Jacob Goodwin Top Priority Sector: border_security Image Caption: Rep. Henry Cuellar (D-TX)is legislation’s sponsor If Congress passes and President Obama signs the Jaime Zapata Border Enforcement Security Task Force Act — which calls for closer collaboration and better info-sharing among U.S. agencies and foreign governments — it would cost DHS about $1 million per year [...]
View full post on The Cyber Wars
At its annual Symantec Vision conference attended by enterprise customers and business partners, Symantec laid out its management and security product strategy for mobile endpoint devices, including the iPhone, iPad and Google Android devices.
View full post on Computerworld Security News
View full post on National Cyber Security » Announcements
The Union home ministry has issued an unusual advisory for cops across the country, listing out measures to reduce growing instances of cyber crime by minors.
View full post on cyber stalking – Yahoo! News Search Results
View full post on National Cyber Security
The Union home ministry has issued an unusual advisory for cops across the country—it has listed out various measures to reduce growing instances of cyber crime among minors.
View full post on cyber stalking – Yahoo! News Search Results
View full post on National Cyber Security
It was a busy week for Apple malware hunters fighting the Flashback Trojan horse, which has infected between 270,000 and 600,000 Macs. A bevy of tools to find and remove the malware debuted this week. And two days after promising to release a detection and removal tool, Apple finally offered its own fix.
Now, as the dust settles on what is considered to be the largest Mac malware threat to date, experts have started pointing fingers at Apple as being partially to blame for the scope of the Flashback malware infection. They argue that if Apple were more transparent about security issues–and if it had promptly released a Flashback fix–the extent of the damage could have been smaller. Also contributing to the magnitude of the infections is a boost in the number of Mac OS users, they say.
“When the installed base [of an OS] is 10 percent or less, the bad guys don’t care,” says Peter James, spokesperson for Mac antivirus and security product vendor Intego. The bigger the user base, the more attractive the target, he says. Web analytics firm NetMarketShare.com estimates that the Mac installed base has jumped to 13 percent in the United States, and research firm Gartner says that Apple has become the fastest-growing U.S. computer maker–overtaking Acer and Toshiba–over the past year.
Perhaps surprisingly, James and other security experts say that Apple needs to look to Microsoft when it comes to handling OS security breaches. For years Apple has mocked Microsoft for its track record in dealing with Windows malware, viruses, and weekly patches. Now the tables have turned, says Larry Ponemon of the Ponemon Institute.
Ponemon and others say the Flashback Trojan horse is the final nail in the coffin for Apple’s stellar security image. He says that although Microsoft juggles a much larger number of threats, it does a better job of warning customers and delivering fixes.
We have heard dire “Macpocalypse” warnings before. Last year Apple’s sterling security image was tarnished with the advent of the Mac Defender malware program. Before that, in 2006, the focus was on the Leap.A virus, the first ever virus for Mac OS X. (For a great short history of Apple Mac malware, check out NakedSecurity.com’s timeline from 1982 to 2010.) But this time, security experts insist, Apple’s security bragging rights are gone for good.
It’s worth noting that Mac security software sales jumped as Flashback infections began to dominate tech headlines. That fact has prompted many vocal critics to point out that it’s in the self-interest of Mac antivirus companies to be critical of Apple’s security measures.
But a brief timeline of Flashback, security experts say, illustrates their point. The underlying Java vulnerability that Flashback exploited was publicly known, and patched by Oracle, in February. On April 3, Apple released a Java security bulletin pointing to the Oracle patch, and declined to disclose, discuss, or confirm the infections. On Tuesday, Apple acknowledged the existence of Flashback and said that it was developing software to detect and remove the malware. On Thursday, it released the Flashback malware removal tool.
First off, there is no disputing that Microsoft, having the dominant OS, faces far more security threats than Apple does. You can argue all day about how secure Apple’s flavor of BSD Unix is versus Microsoft’s Windows, but the difference is Microsoft’s transparency. As PCWorld’s sibling publication Macworld puts it: Apple has a good security record, but “it still has some work to do in terms of its reputation for security.”
