Tag Archive for Mobile device

| September 13, 2012
Comments Off on Everyone Snoops Thru Smartphones

Everyone Snoops Thru Smartphones

Everyone Snoops Thru SmartphonesMobile device users lose almost 70 million smartphones per year in the U.S., about 30 percent of all the phones in use at any given time. According to one report only seven percent of the lost smartphones are recovered. Only 57 percent had any security, but 60 percent have confidential contact lists, emails, Internet and security codes and credentials for business apps or mobile-payment services.

Symantec logoEven if an honest person finds your mobile, security company Symantec (SYMC) says that the good Samaritan will look at the confidential data stored on the smartphone while trying to return it. The study (PDF) found that 96 percent of the people who found a mobile device planted by the security vendor peeked at personal data. People who found the smartphones:

  • Clicked on an app labeled “online banking” 43% of the time
  • Tried to run a remote-access/VPN app to access the fake network 49% of the time
  • Clicked on a filed named “HR salaries” 49% of the time
  • Opened a file named “saved passwords” 57% of the time
  • Checked social networking tools and personal e-mail 60% of the time
  • Accessed a folder labeled “private photos” 72% of the time
  • Checked out something on the lost mobile device 96% of the time

Online storage company Carbonite (CARB) reports that the data on a mobile device is valuable enough and the headaches involved in recovering it are big enough that 50 percent of Americans would rather give up all of a year’s vacation time than lose all the files on their smartphones.

rb-

Even though most Americans would give up their vacation then lose the data on their mobile devices they don’t take steps to prevent other from snooping through their data. Simplistic as it seems, one password will deter most casual snoops.Identity theft data lose and embarrassment can easily be prevented by using the password screen-lock that comes with all smartphones.

How to Set a Passcode

WikiHOW explains How to Set a Passcode on the iPad to prevent people from snooping through your Apple (AAPL) iPad2.

Open the “Settings” app and tap “General Settings”. Continue by opening “Passcode Lock” in the center box of options.
How to Set a Passcode on the iPad - Step 1

Scroll until you find the “Passcode” option, then tap it. If this is your first time enabling a passcode, “Turn Passcode On” will be the only selectable option. If your iPad supports Touch ID, this option will be called “Touch ID & Passcode.”

How to Set a Passcode on the iPad - Step 2

Turn Passcodes on by tapping the “Turn Passcode On” option.

How to Set a Passcode on the iPad - Step 3

Enter a six-digit passcode of your choosing. You’ll need to enter it again exactly the same way on the next screen to verify. Be sure that it is a combination you won’t easily forget, as well as one that is also hard for others to figure out. This has increased from 4 – 6 characters since I first posted this article in 2012.

How to Set a Passcode on the iPad - Step 4

Re-enter the passcode. Pay close attention as you type to avoid mistyping the passcode. If both your new passcodes match each other, you’ll be taken back to the “Passcode Lock” screen.

How to Set a Passcode on the iPad - Step 5

Press the lock button to lock your iPad. You still need to confirm that your passcode is active.

How to Set a Passcode on the iPad - Step 6
Swipe right on your iPad’s screen, then enter your passcode. Your iPad is now passcode-protected!You can change or remove your passcode at any time in the “Passcode” menu.

How to Set a Passcode on the iPad - Step 7

rb-

Apple has updated this process since I first wrote about putting a lock on your iPad in 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| July 28, 2012
Comments Off on LCD Tech Explained

LCD Tech Explained

LCD Tech ExplainedLCD panels are crucial to the adoption of most mobile technology. Without LCD panels we would probably be stuck with mobile devices that still look a lot like the Compaq Portable. Engadget points us to a video from the EngineerGuy, aka Bill Hammack which does a great job of explaining how an LCD panel works and what backlights, light diffusion, and subpixels have to do with viewing talking dogs on your new iPad.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| July 14, 2012
Comments Off on 1983 Mobile Device

1983 Mobile Device

Commodore EXECUTIVE 64 ad from Australia, could be the first mobile device. It was advertised as the first “portable” full-color computer. The Commodore EXECUTIVE 64 was introduced in 1983 and had a retail of $1,000.

