example) you get all kinds of “oh my gosh” warnings that other apps may stop working and/or network performance may suffer. These kind of scare tactics are common across just about every segment.

Lastly, what about the security of this data? Everybody says, “your data is secure with us, trust us…” Just ask Equifax.

There is little doubt that this direction is going to continue as is. Data is too valuable to these giants.

In the end, what needs to be done is hold these data-mining companies responsible for the data and require that they let you know, in plain English what they are up to. Not with legalese or doublespeak or the endless droning of redundant micro text. And do not penalize you if you decide not to let them track, mine, collect and store every move you make.

Nothing is that important to me that I must give up my data to have it. You are welcome to my data, but only what I decided you can have.


Ernest Worthman is the Executive Editor of Applied Wireless Technology. His 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT. His technical writing practice client list includes RF Industries, GLOBALFOUNDRIES, Agilent Technologies, Advanced Linear Devices, Ceitec, SA, and others. Before becoming exclusive to publishing, he was a computer consultant and regularly taught courses and seminars in applications software, hardware technology, operating systems, and electronics. Ernest’s client list has included Lucent Technologies, Jones Intercable, Qwest, City and County of Denver, TCI, Sandia National Labs, Goldman Sachs, and other businesses.  His credentials include a BS, Electronic Engineering Technology; A.A.S, Electronic Digital Technology. He has held a Colorado Post-Secondary/Adult teaching credential, member of IBM’s Software Developers Assistance Program and Independent Vendor League, a Microsoft Solutions Provider Partner, and a life member of the IEEE. He has been certified as an IBM Certified OS2 consultant and trainer; WordPerfect Corporation Developer/Consultant and Lotus Development Corporation Developer/Consultant. He was also a first-class FCC technician in the early days of radio. Ernest Worthman may be contacted at: eworthman@aglmediagroup.com.

Fighting IoT Security Issues at the Sensor Level

By Ernest Worthman

One of the biggest enablers of the Internet of Everything (IoX) are sensors. They will be, literally, everywhere – billions and billions of them. And, nearly every one of them has the potential to become a security vulnerability. Such sensors will control many of the components of any number of devices and many are wireless. It is quite possible, and presently, quite easy to seize one of these sensors and remotely control them. Alternatively, in more complex units, tunnel into the sensors’ network.

We know this. That is not the problem. The problem is how to find a solution that is inexpensive and effective to embed in these devices (many of which are very simple, with little processing power and/or memory, and inexpensive). Yet, regardless of their stature, they are just as vulnerable as their bigger, more expensive brethren.

The industry has been struggling with that for quite some time. However, we are starting to turn the corner. Companies are coming up with novel solutions. One such solution comes from a company called SecureRF.

While I do not usually talk about company solutions, I think this company is on the right track. The security algorithms they have developed are addressing this tiny embedded device market. Such devices need two things: low bit-count computing (to run on 8-bit microprocessors) and low power consumption. SecureRF has done this with something called group theoretic cryptography. This is cryptography done with small numbers, (5- to 8-bit). That means these algorithms can run in their entirety (as opposed to breaking up 16- or 32-bit code) on an 8-bit processor.

The result is efficiency in two critical performance areas of limited-resource devices – speed and power consumption. This is a real win-win for these tiny embedded devices and a glimmer of hope that the IoX will not be just one big security hole.

Why the Equifax Hack Was No Surprise

By Ernest Worthman

One thing is as certain as death and taxes. If a device or system is connected to the Internet, it can be hacked

A couple of times per month, I like to pen a diatribe about security with some useful information, rather than just rake the usual story data about what happened, to whom and why. In this piece, I want to drill discuss a tangential issue – negligence.

One thing is as certain as death and taxes. If a device or system is connected to the Internet, it can be hacked – period. What is amazing is that people who should know that, somehow think they are either immune to hacking, don’t believe it will happen to them or just aren’t interested enough to implement the necessary firewalls. To me, this is utterly amazing, considering the vast amount of hacking going on.

In spite of best practices in security, some cyber-attacks cannot be prevented, but the vast majority can. However, they are not and for a reason that, in this day and age, is ludicrous – simple negligence. And, this seems to be the case with Equifax.

The reason they were hacked is common across many platforms, wireless or otherwise, a blasé attitude about security. To wit, they knew about, but failed to apply the patch to the Apache Struts, a Java application used to power front-end and back-end platforms. However, the pièce de résistance is that they knew the vulnerability was in their system and that a patch was available – they just hesitated – strike one. Then, according to Brian Krebs, a security expert, “an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: ‘admin/admin’” – strike two. I wonder if there is going to be a strike three. But the first two strikes can be chalked up to negligence.

