Have you posted the notice to your Facebook timeline to proclaim your copyright ownership of all content? Have you seen others from your social network posting such a notice? If you haven’t already, don’t bother. It’s a hoax.

It’s not even a new hoax. It’s a resurgence of an old hoax that many users fell for earlier this year when Facebook became a publicly-traded company. The previous hoax implied that the change from a private company to a public one somehow changed the rules of the privacy agreement and put your posts and photos at risk unless you posted a copy and paste of a disclaimer establishing your copyright ownership.

The new one reads: “In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, paintings, writing, publications, photos and videos, etc. (as a result of the Berne Convention).”

To read this article in full or to leave a comment, please click here

Tomorrow is Thanksgiving, which means only one thing—the glorious chaos we call the Holiday Shopping Season will soon be upon us. Holiday shopping also means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident.

Intrepid shoppers will line up for Black Friday deals that have spilled over to Thanksgiving Thursday. You can now start your Black Friday shopping between the turkey feast and the pumpkin pie, before the football games are even over on Thanksgiving Day. The definition of “Friday” aside, holiday shopping will officially be underway. Black Friday will be followed by Cyber Monday, and many shoppers will turn to their mobile devices to find great deals, so it’s primetime for cybercriminals.

Rising threat of mobile scams and malware

Black Friday is generally an in-person, brick-and-mortar-store shopping experience, but competition from online retailers and Cyber Monday, combined with the explosion of connected shoppers armed with mobile devices, has changed the game. A report from iovation, a mobile device security and reputation management company, claims that online retail transactions from mobile devices have increased 300 percent over last year. Mobile transactions accounted for nearly one in ten purchases in the most recent quarter, and that number is expected to spike up for holiday shopping.

To read this article in full or to leave a comment, please click here

What does your teen do when he or she is online? Do you know? Teens in general partake in riskier online behavior than your average user, but according to a recent study from McAfee—Exploring the Digital Divide—teens in the United States are even more likely to engage in shady online activities.

The new report is a follow up to McAfee’s “The Digital Divide: How the Online Behavior or Teens Is Getting Past Parents”, released earlier this year. The original survey focused solely on the United States, but the new one expands the scope to include teens in European countries for comparison.

The results might be a bit discouraging for parents of US teens. Teens in the United States lead in almost every category of shady online behavior. Nearly a third of US teens have used the Web to intentionally surf for porn. US teens also “lead” in using mobile devices to cheat on tests, and are tied for second in using the Internet as a platform for cyber bullying—only half a percentage point behind the Netherlands. Go USA?

To read this article in full or to leave a comment, please click here

It was a shock when David Petraeus—a respected and highly-decorated Army general—abruptly stepped down from his post as the director of the CIA earlier this week. It was even more of a jolt to learn that his resignation was due to an extramarital affair. But, the real story might be the fact that the affair came to light more or less accidentally as a result of poor email and privacy practices.

First, a little background on how things went down. The affair between David Petraeus and his biographer Paula Broadwell seems like something from the Showtime series “Homeland,” or perhaps a James Bond plot line, but the events that led to the FBI investigation that uncovered the affair are a bit more “Fatal Attraction.”

Broadwell sent anonymous threatening emails to another woman she considered to be competition for Petraeus’ affection, and that woman—Jill Kelley—initiated the investigation that eventually unraveled the affair and led to the downfall of one of this generation's greatest American heroes.

I don’t want to teach anyone how to cover their illicit tracks better, or how to have a more clandestine affair, but let’s take a look at where Petraeus and Broadwell went wrong so you can understand how to cover your tracks better in general, and how to secure your email and protect your privacy online.

To read this article in full or to leave a comment, please click here

Today is the eleventh Patch Tuesday of 2012, but the first since the official launch of Windows 8 and Windows RT. There are six new security bulletins—a couple of which are particularly urgent, especially for anyone planning to do any online shopping this holiday season.

There are four security bulletins rated as Critical, one Important, and one Moderate. The Critical security bulletins address issues with Internet Explorer, Windows kernel-mode drivers, the .NET framework, and flaws in Windows shell code that can allow remote exploits.

