On Browser Security Updates, OS and Internet Use

In 2016, internet access and the internet of things will drastically change. At least that is what major media-statistics agencies, trend-specialists and PR offices proclaim and that is also, what major service providers such as Google, Microsoft, Apple etc. announce, and also according to the ruling governmental bodies, such as smart-security industries of defined regions that already regulate.

Firstly, in 2016, all old and proven unreliable security solutions will be gradually stripped off the SHA1 security algorithms and encryption methods and will give place to the all-pervading SHA2 encryption protocols with no less than 256-bit encryption. SHA2 will become the next step in applying encryption algorithms to any digital, virtual, security or financial transactions. No lower than 256-bit encrypted ‘digital handshakes’ will be allowed. Thus applying SHA2 rules to internet access will have drastically changed effects on how the general public accesses the internet, what privacy protocols will affect us and will determine the identification processes of its users. The proposed changes are to be among the most influential policies on security, digital communication, IT, digital transactions and in the history of internet as we know it today. Policies will depend on the agreements made and forthcoming regulations will determine all other factors that will have to comply and follow the rule.

Secondly, with proposed changes in security policies and encryption algorithms actively affecting general transactions, confidentiality, data encryption and processing technologies, we will arrive at one of the largest security market opportunities in the last 20 years. With this said, the year 2016 will allow us to actually test the reliability and responsibility of all currently available security solutions, to accept the ones that do their job well enough, to implement additional protocols with, invent new solutions, and to drop the others that do not suit the requirements anymore.

Internet Browser Security & Updates – Why do we need them?

For example: outdated browsers are a security threat and are blocking the advancement of the web because of their limited features and many bugs.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript – sometimes with cross-site scripting (XSS) – sometimes with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities (security holes) that are commonly exploited in all browsers (including Mozilla Firefox, Google Chrome, Opera, Microsoft Internet Explorer, and Safari).

Web browsers can be breached in one or more of the following ways:

1. Operating system is breached and malware is reading/modifying the browser memory space in privilege mode.
2. Operating system has a malware running as a background process, which is reading/modifying the browser memory space in privileged mode.
3. Main browser executable can be hacked.
4. Browser components may be hacked.
5. Browser plugins can be hacked.
6. Browser network communications could be intercepted outside the machine.

The browser may not be aware of any of the breaches above and may show user a safe connection is made. Whenever a browser communicates with a website, the website, as part of that communication, collects some information about the browser (in order to process the formatting of the page to be delivered, if nothing else). If malicious code has been inserted into the website’s content, or in a worst-case scenario, if that website that has been specifically designed to host malicious code, then vulnerabilities specific to a particular browser can allow this malicious code to run processes within the browser application in unintended ways (and remember, one of the bits of information that a website collects from a browser communication is the browser’s identity- allowing specific vulnerabilities to be exploited). Once an attacker is able to run processes on the visitor’s machine, then exploiting known security vulnerabilities can allow the attacker to gain privileged access (if the browser isn’t already running with privileged access) to the ‘infected’ system in order to perform an even greater variety of malicious processes and activities, on the machine or even the victim’s whole network. For that said, it is of an outmost importance to update, or allowing automated updates, for all applications in use.

By the end of 2016, every single user from billions of internet users (with a usage rate steadily growing) will be notified to comply with the new security standards and identification methods by signing up with privacy terms and regulations enforced through governmental regulatory bodies, internet service providers (IS), operating system (OS), mobile operators (MO) and digital transaction providers.

For example, in relation to encryption algorithms, most of the secure web uses an insecure algorithm, and Google has just declared it to be a slow-motion emergency. Google also recently announced that if you use Chrome as your web browser, then you will start seeing a progression of warnings for many secure websites. The first set of warnings will have hit before Christmas 2015, and will keep getting sterner over the next 6 months. Eventually, even sites with SHA-1 certificates expiring in 2016 will be given yellow warnings.

Privacy & Identity – How are they defined?

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes. When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps security (confidentiality), which can include the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity.

The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries’ privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy. An example of this would be law concerning taxation, which normally require the sharing of information about personal income or earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures.

Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits and very often with specific dangers and losses, although this is a very strategic view of human relationships. Research shows that people are more willing to voluntarily sacrifice privacy if the data gatherer is seen to be transparent as to what information is gathered and how it is used.[1] In the business world, a person may volunteer personal details (often for advertising purposes) in order to gamble on winning a prize. A person may also disclose personal information as part of being an executive for a publicly traded company in the USA pursuant to federal securities law.[2] Personal information which is voluntarily shared but subsequently stolen or misused can lead to identity theft.

Identity – What defines it & How does it define us?

Privacy may be understood as a prerequisite for the development of a sense of self-identity. Privacy barriers, in particular, are instrumental in this process. According to Irwin Altman, such barriers ‘define and limit the boundaries of the self’ and thus ‘serve to help define [the self].’ This control primarily entails the ability to regulate contact with others. Control over the ‘permeability’ of the self’s boundaries enables one to control what constitutes the self and thus to define what is the self.

In addition, privacy may be seen as a state that fosters personal growth, a process integral to the development of self-identity. Hyman Gross suggested that, without privacy – solitude, anonymity, and temporary releases from social roles – individuals would be unable to freely express themselves and to engage in self-discovery and self-criticism. Such self-discovery and self-criticism contributes to one’s understanding of oneself and shapes one’s sense of identity.

Most people have a strong sense of privacy in relation to the exposure of their body to others. This is an aspect of personal modesty. A person will go to extreme lengths to protect this personal modesty, the main way being the wearing of clothes. Other ways include erection of walls, fences, screens, use of cathedral glass, partitions, by maintaining a distance, beside other ways. People who go to those lengths expect that their privacy will be respected by others. At the same time, people are prepared to expose themselves in acts of physical intimacy, but these are confined to exposure in circumstances and of persons of their choosing. Even a discussion of those circumstances is regarded as intrusive and typically unwelcome.

The fact is that the human factor is of the utmost importance to any security, privacy or identification related question or solution. Human Factor also calls for an explicit answer in identification protocols of ‘Yes’ or ‘No’ as the only alternative options and it is proven to bring the only permeable factor in the reliability equation itself. So excluding the human factor from the reliability equation as well as from the evaluation process as an identifiable method for proving the security, privacy or digital identity itself is not advisable at all.

Privacy is dead – Get over it.

It is fundamentally advisable for every online user to begin using a secure VPN, and even if some don’t think so now, at some point in the future everyone may consider it as important as a basic internet connection.

Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor’s behaviour on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.

Virtual Private Network or VPN is an IT Term that describes a secure tunnelling technology applied between two devices. VPN creates a secure tunnel between users computer and every website or online application, allowing user to anonymously appear to be anywhere of his/hers choose.

In relation to ISP and Data Retention Laws it Protect and frees users IP & ISP identity with just 1 click. When user connects with a VPN, it launches a VPN client on computer, VPN client connects user with provided credentials, and users computer exchanges trusted keys with a far away server. Once both computers have verified each other as authentic, all of the users internet communication is encrypted and secured from eavesdropping.

Some experts such as Steve Rambam, a private investigator specializing in Internet privacy cases, believe that privacy no longer exists; saying, ‘Privacy is dead – get over it’. In fact, it has been suggested that the ‘appeal of online services is to broadcast personal information on purpose.’ On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, ‘Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.’

Do not ‘Remind Me Later’ on Software Updates.

Software updates perform a myriad of tasks. They are available for both our operating system and individual software programs. Performing these updates will deliver a multitude of revisions to your computer, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.

We all get them from time to time – those little windows that pop up, notifying us that there are software updates available for our computer. Chances are, these always seem to present themselves right when we are in the middle of doing something seemingly important, so it’s all too convenient to click on that ‘Remind Me Later’ button. Later eventually rolls around, and our little pop-up friend is back once again, nagging us to install these updates and restart our computer. And just like during their last visit, we’re right in the middle of something, and the cycle continues. However, that notification is not there just to pester us. There is actually significant importance in updating our software.

A software vulnerability is usually a security hole or weakness found in an operating system or software program. Hackers exploit this weakness by writing code to target a specific vulnerability, which is packaged into malware. These exploits can infect your computer with no action on your part other than viewing a website, opening a compromised message, or playing infected media. Once it infects your computer, this malware can then steal data, allow the attacker to gain control over your computer, and even use software in a way that it was not originally intended.

So even though these software updates seem like a hassle, think of it as a preventative measure for your Internet safety. Next time that message comes up to update, resist procrastination and go ahead and hit that ‘Install Now’ button.