Darlene

Android smartphones rock, but whether you use Avast, Lookout, the new Sophos, or another freebie antivirus/security app, you better lock and load to protect your Android before you become a victim and a stat.

Android, once dubbed a "cyber menace," is too popular, too juicy and potentially too lucrative of a target for malware writers to ignore. In fact, a new F-Secure report suggests malware writers are getting craftier by creating Trojanized apps that can defeat antivirus detection. F-Secure released its latest mobile threat report [PDF] concerning the first quarter of 2012 and Android malware has grown exponentially. Since a year ago, the number of new malware variants have quadrupled and the number of malicious Android application package files (APKs) had a "staggering" increase of "139 to 3063 counts." (See also "Tips for a Malware-Free Android Smartphone."

Do you like shoulder surfers? It would seem wise to raise both your security and your privacy hackles. On a security angle, shoulder surfing is a low-to-no hacking technique for acquiring sensitive or financial information. On a privacy angle, if you wanted to share with nosy shoulder surfers then you could do so of your own accord. Although it is considered "social," that choice to share or not should be each users. There are dangers lurking under the surface of frictionless sharing apps.

The lack of choice in auto-sharing apps is the reason the appeal of Facebook's frictionless sharing evades me; all that too much information (TMI) and in-your-face oversharing rubs me the wrong way. While BuzzFeed says the "backlash is fixing Facebook social readers," PCWorld says "Facebook's social reader users are fleeing in droves." Mashable took middle ground, stating, Facebook's social reader apps "usage may be down but engagement is up."

If your mobile phone is on then it is constantly pinging cell phone network towers, leaving you no choice about revealing your location. The ACLU warned the "threat to personal privacy presented by this technology is breathtaking," especially since the "government is routinely violating American's privacy rights through warrantless cell phone tracking." Apparently any mobile phone privacy is too much privacy in the early stages of an investigation, before law enforcement actually has any proof that a person has done anything illegal. An Obama administration official told a congressional panel that requiring a search warrant to obtain cell phone location tracking information would "cripple" law enforcement and prosecutors.

Now that the Supreme Court decided a warrant is necessary before attaching a GPS to a person's vehicle, warrantless location tracking via a person's cell phone is the surveillance method of choice for law enforcement. Jason Weinstein, deputy assistant attorney general for the Justice Department's criminal division, discussed the need for such warrantless cell phone tracking so it won't "cripple" the government at "State of the Mobile Net," a conference for the Congressional Internet Caucus Advisory Committee. It was the DOJ that also argued in favor of warrantless GPS tracking in United States v. Jones.

Barclays contactless bank cards are vulnerable to electronic pickpocketing via NFC-enabled phones, reported Channel 4 News in the UK. In fact "millions" of Barclays customers are allegedly at risk for having "their data stolen without even knowing through readers in new mobile phones." viaForensics helped in the investigation which then led the UK government to "urge Barclays to consider recalling up to 13 million credit and debit cards."

Not too long ago, when considering NFC mobile threats on the horizon, we asked what happens when we wave our wallets to pay? In this case with Barclays, Thomas Cannon Director of ViaForensics R&D told Channel 4, "All I did was I tap my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card, that includes the long card number, the expiry date and your name. None of it was encrypted, it was simply a case of the details coming out through the air."

Geeks, technologists and the Internet as a whole raised their voices in protest harmony until Congress got the message that voters were not going to tolerate SOPA/PIPA breaking the Internet. "But big content remains tone deaf to this chorus of Internet users," the EFF stated. And like the RIAA which chooses to attack as opposed to innovate and move the music industry away from a broken business model, Capitol Records tried and failed in court to shut down ReDigi -- a truly unique and legal new way for users to sell their pre-owned digital music.

In a weekly Intelligence summary, Verizon Business Security blogged, "Wired declared Anonymous to be the net's immune system. But an analyst is compelled to assess if Anonymous is becoming symptomatic of an autoimmune disease." AntiSec hacktivists certainly whacked the "intelligence consultancy" for Strategic Forecasting Inc and endless articles have been published such as this one that points out the failings and "gross example of Statfor." And now Anonymous is starting to publish the internal Stratfor emails in two different "teaser" edition sets.

When Stratfor finally brought its website back online on January 11, Stratfor CEO George Friedman said, "We knew our reputation would be damaged by the revelation, all the more so because we had not encrypted the credit card files. This was a failure on our part. As the founder and CEO of Stratfor, I take responsibility for this failure, which has created hardship for customers and friends, and I deeply regret that it took place." In fact he added that the company is not a "hub of global conspiracy," but does "certainly expect to be attacked again, as we were last week when emails were sent out to members from a fake Stratfor address including absurd messages and videos."

