Is the App store really safe?

Most people who lifted their shiny iPhones and pressed upgrade to iOS5 button, were looking for a better battery life that can get them more rounds of Angry Birds. The reality is that Apple’s latest updated was dealing with something a lot more important.

A week ago Accuvant LABS computer security researcher Charlie Miller uncovered a major security flaw that gives hackers a way to build apps that look and act legit but then downloads unproved code to your phone. Apple have always been known for having a tight grip on their app store and such incident shows that no system is fully secure from hackers attacks.

Miller even demonstrated by creating his own app that does that and got it fully approved by Apple and then did a video of what the app can do. His app have been now removed and his license revoked.

Cloud storage and the new realities for IT departments

IT departments love control and for a good reason. Security is a major concern for large corporations with thousands of employees, but even a small business like your local bakery also wants to be protected from cyber crimes.

The challenge is a lot of people are switching to a new breed of web applications like dropbox and box.net which are very easy to use. Employees already use these tools at home for their everyday lives and they love it, so why not at work!

The problem is security and lack of control over these application. IT departments need the ability to tackle issues and attacks in real time and depending on a service such as Dropbox might not be their ideal solution.

Dropbox and other services are noticing the trend and started offering business packages and more control for teams.

To me the main thing to understand here, is the power of good design and development. People use applications like Dropbox because they are so easy to use and there are no crazy setup preferences to make you call a younger son or daughter to teach you how to do something.

Cyber Spying

We love and hate china all at the same time. Why? Obviously, we hate their communist government but we love their cheap labor and market potential. So like any other troubled couples, the United States and China have their fights.

Some times we accuse China of lowering its currency and jeopardizing our competitive edge, but this time the accusations went to cyber space.

According to Reuters: “The U.S. intelligence report said on Thursday China and Russia are using cyber espionage to steal U.S. trade and technology secrets to bolster their own economic development, which poses a threat to U.S. prosperity and security.”

Obviously china denied any wrong doing and accused the United States of being irresponsible. An expected move from our friendly giant from the east.

The real issue is, why its so easy for foreign agents to infiltrate the U.S. networks and what should we do about it?

Is it even possible to create a network that is 100% resistible to hackers attacks? Should the United States counter attack with its own cyber army of computer programmers?

A lot of questions that makes us wonder, where is the world going and could the next big war be over a cyber attack?

CAPTCHA Defeated!

Have you ever tried to post a comment on your favorite blog or tried to creat an entry on Wikipedia and you had to type in these strange distorted letters? These letters are called CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”

Its an annoying system that most of us have come to hate but had to use to block spam bots that automate tasks like account registration and comment posting.

A team of researcher have defeated the system with a process called segmentation where they were able to separate the letters and through a special process, clear up the image and automate a method of reading them.

The only system that was not defeated was that used by Google. Are we going to look for alternative solutions? Are the new solutions going to be even more annoying? Why do you think?

Separate, more secure Internet!

Have you ever imagined what would happen if hackers gained access to an electricity grid or a nucular power plant computer system? What if through their access they could connect with physical controls within these spaces? Experts are saying this is very possible.

After a seemingly sophisticated attack on the unfinished Iranian nuclear power program last year. A lot of people thought this is the work of a foreign agents or something a long those line. However, this was replicated recently by researches using simpler methods. “Yet for all its science fiction sophistication, key elements have now been replicated in laboratory settings by security experts with little time, money or specialized skill.” -Associated Press

That is why, there are ideas being tossed around suggesting the creation of a separate, more secure network for critical infrastructure systems.

What are the implications of such creation? and would something like that cripple technical innovation for integrating infrastructure to expanding technological systems? I am not sure but I think in the end it’s better to have a safe and sound infrastructure and think deeply about how should we move forward in a world plagued with cyber criminals.

Culture of Recklessness

Few weeks ago the U.S. Air Force revealed details about a virus that infected the drone fighters program. The malware seems to be a key logger which is a program that records the keyboard strokes on a computer. The embarrassment and uproar at the air force security services was felt through out the media reports. These past few days new details were revealed that inflamed the situation further. According to anonymous sources, the malware is the same kind used routinely to steal log-in and password data from people who gamble or play games like Mafia Wars online.

Is it just me or does it seem like recklessness in very sensitive jobs have been on the rise lately? Few months ago there was a story about airport controllers watching online videos while on the job and now our pilots that are flying drones and bombing terrorist are playing mafia wars on the job! When should the line be drawn and are we addicted to this new age of continues access to the web?

Recklessness should be unacceptable. This situation is a recipe for disaster in this climate of cyber attacks and security problems. Maybe it’s time for us to get back to doing our jobs with professionalism and dedication.

Social Computing Installations and the Security Risks

A friend of mine shared a link to this website http://deaddrops.com/ which is a social computing installation experiment that is spreading across the world. In the creators own words “Dead Drops is an anonymous, offline, peer to peer file-sharing network in public space.”

I started watching the video on how this experiment is supposed to work and its basically people installing a USB drive onto a wall in a public space using some cement and others come around with their computers and plug them into these USB drives and download and share the data. Right away security risk red flags went up everywhere in my head.

This installation serves as a testament to how ignorant and misinformed most people are. Connecting your laptop to these mounted USB drives, is like opening your house for a thiefs and inviting them over to sniff through your stuff. It’s crazy and the sad thing is that common people don’t even understand the nature of the risk.

The cyber war on syria

It’s been almost eights months since activists took the streets of Syria, in an attempt to topple the regime and to bring a much needed reform and justice to the people of Syria. The protests are taking presence in a new space lately, the cyber space that is.

The hacktivist groups, Anonymous and RevoluSec both made an astonishing attack on several Syrian government websites and defaced them and put interactive maps with the names and informations of those killed at the hand of the security forces. Some of the defaced websites were offline for almost 16 hours showing the lack of care and special attentions on the part of the Syrian government.

Few weeks earlier the Syrian government was also accused of forming a group by the name “The Syrian Electronic Army” this cyber group was accused of hacking Harvard’s home page and posted pro Syrian government slogans. The group was also accused of hacking Facebook pages of Brad Pitt and Angelina Julie and others.

This new trend of activism through the use of cyber space and hacking, raises many questions regarding the ethics behind such acts . Is it okay to be a hacker as long as you are doing that in the name of activism or is it still unethical and mostly a criminal act?

Dangers of using a single password

Huge portion of users create and use the same password for all of their accounts. What is the issue with such a practice? The main problem is when that single password is compromised, leading the attackers to easily infiltrate all of your other accounts which all use that same password.

A clear lesson should be learned from the Trapster incident where hackers where able to break into the websites database and compromised the e-mails and passwords of many users causing a wave of breaches across other social networks.

“Trapster’s gaffe comes a little more than a month after hackers rooted Gawker Media servers and made off with some 1.5 million user passwords and corresponding email addresses. After a file containing the booty was posted online, many users of Twitter, Facebook, and other popular websites reported a spike in account breaches, indicating the sad fact that some folks can’t be bothered to use a unique password for different sites.” – http://www.theregister.co.uk/2011/01/21/trapster_website_hack/

Users should find alternative methods to creating and managing their passwords such as using software tools like “Wallet” and “1Password”. Tools like these enable users to generate unique secure passwords for each service they use and manage them all across their devices by using one master password. The web is getting bigger and our involvement within it keeps getting deeper and deeper, which makes us more vulnerable. Its time to take steps to protect ourselves from these kinds of problems once and for all.

Cybercrime Epidemic

Cyber crimes are being committed across the web every minute of everyday. The extraordinary fact is that these attacks are not only effecting everyday citizens but also giants in the cyber security field.

“48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked.” – The daily beast

Financial services are getting hacked and stolen from in mass proportions along side the FBI, the CIA and many more big and important organizations.. The situation is so embarrassing and the smartest and the brightest minds in cyber security are getting owned everyday.

What is the problem and what is the solution? Why do hackers even do what they do? It’s possibly the sensation of achievement or the money that can be made. Maybe both!