Monday 8 February 2010, 2:43 PM
Malicious Mobile Code: What You Need to Know.
Malicious Mobile Code: What You Need to Know.
Author: Eric Everson, MBA, MSIT-SE
The thought of someone hacking into your mobile phone to steal your personal data added to the growing number of mobile threats sounds bad enough, then you come across the industry term “Malicious Mobile Code” and it makes downloading any new mobile app a scary process.
So it sounds like scary stuff, but what is Malicious Mobile Code (MMC) REALLY? If you follow my journal, you know that I’m always knuckle-deep in this kind of stuff, and as a result I’ve lost many good computers and mobile handsets along the way. As threatening as the words may sound, MMC is really an industry catchall phrase that refers to any code that can hinder the operation of a mobile application or device.
Building software is kind of like building a house of cards in that each layer depends on the next to function properly. In software (just as in the house of cards) if you remove or otherwise tamper with a key component it can often corrupt the entire structure. MMC most often attempts to do this very thing by injecting faulty code into a key operating component of your mobile software or Mobile Operating System (MOPS).
Though mobile devices are steadily becoming more sophisticated with added computing power, the reality is that MOPS remain highly vulnerable to such MMC attacks. This is why third-party mobile security software is becoming so important to have on your mobile device. Many of the mobile security solutions on the market today block the MMC similar to antivirus software for a computer.
Additionally, the demand for mobile app-driven handsets is significantly on the rise which is putting many users at greater risk.
Often consumers on the most popular app retail portals assume that anything they download to their handsets should be safe. Despite best efforts however, many risky apps from those with harmful embedded source code to those masquerading as legitimate financial services apps are making their way to unsuspecting mobile users.
This issue has created new demand for services like MyMobiSafe Verified, the first service of its kind that offers a formal review and validation of new mobile apps across every platform (iPhone, Android, BlackBerry, Symbian, Java, Orange, and all others). By creating an environment where developers and the mobile community alike are looking for the confidence of the MyMobiSafe Verified mark, this creates a significant hurdle for unwanted Malicious Mobile Code in the market.
MMC can range from the simplest corrupt code to the worst mobile viruses, yet the phrase and acronym remains as an industry catch all. As a software engineer and one with substantial frontline experience with this kind of code, my words of wisdom are to be cautious of anything that you are loading onto your handset. If it is free, remember that old adage that suggests “nothing good comes free.” In too many cases of mobile apps, free means that there is something else behind the curtains. Start looking for verified apps before you buy them as they will often display an industry-wide recognizable logo. Finally, remember that not all MMC is created equal, in many cases damage is not permanent and can often be repaired by a professional.
Friday 5 February 2010, 6:24 PM
Bletchley Park calls for operators for Bombe rebuild
The home of World War II codebreaking has called for engineers to operate an electro-mechanical machine developed by mathematician Alan Turing.
The Turing Bombe was a brute-force code-breaker which built on previous work conducted by Polish crypto-analysts. Bletchley Park has rebuilt one Turing Bombe, and now the museum is to launch a recruitment campaign for volunteers to operate it.
The volunteer recruitment open days at the museum, which will be on Friday 12 and Saturday 13 March, are designed to recruit operators for the project, as well as museum guides.
"We've got a number of opportunities for people interested in the history of technology," director of museum operations Kelsey Griffin told ZDNet UK on Friday. "We're looking for electrical and mechanical engineers to help operate the Turing Bombe rebuild."
Griffin said that the museum is understaffed for volunteers, a situation which has been exacerbated by growing visitor numbers.
"Visitor numbers in 2009 exceeded 100,000 visitors for the first time – while we had budgeted for the [economic] downturn," said Griffin. "It's fantastic, but it puts a strain on an already understaffed volunteer team."
The Turing Bombe was an electro-mechanical device that mechanised the process of breaking into crypto streams which had been formed by German Enigma machines, used for military communications. The Bombe was designed by Alan Turing and another mathematician, Gordon Welchman.
