Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected

May 31, 2011

Criminal interest in Google’s Android platform appears to be increasing. In March Google had to remove more than 50 malicious mobile apps from their Android Market for exploiting as many as 250,000 consumers information and downloading malware known as Droid Dream (see my blog More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware for more on that outbreak).

Now security experts from Lookout Security, have identified 25 new malicious applications in the Android Market (since removed) that have potentially damaged somewhere between 30k-120k users. This is a variant on the original malware launched in March, and Lookout believes it has been launched by the same malware developers according to a news article in Forbes.

Droid users beware

This won’t be the last outbreak on Android Apps for two reasons; money, and ease of inclusion.

With Android enjoying 53% of the mobile market the revenue potential for criminals is huge.  Add to this the awareness that Google does less than other mobile platforms to test products offered through their market place, and you’ve got a scenario ripe for exploitation. Android users who aren’t careful about what they download now have a red target on their backs.

In this outbreak, legitimate applications were copied, had malware inserted, and then posted to the Android marketplace so it is critical that if you’ve downloaded one of the apps listed below that you check who is listed as the developer. According to the Forbes article, if the developer listed is Magic Photo Studio, Mango Studio, E.T. Tean, or BeeGoo you phone may be infected:

  • Sexy Girls: Hot Japanese
  • Sexy Legs
  • HOT Girls 4
  • Beauty Breasts
  • Sex Sound
  • Sex Sound: Japanese
  • HOT Girls 1
  • HOT Girls 2
  • HOT Girls 3
  • Floating Image Free
  • System Monitor
  • Super StopWatch and Timer
  • System Info Manager
  • Call End Vibrate
  • Quick Photo Grid
  • Delete Contacts
  • Quick Uninstaller
  • Contact Master
  • Brightness Settings
  • Volume Manager
  • Super Photo Enhance
  • Super Color Flashlight
  • Paint Master

Defend Your Phone!

Users need to stay vigilant by always checking to see who has developed an app and what their reputation is. Look at reviews they’ve received and only download apps from sources that have a strong history and trust rating.

Lookout Security also recommends that you check the permissions the app is requesting, be aware of any unusual behavior on your phone and install a mobile security app.

To see a listing of top mobile security products, and gain a deeper understanding of mobile malware risks, see my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011.

Linda

Comments Off | Linda's Blog | Tagged: , , , , | Permalink
Posted by Linda Criddle

Mac Attack – Apple Malware Evolves, Company Finally Responds

May 30, 2011

After a 25-day delay Apple finally responded to the appearance of the fake anti-virus scam called Mac Defender (there are other variants called Mac Protector and Mac Security) designed to trick Apple users into paying for bogus security software.

Apple’s response countermands the company’s earlier directive insisting support reps NOT help users remove the malware. Now they’ve provided reps with a “How to avoid or remove Mac Defender malware,” script for helping consumers who have been exposed to the malware. Apple also committed to developing a security update to remove infections automatically.

Unfortunately, it took less than 12 hours for the malware writer to morph his code so that the instructions for fixing the problem were no longer effective according to an article in ZDNet.

Malware isn’t Static

According to the ZDNet article, the malware variant was found in a Google search under yet another name, MacGuard, and does not require the user to enter the administrator password to be installed. These permutations will continue because all malware evolves; to expect this to be different for Apple users is absurd.

Apple OSx users have now joined Windows  users in the perpetual cat and mouse world of malware where variations and entirely new forms of malware spring up to enable criminals revenue streams, the real question is what will users and Apple do about it? There are really only three choices: 1) pretend this is a one-time experience and do nothing, 2) address the issue and any future issue as they arise, 3) acknowledge the Apple OSx will face ongoing exploits and proactively prepare for defense.

For users this means installing anti-malware software if you have not already done so. It may also mean taking the time to learn a few skills to help you identify and avoid malware that comes creeping your way.

For Apple, which has prided itself on their ‘it just works’ clean experiences, the refusal to help infected users, then the 25-day response time is a double black eye.

As windows users can attest, sticking your head in the sand will leave your rear end rather exposed.

Linda

Comments Off | Linda's Blog | Tagged: , , , | Permalink
Posted by Linda Criddle

Are You Sure Your PC is Malware Free??

May 15, 2011

If you aren’t sure you have anti-virus or other anti-malware software protecting your computer, or if you aren’t sure these tools are up-to-date or effective, there’s a 5 click way to find out. Your time commitment? Less than 7 seconds. Less time than it has taken you to read this blog this far.

For 90% of computer users, some version of Windows is your operating system.  If you aren’t a Windows user, you can stop reading here because unfortunately this solution won’t help you, I’ll try to give you tips in a later blog.

 

BUT… if you are among the 90% using Windows, take 7 seconds to:

  1. Log onto Microsoft’s Security Scanner page, either from this link or from the security newsletter Microsoft sent out earlier this month. (3 seconds)
  2. Click on the big Download Now button. (1 second)
  3. Select your download version (1 second)
  4. Accept license terms (1 second)
  5. Select a full scan of your computer (1 second)

Now relax and let the scanner do its work. When done, it will tell you if your computer has a clean bill of health, or if you need to do something to clean it.

One tip: Running the scanner takes time, you may want to start this before going to bed, or before stepping away from the computer for a while so it doesn’t slow you down while working.

Linda

Comments Off | Linda's Blog | Tagged: , , , | Permalink
Posted by Linda Criddle

Are You a Malware Magnet? 4 simple steps can make all the difference

April 12, 2011

It’s update time. Operating systems (like Windows and Mac) and browsers (IE and Firefox) have just come out with significant patches to existing versions, or created entirely new versions, to fix security flaws and add features. And while you may be able to live without the new features, you need those security fixes NOW.

It only takes minutes for an unprotected, internet connected computer to be infected with malicious software that may damage your device, steal your information and identity, add bogus charges to your internet bill or credit cards, turn your machine into a bot   that is remotely controlled by criminals sending out spam, scams, and malware,(See What are Bots, Zombies, and Botnets? for more information), pose a threat to the safety of your friends and family, and even the country.

Sound bad? It is. If any of the following statements sound familiar, you are a malware magnet.

  • Your anti-virus and anti-malware tools haven’t been updated since you bought your computer.
  • You’ve ignore those pesky popups telling you that your computer, browser, or programs need updating to get the latest security fixes installed.
  • You love chain emails, and answering survey’s and quizzes.
  • You respond to spammers asking them to stop spamming you.
  • You trust links you come across in emails, Twitter & Facebook and in online ads.
  • You don’t know a phish from a fish, a worm from a grub, or what malware is.

3 simple steps can make all the difference. 1) Start by ensuring your computers are up-to-date with all available patches, fixes, and upgrades. 2) Then ensure your browers are up-to-date with all available patches, fixes, and upgrades. 3) Confirm your security software is up-to-date with all available patches, fixes, and upgrades. 4) Now, strengthen your spam filters – on your email and through your actions.

  1. Update Operating Systems: If you do not have your operating system set up to automatically update, follow these steps to get updated – then choose the option to have this automatically done for you in the future.
    1. For Windows users:
    2. For Mac Users:
  2. Update Browsers: If you aren’t already using the latest browser version, update your browser:
    1. Download Firefox 4 here.
    2. Download IE 9 here.
  3. Update Security Software: Open your security software program on your computer. You should be able to instantly see if your security software is working. I happen to be using McAfee’s tools at the moment, and this is the message I see, but every program will have a simple way to show you whether you are up-to-date or not.

    Don’t have security software?  Get it now. It doesn’t have to cost a penny, but you’ll never be secure without it.  Start with TopTenReviews’ AntiVirus Software Review for a great comparison of products by features as well as by reviewer and user comments.

    If free is more your style, consider either of these highly regarded options:
    AVG Anti-Virus Free Edition 2011
    Microsoft Security Essentials
  4. Strengthen your Spam protection: This takes setting your email spam filters to an appropriately high level, and some smartening up on your part. Safe, responsible computer and internet use does not require you to have a PhD in engineering or computer science, it just requires precaution and a few skills.
    1. Strengthen your settings:  Here are examples of Hotmail and Aol Mail filters, search online to learn how to change settings if you’re using a different service.

    2. Smarten up about Spam: Spam comes at us from all angles; in the mailbox in front of your home (junk mail) in your email inbox, via IM, social networking sites, chats, forums, websites, and sadly, now also on your phone. Learn these  14 Steps to Avoiding Scams, and practice on some of the examples (scroll further down the page) to see how well you can avoid the common consumer pitfalls scammers want you to stumble over.

To help you stay safer year-round, we’ve worked with Microsoft to development a free, Internet Safety Calendar application that you can download to your Internet Explorer browser (Note: only IE is supported at this time).

