When Unicorns Breach your Security
Last week a purple unicorn (a stuffed one, not a real one) generated some confusion at a border station in Turkey. According to this article, a family including their nine year old daughter, travelling across the Turkish border accidentally used the stuffed unicorn’s toy passport instead of the daughter’s real passport. The officer checked the passport, officially stamped it, and then let them through. At this point, the story deviates based on the source. Immigration said that the officer just wanted to be kind to the girl and forgot to stamp the real passport too. The family reports that there was no hesitation and that their daughter may have just have slipped through.
This story serves as a good reminder that security measures are only as good as their implementation. From crypto-graphical functions implemented with static initialization vectors, to passwords that are derived from public MAC addresses, to Web applications with poor session management that can be bypassed by calling the API directly. There are many examples throughout history of secure technology that actually had large, gaping security holes once they had been implemented. These examples do not even consider products that are implemented properly, but are not configured correctly or suitably integrated into the process so that the log files are never read.
If you are implementing security functions, ensure that you do it properly. Follow coding standards and play the attack scenario through. If you install security products, make sure that you configure them to your needs. Take note, if you do not pay attention to the details, you might be overrun by purple unicorns.
Connecting the Dots–How Your Digital Life Affects Identity Theft and Financial Loss
You’re on Facebook, LinkedIn and Twitter. You use Gmail, Yahoo! and bank online. You might buy stuff on sites like Amazon and occasionally make purchases from eBay. Sometimes you apply for a loan online and maybe open up a credit card account too. This is all commonplace in today’s digital world. So how does all Read more…
Website Security for National Small Business Week.
This year’s National Small Business Week is upon us, with 50 years of energy behind it. The occasion is sponsored by the US Small Business Association, celebrating how small businesses are critical to an economy of growth and job creation.
The mo…
Making Brick and Mortar more Digital
Should you go mobile? Should you expand your retail business online? Should you build a website and do transactions? What does the Australian shopper want, really? The universal truth is that the entire world is moving digital, and cell phone usa…
FakeAV holds Android Phones for Ransom
FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a computer and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections. Messages continue to pop up on the desktop until the payment is made or until the malware is removed. This type of fraud, which typically targets computers, began several years ago and has now become a household name. The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices. One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware. Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files for example, until a payment/ransom is handed over.
Figure 1. Screenshot of FakeAV Android app
Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system. In some cases users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer. If they are lucky, some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues.
Please take a look at the following video to see how FakeAV can lock up a device.
Default Chromeless Player
<!–
By use of this code snippet, I agree to the Brightcove Publisher T and C
found at https://accounts.brightcove.com/en/terms-and-conditions/.
–><!–
By use of this code snippet, I agree to the Brightcove Publisher T and C
found at https://accounts.brightcove.com/en/terms-and-conditions/.
–>
We may soon see FakeAV on the Android platform increase to become a serious issue just like it did on computers. These threats may be difficult to get rid of once installed, so the key to staying protected against them is preventing them from getting on to your device in the first place. We recommend installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device. Malicious apps can also be avoided by downloading and installing apps from trusted sources. For general safety tips for smartphones and tablets, please visit our Mobile Security website.
Symantec detects this malware as Android.Fakedefender.
“Kik me” – The App Your Kids are Using Now: Kik
When I was young, ‘Kick Me’ was a phrase that was scrawled on a piece of notebook paper and stuck to an unsuspecting kid’s backpack. These days, ’Kik me’ is a way to ask other people to message you on an application for your smartphone. Kik, advertised as the fast, simple, and personal smartphone messenger, is Read more…
7 Tips: How to Raise a Leader in a ‘Follower’ World
Leadership training isn’t exclusive to adults. And in today’s online culture of “following” and digital profiles, it’s never too early to teach a child (aka digital native) how to think, act, communicate, and process information online with a leader’s perspective. Oh—and don’t get discouraged—they may roll their eyes when you start talking about lofty things Read more…
7 Tips: How to Raise a Leader in a ‘Follower’ World
Leadership training isn’t exclusive to adults. And in today’s online culture of “following” and digital profiles, it’s never too early to teach a child (aka digital native) how to think, act, communicate, and process information online with a leader’s perspective. Oh—and don’t get discouraged—they may roll their eyes when you start talking about lofty things Read more…
avast! Mobile Security aces test
avast! Mobile Security came out on top from a pool of thirty mobile security products for Android in AV-TEST’s product reviews and certifications. Protection The testers threw over 2,500 malicious apps, including viruses, worms, and Trojan horses, at each product. avast! Mobile Security earned a score of 100 percent in detection, above the industry standard […]