The machine was wired to conform to a 'menu' devised by mathematicians, based on 'cribs' or guesses of short parts of Enigma messages which could have contained commonly used words. The Turing Bombe found potential Enigma settings not by proving them, but by disproving every incorrect setting in turn.
The Bombes were built by the British Tabulating Machine company, based in Letchworth. By the end of the war, Bletchley Park and its outstations boasted 210 machines, which were subsequently broken up and destroyed to maintain secrecy at the start of the Cold War.
"[Winston] Churchill was adamant that he didn't want anyone to know how successful our codebreaking had been," said Griffin.
The museum's existing Bombe was rebuilt from a series of black and white photos and the original blueprints. The machine took fourteen years to rebuild by a dedicated team of engineers.
Wednesday 3 February 2010, 3:16 AM
iPad on Lockdown: Apple Faces a Twist of Intellectual Property Law
iPad on Lockdown: Apple Faces a Twist of Intellectual Property Law
Author: Eric Everson, MyMobiSafe.com
Imagine that you have this great product idea and a catchy brand name for it too. As managers, we have all been there at some point or another. Grandiose ideas of being patted on the back and welcomed into the inner circle of the executive leadership team come to mind as you envision all the profit your company is going to earn with this revolutionary new product… then the USPTO (US Patent and Trademark Office) snaps you back to reality as you discover that it’s already been done before!
As a U.S. Company, this is the epiphany that Apple Inc (NASDAQ:AAPL) either failed to acknowledge or figured they had the treasury and legal muscle to flex. As it turns out the iPad, is not a new product in the world of technology, in fact as even some of us more techy types may remember, it was Fujitsu that actually introduced the first iPad. Don’t just take my word for it, just look it up for yourself at USPTO.gov (Hint: start with US Patent: 7,228,469).
How accurate does this sound? “Portable information device, … portable information device, and computer product” If that sounds like one of Steve Jobs’ lines for promoting the new Apple iPad, think again as that text was literally copied verbatim from the Fujitsu owned US Patent: 7,228,469. It would seem that Apple Inc has stepped into the ring with Fujitsu, which is a leading Japan-based company with a beefy balance sheet and domestic access to the legal system that should certainly make Steve Jobs and team consider their next moves carefully.
As I understand it Apple has until February 28, 2010 to decide to fight for the name at the USPTO. The new Apple iPad has iPhone app developers frantic as their current content will lose significant resolution when displayed in full screen on the iPad. Apple released a new SDK exclusive to the iPad this week, which has many developers contemplating if they should invest the time in redeveloping and transferring their product to the iPad.
While the future may bring about a balance where app content can be shared from iPad to iPhone (and back) with ease, in the interim we are granting a specialized MyMobiSafe Verified package that covers content unique multiplatform apps. This will allow app developers to earn their MyMobiSafe Verification for either their iPhone App or their iPad app and use the same credentials at no added cost.
Apple is no stranger to big lawsuits and legal action, but for now, it seems this twist of intellectual property law has plans for the Apple iPad on lockdown.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Friday 29 January 2010, 5:29 PM
Metropolitan Police reveal anti-counterfeiting project
A project designed to limit equipment that organised criminals use in counterfeiting scams has been revealed by the Metropolitan Police.
Project Genesius, which has been running for two years, seeks to encourage the printing industry to sign up to a voluntary code of conduct, to prevent printing equipment and technologies falling into the wrong hands.
Detective chief inspector Nick Downing said at a press conference in New Scotland Yard on Tuesday that the Met would like anyone selling or reselling specialist printing equipment to profile customers.
"Customer profiling is vitally important," said Downing.
Indicators which should raise suspicions if taken together include: if it is a cash only purchase; if there is no delivery address; no invoice required; if purchasers don't quibble about the price; no company name; if it is delivered to a residential address.
In response to a question from ZDNet UK, Downing conceded that a manufacturer or reseller's primary concern was to sell the equipment, but added that the Met would be grateful to the printing industry if it kept its eyes open.
"Yes, their number one priority is business," said Downing. "But we all have a responsibility to make sure [the industry] is selling products in a responsible, safe way."
Project Genesius has resulted in the seizure of hundreds of printers and specialist equipment, the Met said in a press statement on Tuesday.
