Archive for RB

| February 23, 2011
Comments Off on The Value of Stolen Credentials

The Value of Stolen Credentials

The Value of Stolen CredentialsThe evolution of Web 2.0 services and the parallel world of cybercrime is driving up the value of stolen credentials. That is the price that criminals charge each other for stolen user login information. The price of a file of user credentials, aka a `dump’ depends on the Internet service(s) where they can be used, Amichai Shulman, CTO of Imperva told Help Net Security.

Impeva logoImperva CTO Shulman told Net Security, “Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters … there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application and the popularity of the account in question.”

The value of stolen credentials

This is illustrated by the ‘going rate’ of $1.50 for a Hotmail account, and $80.00-plus for a Gmail account. As a service, Hotmail has fallen out of favor, while Gmail’s all-around flexibility means it is a central service for business users, Mr. Shulman said. The result is that Gmail credentials can also give access to a range of Google cloud services. The vulnerable services including Google Docs and Adword accounts. Mr. Shulman explained that Google Docs can contain valuable additional information on the legitimate owner. Furthermore, an Adwords account can allow criminals to manipulate existing and trusted search engine results.

Twittter logoIt is a similar story with Twitter accounts. The added dimension of the immediacy of a social networking connection said, Mr. Shulman. “Twitter accounts are valuable to criminals that they will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,” he said. This happens because users are reusing passwords on other sites Some of those other sites turn out to have not been secure.

That’s the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there’s a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you’re lucky, you’ll notice something’s amiss. Twitter advised that people are continuing to use the same email address and password (or a variant) on multiple sites. We strongly suggest that you use different passwords for each service you sign up for.

Stolen online banking credentials

In a related article, Trusteer reports that most online banking customers reuse their login credentials on non-financial websites. Trusteer found that 73% of bank customers use their banking account passwords to access much less secure websites. They also found that 47% use both their online banking user ID and password to log in elsewhere on the Internet.

Cybercriminals are exploiting the widespread reuse of online banking credentials. These criminals have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.

The report’s key findings include:

  • 73% of users share the passwords which they use for online banking, with at least one nonfinancial website.
  • 47% of users share both their user ID and password with at least one nonfinancial website.
  • When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites.
  • When a bank chooses the user ID for its customers, 42% use the bank-issued user ID with at least one other website.

Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites.

If this isn’t a wake-up call to anyone with multiple IDs that use the same password, I don’t know what is. Internet users – especially those with business accounts – need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,” Shulman told Help Net Security.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , ,
| February 21, 2011
Comments Off on Apple Disrupts Mobile PC Market

Apple Disrupts Mobile PC Market

Apple Disrupts Mobile PC MarketApple is riding a wave of success now and is disrupting the mobile PC market for its competition. KPCB says that social networking will drive the mobile PC market for the rest of this decade. Facebook has 662 million users and Twitter has 253 million users which will continue to grow. TechEYE points out that mobile products now have more processing power, improved user interfaces, and lower prices meaning that there are now ten times more mobile devices globally than a decade ago.

social networking and mobile devicesTechEYE says that the link between social networking and mobile devices can be seen clearly in the Japanese market where a general rise in access to social networking sites has increased, while the number of people accessing them from a traditional PC has steadily decreased – 85 percent of users accessing sites from mobile devices in the last quarter of 2010.

Surging iPad shipments have propelled Apple (AAPL) to a 17.2% share of the global mobile PC market. ITnewsLink reports that this puts Apple at the top of the Q4’10 DisplaySearch market share ranking of worldwide mobile PC shipments. The preliminary results from the Quarterly Mobile PC Shipment and Forecast Report says Apple shipped more than 10.2 million notebook and tablet PCs combined. This was nearly a million more units than HP in Q4’10. ITnewsLink quotes Richard Shim, Senior Analyst at DisplaySearch on Apple’s success.

“While we anticipate increased competition in the tablet PC market later this year with the introduction of Android Honeycomb-based tablets, Apple’s iPad business is complementing a notebook line whose shipments widely exceed the industry average growth rate. Apple is currently benefiting from significant and comprehensive growth from both sectors of the mobile PC spectrum, notebooks and tablet PCs. Cannibalization seems limited at this point.”

Apple ComputersThe top five brands in the mobile PC market Q4’10 are:

  1. Apple
  2. HP (HPQ)
  3. Acer (2353)
  4. Dell (DELL)
  5. Toshiba (TOSBF)

The top five brands accounted for 65.4% of the total mobile PC market. In Q4’10, worldwide mobile PC shipments (including tablet PCs) reached 59.6 million units according to DisplaySearch.

The drive to keep up with the Jobs’s will cause supply chain disruptions for Apple’s mobile PC competition TechEYE says. DigiTimes reports that supplies of notebook components are running short, including CMOS image sensors, chassis, batteries, and LED’s. TechEYE sources report that touchpads are suffering the most serious shortage as a result of Apple hogging the supply from manufacturers such as Wintek and TPK. Reports are that Apple has reserved 60% of global touchpad production capacity. RIM (RIMM), Motorola (MMI), HP. HTC, Samsung, LG, and Dell now all have to fight it out for the remaining 40% of touchpads.

