Shaun Murphy is an English professional snooker player, who won the 2005 World Championship. Nicknamed "The Magician", Murphy is noted for his straight cue action and his long potting.
• Peter Dinklage (Peter Hayden Dinklage is an American actor. Since his breakout role in The Station Agent, he has ...)
• Helen Greiner (Helen Greiner is a co-founder of iRobot and currently CEO of CyPhyWorks. She is a Trustee of the ...)
• Kenny Loggins (Kenneth Clark "Kenny" Loggins is an American singer/songwriter and guitarist. He is known for sof...)
I've been working security and privacy for a couple decades informing every day people of the security issues out there and tips to secure their lives. Today we release our first product to help solve these issues and improve sharing efficiency.
We know you have questions about cloud security so go ahead and ask away!
Here's the link to our kickstarter:
If a packet hits a pocket on a socket on a port,
And the bus is interrupted as a very last resort,
And the address of the memory makes your floppy disk abort,
Then does socket packet pocket have an error to report?
[Edit: This poem is not mine. It originates from Usenet back in the 80s. For more, google: Dr. Seuss on computers]
On a more serious note, what are your thoughts about MIT's Riffle?
Thank you for that, we'll have to incorporate that style into our whitepapers soon.
I like the idea of anonymous exchange of content and communication - some people really need that and something better/faster than Tor is always a plus.
I haven't seen any group take off with yet, perhaps there's an opportunity there.
Confused about net neutrality. Isn't network throttling just ISPs responding to market demand? Shouldn't they be allowed to charge a higher price in order to meet demand?
Every day we use our smart phones, tablets, and other devices to try out new apps and services that just might make our lives better - it's terrifying to think that that innovation will be destroyed because the startups of the world are throttled down because they can't pay for faster access or we're stuck with the existing services with all their limitations because they simply have the most money.
It's also an insult to the US taxpayers that spent so much money building up this infrastructure only to get horrible upload speeds with the threat of even worse access in the upcoming year because they have almost no choice on ISPs.
How did you get into cyber security? What career path should i take from university. I am planning on going to Guelph for computer science/ software engineering. Would those courses allow me to get into cyber security?
These days there are many excellent degrees and certifications paths you can take, it is a bit overwhelming. I didn't have that many options when I when through my undergrad so I took a computer engineering approach - one that mixed software and hardware study.
Most systems you'll use in practice these days are controlled strictly by software systems but there are some systems that do have hardware components that are mysterious black boxes for most people.
I recommend checking out some relevant clubs at the university as well like Cyber defense clubs and the sort. I always like the approach of learning how to breach a system in depth before you consider how to secure one.
So, how does this compare to Fakeblock?
So watery and yet there's a smack of ham to it.
In a lecture titled "Cyberphobia: identity, trust, security and the internet" Edward Lucas made the argument that the internet was inherently built to not be secured. "The internet was designed by a small group of computer scientists looking for a way to share information quickly. In the last twenty years it has expanded rapidly to become a global information superhighway, available to all comers, but also wide open to those seeking invisibility. This potential for anonymity means neither privacy nor secrecy are really possible for law-abiding corporations or citizens."
Do you agree that the way the internet was built and the dramatic expansion of HOW we use it means we may never actually be secure in our Data?
Privacy and security doesn't have to be just about being anonymous or invisible. The sheer number of apps, services and devices connected to the internet that have no security is staggering and the damage done after a major breach goes on for a lifetime.
I think the internet does have some fundamental flaws - the recent massive take down of major DNS servers from IoT devices was a rude reminder of that... but it's mostly the applications and services we use that have let us down. Sure, perhaps people share too much personal information online... the's not much you can do to stop that user behavior.
What you can do is protect the other huge percentage of users that want to share content with friends using public key cryptography technology we've known about for centuries (or more.) Web browsers should've had this several generations ago, social media should've had this from the very start, and every messaging/email system out there should have this built in as a default.
The common saying is "encryption is hard" - so was streaming video, tracking users across services and selling that data but that's working pretty well these days for the tech giants.
