Part 3: McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks

January 12, 2011

This is the third installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first and second segments.

From McAfee Threat Report – Mobile: Usage is rising in the workplace, and so will attacks

Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

What this means to you

It’s hard to recall that most people have owned a mobile phone for less than 15 years. How did we survive without them? You may remember the early Motorola phones of the mid-nineties, then the first 0.3 megapixel camera phones and the carrier networks that couldn’t send those lousy images to other provider’s networks. Then we got SMS (text messaging) – and the all-powerful MMS communications, and ringtones. Remember the challenges of getting email onto phones, the time when we all carried a pager, a PDA and a cell phone?

We’ve watched this rapid sprint from barely mobile “bricks” to today’s sleek phones with incredible capabilities. We’ve seen mobile phone adoption rates go from nearly zero to over 90%.

Yet for all the difficulties and lack of functionality in those old phones, they held one advantage. They were too primitive, too customized per handset, and had too few users to be interesting targets for criminal exploits. The bad news is that era has passed.

Mobile technologies are now less fractured, standardized around key platforms, services and applications. The phones themselves come with amazing computing capabilities. And, the number of mobile phone users was projected to exceed 5 Billion worldwide by the end of 2010 according to The International Telecommunication Union (October 2010).

As with so many technical advancements, criminals can spot an opportunity 10 miles off, and they’ve bided their time until this confluence of factors came together.  Prepping for this moment, over the past few years we’ve seen how criminals and hackers have probed for network weaknesses, devices weaknesses, and perhaps most importantly, consumer weaknesses.

Malware attacking phones will come via many methods, including text and multi-media messages, spam, downloadable content, and applications, and through access points like public Wi-Fi, or Bluetooth connections.

Defending Your Phone

Security companies have scrambled to provide mobile security software solutions, and if you have a smart phone, it’s time to purchase a mobile security suite.

TopTenReviews has created an excellent mobile security software comparison chart for consumers that I recommend.

Key features in these programs include antivirus protection, a firewall preventing unauthorized electronic access, antispam, and quarantine protection in real time.

Based on your phone usage patterns, the type of content you store on your phone,  or if you’re helping protect a minor’s phone, some additional features may be of interest:

  • Remote block and remote wipe to protect your information if your phone is lost or stolen.
  • Protection of internal memory and contents stored on memory cards
  • Ability to place phone numbers on either a black or white list – the ability to block people from calling is of keen interest to teens, and a key tool in blocking cyberbullies.
  • Parental control monitoring
  • SIM Card notice so that if your phone is stolen and the thief puts in a new SIM card, the phone will send you a notice of the new phone number to help track down the thief.

There are still far too few consumers that adequately protect their computers – only 37% of home computers are fully protected according to an Oct. 2010 report by Symantec – and this is a real safety, security and privacy issue.

Now, add your cell phone to the must protect list, or you’ll find that if it isn’t protected…. it will be infected.  Get security software and install it today.

For more information about other mobile phone risks and tips, see my blog Using Mobile Phones Safely.



Part 2: McAfee Threat Predictions for 2011 – Exploiting Social Media: Geolocation services

January 10, 2011

This is the second installment of my series covering McAfee’s Threat Predictions for 2011. To make the predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Click here to read the first segment.

From McAfee Threat Report – Exploiting Social Media: Geolocation services:

Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

What this means to you

There are two categories of geolocation tracking threats; the first covers the spectrum of malicious or criminal abuse of information as described above. The second category covers the non-criminal tracking and use of your location information for commercial purposes without your knowledge or express consent. A few examples of this type of use/abuse seen in 2010 include Google’s collection of personal data via WiFi networks (See my blog Google’s WiFi Data Collection Larger than Previously Known) and the explosion of consumer behavior and location tracking both online and offline by stores and advertisers (See my blogs The One-Way-Mirror Society – Privacy Implications of Surveillance Monitoring Networks, Managing Behavioral Advertising, and FTC’s Do-Not-Track Proposal for more information on these location/privacy controversies).

