Thursday, 5 September 2013

Vint Cerf defends Google Glass innovation over privacy concerns

Google’s chief internet evangelist, Vint Cerf, has defended the firm’s augmented reality Glass project from privacy concerns, claiming its innovation potential far outweighs these issues.
Speaking on Wednesday at the Telefonica Campus Party event in London, attended by V3, Cerf argued that it represented the next stage in computing and held huge potential for improving people's lives.
“Google Glass is a very important new development. I know there’s been a lot of debate and discussion about Glass and privacy issues and the like but I want to give you a sense of why it is so important,” he said.
“It’s an opportunity to experiment with what happens when you allow a computer to become part of your sensory environment. It sees and hears what you see and hear and it can apply its power and the power of the internet to make use of information in context.”
He gave the theoretical example of a blind man trying to communicate with a deaf man, in a foreign language.
He said Glass could recognise foreign voices and translate it to the wearer's language, while also being able to interpret sign language and relay this message in text too. He acknowleged, though, that sign language interpretation was a little way off yet for the device.
“This is a very powerful opportunity to see what happens when computer power is made available within the context within which you operate.”
His comments on the privacy discussions that have surfaced around Google Glass relate to questions posed by numerous government regulators about how exactly the tool will work with regard the collection of data and facial recognition profiling.
Recently, regulators in nations including Australia, Canada, Israel  and Switzerland sent a document to Google chief executive Larry Page asking how he would ensure data protection laws would be upheld by the product.
While speaking at the event on Wednesday, Cerf also called for the creation of an internet fire service that could tackle security 'blazes' when they occur to minimise the risk of exposure to other firms and users online.

Smartphones and tablets make it 10 times easier for cyber criminals to make money

Smartphones have outsold feature phones for the first time
Businesses' use of consumer-focused devices has made it 10 times easier for criminals to monetise their cyber scams, according to security firm AVG.
AVG chief technology officer (CTO) Yuval Ben-Itzhak made the claim during a press session attended by V3, arguing that businesses' use of devices, such as the Apple iPhone and Samsung Galaxy S4, has made 2013 a golden year for cyber crime.
He highlighted the threat of Trojan and malware-laden applications targeting open ecosystems, such as Google Android, as a particularly pressing concern.
"One of the most exciting things about mobile devices is of course the apps. We have on the AVG user base, 44 million active users and on average people download about 60 different apps to their device. For the hackers this environment is heaven," he said.
Ben-Itzhak added that a lack of robust mobile security has made it 10 times easier for the criminals to make money from their schemes.
"In the days of PC they'd compromise your computer and steal your credit card. People thought it was easy for the hacker to monetise it, but it's not. They couldn't use it personally or directly, they had to use a third party, or a 'money mule'," he said.
"In the mobile environment it's 10 times easier. On your mobile device you have your credit card with your network operator. One of the top monetisation techniques being used by hackers is mobile apps. These apps make the phone send SMS messages to premium-rate numbers, letting them automatically collect money."
He added that the problem will only grow as criminals develop new ways to target the multitude of different information technologies in smart devices.
"You probably remember connecting your PC to the internet and being worried about all the threats coming to this individual information channel. But now, when I look at the average smartphone, there are seven pieces of information technology, the text message, WiFi, Bluetooth, NFC [near field communication], etcetera," he said.
"Even the power when you charge your mobile device can be used to compromise it. It's not just connecting to the internet that makes a difference, each and every one of these communication technologies opens a door for bad guys to come in."
The AVG chief is one of many security experts to warn about the growing mobile threat facing businesses. Most recently competing vendor McAfee reported seeing a marked increase in ransomware and banking-focused mobile malware targeting businesses.

Samsung makes Knox security service available for all and unveils updated Galaxy Tab 10.1

Samsung Galaxy Tab 10.1 2014 edition
Samsung has made its Knox security service available to all users of its high-end devices, not just enterprise customers, as well as unveiling another new device, the Galaxy Tab 10.1 2014 edition.
The firm explained that users of this new tablet and the 5.7in tablet-phone hybrid, the Note 3, would be able to activate Knox themselves on the device, rather than IT departments having to do it for them.
The firm said the service will also shortly be made available for users of its existing Galaxy S4, S3 and Note 2 devices. V3 contacted Samsung to ask how this would be managed, but had received no reply at the time of publication.
Samsung said activating the service will allow users of the devices to store images, documents, video and other personal data in a secure container within the device, while applications such as corporate email contacts and calendar can also be added.
Samsung’s senior vice president for the Knox Business Group, Injong Rhee, said making the service available for all would help customers keep up with the ongoing bring-your-own-device (BYOD) trend.
“We are delighted to see Samsung Knox provide advanced data and privacy protection for both enterprises and consumers,” he said.
“The availability of Samsung Knox to consumers will accelerate the adoption of Samsung devices for BYOD as prosumers can now readily experience Samsung Knox with ease at no cost."
Samsung’s Knox service has already been approved by the US Department of Defense for use on its networks, underlining the strong security credentials it has, as Samsung looks to take its huge consumer strength into the enterprise. The UK government may approve its use too.
There had been confusion about exactly how and when the Knox service would be made available, but the announcement about consumer availability of Knox seems to suggest it is finally reaching a stage where it can be accessed by anyone who wishes to use the service.
The firm made the announcement at the IFA trade show in Berlin where it also unveiled the new Galaxy Note 10.1 2014 edition. This is powered by a 1.9GHz octa-core processor and has 3GB of RAM.
The firm also promised it would have improved S Pen capabilities, such as better  responsiveness. The device is just one of many unveiled by the firm at the show as it seeks to continue its dominance in the gadget market.
Another star of the show was Samsung's Galaxy Gear smartwatch, beating Apple to the release of a high-end wearable piece of technology, while the Galaxy Note 3 phablet has also grabbed headlines.

Google Android will beat Apple iOS with its open approach, argues AVG CEO

Android 4.4 Kitkat statue
Apple's closed approach to its iOS mobile ecosystem will ultimately force it to become a niche player in the global phone market, according to AVG chief executive Gary Kovacs.
Kovacs, speaking to V3, said that while the closed approach to iOS allowed it to become an early leader and innovator in the phone market it will ultimately force businesses and consumers to embrace open systems, such as Google Android.
"Apple is a vision leader, an innovator whose products work great together. But, over time [firms such as this are] not usually the volume leaders. This is for a number of different reasons, but mainly because the flexibility of the platform isn't there," he said.
"We're seeing the same trend they had on desktop with mobile, where they showed the way with their user interface, which made the machines so simple to use. But [Apple] ended up settling with only seven to nine percent of the laptop and desktop market. Windows machines, from a bulk of different manufacturers, became the majority.
"Mobile devices, phones specifically, are going the same way. Apple now holds substantially below 20 percent of devices sold in the world – even though their devices are, debatably, still the most elegant."
Kovacs listed the extra hassle Apple's closed approach causes developers wanting to create products for the iPhone as a key reason why iOS will eventually lose out.
"I believe closed standards and proprietary technologies often are the way technology innovation starts. It's hard to standardise on something that is yet to be invented. But as soon as something is invented there is a push to standardise the technology so that more participants can play. For example, there are 10 million developers in the world but only 300,000-400,000 iOS developers," he said
"I mean 10 million is a couple of orders of magnitude more significant, so if we open up a platform to those 10 million developers we create a level and scale of innovation that can't be matched or replicated on a proprietary system. Over time open standards typically win."
The AVG chief has been a long proponent of open mobile standards. Kovacs famously spearheaded the creation of Mozilla's Firefox operating system (OS). Based purely on HTML5, the OS is intentionally designed to be as open and easy to create applications for as possible.
Kovacs said competition between manufacturers using Android will also lead to hardware innovations. "What stops people from going there is largely just the economics of the whole platform. As many different manufacturers using Android start to compete with each other it drives cost down and innovation up and that's what people react too over time," he said.
Kovacs' comments follow widespread praise within the security community for Apple's closed approach to iOS. The approach sees Apple vet any application for quality and safety before putting it on sale in its official App Store. The model has proved successful from a security standpoint, with there yet to be a reported serious malware outbreak on the platform. F-Secure chief research officer Mikko Hypponen also praised the approach for its security, listing iOS' malware-free status as one of the biggest security achievements of the century.
Android by comparison, which doesn't pre-scan applications and lets developers tweak code as they like, has been besieged by malware. Most recently the US Department of Homeland Security issued a report claiming that 79 percent of all mobile malware is designed to target Android.
Kovacs argued despite the troubling figure, ultimately businesses and consumers will still move to open platforms that can more quickly react to their needs.
"While some argue Apple is more secure as it is closed I argue whether or not that is true isn't really the point. The point is those proprietary systems don't usually persist because the cost of the systems is less innovation. Right now Android has more apps than Apple and that differentiation will probably continue to scale. We're going to again see that closed systems lose out to open systems," he said.
Kovacs' comments have been backed by many analyst houses, which have universally listed Android as the fastest-growing mobile ecosystem. Most recently Strategy Analytics listed Android as accounting for 80 percent of all smartphone shipments.

