Category Archives: Security

Audi and it’s ideas to improve safety

Reading Time: 2 minutes
Audi A8 w luksusowej wersji Horch przed premierą - oficjalne zdjęcia

These days car manufacturers are putting most of their attention to safety, especially when it comes to luxury models. These cars are stuffed with such a big amount of safety features that it’s becoming to be hard to keep the track on. And Audi’s new flagship model is no exception.

We’re talking about the Audi A8 in this case. Among many safety features that this car is fitted with, there is this one that stands out compared to it’s rivals, the BMW 7 series and Mercedes S-class. It is the advanced pre-collision system which purpose is to step up the game in the safety race with other car brands.

This particular system is responsible for improving safety during side impact accidents.

Due to the type of suspension that this model is fitted with, new possibilities in terms of safety are now open. thanks to that, Audi came up with an idea that during an event of the side impact the side of the car that is going to take the hit is going to raise with the blink of an eye. Why? because in case of cars that are of a regular height, unlike SUV’s, the passenger is going to be hit into his upper body zone. As we all know, human chest contains much more important organs than the lower partition of the body. So when the side of the car raises when being crashed into, the car minimizes the risk of health loss, because a human is rather going to survive with broken legs then with collapsed lungs or fractured chest.

Not Only does this feature improve safety, but also this is a very good marketing move, because such attribute is very catchy and surely will attract some clients due to the fact, that the competition has not come up with such a feature yet

Drone Police

Reading Time: < 1 minute

Or to be more precise, Japanese drone police

As we all know, drones became very popular in the recent year. they begun as one off custom builds, hand made by model freaks. Not long later, people realized that drone’s are really cool and can be used not only to fly around the garden.

As always, whenever something becomes trendy, big companies have to lay their hand on it as soon as possible – this is how drones entered mass production and started to be used for various purposes such as filming, shipping cargo, competition etc.

So, when something gets popular, a new law has to be created – a law that would regulate the use of a given product. Drones couldn’t dodge that and nowadays a regular drone user has to obey strict rules. For example, flying a drone is prohibited in most big cities. Of course, rules are made to be broken, so various cities come up with new solutions.

Japan, which is the topic of the article came up with a pretty spectacular solution – they invented the drone police.

The drone police unit is armed with big drones that are equipped with special nets made for catching other drones that are breaking the law. The way it works is very simple. Police drone simply approaches the criminal drone and attempts to catch it into its net, preventing it from further activities.

It may sound silly, but hey, if it looks stupid but it works – it works

A Greek God who will steal your money

Reading Time: 3 minutes

The ubiquitous use of technology in our life comes with a lot of challenges and threats. One of the most pressing phenomena right now is cybercrimes which rate is constantly increasing. According to the Statista, in 2020 there were over 23 thousand incidents of cybercrime in Poland which is an 88 percentage point increase compared to 2019. The most popular data breaches are interconnected with hacking (45% worldwide), errors (22%), social attacks (22%), and malware (17%). In this article, we will focus on the last scope, namely on a particular malware that goes by the name of the most powerful Greek God – Zeus.

Before we move to explain all the details of Zeus, we first need to briefly go through what is actually a Trojan horse. This is also interconnected with Greek mythology term is very intuitive when you know the story of it. As it was with the wooden horse where Trojans hid in order to attack the city without notice, it is the same story with a digital Trojan horse that intends to steal valuable data by misleading people of its true intent. 

So what’s up with Zeus?

Zeus is a Trojan horse malware that firstly occurred around July 2007. It is believed that it was developed by a 22-year-old Russian hacker who went by the name “Slavic.” Despite his young age, no one should underestimate his coding skills. According to FBI and U.S. Law Enforcement data, Zeus attempted to steal over 220 mln USD from personal and business bank accounts all over the world. Eventually, it managed to accrue only 70 mln USD which is still an enormous amount of money. 

How was it working then?

