If you're an Android user you may already have been tempted to don your tin hat and descend to your bunker following today's earlier story about app hacking. Prepare to settle in for a long seige then as new research reveals that many of the most popular Android apps have SSL vulnerabilities that leave them open to man in the middle (MITM) attacks aimed at stealing personal information.
According to threat protection specialist FireEye a significant proportion of apps allow an attacker to intercept data exchanged between the Android device and a remote server.
While the claims of Android malware may be a bit overblown, it does exist and has to be a consideration for customers. That fact has brought about an abundance of software designed to combat the perceived problem.
Now Sophos is jumping into the market with an updated version of its offering, but for the moment this latest version is in a testing phase. The company is calling on Android users to begin beta testing the new offering, and the security firm is adding an incentive in the form of prizes for people willing to step up.
The internet has become as ubiquitous as air. You’re connected at home via Wi-Fi, then you go out and stop by a cafe to grab a quick morning coffee and check your Facebook, then you come to the office, get all serious and send business mail to your colleagues. The internet gives us great freedom. But with that freedom comes great dangers and great responsibility -- you are responsible for protecting yourself on the web.
Every time you indulge into any sort of online activity, your data can be easily monitored and checked. The websites you visit receive your IP address, location, browser and operating system, screen resolution, ISP and more. You can check on what information you give away at stayinvisible.com. I have nothing against sharing this data when I do simple browsing. I am like Dutch windows without curtains -- doing nothing wrong, peep in whenever you want, I have nothing to hide.
Worldwide spending on information security is set to top $71.1 billion this year, up almost 8 percent over 2013, according to forecasts by Gartner. It's also forecast to grow by a similar percentage next year to reach $76.9 billion.
Gartner says increased use of mobile, cloud and social services will drive new security technology through 2016. There's been a democratization of security threats too, driven by the easy availability of malware and infrastructure, via the underground economy, that can be used to launch targeted attacks.
Researchers from the University of California Riverside's Bourns College of Engineering have identified a weakness in Android which allows personal data to be obtained from apps.
Tested against seven popular apps the method was between 82 and 92 percent successful on six of them, only Amazon with a 48 percent success rate proved more difficult to crack. Most vulnerable were Gmail and H&R Block at 92 percent, followed by Newegg (86 percent), WebMD (85 percent), CHASE Bank (83 percent) and Hotels.com (83 percent).
There's no doubt that security breaches are becoming more common. According to the US Government Accountability Office cyber incidents increased by 782 percent between 2006 and 2012.
But how does this impact the world at large? Security management company SRC Cyber has put together an infographic looking at some of the most infamous occurrences over the last decade and how they've affected the global cyber landscape.
It’s a given that internet companies gather titbits of our private lives in exchange for free services, but how much do we really know about what happens to our personal data?
Researchers at Columbia University have warned it is a mistake to gloss over the details we reveal online and describe the web as an “opaque black box” leveraging our personal info without our knowledge or control.
Back in May we reported on Incapsula's packet filtering solution for combating DDoS attacks. Today the company reveals details of how its ‘Behemoth’ system has mitigated a massive multi-vector DDoS attack.
The attack lasted 38 days, during which Incapsula's scrubbing servers filtered out 50+ petabits (51,000+ terabits) of malicious traffic. While the attackers did switch between several targets, they consistently targeted the websites of one Incapsula client -- a video game company.
There are many parts of the internet that are blocked to children under the age of 13. Facebook, for instance, implements an age restriction and Google is another online firm that prevents younger web users from setting up accounts. But all this could be set to change. First reported by The Information, Google has plans to open up its service to a younger audience. This does not mean that youngsters will be free to sign up for an account and browse through the contents of YouTube without restrictions. Parents will be able to sign their children up for an account and retain control over what they are able to do online.
One of the primary concerns many people have about Google -- regardless of their age -- is privacy. Google has a proven track record in delivering tailored content and advertisements to its users, and this is something that is at odds with laws around the world when it comes to children. The news coincides with UK plans to experiment with age ratings for online videos, and privacy and child protection groups are already voicing their concerns. Of course, there is nothing to stop someone of any age from signing up for a Google account; it's easy to stretch the truth with dates of birth online. But Google specifically targeting children with its services is unchartered water.
Rogue security programs that try to trick the user into paying to remove a false virus detection have been around for a while, the earliest dating back to 2007. The software is clever, using different names and brands to cover its tracks, and clearly their perpetrators make money.
Now though researchers at Microsoft's Malware Protection Center are reporting a downward trend in the traffic generated by some of the most popular rogues over the past 12 months.
PandaLabs has discovered a new strain of ransomware which it is calling Trj/Crypdef.A. The new variant works like other forms of ransomware in that it locks infected computers and encrypts a user’s files before demanding a ransom to get control back.
The ransom demand says "By purchasing a license from us, we are able to rescue your files 100% guaranteed for a very low early bird price of only $300". Don’t think $300 is a bargain? Well, in five days the demand goes up to $600, and after ten days it will cost you $1,000 to unlock your system and restore your files.
While most people consider Linux safe and secure, it isn't always the case. When the bad guys of the internet have a will, they find a way. That's why, back in May of this year, security firm Dr. Web reported a new family of Linux Trojans designed for DDoS attacks.
Now the company reports that one member of that family, known by the catchy name of "Trojan.DnsAmp.1" has been ported over to the Windows side of the computing world.
Head to the stores to look for real, physical DVDs and Blu-rays, and you'll probably find that there's an age rating on them. Now plans are afoot to bring the same idea to the web. As insane an idea as this may sound, this is actually happening, and it is completely pointless and unworkable. Initially starting off with the involvement of YouTube and Vevo, the scheme is the brainchild of UK Prime Minister David Cameron and will start as a pilot program in October. It's something that is likely to appeal to concerned parents, but the practicalities are a rather different matter.
Announcing the ratings plan, Cameron said: "We shouldn't cede the internet as some sort of lawless space where the normal rules of life shouldn't apply. So, in as far as it is possible, we should try to make sure that the rules that exist offline exist online. So if you want to go and buy a music video offline there are age restrictions on it. We should try and recreate that system on the internet".
We all know it's important to keep our PCs safe from online threats, but the range of options available to do that -- even from just one developer -- can be bewildering.
Symantec has recognized this problem and has announced that from this fall it will streamline its nine existing security offerings into just one flagship Norton Security product.
The UK's Government Communications Headquarters (GCHQ) spy agency has been exposed scanning entire countries for server weaknesses that allow it to exploit vulnerable ports. According to reports, it does this using a tool called Hacienda, which is Spanish for estate.
The accusations came out in German newspaper Heise. "In 2009, the British spy agency GCHQ made port scans a 'standard tool' to be applied against entire nations," Heise reports. "Twenty-seven countries are listed as targets of the Hacienda".