by Alastair Stevenson. 20 August 2012. - .v3.co.uk
A serious security vulnerability has been uncovered in Apple's iOS mobile platform letting cyber criminals send messages masquerading as the user's bank.
The new iOS vulnerability was discovered by underground security researcher 'pod2g' on 17 August.
The flaw reportedly stems from how Apple handles its SMS gateway.
The company's system reportedly makes it possible for individuals to specify a reply to number that is not their own when sending a message.
This means that, when users reply to a message, their text will not be sent to the recipient number listed in the original message.
"If this flaw is confirmed, it would make it easier for cyber criminals to engage in phishing attacks via SMS," Kaspersky researcher David Emm told V3.
"They could send SMS messages, asking for confidential data, making it look like it came from a legitimate source. In general you should never send any confidential data through SMS or other messaging services as the origin is hard to verify."
At the time of publishing, Apple had not responded to V3's request for comment on the vulnerability, though Engadget has reported receiving confirmation that the company is aware of the problem.
"Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks," an Apple spokesperson told Engadget.
"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS."
Summary:With its consumer focus, Apple has overlooked the importance for enterprises to be able to control and distribute patches and upgrades. It's a shortcoming to which Microsoft and its Surface tablet will not succumb
By Lori MacVittie | August 7, 2012
Despite all the talk about BYOD and the need to control mobile devices in the enterprise, most of the focus has been on access control and data security.
But as tablets and phones become the standard medium through which employees interact with corporate resources, there are other important managerial issues to be considered. Yes, I'm talking about patches and upgrades.
Could Microsoft's familiarity with the enterprise give the Surface tablet a leg-up?
Most IT departments today are familiar with Patch Tuesday when Microsoft rolls out updates, fixes and security upgrades to existing systems. It's been a regular occurrence since 2003 and is probably a recurring event in the Outlook calendars of most technicians.
With this regularity comes familiarity and security. Remember — a lot of IT departments still don't allow Apple laptops in the office even today.
Enter BYOD and the iPad. The Apple iPad is a new kid on the corporate block, adopted by executives as the must-have device for digesting material and working on the move. But Apple has its own calendar of releasing updates, which may seem strange and unfamiliar. It has its own ways of working and lacks the established number of middle-man companies dedicated to managing and applying these updates.
For enterprise organisations, this is a big deal. The cost of upgrading alone and being subject to the release cycle of an outside entity are not things CIOs are willing to accept as standard operating procedure. Microsoft is familiar territory — Apple tablets are still reasonably new and non-standard.
Here comes Microsoft
Enter Microsoft, with its tablet offering, Microsoft Surface. As I've said, most large enterprises are already familiar with Microsoft technologies and Microsoft is well versed in dealing with the eccentricities of the enterprise, which upgrade and patch on their own schedule according to their own needs and budgets.
The ability to integrate Microsoft Surface tablets into the mix more seamlessly than yet another vendor platform may give the giant the edge it needs to make its tablet stick.
The ability to control and distribute patches, upgrades and applications is one that should not be underestimated, but is sadly overlooked by Apple with its consumer focus.
Downloading a single patch file and distributing to hundreds or thousands of devices on a schedule that does not overtax the network is something organisations do regularly today, mostly due to the frequency with which Microsoft has tended to patch and update in the past decade.
But for Apple this is unfamiliar territory. An organisation standardising on Apple iOS may find its network suddenly overwhelmed when every device connected attempts to download and install the latest patch pushed — and required — by Apple.
Android devices, too, with their origins in open source, lack managerial systems through which updates and upgrades and patches can be pushed in a manner appropriate to enterprises. However, Android's openness will probably lead to a market of solutions and integration with more mobile device management than the closed, proprietary Apple.
BYOD may give Microsoft the edge
Still, as enterprises continue to struggle with BYOD and BYOL and BYO-whatever-the-next-thing-is issues, Microsoft's long and often painful experience gaining a foothold in the enterprise may give it the edge it needs to gain share in this volatile market.
Enterprises will no doubt appreciate Microsoft's willingness to share control — if not give it outright. Microsoft recognises that enterprises are not consumer homes, and management integration is a critical factor in widespread enterprise adoption of any new technology.
