Validate your problems, startup ideas to create products which people want

Removing YouTube scam comments #cybersecurity #youtube

Mon, 21 Nov 2022 13:55:00 +0000

If you use YouTube, It's not easy to miss a scammer in the comments in the videos of channels with high subscriber count.

The typical scam is to masquerade as the channel owner and enticing the unsuspecting users to engage with them for a prize to siphon money or steal their identity.

Several YouTubers have resorted to pin a comment on their videos mentioning about the scam and some have even gone to the lengths of engaging with the scammers themselves to educate their audience.

Given the scale of the scam and risk of legal issues/reputation loss to the YouTuber there seems to be a need-gap to address the YouTube comments scam as YouTube seems have waved their hands off this.

3 points posted by Abishek Muthian

Secure sharing of home WiFi #cybersecurity #Internet

Sat, 08 Oct 2022 06:19:00 +0000

We can rarely say NO to the house guest who asks for our WiFi access password. But sharing WiFi access means opening our network to a random device.

With many professionals working from home, Opening access to the network used by the work computers is a huge security risk /problems/107 even if they are connect to the office network via a VPN. Not to mention that even an average home user face wide range of threats on the Internet.

Although there ways to mitigate security risks when sharing WiFi to the house guest like using separate network running a VPN and using network level block lists; They are far beyond the technical capabilities of an average home user.

So, There's a need-gap for a solution which enables secure sharing of home WiFi to guests without technical overhead.
3 points posted by Abishek Muthian

Inclusive browser challenge #cybersecurity #captcha

Wed, 05 Oct 2022 13:40:00 +0000

You've seen your parents (or) grand parents struggle with captcha no matter how simple it might be for you. The struggle is more for those with visual and motor disabilities.

I'm currently building an web application which would be used by the elderly, Even simple math captcha here would cause very high friction. But simple captcha (or) not having captcha would make attacking my application easier. So, I have to resort to complex back-end security mechanisms to protect against attacks without a captcha.

This is a catch 22 which affects almost all web applications now, Most just choose to not serve the elderly and the disabled by using captcha. This is a large need-gap for an inclusive browser challenge.

3 points posted by Abishek Muthian

Automatic checking of downloaded file integrity #cybersecurity #hash

Mon, 28 Mar 2022 14:58:00 +0000

We are at higher risk of supply-chain attacks than ever before, A seemingly innocuous file we download from a trusted website could have been maliciously altered to compromise our systems by an attacker but the file integrity checking mechanisms are beyond the reach for an average Internet user.

Websites which care about the security of their users provide hash(MD5/SHA) or GPG signature file which can be used to verify the integrity of the file with a couple of commands, Although its straightforward for the power users it's not ideal for those who have never executed commands in the terminal/command prompt.

If the file verification can be automated at browser through standardized specification of hash signatures then end users need not verify the integrity of the files manually.

3 points posted by Abishek Muthian

Make clicking links safer #cybersecurity #privacy

Sat, 19 Jun 2021 13:59:00 +0000

My job involves clicking lot of links from unknown individuals, Which is the first no-no to prevent hacking and is being constantly advised everywhere.

I am constantly paranoid after clicking a link. May be cybersecurity experts have some ways for clicking links safely, But I am not one of them and I doubt whether the method they use would apply for people like me who get dozens of legitimate links over email and chat.

I feel since there's no easy way currently to safely click links, People just ignore the advise against clicking links and end-up getting hacked.

5 points posted by Miguel

Identity Theft #cybersecurity #cryptography

Fri, 04 Jun 2021 13:42:00 +0000

Getting our identity stolen online can have debilitating consequences, With many adopting to the online lifestyle of sharing unfettered access to their personal data it has become very easy for a cyber criminal to steal someone's identity.

Solutions to safe guard online identity hasn't caught up with the rate of identity theft. Scammers are even using stolen identity to run successful fraudulent indiegogo campaigns and the one who got their identity stolen have to face the brunt of it (Read pinned comment of that YT video).

Technically inclined have had cryptographic measures like PGP key to verify their identity. But a solution to verify identity should as easy as sharing personal data online, for it to see mass adoption.

3 points posted by Abishek Muthian

Secure transfer of encryption keys after death #cryptography #cybersecurity

Thu, 05 Sep 2019 16:25:00 +0000

The day before my surgery, which had high probability that I may not survive; I was setting up master key for my encryption keys, writing it to a physical file and handed it to my father telling him to hand it over to my company shareholders if the need arises and provided biometric access to my mother from my smartphone. Reason being, I was the single founder, executive of my startup, all the intangible assets was under my control and most of it encrypted as it should be.

So, incase of my demise I wanted my shareholders to have access to the data if they decide to run the company. Obviously I survived, but looking back at that day; I feel that if someone knew that they may die the next day they should probably do something better with their time than reminding their loved ones that they may die. Of-course, writing master key to a file is not great for security either.

For a non subjective example for this need gap, $145 million worth cryptocurrencies was locked after the CEO died and he was the only person with the passphrase for encryption.

5 points posted by Abishek Muthian

Monitoring Interweb for leaked data #monitor #cybersecurity

Fri, 26 Mar 2021 14:29:00 +0000

I have found some of my data on pastebin during a casual web search and had to take it down.

When our data is leaked on the Internet, by the time we come to know about it's often too late and it's usually already been shared widely on the Internet. So taking down the data becomes very hard or even impossible.

A service which monitors the Interweb, Dark web for our data and alert us in time would be invaluable for the victims of leaked data.