The most crucial of the six security bulletins is the cumulative update for Internet Explorer—MS12-071. Andrew Storms, director of security operations for nCircle, declares, “Topping our ‘patch immediately’ list this month is the drive-by exploit affecting Internet Explorer 9. It’s fairly obvious that Microsoft patched this bug in IE10 before its release; otherwise, we would have a bulletin affecting both IE9 and IE10.

To read this article in full or to leave a comment, please click here

Is your browser up to date? According to the results of a new survey from Kaspersky—a security software vendor—nearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster.

The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sites—all through the browser. Attackers no this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities.

Kaspersky gathered anonymous data through its cloud-based Kaspersky Security Network. Kaspersky researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends.

• 23 percent of browsers are not current: 14.5 percent are still using the previous version, while 8.5 percent are using even older, obsolete versions.
• When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade.

The major browsers all have automatic update mechanisms in place. The easiest way to make sure your browser is current is to enable the automatic updates and let them do what they’re meant to do—keep your browser up to date without requiring you to manage the process yourself.

To read this article in full or to leave a comment, please click here

According to a new report from Bit9—a security vendor with a focus on defending against advanced persistent threats (APT)—there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. Bit9 analyzed 400,000 or so apps in Google Play, and found over 100,000 it considers to be on the shady side.

Does that mean that the sky is falling, and everyone with an Android smartphone or tablet should abandon it immediately? No. The research by Bit9 illustrates some issues with app development in general, and should raise awareness among mobile users to exercise some discretion when downloading and installing apps, but it’s not a sign of any urgent crisis affecting Android apps.

The report from Bit9 isn’t about apps that contain malware, or are even overtly malicious for that matter. Bit9 reviewed the permissions requested by the apps, and examined the security and privacy implications of granting those permissions. The reality is that many apps request permission to access sensitive content they have no actual need for.

Bit9 says that 72 percent of all Android apps in the Google Play market request access to at least one potentially risky permission. For example, 42 percent request access to GPS location data, 31 percent want access to phone number and phone call history, and 26 percent ask for permission to access personal information. Bit9 discovered 285 apps that use 25 or more system permissions.

To read this article in full or to leave a comment, please click here

Windows 8 is officially here. Microsoft held an event in New York yesterday to launch the new OS, and spent a lot of time talking about cool features and introducing a plethora of hardware options available with Windows 8. One thing Microsoft didn’t talk about much, though, is security—and the new features in Windows 8 that will keep your PC and data safe.

As with every previous iteration of the Windows operating system, Windows 8 is the most secure version yet. That really goes without saying, and amounts to little more than marketing hype. Each new version includes the security features of the previous one, but improves on them and adds new features to address potential risks missed by the predecessor. Not to suggest that Windows 8 is invulnerable, but it should be expected that it’s more secure than Windows 7, or any previous version of Windows.

So, what makes Windows 8 more secure? Perhaps the biggest security feature of Windows 8 is really not a Microsoft or Windows 8 thing at all: UEFI (Unified Extensible Firmware Interface). UEFI is an open standard used to replace the archaic BIOS typically found on PC hardware.

To read this article in full or to leave a comment, please click here

Webroot SecureAnywhere 2013 is here. The new security suite from Webroot includes a variety of updates in the areas of performance, and the overall user experience. But, the most notable feature of SecureAnywhere 2013 is that it now also protects Mac OS X.

Let’s start with a look at SecureAnywhere in general. While the overall goal of the software is the same as competing antimalware and security suites, and it seems logical to compare them, SecureAnywhere is a whole new approach. Webroot completely threw out its flagship products, and started over by building SecureAnywhere around a more proactive philosophy based off the acquisition of Prevx.

The result is protection for your PCs and mobile devices that delivers blazing performance, and has virtually no impact on system resources compared with the traditional approach of rival products. The entire install occupies a mere 750KB—with a “K”—on your hard drive. It installs in seconds, and according to metrics from Webroot, the software uses 91 percent less memory than competitors, and completes full system scans in about a minute—116 times faster than average antimalware scans.

