Category Archives: Security Misc

Facebooks fall from grace…..its just the beginning

This week I finally felt jubilation due to the Facebook story. Not that I want to celebrate in anyones down fall that is not it all but for years I have been telling people the dangers of using this service. Many laughed and poked fun at me and even told me I watched too many James Bond movies.

Well, I think what is really scary is that this incident only skims the surface to the true problem. What are all these social media and cloud services companies doing with our data? Even all telecom providers collect all your internet access traffic and sell this for money. Yes my friends we are fully monitored welcome to 1984.

I hope this serves as a wake up call to users globally you really need to think about what a “free” service is really about. The “free” aspect is your data, companies have to make money and you better determine what you are giving up before you jump in. Start with their privacy policy and then look at the data they are collecting or possibly collection. For example, pictures, conversations, even your mood that day, everything is up for grabs. If this information was leaked would it cause any damage to you or those close to you.

It is also refreshing to see so many people wake up to the fact that their privacy matters. And it does! In many ISO meetings, we constantly have members saying individuals don’t care about their privacy anymore. I have been arguing the opposite position. Many users just don’t understand the implications of the data being captured, analyzed and sold. Now they do…..or at least they are waking up to it.

Now the next issue that is bound to be exposed is Google and all the data they collect on school kids. As many school boards use Google due to operational cost and most kids use this platform for email and all documents, who is buying this access and usage data? These are the questions we need to be asking as parents, educators and regulators. This will be next data breach we find ourselves involved in.


Maker Faire Kathmandu


I just returned from Kathmandu after a great weekend presenting our Hive Sense project. If you don’t know about Hive Sense it is a project we started under Random Hacks of Kindness (RHoK) Ottawa to help Algonquin College monitor some bee hives. The goal is better understand bee behaviour and find out why bees are dying while teaching students about where food comes from and our impact on our food chain. We are in the process of helping get relocated hives under monitoring and will provide a link to this data in the coming months.

Our hope is to help better educate people on the importance to bees and the fact that without them we would not have any fruits or vegetables. Bees are responsible for one out of every three bites of food we consume and are an agricultural commodity that’s been valued at $15 billion annually in the U.S. alone. They are a major unpaid workforce with a huge work ethic — bees from one hive can collect pollen from up to 100,000 flowering plants in a single day and pollinate many of them while doing so. They are a critical part of our food chain and they are dying but most people appear to be not alarmed by this — but they should be! If the bees are dying from pesticide exposure or other environmental factors what impact is it having on us and our children? Cancer, DNA mutations, who knows? We need to collect the data to better understand the problem.


These are important questions that need to get answered but I am not a research scientist. I am technologist that can build solutions and so we are doing our part to help in both bee and agriculture research. Oh, did I mention this is an IoT solution.

As for the Maker Faire Kathmandu, it was great to see so many people out. While it rained buckets the first day and our booth got flooded – funny now but the thought of having my Mac book destroyed from a power surge was a bit overwhelming at the time. That said the interest in bees and bee life was awesome. It was also great to have my placard (see above photo) signed by so many people.

I hope to return some day to Nepal. The people are very friendly and love talking to you. I love all the temples around the city and was able to get a bird’s eye view of Mount Everest in all its towering majesty. (see below)



Cyber Canucks EP 6: Protecting your Kids Online

We hope you enjoy episode 6 in our series of podcasts on cybersecurity

Hosts: Cid Parato and Faud Khan

Topics of this episode:

– Evaluating Apps for your Kids – Discuss with your kids how they are going to use their devices and what kinds of apps they can install
– Watching what your kids are doing online –   How can you track what your kids are doing…there are apps out there and parental controls
–  Privacy for your kids –  How much privacy do you want to give your kids
–  Cyber Bullying – Discuss Cyber Bullying with your kids and educate them


For more details please follow us on Twitter @TwelveDotSec and if you have any questions or comments please reach out to us at

A big Thx goes out to Jack Wiles for sound editing.



Cyber Canucks EP 2: Selecting Mobile Apps for Your Company

We hope you enjoy episode 2 in our series of podcasts on cybersecurity.

Hosts: Cid Parato and Faud Khan

Topics of this episode:

– Where did the App come from – apps can be downloaded from the Apple app store, Google play or third party web sites.
– Who developed the App – Large to medium organizations tend to be safe but do some research on the app, history of the app and the developer
What personal data does the App use –  does it use company data? does it use a cloud service?
– Where is the App connecting to – most apps connect to various endpoints but who is on the other end? Is it safe?
– Is the App patched or up to date –  around security

For more details please follow us on Twitter @TwelveDotSec and if you have any questions or comments please reach out to us at

A big Thx goes out to Jack Wiles for sound editing.

SoundCloud Ultimate Error: The track you specified in the shortcode does not exist in your account.



My personal data is where?

Piggybacking on my last post ( )  we were concerned with the security of your data in the cloud…well now you need to be even more concerned.

Your child wants to be just like mom or dad and you buy them a toy tablet that even has an app that allows them to share their photos with their friends…they love it. Yes! So do the hackers that just found all your child’s photos and information ( the names, email addresses, passwords, and home addresses of 4,833,678 parents, and the first names, genders and birthdays of more than 200,000 kids ) Excuse me? Yes! that is correct.

News Story

Better yet all of  your child’s information is being stored in some far off country that has different laws than you are accustomed to or expect. In a recent vulnerability assessment that TwelveDot completed we found that a large well known provider of information services hosts their data centres in Asia. Most people incorrectly assume their social networking information is stored close by safe and secure within the confines of their country.

