Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged mobile security

Trouble keeping up with the industry? IP3 Inc.’s CPE ToGo Program is here to help

Posted by Ken Kousky
Ken Kousky
Ken Kousky has not set their biography yet
User is currently offline
on Friday, 09 September 2011
in MyBlog

The past year has been plagued with a variety of new attacks. The most influential being Operation Shady RAT and its attack on over 70 organizations, the theft of RSA’s SecureIDs, and the DigiNotar hack that resulted in the compromise of numerous SSL certificates. All of these attacks have one thing in common. They are all Advanced Persistent Threats (APTs). APTs are a new breed of attack taking the IT industry by storm. They are carefully monitored, resilient to defense, polymorphic and incredibly successful. But these attacks are after much more than a few SecureIDs or SSL certs, the true target is the information these assets allow their attackers to access. With one SSL cert, attackers are able to spawn an infinite amount of fake websites and lure in unsuspecting victims who submit valuable personal data and banking data to the false pages, without warning, without suspicion. This information is then used for political and financial gain, all fueling the machine and allowing further attacks to break down the fragile system we all hold dear.

APTs are one of many emerging threats on the frontlines of IT security. Other hot topics in the industry include Cloud Computing security, new challenges in Cryptography, and emerging Exploits. Even business related aspects of IT are changing rapidly such as the many improvements to be made to Risk Management procedures all influenced by the recent natural disasters on the east coast along with the 10 year anniversary of 9/11.

So many emerging topics, so little time.

But there is hope for security professionals. IP3 now offers an all new way for security professionals to learn about all of these new emerging threats and technologies and at the same time keep up on their certifications by earning valuable CPEs, all for an incredible price, wrapped up in a package that fits the lifestyle of the even the busiest IT security professional.

Click here for more information on IP3 Inc.’s industry first CPE ToGo program.

Hits: 1707 0 Comments

Mobile Malware: Coming soon to a PC near you!

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Wednesday, 25 May 2011
in MyBlog

The evolution of mobile apps has become a viral topic among technologists. Developers are rapidly transitioning their skills from PC based programming back to the minimalist programming seen in the early stages of computing where resources were limited. There are already an estimated 350,000 apps on the Android market and more than a half-million in the iOS App Store. With these mobile app environments growing so quickly, PC companies are struggling to keep up and searching for a beneficial solution.

Enterprises have been exploring the idea of virtualization of applications to allow functionality on various platforms for a long time now. Much of this development can already be seen today on mobile devices and PCs that run Java environments to power universal applications. What they are really searching for is a solution that allows for universal operation of applications that use little to no system resources. If these apps can run on less powerful smartphones then they should have potentially amazing capability on PC platforms.

Well now this solution is within reach. Bluestacks is currently developing technology that will allow Android apps to be run on a PC. Though this seems great for integrating our bulky yet powerful desktop and laptops in with our mobile devices, it should also be raising some red flags. 

According to research published by Juniper Networks, mobile malware on the Android operating system went up 400% in the six months prior to 2011. Thats should be a frightening statistic! Why would we ever want to allow these applications to run on our PCs?! As if our PCs didn't already have enough malware to defend against, we are going to add mobile malware into the equation.

The technology will be virtualized so there is an assumed level of security associated with such technologies. This security is usually provided through the use of a hypervisor to manage communications between software and hardware and also between the hosted operating systems themselves however, the technology pitched by Bluestacks seems like it will stray from this model. 

"End users don't have to toggle between operating systems. They can simply click on an icon for an Android application, for instance, to launch and use it." Rosen Sharma, president and CEO of Bluestacks said.

From a security standpoint, we find this methodology very risky. We expect to see malware propagating through this new attack vector very soon, you can count on it. "This will be the number one attack vector within a year!" Ken Kousky, president and CEO of IP3 Inc. said.

 

Hits: 784 0 Comments

Spotlight on Mobile App Security: Part 1

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Tuesday, 08 February 2011
in MyBlog

 

Mobile devices continue to become our main source of productivity throughout our lives. Making phone calls and checking email are one thing but now we can browse full web pages and even edit documents. Mobile apps make our lives easier and…well…more mobile.

In todays world it is hard to find a task that cannot be completed in the palm of your hand. We can now conduct entire business meetings from an iPad, monitor our servers remotely through our smartphones, and take care of our banking and finances all while on the run. This could be a fatal mistake if we are not careful. We need to slow down for a minute and consider some serious security implications of our mobile actions.

Physical security of these devices is key when talking about mobile security. As smartphones get smaller and smaller and our technology keeps up with Moore's Law, we must keep in mind that these devices now become more susceptible to theft. Just think of how easy it is to slip your phone into your pocket, this task is just as easy for criminals.

You may think that your smartphone doesn't carry very important information. This is a huge mistake in the mindset of security. Soon our smartphones will carry more than just our contacts, photos and web access. They will be our main form of identification, our car key, our credit card, and our login token. Google and Apple have already began work on this theory of eliminating passwords and using our mobile phones for complete authentication.

Failing to protect your mobile devices could also soon be hazardous to your health. As medial records continue to transition from paper to digital form we will soon be seeing all of our medical information flashing across our smartphone screens. This is not something you can afford to lose or have maliciously altered. 

Mobile apps still don't stop there. We all know that the banking industry has already taken a huge turn towards mobility. But have you heard you can even file your taxes on your smartphone? Intuit reports that as of February 2011 350,000 downloads of its SnapTax application are already in use by iPhone and Android customers. Thats right, you can even file your taxes on your smartphone. No more trips to the library or even to your computer. 

So what if you lose your phone or it gets stolen? There are options to secure yourself. These options include a growing list of mobile encryption programs. You may also want to check out Apple's Find My iPhone app as well as the beta third party Android version Mobile Defense. These apps, and many like them, are like LoJack for your mobile devices. Lost devices can be located, wiped and protected all from remote locations using these innovative security apps.

These topics barely break the surface of mobile security. Physical security is one small aspect of securing your smartphone. Stay tuned for more information on mobile app security including Cloud computing and how it will affect your smartphone security.

 

Hits: 1144 0 Comments