With the intent of stealing sensitive data, especially the financial one, Zeus can be introduced to a computer in two ways – phishing campaign or drive-in download. In 2007, social awareness of phishing was still low and the success rate of such campaigns was really high. They relied heavily on e-mails or text messages socially engineered in order for the potential victim to click on the link that led to infecting a particular device with malware. As Zeus was intended mostly for various versions of Microsoft Windows, phishing, in that case, was based on e-mails. The second option, a drive-in download, relies on the victim downloading a file from for example website without the knowledge that it is infected. In both cases, Zeus is profoundly hard to detect because it leverages the stealth techniques and mutates itself similarly to biological viruses.

After infecting a particular device, Zeus is monitoring closely websites that the victim visits and recognizes when a person is on a banking website. Then, it is possible to steal text user fills in web forms, gather keystrokes, and take screenshots when the mouse is clicked. Zeus’s actions can be interconnected with the term man-in-the-browser (MiTB) attacks where malware behaves the same way as there would be another person in the room with the user closely watching his actions. 

Where is Zeus now?

Due to the Zeus code leak in 2011, its activity lowered, and right now it is not perceived as a big threat to users’ financial data. With the rise of ransomware also Trojan horses were pushed into the back scene of hacking and stopped being that common. However, we shouldn’t forget that still there are a lot of threats hiding in the shadows of the internet, and wisely assess the websites we enter and the data we provide.  


  • Niebezpiecznik, Jak działa ZeuS?, 2012,
  • ZeuS, Dark Net Diaries podcast
  • Wikipedia, Zeus (malware),
  • Malwarebytes, The life and death of the ZeuS Trojan, 2021,
  • FBI, The Zeus Freud Scheme,

Big brother is watching you and this is cool.Ukrainian app Diia provided by the government

Reading Time: 4 minutes

The topic of digitalisation is quite mainstream nowadays. The fear of being watched all the time with no privacy became our routine reality. There are a lot of books and movies that show us how technology might be used by the government, evil corporation (which sometimes is the same thing) or crazy villain. For instance, The Mitchels vs The Machines, Black Mirror and well-known Orwell’s prophetic book. This topic is still being accurate and people keep arguing whether it is possible to replace people with machines. 

    Nevertheless, as we all know, technologies might be not only evil, but also quite useful – thanks God we do not have to wait for a dove to bring our letters anymore. This trend for digitalisation is followed not only by companies but also by the governments of different countries. The most digitized countries from the EU based on the Digital Economy and Society Index (DESI) are Denmark, Finland, Sweden, Netherlands and Ireland. However, in this article I want to extend my thoughts about one specific country. You might have never thought about it in such circumstances – especially right now, when you can see this country’s flag all over the world – blue sky and yellow field. Exactly,I am talking about Ukraine. This is my Motherland, so I would like people to know more about how awesome my country is. 

    The head of Ministry of Digital Transformations Mikhail Fedorov has launched both web-site and app called Diia -Дія ( you have all your digital document  and online public service. Let`s go through all of this with more details. First of all, the origin of the name comes from getting 3 words together – Government And I – Держава І Я (in case you know how to read in cyrylica), so in English it would be GAI. One more interesting quibble is that Diia in Ukrainian also means “action”. 

A little bit more about the app itself – it is the folder where digital copies of user documents are stored. And they are officially recognized by the government as analogues of paper or plastic documents. At the initial stage, immediately after the launch of the application, only two documents could be kept in digital form – a driver’s license and a vehicle registration certificate. For a large part of Ukrainians who had neither, this application was useless, but it relieved drivers of the need to copy in the glove compartment and almost eliminated the danger of receiving a fine for forgotten rights. Later, the digitized documents were accompanied by an ID-passport, a biometric passport and a student card. Digital documents are verified using a QR code. “We plan that the e-passport will completely replace ID-cards and paper ones,” Mikhail Fedorov said. The Facebook page of the Ministry of Digital Transformations claims that Ukraine is the first country in the world where it is possible to use a digital passport and at the same time not present a paper or plastic analogue. 

