Press Association The Gunners boss, though, felt referee Neil Swarbrick could have taken a stronger line during the game as Everton utilised all their physical qualities to keep alive slim hopes of gate-crashing the top four. There were several hefty challenges from the visitors, with midfielder Darron Gibson fortunate not to be sent off for twice pole-axing Theo Walcott. Wenger said: “I felt that in the first half the referee didn’t deal at all well with the intimidating physical challenges, but that we responded well to the physicality. “It was detrimental to the fluency of our game, but we kept going, had good concentration.” Wenger added: “But that is part of the game. We had to deal with that. You have to respect the effort Everton put in. They decided to make it very physical for us to disturb our game and sometimes went a little bit over the edge, but the referee had to make the right decision. “I don’t blame Everton for that. ‘Protecting’ is a big word, but they (referees) have to make the right decisions.” Everton boss David Moyes, meanwhile, defended his side’s approach, saying: “Do you mean when we were a little bit rough with the tackling? Up north we do that quite often, that’s actually allowed in football. “We weren’t going to come here and let Arsenal stroke the ball around and make 600 passes.” Television pictures showed England international Wilshere, just back from a six-week injury lay-off, involved in a fracas with Everton’s Kevin Mirallas as the players walked off at the break, reacting angrily after appearing to be squirted with a water bottle – an incident which could yet be reviewed by the Football Association. Arsenal manager Arsene Wenger said of the spat, which was quickly contained: “I don’t know about it, but if it was (on television), then very soon everybody will know about it – and I will know about it as well. It was all right in the dressing room.” Midfielder Jack Wilshere was involved in a half-time bust-up as Arsenal missed the chance to strengthen their bid for a top-three finish after being held to a goalless draw by Everton in a bruising encounter at the Emirates Stadium.
In the wee hours of Saturday morning, two gun-toting bandits invaded the home of newspaper distributor Sasenarine Ramsuchit at Lot 21 “CC” Eccles New Housing Scheme, East Bank Demerara.They beat the 64-year-old businessman to his head, inflicting wounds that had to receive 10 stitches; and shot his wife, 58-year-old Joyce Lauren Ramsuchit, who had to be admitted a patient at the Georgetown Public Hospital.When the ordeal was finally over, the Ramsuchits had been robbed of a bag containing money and jewellery, and his son’s laptop and other electronic devices had been taken away.The injured businessman related that he was heading out of his yard to commence his daily distribution at about 03:30h when he was attacked by two armed men, who held him at gunpoint and ordered him back into the house. While in the house, the bandits ordered his wife and son into his bedroom, and instructed them to lie on the floor.The men then demanded money and jewellery, but when he hesitated to comply with their request, he was beaten to the head and other parts of his body whilst his son and wife looked on. During the ordeal, one of the men then placed a gun to his wife’s body and threatened that, if she did not hand over the money, he would shoot her. After some hesitation from the woman, the bandit discharged a round, hitting the woman to one of her legs.The men then ransacked a wardrobe, where they came across a bag containing money and jewellery. This they took, along with his son’s laptop and other electronic devices, before escaping.Ramsuchit believes that the men had been monitoring his movements over time, since they came at 03:30h, the exact time he would leave home on a daily basis. He also noted that the men emerged from behind his home, leaving him to believe that they had hidden themselves while they waited on him to exit the house.Ramsuchit detailed that after the men had left, he alerted his neighbours to what had happened, then attended to his injured wife, picking her up and taking her to the Georgetown Public Hospital, where she was admitted. The bullet that was lodged in the leg has been removed.The Police were subsequently summoned, and an investigation has been launched. No arrests have as yet been made.
The world of Internet-connected devices targeted at children is a magical one. Toy dinosaurs can learn and communicate with a growing child, teddy bears can transmit messages overseas to military parents, and talking dolls can communicate with children via speech recognition software. But this connectedness comes with a price. Recent hacks on IoT toys are an indication that when children’s privacy is breached, the ramifications are serious. Before rushing to market with the latest IoT toy, cybersecurity experts urge companies to approach security before they even build the product, not after a hacker gets into the device of a five-year-old. Another day, another breach There’s still much chatter in the cybersecurity and hacker community about the Spiral Toys brand CloudPets, which are toys that let parents and children send personal messages back and forth. Parents can send messages using a CloudPets app, which is then approved and delivered wirelessly to the toy. RELATED CONTENT: Series of missteps leaves smart-toy brand CloudPets database exposedIt was in mid-February when Ryn Melberg, a cybersecurity expert and agile consultant, starting seeing discussions about a possible breach with this product, but it wasn’t until the end of February that the company acknowledged the breach. According to Melberg, hackers are always skimming and looking for unprotected servers. When they stumbled upon this toy’s huge data cache — which wasn’t protected behind a firewall — it was exposed. Melberg added that hackers took a Bluetooth extension and went around neighborhoods, discovering a few CloudPets toys, and found that none of the Bluetooth receivers in the pets were encrypted. “You would think something like this would have dual encryption,” said Melberg. “Most [devices] do, and you have to be able to log in to the app and then log in to the Bluetooth connection. So several other hackers tried this and found all the toys were open, and then they started to expose it.”To make matters worse, Melberg said malicious hackers can get into the Bluetooth receiver and have control over the toy. If the hacker is clever enough, they can piggyback code onto the message, thus controlling the toy remotely. Melberg said the cybersecurity community is discussing the fact that these toys are military-friendly, meaning some mothers and fathers can use CloudPets to communicate with their child when overseas or in active duty. “When it comes to specifics about the toys being hacked, I have been watching for [Spiral Toys] to respond and I haven’t seen anything,” said Melberg. “I’ve also been waiting for the military to respond and I haven’t seen anything.”Password policies and protection was another security concern of these toys. According to Bojan Simic, CTO and co-founder of HYPR, a biometrics security company for IoT, the data compromised contained email addresses and passwords. Chances are, some of these users reuse the same email passwords and passwords as they do with their banking, LinkedIn, and other private accounts, said Simic.A hacker can compromise one system that doesn’t have security in place, like the CloudPets toy, and then go after another weakest link with the same credentials that were stolen. Hackers can then gain access to other resources they find useful, said Simic.