Never miss a story

Get subscribed to our newsletter


×
A French soldier watches code lines on his computer during the International Cybersecurity forum in Lille, northern France, Jan. 23, 2018. VOA

The new breed of hackers is flexing their muscles and now, cybersecurity firms which aim to safeguard your data are being hit right in their backyard — signaling a worrisome trend for enterprises and governments as encryption is proving to be fundamentally flawed.

In a bizarre incident late last month, global cybersecurity firm Palo Alto Networks “admitted” that the personal details of its seven current and former employees had been “inadvertently” published online by a “third-party vendor”.


The personal details of some past and present employees — their names, dates of birth and social security numbers — were exposed online.

Palo Alto Networks, however, did not divulge further details on who the third party vendor was and how the personal details of the employees were leaked.

San Francisco-based HackerOne which itself is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter and Zomato, last week paid $20,000 to a community user who exposed a vulnerability in its own bug bounty platform.

The vulnerability was exposed by a user with the handle called “haxta4ok00”.

“I can read all reports @security and more programmes,” posted the hacker on the community page.


A specialist works at the National Cybersecurity and Communications Integration Center in Arlington, Va., Sept. 9, 2014. (VOA)

“I did it to show the impact. I didn’t mean any harm by it. I reported it to you at once. I was not sure that after the token substitution I would own all the rights. I apologise if I did anything wrong. But it was just a white hack”.

The big question arises: How safe is our data with the cyber security enterprises that have mushroomed in the recent past.

In a statement shared with IANS, HackerOne said it believes in transparency and the vital role it plays in building trust.

“This was a vulnerability reported through HackerOne’s own bug bounty programme by an active HackerOne hacker community member and was safely resolved. The team followed standard protocol to conduct a comprehensive investigation of the issue and implement immediate and long-term fixes. All customers impacted were notified the same day,” HackerOne noted.

“It may seem counterintuitive to publish when things go wrong, but many companies face similar security challenges, and the value of public disclosure for the public and our community far outweighs the risk,” the company added.

Palo Alto Networks said they took immediate action to remove the data from public access and terminate the vendor relationship.

“We also promptly reported the incident to the appropriate authorities and to the impacted individuals. We take the protection of our employees’ information very seriously and have taken steps to prevent similar incidents from occurring in the future,” the company said in a statement.


An employee works near screens in the virus lab at the headquarters of Russian cybersecurity company Kaspersky Labs in Moscow, July 29, 2013. VOA

The big question arises: If cybersecurity firms are unable to thwart hacking on their platforms, where would an individual or a firm in India go to secure data?

“Both these incidents show that deliberate actions or even mistakes by companies can cripple huge security systems,” Virag Gupta, a lawyer who is arguing the case in Supreme Court for data localisation in India, told IANS.

The Data Protection Bill, which has been cleared by the Cabinet, envisages “sensitive” personal data to be stored in India, but it can be processed outside the country with the explicit consent of the individual concerned.

“Critical” personal data, which is another classified data, can only be stored and processed in India and will not leave the country. What constitutes “critical’ data” will be defined by the government at the time of framing regulations.

Also Read: Malaysia Launches Vaccination Campaign After 1st Polio Infection in 27 Years

“The new Data Protection Law in India must ensure an easy and fast redressal system that provides for both punishment and compensation,” said Gupta.

Companies may face a penalty of up to Rs 15 crore or 4 per cent of global turnover for major violations under the proposed Personal Data Protection law, according to official sources. (IANS)


Popular

wikimedia commons

Recently, Tom and Jerry was made into a live action film

Every child who grew up in the 90s and the early 00s has certainly grown up around Tom and Jerry, the adorable, infamous cat-chases-mouse cartoon. The idea of naughtiness and playing mischief had the standards that this particular series set for children and defined how much wreckage was funny enough.

The show's creators, William Hanna and Joseph Barbera initially named their characters Jasper and Jinx. They did not plan for the fame that Tom and Jerry brought them when they released a movie by the name of "Puss Gets the Boot". This movie featured a certain cat and mouse who were a notorious pair, named Jasper and Jinx. When the movie became a hit, the names of the characters were changed and the show shot to fame.

Keep Reading Show less
Photo by Unsplash

Indians Rarely Make Time For Arts And Culture, Says Survey

One of India's leading private museums, the Museum of Art & Photography (MAP) Bengaluru, has released new primary research conducted by the ReReeti Foundation, on audience behaviour in India's cultural sector. While more than half of the respondents thought the arts and culture are essential, they rarely manage to make time for it. The majority (60.6 per cent), mostly young people under 30, felt Indian museums could present more engaging content, and most perceived culture as anthropological/ sociological. Of the diverse categories included, music emerged as the most popular cultural activity.

The report is based on a survey of 500 people, which included school and college students, professionals across sectors, homemakers and senior citizens. The first initiative of its kind in the cultural space, the report shares valuable insights into the behaviour and expectations of Indian audiences engaging with a broad range of cultural activities. As part of MAP's mission to foster meaningful connections between communities and the cultural sector globally, which includes its innovative digital programme Museums Without Borders, the report shares a wealth of insights that can help museums across the country understand their audiences better. As much as 60.6 per cent said Indian museums are not experimental enough, and can do more to create engaging content that is also relevant to surrounding communities.As much as 60.6 per cent said Indian museums are not experimental enough, and can do more to create engaging content that is also relevant to surrounding communities.

Keep Reading Show less
Photo by alexey turenkov on Unsplash

What is the best way to save Goa from deforestation?

What is the best way to save Goa from deforestation?

Drinking feni, may well be the answer, says the secretary of the Goa Cashew Feni Distillers and Bottlers Association Hansel Vaz, who on Thursday said, that sipping the state's unique alcoholic drink and making it popular would directly aid the greening of Goa's hills and other barren landscapes.

"To get more cashews, we need to plant more trees. I always say, by drinking feni you will save Goa, because we will be planting more cashew trees and we will have greener hills. The beauty of cashew is you do not need fertile land. You can grow it on a hill which can provide no nutrition. We will be able to grow more trees, if we can sell feni properly," Vaz said. Vaz's comments come at a time when the hillsides of the coastal state have witnessed significant deforestation for real estate development and for infrastructure projects. Feni is manufactured by fermenting and double distilling juice from the cashew apple.

2 glasses of a white drink Best way to keep Goa green is to grab yourself a glass of feni. | IANS

Keep reading... Show less