Despite that, in Diia you can include your vaccination certificate (both in Ukrainian and English). Also, to encourage people to vaccinate and use Diia, our government provided a service “isSupport” , where you can receive 1000 hrn via this app if you have a green COVID certificate and spend this money to buy books, gym membership or tickets to any cultural events to support business after COVID-19. The 1 000 hrn is €30 , which is enough in Ukraine to visit the cinema 2-3 times and buy 2 – 4 books. I can say that it was 100% effective based on my life experience. I originally come from a small town (almost a village), where we have almost no events and no cinema or theatre, so most of my friends and relatives have spent this money on books, even these ones, who never actually read

Besides, you can pay fines, renovate some of your documents and even create a document to become an Individual entrepreneur.  

    Diia app is also accurate in current circumstances, as the “isSupport” service has changed its function, so now people from some particular regions who have lost their jobs because of the war can receive 7 500 hrn (€230), but this time they can spend them whenever they want. Additionally, via this app you can help Ukrainian army and inform them whether you have seen an enemy equipment of the occupiers or find a game “isBayraktar” where you are trying to bomb russian tanks

    To my mind, Diia is a very convenient and useful app, which helps us to be closer to our government and treat it better. Nevertheless, there are some problems that are currently trying to be solved. For instance, still not every person has a modern smartphone and even if they do, not everyone feels a need to understand how it works – now I am mostly referring to older people. Anyway, Ukrainian government has chosen the right direction of development and I am very proud of it. 




Millennials invented communism

Reading Time: 3 minutes

The title was my first thought when I started my research about the sharing economy. The concept of it is so easy that it seems to be even obvious : you own a thing (car, cake recipe, room)  that you do not currently need, so you lend it to someone else in exchange for money (using third parties, like Uber or Airbnb). To be honest, it is too simplified, but the main point is the same. The purpose of this article is to clarify whether the title’s statement is true or not. Also, the professor has told us that it is supposed to be witty, so be ready for stupid jokes. 

Let’s see what we can find in common of sharing and collaborative economy  – people share things ( goods and services); environmental benefits of non- over consuming, higher level of tight communication between communities, central control and decreased competition. I would like to extend my thoughts about some of these points. Thus, we receive environmental benefits when we decrease the need of owning things for every person, as a result we make the demand of its production much lower and some factories might be closed or reduce their working hours. Besides, we observe  the slap in the capitalistic face, because this also means that my ( me as an average citizen)  productivity will also be decreased a little bit, as I do not see the point of buying some expensive goods as car or university degree, so I can work less and do not have long term savings. Nevertheless, I personally do not consider it to be a negative phenomenon because in the long term perspective it might change values of our society. As a result, one day people may catch a thought that they exist not only to work to get a lot of money and consume everything they can see.  

Overall, the previous paragraph, which I wrote a day ago and now trying to understand what it was about, explains the positive influence of the sharing economy as a part of a collaborative one. Now I would like to write about their differences and negative consequences.  First of all, these two both have centralized hierarchy. Let me clarify, now we are talking about a sharing economy and not peer-to-peer one. So, what it means for us, as the participants of market relations. It leads to lack of control at the low parts of organizations. For instance, CEO of Uber has no idea what their freshman driver is up to – he is rapist, serial killer or worse – he has a horrible music taste and likes talking during the road. Additionally, the core difference between sharing and collaborative economies is hiding here. This centralized hierarchy shows us that the sharing economy is much closer to capitalism than it might seem at first, because in the end the drivers actually have low salaries and only people at the highest positions receive all the money. Of course, Uber helps them to find clients, but this scam still being unfair and rich people try to pay their workers as low as possible. 

There is one more difference that proves us that the sharing economy is a child of McDonald’s and Zara. The main point of collaborative economy is that everyone owns approximately the same amount of assets, but sharing economy shows that rich people on Airbnb rent their apartments (they them own) to other people ( who do not actually own it) . It is especially highlighted in today’s realities, because there a lot of flat owners who raised the month rent to unbelievable prices to cash in on Ukrainian refugees.  

To sum up, sharing economy is a nice invention from some points of view, but most likely it is not going to change society in a better way, but probably will help rich people to pay less and earn more. Answering the main question, sharing economy is too far from collaborative economy, so the title was just a clickbait, sorry guys. 


