Malware protection for mobiles - more choices

Both T-Mobile and France Telecom have announced partnerships with mobile security company Lookout to preload free malware-protection software onto selected Android devices. Also AVG have announced a secure browser for Apple iOS and anti-virus for Android. And industry giant Norton have announced new mobile security software to protect multiple devices, including Android smartphones and tablets, as well as iPhones and iPads. All in all there are a lot more options for security on mobiles and tablets worth checking out.

Security Firm Identifies Top Words Used in Spear-Phishing Attacks

Security Firm Identifies Top Words Used in Spear-Phishing Attacks: A new report from security software company FireEye details the top words used in malicious attachments and emails distributed by spear-phishers. Spear-phishing are targeted phishing attacks. They may be sent to you at home to try and get your work passwords for example, by-passing your employers security. More phishing to be aware of was also reported this week with a spurious Microsoft update email .

Trojan Horse Found in the App Store

Watch Out: Trojan Horse Found in the iOS App Store: Kaspersky have reported  a new malicious app on the Apple App Store and Google Play Store. The app's name is Find and Call, and it's the first time they report having seen a malicious app make it into Apple's App Store.

3 Ways Cyber Scams are Getting More Personal - and Social

Social media is allowing a more diverse range of scams than ever before. And according to this article, it's the perfect target for criminals - too many people are just used to sharing without ever thinking about security. There are 3 ways scammers are increasingly exploiting this vulnerability in people:

1) By putting malware in links that social media users are relaxed about clicking on;
2) By developing malware that appears to be part of a social media service and thereby can request, and capture, personal and financial data;
3) By using personal info from social media to target their attack and make it seem more credible.

For 'Enterprise Security' read 'Home Computer Security'

Employers often find it difficult to raise the cyber security awareness of their staff. One of the reasons for this is: what’s in it for them? What incentive is there for employees to act securely? But I think employers may be missing a trick. Corporate security awareness training could include home computer security advice, so that staff see some personal benefit from the training. They may then take away a better understanding of security. There could be a win-win for business, and home users, in this way.

Ex MI5 chief gets laptop stolen at Heathrow airport

The report suggests that the laptop might have been left behind on a luggage trolley by the car park. But it can happen to anyone. Even an ex-MI5 chief can get their laptop stolen at Heathrow airport.

Smartphone security is heading for 'apocalypse'

Interesting overview of the vulnerabilities of mobile phone encryption leading to the view that we are moving to 'apocalypse' when it breaks down. And this doesn't even consider the software issues such as cyber attacks on smartphone operating systems, malicious apps, sharing of malware, rogue diallers etc. And a lot of these also have parallels with the PC boom in the 90s.

Smartphone security is heading for 'apocalypse'

Free Anti-virus for Mac

Now is the time to install anti-virus for Mac if you haven't already done so. With more widely occurring attacks on the Mac coming to light, the need for anti-virus on Mac OSX has risen substantially. Symantec have recently brought out a free option called iAntiVirus. It doesn't have the full capabilities of paid-for anti-virus but joins some other free Mac anti-virus tools such as ClamXav and Sophos Home Edition.

Cybercrooks bring their schemes to Tumblr and Pinterest

Cybercrooks bring their schemes to Tumblr and Pinterest: CNET reports: "Digital criminals are expanding their social-networking nefariousness beyond Facebook and Twitter to try to trick users into downloading malicious payloads."

Parental Controls on eReaders

Here's a useful little article about parental controls (or the lack of them) on the new wave of web enabled eReaders. I use K9 web protection on PCs and this is now available for iPads, and is in the works for Android, so will cover at least some eReaders.

A Trojan by SMS

It was pretty obvious that the security landscape for smartphones would gradually resemble that of PCs and here is more evidence. The rise of RATs, or Remote Access Trojans. One of the attackers most effective weapons and, in this report, delivered over SMS!

Remote access tools a growing threat to smartphones - a Trojan by SMS

Is this the youngest hacker ever?

