Offboarding remote workers is not as easy as it seems, so here is an article from Forbes for some things to consider when offboarding remote workers
Companies often overlook offboarding of remote employees, leading to data breaches and potential legal issues, writes Brandon Batchelor of ReadyCloud, an ecommerce CRM. Common mistakes include failing to recover equipment, not rescinding software access, poor internal communication and ignoring the emotional aspects of offboarding.
Considering some of the above issues involved, one really has to wonder if the correct analysis of the risks of remote workers has been done and are worth the initial savings involved.
The question’s are who are they, who and where do they live, who are their partners, what additional software is installed on their devices, what AI features are they using that could compromise your security and credibility.
Many cases of remote worker fraud have been recorded.
Below is what AI has to say about built in back doors:
While it is not accurate to say that most software has backdoors built into them, there are numerous instances where backdoors have been discovered or intentionally included in software and hardware systems. Backdoors can be defined as mechanisms that allow bypassing normal authentication or encryption to gain access to a closed system. These can be created intentionally by developers, inserted by malicious actors, or result from poor coding practices.
Some notable examples include:
Microsoft: Has included backdoors in its disk encryption, allowing for remote data extraction.
Apple: Has the capability to remotely extract some data from iPhones for state purposes, although this has reportedly improved with iOS 8.2
BMW: Implements a backdoor in car software to enable or disable features like heated seats, even in used cars.
Xiaomi: Some of its phones contain a backdoor that can activate political censorship features.
Tesla: Sells software features that require a backdoor for activation, which is considered unjust.
Adobe: Has licensed its Flash Player to a Chinese company that bundles it with spyware and a backdoor.
Samsung: Has included a backdoor in some of its TVs that allows for remote bricking.
Wavelink and JetStream Routers: Have universal backdoors that allow unauthenticated users to control the routers and connected devices.
Kindle: Contains a universal back door, in addition to its book eraser feature.
Kia Cars: Were built with a backdoor that allowed the company to locate and control the cars, which was later exploited by a security flaw.
Tech companies and privacy advocates have been resistant to adding backdoors due to concerns about user privacy and the potential for these backdoors to be exploited by malicious actors. The inclusion of backdoors can weaken the security of devices and software, making them more vulnerable to attacks.
In summary, while backdoors are a significant concern in the tech industry, it is not accurate to generalize that most software includes them. However, the presence of backdoors in various systems highlights the ongoing debate and challenges surrounding software security and privacy.
End AI report:
So my question has to be with so many known instances, what make you or I think that the rest of the software does not have backdoors that have not yet been discovered?
So a specific follow up question to the AI: Tell me more about the encryption backdoor created by the 3 letter agency
The history of encryption backdoors and their impact, particularly involving three-letter agencies like the NSA, spans several decades and has significant implications for both national security and individual privacy.
Early 1990s: Clipper Chip
Clipper Chip: In the early 1990s, the National Security Agency (NSA) attempted to introduce the Clipper chip, a chipset designed to provide a backdoor for law enforcement to access encrypted communications. The chip was met with strong opposition from technologists and civil liberties advocates due to concerns over privacy and security. Despite efforts to promote its adoption, the Clipper chip was ultimately abandoned by 1996 due to its technical flaws and widespread criticism.23
2000s: NSA’s Bullrun Program
Bullrun Program: Following the Clipper chip, the NSA initiated a secret program called Bullrun to crack encryption standards. This program involved creating backdoors by compromising the software used to generate random numbers in encryption algorithms and gaining access to encrypted communications through hacking. The New York Times revealed in 2013 that by 2006, the NSA had gained access to the communications of several foreign entities, including airlines, travel reservation systems, and government departments.23
2013: Snowden Leaks
Snowden Leaks: In 2013, Edward Snowden leaked documents that exposed the extent of the NSA’s surveillance activities, including the use of backdoors. One significant revelation was the NSA’s influence on the Dual EC DRBG random number generator, which contained a backdoor allowing the NSA to break encryption. This backdoor was known to be insecure and slow, yet RSA Security continued to use it until 2013, leading to a loss of credibility and customers.34
2014-2015: Stronger Encryption and Law Enforcement Backlash
Apple and Google: In response to the Snowden revelations, Apple and Google strengthened their encryption in 2014, making it so that they could not bypass it even with a warrant. This move was met with strong condemnation from law enforcement officials, including FBI Director James Comey, who argued that end-to-end encryption hinders law enforcement’s ability to collect electronic evidence.235
2016: San Bernardino Case
San Bernardino Shooting: The FBI’s attempt to force Apple to unlock the iPhone of Syed Farook, one of the shooters in the San Bernardino attack, brought the encryption debate to the forefront. The FBI sought to compel Apple to create a custom version of its operating system to bypass security features, which Apple refused, citing privacy and security concerns.26
2020-2025: Ongoing Debates and Legislation
EARN IT Act: In 2020, the EARN IT Act was introduced, which aimed to create a commission to develop “best practice” guidelines for technology providers to follow in order to maintain immunity from liability for child sexual abuse material. This act has been criticized for potentially undermining encryption.3
French Rejection: In March 2025, the French National Assembly rejected a proposal that would have forced messaging platforms to allow hidden access to private conversations, marking a significant victory for digital rights and privacy.3
Impact
Cybersecurity Risks: Encryption backdoors create significant cybersecurity risks. They can be exploited by malicious actors, leading to an increase in cybercrimes and the creation of a black market for exploits.56
Trust and Business Impact: The revelation of backdoors has damaged trust in U.S. technology companies, leading to a loss of business and a reluctance among international customers to use American tech products.46
Privacy Concerns: Backdoors undermine the privacy of individuals, leaving them exposed to surveillance by governments and malicious actors. This has far-reaching implications for personal and national security.56
The ongoing debate over encryption backdoors highlights the tension between national security and individual privacy, with significant implications for both the public and the tech industry.