SecureAnywhere is a comprehensive security suite that includes a built-in firewall (only in Webroot SecureAnywhere Complete 2013), identity and privacy protection, social network protection, and seven specialized security shields—three of which are new to SecureAnywhere 2013. The USB Shield blocks attacks and malware from removable drives, the Offline Shield protects the system against persistent threats even when it’s not connected to the Internet, and the Zero Day Shield identifies new or changing threats to defend against emerging attacks.

To read this article in full or to leave a comment, please click here

The past two years or so have brought a new breed of scary malware to the forefront of public attention, including the infamous Stuxnet worm that was discovered back in 2010.

Following hard on Stuxnet's proverbial heels, of course, were Duqu, Flame, Gauss, Shamoon, and Wiper, to name just a few examples.

These new threats are generally thought to be state-sponsored in many cases and developed for cyberespionage against specific targets; another factor in common is that they tend to work through Microsoft Windows.

It's long been known that Linux offers numerous security advantages over both Windows and Macs, of course, but security research firm Kaspersky Lab--which played a key role in identifying many of these frightening pieces of malware--apparently has other ideas.

To read this article in full or to leave a comment, please click here

It’s the first Thursday of October. Do you know what happens on the first Thursday of each month? Microsoft provides an advance notification of the security bulletins it plans to release on the second Tuesday of the month—more commonly known as Patch Tuesday.

Following an unusually light Patch Tuesday in September, Microsoft was forced to deal with the specter of a zero-day exploit being used in the wild to attack Internet Explorer. Microsoft responded with an out-of-band patch reflecting the urgent nature of the threat.

IT admins will be a little busier in October. According to the Microsoft Security Bulletin Advance Notification for October 2012, Microsoft has a total of seven new security bulletins slated for release next week. Six of the seven are rates merely as Important, while the seventh—a patch for a flaw affecting all supported versions of Microsoft Word—is rated as Critical for Word 2010.

To read this article in full or to leave a comment, please click here

Microsoft has published an out-of-band security bulletin—MS12-063—to address a vulnerability that is being actively exploited in attacks in the wild. In addition, Microsoft also released an update to resolve a critical flaw in Adobe Flash in Internet Explorer 10—which is the default browser in Windows 8 and Windows Server 2012.

Microsoft has responded quickly in its investigation of reports that a zero-day vulnerability in Internet Explorer is being actively exploited. Microsoft issued a security advisory with workarounds, and mitigating factors to help customers guard against attacks pending a fix. Then, it released a one-click Fix-It tool to protect customers while kicking its developers in to high gear to create a more permanent fix.

Andrew Storms, director of security operations for nCircle, praised Microsoft’s quick turnaround, but he also feels there is more on the line than just protecting customers from attacks. “Microsoft had to respond very quickly to this bug. In addition to the serious security threats it posed to their customers, Internet Explorer’s market share is at risk. Many security pundits and organizations have been telling users to switch browsers until a patch is available. I'm sure that got the attention of a lot of Microsoft executives.”

To read this article in full or to leave a comment, please click here

Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer Web browser is being actively attacked in the wild. While Microsoft works diligently to crank out a patch, it’s important for businesses and consumers to understand the threat, and the steps that can be taken to avoid compromise while you wait.

Microsoft has published a security advisory acknowledging the threat. According to Microsoft, the zero-day exploit affects Internet Explorer 7, 8, 9. Internet Explorer 10 is not impacted, but it’s not completely safe because it remains vulnerable to flaws in the embedded Adobe Flash.

The Microsoft advisory includes some tips that can be used to defend against this threat pending a patch for the underlying flaw. Microsoft recommends that customers use the Enhanced Mitigation Experience Toolkit (EMET) to implement mitigations that can prevent the zero-day exploit from working. In addition, Microsoft advises customers to set the Internet and local intranet security zone in Internet Explorer to “High” to block ActiveX controls and Active Scripting from running, or at least configure it to prompt before executing.

Andrew Storms, director of security operations for nCircle, puts the threat in perspective. “If your systems are running IE, you are at risk, but don’t panic. The reality is it’s just one more zero-day and we’ve seen an awful lot of them come and go.”

To read this article in full or to leave a comment, please click here

Adobe recently issued an update for the popular Flash Player utility to patch critical flaws that could allow an attacker to run malicious code on the target system. But, if you’re using Windows 8, the version of Flash that Microsoft has embedded in Internet Explorer 10 is still vulnerable. Good news, though—an update is forthcoming to address that problem.

Adobe responds quickly to patch identified vulnerabilities, and most Windows users are conditioned to apply security updates as they’re released, but Microsoft is responsible for updating Flash in its Web browser. Windows 8 hasn’t yet officially launched, though, and Microsoft’s initial response was that Flash would not be updated until after October 26 when Windows 8 becomes available to the general public.

I asked Microsoft about speculation that a patch is imminent. Yunsun Wee, Director of Microsoft Trustworthy Computing, replied with this statement: “In light of Adobe’s recently released security updates for its Flash Player, Microsoft is working closely with Adobe to release an update for Adobe Flash in IE10 to protect our mutual customers.”

To read this article in full or to leave a comment, please click here

The FBI is getting ready to roll out a new nationwide program to better identify criminals called the Next Generation Identification (NGI) project. The new program is expected to add biometric data to Bureau’s toolkit with iris scans, DNA analysis, voice identification, and even the ability to pick out a person’s face in a crowded street using surveillance cameras.

Theoretically, the NGI system would be able to use its mugshot database to pick out criminals in a crowd using a face-matching algorithm. The program would scan for faces in footage taken by security cameras or public images uploaded to the Internet. The algorithm would then return a number of hits for investigators to look into.

Of course, this sort of surveillance raises some obvious privacy concerns. The FBI states that it has conducted a Privacy Impact Assessment for NGI and that the program falls in line with the Privacy Act. In other words, it’s totally legal and is not considered law enforcement overreach.

To read this article in full or to leave a comment, please click here

Great news! Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys.

Let’s start with Patch Tuesday. September is a dramatic departure from previous months. Unlike the many months that have been loaded down with multiple Critical updates, or the fact that Internet Explorer has been updated monthly for the past few months, Microsoft only has two security bulletins scheduled for this month.

Of course, many IT admins are still trying to catch up from previous months, and can use the break to finish deploying the patches they already have. Then, there’s the Java patch from Oracle that probably needs urgent attention if you haven’t already implemented it.

To read this article in full or to leave a comment, please click here

A hacker collective known as AntiSec has published over a million Apple device IDs that it claims were captured from the laptop of an FBI agent. If you own an iPhone or iPad, you might be wondering what this hack means to you, and you might also be curious about why the FBI had your Apple UDID in the first place.

The information was acquired and released by the hackers as a political statement. The lengthy diatribe posted on Pastebin along with the hacked Apple ID info rants about government oppression and hypocrisy.

According to the letter from AntiSec, there were approximately 12 million Apple device IDs stored in the file on the FBI laptop. It chose to release just a portion rather than publishing all 12 million. AntiSec could have simply published the data it acquired without scrubbing it first, but the point it’s trying to make is against the government and the FBI—not the individuals whose information happened to be in the hands of the FBI.

To read this article in full or to leave a comment, please click here

DARPA, if you didn’t know, stands for Defense Advanced Research Projects Agency. It's the government body that develops ridiculous things like flying tanks and other science fiction. Next month, however, DARPA is hitting closer to home with “Plan X”, a one-day workshop designed to flesh out the U.S. government’s strategy for war in cyberspace.

Plan X is a two-pronged affair that consists of a general-access session for your standard contractors and government employees, and a secret session to map out where the US is going in the future of cyber warfare.

What will it deal with, specifically? The event won’t get into research and development of cyberweapons or vulnerability analysis. It’s geared towards defense: In the session, DARPA will focus on ways to “create revolutionary technologies for understanding, planning, and managing cyberwarfare in realtime, large-scale and dynamic network environments,” as well as how to research the nature and history of cyberwarfare. It's all to dominate the “cyber battlespace”, according to a publicly available PDF on the matter.

To read this article in full or to leave a comment, please click here

Oracle issued a patch today for Java 7. Coincidentally, Java 7 has also been the target of recent attacks thanks to a zero-day exploit. For now, though, its anyone’s guess whether or not the new Java 7 patch actually addresses the zero-day exploits, or to what extent.