The Politics of the Sharing Economy

Challenges of the digital era

Reading Time: 3 minutes

In today’s era of digitalization, data has surpassed oil in becoming the world’s most valuable resource. It is a strategic asset, commonly referred to as a “new currency”. A testimonial to this is the fact that the five highest valued listed companies in the world are all technology and digital market operators. Their impressive valuations are largely a result of extensive consumer data aggregation, which fuels machine learning and revenue generating processes. While the possibilities of what can be done with data are endless, it’s important to consider the significant privacy, political and legal concerns that have developed as a result of corporate data processing in recent years.

The most important issues surrounding data gathering are neither technological, nor commercial, but rather legal and social. They center around the fundamental right to privacy, safeguarded on an international level by Article 12 of the Universal Declaration of Human Rights. While we also have national protections in place, it is clear that the existing privacy laws are no longer fit for their original intended purpose. Despite constantly increasing volumes of personal information handled by private companies, privacy standards are deteriorating. Consumers, often unaware of the actual value of their online contributions to data mining algorithms, are being deprived of any bargaining power. With limited options to meaningfully opt-out, they have little choice but to accept arcane and non-negotiable privacy policies. One study found that an average internet user would need over 30 working days per year just to read through them. Such information overload, in combination with several other factors, leads individuals to progressively lose control over their digital identities.



There are also profound concerns about accountability of tech giants. The possibility of surveillance, profiling and hacks are just some of the triggers that have contributed to the case of serious public anxiety that we feel today. In 2018, hackers were able to access the private information of over 150 million users of MyFitnessPal. The Cambridge Analytica scandal was an even more striking example of how access to large datasets may allow private companies to peddle misinformation, thereby undermining democratic processes.

Beyond strict data protection concerns, there is an important interplay with law and fair competition. A significant peculiarity of online services is that they are often provided at “zero price”. This is due to the network effects in dual-sided business models, where cross-financing is enabled by revenue made through advertising and by trading information with data brokers. As a result, the concentration of user data can entrench market power and contribute to higher barriers to entry. Data-driven mergers often occur in order to eliminate nascent competitors, yielding serious exclusionary effects in extremely highly concentrated digital markets. Consequently, there is little incentive for the incumbents to innovate and provide users with optimal privacy protection. Given these negative developments as well as the industry’s general tendency towards monopolization, a wholesome regulatory reform seems inevitable. The EU General Data Protection Regulation and California’s Consumer Protection Act are the best examples of increased awareness surrounding the issues of privacy and transparency of tech giants. They also give hope for greater scrutiny of digital market operators worldwide. Yet, there is no doubt that technological innovations can increase productivity, accelerate business processes and automate mundane tasks. Indeed, it was technological tools such as Zoom, Microsoft Teams or Skype that allowed us to continue working and studying, despite the global pandemic. Thus, it is important to

Overall, while there is a clear need for global action to mitigate some of the risks, we must be careful not to squelch innovation and opportunities of the digital age. Ultimately, it is all about the balance between embracing innovation and effectively safeguarding fundamental rights and freedoms.


1. M. Vestager, ‘Competition in a big data world’, DLD 16, Munich, 17 January 2016.

2. A.M. McDonald, L.F. Cranor, ‘The Cost of Reading Privacy Policies’ (2008) 4 I/S: A Journal of Law and Policy for the Information Society.

3. G. Colangelo, M. Maggiolino, ‘Data Protection in Attention Markets: Protecting Privacy through Competition?’ (2017) 8 Journal of European Competition Law & Practice.

4. A.D. Chirita, ‘Data-Driven Mergers Under EU Competition Law’ in The Future of Commercial Law: Ways Forward for Harmonisation, J. Linarelli & O. Akseli (Hart Publishing, 2019), p. 51.

18 shops in south of England using Facewatch system to prevent shoplifting

Reading Time: 3 minutesStart-up Facewatch created the system which alerts workers if it sees someone entering the store who had a record of theft or anti-social behaviour.

