Thursday, 4 April 2013

Mobile Security Issues

Each and every day in 2013 brings a new set of surprises to the hyper-connected population roaming the global cyberland. Mobile connectivity is exploding and smartphones and tablets are whetting the appetites of cyber criminals and the population of hacker world. Any device that has information stored on it is vulnerable as the fast-evolving technology for mobile phones makes it much easier for hackers to spread their mobile malware.
There are a plethora of security solutions on the market but the stubborn fact is that a high percentage of mobile phone users remain lackadaisical when it comes to preventing attacks on their devices. For example, McAfee has reported that about 36 percent of smartphone users do not use password protection. There are no silver bullets in the cyber security solutions goody bag and being lazy about fundamentals and sharing details of passwords makes for a field day of malicious hacks and network infiltrations. These days it seems like cyber crime is in the headlines on a daily basis.

Hacker communities are close to "state of the art" in miscreant behavior and professional programmers are behind many of the attention getting hacks. The HP Cyber Security Risk Report of 2012 finds that mobile phone vulnerabilities are growing dramatically. Mobile phone risks are more pronounced, state numerous entities around the globe, making the problem a persistent aggravation and more than a major concern for businesses and governments. One statistic has mobile malware jumping some 80 percent last year making it highly possible that all enterprise networks are in jeopardy. The largest target, the financial industry, receives hundreds if not thousands of threats on a daily basis. Feature rich mobile devices generate revenues for criminals. Stolen data brings huge financial rewards.

Cyber miscreants will continue attacking mobile phones in larger and larger numbers. Again, the motivation is simple. The information contained on storage devices easily converts to money making revenue for hackers. As network security continues to deteriorate, legacy systems will remain impossible to secure. Mobile is different from a security perspective. Microsoft Windows deployments have been in large demand in the business world and security solutions have largely been developed around this fact.
But mobile's operating systems are very different architectures from Windows. Architectures greatly impact the attack matrix. Today international behaviors breed mobile malware and any software running on a mobile device is an entry point for hackers. Bring Your Own Device (BYOD) is a strategic development in the marketplace and like your computer, mobile devices will "always" be on the network. The virtual world requires new thinking of the security paradigm. With constant and rapid evolution in the mobile device space it is truly Trick or Treat each and every day.

Best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan

One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, "anyone pirating Swiftkey is taking a serious risk"
He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs.
"Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK." he explained.
He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server. Along with the host IP address.
Android malware is growing at a far more rapid pace than for other mobile platforms. For a Cyber Criminals, it is not important to develop their own malware program from scratch, Reversing ready-mate apps and inserting malware code can easily make their job more easy.
Users really need to think about permissions and consider what the app is asking to do, and to be careful where they are downloading apps from.

Donald Trump is Suing a Brooklyn man for Cyber squatting

J. Taikwok Yung is 33, lives with his mom in Brooklyn, and bought domain names that criticize billionaire Donald Trump and cybersquatting him. Cybersquatting is a legitimate crime that’s defined by the Anticybersquatting Consumer Protection Act.

"Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price." from wikipedia.
Donald Trump Is Suing a Hacker for Cybersquatting
Donald Trump is seeking $400,000 in damages from a Brooklyn man, who register four domains,, and as domain names of well-known trademarks and then try to sell the names back to the trademark owners, Mr. Trump.
Donald Trump sues Bill Maher over joke 2012: Should Macy's dump Trump? In 2011, Yung filed a complaint seeking to keep the domain names, citing fair use and First Amendment rights, after actions filed by the Trump Organization demanded he hand the websites over to Trump.
He collected nearly 200 domain names, including ones related to Merrill Lynch and Bank of America. Yung maintained that he never contacted the Trump Organization about selling the domain names for profit, he wrote in the complaint.

5 Places Where You Should Never Give Your Social Security Number

Every time you go to a new doctor or dentist and they give you a clipboard brimming with documents to fill out and sign, notice how they always ask for your Social Security number? Do you dutifully give it up? Did you ever wonder if they really need it?

Almost every day somebody asks for your Social Security Number and, like the Grand Marshal of a parade throwing rose petals or candy to the crowd, you probably give it up without giving it a second thought -- because that's what you've always done.

So, the next time someone asks you for your Social Security number, reflect on this: In December, the Army announced that hackers stole the Social Security numbers of 36,000 visitors to Fort Monmouth in New Jersey, including intelligence officers. Cyber activists took control of the CIA's website. The private information, including some Social Security numbers, of celebrities and political leaders including FBI Director Robert Mueller and Secretary of State Hillary Clinton were exposed.

The sensitive data of First Lady Michelle Obama, Vice President Joe Biden and Attorney General Eric Holder, recently were posted on a website for the world to see.

Hackers even listened in on a phone call in which the FBI and Scotland Yard were discussing the criminal investigation against those very same hackers!