Does this include the "hybrid cloud storage"... and who pays for it?
The hybrid is two fold:
What is your opinion on the Snowden event ?
It's a tough call for me, personally... The fact that more people are talking about security and privacy and more companies are starting up to develop solutions to truly protect their customers is great - but it should never have gotten this bad.
We were all made so vulnerable by the tech giants and other entities capturing and correlating data on everything we do and every data breach moves us closer to a total collapse of any authenticity of the internet making our lives miserable as we try to recover from identity or financial theft, are devastated that our intimate conversations and content were leaked, or simply we have no idea what or who is real online anymore.
Do you have any feelings towards why so many people blindly trust their data to the cloud? I know some make an informed choice but many simply upload personal images and other data without thinking about it... any views on why that would be?
Our research into this subject found that most people think: "I have nothing to hide... not that I could." They are also given mixed marketing messages that they have do have "encryption" or they are "probably secure"
Also the appeal of a service that costs nothing (but your privacy) for a single cool/new feature is quite appealing to the masses. The more you give people the more they will take.
We don't think people are wrong for not considering this... the service should be there to protect them and treat them like a customer, not just another monthly-active-user to advertise to and scrape through all of their data. Unfortunately the only way people can see this as a threat is when it's too late.
I guess my follow up would be how do you protect people from themselves?
Requiring a Password and people just use "password1", or leave themselves logged in on public computers.
Secondarily, we see major institutions get hacked people of one person who may have access to alot of information...would there be a way to segment more data so a breach isn't universal?
You give them sane, secure defaults.... not make them opt in
Combine passwords with 2 factor authentication (something you know + have) solves most password reuse issues. Sure, this slows things down a bit - just like the chip vs magnetic swipe card readers but the security improvement is massive.
Leaving themselves logged in on public devices - that's a tough one and would require the hardware itself to have some continued user identification - Microsoft is working this area as are others. Best advise is don't touch a public computer, however, who knows what's on there capturing keystrokes (software, hardware and gross stuff on the keyboard)
Yes - I call that an internal threat, an employee walks out the front door with tons of data or accidentally clicks something that acts like him or her on the network. In communication and content sharing services, the data should never leave the user's devices without proper and secure end to end crypto. Only the sender and recipients need access to that decrypted data, the provider does not. The beauty of that is if a rogue employee does violate some piece of paper agreement they will have an impossible task of decryption each little chunk. For systems that do need access to customer data - encrypt in transit, encrypt at rest, use hardware key systems, segment sensitive data on different (and air gapped) networks when possible, etc.
How'd you start?
Are you happy with your job?
Are you payed enough?
Any tips for someone interested in security?
I started working on intelligent payphones back in the day. Towards their end of existence, payphones were actually computers inside the big metal case that held all of the logic for billing, alarms, etc. And there was a lot of consideration for the security of the payphone owner (phreaking) as well as the privacy of the phone users.
That led into my deep interest in the crypto wars in the 90s with PGP and such and so I studied computer engineering for my undergrad and graduate degrees.
The job is useful - there are how many users on the internet RIGHT NOW, how many of them are going to lose a job because of something posted, how many are going to have financial distress during the next big system breach? It's almost a never ending stream of opportunity to help real people and I love that.
Pay can quite good depending on the area you go in. I suspect with the happenings in the United States right now, you're going to see more demand for professionals in this area.
I'm sure you've had job opportunities with government agencies. Is there a specific reason you chose not to go that route?
Cyber Security student here.
I've worked both in both private industry and as contractor for certain agencies. The best part of private industry is you can talk about what you've worked on, sometimes!
No matter where you end up, you have an enormous responsibility to your user base and right now almost every industry is in need of new talent.
Makes one wonder if a system could be developed that's smaller than tor (faster), all nodes controlled by a single entity (the company)(so again faster, but also increased deployability), but where a user could exchange data with that entity with proof of anonymity...
Perhaps but that sounds like a VPN - what if that single entity is your adversary?