How to be Web Security Expert from Zero

We all know that web security for online platforms is necessary. Organizations now want IT experts and professionals for their companies. Web security experts have become hot cakes. A lot of people have been scratching their brains out, wondering on how one can become a web security expert without having any experience in the IT industry. The same concern was raised on Quora. Dawid Balut, a security at Egynte, responded by giving his answer and also sharing his experience. Do you want to know how you can be a web security expert from scratch? Then read on!

Like we mentioned above, you do not have to have experience in the IT field for you to be a web security expert. However, first, you have to be a security professional. The following are other tricks for you if you are starting from zero.

How to Become a Web Security Expert

1. Apply Security Concepts

The first step to take, to become an expert is applying the security concepts in whatever field you are in. Dawid confessed in his experience, that most professionals that he knew, benefited from applying security concepts in their fields.

2. Coding is Important

Coding is a web app security tester that cuts the line between a wannabe expert and a real expert. Coding helps you to learn how to get a handle on programming language and how to improve resiliency. You also get to learn about how software stacks work.

3. Compliance and Technology Models.

Get to know about technology and business models. Study industry practices online. For instance, you can learn ways of managing AWS security using 12 different controls. Business books will also be of help and from the books, you will learn from experiences of successful businesspeople.

At the end of the day, you don’t need a degree or years of experience to join the niche. You can still be a web security expert irrespective of the field you are in. The guideline we provided will help you on this journey. Also, enrolling for a crypto analyst course in an institution offering cryptography programs will be of great help to you too. There is no time limit to become a website security expert. All what is required of you is thorough research and determination to be a web security hero!

California State Senate Votes Overwhelmingly in Favor of Restoring Net Neutrality

On Wednesday, multiple media sources reported that lawmakers in California had passed a bill that will effectively restore net neutrality in the state. This news comes just months after the FCC (Federal Communications Commission) decided, in what has proven to be a controversial act, to reverse the net neutrality protections put forth during the Obama administration on a federal level.

In essence, net neutrality refers to a series of government regulations which prevent internet service providers from charging websites for expediting access to consumers. Advocates of the law argue that these regulations are necessary for the protection of information and democracy on the web. Critics, such as FCC chairman Ajit Pai, insist that such regulations are not necessary and simply add extra overhead costs to internet service providers, who in turn pass these costs onto end users.

Regardless, lawmakers in California are treating the news as a win for a more free and open internet. Not surprisingly, California voters overwhelmingly support net neutrality, and the new vote, in many ways, will give incumbent lawmakers “brownie points” ahead of the 2020 midterm elections.

However, it is not just California voters who support the move; the state’s second largest industry does as well. Technologies throughout the Silicon Valley praised Wednesday’s decision, claiming that the laws are necessary in order to protect users who rely on the internet as their daily source of information, and in some cases income.

Many now speculate that the landmark passing of this bill will set the stage for other states to bring forth net neutrality bills of their own. However, whether states will be able to band together to essentially reverse the FCC decision made earlier in the year is still unknown.

The bill now heads to the state assembly, where it is largely expected to pass.

Your Router Could Be Infected by VPNFilter Marlware

As if it’s not enough that we have to monitor our privacy and security settings on our computers, mobile devices and even our infant monitors, we now have been given a warning from the FBI that our routers are on the list of items that have been hacked in recent months.

This Business Insider report of the FBI warning details the warning from the FBI, which states that anyone using a router should immediately reboot their routers. Apparently a Russian malware called VPNFilter is able to install secretly on internet routers and thereafter collect data from users. The FBI believes that 500,000 routers, almost all from the Ukraine, have been compromised.

The FBI states that rebooting the routers will cause the malware to be temporarily blocked and will help in possibly identifying devices that are infected with the malware. According to the FBI, you should also disable the remote-management settings, update your password and install any updates for the router.

Also on the Business Insider story is a walkthrough of how to implement these steps. First, type in the router’s IP address into the address bar of the router. You can find the IP address either in the router’s manual or by searching online. Enter your username and password when prompted (if you never set it up, most defaults are admin/password). If this doesn’t work, search for your router’s default login online.

To change your login credentials, go to the advanced settings and administration pages and reset the password. To disable the remote-management settings, go to the advanced settings and find the remote management setting and turn it off. While at the advanced settings, find the firmware update setting and follow the instructions.

If there are no firmware updates, then reboot the router. Following these steps will successfully disable any malware that may be infecting your router.

Computer Virus Shuts Down The Computer Network In Lauderdale County

A computer virus led to the shutdown of the computer network in Lauderdale County. The good news is that no one’s personal information was compromised. According to Chris Tafferty, the system has been down since May 22, but they plan to have it up and running in a few days.

Chris stated that the virus caused a temporary loss of information, but most of it has been restored. He is not sure about what caused the virus to affect the network. However, he believes that Facebook or YouTube may have caused the virus.

Chris stated that the virus is just a risk that comes along with doing business in the 21st century. Brandon Sesser works at East Mississippi Community College. He stated that it is common to see those types of infections.