Wednesday 27 January 2010, 3:19 PM
Is Mobile Banking Safe: Redefining Mobile Security through App Verification
Is Mobile Banking Safe: Redefining Mobile Security through App Verification
Author: Eric Everson, Founder MyMobiSafe.com
I was told with optimism recently that there is an upswing expected in the use of mobile banking services in the year ahead for key markets within the US and EU. The trouble is however, this growth is hinged on one MAJOR hurdle which is security.
Just the other week for example, news spread from media sources like USAToday.com confirmed that Google (NASDAQ:GOOG) removed more than 50 mobile banking apps from its Android Marketplace. These apps were just a few of the growing number of phishing apps that hackers are releasing into the financial services sector of mobile banking. The questions on the minds of many is, “How could this happen and is my mobile banking app safe?”
The problem is that until recently there has not been a third-party verification process to ensure the security of these apps, which is exactly why many have started looking for the MyMobiSafe Verified logo before they buy or use their apps. MyMobiSafe.com has introduced the wireless industry’s first verification process for app developers. What makes the company standout is that they work directly with app developers to credential mobile apps across all platforms. From Symbian and BlackBerry apps to Java and Android apps, MyMobiSafe Verified is certainly putting its mark on the industry.
As a mobile security professional, I literally come in contact with thousands of apps in a given week and one thing that is missing from 99% of them is an element of security. The reality is that app users want apps that are fast loading and easy to use; adding in security features to these apps more often than not makes them too robust and slow. In a market where app developers are sometimes making pennies on the dollar from each app they sell, sacrificing the user experience is not worth adding burdensome security protocols.
Mobile banking apps often have more security built-in, but without a verified logo from a credible third party, users simply just do not know what apps they can trust. Digging deeper into the issue of the phishing apps that are becoming so popularized in mobile financial services, mobile security solutions on your handset will not make your information more secure if you are voluntarily putting it into these dangerous apps. This is not to discount the importance of mobile security software on your handset as the state of device-level security remains very limited on most mobile phones.
Mobile verification is a new method that is redefining the way we view security as a mobile community. People are starting to look for the seal of approval from services like MyMobiSafe Verified before they use new mobile apps. This is a paradigm shift from the days when it seemed that any app downloaded from a reputable mobile content distributor (i.e. App Store, Android Marketplace, BlackBerry App World, GetJar, and others) was considered harmless. Today more than ever, the uptick in popularity of mobile financial services is being targeted. Without an authenticated MyMobiSafe Verified logo, how do you REALLY know your app is safe?
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Ref:
http://content.usatoday.com/communities/technologylive/post/2010/01/google-removes-banking-apps-from-android-marketplace/1
Monday 25 January 2010, 3:51 PM
Verified Mobile Apps?
Verified Mobile Apps?
Author: Eric Everson
Verified services are nothing new to the digital environment; simply look at the success of Verisign, Inc (NASDAQ: VRSN), a company which offers a variety of Internet and communications-related services. While offering a myriad of services all targeting computing industry, VeriSign is perhaps most recognized by its Certificate Services (verification) logo. As the digital environment became riddled with malware, verification quickly took a leading role toward improving digital security and essentially paved the way for eCommerce as we know it today. With smartphones quickly stepping into digital territory which was recently exclusive to computers, verified services are going mobile.
If you perform a Google search for “Verified Mobile Apps” you are certain to encounter JavaVerified, which is Sun Microsystems (NASDAQ: JAVA) verified service arm for Java developers. The Java Verified Program is exclusively for Java apps for the mobile and computing environments. As you scan through your Google search what you will likely also see is information about MyMobiSafe.com, who has released MyMobiSafe Verified, the wireless industry’s first verified services that caters to mobile app developers exclusively. While MyMobiSafe is emerging as the leader in verified mobile apps and mobile verification services, it is truly the rise in security related issues within the mobile environment that has introduced a need for such services.
