Tag Archive for AAPL

| May 26, 2015
Comments Off on Mobile Malware FUD?

Mobile Malware FUD?

Mobile Malware FUD?Just last week, I wondered out loud from my Bach Seat if all the hype around mobile malware was real or just more FUD. Looks like I am not alone, TechCo recently asked a similar question, “Are We Overstating the Threats from Mobile Devices?

mobile threatsThe author cites several recent reports that back up the claim that the actual mobile threats that mobile devices introduce into the enterprise are overstated. The data indicates that the mobile malware threat is statistically small and has even decreased since 2012.

• A McAfee report shows out of all the malware now out there, only 1.9% of it is mobile malware. The author equates the mobile threat to 4 million / 195 million McAfee knows about.
• Another report (PDF) from Verizon (VZ) shows even lower numbers, with only 0.03 percent of smartphones being infected with what is called “higher grade malicious code.”
hit by lighting• But some numbers go even lower than that. Damballa, a mobile security vendor that monitors roughly half of mobile data traffic, recently released a report that claims you have a better chance of getting hit by lightning than by mobile malware. Dramballa found only 9,688 smartphones out of more than 150 million showed signs of malware infection. If you do the math, that comes out to an infection rate of 0.0064 percent.

Even more interesting is that despite the increase in mobile devices, Damballa found the infection rate had declined by half compared to 2012.

Walled gardenThese reports may show mobile threats aren’t as big of a problem as previously thought, but the author asks, why the numbers are so low at all. After all, cybercriminals like to target new platforms and exploit security weaknesses. Why do they seem to be avoiding mobile devices?

The truth of the matter is that mobile users tend to get their apps from high-quality app stores. The stores from Google (GOOG) and Apple (AAPL) work to filter out suspicious apps. If malware is found in apps after they’ve already been on the market for a while, app stores can also execute a kill switch, which takes the app off the store and the devices where they were downloaded. This limits malware’s ability to spread.

remotely wipe devicesThe article concludes that companies that adopt BYOD should just ignore BYOD security; they just don’t have to go all-out as many businesses have done. Most mobile security experts say a mobile device management system remains a good investment to make sure mobile devices are handled appropriately. MDM systems also allow an organization to remotely wipe devices, thus keeping sensitive data safe in the event a device is lost or stolen. But malware really isn’t a factor in those cases, so the overall message from these recent reports is that getting worked up over mobile threats is not necessary. A company can still gain all the benefits of BYOD without having to worry incessantly over what they’re doing to protect every device that connects to their network.

rb-

What do you think?

Is mobile malware over-hyped FUD?

View Results

Loading ... Loading ...

 

Related articles
  • Your BYOD implementation checklist (powermore.dell.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , ,
| May 5, 2015
Comments Off on iPads Stalled

iPads Stalled

iPads StalledReaders of Bach Seat know that I have been a skeptic of the iPads role as the leader of the “post-PC” era. The Verge looks back nostalgically to 2010 when Apple (AAPL) first introduced the iPad. Steve Jobs heralded the iPad as a “magical and revolutionary iDevice.” It was predicted to play a part in the “post-PC” era of devices. In the subsequent years since the launch of the iPad, many have debated whether the laptop is dead and the PC era over. That hasn’t quite happened yet.

Post-PC era?

Apple now earns more money from Macs than iPadsThe latest financial figures from Apple seem to have gotten this “post-pc” epoch upside-down. Apple now earns more money from Macs than it does from iPads. According to The Verge, Apple made $5.6 billion in revenue from its Mac sales in the most recent quarter and $5.4 billion in iPad revenue. The surprise revenue turnaround casts some doubt on Apple’s “post-PC revolution.” Apple’s iPad sales have been decreasing consistently in recent quarters. Apple doesn’t have an answer to counter the trend.

Tim CookRumors of an iPad Pro with a stylus have surfaced over the past year. Sadly, Apple has only chosen to refresh its line with very few improvements. The decrease in iPad sales is likely related to several factors. Consumers not refreshing tablets as much. The lack of big improvements to the iPad. Smartphones are still revolutionizing the industry more than tablets.

Macs out-selling iPads

Apple CEO Tim Cook famously rejoiced at iPad sales beating rival manufacturer’s PC sales, at the peak of iPad popularity. It’s no longer beating Apple’s own PC sales revenue. Without a major change to the iPad, this could be a trend that continues.