TechEYE predicts that panels will be like gold dust. Bob Raikes, Managing Director at Meko, The European Display Market Research specialist, told TechEye, “Touch technology also tended to limit the visual quality of the display …  Then Apple’s iPhone started to use projected capacitive touch technology. which didn’t degrade the image and allowed a new level of user experience.”

In the last year, there has been a huge swing to use projected capacitive technology in high volume portable devices, and the supply chain has struggled to catch up.  Chunghwa Picture Tubes is teaming up with Compal, one of the biggest manufacturers of laptops for multinationals, to piece together a business in touch panel glass. Compal recognizes that tablets are here to drain the world of its glass supplies and wants to capitalize.

rb-

Looks like Steve Jobs is at it again. In the past, Apple bought up flash memory stores to secure an advantage for their iPod  MP3 players. You have to imagine that the rest of the tablet field is none too pleased with Apple’s tactics.

What do you think?

Do you use a tablet?

View Results

Loading ... Loading ...

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| February 20, 2011
Comments Off on The Demise of Twitter

The Demise of Twitter

The Demise of TwitterThe troubles with Twitter starter long ago.  UK-based researcher Conquest released a report on social media habits of 16-24-year-olds. The online research conducted during January 2011, documents Facebook’s domination of social media and YouTube’s close second place. The Conquest research says that Facebook is the principal means of social and commercial engagement for 16-24-year-old market. FB out-ranks telephone, email and even going out.

FacebookProject Chatter” also found that regular Facebook users (91% of the sample) check their accounts over six times a day. 30% are on the site for over an hour a time. Meanwhile, YouTube is the major conduit for music browsing, consumption, and sharing in this age group. In contrast, 56% of Tweeters claim their activity is dwindling with an average site visit lasting five minutes.

Social media activities

Conquest says that social media for this age group has become the central means of staying up to date and engaging with peers, showcasing oneself, ‘chatting’, ‘liking’, consuming music, videos, and TV, following celebrities, and brands, etc. This group tends to rely on social media to message contacts, increasingly shunning email and telephone. Conquest also spotted a disturbing trend with a significant 20% preferring to meet online than in person.

YouTubeThe dominant site for browsing videos and discovering and sharing music and videos is YouTube. Conquest sees Twitter usage declining among  16-24-year-olds in the future – 20% anticipate using the micro-network less in the next year. 20% of Twitter users told the pollsters that they expected to use the micro-blogging site less in the next 12 months. Facebook users reported a lower expected drop-off rate of 13% after  12 months.

In addition, out of the 42% of the 16-24 years olds interviewed who had used Twitter. More than half (56%) said they used it a little, or a lot less often, or never made active use of the site after visiting it. In an interview with Contagious David Penn, Conquest’s marketing director said:

‘Facebook is used for writing on walls, sharing photos, checking what friends are doing and keeping in contact. It is the most social site of the lot, whereas Twitter is often used for following celebrities and is not really social in that sense. It is almost more of a broadcast medium than an interactive and social one.’

Mr. Penn told Brand Republic that Twitter has peaked among the younger demographic and warned it “may undergo a gradual decline echoing the fate of Myspace and Bebo in internet Siberia”.

rb-

Declining usage by 16-24-year-olds and 60% of users dropping off after the first month doesn’t seem like a good way to support a Wall Street $10 Billion dollar valuation on Twitter. I agree with the Conquest study that Twitter is the least social of the social media’s. I am on Twitter because others are on it, not because there is anything exciting for me.

Twitter has not done its IPO yet, maybe they know there is a problem with their business model. If their IPO flops will that be the start of dot.Bomb 2.0?

What do you think?

Is Twitter destined for “Internet Siberia”?

Will a failed social media IPO cause another Dot.Bomb?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , ,
| February 19, 2011
Comments Off on Hackers Can Target Cars

Hackers Can Target Cars

Hackers Can Target CarsWired reports that over 100 drivers in Austin, TX found their cars disabled or the horns honking out of control. This happened after an intruder ran amok in a web-based vehicle-immobilization system called Webtech Plus (PDF). Webtech Plus is normally used to get the attention of consumers delinquent in their auto payments. The app is operated by Cleveland-based Pay Technologies system. It allows car dealers to install a black box in the vehicle that responds to commands issued through a central website and relayed over a wireless pager network.

How he got in

Austin police claim the perpetrator was Omar Ramos-Lopez, a former Texas Auto Center employee who was laid-off. The hacker allegedly sought revenge by bricking the cars sold from the Austin-area dealership. Reportedly Mr. Ramos-Lopez’s account was closed when he was terminated but he allegedly got in through another employee’s account. At first, the intruder targeted specific customers. The attacker later moved to access the database of all 1,100 customers whose cars were equipped with the device. It is charged that he went through the database, vandalizing the records, disabling the cars, and setting off the horns.