Absolute Home & Office: Provides security solutions that both locate and recover lost or stolen devices, including PCs, Macs, iPhones, iPads, and Android devices. Their patented Persistence technology can survive a factory reset or hard wipe, and they have an Investigations Team with over 45,000 devices recovered in 120+ countries
Absolute Home & Office is a comprehensive security solution designed to protect your devices and data. Here are the key features and services it offers:
Device Tracking and Recovery: Absolute Home & Office can help you locate your lost or stolen device using a combination of GPS, Wi-Fi, and IP geolocation technology. The service claims to recover 3 out of 4 reported stolen devices on average.
Remote Lock and Wipe: The LOCK feature allows you to remotely freeze your device at the touch of a button. Additionally, you can remotely and permanently delete sensitive files and personal information from your device to protect against identity theft.
Persistent Security: Built into the BIOS or firmware during the manufacturing process, Absolute Home & Office provides a security solution that can withstand a factory reset, installation of a new OS, or even a complete hard drive replacement.
Investigations Team: Absolute Home & Office has a dedicated Investigations Team that works with law enforcement agencies to locate and recover your stolen device. They provide support and coordination to help you get your device back.
Guaranteed Recovery: With the Premium license, if Absolute Home & Office is unable to recover your stolen device within 60 days, they will pay up to $1,000 for a replacement.
Compatibility: The software is pre-installed in some devices from manufacturers like Acer, Asus, Fujitsu, Panasonic, Toshiba, Dell, HP, and Lenovo. For Apple devices, it can be installed on the hard drive, but it will not be as persistent if the hard drive is replaced or reformatted.
Customer Support: Absolute Home & Office offers customer support through their website, including a contact form, telephone support, and a theft reporting process. They also provide detailed installation and usage instructions.
These features make Absolute Home & Office a robust solution for protecting your devices and data, providing peace of mind in case of loss or theft.
As can be seen from the above “Absolute Home & Security” is build into most motherboards, so what prevents this code being used against the legal owner? This is a question that you have to answer.
And Finally, the cherry on top:
Key Vulnerabilities in Hard Disk Firmware
Pre-installed Backdoors:
Issue: Some hard disk drives come with pre-installed backdoors that can be exploited to gain unauthorized access.
Example: Kaspersky Lab discovered that the Equation Group (believed to be linked to the NSA) had developed methods to hide malware in the firmware of hard drives from multiple manufacturers[1].
Unauthenticated Firmware Updates:
Issue: Many hard disk drives allow firmware updates without proper authentication, making it possible for attackers to install malicious firmware.
Example: Samsung SSDs were found to have a vulnerability that allowed unauthenticated firmware updates, which could be exploited to install malicious code[2].
Self-Encrypting Drives (SEDs):
Issue: Vulnerabilities in key management can allow attackers to bypass encryption and access data.
Example: Researchers discovered that several SEDs from major manufacturers had vulnerabilities in their key management processes, allowing attackers to bypass encryption and access data[3].
Firmware Rootkits:
Issue: Firmware rootkits can persist even after reformatting and OS reinstallation, making them particularly dangerous.
Example: The Stuxnet worm included a component that infected the firmware of industrial control systems, allowing it to persist and spread[4].
The malware or backdoor was found on drives from multiple manufacturers including Western Digital, Hitachi, Seagate, Samsung, Toshiba, and IBM
Open source use should come with oversight of the risks
Open-source software is widely used in business, but companies often lack visibility into their use of it, as was evident with a recent Log4j vulnerability. Experts recommend better management practices, including using software bills of materials and evaluating the health of open-source projects.
Open Source, has always been a point of contention when looking at the security aspect of software. In a commercial program/software the company has to know who it is employing and do security checks to ensure the safety of the software, however in a opensource package, we have no clue who the players are and if security checks are performed on any of the contributors.
It has been known that backdoors have been programmed into some of the open source software that is freely available, that has remained undetected for years.
Report: 99% of hospitals have vulnerable medical devices
Ninety-nine percent of 351 health systems in a study had internet-connected medical devices that were vulnerable to publicly available exploits, and 20% of hospital information systems had known vulnerabilities linked to ransomware exploitation, according to Claroty. The report recommends prioritizing security of devices with known exploited vulnerabilities that are directly connected to the internet or can be accessed remotely through a non-enterprise-grade method.