Security is important, and certainly it is central in this brave new mobile world. But it is also the operational management of devices and applications that must be considered when adopting a mobile device strategy, whether BYOD or not.
Lori MacVittie is responsible for application services education and evangelism at application delivery firm F5 Networks. Her role includes producing technical materials and participating in community-based forums and industry standards organisations. MacVittie has extensive programming experience as an application architect, as well as in network and systems development and administration.
Need to share some private data but don't want to risk a hack attack? Free service OneShar.es offers secure, self-destructing email.
By Rick Broida, PC World ,August 08, 2012
Suppose corporate needs your bank's routing and account numbers to get you set up for direct deposits. Or the IT department needs your password to upgrade or modify your account.
Iron Mountain wins email archiving test
That's not the kind of information you typically want to share via email. Or instant message. Or even fax. Ideally, it's the kind of thing you'd write on a sticky note and hand directly to the person who needs it.
Of course, that's not always an option, meaning you need some kind of safe, electronic way to transmit sensitive information.
Enter OneShar.es, which lets you create a secure, self-destructing message for one recipient.
It works like this: You click the blue Create One Now button, then type or paste the information you want to share. You can choose to automatically "self-destruct" (i.e. delete) the message if it hasn't been viewed within a designated amount of time -- anywhere from 30 minutes to 3 days.
Next, click Create Link, then copy and paste that link into an email. When the recipient clicks it, he'll gain access to the private message -- an action that also self-destructs the link (meaning no one else can use it).
OneShar.es is free, easy to use, and incredibly handy. Ah, but is it secure? According to the OneShar.es About page, the service relies on SSL to encrypt the data between your browser and their servers, and keeps the data encrypted while it's stored. Once your message is viewed, it's deleted from the system.
Granted, there's still no guarantee your data will be kept private and secure, but the same is true of any information you share online. If you have misgivings about using OneShar.es, well, there's always the telephone. Personally, I think it looks like a much safer solution than email or IM.
By the way, if you're an iOS user, the 99-cent OneShar.es app lets you create self-destructing messages on the run.
Kids on social networks: A growing crop of social networks are racing to capture the loyalties of the Web’s youngest and most vulnerable users, The Washington Post reported.
This trend is sparking debate among lawmakers who wonder about the effects that social networks have on younger users and worry about online predators.
Social networks aimed at kids tout themselves as safe environments for children, although they acknowledge that there may be no foolproof way to block predators, the Post reported. In addition to these challenges, they also must deal with the same competitive environment that affects other social networks, such as Facebook — as well as the challenge of monetizing younger mobile users.
Smartphone searches for information on the Olympics are surpassing those made on tablets and desktop devices, according to data released by Google.
The search giant revealed the data on a blog post on Monday, explaining that Olympic related searches had risen 10-fold in the first week of the Games, as people around the world keep up with results on the move.
For example, in the UK 46 per cent of all Olympic searches were made on smartphones and tablets, while during some key moments mobile searches have been the predominate way in which information was gathered.
For example, at the end of the opening ceremony when Paul McCartney appeared, searches for the former member of The Beatles rocketed, with smartphone searches far exceeding those of desktops or tablets.
Dai Pham and Adam Grunewald from Google's mobile ads marketing team, no doubt keen to show firms the benefits of advertising on the firm's platform, said the figures underlined the new way in which users consume information.
"Olympic fever is a global phenomenon, and mobile searches are letting everyone get immediate information, in real time, about what's happening moment by moment," they said.
"It's clear that these are the first multi-screen Olympics, as users are engaging across TV, computers, smartphones and tablets, often at the same time."
The use of mobile applications to keep track of the Olympics is also huge, with the chief information officer of the London Organising Committee of the Olympics Games (LOCOG) revealing last week that its official results app had been downloaded over 8.1 million times.
Quote... "Although the value of big data analytics is far from obvious in the London Olympics, it is fair to say the testing of the technology and its worth to communities has been greatly expanded due to the event."..............
Athletes are not the only ones in the spotlight as the Olympics heads towards its second week. IT has taken centre stage as different parts of the industry have come together to ensure the event runs smoothly and efficiently.
In partnership with Cisco, V3 has taken a look at the IT forming the backbone to the Olympics infrastructure and presence online, notably areas such as security, network management and online video, and the rising use of big data.
