Ask Me Anything with Ax Sharma, Security Researcher and Noonies nominee

Hi!
How IoT can be used to enchance security?

Hi!
What is the maximum percentage of privacy society can afford in digitized space?

Is it ethical to hack an actor, who has the opposite perspective to yours? For example, hacking extremists ?

Hi, thank you for your time!
What is the most secure social network to use and why?

If you could fix one thing in the Internet, what would it be?

2 Likes

What episode of Black Mirror represents the privacy issues in the Internet the best?

1 Like

How to stay secure while using video conferencing tools to work remotely?
Thanks!

How to become self-educated on digital security? Any resources you can recomend?
Thanks!

Hi!
What’s your opinion on WikiLeaks?

Hi there!
How has technology changed privacy norms and foundations?

1 Like

@lewis I think in 2 ways, at least. The contact tracing apps being developed that tradeoff privacy for data (for the greater good). Adversaries profiting off of technologically unsavvy users by phishing scams.

hey @ax, thanks for taking the time. if you could change one thing about how the internet works for everyone, what would it be?

Thanks for the question @dora !
This would have to be a longer answer as governments tend to be huge with many departments and offices.
The greatest danger, therefore, varies - from identity theft occurring at a local drivers’ licensing office, because of phishing; to election fraud at multiple counties/jurisdictions.

Technological solutions and security controls in a workplace are a must, but most attacks succeed due to some form of human error, therefore cybersecurity trainings (which are fun and not preachy/boring lectures; I know there’s Curricula, Ninjio, etc. who provide these in an interactive format…) for your employees are recommended.

Note: I’m not getting any commissions or favors by mentioning Curricula or Ninjio.

1 Like

@ryan_coder thanks for attending the AMA!
We’ve done it at some point in lives (college! ;)) but it’s not recommended.
Legal implications aside (i.e. Netflix’s terms may not allow it), you don’t know how the other person will handle your username/password. Will they share this with another ‘close’ friend without you knowing it?
Where will they “store” it? A piece of paper, or, for example, in their email account which has a really weak password? The attack surface simply expands.

This becomes especially problematic if you were using the same password for multiple websites (which many users do). Now if your Netflix/iTunes password leaks out (or your friend became an enemy all of a sudden), other accounts are at risk too. Who else (a stranger, a nation-state actor, a darkweb hacker?) will be able to get into your accounts on your behalf? …

Great question @tribe!
In investigative journalism, there’s an expectation to put your own biases aside and report from a neutral viewpoint. I’ve reported on cybercrime/hacks before and constantly juggled between the security professional in me (for example, in the case of ZEE5, why didn’t they notify users about the breach?), and a reporter who just has to cover the facts without personal comments or biases.

This one’s tough sometimes, and if there are clear conflicts of interest, it’s probably best to let someone else cover the story.

Hey Ax,

Thank you for doing this.

I want to ask you what prevents you from ditching the White Hat and donning the Black Hat?

Thanks for the question, @Hackerhodl
Putting aside ethics and the ability to sleep peacefully at night we take for granted, it’s to do with the tradeoff.

You can help people with your skills, earn a positive reputation and even start making money legitimately, or you can constantly live on the edge of the law, in fear, and being hated for it (well, it depends, but unless your Black Hat activities are ‘activism’ related you’d likely get hated by the honest folks). Good luck withdrawing the million-dollar ransom you received in bitcoins though…

I think @app-builder, technology has left us all feeling a little ‘confused.’

Social media platforms like Twitter, Facebook, TikTok encourage everyone to put yourselves out there, interact with the world - which is contrary to the expectation of privacy we assume is our fundamental right.

Data breaches, while they make headlines, come second in this discussion.

Think of what you’re telling the world. If a stranger told you, “You’ve been to Hawaii for your 21nd birthday,” most people would be scared and shocked and call the stranger, a “stalker” but they hadn’t thought of this possibility arising one day when they were making Instagram posts visible to the world.

To answer your question, technology has taken privacy away from us because… we let it, but tech. companies will keep telling us how we can be in control of our privacy and security by using their products. You be the judge of how to interpret that.

@grennan-hack love this one. Let’s start with Nosedive? :wink:

@Grace_McKenzie When it comes to materials, the internet is full of them: free courses on Cybrary and YouTube, there’s also cost-effective platforms like Udemy, Pluralsight, Coursera for courses.

But I think to get into digital security it’s the mindset that is a must: that curious need to know what is behind everything and how can it be exploited - not just websites and cybersystems, but your light bulb (yes, lightbulbs have been ‘exploited’ recently for eavesdropping). Skills can be picked up by self-learning, hands-on training, or on the job, but having an inquisitive mindset is something one shouldn’t underestimate.

Feel free to look up one of my popular articles, “How to start a career in cybersecurity? And how to become an expert?”

Hope it helps.

1 Like