Threat modeling is a core element of the Microsoft Security Development Lifecycle (SDL). It’s an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. You can use threat modeling to shape your application’s design, meet your company’s security objectives, and reduce risk.
There are five major threat modeling steps:
Defining security requirements.
Creating an application diagram.
Identifying threats.
Mitigating threats.
Validating that threats have been mitigated.
Threat modeling should be part of your routine development lifecycle, enabling you to progressively refine your threat model and further reduce risk.
Microsoft Threat Modeling Tool
The Microsoft Threat Modeling Tool makes threat modeling easier for all developers through a standard notation for visualizing system components, data flows, and security boundaries. It also helps threat modelers identify classes of threats they should consider based on the structure of their software design. We designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.
The Threat Modeling Tool enables any developer or software architect to:
Communicate about the security design of their systems.
Analyze those designs for potential security issues using a proven methodology.
Suggest and manage mitigations for security issues.
The SDL Threat Modeling Tool plugs into any issue-tracking system, making the threat modeling process a part of the standard development process.
The following important links will get you started with the Threat Modeling Tool:
To determine if Apache Log4j is installed on your system, you can use a combination of manual and automated methods. For Linux servers, you can run a command to search for files related to Log4j:
find / -type f -name log4j*
This command will list all files containing “log4j” in their names, which can help identify if Log4j is installed on your server.8
For Windows servers, you can use a similar approach by searching for files containing “log4j” in their names:
dir C:\*log4j*.jar /s
This command will search for files with “log4j” in their names in the C: drive and its subdirectories.3
Automated tools can also be used to scan for Log4j installations. One such tool is Syft, which can create a software bill of materials (SBOM) and help identify old Log4j versions:
syft dir:/ | grep log4j
This command will scan your server and search for Log4j files.3
Additionally, you can use a Python script or a Go package like log4jscanner to scan your system for vulnerable Log4j versions.43
Since Log4j is a Java library, it may be embedded within other Java applications, making it harder to detect. Therefore, it’s important to check all Java applications running on your system and consult their vendors for any dependencies on Log4j.3
For a more thorough check, you can also manually inspect the manifest files within JAR files to confirm the version of Log4j installed.3
Remember, these methods may not be foolproof, as Log4j can be embedded within other JAR files or applications. Therefore, it’s crucial to follow up with vendor advisories and ensure all applications are updated to the latest versions.
CrowdStrike incident sparks debate on automatic updates
CrowdStrike’s faulty auto-update patch in July caused operating systems to crash, sparking a debate on the best approach to software updates. While automatic updates are crucial for minimizing cyberthreats, the incident highlighted the risks of operational disruptions. The event has led to calls for better vendor management and more informed decision-making regarding update strategies.
AI Impact: The Future of IT, Tech & Cybersecurity AI is becoming increasingly vital in tech, IT and cybersecurity as businesses are progressively integrating AI into their operational procedures. Tech professionals are turning to AI due to its ability to streamline and automate complex processes and routine tasks. For cybersecurity professionals, AI can facilitate real-time threat detection and response. What you will learn: How generative AI is shaping the future of technology and IT How to deconstruct the promises of AI in cybersecurity An understanding of the need to interact properly with AI Why AI can help us become better professionals Register Now
The National Institute of Standards and Technology (NIST)
#NIST launched its PQC standardization program in 2016, with the goal of developing cryptographic methods that can withstand quantum computing threats. The latest announcement introduces the first set of standardized algorithms: one for key agreement and two for digital signatures. These algorithms are designed to ensure the confidentiality, integrity, and authentication of sensitive data, keeping digital communications secure against emerging quantum threats.
FIPS 203: Derived from Kyber, this standard is used in key agreement protocols such as TLS, replacing traditional methods like Diffie-Hellman. It offers fast performance despite the use of larger public keys and ciphertexts.
FIPS 204: Based on Dilithium, this standard is used for digital signatures. It provides faster verification than current methods like ECDSA and RSA, though it requires larger signatures (2.5KB) and public keys (1.3KB) and has roughly double the signing time.
FIPS 205: Built on the security of SHA-2 or SHA-3, this standard offers strong security with very small public keys (32 bytes) but generates larger signatures, around 7KB. It is particularly well-suited for applications like firmware updates, where rapid verification is crucial.
Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC). To transition to these new algorithms effectively, businesses must start by assessing their current cryptography usage. Whether conducted manually or through automated tools, this inventory process is critical. Proper tools and thorough testing are essential to facilitate a seamless shift from old algorithms to the new standards.
If Quantum computing was not a reality, why are there standards being implemented.
Be aware that what we see, or what they show us has already happened.
Take a look at Wolf’s channel for the latest Security challenges that IT admins, IT Professionals and IT Security Specialists are facing in todays dog eat dog world of security breaches and the worst security challenges ever faced in modern computer system.