Built by LOOKBOTHWAYS, the calendar provides relevant monthly advice to help you increase your online safety and the safety of those you help protect. The calendar also includes recurring reminders for those safety actions you know you should be doing, but that frequently get forgotten in the rush of day-to-day activities.

Each month, the calendar will send you a note reminding you to check the calendar for important online safety advice, but you can also view the app at any time by selecting Online Safety Calendar under the Tools menu.

Even with these steps, you might not be able to dodge every last aggressive malware, but you WILL be much safer.

Linda

Comments Off | Linda's Blog | Tagged: , , | Permalink
Posted by Linda Criddle

Feel Hacker Proof on Apple Devices? Think Again. Apple Patch to Fix 54 Security Holes

April 6, 2011

For Apple lovers, the Mac OS and Apple device’s underdog status long served as a hardy defense against criminal exploits. But with 54 new fixes in Apple’s latest security update, those days are officially over.

Though still an underdog, here’s insight into why criminals are taking an interest in Apple. Consider the company’s 2010 Sales data (Fiscal year ended Sept 25th 2010) results, and it is easy to see why criminal interest is perking up.

In just the past three years, Apple has sold 33.7 million computers, 72.5 million iPhones, and iPad sales are soaring.  Add to that the over 350 thousand applications in the Apple App store and the potential for exploitation becomes even more interesting. (To learn more about threats to the iPhone see Researcher warns of risks from rogue iPhone apps).

To address the risking exploit risks, Apple changed their practices with regard to unreleased software[v] earlier this month. They are now sharing advanced copies of their next OS (called Lion) with security researchers, not just with developers.

ZDNet reported today that  Apple has shipped another Mac OS X mega-update with fixes for 54 security vulnerabilities, including one that was used to hijack an iPhone 4 device at this year’s CanSecWest Pwn2Own hacker challenge. (See my blog Hacker Conference Focused on Web Browsers and Mobile Devices: Who Was Hacked and Who Withstood, and does it Matter? for more information.)

The ZDNet goes on to say that the new Mac OS X v10.6.7 should be treated as a high-priority update, noting that it also fixes numerous issues that could allow remote code execution attacks via rigged image or font files.

Complacency kills computers. Make sure your devices are updated and fully protected today.

Linda

Comments Off | Linda's Blog | Tagged: , , , | Permalink
Posted by Linda Criddle

Hacker Conference Focused on Web Browsers and Mobile Devices. Who Was Hacked and Who Withstood, and does it Matter?

March 21, 2011

In a wake-up call to security-complacent Apple users, the first browser to get hacked in the Pwn2Own hacker competition was Apple’s Safari, and it took just a matter of seconds. Pwn2Own is a part of the CanSecWest conference in Vancouver every year, and the term is geek speak for pwn (=hack) and to own (the device). Participants are given the challenge of exploiting common software, this year the focus was on two hot areas – browsers and mobile devices.

Other browers in the completion included Microsoft Internet Explorer Mozilla Firefox and Google chrome. The Opera browser has such a low adoption rate that it was not included.

Microsoft’s IE 8 fell to hackers later that same day. Firefox and Chrome were not hacked, and this was particularly impressive for Google’s Chrome as they had sweetened the reward for anyone who did hack their service.

Day two pitted the mobile devices against hackers and both the iPhone 4 and Blackberry Torch fell to attackers while Android and Windows 7 remained standing.

What makes the Pwn2Own hacker contest different from real world risk is that it does not reflect the percentages game.

Criminals want the biggest bang for their malware buck which means the dominant operating systems, browsers, platforms etc. are always going to be the better targets.

Windows, though it has slipped a little, is still so far ahead in user penetration rates[i] that writing malware for any other OS is still a marginal proposition.

As with operating systems, the ongoing browser market shares have changed little in the past year. IE still takes the lion’s share[ii] with the only real contender being Firefox at this point. That said, much of the browser malware is written to hit multiple services.

In the mobile world, smartphone platform penetration rates have dramatically shifted. [iii][iv] Entering into 2010, RIM, was the clear giant, but it slipped by 11% points to land in second place in January 2011. Google skyrocketed from barely registering to taking first place in penetration rates.

Given the amount of buzz around IPhone’s you’re probably surprised to hear their market share actually declined. Microsoft was the biggest loser, dropping from 18% to 8% year over year, and Palm continued its steep demise losing about 50% and now down to only 3.2% of the market share.