Already 18 branches of co-op food stores in the south of England have tried the system. However many concerns aroseFacial recognition in a shop privacy issues. Privacy International have questioned whether the data is shared with the police and about the legality of the technologies which are being used in the stores.
No public announcement was made when the system was introduced to those 18 shops. This has left privacy advocates with concerns whether those shops can justify the use of Facewatch programme.

Last year, it was reported the firm was on the verge of signing data-sharing deals with the Metropolitan Police and the City of London police, and was in talks with constabularies in Hampshire and Sussex.1



Director of civil rights group Big Brother Watch, Silkie Carlo, said: “To see a supposedly ethical company secretly using rights-abusive tech like facial recognition on its customers in the UK is deeply chilling.
“This surveillance is well-known to suffer from severe inaccuracy and biases, leading to innocent people being wrongly flagged and put on criminal databases.
“Live facial recognition is more commonly seen in dictatorships than democracies. This is a serious error of judgement by Southern Co-op and we urge them to drop these Big Brother-style cameras immediately.” 2Co-op shop

You may ask yourself in what way the program is recognizing people on the “blacklist”, who had a record of shoplifting?

CCTV images made by cameras in the shops are converted into the numerical data. Then it is compared with a watchlist of criminals and looks for a match. If the result is positive, workers in such a shop get a notification on their smartphones.
“The system alerts our store teams immediately when someone enters their store who has a past record of theft or anti-social behaviour,” Gareth Lewis says.

Facial recognition technique has demonstrated controversial, along with legal issues regarding privacy infringement, with 
questions on how well it identifies darker colours of skin. In August, in lawsuit filed by human rights campaigner, 
the use of equipment by British police forces was found unconstitutional. Ithe US, major tech corporations such as Amazon and IBM have halted its use of police facial recognition tools to allow 
policymakers to discuss regulations about how to deploy it.
In my opinion, introducing such a program is a huge technology development. However, I think that before allowing shops for using it, few things should be explained and looked after as it is a highly controversial topic.
All of the customers and workers should be informed before the technology is used. Even though, we all know that shoplifting is illegal, and checking it should not be explained, here shops are scanning customers faces in order to prevent it.
When such technology is introduced, all of the safety and ethical issues should be talked through with specialists in this area. Also, I think that there should be tests of the program in many different situations with different coloured skin people in order to make sure everything is working as good as the intentions were while making the program.
1. BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <> [Accessed 10 December 2020].
2. BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <> [Accessed 10 December 2020].
Used websites:
BBC News. 2020. Co-Op Facial Recognition Trial Raises Privacy Concerns. [online] Available at: <> [Accessed 10 December 2020].
Burgess, M., 2020. Co-Op Is Using Facial Recognition Tech To Scan And Track Shoppers. [online] WIRED UK. Available at: <> [Accessed 10 December 2020].

Swiss Data Protection? What if this is just another lie?..

Reading Time: 3 minutes

‘Europe demands different’ says pCloud CEO

PCloud is your personal cloud space where you can store all your files and folders. Based in Switzerland, it has a user-friendly interface that clearly shows where everything is located and what it does. The software is available for almost all devices and platforms – iOS and Android devices, MacOSX, Windows OS, and all Linux distributions. All your devices are instantly synchronized and you have direct file access to any update you make. Generally speaking, pCloud is the European analogue of well-known US iCloud or Google Drive.

PCloud has seen a 500% growth in just four years. Today it is over 10.5 million users strong and growing rapidly. It has become famous for their security standard, which has taken all the necessary steps to meet full GDPR compliance.

What is GDPR? Europe’s General Data Protection Regulation, brought by the European Parliament, is a set of measures to enhance EU user privacy rights (from May 25, 2018). It imposes strict regulations on how organizations operating in the EU collect, store and manage personal information.

What is more, pCloud offers not only reasonable prices but also lifetime plan/ lifetime subscription.

It all sounds great, does not it? But there are nuances.

 Firstly, to guarantee your files’ safety, pCloud uses TLS/SSL encryption, applied when information is being transferred from your device to the pCloud servers. Optionally, you can subscribe for pCloud Crypto and have your most important files encrypted and password protected. Without additional encryption, pCloud is able to get access to your data at any time, as the keys for file decryption are stored on their servers.