To a large extent, the actions needed take to protect yourself from one of these threat categories will also protect you against the other so I’ll address these together.

First, understand that your information, even things you find trivial, has financial value. Whether it be age, gender, relationship status, other demographic information, personally identifiable information, indirectly identifiable information, information about your emotional state, financial solvency, interest in purchasing, etc., information about your preferences of brands, books, movies, music, etc. – you get the point – all of it has financial value to some types of people, crooks, or companies.  Your location information can have particularly high value.

Information has value in entirely legitimate scenarios – to predict the fashions that will be a ‘hit’ next season or to offer you ads or discounts to nearby stores. Or, the value may be for use in legitimate-but-potentially-less-savory scenarios – reselling your data to data-brokers who use it in a variety of ways that you don’t know about, may not appreciate, and which may threaten your privacy or safety.   Or, the value may be for entirely criminal endeavors.

What makes sharing location information particularly valuable – and particularly risky – is that you are physically findable. Your property is findable. Your patterns are discoverable. This risk necessitates the need to make conscious choices about whom you choose to share this with – while erring on the side of caution.

Sometimes the value of your location is in knowing where you aren’t – for example, you aren’t home when you’re tweeting from another city, or across town, making it an ideal time to burglarize your home.  Sometimes the value is in your patterns – if you always stop at a doughnut shop on the way to work, but never stop at a gym, it may be of interest to your health insurance company, or the health insurance company with whom you’re applying for coverage.

Next, you need to identify how these people, entities, or companies are protecting and/or sharing your information with others. How public is your information in the hands of friends? What are the privacy policies of the sites you are registered with? How much information is being collected about you from websites you just happen to visit? What information is being collected about you or your device at the WiFi hotspots you use? See my blog Starbucks Launches Digital Network – 6 Steps to Safer WiFi Use to learn more.

Consider Google’s response to the Canadian Privacy minister during hearings about their WiFi data collection Google’s future plans for its location-based services: Google still intends to offer location-based services, but does not intend to resume collection of WiFi data through its Street View cars. Collection is discontinued and Google has no plans to resume it. [Instead]Google intends to rely on its users’ handsets to collect the information on the location of WiFi networks that it needs for its location-based services database.  The improvements in smart-phone technology in the past few years have allowed Google to obtain the data it needs for this purpose from the handsets themselves.

You may be surprised to find that even many charitable organizations sell your information – including location information – as a way of raising funds. See my blog What’s the Privacy Policy of the Non-Profits You Support? to learn more about this issue.

In many cases a service may not be selling, renting or sharing your information behind the scenes, your location may be the primary information being shared, and shared with a potentially very broad audience. For example, if you’re a FourSquare user, ask yourself if being mayor of a bar is worth a potential increase in your auto insurance premiums, or having a would-be employer think twice about your drinking habits, or the potential impact this could have in a child custody dispute, etc.

Once you understand the potential financial value and potential risks associated with sharing your location information, you are positioned to make more informed decisions about the individuals, entities, or companies with whom you choose to share your location, and to what extent.  My recommendation? Be VERY conservative about giving anyone, any company, or any other entity access to your location information.


McAfee Threat Predictions for 2011 – Geolocation, Mobile Devices and Apple Will Be Top Targets

January 8, 2011

McAfee’s 2011 Threat Predictions report is out, and it highlights the key threats that McAfee Labs researchers expect to emerge or expand over the next 12 months.  In addition to Geolocation, mobile devices, and the Mac OS X platform, threats are also expected against Internet TV platforms, and short URL services. Political ‘hacktivism’ is another area where McAfee researches expect to see more activity with new political groups leveraging the WikiLeaks paradigm.

“We’ve seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most,” said Vincent Weafer, senior vice president of McAfee Labs. “These platforms and services have become very popular in a short amount of time, and we’re already seeing a significant increase in vulnerabilities, attacks and data loss.”

