Tag Archive for Malware

| October 16, 2010
One comment

Apple Wants to Patent Spyware

Apple Wants to Patent SpywareThe Electronic Frontier Foundation (EFF) is reporting that Apple, Inc., (AAPL) has filed a patent application for a “Systems and Methods for Identifying Unauthorized Users of an Electronic Device. ” The patent is for a device to investigate a user’s identity to decide if that user is “unauthorized.”

Information Apple plans to collect

  • EFF logoThe system can take a picture of the user’s face, “without a flash, any noise, or any indication that a picture is being taken to prevent the current user from knowing he is being photographed“;
  • The system can record the user’s voice, whether or not a phone call is even being made;
  • The system can determine the user’s unique individual heartbeat “signature”;
  • To decide if the device has been hacked, the device can watch for “a sudden increase in memory usage of the electronic device“;
  • The user’s “Internet activity can be monitored or any communication packets that are served to the electronic device can be recorded“; and
  • The device can take a photograph of the surrounding location to find where it is being used.

Who is the responsible party

Apple logoThe EFF believes that as a result of this new technology, Apple will know who you are, where you are, and what you are doing and saying, and even how fast your heart is beating. In some embodiments of Apple’s “invention,” this information “can be gathered every time the electronic device is turned on, unlocked, or used.”  When an “unauthorized use” is detected, Apple can contact a “responsible party.” A “responsible party” may be the device’s owner or as the EFF points out the “responsible party may also be “proper authorities or the police.” Once an unauthorized user is identified, Apple could wipe the device and remotely store the user’s “sensitive data.” Apple’s patent application suggests it may use the technology not just to limit “unauthorized” uses of its phones but also to shut down a stolen phone.

However, the EFF says Apple’s new technology would do much more. The EFF believes that this patented device enables Apple to secretly collect, store, and potentially use sensitive biometric information about the user. This is dangerous in two ways according to the EFF:

  1. It is far more than what is needed just to protect you against a lost or stolen phone. It’s extremely privacy-invasive and it puts you at great risk if Apple’s data on you are compromised. But it’s not only the biometric data that are a concern.
  2. Apple does not explain what it will do with all of this collected information on its users, how long it will keep this information, how it will use this information, or if it will share this information with other third parties. We know based on long experience that if Apple collects this information, law enforcement will come for it, and may even order Apple to turn it on for reasons other than simply returning a lost phone to its owner.
  3. Apple’s technology includes various types of usage monitoring — also very privacy-invasive. This patented process could be used to retaliate against users who jailbreak or tinker with their device in ways that Apple views as “unauthorized” even if it is perfectly legal under copyright law.

rb-

The EFF says this is a new business opportunity: spyware and what they are calling “traitorware.” The patent would allow Apple to find and punish users who tinker with their devices. The EFF says it’s not just spyware, it’s “traitorware,” since it is designed to allow Apple to retaliate against customers who do something Apple doesn’t like.

This patent is downright creepy and invasive — certainly far more than would be needed to respond to the possible loss of a phone. Spyware, and its new cousin traitorware, will hurt customers and companies alike — Apple should shelve this idea before it backfires on both it and its customers.

Steve Jobs wants you

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| August 31, 2010
Comments Off on CAPTCHAs Broken

CAPTCHAs Broken

CAPTCHAs BrokenMims Bits on MIT‘s Technology Review reports that researchers at UC San Diego have figured out how spammers use low-cost workers in Russia, Southeast Asia, and China to solve millions of CAPTCHAs in near real-time. A CAPTCHA is that bit of distorted text you have to type back at a webpage when you’re trying to sign up for a new email account or leave a blog comment.

CAPTCHAIn order to prevent spammers from flooding the web with their malware researchers developed CAPTCHAs. CAPTCHAs are designed to be easy for humans to solve but challenging enough for computers to get right that automated systems would not be effective.

In what Mims calls an epic new analysis by the UC San Diego researchers, they uncovered the “seedy underbelly” of a sophisticated, highly automated, worldwide network of services that help spammers get past the CAPTCHAs. The article says that the inventors of CAPTCHA probably didn’t expect thousands of laborers working for less than $50 a month would be recruited by spammers to solve an endless stream of CAPTCHAs. Automated middlemen deliver the  CAPTCHAs to the workers and then sell the results to spammers in real-time so that their spambots can use those solutions to post to blogs and set up fraudulent email accounts according to a paper (PDF) delivered at the USENIX Security 10 Symposium.

The UC San Diego researchers analyzed where the workers involved in this scheme were located and found that they are based in India, Russia, Southeast Asia, and China. The system is so efficient at delivering CAPTCHAs to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds. ImageToText, one of the CAPTCHA services the researchers experimented with was able to deliver correct results in “a remarkable range of languages,” including Dutch, Korean, Vietnamese, Greek, and Arabic.

Klingon,Even setting the sample CAPTCHAs to Klingon, as a control in their experiment, could not stop ImageToText, according to Technology Review. The workers managed to solve a handful of the Klingon CAPTCHAs despite odds of less than one in one thousand of their randomly getting the right answer.

The results of this landmark study, says Mims, show that a number of sites, including those run by Microsoft (MSFT), AOLGoogle (GOOG), and the widely used reCAPTCHA, are regularly compromised by spammers employing these services. The researchers conclude that their investigation with an anonymous “Mr. E” who actually runs one of these services, proves that for advanced spammers, CAPTCHAs aren’t so much a barrier as a cost of doing business.

