Ax Sharma is Senior Security Researcher at Sonatype and engineer, who is passionate about perpetual learning. He is an expert in vulnerability research, software development, and web app security.
In his spare time, he loves exploiting vulnerabilities, ethically, and educating a wide range of audiences. He’s an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
In Ask Me Anything session with the Hacker Noon community, he shared his views on security issues, what episode of Black Mirror represents the privacy issues over the Internet the most and more!
"The greatest danger, therefore, varies - from identity theft occurring at a local drivers’ licensing office, because of phishing; to election fraud at multiple counties/jurisdictions.
Technological solutions and security controls in a workplace are a must, but most attacks succeed due to some form of human error, therefore cybersecurity trainings (which are fun and not preachy/boring lectures; I know there’s Curricula, Ninjio, etc. who provide these in an interactive format…) for your employees are recommended."
"We’ve done it at some point in lives (college! ;)) but it’s not recommended.
Legal implications aside (i.e. Netflix’s terms may not allow it), you don’t know how the other person will handle your username/password. Will they share this with another ‘close’ friend without you knowing it?
Where will they “store” it? A piece of paper, or, for example, in their email account which has a really weak password? The attack surface simply expands."
"Limit the exposure of your video conferencing links and phone numbers (limited invites), password-protect the meetings, and vet your audience. But if I’m honest, this can’t be fully solved, in the context of Zoombombing. These “tips” are also futile for open-to-all webinars.
Zoombombing isn’t a technological vulnerability in my opinion but stems from the weakness in our “social interaction” protocols which we haven’t learned to adapt to, when interacting over the internet.
Much like anybody at an in-person meetup could “troll,” so can one online. The problem is, of course, online events have even lower standards of accountability and make anonymity easily viable."
"Probably decelerate the path the internet is heading towards. The internet of 1990s feels very different from 2020. Of course, change is inevitable, but it should be for the better."
"Let’s start with Nosedive?"
Vote for Ax in Hacker Noon Contributor of The Year: CYBERSECURITY, Security Advocate of the Year.