Mac OS users unfamiliar with Windows may be surprised to learn that Microsoft regularly schedules the rollout of security fixes on Patch Tuesday, the second Tuesday of each month. But for IT managers and consumers, knowing what’s at risk and when a fix will be available is vital for minimizing exposure to threats. Microsoft also issues critical patches as they become available for exploits.
The system is not perfect; coupled with Windows Update, however, it offers a first line of defense against malware, exploits, and viruses.
Mac OS also automatically checks for software updates every week, and you can change that setting for more-frequent updates. But it’s Apple’s legendary wall of silence and foot-dragging on deploying fixes that have placed it in security experts’ crosshairs.
“When problems and vulnerabilities exist, Microsoft provides information quickly,” Ponemon says. Microsoft, he notes, has been good at communicating, sometimes to the point of being annoying. “Apple hasn’t done as much to communicate with its users,” he says.
Apple’s iron grip on information and the release of fixes has been a nagging issue for years. In 2008, for example, Apple took over four months to patch a DNS vulnerability.
“Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear,” wrote Chester Wisniewski, a security researcher for UK-based vendor Sophos, in a blog post about Flashback.
Brian Krebs, of Krebs on Security, says that more threats are on the way. “We can expect an evolution of threats against Mac users that will largely mirror those that Windows users face: that is, via the exploitation of vulnerable browser plug-ins, such as Adobe Reader, Flash, and most definitely Java.”
Apple’s Flashback fix, deployed Thursday, mitigates Java flaws. “As a security hardening measure, the Java browser plug-in and Java Web Start are deactivated if they are unused for 35 days,” Apple says.
The bigger problem, say some observers, is correcting the perception that the Mac platform is invulnerable. That notion has fostered a laissez-faire attitude toward security among Apple customers, says Intego’s Peter James.
For years Apple has promoted the idea that Macs are far less vulnerable to malware and viruses than PCs are. As part of the “Get a Mac” television ad campaign in 2006, actor John Hodgman (as the PC) says, “Last year, there were 114,000 known viruses for PCs.” And Justin Long (as the Mac) replies, “PCs, but not Macs.”
Mac users are faced with new threats that require new security precautions, James says. “They’re faced with threats they’ve never seen before.”
System administrator Steve Mallard says that many of the student Mac users for whom he provides help-desk services live in denial. Mallard, an IT manager for several state universities at the Tennessee Technology Center in Shelbyville, Tennessee, says students come to his staff with Mac problems and don’t believe that their computers have been infected until shown the evidence.
Over the past few years, Mallard says, he has seen the percentage of infected Macs brought in by students jump from 1 to 15 percent.
“Even though the Mac OS is more secure, its users don’t have the awareness,” Intego’s James says. “Educating users to the risks that they face is one of the most important things Apple can do, the same way you teach your kid to cross at the green light.”
Article source: http://www.pcworld.com/article/253656/flashback_malware_puts_apple_in_security_spotlight_experts_weigh_in.html
View full post on National Cyber Security » Virus/Malware/Worms
He may be the baby of the Dáil but the youngest TD has accused his senior colleagues in Government of being childish.
View full post on cyber wars – Yahoo! News Search Results
View full post on National Cyber Security
It’s fair to say that the Rev. Edward Searl was surprised — and not pleasantly so — when his church received its phone bill for November.
It was for $27,020.
“We were amazed. We’re still somewhat befuddled by it,” said Searl, who is minister at the 300-member Unitarian Church of Hinsdale.
During one weekend in November thousands of calls to Libya somehow were made from the church’s phone lines.
“By the looks of it, they were continually making two-minute calls,” Searl said. “The list goes on and on.”
Because it was unusual activity, ATT noticed the fraudulent phone calls made on Nov. 13 and Nov. 14 while they were taking place and blocked them, Searl said. But not until the caller racked up thousands of dollars in costs for the international calls.
“They invaded our phone system,” said Searl. “They were able to access our outgoing phone lines. It jammed our phone lines, totally.”
He said the calls were made while the church office was closed.
The church has been in negotiations with ATT, which has agreed to eliminate a percentage of the money owed, Searl said. He declined to say how much a percentage, but said the church currently is still on the hook for a substantial bill. He said the negotiations are continuing.
Searl said ATT advised the church to make a report to local police, which it did on March 22.
Hinsdale police Deputy Chief Mark Wodka said this type of apparent fraud of a phone system is unusual.
“It’s unclear if it was a person or a machine making the calls,” said Wodka, who added that police are uncertain if the alleged fraud is in their jurisdiction.
amannion@tribune.com
View full post on National Cyber Security » Computer Hacking
From traditional sales-related services to intangibles such as banking, tourism, and education, services represent the fastest growing sector of the global economy. They are also by far the largest component of GDP.
View full post on ISO – Latest News
View full post on National Cyber Security
China, one of the world’s largest Internet markets, could be out of reach of Facebook because of the Chinese government’s strict censorship policies, the company said in its filing for an initial public offering (IPO).
The company however continues to “evaluate entering China”.
Analysts do not expect conditions to get favourable soon for Facebook in China. The market, which already has popular homespun social networking sites, is also moving to Twitter-like microblogs.
“China is a large potential market for Facebook, but users are generally restricted from accessing Facebook from China,” the filing said. “We do not know if we will be able to find an approach to managing content and information that will be acceptable to us and to the Chinese government.”
Speculation on Facebook entering the Chinese market mounted in late 2010 when the company’s CEO Mark Zuckerberg visited several major IT firms in the country. But to enter the country’s market Facebook would have to abide by China’s censorship laws, which force sites to delete content critical of the government. Besides Facebook, some other Internet sites like YouTube and Twitter are currently blocked in the country.
The Chinese government was always nervous about Facebook, said Bill Bishop, an independent analyst who watches the Chinese Internet market. Facebook’s role last year as a forum for protestors to organise against governments in the Middle East and North Africa only cemented those concerns, he said.
“If Facebook wants to come to China, it would be great, but it’s extremely unlikely to happen in the near or medium-term,” Bishop added.
Facebook will also have to compete in a market already occupied by strong domestic players, said Mark Natkin, managing director for Marbridge Consulting. Some of these competitors include sites such as Renren, which features a user interface similar to Facebook, and had 137 million users as of September 30.
But many of China’s Internet users are moving away from Renren and other Facebook-like social networking sites and instead flocking to Twitter-like microblogs operated by local Chinese companies. Chinese users of these Twitter-like microblogs have reached 250 million users, according to the China Internet Network Information Center.
“From a competitive standpoint, the market has already moved on,” he added.
In spite of being blocked in the country, Facebook still has some users in China. Beijing resident Shi Beichen, a Facebook user since 2006, said he visits the site by connecting through a virtual private network (VPN), which allows him to view sites blocked by Chinese authorities.
One reason he uses Facebook is because the site is free of censorship. He also likes the site because it allows him to synchronise his different Internet applications such as Tumblr and Instapaper on to one platform through Facebook, he said.
“I think Facebook will enter China. Zuckerberg wants to come. But it will be extremely difficult,” Shi said, noting China’s censorship laws and the popularity of social networking sites already operating in the country. “Foreign Internet companies still don’t quite understand the Chinese Internet market or its users’ habits. Even if the companies don’t involve themselves with sensitive topics, it will still be hard for them to succeed.”
View full post on National Cyber Security » Computer Hacking
In an audacious new visualization, Randall Monroe of xkcd takes on money — where it comes from, where it goes and what it buys.
View full post on O’Reilly News and Commentary
View full post on National Cyber Security