Security community not equipped to protect next 2.5bn web users' privacy

The security community needs to create new tools to help smart device users know and control what data they are sharing with companies and governments, according to the new chief executive of AVG, Gary Kovacs.
He made the claim during a press briefing attended by V3. Kovacs said security companies have failed to keep pace with the rapid growth in use of smart devices and the subsequent change in web behaviour.
"The fundamental change happened around five years ago and instead of just seeking information on the internet, we began seeking connections with each other," he said.
"We are sharing more of our lives online; our financial data, our friends, our social circles, pictures of our family, pictures of ourselves. This is not just on Facebook but in many different places. So the risk to our data, to our security, to our privacy has never been higher."
AVG chief technology officer Yuval Ben-Itzhak added that the news is troubling as the rapid growth has left many individuals unsure what data they are sharing, leaving them vulnerable to unscrupulous companies and individuals eager to collect the information.
"You sitting with your mobile device's WiFi on are transmitting your IP and all sorts of information. People are starting to collect this information, both in things like retail and government. This is another piece of information technology being used to compromise the user's privacy," he said.
"Say you're shopping at a mall. They want to know how often you've visited the mall, which store you stayed at the longest. They want to know what type of devices people are holding. This is everywhere. If you're walking in the streets of London and you see a recycling bin, it's not because London is becoming green. The recycling bins are being used to collect information."
Kovacs said while some companies have moved to address the issue they are too partisan and require users to lock themselves into one service provider. "There are many different pieces to security, privacy and threat detection that different organisations are providing but they all look different, are administered differently and have a different user interface," he said.
The ex-Mozilla chief went on to reiterate his call for open standards. "Ultimately, as a user, that's not a whole solution unless I'm willing to live my life on one platform. I could live my whole life on Apple, but ultimately most people will be more satisfied living their lives on multiple platforms."
Kovacs added that companies looking to solve the privacy concern will only succeed if they avoid taking an overly draconian, one-size-fits-all approach and should instead work to make it easier for web users to make informed choices about what they share.
"When I talk about privacy I'm not talking for everyone, I'm not saying all third parties are bad. I'm not saying Google is bad, in fact they offer some great services," he said.
"What I am saying is people have to have choice, we have to have transparency about what's happening with our data and then we have to have the tools to allow us to choose how much of our online lives we want to share."
Despite the enormity of the issue, Kovacs said solving the privacy problem is a huge opportunity for businesses.
"Although it took 22 years to connect the first 2.5 billion, the next 2.5 billion people are coming online in just five years. So in roughly half the time it took the first time we're going to double the size of the internet population," he said. "We have created an incredible opportunity but we have an incredible challenge ahead of us."
Getting the people in emerging markets online is a key goal for numerous technology firms. Prior to Kovacs' comments Facebook founder Mark Zuckerberg announced the initiative, which is designed to help connect people in poorer regions to the internet.
Businesses' collection of customer data has been a concern for privacy groups for many years. Silent Circle chief executive Mike Janke said businesses must rethink their reliance on cloud-based services, such as Google's Gmail, if they hope to protect their customers' metadata and privacy.

