Category Archives: home security

CyberSecurity: The privacy policy of Godaddy.com

We all know Godaddy.com & many of us would have used before but not sure if we notice their privacy policy. The privacy policy is something companies always ask but you don’t have a choice to say NO. However, This privacy policy is different.

So Godaddy.com policy suggests that you could register a domain name but not guarantee of keeping your private information safe. You could get spam & scams if you don’t pay some extra amount to safeguard your own profile. To understand in Godaddy.com language, check out below snapshot.

Did you see that? Interesting to know that it is a situation where companies asking to pay more for user privacy. We have been thinking that it is a company or service provider responsibility to take care of their user details & their privacy. But it appears to me that Godaddy thinks differently. There might be a good reason to have this policy but as a user, it is not comforting.

Imagine a case when facebook, google or Apple starts demanding price of users privacy and say look, it is the responsibility of the users to use our services and the user has to pay extra to prevent themselves from any damage. Security & Privacy isn’t free and can’t be given a free service. Question is Is that what we are going to get as a user? Currently, none of organizations or entity has even been liable or punished for any damage. Software providers should be equally responsible for it

Why it is important?

There is whois database where you can get information of every domain. In general, That is the starting point for hackers to gather information about your service, domain & servers etc. More important is that whois database provide every information about the person who owns this domain if the person hasn't paid extra to these domain providers.

WHOIS Link to check information about any domain. https://ca.godaddy.com/whois

godaddy privacy policy
When you search for the domain and add the selected domain to the cart, Godaddy.com shows up their privacy policy for the user in the checkout page. 

Final Thought

The protection of the user privacy & prevent from any damage should be the first objective of any service providers. There may be the case where the domain owner needs to be given to the third party or authority. But does not mean that anyone is authorized to access domain & domain owner information.

Advertisement

CyberSecurity: Regulations on IoT devices

A good initiative taken by the California United States on the security of IoT devices. It seems States are learning a lesson & protective their citizens. European has GDDR law to ask each & every user to accept the cookie popup appears whichever site or application you use. it basically asks for the consent from the user.

Most important point this law has a procedure and enforce manufacturer to not have a default password. This is a significant step because most of the user never change the default password and it is easy to hack. Some users even keep their device SNO as default password like home routers etc.

Impact of this Law

Automobile manufacturers sell their cars worldwide, but they are customized for local markets. The car you buy in the United States is different from the same model sold in Mexico, because the local environmental laws are not the same and manufacturers optimize engines based on where the product will be sold. The economics of building and selling automobiles easily allows for this differentiation.

But software is different. Once California forces minimum security standards on IoT devices, manufacturers will have to rewrite their software to comply. At that point, it won’t make sense to have two versions: one for California and another for everywhere else. It’s much easier to maintain the single, more secure version and sell it everywhere.

Reference

https://www.schneier.com/blog/archives/2018/11/new_iot_securit.html

Another view of the same topic:

Abstract

California has passed an IoT security bill, awaiting the governor’s signature/veto. It’s a typically bad bill based on a superficial understanding of cybersecurity/hacking that will do little improve security, while doing a lot to impose costs and harm innovation.

https://blog.erratasec.com/2018/09/californias-bad-iot-law.html#.W-sLFHpKh0J

 

CyberSecurity: First Step towards cyberwar?

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

https://hotforsecurity.bitdefender.com/blog/us-lawmakers-propose-hack-back-law-to-allow-cyber-retaliation-without-permission-of-third-party-country-20000.html

It is more like Hollywood movies where hackers get hacked as well. And the big question is what about cyber crimes are committed by organized groups or nations not by individuals. What would happen if the USA hacks China systems and China stats hacking electric grids, water supply, nuclear plants.. list never ends.

And assume a situation where every nation is trying to hack any other nation. Scary situation but it is really happening now.

Developing countries are neither prepared for it nor would be able to do the same. For them, it is dead end situation. But never too late.

A quote from Jared Cohen 

We live in a world where all wars will begin as cyber wars… It’s the combination of hacking and massive, well-coordinated disinformation campaigns.

CyberSecurity:D-Link Home Camera security problem

There has been growing concern about securities in home appliances. Recent news came from D-Link’s manufacturing company from Taiwan on home camera.

Consumer Reports finds that D-Link’s home camera sends unencrypted video without unique passwords

https://boingboing.net/2018/10/30/d-link-dcs-2630l.html

Home Camera is a new gadget everybody like to have it at home. I remember, in my childhood, people had craze of the radio and love listening to old songs. As technology advances, now people like to have IOT (Internet of things) devices at home. Even if someone wants Radio, they would prefer to have Radio as IoT devices. More connectivity port available in the devices, the better it is now. Bluetooth, WIFI, hotspot enablement etc are the basic features in any device.

IoT is more about connectivity and how people like to control their own stuff. As per wiki IoT definition:

“The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronicssoftwaresensorsactuators, and connectivity which enables these things to connect, collect and exchange data.”

These home appliances are slowly becoming spy devices. Would share in some other posts what are the spy devices & how are they spying on?. There are lots of guidelines & standard to implement them and use them in a way they are supposed to be used. But this thought is applied to everything. Like application security, data security, cloud security etc.

For more readings about IOT guidelines. The GSMA IoT Security Guidelines: 

GSMA IoT Security Guidelines and Assessment

Thoughts:

It is time for the consumer to ask for the security & basic questions. And, have an agreement with the vendor.  The following basic question must be asked:

  • What is the procedure they have to secure my data?
  • What is the information they are capturing? Does home appliance listen to the private conversation as well?
  • What if the consumer wants to delete the records?
  • Whom these videos or audios are being shared? How private info is secured?