QUOTE:Â Facebook announced this week that it acquired popular messaging app WhatsApp for a stunning figure of $19 billion. The app is currently the most popular messaging app for smartphones, and boasts over 450 million users while adding an additional 1 million users every day. Of course, not everyone that uses WhatsApp is on Facebook, and some privacy advocates have expressed concern that Facebook will now have access to all of WhatsAppâ€™s user data.
â€śCurrently, WhatsApp can change terms and conditions at any time, without notifying users, which many people who use this service arenâ€™t aware of. Meanwhile, Facebook already has a very broad copyright license on peopleâ€™s content and already shares your data with many other services,â€ť said St. John Deakins, the CEO of Citizenme, a group advocating for online privacy. â€śNow with Facebook buying WhatsApp, this could see more and more private information becoming part of Facebookâ€™s database. From a personal data standpoint, this is extremely worrying.â€ť
WhatsApp will be absorbed by Facebook and function as an autonomous unit within the company. Though itâ€™s easy to doubt the siteâ€™s motives, itâ€™s likely that Facebook simply saw the app as a massive growth opportunity. Facebook has obvious plans to expand its messaging services, and WhatsApp is a logical extension of their goals. However, for those WhatsApp users who arenâ€™t comfortable living under the thumb of Facebook, it may be time to find another online messaging service.
QUOTE: More than one billion people nowadays use smartphones devices and this number is growing rapidly. With the growing numbers of mobile users accessing the internet on Android smartphones and tablets, and iOS iPhones and iPads, the number of mobile threats and attacks is rising progressively.Â Mobile users store sensitive data, and engage in online banking operations, exposing devices to the modern mobile threads. You need constant protection. Not even these big names were immune from attack: German Chancellor Angela Merkelâ€™s smartphone was hacked; Rovio, creator of popular game Angry Birds, reported that the personal data of its customers might have been accessed by U.S. and British spy agencies;Â and recent news of other leaky phone apps have caused people to look for ways to protect their private mobile communications.
QUOTE: By now, we are all familiar with Facebook scams that claim to give your Newsfeed a designer look. Remember Facebook Red or Facebook Black? Those pretty themes ended up spreading spam and malicious links via online surveys and fake videos. Today, the AVAST Virus Lab experts discovered a unique varietyâ€“ the Facebook Music Theme Scam.Â The Facebook Music Theme Scam is supposed to change the theme and add a song to your Facebook page. But when our Virus Lab expert, Honza Zika, investigated, he got more than danceable music tracks, â€śWhat this code does is modify Facebook.Â It automatically liked 32 photos, people, groups, â€¦ See my activity log, that is just half of it.â€ť
QUOTE: Most of the tests and reports generated by NSS Labs are aimed at big companies, Fortune 500 domestically, Fortune 2000 worldwide. They help these enterprises choose the best next-generation firewalls, intrusion prevention systems, and so on. From time to time, they also put consumer-facing security products to the test. At the RSA Conference I sat down with Randy Abrams, NSS Labs Research Director to go over the latest results. The current report looks at how well nine popular security products handle socially-engineered malware. McAfee and Trend Micro earned the best overall score, with Norton so close behind that the difference isn’t statistically significant. These three were also the quickest to detect new threats.
QUOTE: Microsoft Security Essentials was included in the test, but Abrams pointed out that Microsoft wants this product treated as a baseline. “If people are going to pay for a third-party product,” he said, “it had better outperform the baseline. Microsoft doesn’t want a monoculture; that doesn’t protect their brand. Even so, if people have no other antivirus MSE helps.”
“One cool thing in Windows 8, they built the Smart Screen Filter right into the operating system,” he said. “Even if your browser is terrible at detecting bad URLs, it still works. They pulled it out of Internet Explorer, they’re not saying that you must use IE for protection. We had to turn it off for testing! It was too effective, 98 to 100 percent accurate. Dennis Batchelder and Joe Blackbird at Microsoft said we should leave it on, but we couldn’t do that and still test the antivirus.”
Another beneficial security session from RSA conference as documented by PC Magazine:
QUOTE:Â Secunia’s free Personal Software Inspector tool checks all the software on your PC, identifies any programs that need updates, and helps you apply those updates. The company also gathers stats on vulnerabilities and publishes a yearly report. At the RSA Conference, Secunia’s CEO Peter Colsted and CTO Morten Stengaard went over the latest report with me.Â “Overall, the majority of vulnerabilities are still in third-party programs,” said Stengaard. “The total number is increasing, with over 13,000 new ones in 2013 compared to an average of around 9,000 in previous years. The big increase is primarily driven by IBM. It’s still a huge problem, with over 2,000 vulnerable products.”
Stengaard noted that among the top 50 most commonly seen vulnerabilities, the most prevalent are non-Microsoft programs, even though the number of affected Microsoft programs is large. “Microsoft products are fairly well covered,” said Stengaard, “and people do tend to update.” (A recent study did show that keeping Windows patched is an important element of any security strategy). The report clearly shows vastly more vulnerabilities in the most popular browsers and PDF readers than in off-brands. “You can use whatever product you want, as long as you patch,” said Colsted. “If you know you’re not going to patch, you’re better off using a less common program.”