Internet needs ‘cyber fire department’ to protect web users, claims Vint Cerf

Vint Cerf on stage at the Campus Party in London
The internet needs a "cyber fire department" to tackle online issues as and when they arise so that risks found on websites or services do not spread.
Father of the internet and chief internet evangelist for Google, Vint Cerf, made the call during a speech at Telefonica’s Campus Party event in London, arguing that a response force would help protect those without the means to defend themselves.
“In the internet environment there are many fires caused by cyber attacks – trojans, malwares, worms, DDOS and so forth – and many small businesses and individuals are not prepared to respond to that, or don’t have the capability,” he said at the event, attended by V3.
“What we need is a cyber fire department to defend us from attacks – not a cyber police department, as sometimes an issue is just a mistake. However, if it turns out, with evidence, that it was a criminal issue, then you would pass it on to the cyber police, to expand the metaphor."
Cerf also touched on issues around net neutrality, arguing that the internet must remain a free and open place to operate, although he acknowledged that as new and evolving threats emerge there is a need for greater government co-operation.
“While there are lots of technology issues with the expanding internet, the harder problems are around policy as there is a great deal of tension about who is in charge of the internet and who should control its evolution,” he said.
“Keeping the internet as open and free from control as possible is very important. But, we do have to cope with abuses on the network and figure out the people harming other people or infrastructures like power grids and transportation, we have to have an international agreement on tackling these abuses.”
Speaking more broadly about the future of the internet, Cerf said it was vital that effort is applied to getting people online in new markets such as Africa and the Pacific islands, touting the efforts of Google's own Project Loon as an example of how this could be achieved.

Anonymous hack Azerbaijani energy giant 7GB data leak

Anonymous hacktivist group announced about successful hacking of Azerbaijani energy giant - “Azerenergy” JSC. As a result of it 80 important documents appeared in the public domain, reports Securitylab portal.
According to the hackers there is confidential information, data on illegal schemes, accounting documents, contracts, etc. among the stolen documents. The representatives of “Anonymous” posted links to archive files with a total of 7 GB.
Hackers stated that they did not approve of the policy carried out by Ilham Aliyev, the current President of Azerbaijan. "This disclosure (of documents) is one of the steps from the series of disclosures in fight against the Azerbaijani mafia clans," the hackers’ message reads.
Recently, about 1.5 GB of various data pertaining to the Ministry of Communications and Information Technologies of Azerbaijan was stolen by the representatives of hacker movement “Anonymous”.

Tip Of The Week: How To Fight Ransomware

If you use the Internet, then you’re sure to have encountered screen lockers. You may be one of the unlucky people who have encountered that embarrassing moment when an explicit picture pops up, covering your entire 24″ screen, demanding you pay a tidy sum of money to avoid your coworkers’ stares. Or maybe you’ve dealt with ransomware, and have been asked for a miraculous code that removes the “FBI computer lock?”
Those banners are actually indicators that your computer has been attacked by criminals who are using screen-locking malware to blackmail you. Programs of this kind limit your abilities to use your own computer; they can block your screen and/or keyboard and limit access to your taskbar and shortcuts. They may threaten you in various ways, but they will all ask for ransom in order to restore your system to a normal state.
With the new Kaspersky Internet Security you can enjoy a new function that is called Protection against screen lockers. With the help of this feature, you’ll be able to block blackmailers with a simple keyboard shortcut.
To ensure that the function is activated or to set your own key combination, click the Settings link in the main program window. In the Protection Center component, choose System Watcher and make sure that in the Protection against screen lockers section, the Detect and close screen lockers check box is selected.
Here, in the dropdown list, you can select a combination of keys, which, when pressed, will enable protection against screen lockers to either detect and delete them

Man In The Browser attacks scare banking world

The majority of financial service professionals considers Man In The Browser as the greatest threat to online banking, cybercrime increases its use.