Depending upon who you listen to, GPS tracking shouldn't be your only concern when you are out and about on the streets. The ACLU hammered license plate scanners as 'logging our every move,' a different investigative report concluded your car is spying on you, and some even claim the street lights are out to get you.

The ACLU reported on the "widespread tracking of citizen's movements" via the use of automated license plate readers (ALPRs). "It has now become clear that this technology, if we do not limit its use, will represent a significant step toward the creation of a surveillance society in the United States." The ACLU does, of course, regard GPS tracking without a warrant as intrusive on privacy, but license plate reader "technology is rapidly approaching the point where it could be used to reconstruct the entire movements of any individual vehicle." Some might call that paranoid, but the ACLU said of such accusations, that it is always "amazed by the speed and consistency with which our worst fears for these kinds of technologies turn into reality."

Geeks and security freaks are my favorite kind of people; it's a compliment, the same as being a hacker. They may not have always been considered cool labels, but most who fall in that category are not concerned about what people think. Instead of public opinion, these types of people apply their curiosity to other more important matters. 700 such security-minded individuals, ranging from DOD officials to members of the IT industry, recently met to discuss how to do a better job protecting military and commercial cyberspace. Cyberspace is considered a domain by the DOD and needs offensive and defensive protections the same as air, land, sea and space.

The U.S. Department of Defense reported on the mindboggling and perhaps migraine-inducing job to protect networks from attackers and cyberspies. DARPA Director Regina E. Dugan said, "The potential capability for cyber mayhem makes cyber security 'one of the most intense challenges of our time.'...Malicious cyberattacks are not merely an existential threat to our bits and bytes. They are a real threat to an increasingly large number of systems that we interact with daily, from the power grid to our financial systems to our automobiles and our military systems."

Dirty little secrets can be the best kind, especially when revealed by insiders with the real scoop. This year, thanks to LulzSec and AntiSec hackers, there were numerous high profile sites attacked which highlighted poor security standards. The hacks were then followed up with postings of the pillaged digital dirt, acting like a global eye-opener for how very insecure companies are.

The flipside of AntiSec hackers are penetration testers, the ethical version of elite hackers who get to play like bad boys sneaking into a system. These ethical hackers pentest the security of networks or computer systems for potential vulnerabilities that could be used by malicious attackers. Some of my friends who make a living as pentesters enjoy the fact that they get to feel a bit dirty like black hats trying to break in, yet still get to be a white hat with noble intent.

How often do you mention the word 'Fed' online? There is about to be a new breed of Big Brother "watchers" and electronic surveillance on billions of online conversations before eavesdropping on the emotion behind how the 'Fed' was used. The monitoring will include identifying and reaching out to "key bloggers" and "influencers."

ZeroHedge reported the Federal Reserve Bank will soon monitor billions of conversations on social networking sites to know who mentions "Fed" as well as the sentiment in which it was used. The Federal Reserve is looking for a "Communication Group" to monitor social media platforms. The Fed expects the Watchers to be "timely and proactively aware of the reactions and opinions expressed by the general public as it relates to the Federal Reserve and its actions on a variety of subjects."

While there have been no publicly known murder by hacking insulin pumps or pacemakers cases, the lethal hack and wireless attack has been demonstrated by researchers. Most folks do not want to have surgery to replace a functioning medical implant with a replacement device even if it might be less vulnerable to "passive eavesdropping" and to attackers sending unauthorized radio commands which could reprogram the implantable medical device . . . or as in a DDoS attack to drain the pacemaker battery so boom, victim falls over dead via untraceable assassination.

MIT and University of Massachusetts researchers have developed an anti-hacking jamming device that addresses communication security to protect implantable medical devices. The wearable "shield" device can emit a jamming signal when an active attacker establishes an unauthorized wireless link between a pacemaker and a remote terminal.

After outer space was proclaimed as hackers' newest target, thunderous applause followed at the opening of Chaos Communication Camp 2011 in Finowfurt, Germany. In the next ten years, hackers want to have their own communication satellites in orbit, reported Heise Online. Nick Farr (@hackersonaplane) of Hackers on a Plane said, "We can conquer the entire galaxy, if we stop for five minutes, to behave like idiots."

The plan to conquer space was followed by former WikiLeaks Daniel Domscheit-Berg announcing four days of public testing of Open.Leak.org. Domscheit-Berg told Forbes, "We need to be sure for the people who use such a system that it can't be compromised. Whistleblowers are the ones who take the risks. And they're the ones that get screwed if something goes wrong. So it's inherently important for us to make these people as comfortable as possible." The live testing will be here.