First, a brief recap. A previously unknown flaw in Java was discovered, and a proof-of-concept (PoC) exploit was developed in the popular Metasploit Framework tool. Metasploit is a tool used by the good guys, but an exploit is an exploit, and the fact that the exploit PoC code was developed for Metasploit means that the exploit is now in the hands of many more would-be attackers.

Fast forward a few days, and voila! A patch. Maybe. There is definitely an update for Java 7 available from Oracle. However, it’s not yet clear what it fixes.

To read this article in full or to leave a comment, please click here

Java is under attack again. A zero-day vulnerability in Java is being actively exploited in the wild. The current attacks seem to be targeted, but security experts warn that more widespread attacks could be imminent.

Next to Adobe Reader and Adobe Flash, Java is probably one of the most ubiquitous and widely used applications. Unfortunately, it also provides attackers with plenty of holes and vulnerabilities to exploit, which makes it a popular target.

Andrew Storms, director of security operations for nCircle, is concerned that it could be a while before a patch or update is released to resolve the vulnerability and guard against these attacks. “Oracle isn’t known for releasing patches out of cycle and the next scheduled update for Java isn't until October. Part of the problem is that Java is so ubiquitous that it tends to be overlooked as a ‘small’ piece of software.”

To read this article in full or to leave a comment, please click here

There never seems to be any shortage of Android malware reports circulating in the news, and today one came out that sounds alarming indeed.

But is it really as bad as all that? Probably not. In fact, as pointed out by security-focused publication The H on Thursday, data from competing firm F-Secure paint a very different picture for the very same time period. In fact, rather than a tripling of Android malware in the second quarter, F-Secure found only a modest rise.

How to explain the difference? It's all a matter of methodology, according to The H, which calls F-Secure's approach “more sophisticated.”

To read this article in full or to leave a comment, please click here

It’s Patch Tuesday again. This month is busier than most because on top of Microsoft’s security bulletins, Adobe is also releasing updates for Reader and Acrobat.

Let’s start with Microsoft. There are nine new security bulletins for August, which resolve 26 different vulnerabilities. There are five rated as Critical—including a patch for Internet Explorer for the third consecutive month--and four Important.

Andrew Storms, director of security operations for nCircle agrees with Reguly, stressing the potential impact of MS12-053. “This one has the potential for serious impact because it is network aware and no authentication is required. If you have XP on your network, then get the mitigations for this one installed ASAP.”

To read this article in full or to leave a comment, please click here

Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data.

Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”.

Kaspersky was able to detect and identify the threat--dubbed “Gauss” because its main module is named after the German mathematician Johann Carl Friedrich Gauss—because it uses a similar architecture, module structure, code base, and methods of communication with command and control (C&C) servers as its cousin, Flame.

To read this article in full or to leave a comment, please click here

The hackers that hijacked Mat Honan’s online life, took over his Twitter account(s), and wiped out his iPhone, iPad, MacBook, and Google accounts in one fell swoop showed some perseverance in achieving that goal. Not all attackers are quite that determined, but the hack still demonstrates some serious flaws in Apple’s iCloud and the iCloud security model.

My iPhone, iPad, and MacBook Air are all synced through Apple’s iCloud--just like Mat Honan. I appreciate the convenience and simplicity of the fact that I can add a contact on my iPad, and it will automatically sync to the other two devices. I can take a picture with my iPhone, and the photo will be available from the iPhone and MacBook as well. It just works.

The first potential problem with the automatic syncing is that someone with possession of my iPhone or iPad could wreak havoc. If someone starts deleting contacts, calendar events, or other synced information, those changes should be automatically synced across to the other devices which would mean losing the information on all of them because it “just works”.

To read this article in full or to leave a comment, please click here

The Internet is abuzz this weekend as a result of the Gizmodo Twitter account getting hijacked. That incident was traced back to the hack of an Apple iCloud account--allegedly accomplished through social engineering.

A Forbes.com story from Adrian Kingsley-Hughes explains that a former contributor for Gizmodo, Mat Honan, was the original victim of the attack. Hackers were able to access Honan’s iCloud account, and remotely wipe his iPhone, iPad, and MacBook. The original theory was that the hackers used a brute force attack to crack Honan’s iCloud password, but further investigation revealed that social engineering was used to convince Apple the attackers were Honan, and Apple gave them the keys to walk right in.