“[Passwords] have been an ongoing issue for four to five decades,” said Simic. “We have to eliminate the password from the question entirely. That way you don’t let people hurt themselves because clearly, they are not learning, and each breach shows us that.”There are other ways to protect IoT devices besides passwords, like fingerprint sensors, facial recognition, voice recognition, and secure eye recognition. Embedding these multi-factor authentications is an efficient way to secure connected devices, according to Simic. Getting security right On a positive note, Elemental Path, the company bring toys to life with its CogniToys platform and its IBM Watson-powered dinosaur smart toy, said it’s treating security and privacy as a top priority. To protect their users, John Paul Benini, founder and CTO of Elemental Path, said they encrypt traffic to and from the dinosaur, with each dinosaur generating its own set of keys. Even if one dinosaur is compromised, no other dinosaurs’ information is encrypted in the same way. The toy is also cloud based, so Benini said they are constantly updating the security behind it. Since their users are around five-years-old, they completely anonymize all the interactions outside of the system. This way, it can’t get tracked back to the original child.What about the audio transmitted from the dinosaur to the child, and vice versa? Benini said that they run an analysis on the audio, in order to improve the speech recognition of the toy. The analysis is completely disjointed from the toy itself, and it’s anonymized and has a data store completely set in a separate location. “Because we stream everything, that audio doesn’t even exist,” said Benini. “It’s not stored, you can’t get to it.”And their application is only there to set up provisioning of the toy, just to set up the dinosaur on the home Wi-Fi. Outside of that, the application is where the parent can accept the terms and conditions, set up a profile, and only those items are needed so the dinosaurs can interact and talk with the child. Because children’s private information can be a liability, all of the information that is not relevant to a game or story or activity is left out, said Benini. If a child says their favorite color is red, that could be incorporated into a story. If a child says they go to “xyz elementary school,” that information is left out. “We like to think we’ve done a pretty good job with security thus far,” said Benini. “[The dinosaur] has been updated, we have another security patch coming up soon, and we are testing it now.”Benini mentioned they were alerted of something under the hood of the toy, which wasn’t necessarily a vulnerability, but it was something a security researcher suggested they take a look at. “A security researcher told us, ‘Hey, you can do this better.’ And we said, ‘Yes we can,’” said Benini. Guidelines for IoT-loving parents Melberg said while it’s up to these toy companies to take proper security measures to secure their devices, it’s also important that consumers understand what steps they can take to protect themselves. “I do my best to say please never, ever connect to any Internet that isn’t secured,” said Melberg. “I don’t care if it’s Wi-Fi or Bluetooth, just don’t do it. So when I have people ask me about toys like [CloudPets] I say, do you have to authenticate? If it’s no, don’t buy the toy. Can you change the authentication? If it’s no, don’t buy the toy.”It’s important to understand all of the features and functionality of an IoT device being brought into the home, especially if it will be used by a child, said chief research officer of SecurityScorecard, Alex Heid. He suggests parents understand if and how the devices interact with computers or the Internet, and they need to understand if there are any authentication mechanism related to the product or service. Parents should understand what data is actually being collected by the company and stored or shared, said Heid.“As boring as it seems, becoming familiar with the user manual, privacy policies and terms of service will oftentimes reveal surprising conditions that are accepted by the general public without any second thoughts,” said Heid.Website and online services directed to children under 13 are also heavily regulated under the Children’s Online Privacy and Protection Act (COPPA). Companies handling this data generated by minors should be even more diligent about their information security practices because of COPPA and standard compliance acts, said Heid. Despite these rules and regulations, there is a general consensus from the cybersecurity community that we are going backwards, said Melberg. IoT continues to expand and it is being applied to more consumer products, yet there seems to be a decrease in understanding of the security that is necessary, she said. “This is something that has the community concerned,” said Melberg. “Part of it comes down to how few people understand cybersecurity. Then we need to provide guidance on how to apply it to a service or product, because these mistakes are avoidable. We need to make security a part of consumer products.”Which means companies that are racing to get their device to market should really stop and think about security, because unless “someone really takes the security part seriously, we are just going to see worse and worse hacks in the future,” said Benini.He said the responsibility of security is an overarching issue of IoT in general, where the promise of the Internet of Things is really turning into the “Internet of Terrible Things,” said Benini. “Everyone is out there racing to put something on the market, but no one is stopping to think, does my refrigerator really need an IP address?” said Benini. “Companies that are releasing these IoT devices are shirking the responsibilities and they are not securing the devices either.”There are a number of steps companies can take to ensure that any data stored or transmitted is encrypted. That’s the easiest thing that can be done, said HYPR’s Simic. The second thing to do is to allow time for penetration testing before the product is released. This way the company can know that at least a third party or a person with a security background and knowledge approved and tested the device at least once, said Simic.