Yesterday, my 4 year old daughter cracked my wife's PIN on the Wii fit. She turned around from the screen to look at us and said 'mummy, is your number XXXX?' I could see from the display that she was 'in'. It was absolutely hilarious and I was in stitches!

New Mac malware exploits Java bugs, steals passwords

A quite sophisticated password-stealing malware on Macs. It would seem to be a drive-by download using Java bugs to get itself installed. Security updates should by now be blocking it, but it just goes to show that users can't be complacent about security, even on the Mac.

Geo-tracking can give away your photo locations

To keep your photo locations private make sure you turn off GPS tracking of photos in the "settings" on your smart phone. Location data can be embedded in the photos and easily accessible if, say, the photos are posted online.

Geo-tracking can give away your photo locations

Privacy shouldn't be an after-thought

There are a lot of privacy stories around at the moment especially in relation to social media. In information (cyber) security it is accepted practice to undertake a risk assessment, a key part of which is the potential impact of a security event. Unfortunately in both security and privacy those who feel the impact, the victims, are not necessarily those who perpetrate the loss. So there is insufficient economic incentive for those taking risks with our personal data to do it well. For me there are at least 3 arguments in favour of Privacy Impact Assessments (PIAs) which are proposed as a way forward:
1) To redress this balance and encourage more investment in privacy protection;
2) To provide guidance and help to organisations;
3) To ensure 'due diligence' is performed;
Of course if 'due diligence' becomes box ticking, or PIAs are seen as bureaucratic obstacles then these benefits may not be realised. Ultimately what we want to encourage is 'privacy by design' and this can only be achieved if the right risk analysis is performed ab initio.

A Useful Review of 3 Free Bootable Rescue Discs

Important recovery tools - extremely useful

A Useful Review of 3 Free Bootable Rescue Discs

(Yet another) Facebook malware scam takes hold

I could be posting a scam like this everyday! But it doesn't hurt to have a little reminder of the sort of things scammers will try to get you to click where you shouldn't. In this case it's a fake CNN site.

Security flaw exposed in some home security cameras

Owners of some Trendnet cameras need to update their system. A major security flaw enabled cameras that were already set up to provide access over the internet, to be viewed by anyone without a password. Any software or setting used to provide remote access or sharing is always a risk and this flaw just shows that sometimes the insecurity can be out of our control.

Demand for safety kitemark on software stepped up

I am not convinced that an EU NCAP style 5 star 'security rating' on software would be very practical but a rating for PCs might at least allow novice buyers to take security into consideration when purchasing.

Today is Change Your Password Day !

What a good idea! Change your password day. Lots of good ideas captured in this article and the others that it links to.

Nice Review of My Book

And I have had such a nice review of my book by a fellow infosec professional that I just had to link to it!

5 URL expanders to help you avoid dodgy links

This report at Mashable lists 5 tools to expand shortened URLs. They range from those that just provide you with the full web address so you can make your own decision whether to visit it or not, to those that actually check out the site for you in advance.

Comodo Cleaning Essentials - clearing a virus infection

Cleaning a PC after a virus infection can be a pain. There is a review of what looks like a versatile tool at: Comodo Cleaning Essentials - clearing a virus infection

Malware targeting childrens' game sites

An interesting report about malware targeting kids games sites. If malware can get into your childrens computer then it has a chance to get on to yours. Or there may be a computer mostly used by the children and occasionally used by adults. If used for sensitive activities like banking, this use by the kids could leave it vulnerable. Moral - keep the kids computers safe and check up on their security posture from time to time.

Use This Infographic to Pick a Good, Strong Password

Some excellent tips on choosing passwords contained within this infographic.

US researchers awarded grants for home computer security research

Researchers at Michigan State University have received grants totaling about $500,000 to seek ways to help people increase the security of their home computers. The researchers will study how to help home users better understand security issues by carrying out surveys of public opinion on computer security and experiments to find out how people learn about security.
There hasn't been a great deal of research into home computer security so this will be an interesting activity, and it is good that they are starting by trying to understand the users. The next step should be to see how to incoporate security tools and help, into applications and web sites in a more novice friendly way.