November 14, 2023
In this Episode:
Marcel Brown: November 14, 1971. NASA’s Mariner 9 reaches the planet Mars and becomes the first man-made object to orbit another planet.
Edwin Kwan: Signal has started testing the use of account usernames to allow users to keep their phone numbers private. Users would be able to turn off phone number discovery in their privacy settings and only allow the username to be the primary way others can contact them.
Hillary Coover: Could deception technology be the ultimate strategy for staying ahead of cyber threats? A CSO opinion piece is quickly circulating and predicts that a convergence of IT and cybersecurity trends will make deception technology more accessible by the end of 2025.
Ian Garrett: The cybersecurity domain is experiencing a significant paradigm shift. Traditional perimeter defenses like firewalls are making way for a more identity-centric approach. As we move forward, identity will no longer be a siloed discipline, but an integrated, interconnected aspect of cybersecurity infrastructure.
The Stories Behind the Cybersecurity Headlines
Signal Testing Use of Usernames to Keep Phone Number Private
This is Edwin Kwan from Sydney, Australia.
Currently, a mobile number is required when registering for an account on Signal, and that number is what other users use to connect and reach out to you. For those wanting additional privacy, there wasn’t any way around this, apart from getting a burner phone and using that number to register for an account.
Signal has recently started testing the use of usernames. A phone number is still required for registering an account. However, users would be able to turn off phone number discovery in their privacy settings and only allow the username to be the primary way others can contact them.
The usernames are paired with a set of digits and aren’t shared on their profile. Each username has a unique QR code and link for easy sharing with friends. The username functionality is only available in their staging environment, which is a completely different environment to their production systems.
Users wishing to try this functionality out will need to install and run a new build, and register for a new account with a phone number. People wishing to contact them will also need to be registered in their staging environment.
Signal first indicated the development of usernames about a year ago, allowing users to use the encrypted messaging service without disclosing their phone number.
– Bleeping Computer: https://www.bleepingcomputer.com/news/software/signal-tests-usernames-that-keep-your-phone-number-private/
Decoding Tomorrow’s Defense: The Rise of Deception Technology in Cybersecurity Strategies
Could deception technology be the ultimate strategy for staying ahead of cyber threats? A CSO opinion piece is quickly circulating and predicts that a convergence of IT and cybersecurity trends will make deception technology more accessible by the end of 2025.
Hi, this is Hillary Coover in Washington, DC.
Several trends contribute to this predicted shift:
-First, the deployment of security data lakes by enterprises using platforms like AWS, Google, IBM, and Snowflake, will enable deception technologies to continuously analyze vast amounts of data to discern normal and anomalous behavior, serving as a foundation for deception models.
– Second, the prevalence of cloud computing will necessitate significant resources for on-demand processing and storage, leading to the likely delivery of deception technologies as Software-as-a-Service or cloud-based services integrated with existing security operations technologies.
– Third, the increasing connectivity through application programming interface, or API, integration will enable deception technology to seamlessly interface with other systems, which will then allow deception systems to gain a comprehensive view of an organization’s hybrid IT applications and infrastructure.
-And last, but certainly not least, the integration of generative artificial intelligence, relying on large language models, will empower deception technology to generate authentic-looking decoys, lures, synthetic network traffic, and breadcrumbs in large volumes.
These deception elements can be strategically and automatically deployed across a hybrid network. As we navigate the ever-evolving landscape of cybersecurity, deception technology emerges as a potent force, reshaping defense strategies. With its ability to confound and outsmart cyber threat actors, the predicted increase in accessibility of deception technology is very promising.
Identity-based Security is the New Perimeter
The cybersecurity domain is experiencing a significant paradigm shift. Traditional perimeter defenses like firewalls are making way for a more identity-centric approach. This shift is largely due to the rising popularity of the zero-trust model, which fundamentally alters how organizations view security.
Hey folks, this is Ian Garrett in Arlington, Virginia.
Research by Okta revealed that 61% of surveyed IT and security decision makers now have a zero-trust initiative, with identity being a critical component. In fact, 51% of respondents in 2023 considered identity controls as extremely important, a marked increase from 27% in 2022.
However, implementing an identity-first strategy is not without its challenges. Reports indicate that many organizations struggle with comprehensive multi-factor authentication, and lack visibility into non-human identities, crucial for preventing real-time misuse of service accounts. Despite the urgency, only 20% of organizations feel highly confident in their ability to thwart identity threats, a worrying statistic given that 83% have experienced breaches involving compromised credentials.
The Identity-first security model centers on knowing the identities of all entities, human or non-human, that interact with the enterprise’s network. It’s a foundational element of zero-trust, advocating for no trust until an entity can authenticate its identity and access rights. Interestingly, research from Everest Group shows that 65% of clients prefer an identity-based, zero-trust implementation.
Identity is rapidly becoming the first line of defense in cybersecurity. It requires a synthesis of policies, practices, and technology, aiming for consistency, context awareness, and continuous application across the IT environment. As we move forward, identity will no longer be a siloed discipline, but an integrated, interconnected aspect of cybersecurity infrastructure.
This Day, November 14, in Tech History
November 14, 1971. NASA’s Mariner 9 reaches the planet Mars and becomes the first man-made object to orbit another planet. Mariner 8 was scheduled to be the first, however, due to launch problems, it failed to make it out of Earth’s atmosphere. The Soviet Mars 2 and Mars 3 space probes reached the planet on November 27th and December 2nd, respectively. Mariner 9 completed its mission of photographing the surface of Mars, transmitting 7,329 images covering 100 percent of the planet’s surface. While out of fuel, Mariner 9 continued to orbit Mars. It was estimated that Mariner 9 would stay in orbit approximately 50 years. This would put the date of re-entry and crash into the Martian surface around the year 2022. It is currently not verified if Mariner 9 has done so. However, in the year 2023, it is estimated that it is already likely crashed.
November 14th, 1997. One week after reports surfaced identifying a flaw in certain Pentium processors, Intel releases a software workaround for operating systems to avoid the commonly named “F0 bug,” or also known as the “F00F bug.” A very specific invalid operation passed to the affected processors would cause the processor to lock up, causing the computer and any software running on it to freeze Identified by Intel as the “Invalid Operand with Locked Compare Exchange 8Byte (CMPXCHG8B) Instruction erratum,” the flaw, while potentially a serious problem, was practically little more than a PR headache as the invalid operation that triggered the processor to lock up was never encountered in real-world operations. Additionally, the F0 bug only affected the older Pentium processors, not the Pentium 2 and Pentium Pro processors Intel was currently shipping at the time. However, the workaround was necessary as malicious software could have exploited the flaw and caused serious problems for PCs and servers using the affected processors.
November 14, 2006. Knock, knock. Who’s there? Microsoft Zune. Microsoft Zune who? Exactly. Microsoft releases their Zune media player, intended to compete with Apple’s iPod. Hailed by some as an iPod killer, the only killing done was by Microsoft less than five years later when they ended production of the Zune brand. Otherwise known as simply another media player to fall to the iPod behemoth, the Zune is considered a spectacular failure when taken into account the weight of the Microsoft brand at the time. The Zune’s lack of success foreshadowed the decline of Microsoft in the new world of technology, once Apple introduced the iPhone and iPad, effectively ending the PC era.
That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.