Commodore EXECUTIVE 64 1983 Mobile Device

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| March 29, 2012
Comments Off on Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012The Security Labs over at Websense (WBSN) a provider of Web, data, and email content security have used the Websense ThreatSeeker Network (PDF) which provides real-time reputation analysis, behavioral analysis, and real data identification to announce (PDF) their picks for the top IT security threats for 2012. Social media is the #1 risk in 2012,.

1. Websense says that stealing, buying, trading credit card, and social security numbers is old news. They say that your social media identity may prove more valuable to cybercriminals than your credit cards.

LinkedIn connections for saleToday, your social identity may have greater value to the bad guys because Facebook (FB) has more than 800 million active users. More than half of FB users log on daily and they have an average of 130 friends. Trust is the basis of social networking, so if a bad guy compromises social media logins, the security firm says there is a good chance they can manipulate your friends. (Stacy Cowley at CNN Money has an excellent article on how this can work with LinkedIn (LNKD). Which leads to their second prediction.

2. According to Websense most 2012 advanced attacks’ primary attack vector will blend social media “friends,” mobile devices, and the cloud. In the past, advanced persistent threats (APTs) blended email and web attacks together. In 2012, the researchers believe advanced attacks could use emerging technologies like: social media, cloud platforms, and mobile. They warn that blended attacks will be the primary vector in most persistent and advanced attacks of 2012.

iPad malware3. The San Diego CA-based firm says to expect increases in exposed vulnerabilities for mobile devices in 2012. They predict more than 1,000 different variants of exploits, malicious applications, and botnets will attack smartphones or tablets. Websense security investigators predict that a new variant of malware for mobile devices will appear every day.

The Internet security firm stresses that application creators need to protectively sandbox their apps. Without sandbox technology malware will be able to get access to banking and social credentials as well as other data on the mobile device. This includes work documents and any cloud applications on that handy device. The firm believes that social engineering designed to specifically lure mobile users to infected apps and websites will increase. Websense predicts the number of mobile device users that will fall victim to social engineering scams will explode when attackers start to use mobile location-based services to design hyper-specific geolocation social engineering attempts.

SSL/TLS blindspot4. SSL/TLS will put net traffic into a corporate IT blind spot. Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First, the disruptive growth of mobile and tablet devices is moving packaged software to the cloud and distributing data to new locations.

Second, many of the largest, most commonly used websites, like Google (GOOG) Search, Facebook, and Twitter have switched their sites to default to HTTPS sessions. This may seem like a positive since it encrypts the communications between the computer and destination. But as more traffic moves through encrypted tunnels, Websense correctly says that many traditional enterprise security defenses (like firewalls, IDS/IDP, network AV, and passive monitoring) will be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic. These blind spots offer a big doorway for cybercriminals to walk through. (We have started to battle this as we move from a POC system from McAfee another vendor to a modem content filter to be nameless but was just bought and we haven’t solved it yet, the NoSSLSearch for GOOG still needs some work)

Network security5. For years, security defenses have focused on keeping cybercrime and malware out (Also called M&M security, hard on the outside, soft and chewy on the inside). The Websense Security Lab team says that there’s been much less attention on watching outbound traffic for data theft and evasive command and control communications. The researchers say hacking and malware are related to most data theft; they estimate that more than 50 percent of data loss incidents happen over the web. This is aggravated by delayed DLP deployments as vendors use traditional overly excessive processes like data discovery (designed to over-sell professional services?).