From the iPhone (NASDAQ: AAPL) to the myriad of new mobile devices arriving with the Android Operating System (NASDAQ: GOOG), mobile users are hungry for new apps. This has led to the introduction of mobile malware cloaked as legitimate apps (already found in both platforms in 2010). This has app developers scrambling to identify a credential, like MyMobiSafe Verified, that “would be customers” could recognize to differentiate their apps from those that could be tainted by hackers.
MyMobiSafe Verified introduces a comprehensive five phase verification process, which is designed to document, test, and sign mobile apps to ensure their security within the mobile community. Where many app developers may forego built-in security protocols due to the threat of hindering their apps performance, MyMobiSafe Verified provides a unique affordable alternative. With mobile apps for financial services on the rise (banking, money transfer, ePayments, etc) the need for verification is certain throughout the mobile industry. For anyone who has ever put their money where their mobile is, the fears can be all too real.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Thursday 21 January 2010, 4:22 PM
The Importance of Verification in an App-driven Mobile Industry
The Importance of Verification in an App-driven Mobile Industry
Author: Eric Everson, Founder MyMobiSafe.com
The future of mobile essentially belongs to the company that offers the best apps. As Apple Inc (NASDAQ:AAPL) revolutionized the digital music business with their iTunes Store, the company is carrying that momentum forward in mobile with their App Store. Meanwhile, companies like Google with its Android OS and BlackBerry are beginning to make a momentous shift in this direction too. With over 10,000 new apps being developed each week, mobile verification will play a major role in the app-driven future of the wireless industry.
Many are familiar with the Apple “vetting process” that new iPhone apps must undergo; this is a process that literally dissects every app that is submitted to the App Store. The vetting process has become a roadblock that many developers struggle to overcome. As Brian Heater of PCMag.com writes, “The company recently celebrated the submission of the 100,000th app for the platform. "Submission" is a key word. No one but Apple knows precisely how many apps have been rejected. And the company hasn't exactly publicized what many developers have deemed an overzealous and somewhat arbitrary vetting process.” (Heater, 2009) Many app developers are opting to forego the bureaucracy of the Apple policies in favor of programming for the rapidly growing Android OS.
The vetting process is far less strenuous for Android and BlackBerry apps, which has incited concern amongst many users regarding the safety and quality of the apps they are downloading. This is exactly why developers and app users alike are coming to recognize the MyMobiSafe Verified logo as a premier mark of quality throughout the industry. The MyMobiSafe 5-Phase Verification process, is remarkably more friendly for app developers as it is essentially a process where developers work one-on-one with MyMobiSafe experts to ensure the quality and security of the apps they want to credential. The MyMobiSafe Verified logo is quickly becoming the stamp of approval that everyone in the industry is looking for.
As MyMobiSafe recently launched this innovative credential, it is not likely to get developers through the arduous Apple vetting process any quicker – yet. MyMobiSafe.com hopes to work directly with companies like Apple, Google, Microsoft, BlackBerry, Nokia and others in the future to continue to grow the prevalence of this mark throughout the industry. The MyMobiSafe Team realized this gaping void in the market and has worked tirelessly for many months to introduce the wireless industry’s first verification services for mobile app developers.
Apps are becoming a big business opportunity and many developers, from independent small business programmers to major corporate development firms, are looking for a stamp of quality to differentiate their products in the marketplace. As the vetting processes for new apps are unique to each provider, MyMobiSafe Verified represents a new step forward that is becoming universally recognized and sought throughout the industry. There is no denying that the future of mobile will be driven by apps, but with so many MOPS (Mobile Operating System) providers depending on quality third-party apps, verification will play a major role in the app-driven future of the wireless industry.
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com. To get started with your MyMobiSafe Verification simply email: GetVerifed@MyMobiSafe.com.
Heater, B. (2009, November 17). PCMag.com. Retrieved January 18, 2010, from Apple's iPhone App Vetting is Here to Stay—For Now: http://www.pcmag.com/article2/0,2817,2356027,00.asp
Wednesday 20 January 2010, 5:36 PM
17-year-old Microsoft flaw affects Windows 7
A flaw that has been present in Microsoft software since 1993, and still affects Windows 7, has been published by a security researcher.
