Ebay (et al) as a tool for Identity Theft (is it theft if you purchase the phone “as is” from its owner?)
Half of Used Phones Still Contain Personal Info
"More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'"
(Related) Legitimate uses for a used phone.
http://www.makeuseof.com/tag/5-interesting-spare-smartphone/
5 Interesting Uses For A Spare Old Smartphone
For my Computer Security students.
http://news.cnet.com/8301-31921_3-20046588-281.html
Hackers exploit chink in Web's armor
A long-known but little-discussed vulnerability in the modern Internet's design was highlighted yesterday by a report that hackers traced to Iran spoofed the encryption procedures used to secure connections to Google, Yahoo, Microsoft, and other major Web sites.
This design, pioneered by Netscape in the early and mid-1990s, allows the creation of encrypted channels to Web sites, an important security feature typically identified by a closed lock icon in a browser. The system relies on third parties to issue so-called certificates that prove that a Web site is legitimate when making an "https://" connection.
The problem, however, is that the list of certificate issuers has ballooned over the years to approximately 650 organizations, which may not always follow the strictest security procedures. And each one has a copy of the Web's master keys
… This has resulted in a bizarre situation in which companies like Etisalat, a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices, possess the master keys that can be used to impersonate any Web site on the Internet, even the U.S. Treasury, BankofAmerica.com, and Google.com. So do more than 100 German universities, the U.S. Department of Homeland Security, and random organizations like the Gemini Observatory, which operates a pair of 8.1-meter diameter telescopes in Hawaii and Chile.
… The vulnerability of today's authentication infrastructure came to light after Comodo, a Jersey City, N.J.-based firm that issues SSL certificates, alerted Web browser makers that an unnamed European partner had its systems compromised. The attack originated from an Iranian Internet Protocol address, according to Comodo Chief Executive Melih Abdulhayoglu, who told CNET that the skill and sophistication suggested a government was behind the intrusion.
Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages, and monitor any other activities its citizens performed, even if Web browsers show that the connections were securely protected with SSL encryption.
Also for my Computer Security students
Microsoft accepts reality, offers IT tool for iPhones, iPads, and Android
Not everyone at Microsoft is marching in lockstep to the idea that Windows Phone 7 will rule the enterprise. At the Microsoft Management Summit (MMS), the company announced that it has released a beta of a tool to let IT manage iPhones, iPads, Android devices, Symbian devices, and Windows Phone 7 devices in the enterprise. Up until now, the tool only worked for Windows Mobile.
The tool is called System Center Configuration Manager (SCCM), and it's designed to deploy and update servers, clients, and devices across an enterprise's entire computing and network infrastructure. The current version is SCCM 2007, and the only mobile devices it handles are Windows Mobile ones --- it won't even handle Windows Phone 7 right now.
At MMS today, though, Microsoft made available for download beta 2 of SCCM 2012.
(Related) Why you should care. Ignorance is bliss only until the bill comes...
http://www.bespacific.com/mt/archives/026824.html
March 23, 2011
AVG Study Reveals Alarming Complacency Among Users of Mobile Devices on Security
Smartphone Security - Survey of U.S. consumers, Ponemon Institute© Research Report, Sponsored by AVG Technologies, Independently conducted by Ponemon Institute LLC, Publication Date: March 2011
News release: "AVG Technologies, one of the leading providers of consumer security software, today revealed details of a sobering study uncovering new statistics about the data security risks involved in everyday smartphone use. Findings are the result of a recent study conducted by the Ponemon Institute in concert with AVG of 734 random US consumers over age 18 regarding their mobile communications behavior. The study confirmed AVG’s concerns focus on consumers indifference to the many serious security risks associated with the storage and transmission of sensitive personal data on iPhone, Blackberry and Android devices. Following are three of the most alarming:
89 percent of respondents were unaware that smartphone applications can transmit confidential payment information such as credit card details without the user’s knowledge or consent.
91 percent of respondents were unaware that financial applications for smartphones can be infected with specialized malware designed to steal credit card numbers and online banking credentials, yet nearly a third (29 percent) report already storing credit and debit card information on their devices and 35 percent report storing “confidential” work related documents as well.
56 percent of respondents did not know that failing to properly log off from a social network app could allow an imposter to post malicious details or change personal settings without their knowledge. Of those aware, 37 percent were unsure whether or not their profiles had already been manipulated.
Toys make sense. Shoelaces don't. It also suggests who Apple uses to test their user interfaces...
http://www.bespacific.com/mt/archives/026823.html
March 23, 2011
"Preschoolers better at navigating iPad than tying their shoes"
Inside iPad: "Hand a two-year-old child a shoe and he will probably end up throwing it. Hand him an iPad, however, and he'll navigate through it to find his favorite app in no time. According to a new survey from security software maker AVG, kids can grasp new tech skills long before they even learn how to do normal kid things, such as swimming or tying their shoelaces. AVG surveyed 2,200 parents with children between the ages of two and five in the US, Canada, UK, France, Italy, Germany, Spain, Japan, Australia and New Zealand. Nineteen percent said their kids know how to access a smartphone application (and it's not just the older kids either—17 percent of 2- to 3-year-olds did as well). Another 58 percent can play a computer game, and a quarter of kids can open and operate a Web browser. By comparison, only nine percent of kids between 2 and 5 can tie their shoelaces, 20 percent can swim without help, and 43 percent can ride a bike."
No liability here! Another Vigilante product.
http://news.cnet.com/8301-17938_105-20046421-1.html
Burglar alarm marks territory with pepper spray
Burglar alarms usually work by scaring off criminals with loud noises and the threat of police action. The Burglar Blaster from Heracles Research Corporation takes the law into its own hands.
It comes loaded with 4 ounces of painful, burning pepper spray.
… The concept behind the Burglar Blaster is really pretty simple. You screw this little terror to the wall where you expect criminals to come busting in. An intruder triggers the passive infrared motion sensor and the Blaster commences spraying mace at the offender. It runs on batteries, so all you really need for installation is a screwdriver and some determination.
I think they still don't get it. Buying the DVD or downloading and burning one are effectively the same thing, aren't they?
http://news.cnet.com/8301-31001_3-20046430-261.html
Sony Pictures eyes cheaper film downloads
By and large, the big Hollywood film studios have clung to the idea that digital downloads should be priced the same as DVDs. Sony Pictures is trying to find out if there's a better way.
On Tuesday, Sony began selling downloads of two new releases for about 13 percent less than the $15 DVD price. At Amazon.com and iTunes, "The Tourist" and "How Do You Know" could be downloaded for $12.99. Elsewhere at Amazon, the disc sold for $15. Both movies were disappointments at the box office, so the reductions seem barely to quality as a toe dip into price cutting.
But according to two film industry sources, the studio is experimenting with pricing for download-to-own videos. Sony, which has tried similar tests before, is searching for a price that stimulates download sales but won't erode demand for DVDs. [A sale is a sale is a sale... Bob]
No comments:
Post a Comment