3 points posted by Alisa

Proving computer hack #proof #cybersecurity

Fri, 29 Jan 2021 14:01:00 +0000

If a computer is hacked and fake incriminating evidence is placed by the attacker; The victim is left to the mercy of the investigating agencies to uncover the truth and for vindication.

We need a way to prove that our computer was hacked beyond any reasonable doubt as an user without dependence on forensic experts.

Just like how tamper evident labels on physical products tell us if someone has tampered with that product, I would like something for computers which definitely tells that it has been tampered(hacked) with and which can be used in the court of law.

3 points posted by Lisbeth

Certifying home network's security to WFH #certification #cybersecurity

Tue, 07 Apr 2020 06:20:00 +0000

In my previous startup, the main constraint in letting the employees to work from home was their lack of operational security knowledge and poor network security of the home Internet network.

Operational security could be improved with proper training, provided an employee adheres to the best practices; but overhauling home networks for every employee for working from home is beyond most startups.

Of course VPN can help and is used by most organisations to strengthen the security of their network when accessed outside their office, but employees often connect directly to their home network also, thereby risking their devices and by extension their office network to a breach.

I see a need gap for a service which audits the security of the home network of an employee, certifies it to be fit for work depending upon the nature of sensitivity, regularly assess the state of security, updates the employer if there is any degradation of the security and perhaps even rent better home network equipments.

3 points posted by Abishek Muthian

USB Type-C CONDOM #USB #cybersecurity

Mon, 13 Jan 2020 13:52:00 +0000

Juice jacking is a type of cyber attack where data is stolen from the electronic devices via USB port when they are plugged in for charging. This has become so common that, Los Angeles' District Attorney's Office published an advisory to travelers about the potential dangers of public USB ports.

This works because data lines on the USB ports are not disabled during charging at the hardware level and often require the users to put their smartphones or other devices to charge only mode. Fortunately there are devices like USB CONDOM which disables the data lines during charging and prevents any form of data transfer thereby preventing juice jacking.

But since Type-C USB devices use the data lines to negotiate voltage with the source; USB CONDOM would limit its function and thereby making the devices charge slower. This is counter intuitive as, we would want the devices to charge faster at a public charging point and there is a need gap.

3 points posted by Abishek Muthian

Make TV dumb again #privacy #cybersecurity

Mon, 30 Dec 2019 13:03:00 +0000

The Operating Systems, Applications used by major Smart TV manufactures are found to be highly vulnerable to hacking. Also, updates for earlier Smart TV's isn't straightforward as many need to be flashed via SD card and which not many are going to do even if the manufacturer had updated their firmware to fix some vulnerabilities.

Smart TV manufacturer's themselves exploit the available capabilities to flash unremovable Ads and may even upload screenshots from your TV for automatic content recognition.

So, if Smart TV's are dangerous, annoying, why buy them right? Well, that's the problem I'm stating here - There aren't many options to get a dumb TV with latest display technology i.e. 4K/8K HDR if we want to supply our own apps via SBCs/Apple TV etc.

3 points posted by Abishek Muthian

Password less authentication #authentication #cybersecurity

Tue, 12 Nov 2019 12:31:00 +0000

Even when thousands of online accounts get hacked each week due to weak passwords, people continue to use them. Even though free random(pseudo) password generator apps are available for years now, it hasn't gained large adoption.

Passwords by design rely on weakness in human psych - memory; we cannot generate or remember random passwords which are secure.

It's time to do away with passwords completely and come up with seamless, secure alternative which can work for a layman or security professional alike.

3 points posted by PasswordHater

Our parents need protection from email ID theft #cybersecurity #phishing

Thu, 11 Nov 2021 19:46:00 +0000

Phishing emails are getting more sophisticated, and are getting better at taking advantage of people to steal credit card information, user name and password etc. People need help protecting vulnerable friends and relatives from emails that push malicious software, such as ransomware and keyloggers onto target computers, or emails that rely on the user providing personal identifiers back to the attacker. 1 points posted by fleegz2007

Detecting phishing websites #cybersecurity #frauddetection

Thu, 15 Jul 2021 13:53:00 +0000

I recently came across a website phishing Indian Govt.'s Income Tax website on the top of Google search results. If such high value, thoroughly scrutinized websites can be phished and even make it to the top of Google search then surely there's a need-gap in the existing phishing detection systems.
1 points posted by Abishek Muthian

Inexpensive, Accessible hardware security tokens #authentication #cybersecurity

Sun, 27 Dec 2020 06:54:00 +0000

There is a rush to replace SMS based OTPs in several markets with more secure and reliable alternatives for multi-factor authentication due to the growing prevalence of SIM swapping attacks and reliability issues concerning SMS.

When compared to other authentication options, FIDO based hardware security key/tokens have proven to be reliable and private mechanism for secure multi-factor authentication. But hardware security token's prohibitive costs and accessibility friction have prevented widespread adoption.

Although app based TOTP is still a better alternative than SMS for two-factor authentication, it is still susceptible to phishing attacks and faces reliability concerns due to latency and not as accessible as SMS, Although HOTP fixes the latency issues with TOTP it still falls behind the accessibility of SMS.

1 points posted by Abishek Muthian

Database of Bot IP addresses #cybersecurity #database

Thu, 24 Dec 2020 17:39:00 +0000

If you had run any web-service and checked the logs you would have found constant barrage of logs indicating bots scanning for vulnerabilities by trying to locate PHP, Wordpress, git credentials etc.

These are annoying, consumes resources at best case scenario to actually exploiting our web-service if any vulnerability is found.

I was wondering if there was a central database of these bot IP addresses contributed by public from their logs, we could block these bots from scanning our web servers.

1 points posted by Yogesh Basu