Man In The Browser attack, DDoS attacks, phishing are most insidious cyber threats against banking institutions. Last statistics proposed by principal security firms confirm that online banking is considered a lucrative business for cybercrime.
The large diffusion of online banking platforms, their openness to mobile and social networking platforms are attracting the attention of cyber-criminals that are concentrating their effort against online banking services. The first form of attacks was considered phishing, using social engineering tricks crocks are able to obtain banking credentials from unaware banking customers.
Unfortunately also malware authors concentrated their efforts to hit the growing sector developing new malicious code able to steal banking credentials from victims often including key-loggers agent and screen grabbing modules.
The response of banking world was the improvement of authentication processes, a classic example is represented by rapid diffusion for multi-factor authentication such as OTPs (e.g. One-time passwords device/service (SMS, email), a hardware token).
The cybercrime ecosystem has widely used the man-in-the-browser attacks to overtake defense systems, let’s see what it is and which are the countermeasure that could be really effective for user’s security.  The majority of financial institutions in numerous surveys has considered Man In The Browser as the greatest threat to online banking. In the classic scheme for the “Man in the Middle” attack the attacker lies between the victim client and the banking server, it’s clear that the introduction of encrypting traffic could make ineffective the technique.
In the Man-in-the-browser schema the attackers integrate the concept proper of the above methods with the use of malicious code that infects victims client component such as the browser. Usually MITB appears in the form of BHO (Browser Helper Object)/Active-X Controls/Browser Extension/Add-on/Plugin/ API – Hooking.
Man-in-the-browser attack is based on the presence on the victim machine of a proxy malware that infects the user’s browser exploiting its vulnerabilities. The malware is able to modify transaction content or conduct operations for the victims in a completely covert fashion. The malware is usually able to hide its transactions to the client altering the content proposed by the browser.
man in the browser
The malware is able to bypass multi-factor authentication, once the bank website authenticates the user that has provided the correct credentials the Trojan horse waits for the transactions to modify its content. The malicious code is also able to provide evidence of the success of the user’s transaction altering the content displayed by the browsers once executed.
The Man In The Browser attack is a very insidious because neither the bank nor the user can detect it, despite a multifactor authentication process, CAPTCHA or other forms of challenge response authentication are implemented. Security experts find that most Internet users (73%) cannot distinguish between real and fake pop up warning messages neither have possibility to distinguish malware crafted content.
The majority of financial service professionals in a survey considered Man In The Browser to be the greatest threat to online banking, malware such as Zeus, Carberp, Sinowal  and Clampi have inbuilt MITB capabilities. Recently a Trusteer’s security team identified a new instance of the Ramnit malware that uses the HTML injection to target the digital distribution platform for online gaming Steam.
Unfortunate end-users are still vulnerable to Man In The Browser attacks, their unique responsibility it to try to limit the occasions of exposure to attacks (e.g. Phishing) that could allow the infection of their system.
The most efficient countermeasure is considered out of Band transaction verification containing transaction details along with OTP and on bank side the adoption of a Fraud detection based on User behavior profiling.
In the following table a useful table that resume principal countermeasures adopted against a Man-in-the-browser attack and their real effectiveness.
Man In The- Browser attack on the rise

The NSA Is Breaking Most Encryption on the Internet

The new Snowden revelations are explosive. Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics.
It's joint reporting between the Guardian, the New York Times, and ProPublica.
I have been working with Glenn Greenwald on the Snowden documents, and I have seen a lot of them. These are my two essays on today's revelations.
Remember this: The math is good, but math has no agency. Code has agency, and the code has been subverted.