Share this page!

Jobl3ss Hack3r Profile picture
Twitter logo
2 May, 11 tweets, 3 min read
Some bit of tough love on IP protection in Kenya. I have heard of companies requiring their IT depts or hired devs to develop unhackable apps. To say this is ludicrous is an understatement because tech nerdistry alone can't protect your company's IP #CyberSecurity
IMO, IP protection should be hinged on the following key pillars
~ sound legal advice/support
~ BYOD policy
~ data privacy/protection policy
~ skilled IT staff
~ sober C-suite

Companies ought to start by seeking proper legal advice. I understand there are lawyers that......
focus solely on intellectual property. A BYOD policy is equally important because companies tend to focus on outsiders misappropriating their IP when studies have shown employees pose an even greater threat. Corporate espionage ring a bell?
On #dataprivacy, companies must have clear guidelines on who can access what kind/type of data, where, when, and how. Kenya now has a #dataprotection legal framework and companies ought to make sure they align with it. This is addition to compliance with GDPR etc
Skilled staff is where most companies get it completely wrong. Some companies hire a few techies and expect them to do everything from creating and launching websites/apps to warding off cybercriminals. This is wrong on so many levels.
For starters, most web developers focus on either front-end or back-end ops. You have no idea how many frameworks and libraries devs have to deal with. Adding cybersecurity onto their plate is a big ask and a recipe for disaster. My advice, add skilled pentesters to your IT team
If a company wants to develop and publish a secure mobile app, it should have a skilled reverse engineer on its dev team. Here's why - example based on Android OS. An android app is just a zip file, which means unzipping it and accessing it's contents is very easy
To access the source code in .dex files all you need is a java decompiler and voila you have become a hacker. Now, an Android app could have code written in C/C++ and compiled to an ELF binary. These binaries are usually placed in a folder called "libs".
This is very important in IP protection because reverse engineering ELF binaries is not easy especially when the file is heavily obfuscated. Plus there are programming techniques a skilled dev can deploy to thwart rev eng. The skill set required to crack such a file is rare.
But here's the problem, I'm yet to see a Kenyan company advertising for a software reverse engineer. To wrap up my rant, all the above will be in vain if a company does not have a sober C-suite. We all know what could go wrong at that level.
Whether Kenyan companies like it or not, the IT dept or contracted developers cannot wave a magic wand and conjure IP protection solutions out of thin air.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jobl3ss Hack3r

Jobl3ss Hack3r Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Hack3rJobl3ss

Jobl3ss Hack3r Profile picture
6 Feb
On facebook's data privacy. I have never installed facebook or instagram on my android test phone yet zuckerberg and co won't leave me alone. How do i know, because i proxied web traffic through a mitm tool and caught fb sending data about my phone to its data centers. Here's how
Facebook leverages its sdk installed across diverse apps to create and maintain profiles of consumers even if they don't use any of its apps. In my case, the culprit is an English Premier League app. Data sent to facebook datacenters includes phone orientation in 3d space - x,y,z
Battery stats, rooted/non-rooted, GDPR applicability - no in my case, my location, app with fb sdk, time, phone model, consent status - of course this rides on consent granted to app with fb sdk. Sneaky imho, among other data points. Where is all this data sent to,
Read 8 tweets
Jobl3ss Hack3r Profile picture
5 Feb
The Nigerian central banks' move to bar its citizens from undertaking any crypto currency transaction is going to backfire spectacularly. Firstly, how are they going to enforce this regulatory action? Last time I checked, there were thousands of different cryptocurrencies.
How are they going to determine who owns a specific crypto. If countries with better technical knowhow struggle to track crypto transactions, how is the Nigerian govt going to do it? Secondly, companies that handle crypto transactions fall under different regulatory frameworks,
goodluck trying to access information from companies domiciled in countries such as Japan and Germany
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @Hack3rJobl3ss has new unrolls!

Check out other threads from @Hack3rJobl3ss!

Read all threads by @Hack3rJobl3ss