Cars are targets

The Webtech attack was an external attack but Bob Brammer, CTO, and VP at Northrop Grumman Information Systems (NOC)  told GovInfo Security that cars themselves are likely to become targets. Mr. Brammer points out that most cars contain 50 to 100 or more tiny computers. The computers are controlled by over 100 megabytes of code that control the accelerator, brakes, displays, steering, etc. All of these systems can be accessed through a diagnostic port that serves as the vehicles’ USB port. Mr. Brammer cites a study published in an IEEE journal. “It’s possible to take over a car, controlling the brakes, the accelerator, the steering wheel, despite whatever the driver might want to do. Our automobiles are highly vulnerable from a cybersecurity view.

The paper, Experimental Security Analysis of a Modern Automobile, (PDF) says the potential attack window could widen as more automakers offer vehicle-to-vehicle and vehicle-to-infrastructure communications networks to third-party development, “An attacker who is able to infiltrate almost any electronic control unit can leverage this ability to completely circumvent a broad array of safety-critical systems.”  GigaOm cites data from iSuppli that Wi-Fi in automobiles will be integrated into 7.2 million cars by 2017.

The researchers said they took control of a number of the car’s functions and the driver could do nothing about it. They bypassed basic network security protections within the car. They then embedded malicious code in the telematics unit to erase evidence of the hack’s presence after a crash.

More theoretical than practical

I luv your PCMr. Brammer, for now, sees the threat to cars as more theoretical than practical. But he says it demonstrates that we must think about cyber-security more broadly than we have in the past. “As the trend is to put more IT into everything that we do – whether it’s cars, airplanes, power grids, water supplies, whatever – we have to think about the security aspects of the design. These systems, within reason, have to be able to withstand certain types of attempts to attack or exploit them. That’s a terrible thing have to say, but I think that’s the way world is these day.”

Wi-Fi can give attackers an entry point into critical systems. Professor Stefan Savage of the University of California, San Diego told Technology Review. “In a lot of car architectures, all the computers are interconnected, so that having taken over one component, there’s a substantive risk that you could take over all the rest of them. Once you’re in, you’re in.” This could lead to brakes failing or the steering wheel seizing on scores if not hundreds of cars simultaneously, causing catastrophic crashes.

rb-

Cars have become more computerized. They are linked through Wi-Fi and 3G networks making our daily transportation vulnerable to hackers and cyber-attacks. Cyber-terrorists could target cars to begin the chain of events leading to a Hollywood-style disaster. Hopefully, the Auto manufacturers are going to tighten up the security of our cars. They will delay improving security if safety belts and airbags are examples.

Will the auto industry tighten the security onboard cars?

Will the government have to step in?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , ,
| February 16, 2011
Comments Off on Big Blue Wants to Patent Patent Trolling

Big Blue Wants to Patent Patent Trolling

Big Blue Wants to Patent Patent TrollingConceivably Tech reports that IBM (IBM) has filed a patent application with the US Patent and Trademark Office (USPTO) to automates the management of intellectual property. The system that would manage Big Blue’s intellectual property (and others who could afford IBM’s costs) comes with a “defend” module to formulate a strategy in the case of patent infringement.

IBM logo TechEye says that Big Blue’s patent is designed to automate the patent process from beginning to end including suing other companies that the computer believes are infringing on a copyright. The patent components are divided into a “direct” part, which includes the overall strategy such as R&D, portfolio, filing, budgeting, and forecasting. “Control” covers factors such as market alignment, invention evaluation, IP valuation, and inventor training. “Execute” includes trade secret protection, trademark creation, IP landscaping, technology monitoring, and competitive intelligence. Conceivably Tech quotes the “defend”, “influence” and capitalize modules of the application:

“defending against infringements and invalidations of said IP rights based on said business strategies and monitoring market and competitor actions to develop risk management plans; an influence computer module including a standards influencing unit, a legal and regulatory influencing unit, and a policy influencing unit; and capitalize computer module for identifying potential licensees and potential assignees of said IP rights, and managing licensing negotiations, cross-licensing negotiations, and assignment negotiations based on said business strategies.”

TechEye points out the irony of how the software was created. They point out that an IBMer collected all the experience IBM gained from filing more than 100 patents every week and put the data into a chart. From there Big Blue decided that given the way the IP world is shaping up these days, they should patent IP themselves. Thus IBM has patented the patent process. What they came up with is:

TechEye concludes that IBM’s patent application is really an automated troll. They conclude that if the patent office approves this, then it means that every time you patent something you have to give IBM a fee to see if you did it differently from Big Blue’s process. Otherwise, its software might send you a subpoena.

rb-

This must seem like a god-send to organizations whose business model has de-evolved into patent trolling. Some of these cases I have written about are the CSIRO Wi-Fi patent activities, all the craziness in the smartphone market, and MSFT co-founder Paul Allen’s attempts to sue most of the web.

Gotta give it to IBM, its like TechEye says, “If you can’t beat the trolls, patent the process that creates them.”

Do you believe the U.S. Patent Office is still useful?

Does IBM deserve to collect a tax from every innovator?

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »