One of the nice things about traveling is staying in a hotel—assuming you pick the right hotel. You get a nice comfy bed, perhaps some free breakfast in the morning, and people to come in and tidy up everyday. One thing you probably don’t expect, though, and wouldn’t appreciate, is having an unauthorized visitor enter your room while you’re not there.
Well, depending on what type of key system is used at the hotel you’re staying in, it might be possible for someone with a “dry erase marker” to bypass the door key system and walk right in. No, you can’t circumvent hotel door security with an actual dry erase marker, but security researchers recently demonstrated a tool disguised as a dry erase marker, which can be used to access some hotel door locks.
Imagine that your smartphone is lost, or your tablet is stolen. Aside from the cost of the device itself, what else is at risk? How much sensitive personal data do you have stored on your smartphone or tablet?
Of course you have sensitive information stored on your mobile device. One of the primary benefits of carrying the mobile device in the first place is to have that information at your fingertips. That isn’t the real issue, though. The $37,000 question is, “What protection do you have in place to ensure unauthorized users can’t gain access to your sensitive information?”
Everything you never wanted to know about your vulnerability to identity theft can be found on the first page of search results for “Facebook hack.” If you’re like most people, you probably don’t like to think about the many times a day your personal and financial data are exposed to risk over mobile devices, even as you erect firewalls and scan for viruses on your laptop. Something about the ease of using a smart phone allows us to momentarily brush aside the risks of accessing social media on an unsecured device.
Best case scenario, social media already invites opportunistic hacking; mobile social networking is just adding insult to injury for your data security. Fortunately, there is now easy-to-use security software for all your mobile devices—tablets, thumb drives, and smart phones. With a little diligence and some well-informed caution, you can nearly eliminate your risk of being hacked, stalked, phished, or otherwise made to regret you ever heard of the Internet.
Pop quiz: What has a dual or quad core processor, gigabytes of potentially sensitive data, and very fast Internet connectivity? The default answer is “a PC.” But, if you responded with “smartphone” or “tablet” you would also be correct—and that blurred distinction is not lost on cyber criminals.
The big difference between traditional PCs and mobile devices is that PCs are almost universally equipped with firewall protection and some sort of antimalware defense to guard against attacks, while mobile devices are often left defenseless. Users are conditioned to the constant threat of attack on PCs, but many fail to realize that a smartphone or tablet is just a smaller, more portable computer.
The bad guys realize it, though. Smartphones and tablets typically have 16GB or more of storage space. They have personal information like addresses, phone numbers, and birth dates. They are seamlessly integrated with email accounts, and social networks. They have apps tied in to banks and retailers. Smartphones and tablets are a potential goldmine of sensitive information.
Your PC is locked down with a strong, complex password when not in use, and your mobile devices are secured with a passcode. You have a cross-device security tool in place on your PCs and mobile devices to block unwanted traffic, prevent compromise from malware attacks, and protect your sensitive data. Even with the best of the best security measures in place, though, there’s still an Achilles heel that trumps it all—you.
Think of it like your house. You can have bars on the windows, and industrial-strength
Adobe announced plans to revoke one of its code-signing certificates after it was compromised and used to make malicious attacks appear to be legitimate Adobe tools. The question businesses and consumers need to ask themselves is what impact this might have on them, or what needs to be done to avoid attacks using the compromised certificate.
Adobe announced plans to revoke the effected code-signing certificate effective next Thursday—October 4, 2012. In a blog post explaining the action, Adobe stated that customers should not notice any adverse consequences as a result of the revocation process.
Adobe claims that the impact so far seems to be limited to the discovery of two malicious utilities signed using the compromised Adobe certificate. The blog post states that Adobe is not aware of widespread malware attacks using the certificate. Adobe also states that its investigation so far shows no evidence of any other sensitive information—like customer data, financial information, or Adobe source code—has been compromised.
Do you have a shiny new Samsung Galaxy S III smartphone? Does it contain precious information like contacts, calendar events, music, or photos that you don’t have backed up somewhere else? If so, you might want to avoid visiting any websites until you get the latest update from Samsung.
A security researcher revealed a little trick last week that puts Samsung Galaxy S III data at risk. Embedding a simple 11-digit string of characters and symbols in a Web page is enough to cause a Galaxy S III smartphone that visits the website to trigger a full factory reset of the device. All contacts, photographs, music, apps, and any other data will be erased.
The Samsung Galaxy S III runs on Android, but apparently the issue is unique to Samsung’s TouchWiz interface that it overlays on the core Android OS. According to a report from The Verge, other Samsung smartphones that use the TouchWiz UI—like the Galaxy SII or the Galaxy S—are also at risk.