Tavis Ormandy published details of the flaw on the Neohapsis mailing list on Tuesday.
The problem lies in the Virtual DOS Machine, Heise security explained on Wednesday.
"Microsoft isn't having an easy time of it these days," said the Heise article. "In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7."
Workarounds include users disabling the MS-DOS subsystem by starting the group policy editor and enabling the "Prevent access to 16-bit applications" option in a sub-menu of the computer configuration tab, according to the Heise article.
Wednesday 20 January 2010, 12:58 PM
UK airports to get body scanners next week
The UK is to institute body scanners at its airports from next week, Gordon Brown has announced.
The prime minister told Parliament on Wednesday that, in the wake of Umar Farouk Abdulmutallab's alleged attempt to blow up Northwest Airlines Flight 253 above Detroit on Christmas Day, a no-fly list would also be instituted.
The alleged 'pants bomber' was subdued by fellow passengers after an explosive device set his trousers on fire during the flight.
Brown said the scanner technology that will be instituted is the "best we have today", and urged other countries to take similar measures to increase airport security.
The government has previously said it wants body scanners at airports, but had not previously said when this would be instituted. The devices have come under fire from some privacy campaigners, as they effectively allow passengers to be viewed naked by security personnel.
Brown also announced on Wednesday that direct flights between the UK and Yemen — where Abdulmutallab said he had been given the bomb — have been suspended.
Tuesday 19 January 2010, 2:14 PM
MyMobiSafe.com: Sticktoitiveness from Software Provider to Verification
MyMobiSafe.com: Sticktoitiveness from Software Provider to Verification Leader
Author: Eric Everson
Every entrepreneur has a relationship with this word. From the bootstrapping startup to those overburdened by debt structures in this tumultuous global state of economy, we all know this word. Depending on your dictionary of choice, this word may or may not even exist, but it is one that every entrepreneur knows all too well. What is the word? Sticktoitiveness.
As a Microsoft kid, even my trusted Spelling & Grammar tool does not recognize the word, but it is one that so many of us have developed an intimate relationship with over the years. From those that are fighting to keep multigenerational businesses alive through these tough times to those launching their startup in the midst of a lackluster job market, sticktoitiveness is a quality exhibited by the most successful entrepreneurs throughout history. My experience with my venture, MyMobiSafe.com, is no different, it is only through sheer sticktoitiveness that we have weathered the storm of survival to date.
If you’ve visited my company website is the last 24 hours, you have seen that we just launched our business in a very new direction. From our humble beginnings of writing mobile security software, we have now repositioned the company as a leader in mobile verification services. From the beginning our objective has always been to protect the mobile community. Our new direction will allow us the opportunity to drive the future of mobile security forward in a new way as we are positioning MyMobiSafe Verified Services at the forefront of the app-driven mobile environment.
Today we begin working with mobile application developers around the world to position MyMobiSafe Verified as the premier mark of quality in the mobile industry. Before now, mobile app developers had no way of differentiating their apps from those plagued with masked mobile malware. Today through our innovative accreditation process, we are working together with app developers to secure the future of mobile content. This new direction is a reflection of our commitment to the success of MyMobiSafe and our dedication in driving mobile security forward. More importantly it demonstrates the sticktoitiveness of this small company in the face of the most challenging economic times that most of us have ever managed through.
According to Merriam-Webster.com, sticktoitiveness means dogged perseverance and has an etymology that dates back as far as 1876 during the industrial revolution. Sometimes, as in the case of MyMobiSafe, that means making tough decisions to shift directions when everyone else is falling down around you. As entrepreneurs, it is our sticktoitiveness that allows us to dig deeper while many others perish. Sticktoitiveness is a word that is changing the future of mobile security and may be one that will revitalize your small business too.
Eric Everson – “The MobileTech”
About the Author: Eric Everson is a leader in mobile technologies and is the founder of the U.S.-based MyMobiSafe.com. If you would like to contact Eric Everson for interview or with consulting related inquiries contact him directly at EricEverson@Hotmail.com.
Ref:
http://www.merriam-webster.com/dictionary/stick%20to%20itiveness
Previous