And these incidents are only the crumbs on top of the coffee cake when you consider that hackers and thieves have improperly accessed more than 600 million consumer files since 2004.

The moral to these horror stories is that if your Social Security number is stored on any computer anywhere, hackers will find a way to access it, or a compromised or disgruntled employee may well walk out the door with it. If your doctor, gym, or child's grade school claims otherwise, that their security systems can protect your private data better than the CIA, FBI and Scotland Yard, to quote Monty Python: "Run away!"

Your identity is your biggest asset, and your Social Security number is the key to your personal kingdom. With it an identity thief can wreak havoc, hijacking your old credit accounts, establishing new ones, buying cars and houses, committing crimes, even obtaining medical products and services while pretending to be you, endangering not just your credit and your reputation, but also your life.

Consumers whose Social Security numbers are exposed in a data breach are five times more likely to become fraud victims than those who aren't, according to the latest identity fraud report by Javelin Strategy & Research.

"Just say no," should be your motto here. For better or worse, you are the gatekeeper. The person most responsible for shielding your Social Security Number is you. Therefore, your mission is to limit, as best you can, the universe of those who gain access to it.

Here's a short list of companies and organizations that have absolutely no business requesting your Social Security number:

1. Anyone who calls or sends you an official-looking email, who texts you a link to any site or designates a number to call where you are asked to confirm your SSN. If they call, check the credit or debit card that is the subject of the communication, call the customer service number listed on the back, and ask for the security department. If they email or text, do the same, or go directly to the institution's website (provided you know who they are). Make sure you type the correct URL, and make sure that the page where you are asked to enter your information is secure. Only provide personal information if you're the one who controls the interaction.

2. Public schools: Your utility bill confirms your address. Your email and phone number give them channels to contact you in an emergency. Asking for your Social Security number is overkill.

3. Little League, summer camp and the like: For the same reasons as school, a Social Security number should never be required by these groups. If they ask for your child's birth certificate, show it to them, don't leave it with them unless they can prove they will protect it. And even then, can you really believe them? If you use credit to pay for the activity, the organization may need your Social Security number. If you pay for it upfront or with a direct debit to your bank account or credit card, they don't. Period.

4. Supermarkets: A frequent shopper card is neither a loan, nor a bank account. It's merely a tool grocery stores use to track your purchases, primarily for marketing purposes. Regardless, many supermarket chains request customers' Social Security numbers on their application forms. Refuse.

5. Anybody who approaches you on the street, whether it's a cellphone company salesman offering a free T-shirt or someone running a voter registration campaign: Never, ever give your SSN. If you want an ill-fitting T-shirt festooned with corporate logos, buy one. If you want to register to vote, go to your county board of elections in person.

This is the short list. There are plenty of other organizations that should never get your Social Security number, and if you know one that I've left out, please leave it in the comments.

Don't just hand it over your Social Security number to anyone. Once you realize how often you are asked for it, you may be surprised. It happens all the time. So, the next time someone does, as they inevitably will, here's how to handle it:

1. Take a minute and think. Maybe they ask for SSNs blindly, because everyone else does, or because that's how they've always done it. Maybe they actually need it. See if their reason sounds legitimate. (Update: For example,'s Credit Report Card does ask for your SSN in order to generate your credit score and credit report summary -- an industry standard -- but the information is fully encrypted with a bank level authentication process.)

2. Negotiate. There are many different ways to identify you without a Social Security number, including your driver's license or account number. Fight to use those instead.

3. If you must share your Social Security number, do so, but make sure the people taking it down have strong security measures in place to protect it. That said, you only have their assurance and frankly, in light of the mistakes people make and the sophistication level of hackers, who really knows if they can protect it?

If all this sounds like a giant pain in the neck, you're right. It is. In the midst of our busy lives, we shouldn't be the only ones concerned with protecting our most valuable identity asset, but it is what it is. Until somebody creates a Silver Bullet for identity theft, we are forced to take matters into our own hands.

Don't be passive; ask the companies and nonprofit groups with which you do business how they plan to protect you. Do they password protect and encrypt all the personal information they collect? Do they have strict controls on who has access to computers containing your Social Security number, and do they keep this sensitive data off laptops, tablets and hard drives that are easy to steal or lose?

Like the doctor I met, many companies collect Social Security numbers they don't need because they're operating on autopilot. They've always done it, and their colleagues at other companies do it, so the practice continues and spreads on the strength of simple, dumb inertia. I believe that we are smarter than that. By demanding that companies do a better job protecting our personal information, and refusing to hand out our Social Security numbers like candy at a parade, we can force them to get smarter, too. And if they don't think we're serious about this and the government doesn't finally force them off their Social Security number addiction, it is highly likely that the ultimate regulator of the American economic system, class action attorneys, will be knocking on their doors.