To make McAfee ’s threat predictions for 2011 more digestible, I’ve broken each area out to show McAfee’s drilldown on the risk, and what the risk means to you. Look for a new segment every day; these will contain links to the previous segments if you want to go through the whole lot in one sitting.

From McAfee Threat Report – Exploiting Social Media: URL-shortening services:

Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

What this means to you

Blindly trusting links has wreaked havoc on people’s computers, game consoles, handheld devices, and resulted in stolen identities, financial fraud, and more. The advent of shortened URL’s however takes the risks to new heights.

It does not matter if a URL (whether in long-form or shortened) appears to come from a friend, a person you’ve followed for some time, or comes unsolicited. Caution is ALWAYS required, as is staying in control of your experience. Instead of clicking on a link, copy the URL into a search engine query and look at the results. Does the site have a positive safety rating? If you do not currently use a tool that shows you the safety rating of websites, start now. Without a tool like this, you have no way of judging if the site is legitimate or going to give you malware, spam, etc… Most browsers now include these tools, and several companies offer standalone services for this. McAfee offers a free service called SiteAdvisor that I’ve used for years.  I don’t care which service you use, just; pick one and use it faithfully!

Don’t be pulled by links that may or may not take you where you want to go. This is particularly true with ‘shortened’ or ‘mini’ links used on sites like Twitter. If you do not have 100% confidence that the link is going to take you to a legitimate site, look up the material yourself. To help you learn how, I’ve written the blog Mitigate Risks When Using Shortened URL’s.

And, since McAfee didn’t toot their own horn in their report, let me also mention McAfee’s relatively new Secure Short URL Service that tests the links for your safety. You can learn more about their service in my blog New Secure Short URL Service from McAfee.

Coming up in my next blog: ThreatExploiting Social Media: Geolocation services


Average US Teen Sends or Receives 3,339 Texts a month

October 24, 2010

If you think your teen is spending more time texting, you’re right. The average US teen (13-17 years old) now sends or receives 3,339 texts a month according to new research by The Nielsen Company. That represents an 8% increase over last year.

While texting increased in all age groups year over year, teens continue to text more than all other age groups combined.

It will come as no surprise that gender plays a role in the number of text messages sent. Teen girls top the texting chart with an average of 4,050 texts per month, vs. their male counter parts who average 2,539 texts.

Texting now biggest reason teens get a phone

Texting has surpassed safety (which held top spot in 2008) as the primary reason teens get a phone, while keeping touch with friends has dropped into third place.

With the increase in teen texting, voice usage has dropped by 14%. While in previous years texting was considered fun, now 78% of teens find it more functional and convenient; including 22% who find it easier, and 20% who find it faster than talking.

That isn’t to say teens have quit talking, girls average about 753 minutes of gab time a month, while guys use around 525 minutes.

Data and application use increasingly important

A whopping 94% of teens self-identify as advanced data users of messaging, internet, multimedia, gaming, downloading and other activities. Though teen usage is still less than that of young adults, their data usage has increased dramatically; male teens usage jumped from 17MB to 75MB, and their female counterparts jumped from 11MB to 53MB in the last year.

Key drivers of the data consumption increase are advanced smartphones with large screens designed for better data consumption, and the broader range of applications teens are now downloading, including Facebook, Pandora and YouTube. Downloading video, for example, is a particularly heavy data hog.

Increased data consumption signals greater need to help manage and monitor youth’s mobile experience

If you haven’t already adopted mobile safeguards for your family’s phones, it may be time for you to do so.

While mobile malware is still in its infancy, security vendors have seen a huge uptick in mobile attacks since late last year.

While many people have been predicting mobile malware for a while, “this might actually, finally, be the year,” said Tim Armstrong, a malware analyst at Kaspersky Lab, during a meeting of the Messaging Anti-Abuse Working Group earlier this month. Noting that his company identified more than 1,550 mobile malware signatures in September, Armstrong said, “it’s only a matter of time before we see some really huge malware infections.”

Along with increased security, consider what mobile family safety protections you may need (often referred to as parental controls). Several family safety companies are ramping up their mobile services to meet youth’s needs for protection against malicious users, and to filter content that’s inappropriate for minors.

Highlighting the expansion of mobile content categories like user generated content, mobile TV, adult content and gambling, I refer to new data from Juniper Research in my blog Mobile Revenues in North America Projected to Jump to $10 Billion by 2015.

What this may mean to your phone bill

In the face of dramatically increasing data use, carriers are feeling the pinch.

Several carriers have switched, or are considering dumping their all-you-can-eat data plans in favor of requiring consumers to pay by data volume in a tiered pricing structure.

AT&T, which has seen data usage skyrocket with the roll-out of the iPhone, stopped offering new customers unlimited plans back in June. Verizon Wireless, who reports say will begin offering an iPhone early next year, announced in September that they would switch to tiered data plans in 4-6 months.

Sprint appears to be headed in the same direction, as Sprint CEO Dan Hesse said in comments to the press last month, “We can offer unlimited as long as the usage is reasonable. If you run an all-you-can-eat buffet, but you have the New England Patriots come in and the whole team spends a whole day there, I can’t afford to do that anymore.”

While the change from unlimited pricing plans to tiered pricing will save most consumers money, at least from the outset, consumers who are heavy data users may need to either scale back their activities, or get ready to pay more.

This shifting payment structure will unquestionably impact the burgeoning consumer mobile application businesses. Mobile developers experienced a virtual gold rush in the all-you-can-eat environment where consumers could wantonly download their wares without concern for their phone bill. The iPhone store alone offers over 200,000 applications for a phone first launched 4 years ago. Expect the pace of development to slow, or even shrink, as consumers on tiered pricing plans think about the potential impact to their phone bill.

If you’re a parent of a data hungry teen, hold onto that checkbook.


Growing up without a cell phone!! OH NO!!!

September 8, 2010

Unfortunately, the author of this piece is unknown, but what a piece it is….. Note: there is mild profanity.

When I was a kid, adults used to bore me to tears with their tedious diatribes about how hard things were. When they were growing up; what with walking twenty-five miles to school every morning…. Uphill… Barefoot…BOTH ways… yadda, yadda, yadda

And I remember promising myself that when I grew up, there was no way in hell I was going to lay a bunch of crap like that on my kids about how hard I had it and how easy they’ve got it!

But now that I’m over the ripe old age of thirty, I can’t help but look around and notice the youth of today. You’ve got it so easy! I mean, compared to my childhood, you live in a damn Utopia! And I hate to say it, but you kids today, you don’t know how good you’ve got it!

I mean, when I was a kid we didn’t have the Internet. If we wanted to know something, we had to go to the damn library and look it up ourselves, in the card catalog!!

There was no email!! We had to actually write somebody a letter – with a pen! Then you had to walk all the way across the street and put it in the mailbox, and it would take like a week to get there! Stamps were 10 cents!

Child Protective Services didn’t care if our parents beat us. As a matter of fact, the parents of all my friends also had permission to kick our ass! Nowhere was safe!

There were no MP3’s or Napsters or iTunes! If you wanted to steal music, you had to hitchhike to the record store and shoplift it yourself!

Or you had to wait around all day to tape it off the radio, and the DJ would usually talk over the beginning and @#*% it all up! There were no CD players! We had tape decks in our car. We’d play our favorite tape and “eject” it when finished, and then the tape would come undone rendering it useless. Cause, hey, that’s how we rolled, Baby! Dig?

We didn’t have fancy crap like Call Waiting! If you were on the phone and somebody else called, they got a busy signal, that’s it!

There weren’t any freakin’ cell phones either. If you left the house, you just didn’t make a damn call or receive one. You actually had to be out of touch with your “friends”. OH MY GOD !!! Think of the horror… not being in touch with someone 24/7!!! And then there’s TEXTING. Yeah, right. Please! You kids have no idea how annoying you are.