Parents need to be more vigilant when sharing information with others. Who are you sharing it with? What information are you sharing? I am sure that most of you have seen the family stickers or stick figure characters on the back window of minivans and other vehicles. I recently received a customized gift in the form of a coloured family sticker for my minivan. Each figure clearly demonstrates the specific trait associated with each family member. I accepted the gift but informed the person that I would not be putting it on my minivan…huh?

I see your stick figure family…I know that dad works in construction or enjoys building. I know that mom works in an office. I know that little Jimmy has dark hair and likes to play hockey and little Cindy has blond hair and likes dance and that you have a cat not a dog and that was simply because I was behind you at the stoplight.

Start thinking about how much you want to expose yourself and your family when using products that collect data. Start to question the product company and get to know what their security and privacy policies including where your data is physically located. You may also ask who do they provide their data too as many cloud service providers sell their data as source of revenue.


Securing your device from Malware

Android and iOS devices both attempt to secure their OS from Malware and other vulnerabilities. They implement a myriad of security features in each new release, but that is just not good enough. Users still need to be vigilant and keep an eye on things.
You may not be able to adhere to everything but here is a list of things you can do to secure your device.


1. Don’t download apps from 3rd party sites

Avoid installing Android Package Files ( .apk’s) directly to your device. “Sideloading”, as it is called, installs apps not from Google Play but from 3rd party sites. The app may look exactly the same as it does from Google but may be repackaged to include malware. The signs of compromises are difficult for many users to identify, so don’t take the chance.


2. Don’t grant administrator access or extra permissions

Many apps ask for permissions to your device that they really don’t need. Before installing an app find out what permissions are required and if you don’t feel comfortable don’t install it. Is that app absolutely necessary? If you are seeing lots of adware then its probably too late but you still have the option of uninstalling the app.


3. Install a security application

Free security apps like Lookout do a decent job of scanning your device for malware, viruses and spyware. The security app will find the apps that are causing you problems and incorporates a malicious website blocker. If possible implement a security app but make sure you do your due diligence on the security app. Check the reviews to see what others are saying about the app.


4. Keep up-to-date on OS and app updates

This is a simple step but it keeps your operating system and apps up-to-date. These updates are often patches for security leaks and known or new found vulnerabilities. You can close the door on thieves but the door needs to be locked as well.


5. Disable cookies and Javascript

This is a tough one. Many apps use cookies and javascript to run. The issue here is that the majority of the apps that use cookies and javascript also incorporate analytic engines. Analytic engines will process your personal data and send it back to a corporate server. This data is even compiled offline and then sent when you are back online. Google’s policy is to retain your data for 25 months at a minimum and longer if possible…


6. Don’t jailbreak or root your device

Many users do not know what is done to the Operating System during either a jailbreak or the rooting of a device. Once completed it becomes easier to compromise a device as many users do not have the technical savvy to be able to harden a device in this state. Your dervice becomes more open to drive-by hackings especially if your using public Wi-Fi and no, you will not get a notification that your device has been compromised.


Some of these may be tough to swallow but compare that to your personal data or your banking information being freely available to the highest bidder. Keep in mind many criminal organizations are targeting individual mobile devices as they are not securely configured. Mobile has become the low hanging fruit for identity and data thieves, don’t make it easy.


I think I need to move to California

I have to say I don’t know what it is but every time I visit either the Valley or LA, I seem to get this jolt of inspiration and energy. It could be the sun or maybe the surf or just maybe all the great folks I get to hang out with.

BTW If you ever have the chance to hang out with Malaysians do! They are such a heart warming people who just seem to love life. They are smart and like to talk about all kinds of stuff {sports, politics, tech, and food especially} and most of all they like to laugh!!


Why did I uninstall Adobe Flash this weekend from every device I own? I don’t wanted to be Owned, nor do I want to take a chance of possibly exposing our confidential data. Don’t believe me — search the number of 0-days announced last week for Flash. If your still comfortable using this for animation consider that you might not be the master of your own laptop domain anymore.


Why have we turned our back on our privacy?

Today at the “Beyond Mobile” session hosted by Rogers and bv02 a question was asked about privacy. Rob Woodbridge indicated that “privacy is dead….but he hoped it was not this way.” This got me thinking why are we throwing away our privacy?

My first thought was….is this the beginning of 1984 and we have been lured into the digital crack of tech giants? They got us hooked on their tech and now we are their zombies to do as they please? As I talk to more companies about their mobile and IoT security strategies it is becoming clear that privacy is not something discussed at least not openly.

Many companies are very closed off to what they need to collect, keep and store from a user when using mobile. Most developers just opt to keep everything just incase or until the breach happens. Remember, if the feds supena the developer they have to hand over the data!

Users and companies alike need to start asking developers some honest and tough questions such as:

1. Why do you need to collect this information?
2. Do you sell my data and if so to who?
3. How is this information shared with government and law enforcement? Are you willing to publish a transparency report on these activities?
4. Can I request my information be removed/deleted when I leave the service?
5. How long do you store this data?

While not perfect you need to send the message to mobile developers that you “own” your data not them. If their usage policy indicates otherwise then you have been warned. There are option you just need to make the one that aligns to your values.


Foreign Markets for CyberSecurity

This month’s ITAC newsletter outlines our company’s joint trade mission, along with
DFATD (Department of Foreign Affairs, Trade and Development) and ITAC to Dubai.
Dubai is a growth area in many sectors, with a large emphasis on cybersecurity.
Private companies, government, and individuals take the cyber security threats seriously
and go to great measures to secure their property. Smaller companies should realign their
focus to include global markets. TwelveDot was lucky to be invited and take advantage of
this great networking opportunity.