By Andrew Storms
Two years ago I took some hard hits from my peers for calling the iPhone “a security nightmare.” Two years later, I can’t find a single person who doesn’t agree that the iPhone is the number one mobile target of security researchers.Fast forward to today: Is the iPhone still a security nightmare or have those problems been relegated to annoyance status?
Browsing Category: Social Engineering
By Andrew Storms
From TidBITS (Rich Mogull)
The original iPhone was widely criticized by security professionals for lacking essential security features for the enterprise, the large corporate networks that have special needs because of huge numbers of users and the massive back-end operations to support those users.
The original iPhone was hard to lock down, had only limited secure connectivity options, and lacked both data protection and some way to destroy data remotely if you lost the phone. Those capabilities have continued to improve with every iPhone software release and, combined with the hardware improvements in the iPhone 3GS, even regular users can now enjoy security equivalent to that provided by most corporate environments. Read the full story [tidbits.com]
Kun Liu from IBM Research discusses the potential for developing privacy-aware social networking applications through the measurement and monitoring of privacy risks.
From Google Online Security Blog (Macduff Hughes)
There’s been some discussion today about the security of online accounts, so we wanted to share our perspective. These are topics that we take very seriously because we know how important they are to our users. We run our own business on Google Apps, and we’re highly invested in providing a high level of security in our products. While we can’t discuss individual user or customer cases, we thought we’d try to clear up any confusion by taking some time to explain how account recovery works with various types of Google accounts and by revisiting some tips on how users can help keep their account data secure. Read the full story [Google Online Security Blog].
From Network World (Michael Cooney)
Researchers at IBM have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.
According to IBM the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data. Read the full story [Network World].
From Computerworld (Jaikumar Vijayan)
In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually.
Starting Dec 31, 2010 companies that fall into this category, called Level 2, will be required to undergo an onsite review of their security controls by a MasterCard approved third-party assessor. Read the full story [Computerworld].
Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.
T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.
From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises. Read the full story [reuters.com]
From SC Magazine (Chuck Miller)
Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week. Read the full story [scmagazine.com]