This is the kind of stuff that gets a company buried in mounds of litigation, with the real possibility of ending its reign. The same is likely to stratify to individuals, as things get more complex and ubiquitous. So far, Equifax is looking at $70 billion in lawsuits; on top of the $20 billion it had to shell out to repair the damages from the breach (It probably would have cost them a few 10s of thousands to apply the patch promptly).

Now, Equifax is only one of the latest victims. Given the emergence of the Internet of Everything/Everyone (IoX), vigilence is going to have to become a top priority for everyone – from the home router to the cloud to mega-corporations. This act is wholly preventable.

With the ubiquity of the IoX, two things, education and the understanding of the ramifications of being negligent, become tantamount. Eventually, there will be a much larger attack surface than ever before. The bad guys know that and will seize every opportunity to capitalize on it. Negligence, whether gross or simple, costs money. It is incumbent upon all of us to get smart about it, and the damage being negligent can cause.


Ernest Worthman is the Executive Editor of Applied Wireless Technology magazine. A Life Member of the IEEE, his 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT.

Live from APCO2017: Cybersecurity – the Next Public Safety Battleground

By Ernest Worthman

Ernest Worthman, executive editor, Applied Wireless Technology magazine, is reporting from the APCO2017, being held this week in Denver.

As APCO officially kicked off the formal part of the conference, it soon became obvious that the predominant topic was cybersecurity attacks and how the communications arm of the public safety sector will play a significant role in fighting them.

The importance of  cybersecurity was the theme of the keynote speaker, Retired General Keith Alexander, the former director of the NSA and commander of the U.S. Cyber Command during an attention getting presentation on the role cybersecurity will play in the public safety sector.

The next battlefield will be cybersecurity and public safety communications will be on the front lines of this battlefield, he said, citing the recent events of Russian meddling in any number of cyber vectors from elections to denial of service (DDoS) attacks to attacks on United States and other nation states infrastructures, banking, commerce and more. And not only the Russians are involve in cyber war, although Alexander implied that they were the first to use “cyber power.” They are often behind many of the other attacks.

Another topic Alexander touched upon was the need for unified communications. As long as this editor has been involved with RF and public safety, there is probably no larger issue than the lack of interoperability. According to Alexander, this must change in today’s first responder communications networks. With zero day, hour, even minute threats, first responders must be able to marshal all the components of public safety quickly, and seamlessly.

Much of what Alexander addressed has its roots in effective, immediate and transparent emergency communications. We have been waiting for that for a long time. Has the time finally come?


Ernest Worthman is the Executive Editor of Applied Wireless Technology magazine. A Life Member of the IEEE, his 20-plus years of editorial experience includes being the Editorial Director of Wireless Design and Development and Fiber Optic Technology, the Editor of RF Design, the Technical Editor of Communications Magazine, Cellular Business, Global Communications and a Contributing Technical Editor to Mobile Radio Technology, Satellite Communications, as well as computer-related periodicals such as Windows NT. His technical writing practice client list includes RF Industries, GLOBALFOUNDRIES, Agilent Technologies, Advanced Linear Devices, Ceitec, SA, and others.

Congress Takes on Cybersecurity

By the Editors of AGL

By 2020, the internet of things is expected to include over 20 billion devices, which collect and transmit an enormous amount of data. Much of that information is at risk because of security issues such as factory-set, hardcoded passwords that are unable to be updated or patched.

“DDoS offender capabilities have rapidly evolved over the past year, enabling them to launch bigger attacks than ever before,” according to a report by Imperva, a web security software company.  “The shift in the threat landscape is being driven by the emergence of botnets leveraging lax password management practices and security vulnerabilities found in IoT devices.”

One DDoS attack last year brought down the Minnesota Courts website for 10 days, according to Government Technology magazine.

U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) have introduced bipartisan legislation to improve the cybersecurity of Internet-connected devices.

The “Internet of Things (IoT) Cybersecurity Improvement Act of 2017” would require that devices purchased by the U.S. government meet certain minimum security requirements.

Under the terms of the bill, vendors who supply the U.S. government with IoT devices would have to ensure that their devices are patchable, rely in industry standards, do not include hard-coded passwords, and are free of known security vulnerabilities.

The bill, drafted in consultation with the Atlantic Council and the Berklett Cybersecurity Project of the Berkman Klein Center for Internet & Society at Harvard University, also promotes security research by encouraging the adoption of coordinated vulnerability disclosure policies by federal contractors and providing legal protections to security researchers abiding by those policies.

“While I’m tremendously excited about the innovation and productivity that Internet-of-Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” said Sen. Warner. “This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices. My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

The bill has endorsements from the Atlantic Council, the Berklett Cybersecurity Project at Harvard University’s Berkman Klein Center for Internet & Society, the Center for Democracy and Technology, Mozilla, Cloudflare, Neustar, the Niskanen Center, Symantec, TechFreedom, and VMware.