In 2012, organizations will have to stop data theft at corporate gateways that detect custom encryption, geolocations for web destinations, and command and control communications.  The security firm predicts organizations on the leading edge will add outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

Black-Hat-SEO_full6. The London Olympics, U.S. presidential elections and Mayan calendar apocalyptic predictions will lead to broad attacks by criminals. SEO poisoning has become an everyday occurrence. The Websense Security Labs still sees highly popular search terms deliver a quarter of the first page of results as poisoned.

The researchers expect that as the search engines have become savvier on removing poisoned results, criminals will port the same techniques to new platforms in 2012. They will continue to take advantage of today’s 24-hour, up-to-the-minute news cycle, only now they will infect users where they are less suspicious: Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. Websense recommends extreme caution with searches, wall posts, forum discussions, and tweets dealing with the topics listed above, as well as any celebrity death or other surprising news from the U.S. presidential campaign.

Scareware7. Scareware tactics and the use of rogue anti-virus, will stage a comeback. With easy to acquire malicious tool kits, designed to cause massive exploitation and compromise of websites, rogue application crimeware will reemerge Websense says. Except, instead of seeing “You have been infected” pages, they expect three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems. Also, expect that the use of polymorphic code and IP lookup will continue to be built into each of these tactics to bypass blacklisting and hashing detection by security vendors. (Rival IT Security firm GFI Software proves Websense’s point by reporting a “new wave of fake antivirus applications (or rogue AV)” since the start of the year and are “a popular tactic among cybercriminals.”)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| February 23, 2012
One comment

McAfee Labs 2012 Threat Predictions

McAfee Labs 2012 Threat PredictionsComputer security company McAfee unveiled its Threat Predictions report (PDF), outlining the top cybersecurity threats organizations and individuals are likely to face in 2012. McAfee, a wholly-owned subsidiary of Intel (INTC), says that for the most part, 2012 looks like it will look like 2011 only worse, with many of the recent threats gaining momentum. Here are the predictions:

Industrial Attacks:Industrial Attacks: Cyber-criminals will target Water, electricity, oil, and gas utilities. These are essential services to everyday lives, yet many industrial systems are not ready for cyber-attacks according to McAfee. Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. McAfee predicts attackers will leverage this lack of preparedness with greater frequency, if only for blackmail or extortion in 2012.

Legalized Spam: McAfee Labs says global spam volumes have declined in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing third-party email lists or databases from companies going out of business. McAfee Labs expects to see this “legal” spam and the technique known as “snowshoe spamming” continue to grow at a faster rate than illegal phishing and confidence scams.

Mobile ThreatsMobile Threats: 2011 has seen the largest levels in mobile malware history, McAfee Labs expects that continue in 2012. They expect mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it seem that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

Embedded Hardware: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras, and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer and will enable attacks to gain greater control and keep up long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

countries prove their cyber war capabilitiesCyberwar: Countries are vulnerable due to massive dependence on computer systems and a cyber-defense that primarily defends only government and military networks. Many countries realize the crippling potential of cyber attacks against critical infrastructures, such as water, gas, and power, and how difficult it is to defend against them. McAfee Labs expects to see countries prove their cyberwar capabilities in 2012, to send a message.

Rogue Certificates: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

Legislative IssuesLegislative Issues: DNSSEC (Domain Name System Security Extensions) is designed to protect a client computer from inadvertently communicating with a host as a result of a man-in-the-middle attack. Governing bodies around the globe are taking a greater interest in establishing “rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances where legislative issues hamper future solutions.

Hacktivism: McAfee Labs predicts that in 2012 digital disruptions like Anonymous will join forces with physical demonstrators and will target public figures such as politicians, industry leaders, judges, and law enforcement, more than ever before.

Virtual CurrencyVirtual Currency: McAfee Labs expects cryptocurrency will be an attractive target for cybercriminals.  to see threats evolve to steal money from unsuspecting victims or to spread malware.

Hardware Attacks: McAfee Labs expects to see more effort put into hardware and firmware exploits to create persistent malware in network cards, hard drives, and even system BIOS (Basic Input Output System). and their related real-world attacks through 2012.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »