Tag Archive for GOOG

| March 29, 2012
Comments Off on Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012The Security Labs over at Websense (WBSN) a provider of Web, data, and email content security have used the Websense ThreatSeeker Network (PDF) which provides real-time reputation analysis, behavioral analysis, and real data identification to announce (PDF) their picks for the top IT security threats for 2012. Social media is the #1 risk in 2012,.

1. Websense says that stealing, buying, trading credit card, and social security numbers is old news. They say that your social media identity may prove more valuable to cybercriminals than your credit cards.

LinkedIn connections for saleToday, your social identity may have greater value to the bad guys because Facebook (FB) has more than 800 million active users. More than half of FB users log on daily and they have an average of 130 friends. Trust is the basis of social networking, so if a bad guy compromises social media logins, the security firm says there is a good chance they can manipulate your friends. (Stacy Cowley at CNN Money has an excellent article on how this can work with LinkedIn (LNKD). Which leads to their second prediction.

2. According to Websense most 2012 advanced attacks’ primary attack vector will blend social media “friends,” mobile devices, and the cloud. In the past, advanced persistent threats (APTs) blended email and web attacks together. In 2012, the researchers believe advanced attacks could use emerging technologies like: social media, cloud platforms, and mobile. They warn that blended attacks will be the primary vector in most persistent and advanced attacks of 2012.

iPad malware3. The San Diego CA-based firm says to expect increases in exposed vulnerabilities for mobile devices in 2012. They predict more than 1,000 different variants of exploits, malicious applications, and botnets will attack smartphones or tablets. Websense security investigators predict that a new variant of malware for mobile devices will appear every day.

The Internet security firm stresses that application creators need to protectively sandbox their apps. Without sandbox technology malware will be able to get access to banking and social credentials as well as other data on the mobile device. This includes work documents and any cloud applications on that handy device. The firm believes that social engineering designed to specifically lure mobile users to infected apps and websites will increase. Websense predicts the number of mobile device users that will fall victim to social engineering scams will explode when attackers start to use mobile location-based services to design hyper-specific geolocation social engineering attempts.

SSL/TLS blindspot4. SSL/TLS will put net traffic into a corporate IT blind spot. Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First, the disruptive growth of mobile and tablet devices is moving packaged software to the cloud and distributing data to new locations.

Second, many of the largest, most commonly used websites, like Google (GOOG) Search, Facebook, and Twitter have switched their sites to default to HTTPS sessions. This may seem like a positive since it encrypts the communications between the computer and destination. But as more traffic moves through encrypted tunnels, Websense correctly says that many traditional enterprise security defenses (like firewalls, IDS/IDP, network AV, and passive monitoring) will be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic. These blind spots offer a big doorway for cybercriminals to walk through. (We have started to battle this as we move from a POC system from McAfee another vendor to a modem content filter to be nameless but was just bought and we haven’t solved it yet, the NoSSLSearch for GOOG still needs some work)

Network security5. For years, security defenses have focused on keeping cybercrime and malware out (Also called M&M security, hard on the outside, soft and chewy on the inside). The Websense Security Lab team says that there’s been much less attention on watching outbound traffic for data theft and evasive command and control communications. The researchers say hacking and malware are related to most data theft; they estimate that more than 50 percent of data loss incidents happen over the web. This is aggravated by delayed DLP deployments as vendors use traditional overly excessive processes like data discovery (designed to over-sell professional services?).

In 2012, organizations will have to stop data theft at corporate gateways that detect custom encryption, geolocations for web destinations, and command and control communications.  The security firm predicts organizations on the leading edge will add outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

Black-Hat-SEO_full6. The London Olympics, U.S. presidential elections and Mayan calendar apocalyptic predictions will lead to broad attacks by criminals. SEO poisoning has become an everyday occurrence. The Websense Security Labs still sees highly popular search terms deliver a quarter of the first page of results as poisoned.

The researchers expect that as the search engines have become savvier on removing poisoned results, criminals will port the same techniques to new platforms in 2012. They will continue to take advantage of today’s 24-hour, up-to-the-minute news cycle, only now they will infect users where they are less suspicious: Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. Websense recommends extreme caution with searches, wall posts, forum discussions, and tweets dealing with the topics listed above, as well as any celebrity death or other surprising news from the U.S. presidential campaign.