The issue with the non shipping keyboards for Verizon Lumia 2520 tablets has annoyed me to a fair thee well. Yesterday I sent an email to Stephen Elop at Nokia. Cutting to the chase, the end result was a phone call from Matt Rothchild, who heads sales operations for Nokia (who actually called me from Barcelona and gets extra points for that).
Here is the situation:
1. The keyboards WILL work with the Verizon 2520â€™s
2. There is currently a bug where sometimes (he estimates one out of three times) where on waking from sleep, the keyboard does not work. The fix is to restart the 2520.
3. A firmware update to correct the above has been submitted to Microsoft and Nokia is hoping that it is approved by Friday. (The update will NOT be OTA.)
4. Nokia will release the keyboards for VZW units when they know the firmware is approved and the keyboards will ship with a note explaining this.
This means that VZW users will receive the keyboards but that a firmware update is required to fix the defect above.
Timing of firmware â€“ my opinion is that it is not likely to be released until the next patch Tuesday cycle which is March 11. Microsoft HAS released firmware for their own devices â€śout of bandâ€ť but my opinion is that this is unlikely to happen. When will shipments start? My best guess is next week. But that is MY guess.
Iâ€™m certainly hoping they ship sooner rather than later.
It turns out that this is, indeed, “unexpected behavior”. Apparently the screen redraw isn’t firing as it should.
There is a workaround, although it’s not ideal as it causes some screen flicker:
The Application.ScreenRefresh method will make the selection highlighting visible, again.
Changing the zoom factor should also work.
QUOTE: How long would it take for an attacker to break into a business? Get on the corporate network as an authenticated user? If you think it would take a few days or even a few hours, you are way, way off.Â Try 20 minutes.
It took David Jacoby, a senior security researcher with the Global Research and Analysis TeamÂ at Kaspersky Lab, three minutes to sneak into the building, four minutes to get network access, five minutes to get authenticated access to the network, and ten minutes to install a backdoor onto the corporate network. He was able to download and walk away with “gigabytes of data” from the company, he told attendees at last week’s Kaspersky Lab Security Analyst Summit. Jacoby was invited by a company come in and tests its defenses. As it turned out, he didn’t need any fancy hacks or zero-days to get through. It was all social engineering. “They spent so much money [on security], and I still got in,” Jacoby said.
Being Nice to Tailgaters – The company required employees to use a badge to enter and leave the building. Jacoby waited for other employees to go inside, and just hurried in after them. Most people want to be polite and will hold the door open if someone is going in at the same timeâ€”something most tailgaters take advantage of. Jacoby went a step further, in case the employee thought to ask to see the badge. He dressed up a bit to look a little managerial and held a cell phone up to his ear as if he was having a conversation with someone. As he was going through the door, he said, “I am right in the lobby. I will be up in a minute.”Â No one will interrupt a phone call, and if you convey the impression that you are someone important heading off to meet someone important, most people won’t stop to question you, Jacoby said.
Next Step of Finding Connection -Â he went straight to the printer room, where there is invariably a network hub forÂ the printer. He plugged his laptop into the hub and as easy as that, he was on the network. Getting on the network as a valid user took more talking than hacking. Jacoby found an employee sitting next door to the printer room and explained he was having trouble with the network. He asked if he could borrow the employee’s computer. When he sat down, the employee was still logged in, which meant he could do whatever he wanted on the network.Â At this point, he installed a backdoor on the network, giving him full control. He no longer needed the employee’s computer or credentials.
Exploring Vulnerabilities – After getting access to the network, Jacoby found that the network was segmented incorrectly, so sensitive systems were easily accessible. He found outdated and vulnerable software. He also found 300 user accounts with passwords set to never expire. All these things made his job, as an attacker, much easier.Â Think like an attacker. You will be surprised at just how vulnerable your organization may be.
QUOTE: Are your PCs all configured for Automatic Update? If not, you’re risking more than just missing out on the latest version of Internet Explorer. At the RSA Conference, Simon Edwards, Technical Director of London-based Dennis Technology Labs, presented the results of a study showing that keeping Windows up to date seriously improves your security. Edwards noted that one obvious way to get even more protection is to patch significant third-party tools like Flash, Adobe, and Java. “If you kept those things up to date,” said Edwards, “the graph of improved protection in a patched system would be a lot higher. The bad guys specifically use toolkits that attack vulnerabilities in those third-party apps.” He noted that using a patch manager like Secunia Personal Software Inspector 3.0 can help.
Overall, 32 percent of the malware samples used in testing were neutralized by the simple act of fully updating the test systems. Those antivirus products with the lowest scores in the unpatched state naturally got the most benefit from patching. Does this mean you don’t need antivirus if you keep your system patched? Not at all! Think about the other 68 percent of malicious programs that were not stopped by patching. And if you want to know more, dig into the full report on the Dennis Labs website