There is a bug in my Apple – Part 2

Intego announces first-ever iPhone malware scanner – really?

July 12, 2011 11:49 AM ET Gregg Keizer – COMPUTERWORLD

http://www.computerworld.com/s/article/9218339/Mac_security_firm_ships_first_ever_iPhone_malware_scanner

Follow up on my previous post on the new security flaw discovered in Apple’s iPhone and iPad – see https://bringyourownit.com/2011/07/07/oops-there-is-a-bug-in-my-apple/

With impeccable timing, this morning Intego announded the availability of the “first-ever iPhone malware scanner”. Sure enough I went to the Apple Store and downloaded the VirusBarrier app in my iPhone and iPad. My test drive impressions: the app still leaves to the end user the responsibility to check the attachments rather than enforcing it. It is quite clunky and may provide a false sense of security: if you tap the attachment and then release the finger a little too early, you’ll end up opening up the attachment instead of scanning it(!) Probably safer – and cheaper – not to open pdf attachment in general. And as any other consumer app, there is no centralized IT management whatsoever: no reporting and no policy enforcement. One more thing: Apple is supposedly working with Adobe to address this vulnerability and will provide an update soon. At that point this app may become simply useless … but I guess this is one of those situations where “something is better than nothing” …

A few comments from a couple of Trend Micro’s experts:

Mark Bloom, Director – Director Product Marketing @ Trend Micro : “Usage or not, they [Intego] will get a lot of brand awareness out of this…..just for that value, it was worth the development effort.”

Patrick Wheeler, Sr Product Marketing Manager @ Trend Micro : “[… Apple iOS] antimalware matters, which puts us [Trend Micro] at an advantage over MDM-only vendors like MobileIron, Airwatch, and Symantec, and allows us to talk up the differentiation for our own antimalware we get from integration with SPN.”

Oops … there is a bug in my Apple!

The new security hole found in iPhones and iPads reminds us that no platform is immune to security threats and that there is in fact a need for mobile security software for Apple products.

http://online.wsj.com/article/SB10001424052702303365804576431541102701136.html

Not so secure after allHere we go. As it turns out Apple mobile operating system is not so secure after all. While it is common perception that iPhones and iPads are so secure that they don’t even need antimalware software, the reality is that any piece of software is potentially defective and therefore vulnerable to attacks. And Apple is no exception as shown by the recent discovery of a new security flaw affecting Apple’s best selling devices. Even worse, previously discovered security issues in iOS were limited to a minority of jail-broken devices, where end users deliberately patch the standard operating system to escape Apple’s suffocating control on device and apps – see my beer side chat on YouTube at http://www.youtube.com/watch?v=ZjbqI2V18sY.

Read more of this post

Bombmaking and Cupcakes

When the “bad guys” are in fact the “good guys”


Spies hack al-Qaida's Inspire magazine

Friday, Jun 3, 2011 09:41 ET

Spies hack al-Qaida’s Inspire magazine: British intelligence agents replace bombmaking instructions with cupcake recipe

URL: http://bit.ly/l0wDzN   – PAISLEY DODDS, Associated Press

I have always been fascinated by the fine line separating good and bad in cyber security. Admittedly we tend to see the security world in black and white. On one side we have the “bad guys” doing any sort of “bad things” such as planting malware or hacking websites. On the other we have the “good guys” trying to stop them from getting away with their wrong doings. Well, as it turns out sometime the “bad guys” are in fact the “good guys” trying to stop the real bad guys from doing really bad things. Confused?Case in point: British intelligence agents hack al-Qaida’s website and replace bombmaking instructions with cupcake recipe. While it is not a surprise that intelligence organizations around the world use cybertools as part of their work, I always wondered how they maintain their leading edge, how they gain knowledge of zero day vulnerabilities and, in the end, at what extent governments are in fact indirectly funding the cybercrime underworld. Knowledge of  Zero day vulnerabilities is worth millions – if not tens of millions – in the black market. What kind of organizations do you think can afford to buy this expensive know-how? Intrigued by the topic? Speak your mind. Leave a comment.

Catching Android Tokens in the Wild

Below is my interview with Shaun Nichols of V3.co.uk on the latest Android security flaw:

Unsecured Wi-Fi leaves Android users open to attack

/v3-uk/news/2071676/researchers-disclosure-flaw-android

Android logo

18 May 2011, Shaun Nichols  , V3

Experts are warning of the dangers of unsecured Wi-Fi connections after a group of German researchers uncovered a security flaw which could leave Android users’ contact information exposed.

Researchers from Ulm University reported that many Android handsets and tablets are currently vulnerable to attack via an unsecured Wi-Fi connection when used to access authentication tokens for Google’s Calendar, Contacts and Gallery services. The vulnerability lies in the handling of the authToken component. When the user is connected on an open Wi-Fi connection, an attacker could capture and reuse the token to access data on the Google services. “The implications of this vulnerability reach from disclosure to loss of personal information for the Calendar data,” the researchers wrote. “For Contact information, private information of others is also affected, potentially including phone numbers, home addresses and email addresses.” The flaw is found in handsets running Android versions prior to 2.3.4 and tablets running Android versions prior to 3.0. The authorisation is performed over a secure connection on newer versions which prevents harvesting of the tokens. The researchers suggest that, if possible, Android handset owners should update to the newest version for their device.

Read more of this post