Scareware7. Scareware tactics and the use of rogue anti-virus, will stage a comeback. With easy to acquire malicious tool kits, designed to cause massive exploitation and compromise of websites, rogue application crimeware will reemerge Websense says. Except, instead of seeing “You have been infected” pages, they expect three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems. Also, expect that the use of polymorphic code and IP lookup will continue to be built into each of these tactics to bypass blacklisting and hashing detection by security vendors. (Rival IT Security firm GFI Software proves Websense’s point by reporting a “new wave of fake antivirus applications (or rogue AV)” since the start of the year and are “a popular tactic among cybercriminals.”)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| March 25, 2012
One comment

How Does Your Equipment Stack Up?

How Does Your Equipment Stack Up?Engadget points us to phone-size.com that lets you compare the relative proportions of different smartphones. At the top of the webpage, you’ll also find a toolbar to enter the size and aspect ratio of your display. Once you jump through this minor hoop, according to Engadget, the utility produces accurate, life-size depictions of smartphones like Apple’s (AAPL) iPhonesGoogle’s (GOOG) Androids, and Research In Motion’s (RIMM) Blackberrys.

rb-

Really wanted to use the title.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| March 22, 2012
2 comments

Flip the Switch on IPv6

Flip the Switch on IPv6World IPv6 day (Which I reported on here) took place in June 2011. Google (GOOG), Facebook, Yahoo (YHOO), and Akamai (AKAM) were among the participants in last year’s new networking dress rehearsal. apparently, everything went well last June.

Internet SocietyNathan Ingraham at The Verge recently noted that IPv6 is now ready for prime-time. The Internet Society announced that the IPv6 switch will be permanently flipped on June 6th, 2012.

The article says a number of major ISPs, networking hardware manufacturers, and web companies pledged support from day one. For starters, four of the biggest web properties will all enable IPv6 permanently:

Cisco logoFrom a hardware perspective, Cisco (CSCO) and D-Link (2332) both committed to enabling IPv6 across their range of home products by June.

GigaOM reports that Akamai (AKAM) and Limelight (LLNW) will also recruit other websites to join the initiative, by implementing IPv6 throughout their content delivery networks.

Several leading ISP’s will enable IPv6 to enough of their customer base that at least one percent of their residential subscribers who visit IPv6 enabled websites;

rb-

The internet is quickly running out of IP addresses, the last addresses in Internet Protocol version 4 were officially distributed early in 2011 Which I wrote about here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| March 20, 2012
One comment

Spyware Prevention 101

Spyware Prevention 101Spyware goes by many names, including adware, malware, crimeware, scumware, and snoopware. No matter what you call it, spyware’s purpose is still the same: to steal your personal information (PII).

steal your identity, use your credit cards, siphon funds from your bank accountsHelp Net Security says that once hackers have your personal information they can steal your identity, use your credit cards, siphon funds from your bank accounts, and more. Simply put: it’s bad news and you want nothing to do with it.

The good news, according to the article, is that spyware prevention is possible and there are many ways to keep these dangerous programs at bay. In addition to installing the right software, users can practice these computer security tips from Broomfield, CO-based Internet security firm Webroot:

  • Download software directly from the source. The article says a common way to get a spyware infection is to install free or pirated programs from file-sharing sites which have been booby-trapped with malware.
  • Set your browser security settings to “high” and protect yourself from “drive-by” downloads and automatic installations of unwanted programs.
  • Use a firewallAvoid questionable websites, such as those featuring adult material. They’re notorious for spreading spyware threats and causing users problems.
  • Use a firewall.
  • Be suspicious of email and IM.
  • Don’t open attachments unless you know the sender and are expecting a file from them.
  • Delete messages you suspect are spam (don’t even open them).
  • Avoid clicking on links within messages.
  • do not click on a link embedded in the email messageDo not give personal information to unsolicited requests even if they seem legitimate.
  • If you receive a request for personal information from your bank or credit card company, contact that financial institution directly, but do not click on a link embedded in the email message.

rb-

Amichai Shulman – CTO, Imperva posted that the credentials to a Hotmail account are worth $1.50 and a Gmail account is worth over $80 to cyber-criminals. Gmail is more valuable to the attacker because of the wide variety of other Gmail cloud services that can be accessed through Gmail credentials.

It is also likely that credentials used by a person for one application will most work on other applications as well. It is not uncommon for people to have the same username and password used for their Facebook account, their Twitter account, their Airline Frequent Flyer account, or any application that uses their Gmail account as the application account name.

That’s why spyware is bad.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| March 6, 2012
Comments Off on Top Wireless Predictions for 2012

Top Wireless Predictions for 2012

Top 10 Wireless Predictions for '12 from Juniper ResearchUK-based Juniper Research published a year-end list of predictions for the mobile and wireless industry for 2012. A copy of the report can be downloaded from Juniper Research, with registration here. Are they on-target or off-the-wall?

Recession Likely to Hit Smart Device SalesRecession Likely to Hit Smart Device Sales. Juniper Research says the continued recession will hurt smartphone and tablet sales. They believe tablet sales will be hurt more than “must-have” smartphones.

They say cash-strapped consumers may opt for the lower-priced tablets. This could benefit players such as Amazon (AMZN) Kindle Fire or ARCHOS (ALJXR) ARNOVA branded devices rather than an Apple (AAPL) iPad. eReaders are most likely to be the hardest hit according to the report.

The Year of the Quad-Core Processor2012 – The Year of the Quad-Core Processor. ASUS (2357) was the first to release Quad-Core Processor. The new chip appeared n November 2011, It ran on the Eee Pad Transformer Prime with the newly launched NVidia (NVDA) Tegra 3 chip. Qualcomm (QCOM) has also added a quad-core chip to their Snapdragon line. Juniper Research expects more to come.

Quad-core processors offer improved performance and increased battery life. The performance boost comes from being able to multi-task more efficiently. It ensures that music will keep playing smoothly while the user is playing games or taking pictures. The power savings come from being able to keep those cores at a relatively low clock speed.

Quad-core processors will allow developers to add more realistic effects, getting ever closer to the elusive console-quality experience. The Tegra 3 even allows for controller support and mirroring to a 3D TV. Javascript and Flash will also run faster allowing web developers to create more graphics and script-heavy apps and pages.

Windows 8 OS to Fuel Nokia RevivalWindows 8 OS to Fuel Nokia Revival Disrupt Tablet Market.  Microsoft’s (MSFT) next OS will be compatible with both Intel and ARM architectures.  Windows 8 will run on both PC and mobile devices. The research firm believes Windows 8 will create a huge ecosystem of devices from smartphones to desktops for app developers to target. Juniper Research expects Microsoft to gain market share in the tablet space, as it replaces the non-tablet-optimized Windows 7. And, with Nokia (NOK) transitioning its existing (smartphone) and new products (likely to include a tablet) to Microsoft’s platform, the Finnish giant will be fighting back after spending several years losing market share to Google (GOOG) Android and Apple iOS devices.

High Profile Malware Attacks on Mobile Devices2012 to see High Profile Malware Attacks on Mobile Devices. There have been many malware attacks targeted at mobile devices. However, these attacks have been relatively small-scale. This is unlikely to continue. Cyber-criminals will not be able to pass up the opportunity that consumer smartphones and tablets will present. Juniper Research anticipates that 2012 will see several high-profile, international attacks on various mobile OSs. Consumers at large must bed aware of the pressing need to protect their smart devices by installing security software.

Cloud Mobility to Drive Collaborative CommunicationsCloud Mobility to Drive Collaborative Communications – The BYOD trend driven by the consumerization of enterprise IT will increase according to the research firm. Specifically, Juniper Research believes that 2012 will see a substantial increase in the number of enterprises moving to develop and deploy mobile-centric, social business strategies.

Other predictions from Juniper Research include:

  • The London 2012 Olympics will boost mobile advertising and M-Gambling, and kickstart NFC.
  • Mobile Coupons to drive the mCommerce market despite economic stagnation.
  • MEMsaccelerometers and gyroscopes to transform the sensor market for mobile devices.
  • Social Gaming will become a major mobile play with the introduction of synchronous gaming.
  • Online, Mobile and Physical will begin to fuse into one retail market.

 rb-

I’ll come back to these predictions at the end of the year and see which predictions were on target or off in space somewhere.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »