iPhone 4S Flaw?

Recently Macworld reported a flaw in the new iPhone 4S. A new feature called Siri is a voice-activated feature that allows users to make all sorts of voice commands. But, with the default setting on, Siri is accessible even while the phone is locked. This will allow anyone to send e-mails and text messages, and make calls without entering a passcode. Without entering a passcode, users have limited access. For example, calls and texts can’t be made to people that are not in the contact list. Although there is limited access, unwanted users could still perform unwanted actions.

Turning off the default setting would be the simple solution to this problem, but I don’t see why Apple would allow such access while the phone is locked. It somewhat defeats the purpose of locking the device despite the fact that there is limited access. It may be a convenience to not have to unlock the device to access certain things but is it worth it? It’s pretty much up to the user to have convenience over security.

http://news.cnet.com/8301-1009_3-20122632-83/bad-siri-shell-let-anyone-use-a-locked-iphone-4s/?tag=txt

ATM Malware

Feel safe using an ATM machine? Think again. Back in 2009, a research group in Europe discovered a new malware that is able to compromise ATM machines.

An ATM malware sample was obtained from a financial institution in Eastern Europe where researchers learned that it ran on ATMs using Microsoft’s Windows XP operating system. One of the analysts stated “Those who wrote the malware have detailed knowledge about how ATMs work.” Also, in order to install the malware, a person would need access to the inside of an ATM. This means that insiders could be involved or ATMs would have to be broken into.

The malware works by recording the information from magnetic stripes as well as the PIN numbers. To obtain the recorded information from the ATM, a person could print out the data on the ATM’s receipt roll after inserting a special master card. Or, the data could be recorded on the special master card itself. The malware currently didn’t have any networking capabilities, but eventually it could evolve and have the capability of spreading.

Finding out if an ATM has been compromised, I think might be very difficult. Maybe you could look for possible signs of the ATM being broken into or suspect anything to be wrong or unusual with the user interface. Also, a security vendor found that the malware had been customized to target machines made by Diebold, so that could be another thing to watch out for.

http://www.wired.com/threatlevel/2009/06/new-atm-malware-captures-pins-and-cash/

Smartphone Use by Military

With the military trying to incorporate the use of smartphones on the battlefield, many critics are becoming more worried about potential data breaches or attacks that could occur on the military’s networks. One researcher pointed out that enemies could track the movements of troops or steal sensitive military information. Also, malicious software aimed at smartphones is on the rise, and that could have a bad impact on the military.
Smartphones are already a target and the use of smartphones by the military could make it a BIGGER target. To help with the issue, Symantec Corp. is working on a product called ‘O3,’ to provide security for wireless military networks. Also, the military will have its own online application store.

The use of smartphones in battle may be useful, but is it worth the risk? Even though companies are coming up with security solutions, there is always one person out there that is capable of bypassing all the security. The possibility of the enemy tracking the location of troops makes it very risky. Also, the idea of the military using smartphones brought a funny picture to my head; a soldier Facebooking in the middle of battle. It’s most likely that it will never happen, but you never know.

The military using smartphones? What do you think?

http://www.homelandsecuritynewswire.net/securing-smartphones-battle

IPs and UFOs

What does an IP address have to do with UFOs?

Well, a 42 year old self-taught British IT expert is facing 60 years in prison because his IP address was found after he supposedly made the ‘biggest military computer hack of all time’.  Gary McKinnon, a UFO enthusiast was arrested in 2002, for hacking into the US government’s computer systems. It was such an ease to hack into the systems that he ‘got sloppy’ and went into places directly rather than going through systems. This caused NASA to track back his IP address and so on…

McKinnon, a UFO enthusiast at the time was searching for any information that was associated with extra-terrestrial findings and to his surprise came across many things. He got a hold of top secret images and documents, and one document claimed that the
agency has to airbrush UFOs out of satellite photos because ‘there are so many of them’. I found this very surprising because I thought UFO findings are rare.

The government’s security systems have failed to protect its data, and have caused confidential data to be leaked out into the public. But, I always wonder why the US government would hide this type of information. Also, why does this UFO enthusiast have to go to prison for so long. I could see that if he gained information for money, then I would understand, but he just wanted to know more about UFO findings. Also, McKinnon thinks that he is facing 60 years because the government is scared of what he has seen. Since this was back in 2002, the US government should have made some improvements in computer security by now. But, with the recent virus hitting the military’s predator drone, it makes me wonder if computer security is a top priority for the government.

To read more on the article, visit the link below.

Source: http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking

Biometric Security

Biometric security is really useful in the world of today. Securing passwords are easier than ever, and the methods of accessing personal information are much more secure. With the swipe of a finger or scan of a face, a user is able to log into online bank accounts and gain access to email accounts.

Biometric security is one of the oldest forms of security, and now days it’s becoming more popular. Many businesses today incorporate the use of biometrics and many consumer electronics today are equipped with biometric sensors. According to the article, there is an expected growth for mobile phone embedded biometric security solutions.  To be more specific, an increase from four million to 39 million users by 2015.

This could bring positives and negatives. Sure, it could keep data safe from hackers or prevent unauthorized entry to accounts, but it could cause hackers to become more advanced. Not that hackers are not already becoming more advanced.

For example, hackers might have no choice, but to try and gain possession of another person’s fingerprint.  It might be ok if someone found out another person’s password, but if a fingerprint was to be stolen then that would be bad.

Sources: http://www.homelandsecuritynewswire.net/strong-growth-mobile-phone-embedded-biometric-security-solutions

 

Facebook Timeline

Just recently, Mark Zuckerberg announced a new feature called Timeline that will be available to all facebook users in a few weeks. Supposedly, this new feature will summarize all of a user’s important past events in a one page summary. This would be a good way to somewhat share a person’s life story online which could include first dates they’ve been on, meaningful events, or favorite foods. It doesn’t mean that it’s not already made available for someone to see, but it makes it easier for another person to learn more about someone else. That person however, could potentially be a cyber criminal. They could easily gather information about a person in order to find answers to security questions or find smarter ways to spread malware. Other than a cyber criminal, there could be people out there looking for information to use against other people.

Simple way to be safe: don’t post personal information and
try to have common sense when posting things online.

http://www.computerworld.com/s/article/9220240/Facebook_s_Timeline_will_be_boon_for_hackers

Hackers Wanted

Back in February the Defense Advanced Research Projects Agency (DARPA) launched a program called ‘Cyber Fast Track’ to help build its cyber security efforts. Each year the program is expected to fund almost a hundred cyber security and software research projects. By funding programs like these, the government hopes to build relations with the hacker community in order to build a stronger defense system.

According to the article, DARPA researchers found that an everyday hacker could create a code consisting of 125 lines that could crack 10 million lines of code. So, a hacker could be really useful in strengthening the security efforts for the government.

It’s about time that the government is on the same side as the hacker community, but this also brings to question. Are hackers willing to be on the same side for a simple paycheck? Or are they better off on their own and getting access to information more valuable than that paycheck? It’s really up to the hackers if they want to do good to get the goods or be bad to get better goods.

http://cybersecuritynews.org/2011/02/07/hackers-wanted-for-cyber-fast-track/#comments

smart phones targeted

Smart phones are now becoming a part of the everyday life for most people, and with that, it can provide cybercriminals with all kinds of information. They could find out the location of the device and all other personal information that is exchanged between people and their smart phones. Not only a cyber criminal, but also the average person that is not quite computer savvy could listen in on another person’s phone call and access personal data.  Smart phones are now a target because it can access a company’s network and most traditional security systems won’t detect a breach from a mobile device. According to the first link, botnet infections have been discovered on 40,000 Android devices over the course of 6 months. Imagine what it would be like a couple years from now. It is most likely that the security of mobile devices will become more advanced, but not enough for a hacker to not get through it.

Just because it doesn’t look like your average computer doesn’t mean it can’t be hacked without you knowing it. Overall, being careful of what important information you store on your smart phone and how it is put to use, is the best way to be safe.

http://searchsecurity.techtarget.com/news/2240081235/Study-tracks-first-signs-of-Android-botnet-infections

http://news.cnet.com/Spy-program-snoops-on-cell-phones/2100-1029_3-6055760.html