Mobile Apps Fail Big Time at Security, Study Says

A study from digital security company viaForensics paints a stark picture of the vulnerability of smartphone user data. viaForensics evaluated 100 popular consumer apps running on Android and iOS, and found that 76 percent store usernames, while 10 percent store passwords as plain text. Those 10 percent included popular sites such as LinkedIn, Skype, and Hushmail.

And while only 10 percent of applications store both username and passwords as plain text, leaving them vulnerable to hacks, even the 76 percent who store only usernames that way are vulnerable.

"Many systems require only username and password, so having the username means that 50 percent of the puzzle is solved," said the report. It also noted that because many users tend to reuse user names, if someone unsavory gets that information, it can have reverberating effects. Your Facebook details could eventually lead to your credit card info, for instance.

Read more »

1

Defcon for Kids Raising a New Generation of 'Hackers'

At the Defcon conference in Las Vegas last week, kids aged 8 to 16 were exposed to the world of hacking. Some may fear indoctrinating a new generation of Anonymous and LulzSec members, but young minds can expand the horizons of technology and computer security to effectively combat hacking collectives such as these.

The kids track spanned two days, and attendees witnessed presentations and listened to lectures from a range of security experts, including officials from the Department of Homeland Security and the NSA (National Security Agency). Kids were encouraged to think outside the box to be able to identify security flaws in the computer and gaming platforms they use every day.

Defcon introduced a new track for kids age 8 to 16.
Roughly 60 kids took part in the first ever kids track at the annual Defcon conference. The children weren't just sent off to learn about the dark side in Las Vegas on their own, though--they had to be accompanied by a parent.

Read more »

3

Android Users Least Prepared for Rise in Mobile Malware

An explosion in mobile malware in the first half of 2011 has exponentially increased the chance of an Android device getting infected, according to one study. Unfortunately for Android users, another study shows that they are the least aware of security concerns and least prepared to protect their smartphone or tablet from malware.

Can your Android device get compromised by malware? Nearly a third of Android respondents to the Retrevo.com Gadgetology Report survey were unsure. Actually, it was 27 percent, which is lower than the number of iPhone users (30 percent) that didn't know if malware is possible. However, Android lags iPhone (32 percent compared to 36 percent for the iPhone) when it comes to being aware that there is a malware threat.

Android warning
Android seems most at risk and least prepared for malware attacks.
Four out of ten Android users responded that they have not done anything to prevent someone from misusing the data on their smartphone. Combine that with the fact that less than half of Android users lock their device with a password and that only two out of ten have any other security measures in place, and you have a recipe for a successful mobile malware attack.

Read more »

7

Experts Disagree on Android Call Recording 'Trojan'

According to some headlines, the sky is falling on Android. No, I am not referring to the headlines predicting that the iPhone 5 will double Apple's smartphone market share and leave Android in its dust. I am referring to reports that a new Trojan has infiltrated the Android ecosystem. Some experts, however, suggest this may not be malware, but simply an app working as intended.

A CA blog describes Android malware capable of recording entire phone calls. It also logs call and text activity, and possibly GPS location data. It sounds insidious if you are unaware that the activity is taking place. It also sounds a lot like perfectly legitimate apps like eBlaster Mobile.

Mobile malware
Mobile malware is a growing threat, but this may not be an example of it.
So, is this app a malicious Trojan intent on tracking your Android activity, or is it just an app that tracks Android activity?

Read more »

1

Ten Best Practices to Prevent Data and Privacy Breaches

The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.

The Web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of ten different data and privacy breach scenarios, along with suggestions and best practices to avoid them.

1. Data Breach Resulting From Poor Networking Choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default.

6. Bank Fraud Due To Gap in Protection or Monitoring. Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.

Hacking Warning
SMBs may not have IT departments or security admins, but that doesn't mean they can't be secure.
7. Poor E-mailing Standards. Many businesses use email as if it is a secure means of communicating sensitive or confidential information. The reality is pretty much the exact opposite. Emails are available to a number of people other than the recipient, and there is generally ample opportunity for email communications to be intercepted in transit. It's more appropriate to treat emails as postcards, rather than sealed letters.

8. Failing to Choose a Secure Password. Use secure passwords. Please. In fact, many security experts are recommending the use of a pass phrase, rather than a password. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like "friday blue jeans" can be typed far quicker than a complicated password, and it doesn't need to be written down on a scrap of paper stuck to a monitor to remember it.

Read more »

1

Patch Tuesday Fixes Critical Bluetooth Flaw in Windows 7

Patch Tuesday has arrived. As expected, Microsoft released a relatively small number of patches for July, but that is no reason for IT admins to let their guard down--especially when one of the patches is a Critical update for Windows 7 and Windows Vista.

There are three security bulletins rated as Important that impact Windows and Microsoft Office. One is related to Microsoft Visio, one is connected to the client / server runtime subsystem, and the third has to do with kernel-mode drivers. But, the security bulletin that is hogging the attention this month is MS11-053.

If your Windows 7 or Windows Vista PC has Bluetooth enabled, it is at serious risk.
According to Microsoft, the critical flaw lays in the Windows Bluetooth Stack--the driver that enables Windows to connect with Bluetooth devices. An attacker may be able to remotely compromise and gain full access to a vulnerable system via its Bluetooth networking. Microsoft also points out, though, that this vulnerability only affects systems with Bluetooth capability.

Read more »

1