Why? Well, I have my own story of Apple woe--and it’s the exact opposite experience. I somehow lost access to my own email address for use on iTunes, iCloud, and other Apple services, and it took months of fighting with Apple Support to finally get to the bottom of things and get into my own account. I couldn’t get Apple Support to give me access to my own account, never mind someone else’s.

To read this article in full or to leave a comment, please click here

The nation’s critical infrastructure is at risk--a well-executed cyber attack could have a potentially devastating effect. Congress is trying to patch some of the holes with legislation, but a recent survey found that most security experts have little faith that government regulation can do the trick.

Sensational attacks against the critical infrastructure make for great stories in books like Zero Day: A Novel by respected security expert Mark Russinovich, or perhaps something from Dan Brown. But, many security experts believe that we are in very real danger of such attacks moving from fiction to reality, and that we are woefully unprepared to defend against, or respond to them.

Natural gas, electricity, drinking water, nuclear facilities, roads and highways, air traffic, railroads, and the Internet itself can all be classified as being part of our critical infrastructure.

To read this article in full or to leave a comment, please click here

The best cybersecurity measures in the world are useless if a thief breaks into your office and makes off with your computers.

You won’t lose any digital data if you’ve followed our advice to back up your computers to secure, offsite locations; but if your business is like most operations, it isn't entirely digital. You have paper records, including sensitive personal information about your employees.

Your business also depends on physical assets—computers, displays, servers, fax machines, and everything that goes with them—that you will need to replace if someone steals them or destroys them. Can you afford that kind of disruption?

To read this article in full or to leave a comment, please click here

A new Mac malware threat has been discovered. The OSX/Crisis Trojan is an insidious clever threat. Mac users should take steps to defend against this new malware, and proactively defend against future threats while they’re at it.

OSX/Crisis is uniquely sneaky. First of all, the malware is cross-platform. It identifies the operating system, and executes different instructions depending on whether the target is a Windows or Mac OS X system. The malware is capable of infecting OS X 10.6 “Snow Leopard” and OS X 10.7 “Lion” systems without requiring a password, or any user intervention.

Once it infiltrates the system, it exhibits different behavior depending on whether or not it has Admin level privileges on the target. OSX/Crisis is exceptional in its ability to adapt on the fly to attack a broader range of targets.

Curtis Fechner, Webroot threat research analyst, explained, “We've been looking at this and it's quite complex, as well as fascinating. I think the most important opinion we've formed is that we see more threats for the Mac platform like this one on the horizon.”

To read this article in full or to leave a comment, please click here

Microsoft announced a new version of its EMET (Enhanced Mitigation Experience Toolkit) software at the Blackhat conference in Las Vegas. What’s unique about the EMET 3.5 Technology Preview is that it includes new defenses inspired by one of Microsoft’s BlueHat Prize finalists.

EMET is a free utility from Microsoft that adds an extra layer of defense to prevent vulnerabilities from being successfully exploited. The software is a collection of tools and mitigation techniques that can be applied to protect against attacks.

“In less than three months, we successfully integrated one of the BlueHat Prize finalists’ technologies with EMET 3.5 Technology Preview to help make software significantly more resistant to exploitation,” said Mike Reavey, senior director of the Microsoft Security Response Center at Microsoft in a press release.

To read this article in full or to leave a comment, please click here

According to sources with access to the developer beta of iOS 6, the next version of Apple’s mobile operating system will allow users to download and install free apps without requiring a password. If Apple doesn’t fix that before iOS 6 is officially launched, it will significantly impair the security of iOS devices.

iOS has established a reputation as the more secure mobile platform. The walled garden of the Apple App Store, and the scrutiny apps must go through before they’re available provide additional layers of defense lacking in other mobile operating systems.

Andrew Storms, director of security operations for nCircle, does not approve. “The decision to remove password authentication from free app downloads is just another example of Apple making consumers responsible for their own security, and that’s always risky at best.”

To read this article in full or to leave a comment, please click here