Brandon has simple tips for preventing an infection. He recommends that people keep their network updated. He also stated that you will need to disable tracking cookies.

Furthermore, Brandon recommends that you be careful about the type of links that you click on. If you get an email with an attachment, then you will need to make sure that you know where it comes from. An email may look like it came from a trusted source, but that does not mean that you should open it.

The worse type of attachment for you to open is an executable file. Many people get viruses on their computer by opening an attachment from a source that is not verified or trusted.

Honesty and Advertised Internet Speeds

The Internet has quickly become one of the fastest-growing technologies of all time. In a short number of years, the ability for you to stream data into your home on-demand has become rather commonplace in the first world. There are still issues however with the access to reasonably priced Internet in a number of countries around the world. Even in the countries that do have access to the Internet, there are still sometimes issues when it comes to the advertised speed of your connection and the speed that you are actually receiving. A recent law which has been passed in the United Kingdom looks to change this.

These new laws seek to provide stricter regulation in regards to the manner in which Internet service providers are able to advertise their Internet service speeds. In the past, these companies were able to advertise with vague terminology such as “speeds up to.” This was legal as long as it was possible to provide these maximum listed speeds to a minimum of 10% of customers at any point during the day. According to the new laws, advertised maximum speeds must be available to a minimum of 50% of customers during peak usage times.

Several companies in the United Kingdom have already changed their advertising to reflect the new laws, and as a result, the speeds that they are advertising have dropped. In one case an Internet service provider had to decrease their listed advertised speed from 17 Mb per second to 11 Mb per second. These speeds still do not take into account the possibility for poor Wi-Fi connection and other sources of potential interference.

Even with more honesty in the advertising of the speeds of provided Internet service this still does not take the steps that are necessary in order to change the underlying issues. The infrastructure that provides the country with their data connections is incredibly outdated. The Internet connection speeds available in the United Kingdom are outperformed by almost every other European country. If the United Kingdom wishes to remain competitive, it should become a strong priority to update the infrastructure that is available within their country.

FBI Warns Americans to Reset Their Router Due to Hack

The FBI has recently warned Americans that the same hackers behind the DNC 2016 hacks of the Presidential election are now going after home and commercial wifi routers. The law enforcement agency warned everyone to turn off their router and turn it back on. This is said to clear the cache of the router which prevents the hack from being successful.

 

This simple fix, unfortunately, is only technical. The US DOJ has identified the culprits of the hacks as the Sofacy Group, also known as APT 28 and Fancy Bear. These hackers are directly employed or at least affiliated with the Russian national security services. In this particular hack, the Kremlin-affiliated groups have infected millions of home and business routers across the globe.

 

The FBI and other US intelligence agencies have proof that the malware from these state-sponsored hackers threatens the people of the United States in a number of ways. The name of the current malady is “VPN Filter“. The malware shuts down the router that it infects and also collects any information sent between that router, connected devices, and the internet.

 

This means that any website logins, passwords, confidential numbers, etc. could be stolen using this malware. With the tools available to the vast majority of consumers cannot detect this virus. However, when you reset your router that ends up deleting part of the program that causes the problem. The issue is that this solution does not permanently delete the file- it essentially treats the symptom and not the cause.

 

The ongoing cyber crisis between the United States and Russia is shaping up to be another front in the Cold War 2.0. This hack is designed to scrape as much personal information about users in the United States as possible. This is to steal financial information like bank accounts, credit card numbers etc. They also look to find compromising material in order to gain leverage during negotiations.

 

The FBI recommends that if you believe you are infected with this malware that you wipe and reinstall the OS of both your internet connected devices and router. This is the only current solution known that will completely remove the program. You can also reset your router for a short-term solution but this will not permanently remove the malware.

Saving ZTE?

ZTE is one of the largest phone companies in the world. This China company service many Americans and their phones used across the globe. Recently president Trump has stopped American firms from selling parts to the company until 2025. There are word claims from Washington that ZTE violated a deal that was set a while back in which they disrupted the US sanctions of North Korea and Iran.
Well ZTE denies these claims, an Export ban was still set on ZTE which put the company as a whole one a crutch. In a domino effect, this caused a lot of ZTE employees to lose their jobs and their livelihoods in China. This was an outcry to the Chinese government and put the US government and at fault for the cause. Being contradictive, the White House has reverse there stand on ZTE as the president himself has vowed to restore the effects of these situations. As CNN Reports a tweet from the president and I quote, “President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!”
I think the United States understand the importance of ZTE as it is the fourth largest smartphone provider in the United States. However, the US was always skeptical since 2012 about the technology that goes into the ZTE phones. Some officials claim that the technology and the phones make it easier for other countries to spy on the users. The United States has been cautious of the security and has warned ZTE before. Even president Trump has made it or wear to the Chinese government even going as far to say it is “unfair trading practices.”
To reflect on the situation, I don’t condone anyone losing their jobs and livelihoods. However, if there is a safety con cern that can put the U.S. in jeopardy then I would not put the country at risk. Also if there’s a stance that you take then I think they should follow through with the whole Act. Taking one action to punish ZTE but then turn around and try to rectify it after you cause it isn’t very professional in my eyes as a country.

New Kickstarter Badges Unveiled that Keep Backers Up to Date

In a move to help smaller hardware manufacturers fulfill on their crowdfunding campaigns, Kickstarter parterned with Avnet and Dragon Innovation in 2017 to make the Hardware Studio initiative. Now, they’re taking things up a notch to help improve transparency and motivation.

This comes in the form of four new badges that will appear on some of the Hardware Studio projects in the near future. The idea behind this update is that having easily recognizable and easy to explain markers on funded projects makes it easier for backers to see how the product they put money into is coming along in development.

These badges will hopefully be rolled out for all campaigns in the Hardware Studio program, though priority is currently being given to those in the Connection program, a subset of Hardware Studio with more rigorous and competitive standards but greater access to planning tools and other perks. So far, there are four badges that can be put onto a project.

The first is the Engaged badge, which tells backers that the campaign they’ve backed has been accepted to the Connection program and that pre-planning and a working proof-of-concept prototype for the product is complete.

The second is the Ready Level 1, indicating that the prototype has advanced to a degree that it could be sold as a legitimate product, though more user testing will be required before this would happen. It would hopefully indicate that the projected cost of production is accurate, as well.

Third is the Ready Level 2, which certifies that production plans have been finalized and that all the units promised can be produced, and that testing and feedback have gone into improving the original design. Funding would typically be used for materials, tools, and finding certification.

Finally, there is the Ready Level 3 badge, which claims that the product is ready for manufacturing. Funding at this level would go exclusively to manufacturing costs.

While these badges in no way guarantee that a product will be made and shipped out, when used honestly, they could be a major help in keeping backers up to date and helping campaign managers organize and run their production.

YouTube Adds New Section to Videos for Additional Song Information

As of May 16, 2018, YouTube has officially made a long awaited change to how its video descriptions work, adding an additional section to include specific song information for music used in a particular video.

So far, over half a billion videos have been given this treatment with more to come in the future as the feature is progressively rolled out. Labeled as the “music in this video” section under the “SHOW MORE” tab, certain videos can now offer information on song titles, their artists, their writers, and the licenses associated with the music. Some videos will even feature a link to an artist’s official channel if the song isn’t being played from the channel already.

This decision was likely made either as part of or in response to the settlement YouTube and the National Music Publishers Association, which cost the Google-owned entity around $40 million worth of royalties to artists. Properly crediting those who make the music on videos would just be one way in which they could avoid this happening in the future, especially if it meant steering viewers back to the artists’ official channels and away from unauthorized uploads.

Unfortunately, this isn’t all good news. In order to help locate videos and provide the proper credit, YouTube has turned to its favorite solution to all problems: The algorithm. To make matters worse, the company says it will be using the same technology that goes into its Content ID system, considered by many to be a disastrous piece of code notable for causing many, many, many problems over the years related to false flagging, improperly flagging, or simply not flagging at all copyrighted material and works allowed under fair use.

If the company can manage to properly utilize this feature, however, it could provide much needed credit and revenue to the artists who make the songs we love. Execution will likely be the determining factor of how things end up.

“Music in this video” is now available for a large number of videos on both the desktop and mobile app versions of YouTube, with more to come in the near future.

Facebook Is Allowing Users to Choose if Their Data is Collected

Recently it was announced that Facebook users would soon be getting the option to opt out of the website’s ability to collect their browsing information. This comes after Mark Zuckerberg received backlash for the amount of data that was being collected. This includes from browsers who didn’t even use the Facebook service.

One of the data sets that drew the most attention was their collection of browsing history. Someone’s browser history includes information about the apps and websites that were recently visited, not just Facebook activity. This information was then being sent to developers that used their plugins.

This information’s main use was to target advertisements to users based on their internet activity. An example would be showing an advertisement for an item that a user had viewed previously but not purchased. While there were rumors and jokes about Facebook spying on their user’s internet activity, it turns out that they were not that far from the truth. Fortunately for users, soon they will be able to make sure that their internet history stays private from Facebook and their advertisers.

The feature that is currently being developed is being called “clear history”. It will have a few options to meet the security desires of the users. Not only will Facebook users be able to prevent Facebook from collecting any further browsing history and data, they will be able to have the information that was already collected on their servers removed. While it may still remain on the server, it will be in an aggregated collection that is completely anonymous and unable to be connected to an individual account. Unfortunately for non-users of the site and app, they cannot choose to opt-out of this anonymous collection. If they choose not to have Facebook collect their data, their easiest option is to not visit the website.

In recent weeks, Facebook has made many important changes in how they deal with data collection and the privacy of their users. Many users expressed their dismay with Facebook after it was discovered that they were sharing this data with Cambridge Analytica.