Secondly, the company reserves the right to cooperate with law enforcement agencies by disclosing your personal information, or to review your files at its sole discretion to make sure that nothing violates their rules. Such conditions immediately make it clear that behind loud slogans about guarantees of absolute confidentiality of stored files will be observed only if additional paid services are used. Neither pCloud as a service provider, nor any authority or service will ever have access to your encrypted files. They do not store your Crypto Pass on servers, which means that you are the one in charge.

Personal data will be stored in pCloud for the period set by EU and US laws (depending on the servers where your files are stored). Personal data may be stored for longer if the company deems it necessary or if it does not violate the law. PCloud also collects information about you while you are using the service, including your IP address, browser type, information about your operating system, your time, phone number, location data, session duration, viewed sections, folders, pages, and etc.

Nothing is free; everything has a price. In this particular case you pay company with money or, otherwise, with your data.




Microsoft Teams phishing campaign attack on O365 Users

Reading Time: 3 minutes

Image shows capabilities of Microsoft teams- a Network of sharing files, calendar, emotions, statics, comment, and mails.

© Image inserted from Microsoft News –


Due to the COVID-19 situation many Governments, Organisations, and businesses transform into online communication platforms or integrate into their system and use it as a primary communication channel. Universities and academic institutions all around the world also decide for a sudden shift to online learning in a short period of time.

According to the New York Times analysis of internet usage in the US and special services that allow us to work and learn from home increasing continuously.


© Image Screenshot from NY Times – App popularity according to iOS App Store rankings on March 16-18. · Source: Apptopia


At Kozminski our main communication channel is Microsoft Teams, MS Teams is one of the products of O365, and a very popular subscription services that MS offer academic institutions among Google G Suite, Zoom for Education, and many more.

Cloud-based communication platform security is a huge threat that we as a student, employer, and user-facing threats daily, it’s clear to us there is no perfection in SaaS. Startup, Footprint, Runtime, Responsiveness, Hangs, rendering, and so many more that we use to hear as BUGS, but Security Bugs is one of the scariest to end user because makes us a vulnerable and the main target.

Abnormal Security researchers warn of a phishing campaign that pretends to be an automated message from MS teams, but actually aims to steal the credentials of O365 recipients.

Phishing is a fraudulent attempt to obtain sensitive information or data, it’s a very popular and old technique of attack. This campaign attack was sent to 15,000 – 50,000 O365 users according to researchers with Abnormal Security

“Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,” said researchers in a Thursday analysis.

The phishing Email displays the name “There’s new activity in teams”, making look like it’s an automatic notification from Microsoft Teams.

As can be seen in the picture below, the email tells the recipient that his teammates are trying to reach him, warns him that he has missed the MS Teams Chat and shows an example of a teammate chat where he is asked to submit something.


Email Attack: The email is sent from the display name, ‘There’s new activity in Teams’, making it appear like an automated notification from Microsoft Teams.

© Image inserted from Abnormal Security


It’s certain that Using 2FA or Multi-FA will make an important additional layer, low coast solution In many cases, it does stop phishing attacks from succeeding but it doesn’t mean your are immune to attacks. Also according to MS365 administration official documentation first task is to “Set up multi-factor authentication” and apply to the user as required widely within the organization and the Second task “Train your users” Also Microsoft recommended The Harvard Kennedy School Cybersecurity Campaign Handbook guidance.

In my opinion, due to rapid changes and system integration, most IT Teams can not feed their users enough information and updates, and it’s time for us as the end-user to watch tutorials to familiarises ourselves and read more informations about our daily software/tools.

And here is to learn more about how to set up 2FA on your Microsoft account Step by Step

The Image show steps, how 2FA works on clients point of view.

© Image inserted from ZUKO TECH – Two-factor authentication (2FA)


Resource: Abnomal Security

MS = Microsoft Teams   –   O365 = Office 365   –   2FA = Two-Factor Authentication

Tagged , , ,