BI - iPad SalesApple is seeing impressive growth on the Mac side. A 10 percent increase year-over-year in Mac sales has helped push revenues past the iPad level, and Apple has been consistently bucking the trend of a PC market in decline.  As for CEO Cook, he still believes in the iPad. “It is what it is. It will play out, and at some point, it will stabilize,” Cook told analysts when asked about the lackluster iPad sales. “I am not sure precisely when, but I’m pretty confident it will.”

Broken iPadsCEO Cooks’s confidence may be misplaced. As far back as March 2015 people were saying the iPad had no clothes. The Business Insider pointed out that sales of the iPad hit a wall. They cite Credit Suisse analyst Kulbinder Garcha who believes and has the data to prove it that phablets are eating the iPad for lunch.

phablets are eating the iPad for lunch.

rb-

Credit Suisse’s Garcha is right when he speculates why would you buy an iPad when you can buy a big phone that does everything the tablet does, and more?

Related articles
  • Unreleased Apple iPad Prototype Stolen In Kidnapping (valuewalk.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , ,
| April 23, 2015
Comments Off on iPad Deal Haunts LAUSD

iPad Deal Haunts LAUSD

iPad Deal Haunts LAUSDReaders of Bach Seat should remember the botched $1.3 Billion iPad deal the USA’s second-largest school district made with Apple (AAPL). rb- I covered the massive failure here and here. Well, it seems that buyer remorse has finally set in.

The LA Times is reporting that the Los Angeles Unified School District is now demanding a multi-million dollar refund from Apple or they may sue their former partner. In a letter obtained by LA public radio KPCC, to Apple’s general counsel, David Holmquist, LAUSD attorney wrote,

While Apple and Pearson promised a state-of-the-art technological solution for ITI  implementation, they have yet to deliver it …  the vast majority of students are still unable to access the Pearson curriculum on iPads … will not accept or compensate Apple for new deliveries of [Pearson] curriculum.

Others have called this deal an incompetent, unconscionable betrayal of LA by people who are so ignorant about technology it’s scary to imagine them responsible for anyone’s education.

Margot Douaihy documents the shameful history, which has included firings, resignations, an FBI investigation, an SEC investigation, and the $22 million “d’oh” moment when district officials realized for the very first time that iPads don’t come with keyboards.

incompetent, unconscionable betrayalThe LA Times also reports that a top lieutenant of former LAUSD Supt. John Deasy and architect of the district’s flawed and now-abandoned $1.3 billion iPads-for-all and new online student records system is now taking the helm of the Burbank school district at $241,000 a year. Why?—because Burbank BoE believes they need someone with business savvy to sort out their technology.

rb-

If it walks like a duck and quacks like a duck while the FBI and SEC are investigating, it is probably a politician.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , ,
| April 21, 2015
Comments Off on EDU- The Most Bot-Infested Sector

EDU- The Most Bot-Infested Sector

EDU- The Most Bot-Infested SectorDarkReading confirms, what I have pointed out to Bach Seat readers for a while, education people are terrible at IT security. The latest evidence comes from a BitSight report which concludes that the more bots in-house, the more a company is likely to have reported a data breach. The report finds that the education sector harbors the most botnet infections, according to a new study. The study highlights how bot infections correlate with a higher rate of data breaches.

education sector harbor the most botnet infectionsThe DarkReading article says BitSight, a security ratings firm, studied public breach disclosure data between March 2014 and March 2015 across the finance, retail, healthcare, utilities, and education industries. The study concluded that organizations with a botnet grade of B or below had experienced data breaches at a rate of 2.2 times more than organizations with an A grade. The report says there is a correlation between botnet infestations and data breaches; “This does not mean the infections were the cause of the breaches; rather, it means that the infections and breach incidents are correlated.

The education sector fared poorly. Only 23% of institutions got an A as their botnet grade, and 33% get an F. The main botnets dogging schools and universities:

  • Jadtre (59.2%) – Downloads other malware and steals info;
  • Flashback (22.1%) – The Java exploit targeting Apple OS X;
  • TDSS (8.3%) – Discovered in 2011 It infects the master boot record of the target machine among other things it deletes other malware;
  • Zeus (6%) – Financial credential-stealing malware, and
  • Sality (4.4%) One of the longest-lived botnets. It was first discovered in 2003. Sality is considered to be one of the most complex and formidable forms of malware to date.