DarkReading has a report that independent security researcher Chad Houck recently demonstrated his work on solving Google’s reCAPTCHA. reCAPTCHA was designed to stop software bots attempts to create free accounts on the Google services for their malware ways.  Despite recent enhancements made by Google, DarkReading says Houck came up with algorithms that could beat reCAPTCHA 30 percent of the time.

Google logoA 30% success rate means that automated software using Mr. Houck’s algorithm will be able to create one Google account out of just three attempts. Multiply those odds by the endless attempts by tens of thousands of zombies in a typical botnet, reCAPTCHA is broken.

In the DarkReading article, Houck notes that “[ReCAPTCHA] has never been wholly secure. There are always ways to crack it.” The researcher has since published a white paper on it, and has also released his algorithms online. For now, at least, a Google spokesperson says there has not been any sign of this particular attack being actively used.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| August 28, 2010
Comments Off on New School Year Same Security Threats

New School Year Same Security Threats

New School Year Same Security Threats Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start up again. Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, “With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

Top threats at school

WatchGuard’s top at school threats include:

watchguard_logoSocial Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing, and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for educational purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways of delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet are part of a botnet. As part of a botnet, school and university systems can be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft, and more.

Phishing scams continue to get more advanced and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As the use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
  • The Science of Cyber Security (usnews.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| July 31, 2010
Comments Off on Apple Has Most Holes

Apple Has Most Holes

Apple Has Most HolesSecurity company Secunia is reporting that Apple (AAPL) software has the most security vulnerabilities. According to the recent Secunia Half Year Report 2010 (PDF) Apple has displaced Oracle as the company with the most security vulnerabilities in its software over the first half of 2010. Microsoft retains its third-place spot.

WiredApple logo points out that this does not necessarily mean that Apple’s software is the most insecure in practice. The report takes no consideration of the severity of the flaws, it points at a growing trend in the world of security flaws: the role of third-party software. Many of Apple’s flaws are not in its operating system, Mac OS X, but rather in software like Safari, QuickTime, and iTunes. Vendors like Adobe (with Flash and Adobe Reader) and Oracle (with Java) are similarly responsible for many of the flaws being reported. The top ten third-party applications, ranked by total number of reported vulnerabilities:

1. Mozilla Firefox
2. Apple Safari
3. Sun Java JRE
4. Google Chrome
5. Adobe Reader
6. Adobe Acrobat
7. Adobe Flash Player
8. Adobe AIR
9. Apple iTunes
10. Mozilla Thunderbird

Secunia logoTo illustrate this point, ars technica says the report includes cumulative figures for the number of vulnerabilities found on a Windows PC with the 50 most widely used programs. Five years ago, there were more first-party flaws (in Windows and Microsoft’s other software) than third-party. Since about 2007, the balance shifted towards third-party programs. Secunia predicts that third-party flaws will outnumber first-party flaws by two-to-one by the end of 2010.

Secunia also makes a case that effectively updating third-party software is much harder to do; because Microsoft’s Windows Update and Microsoft Update systems will offer protection for around 35% of reported vulnerabilities, patching the rest requires the use of 13 or more updating systems. Some vendors—Apple, Mozilla, and Google, for example—do have decent automatic update systems, but others require manual intervention by the user.

Steve Jobs

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| July 13, 2010
Comments Off on Free Antivirus Rules Market

Free Antivirus Rules Market

Free Antivirus Rules MarketOPSWAT, Inc. a provider of integration technologies to software developers and vendors recently released a report on the use of antivirus applications. According to the report, free products control 42% of the product market, and vendors that primarily offer a free product have a 48% market share.

The top 10 Windows antivirus applications for January to May 2010 according to OPSWAT were:

  • avast! Free Antivirus 11.45%
  • Avira AntiVir Personal – Free Antivirus 9.19%
  • AVG AntiVirus Free 8.6%
  • Microsoft Security Essentials 7.48%
  • avast! Antivirus 5.4%
  • Kaspersky Internet Security 4.48%
  • Norton AntiVirus 4.24%
  • ESET NOD32 Antivirus 3.84%
  • avast! Antivirus Professional 3.5%
  • McAfee VirusScan 3.26%

opswat AV market share graph 2010

This data indicates that free products account for 42% of the market. From a vendor perspective, European vendors, total just over 50% of the market which include:

  • AVAST,
  • Avira,
  • AVG,
  • ESET,
  • Panda,
  • BitDefender,
  • G Data and
  • Sophos.

Whereas US-based vendors, make up just over 30% include:

Vendors that primarily offer a free product have a 48% market share.

The top 10 Windows antivirus vendors by market share for January to May 2010 according to OPSWAT were:

rb-

According to the firm’s website, OPSWAT collected information from tens of thousands of volunteers out of the 50 million endpoints that use the OESIS Framework and the free Am I OESIS OK? online utility with which end users can check the interoperability and quality level of their applications.  I have said this before, with other fun factoids like this, the adoption rate of the vendor’s tools may skew the results. Nonetheless, it is notable that

  • Microsoft, not usually seen as a security vendor has captured a significant share with their recent anti-virus solutions and could be a legitimate challenger to pure-play security players Symantec and McAfee.
  • Symantec and McAfee who are often seen as the top choices in the U.S. do not do well in this list. This data seems to show that AV competition is alive and well in the highly fragmented consumer sector.
  • The fragmented marketplace may help keep innovation active in the AV market, which is a good thing in the face of the increasing variety of threats from malware.

So despite the claims of this or that vendor to dominate a market based on sales numbers, the OPSWAT data seems to show that end-users have developed a degree of trust in free antivirus applications to keep them secure as they do with paid antivirus.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »