Artificial Intelligence has been the inspiration for many works of fiction all throughout the ages, sometimes as a helping hand or overlord of a dystopian nightmare. Recently though, AI has become a real thing. There is great potential for it to help humanity greatly. But what is Artificial Intelligence anyways? And is it too risky to use?
Artificial Intelligence works by feeding sets of data into an algorithm. After a round of processing data, the algorithm checks its performance. It learns what is the best method to complete a goal set by the programmers from its experience. Data could be every possible scenario for a game of checkers, or it could be images of bread. The AI eventually figures out the worst moves in chess, and the precise differences between images of white and brown bread. The machine learning process of AI can be very resource intensive and it is important to have the right hardware. Lots of RAM, CPU, and GPU are necessary. Thousands of scenarios and equations could be running in just seconds!
In 1956, Allen Newell, Cliff Shaw, and Herbert Simon managed to create an artificial intelligence program called Logic Theorist. Many consider Logic Theorist the first AI. It was designed to mimic human problem-solving skills and could solve symbolic logic equations. Logic Theorist inspired AI research to come.
Machine learning can solve many issues for us. In a short amount of time, an AI can learn how to identify and differentiate similar objects. It can see very subtle differences and patterns much better than humans can. For example, AI’s have been taught to recognize emotional tone in speech, cancer cells vs healthy cells, and human faces from all angles. Some AI can also suggest the best possible outcomes to scenarios and calculate future financial expenses. Imagine all of the great things that this could be put to use for.
Ignoring people who worry about AI’s developing emotions or becoming the next Skynet, there are many valid concerns about the implementation of AI in critical situations. What would happen if a constantly learning AI that holds serious power finds an unorthodox solution to a problem? It solves the problem alright, but it causes larger issues. It can be difficult to shape an AI to solve complicated issues exactly how we want it to. They can be unpredictable. And what if it is fed questionable statistics and develops a bias? Black New Yorkers get stopped by police twice as often as white people. An AI could associate race with crime. For now, putting moral tasks in the hand of AI is too risky.
But even in simple ways, AI’s prove to be beneficial. Consider advanced AI flawlessly diagnosing patients, prescribing exactly the right medicine. AI-aided trafficlights, learning the patterns of traffic, viewing the road, and reacting accordingly so no car has to wait longer than it needs to. We have a long way to go, but in the end, AI can benefit us a lot.

RESOURCES vvv

Continue reading →

CapCut is a simple mobile video editing application intended mostly for short-form content. It has the basic functions of most video editing apps, such as cutting and color grading, with extra features such as filters and stickers. Its user base consists of people making videos casually. It is well-liked by teens and older kids due to how simple it is to use. With fun filters, free-to-use music, and more included in the application, it is made with creating sharable content in mind. With over 250 million downloads, CapCut is considered one of the most popular video editing applications.
CapCut is free to use and does not display any advertisements. Its existence is advertising in itself, as its revenue comes from partnerships and licensing deals with other companies. They pay for their music and other features to be available in the app.
One thing to take note of is that CapCut is a simple mobile app and it is not meant for large projects. Even something over two minutes can make the app lag on some phones and export times can skyrocket. It is a good idea to keep it simple by dividing projects into parts that you can connect together again, or choosing a hardier desktop application.

Amazon Kindle is a mainly mobile application where you can purchase, download, and read ebooks and listen to audiobooks as well. (Not to be mixed up with Amazon’s tablet device under the same name!) You can grow your own digital library of free or paid books. You also have the ability to highlight, bookmark, and write notes about the text and images, among many others features. Anyone who can select a book and tap to turn a page can enjoy this application as Amazon’s almost endless selection of ebooks make finding something anyone could enjoy easy.
Its revenue comes from sharing the income of the authors who give their ebooks to Amazon to be read. Depending on the price of the book, Amazon can claim around 70 to 30 percent of the revenue. It is essentially a publishing company for digital media. It also earns money from being paid to promote certain books.
Something very good to know is that you can also install the Amazon Kindle Reader on up to 6 devices under the same account, even on computers! This allows you to access your books on all of them.

Resources VVV

Continue reading →

Google Docs is a web-based (cloud) application accessible to everyone. You can write, edit, and save documents all in your browser, with most features still functional without an internet connection. If this were a standalone application disconnected from the cloud, you wouldn’t get as many perks based on a connection to Google’s other cloud services, namely Google Drive which lets you save your files on the cloud. Otherwise, it’s just your standard document creation and editing tool.
Although Google could see everything I write, I don’t have concerns for my privacy and safety while using it. Google is a trusted company and I do not think that they have had any privacy-related concerns or issues before in relation to their cloud apps. According to them, our files are encrypted as well and stored in secure data centers.

BlueStacks is a computer app that emulates a phone so that you can download almost any mobile app and game and run it through the emulator on your computer. The biggest advantage to having it run using a distributed network is that your downloaded applications are stored in the cloud. They can take up a lot of space on your computer so it’s very nice to be able to download so many without having them downloaded onto your device. I have so many apps taking up space on my computer as is, I appreciate not having so many applications on my hard drive.
I used it a couple of times to access the mobile version of Instagram and it makes me wonder a little if it could see what I do and like and keep my data. I have a larger concern, though. They state that they don’t take any user data besides device-specific data like ‘hardware model, operating system version, unique device identifiers and mobile network information including phone number.’ I impulse-downloaded BlueStacks a couple of years ago to get a specific game, and I don’t like the sound of ‘unique device identifiers and mobile network information including phone number.’ I don’t see how they would get those off my laptop, and it’s most likely benign, but I don’t feel that comfortable with it. I honestly wish I had read more before installing it.

resources vvv

Continue reading →

One of the most notorious computer viruses in internet history was the ILOVEYOU worm. It initially struck in the early 2000s, causing billions in damage. It left a massive impact on society at large that still remains today. The ILOVEYOU virus tends to be the virus that pops into many people’s minds first when somebody asks them for an example of a computer virus. It utilizes some of the oldest tricks in the book, and some of the simplest, inspiring many copycats and spinoffs used today.
A victim of ILOVEYOU will receive an email from typically someone they know, an infected individual. The title of the email would be ILOVEYOU and the attachment appears as LOVE-LETTER-FOR-YOU.TXT. The .txt file extension was in fact a decoy, as the edition of Windows at the time did not display the extensions by default. It was actually a Visual Basic script file (.vbs) that when opened, orders the computer to execute many different tasks such as randomly deleting files and stealing information such as passwords. Images, documents, and other types of files were completely deleted from the computer. The virus would then open your email account and send itself to every person in your contacts list in the same fashion mentioned before. That is how the virus spread so fast and so efficiently. It went from one person’s contacts to the contacts’ contacts to all those contacts’ contacts, and so forth. It infected ten million windows computers during the initial outbreak. Considering how personal computers weren’t as common back then, those numbers are incredible.
The author of the virus, Onel de Guzman from Manila, Philippines, claims that he initially created the virus to steal internet access passwords to use the internet without paying. He sent the virus to people in Pinoy chatrooms and didn’t expect it to spread as wide as it did. He stated that he regretted producing the virus and didn’t know that it would cause massive worldwide damage. Guzman was arrested after being identified as the creator of the virus, but as there were no laws in place for cyber crimes, he was freed without charge.
The ILOVEYOU virus prompted mass media coverage of the threat and inspired many to take cyber security seriously. Nowadays, internet users are reminded not to open sketchy files, to be careful with emails, and to always make sure they know who and why someone is sending them something. Even so, email attacks are one of the most common ways to steal data and inconvenience people online. In May of 2020, the ILOVEYOU virus resurfaced and swiftly infected 5 million modern Windows computers! As cybersecurity experts in the past have said, it is imperative to STOP before you open an email or its attachment. Who sent it to you, and why did they do it? Is anything about the email sketchy? Are they asking you to do something weird? Be careful with what’s sent to you to avoid being victimized the same way.

Resources VV

Continue reading →

I am the IT supervisor of a small-to-medium-sized corporation, a gourmet food retailer with three stores, and an online e-commerce marketplace. We sell approximately $1 million in goods each year. We have more than 35,000 customers, 100 retail employees, and 35 corporate employees. At this scale, good security is imperative as so much is at stake.
I am the IT supervisor, and I have been tasked with managing cyber threats for my organization. I have researched our systems and the threats that put us at risk specifically.

The world of cyber threats is evolving. It has been a while since we have updated our security. Here is a list of 5 potential threats to our organizations that I am particularly concerned about, updated for the Summer of 2022.

*Acquiring Viruses via E-Mail
This is a very broad category, and every office knows to be careful with emails nowadays, but it is still relevant. Email phishing is one of the easiest methods for viruses to make their way into corporate computers, and the results can be disastrous.
Unfortunately for hackers, you can’t get a virus simply by opening an email anymore. However, viruses can be acquired simply by clicking a malicious link or opening an attachment. It is a simple but reliable method to secretly install malware on a computer. It would be so easy for someone to claim they purchased from us and require help, and attach a ‘reciept’ that covertly downloads a virus when accessed.
Another weakness is when our corporate email accounts get taken over. A third party using one of our corporate email accounts could easily send viruses to other emails and customers through the methods above and even infect them as well. Automated email takeovers such as these have caused massive damage to corporations in the past and even the entire web.

*Phishing Customers
This connects to the concerns about email security listed above, however with the focus on our customers.
Since the start of the company, we’ve always used Gmail email accounts with a very simple branding layout. The issue is that we haven’t bothered to get our own email domain. Apart from our own emails appearing sketchy, it would be so easy for sketchy individuals to create a basic Gmail account and mimic our formatting to phish our customers for info. They will pretend to be an employee and request customers of ours to give them sensitive data or get them to download malware.
This will damage our reputation and credibility as well as hurt our customers.

*DNS Hijacking
Domain Name System hijacking has recently become a more prevalent method of stealing data and causing inconvenience.
DNS hijacking is a blanket term, there being many different types all having to do with weaknesses in the Domain Name System. Some are more elaborate and damaging than others. They can have to do with malware or people accessing accounts and changing our domain settings [local DNS hijacking], DNS router hijacking [DNS routers tend to have weak passwords], or man-in-the-middle DNS hijacks.
In man-in-the-middle hijacks, attackers insert themselves inside the communication channel between a user and the DNS server. There, they can eavesdrop, alter messages, and redirect individuals to spoof websites to phish them.
Our DNS should be carefully monitored and protected, as a great deal of damage can be done when a third party tampers with it for their benefit.

*Account hacking
Brute force attacks target our online store’s admin panel, guessing our password by brute force. An algorithm will try to use every single password combination possible to get in. It is simple, slow, and honestly inefficient, but eventually, once someone gets in, they can do a lot of damage. They can lock us out of our own account by changing the password and username. Then, they can do anything they want with our store, like steal data and money from customers.

*Domain Name Spoofing
Our online e-commerce market has a considerable amount of traffic. We have over 35,000 customers. This is large enough for cybercriminals to try and spoof our domain name. They will create a site with a domain name as close to ours as possible so customers may accidentally end up there. On this mock website, they could be scammed or have viruses downloaded onto their computers instantaneously. It is troublesome and puts a lot of people at risk.

Many of our policies and systems are at risk or could put our organization at risk. Some of these are unavoidable, but it is good to examine the vulnerabilities in the functions we have in place. Here are five exploitable facets of our system.

*Emails
We rely heavily on email systems to communicate amongst ourselves and our customers. These emails and email addresses are weakly branded and hard to verify, leaving both employees and clients liable to email phishing attacks. Just a click on a malicious attachment or link could let malware into our system or the devices of our customers.
Email attacks are one of the number one methods to scam and phish online. We need to have our guard up.

*Digital Payment Methods
Our online marketplace allows shoppers to purchase goods using cards or an application like PayPal. This opens up so many levels of risk, opening opportunities for everything from spoof sites to DMS attacks to directly take cash from customers thinking they’re paying us. If someone took control of our account, they could funnel the money to themselves instead of us and perhaps even charge more, stealing extra money with the payment info gained. A man-in-the-middle could redirect users to a fake payment page mimicking ours.

*Personal computers for work
Employees are permitted to use their own personal computers and laptops to do work, such as from home, or on the go; or they can even bring them to the office if they so choose. But as it’s a personal computer, they’re also doing everything else one does on a personal computer outside of work. Opening emails, downloading things, using social media, and surfing the web. If they were to get a virus they would be letting a third party not only access all of their data but ours as well.

*In-store Wifi
Our three stores have publically usable wifi. If we don’t have the proper security steps taken, a hacker could infect the network, gaining access to every device on it. They could install malware, wreck customers’ devices, and enter the devices of the employees working at our store. It could possibly lead back to the company itself.
Rightfully so, we can face legal action against us if shabby network security leads to the infection and possible destruction of many customer devices.

*Our Office System
All of our office computers are on a shared network and they are all the same model and version. Each computer has the same liabilities, so a virus that can easily infect one can easily infect the rest. The shared network also poses a risk as all computers are essentially connected. If the wifi network gets hacked and infected it will spread to each computer in a flash.

To protect our data and the data of our clients, I have a few proposals to tweak our procedures and safeguard our technology. These five suggestions will not only reduce the risk of attacks succeeding but will also help to control the damage if an attack is successful.

*Cybersecurity Plan
We have no plan for what would happen in any one of the situations I have brought up. No plan means no preparations. We need to be ready to negate damage and fix things quickly, instead of flailing around and figuring out solutions on the spot. We need to know what to do in the occurrence of an attack.
A simple step plan could work. For example; if someone’s computer gets infected, all other office computers are to be powered off, and our internet connection is disconnected to stop the spread. Until the threat is recognized and dealt with, they will remain off. After that, all computers are to be scanned for the virus, and for a period of time after the attack, our network firewall would be stricter and more cautious than usual.

*Encrypt Data
We MUST begin to encrypt ALL important data. Businesses are expected to encrypt important data, and the law states that if we do not encrypt our data and the data gets out, we are liable to be sued for our poor security policy. If someone got into our system, our data is practically fresh for the taking, if they are not encrypted. This is an essential security step. Someone could hack into our systems and get to our data, but not be able to use any of it, since they cannot decrypt it.

*Make Our Emails More Verifiable
We need our own custom email domain. It’s too easy to mimic our email naming system. Instead of having the employeenamecompanyname@gmail.com system we currently have, it should be firstnamelastname@companyname.co. This way, customers and workers can verify that this is most likely a real employee, and not just some random email on a first name last name basis.
Alongside that, we should ‘complicate’ our branding. Our emails should have a recognizable footer and structuring that isn’t easy to mimic. It would be saved in our email settings so that every email sent is formatted in that way. This will discourage phishers and make it more complicated for them.

*Get a Better Antivirus
We must have quality and up-to-date antiviruses on our computers, even if it means we subscribe and pay monthly for one. The top antiviruses have options specialized for offices like ours. They have better, more up-to-date, and more often updated knowledge of the computer viruses that exist. They can do much more than the freebies we utilize currently, such as searching links and email attachments for viruses or sketchy behavior.

*Work Computers are for WORK ONLY
Some employees use the office computers as personal devices during breaks. They browse social media and download recreational applications such as video games. If they click a bad link or a bad file and get a virus, it could put all of the other computers at risk, and ultimately our company and customer data.
As cold as it seems, we should prohibit casual use of our office computers. It is better to be safe than sorry.

Resources VV

Continue reading →