2012: the year of the mobile threat

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

2012: the year of the mobile threat

Description: Smartphone

Smartphones will become more dominant in 2012 and beyond, leaving PC shipments in the dust. That will bring big benefits but also big risks. Taylor Armerding explains

Its benefits for user convenience and productivity are obvious and irresistible - a smartphone can handle everything from email to collaboration to video chat. It can serve as your GPS.  It can scan product barcodes. It can find and store your favorite songs, help you take high-resolution photos and HD video and expand both your social and professional network.

But it isn't very secure, which puts users and the enterprises that employ them at risk.

A combination of relative defenselessness and ubiquity means mobile devices are an increasingly tempting target for attacks ranging from spyware to rogue applications.

Security experts say the industry is aware of the risks. IBM's IT security research team, X-Force, predicts 33 software exploits targeting mobile devices in 2012. That may sound small, but it's double the number released in the previous 12 months.

Many of the attacks will come through the browser, which Anup Ghosh, co-founder and CEO of Invencea, described as "a terrific attack vector for any malware writer". While each new wave of browsers has better security built-in, there's no slowdown in the number of vulnerabilities. Indeed, there are up to 75,000 variations of malware per day.

"The whole model of detecting attacks and then responding to them is fundamentally broken," said Ghosh.

The methods of attack are varied. They can come with attachments to emails, with third-party apps that promise to perform a useful service but end up harvesting your personal information, or simply through opportunistic infections as you surf the web.

Current estimates are that one in 60 Facebook posts and one in 100 Tweets contain malicious attachments.

Who's in charge here?

Gary McGraw, CTO of Cigital and a co-founder of BSIMM (the Building Security in Maturity Model), an organization that helps software developers build security into their products, believes that the growing awareness of the threats means more effort will ne made to improve security for mobile devices. But, he noted, "This is a very complicated space. A lot of different people are responsible for different parts."

Those involved In the making and using of mobile devices range from network operators and device makers to chip manufacturers and those who make mobile OSes.

"They're all thinking very seriously about this problem," McGraw said. "But the business model for mobile commerce hasn't been laid out. It's hard to make risk-management decisions when you're trying to get ahead of your competitors."

McGraw agrees that users are vulnerable, particularly to threats such as non-vetted third-party apps. "You can wave your phone around and pay for your petrol - or maybe pay for everyone's," he said.

Zach Lanier, principle consultant at Intrepidus Group, agrees that security is sometimes left aside in the rush to gain a competitive advantage. Developers are making the same mistakes they made with desktop PCs a decade ago, he said.

"We're forgetting the lessons we already learned," added Lanier.

Mobile security isn't an issue of browsers, per se. Lanier believes that mobile devices are vulnerable, but not inherently more so than desktops and laptops.

It is a matter of scale, he said. "Let's say there is a bug, and the most current version of Android is fixed. But everyone runs different versions of Android. So in sheer numbers, they are more vulnerable"

Ultimately, staying safe online comes down to people - the end users. If they can be tricked into opening a malicious PDF file, technology can't block that.

McGraw and Lanier both believe companies will become more active in mobile-device management in response.

Still, a "lack of savvy is not going to go away," Lanier said. To which McGraw added: "You can't protect people from themselves."

Is Malware a threat to Android users?

Description: Android

Security vendors are playing on your fears to try to sell you protection software for Android, RIM and IOS, according to Chris DiBona, Google's open-source programs manager.

"They are charlatans and scammers. If you work for a company selling virus protection for Android, RIM or IOS you should be ashamed," said DiBona.

According to DiBona, none of the major smartphone OSes has a virus problem similar to what the Windows and Mac ecosystems experience. He dismissed the Android threats reported by the security industry as little things that didn't get very far because of the platform's sandbox model and other architectural features.

Security experts disagree with this assessment and point out that the levels of Android malware have registered a huge increase this year.

"Malware for Android devices is one of the biggest issues in the mobile malware area today," said Denis Maslennikov, a senior malware analyst at Kaspersky Lab. "The growth in malware for Android over the past 5 months is significant. In June we discovered 112 modifications of Android malware; in July, 212; August, 161; 559 in September: and 808 In October."

A similar trend was observed by other antivirus vendors, with Trend Micro reporting a 1,410 percent increase in the number of Android threats from January to July 2011. "The more important figure is not the total number of malware, but the rate of increase. That demonstrates current, active and sustained criminal interest in the mobile platform," said Rik Ferguson, the company's director of security research and communication.

The majority of Android malware threats consist of Trojans, not traditional self-replicating viruses or worms. However, these can be Just as damaging, if not more so, the security experts said.

"It depends on your definition of damaging. Is it recording and uploading voice conversations to a remote server, stealing email and text message histories, or running up huge bills through premium-rate text and voice scams? It all depends on the point of view of the victim and the fallout of the infection," Ferguson said.

However, Android's security issues aren't limited to malware alone. Like any users who access email and websites, smartphone owners are vulnerable to platform-independent threats such as phishing and advance-fee scams.

"What DiBona is missing is that mobile security tools do much more than just antivirus. Antitheft, remote lock, backup, parental control, web filter – these features are the main reason why people buy mobile security products. They get antivirus as a bonus," said Mikko Hypponen, the chief research officer at antivirus firm F-Secure.

DiBona acknowledged that there are some cases where security software is beneficial, such as for enforcing certain corporate policies on business devices. However, he strongly believes that these should be sold independently. "Marketers that sell such things sometimes tack on virus protection.“ That part is a lie," he said.

"Well I guess that's one way to make a platform appear malware- free," replied Trend Micro's Ferguson in a blog post. "Am I ashamed of myself? Not at all. I'd prefer to offer protection against a growing threat to personal and business security than to bury my head. In the sand and defend my stance with wild accusation."

Most malware researchers agree that the openness of the Android platform, which allows installing non-vetted apps, and - more importantly - the openness of the Android market, which lacks a strict application-review process, contribute to its malware problem.

"The most important step that Google may take in order to make Android more secure Is tighten application-review policies to prevent malware appearing in the Android Market," said Maslennikov, He pointed out that Trojans were found in the Android Market on multiple occasions, and sometimes stayed there for weeks or months before detection.

"We've learned that relying on the users to follow best practices doesn't really work," said Ondrej Vicek, the CTO at Avast Software. "For computer experts, the threat may not be too high at the moment, but for the majority of people, the threat is real," he added.

  •  DrayTek Vigor 3200n
  •  What the cyberhackers do with your personal information
  •  Multifaceted Tests : Attempting Server-Side Includes (SSI) Injection Systematically, Attempting Log Injection Interactively & Attempting LDAP Injection Interactively
  •  Multifaceted Tests : Attempting XPath Injection Interactively & Attempting Server-Side Includes (SSI) Injection Interactively
  •  Multifaceted Tests : Attempting Command Injection Interactively & Attempting Command Injection Systematically
  •  Multifaceted Tests : Attempting PHP Include File Injection Interactively & Creating Decompression Bombs
  •  Programming .NET Components : Addressing Other Security Issues
  •  Programming .NET Components : Principal-Based Security
  •  Programming .NET Components : Visual Studio 2005 and Security
  •  Multifaceted Tests : Modifying Host Headers & Brute-Force Guessing Usernames and Passwords
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us