And we didn’t have fancy Caller ID either! When the phone rang, you had no idea who it was! It could be your school, your parents, your boss, your bookie, your drug dealer, the collection agent… you just didn’t know!!! You had to pick it up and take your chances, mister!

We didn’t have any fancy PlayStation or Xbox video games with high-resolution 3-D graphics! We had the Atari 2600! With games like ‘Space Invaders’ and ‘Asteroids’. Your screen guy was a little square! You actually had to use your imagination!!! And there were no multiple levels or screens, it was just one screen… Forever! And you could never win. The game just kept getting harder and harder and faster and faster until you died! Just like LIFE!

You had to use a little book called a TV Guide to find out what was on! You were screwed when it came to channel surfing! You had to get off your ass and walk over to the TV to change the channel!!! NO REMOTES!!! Oh, no, what’s the world coming to?!?!

There was no Cartoon Network either! You could only get cartoons on Saturday Morning. Do you hear what I’m saying? We had to wait ALL WEEK for cartoons, you spoiled little rat-finks!

And we didn’t have microwaves. If we wanted to heat something up, we had to use the stove! Imagine that!

And our parents told us to stay outside and play… all day long. Oh, no, no electronics to soothe and comfort. And if you came back inside… you were doing chores!

And car seats – oh, please! Mom threw you in the back seat and you hung on. If you were lucky, you got the “safety arm” across the chest at the last moment if she had to stop suddenly, and if your head hit the dashboard, well that was your fault for calling “shot gun” in the first place!

See! That’s exactly what I’m talking about! You kids today have got it too easy. You’re spoiled rotten! You guys wouldn’t have lasted five minutes back in 1980 or any time before!

The Over 30 Crowd

To this list, I imagine most of us can add a few more, but it’s an entertaining walk down memory lane.


It takes More than Technology to Venture Out in Nature

August 30, 2010

Now there’s one more item to add to the list of internet safety topics; technology doesn’t cure stupidity when spending time in the great outdoors.

An article in the New York Times outlines the struggle National Parks are facing as technology leads more park visitors into trouble.

Experienced hikers know to bring the gear, clothing, food, first aid kit, and water needed for any outdoor adventure, but with record numbers of visitors in our National Parks, rangers say that technology often figures into the trouble ill prepared, or inattentive people get themselves into.

While technology can benefit hikers who can call when they are really in trouble, the role of technology in accidents inside national parks has become so prevalent that the park service recently added “inattention to surroundings” to their list of common causes of injury.

The Times article provides several examples:

  • The woman who wanted close-up footage of a buffalo, but who got more than she bargained for as the buffalo charged.
  • The hiking party that called in rescue helicopters three times by pressing the emergency button on their satellite location device. When rangers arrived the second time, the hikers explained that their water supply “tasted salty.”
  • The French teenager who was injured after plunging 75 feet this month from the South Rim of the Grand Canyon when he backed up while taking pictures.
  • People with cell phones who call rangers from mountaintops to request refreshments or a guide – or hot chocolate.
  • The hikers who rely solely on GPS, failing to use common sense, maps, or compasses – sometimes failing to even bring water with them.

Providing help is expensive. Flying a helicopter into the park for a rescue can cost as much as $3,400 an hour, said Maureen Oltrogge, a spokeswoman for Grand Canyon National Park. I sure hope the gentlemen who felt compelled to call in the choppers 3 times, are footing that bill.

The lessons to learn?

  • Hiking distracted can be as fatal as driving distracted.
  • You can’t pull water, food, or shelter, out of your cell phone or GPS device, any more than you can pull it out of your ear. If you want to eat, drink or have shelter, bring it with you.
  • There aren’t cell towers in the National Parks – or in most of our wilderness areas – so expect coverage to be spotty at best, if carrying your cell phone is your whole survival plan, expect to find yourself up a creek.
  • Technology can’t beat out common sense and preparedness, if you don’t have these, stay home.

Click here to read the full NYT article.