From the criminal point of view, Google’s Android platform is beginning to look very interesting – particularly as Google does less than the other mobile platforms to test products offered through their market place. See More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware for more information.

For Apple lovers, the Mac OS and Apple device’s underdog status against PC’s and the Windows OS long served as a hardy defense against criminal exploits. But with predictions that the Mac OS will make stronger inroads, Apple is facing new threats. (See Part 3: McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks).  So it now appears that assuming you’re safe from malware on Apple devices is no longer a safe bet.

Though still an underdog, here’s insight into why criminals are taking an interest in Apple. Consider the company’s 2010 Sales data (Fiscal year ended Sept 25th 2010) results, and it is easy to see why criminal interest is perking up. In just the past three years, Apple has sold 33.7 million computers, 72.5 million iPhones, and iPad sales are soaring.  Add to that the over 300 thousand applications in the Apple App store and the potential for exploitation becomes even more interesting. (To learn more about threats to the iPhone see Researcher warns of risks from rogue iPhone apps).

Now, Apple has taken another step to address some of their security gaps. The company has changed their practices with regard to unreleased software[v]. They are now sharing advanced copies of their next OS (called Lion) with security researchers, not just with developers.  Time will tell whether their efforts pay off.

More on mobile risks:

Linda

Comments Off | Linda's Blog | Tagged: , , , , , | Permalink
Posted by Linda Criddle

It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011

February 23, 2011

There’s a killing to be made. The battlefield is your phone, and you’re about to feel a sharp pain in your assets as credit card companies and crooks calculate ways to help relieve you of your cash.

Last week the cell phone industry held its Mobile World Congress in Barcelona, and companies looking to provide mobile spending solutions were very present. Perhaps most notably was Visa, who announced they will roll out their PayWave solution in phones this year by providing users with a microSD (for iPhones this will be via a unique ‘skin’) to transform their phones into a credit card/debit cards instead of waiting for Near Field Communication (NFC) to be built into the handsets. (See explanation of NCF at the end of the article)

The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?

Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.

As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:

  1. Size of opportunity: The number of Cell phones worldwide hit 4.6 Billion this month according to the U.N. telecommunications agency. Today 500 million of these phones are smartphones that enable the rich features companies and crooks need, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media.  As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.
  2. Cost of investment drops: As industry pressures condense the number of mobile platforms, like RIM, Android and iPhone, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.
  3. Risk:
    1. From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe.Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.
    2. From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks,  security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made.  Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

What this means for Consumers – Defend Your Phone!

Security companies have scrambled to provide mobile security software solutions, and if you have a smart phone, it’s time to purchase a mobile security suite.

TopTenReviews has created an excellent mobile security software comparison chart for consumers that I recommend.

Key features in these programs include antivirus protection, a firewall preventing unauthorized electronic access, antispam, and quarantine protection in real time.

Based on your phone usage patterns, the type of content you store on your phone, or if you’re helping protect a minor’s phone, some additional features may be of interest:

  • Remote block and remote wipe to protect your information if your phone is lost or stolen.
  • Protection of internal memory and contents stored on memory cards
  • Ability to place phone numbers on either a black or white list – the ability to block people from calling is of keen interest to teens, and a key tool in blocking cyberbullies.
  • Parental control monitoring
  • SIM Card notice so that if your phone is stolen and the thief puts in a new SIM card, the phone will send you a notice of the new phone number to help track down the thief.

There are still far too few consumers that adequately protect their computers – news out this week from Panda Security found 50% of computers worldwide are infected with some form of malware– and this is a real safety, security and privacy issue. (If your computer is not protected

Now, add your cell phone to the must protect list, or you’ll find that if it isn’t protected…. it will be infected.  Get security software and install it today.

Welcome to another year of living dangerously. For more information about other mobile phone risks and tips, see my blog Using Mobile Phones Safely.

Linda

What is NFC? You’ll come to hear the term Near Field Communication (NFC) often in the coming year as ‘swipe’ technology becomes more pervasive. It’s a set of short-range wireless technologies that allow either one- or two-way exchanges of information (think RFID on steroids).  The demand for this functionality is high; both iPhone5 and new Android models will include NCF, and 70 million NCF enabled smartphones are expected to be sold this year.

Comments Off | Linda's Blog | Tagged: , | Permalink
Posted by Linda Criddle

Part 4: McAfee Threat Predictions for 2011 – Apple: No longer flying under the radar

January 16, 2011

This is the fourth installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first, second, and third segments.

From McAfee Threat Report - Apple: No longer flying under the radar

Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

What this means to you

For Apple lovers, the Mac OS and Apple device’s underdog status against PC’s and the Windows OS long served as a hardy defense against criminal exploits – criminals target the largest possible segment for the largest possible return.

But with the Mac OS making stronger inroads, and the advent and mass adoption of  iPhones, and iPads, Apple is facing new threats – much like the general mobile market is now facing. (See Part 3: McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks).  So it now appears that assuming you’re safe from malware on Apple devices is not longer a safe bet.

To gain some insight into why criminals are taking an interest in Apple, consider the company’s 2010 Sales data (Fiscal year ended Sept 25th 2010) results, it is easy to see why criminal interests are now focusing on these products. In just the past three years, Apple has sold 33.7 million computers, 72.5 million iPhones, and iPad sales are soaring.  Add to that the over 300 thousand applications in the Apple App store and the potential for exploitation becomes even more interesting. (To learn more about threats to the iPhone see Researcher warns of risks from rogue iPhone apps).

The future for Apple users is likely to adopt the same advice that PC users have been given for years. Protect your devices, only download apps from trusted and tested sites, and leverage Safari’s antiphishing, antivirus, and Malware Protection to avoid and block malware.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , , , , , , , , , | Permalink
Posted by Linda Criddle

Part 3: McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks

January 12, 2011

This is the third installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first and second segments.

From McAfee Threat Report - Mobile: Usage is rising in the workplace, and so will attacks

Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

What this means to you

It’s hard to recall that most people have owned a mobile phone for less than 15 years. How did we survive without them? You may remember the early Motorola phones of the mid-nineties, then the first 0.3 megapixel camera phones and the carrier networks that couldn’t send those lousy images to other provider’s networks. Then we got SMS (text messaging) – and the all-powerful MMS communications, and ringtones. Remember the challenges of getting email onto phones, the time when we all carried a pager, a PDA and a cell phone?

We’ve watched this rapid sprint from barely mobile “bricks” to today’s sleek phones with incredible capabilities. We’ve seen mobile phone adoption rates go from nearly zero to over 90%.

Yet for all the difficulties and lack of functionality in those old phones, they held one advantage. They were too primitive, too customized per handset, and had too few users to be interesting targets for criminal exploits. The bad news is that era has passed.

Mobile technologies are now less fractured, standardized around key platforms, services and applications. The phones themselves come with amazing computing capabilities. And, the number of mobile phone users was projected to exceed 5 Billion worldwide by the end of 2010 according to The International Telecommunication Union (October 2010).

As with so many technical advancements, criminals can spot an opportunity 10 miles off, and they’ve bided their time until this confluence of factors came together.  Prepping for this moment, over the past few years we’ve seen how criminals and hackers have probed for network weaknesses, devices weaknesses, and perhaps most importantly, consumer weaknesses.

Malware attacking phones will come via many methods, including text and multi-media messages, spam, downloadable content, and applications, and through access points like public Wi-Fi, or Bluetooth connections.

Defending Your Phone

Security companies have scrambled to provide mobile security software solutions, and if you have a smart phone, it’s time to purchase a mobile security suite.

TopTenReviews has created an excellent mobile security software comparison chart for consumers that I recommend.

Key features in these programs include antivirus protection, a firewall preventing unauthorized electronic access, antispam, and quarantine protection in real time.

Based on your phone usage patterns, the type of content you store on your phone,  or if you’re helping protect a minor’s phone, some additional features may be of interest:

  • Remote block and remote wipe to protect your information if your phone is lost or stolen.
  • Protection of internal memory and contents stored on memory cards
  • Ability to place phone numbers on either a black or white list – the ability to block people from calling is of keen interest to teens, and a key tool in blocking cyberbullies.
  • Parental control monitoring
  • SIM Card notice so that if your phone is stolen and the thief puts in a new SIM card, the phone will send you a notice of the new phone number to help track down the thief.

There are still far too few consumers that adequately protect their computers – only 37% of home computers are fully protected according to an Oct. 2010 report by Symantec – and this is a real safety, security and privacy issue.

Now, add your cell phone to the must protect list, or you’ll find that if it isn’t protected…. it will be infected.  Get security software and install it today.

For more information about other mobile phone risks and tips, see my blog Using Mobile Phones Safely.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , , , , , , , , , | Permalink
Posted by Linda Criddle

Part 2: McAfee Threat Predictions for 2011 – Exploiting Social Media: Geolocation services

January 10, 2011

This is the second installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first segment.

From McAfee Threat Report – Exploiting Social Media: Geolocation services:

Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

What this means to you

There are two categories of geolocation tracking threats; the first covers the spectrum of malicious or criminal abuse of information as described above. The second category covers the non-criminal tracking and use of your location information for commercial purposes without your knowledge or express consent. A few examples of this type of use/abuse seen in 2010 include Google’s collection of personal data via WiFi networks (See my blog Google’s WiFi Data Collection Larger than Previously Known) and the explosion of consumer behavior and location tracking both online and offline by stores and advertisers (See my blogs The One-Way-Mirror Society – Privacy Implications of Surveillance Monitoring Networks, Managing Behavioral Advertising, and FTC’s Do-Not-Track Proposal for more information on these location/privacy controversies).

To a large extent, the actions needed take to protect yourself from one of these threat categories will also protect you against the other so I’ll address these together.

First, understand that your information, even things you find trivial, has financial value. Whether it be age, gender, relationship status, other demographic information, personally identifiable information, indirectly identifiable information, information about your emotional state, financial solvency, interest in purchasing, etc., information about your preferences of brands, books, movies, music, etc. – you get the point – all of it has financial value to some types of people, crooks, or companies.  Your location information can have particularly high value.

Information has value in entirely legitimate scenarios – to predict the fashions that will be a ‘hit’ next season or to offer you ads or discounts to nearby stores. Or, the value may be for use in legitimate-but-potentially-less-savory scenarios – reselling your data to data-brokers who use it in a variety of ways that you don’t know about, may not appreciate, and which may threaten your privacy or safety.   Or, the value may be for entirely criminal endeavors.

What makes sharing location information particularly valuable – and particularly risky – is that you are physically findable. Your property is findable. Your patterns are discoverable. This risk necessitates the need to make conscious choices about whom you choose to share this with – while erring on the side of caution.

Sometimes the value of your location is in knowing where you aren’t – for example, you aren’t home when you’re tweeting from another city, or across town, making it an ideal time to burglarize your home.  Sometimes the value is in your patterns – if you always stop at a doughnut shop on the way to work, but never stop at a gym, it may be of interest to your health insurance company, or the health insurance company with whom you’re applying for coverage.

Next, you need to identify how these people, entities, or companies are protecting and/or sharing your information with others. How public is your information in the hands of friends? What are the privacy policies of the sites you are registered with? How much information is being collected about you from websites you just happen to visit? What information is being collected about you or your device at the WiFi hotspots you use? See my blog Starbucks Launches Digital Network – 6 Steps to Safer WiFi Use to learn more.

Consider Google’s response to the Canadian Privacy minister during hearings about their WiFi data collection Google’s future plans for its location-based services: Google still intends to offer location-based services, but does not intend to resume collection of WiFi data through its Street View cars. Collection is discontinued and Google has no plans to resume it. [Instead]Google intends to rely on its users’ handsets to collect the information on the location of WiFi networks that it needs for its location-based services database.  The improvements in smart-phone technology in the past few years have allowed Google to obtain the data it needs for this purpose from the handsets themselves.

You may be surprised to find that even many charitable organizations sell your information – including location information – as a way of raising funds. See my blog What’s the Privacy Policy of the Non-Profits You Support? to learn more about this issue.

In many cases a service may not be selling, renting or sharing your information behind the scenes, your location may be the primary information being shared, and shared with a potentially very broad audience. For example, if you’re a FourSquare user, ask yourself if being mayor of a bar is worth a potential increase in your auto insurance premiums, or having a would-be employer think twice about your drinking habits, or the potential impact this could have in a child custody dispute, etc.

Once you understand the potential financial value and potential risks associated with sharing your location information, you are positioned to make more informed decisions about the individuals, entities, or companies with whom you choose to share your location, and to what extent.  My recommendation? Be VERY conservative about giving anyone, any company, or any other entity access to your location information.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , , , , , , , , , | Permalink
Posted by Linda Criddle

« Previous Entries
Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 1,703 other followers