Ed TechThe report notes Flashback is malware that targets Apple computers by taking advantage of a Java vulnerability. Mac computers are popular among younger generations and educational institutions, intensifying the proliferation of this malware in education. Although the Flashback botnet itself has largely been shut down, the large number of infections that still exist indicates that people are running machines that have not been updated; thus, they are still vulnerable to other forms of infection.

Other industries received better scores better than Education.
• 74% of Financial Services firms got an A
• 57% of Retailers receive an A grade
• 53% of healthcare received an A grade
• 50% of Utilities received an A

there is a correlation between botnet infestations and data breachesThe report concludes that organizations with bot-infected machines are more likely to report a data breach. “The implications for organizations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks.

rb-

Been there done that … EDU people don’t get IT security. They don’t understand how much PII they collect and randomly hang onto. Their systems send data in clear text across the inter-tubes to change schools.

Someone is going to get breached and sued and maybe they will learn.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| March 17, 2015
Comments Off on Banks Scramble to Fight Apple Pay Fraud

Banks Scramble to Fight Apple Pay Fraud

Banks Scramble to Fight Apple Pay FraudSearchFinancialSecurity reports that Apple Pay fraud is on the rise and banks are rushing to fix sloppy authentication processes. Sloppy bank authentication processes are at the heart of growing Apple Pay fraud and experts worry about potential fraud with other mobile payment systems.

Apple Pay logoWhen Apple Pay was first unveiled by Apple (AAPL) in October 2014, it was touted for its increased security thanks to tokenized Device Account Numbers and the Touch ID fingerprint system. eWeek.com provided a good overview of how Apple Pay’s approval process works:

  • The camera of an iPhone 6 or 6 Plus takes a photo of the credit or debit card
  • Apple Passbook software extracts the name and expiration date, then encrypts and transmits the data to Apple
  • If the photo doesn’t allow for extraction (poor quality or card is too worn), users are allowed to manually enter the card number
  • Apple checks to see if the card is already on file in iTunes, verifying it through a match
  • But most cards aren’t already in iTunes – so Apple sends card data, phone data, and iTunes account info to the card-issuing bank
  • If verified by the bank and approved, it’s added to Apple Pay and the Apple Passbook, and it’s ready to be used for purchasing

If this provisioning is successful, the bank will automatically accept (Green Path) the info and then beam an encrypted version of the card details to be stored.

criminals have set up iPhones with stolen cardl info from Target and Home Depot hacksAccording to reports, criminals have set up iPhones with stolen personal information, which has been tracked back to accounts compromised in Target’s big data breach at the end of 2013, the Home Depot hacking in 2014, and likely the Anthem breach of 2015. The criminals take the stolen PII and call banks to authenticate a victim’s card on the new device. This is so-called “Yellow Path” authentication, where a card isn’t or rejected (Red Path), but requires more provisioning by the bank to be added to Apple Pay.

When Yellow Path authentication is required, the bank may send a one-time authorization code to the customer’s email or mobile phone that must be entered into the Apple Pay set-up.  Other banks may ask the customer to call a toll-free number where a customer service representative will try to verify the person’s identity with a series of questions about recent purchases or a home address according to the WSJ.

If this provisioning is successful, the bank will then beam an encrypted version of the card details to be stored on the Secure Element of the phone (PDF). The author contends that the heart of the problem is that some banks have lax Yellow Path processes, only asking for the last four digits of a Social Security number, leading to criminals using stolen identities and credit/debit cards to buy high-priced goods, often from Apple Stores.

Avivah Litan, a VP at Gartner (IT) said that this kind of fraud is a fundamental flaw that will affect all mobile payment services. “This isn’t necessarily an Apple Pay problem. The responsibility ultimately lies with the card issuer who must be able to prove the Apple Pay cardholder is indeed a legitimate customer with a valid card,” Ms. Litan wrote in a blog post. “That always appeared to me to be the weakest link in mobile commerce — making sure you provide the app to the right person instead of a crook.”

rb-

With the iPhone 6’s NFC capabilities, the physical card may not be required for such “purchases.” Maybe someday this will keep merchants from holding card data but for now, seems like the banks need to get their act together.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »