Chatbots are everywhere. It feels like the early days of mobile apps where you either knew someone who is building an app or many others planning to do so. Chatbots have their magic. It?s a frictionless interface allowing you to chat with someone naturally. The main difference is that on the other side there is a machine and not a person. Still, one as old as I got to think whether it is the end…
Smartphones will soon become the target of choice for cyber attackers?making cyber warfare a personal matter. The emergence of mobile threats is nothing new, though until now, it has mainly been a phase of testing the waters and building an arms arsenal. Evil-doers are always on the lookout for weaknesses?the easiest to exploit and the most profitable. Now, it is mobile’s turn. We are witnessing a historic shift in focus from personal computers, the long-time…
Targeted attacks take many forms, though there is one common tactic most of them share: Exploitation. To achieve their goal, they need to penetrate different systems on-the-go. The way this is done is by exploiting unpatched or unknown vulnerabilities. More common forms of exploitation happen via a malicious document that exploits vulnerabilities in Adobe Reader or a malicious URL that exploits the browser in order to set a foothold inside the end-point computer. Zero-Day is…
Imagine a futuristic security technology that can stop any exploit at the exact moment of exploitation?regardless of the way the exploit was built, its evasion techniques, or any mutation it might have or was possibly imagined to have. This technology is truly agnostic for any form of attack. An attack prevented with its attacker captured and caught red-handed at the exact point in time of the exploit…Sounds dreamy, no? For the guys at the stealth…
Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative of the contribution security researchers on awareness and it is very hard to imagine what would the world be like without disclosures. Still, the way attacks are being crafted today and their links to such disclosures got me into…
The main victims of any data breach are actually the people, the customers, whom their personal information has been stolen and oddly?they don?t get the deserved attention. Questions like what was the impact of the theft on me as a customer, what can I do about it?and whether I deserve some compensation are rarely dealt with publicly. Customers face several key problems when their data was?stolen, questions such as: Was their data stolen at all?…
It has been a crazy two days at Israel?s Cyber Tech 2015?in a good way! The exhibition hall was split into three sections: the booths of the established companies, the startups pavilion and the Cyber Spark arena. It was like examining an x-ray of the emerging cyber industry in Israel, where on one hand you have the grown-ups whom are the established players, the startups/sprouts seeking opportunities for growth, and an engine which generates such…
The beginning of the cyber park There are very few occasions in life where you personally experience a convergence of unrelated events that lead to something?something BIG! I am talking about Beer-Sheva, Israel?s desert capital. When I started to work with Deutsche Telekom Innovation Laboratories at Ben-Gurion University 9 years ago it was a cool place to be, though still quite small. Back then, security?which was not yet referred to as cybersecurity?was one of the…
One of the core problems with cybercriminals and attackers is the lack of a clear target. Cyber attacks are digital in nature and as such, they are not tied to specific geography, organization, and or person – finding the traces to the source is non-deterministic and ambiguous. In a way, it reminds me of real-life terrorism as an effective distributed warfare model which is also difficult to mitigate. The known military doctrines always assumed a…
Overview The security level of a computerized system is as good as the security level of its weakest links. If one part is secure and tightened properly and other parts are compromised, then your whole system is compromised, and the compromised ones become your weakest links. The weakest link fits well with attackers? mindset which always looks for the least resistant path to their goal. Third parties in computers present an intrinsic security risk for…
Background Attackers are Stronger Now The cyber-world is witnessing a fast-paced digital arms race between attackers and security defense systems, and 2014 showed everyone that attackers have the upper hand in this match.? Attackers are on the rise due to their growing financial interest?motivating a new level of sophisticated attacks that existing defenses are unmatched to combat. The fact that almost everything today is connected to the net and the ever-growing complexity of software and…
Microsoft and Google are?bashing each other on the zero-day exploit in Windows 8.1 that was disclosed by Google last week following a 90 days grace period. Disclosing is a broad term when speaking about vulnerabilities and exploits – you can disclose to the public the fact that there is a vulnerability and then you can disclose how to exploit it with an example source code. There is a big difference between just telling the world…
Google Project Zero has debuted with the aim of solving the vulnerabilities problem by identifying zero-day vulnerabilities, notifying the company which owns the software, and giving them 90 days to solve the problem. After 90 days they publish the exploit. And they just did it to Microsoft. I remember quite a while ago when we decided at the cyber labs at Ben-Gurion University to adopt such a policy following our discovery of a vulnerability in…
The surging amount of cyber attacks against companies and their dear consequences pushes companies to the edge. Defensive measures can go only so far in terms of effectiveness, assuming they are fully deployed which is also far from being the common case. Companies are too slow to react to this new threat which is caused by a fast-paced acceleration in the level of sophistication of attackers. Today companies are at a weak point. From a…
Sony hack has flooded my news feed in recent weeks, everyone talking about how it was done, why, whom to blame, the trails which lead to North Korea, and the politics around it. I?ve been following the story from the first report with an unexplained curiosity and was not sure why since I read about hacks all day long. A word of explanation about my “weird” habit of following hacks continuously, being a CTO of…
Cross-platform is tricky. It seems like a small “technical” buzzword but actually, it is one of the biggest challenges for many technology companies and has different aspects for different people in the organization and outside of it. Developer Point of View It all starts with the fact that applications can potentially be targeted towards different computing devices. To get more people to use your applications you would like it to run on more and more…
One of the main problems with Android for app developers contemplating on Android vs. iOs is the fact it is highly fragmented. On iOS you, unconsciously, know that you need only to build one version (Let’s keep the example simple) and it will work on all devices, you know that Apple is doing everything to make sure everyone has the latest version and that there is a decent level of backward compatibility. ?For Android developers…
Siri apparently has started a revolution, at least public relations wise since voice activation has been around for quite a while but never seemed to be perfect. It seems people like to talk to her and she responds back. Few in the industry have written on the impact the new voice interaction paradigm might create -?Gigaom discusses the potential loss of mobile ad revenues?and Bloomberg reports on?Siri doubling data volumes. Voice indeed seems as a…
I am a big fan of apps! Both as an apps developer and as a smartphone user started way before the days it was even called a smartphone. I own several phones with all possible operating systems and never miss a chance to install any new app I encounter. I may be a major factor in the total 2011 downloads number in app stores:) Following this self-proclaiming manifest and after I achieved credibility as someone…
I have been enjoying my first iPad for the last year and a few weeks ago I got a new one, iPad 2. I knew I should not expect too many new features on it except for better speed and camera support. Indeed it felt very fast. Very fast in comparison to my first old iPad. And then I got a weird feeling about the improvement as if someone cheated me. Actually, it was not…
I had my twitter account for quite a while but never really twitted. I guess I was part of the million accounts out there, just idle. I did not find a time to blog so automatically I considered tweeting as something I won’t have time for it also. Last week I started tweeting and it is very nice. I enjoy it. Same as blogging but faster, shorter and more in sync with the so many…
Software applications have two main perspectives the external perspective where interfaces to the external world are defined and consumed and the internal perspective where an internal structure enables and supports the external interface. Let me elaborate on this: The internal perspective shows the building blocks and layers within the application allowing specific data flow and processing. To further simplify things let’s take an example from the real world and that is a real building block.…
Recently I got deeply interested in rich Internet technologies such as Adobe Air and Microsoft Silverlight and it is hard to not see the trend of returning to good old desktop applications with one big twist – the web included. These rich desktop applications are naturally integrated into the web with its rich services, content while enjoying UI breakthroughs achieved by browsers and site designers. It is great to see unique and smooth UI concepts…
The end of year is full of posts about how all startups and CEOs (now after the market meltdown) are going to be focused in 2009 on revenues, efficiency, listening to customers, making better products, and more… Just the other day I read Some startup CEOs? New Years’ resolutions where most resolutions sound like boiler plated stuff. It is not that I don’t appreciate efficiency and revenues, don’t get me wrong, but still one has…
After many long years of development to both MS Windows platforms and Linux platforms and especially lots of frustration in recent days trying to install/uninstall software on my WinXP to solve a problem I have few conclusions on proprietary vs. open source development. One of the nice things about development in Microsoft world (or at least seems so until you get into trouble) is that everything wraps up so nicely as if you were in…