Of course, large amounts of data is constantly processed and analysed due to the numerous Olympics competitions taking place each day, from athlete's times and scores to other data such as wind speed and temperature for events like tennis.
The number of visitors attending the competitions will also be noted, as well as their spend, and all such data will be analysed by the UK government to see whether the some £11bn spent on the Olympics has been worth it.However, apart from the obvious use cases of big data during the Olympics, there are a number of more specific examples, especially in the areas of transport and security.
During the run up to the Games, and as they now unfold, the big question continues to be whether London's transport networks will withstand the potential 25 per cent increase in commuters due to the event.
To ensure the networks do not fall apart under the pressure, public authorities have harnessed big data like never before to co-ordinate travel around the city. Transport for London's sophisticated computerised system, Split Cycle Offset Optimisation Technique (Scoot), which already monitors traffic control systems in London so they can be adapted according to traffic and congestion, has now been expanded to around 2100 junctions throughout London.
In recent weeks it has also emerged that TFL has made major changes to the phasing of the 1,300 traffic lights across the capital to help free up traffic on dedicated Olympic lanes, reserved for competing athletes. A TFL spokeswoman confirmed to V3 that the lights will respond to traffic flows in real time, with the red light being prolonged at some junctions if the dedicated lanes become too congested. In a recent interview with V3, TFL Games Transport director Mark Evers said the organisation would be tracking multiple data sources during the Games to track the movement of people around London.
Oyster Card information is one data source that is being tracked to ensure TFL's predictions on the numbers of people commuting and the peaks of travel expected, are on the right track.
Additionally, TFL is monitoring real time CCTV footage and data from traffic stewards lining the street. TFL had considered collecting anonymised data from mobile phones to monitor the public's whereabouts, but this idea was never put into practice. TFL confirmed to V3 that the plans had been shelved, although would not give a reason why.
Inrix, a big data firm specialising in providing traffic information, is helping TFL move people around London. The free Inrix Traffic app uses multiple data sources to help drivers determine the fastest route and avoid delays with up-to-the-second traffic information. The app provides traffic forecasts that help travellers know what to expect on the roads before they take a trip.
In terms of security, London authorities are very likely to be using all types of big data to prevent threats to the event, although the examples of this have not been made public, probably as a protective measure.
"Now information on electronic devices, CCTV images and packet level data on networks, as well as other data coming from a variety of sources can be pulled altogether and analysed. We now have the compute power to do this and the software to do it. Before it was only possible to analyse each of the data sources in real time," Ovum analyst Tony Baer told V3. "You also have the software available that can pick apart different elements of CCTV footage automatically, and then aggregate all the data that is tagged to create very valuable information."
Neuralytix big data analyst Ben Woo expanded on the issue. "Big data is likely to be used during the Olympics in many occasions but in a subtle way." "For example, the British Airport Authority is likely to prioritise the athlete's planes and prioritise them through customs to get them to the event on time," said Woo. He added that big data analytics is also likely to be used to alert the government to the types of passengers flying into the UK for the event.
"I believe a number of authorities, including London Transport and Scotland Yard are all working in conjunction with each other," said Woo.
Woo also pointed to a number of media companies using big data during the Olympics to give their readers further information on the general coverage of the event. For an event that receives such widespread coverage by the media globally, the use of big data is an opportunity for news houses to beat their competitors in the number of online hits received for the period.
"It's interesting how the New York Times is using big data to drive readers to the site. It has 12 people taking the core information and looking at ways it can be visualised," said Woo.
"Those interested can find out not only the horses taking part in the equestrian race but also their blood line and the family of horses they are from."
Although the value of big data analytics is far from obvious in the London Olympics, it is fair to say the testing of the technology and its worth to communities has been greatly expanded due to the event.
Facebook's Mark Zuckerberg has been kicked out of the club made up of the world's ten richest technology billionaires and has been told to hand back his key for the executive loos.
After the Facebook IPO, Zuckerberg was as rich as Croesus thanks to his 503.6 million shares and 60 million options that have an exercise price of six cents a share
But as shareholders realised what we had been saying all along, that the company's value was overrated, Zuckerberg's value has been falling dramatically.
Bloomberg said Zuckerberg is 'only' worth $10.2 billion, probably less if you just boiled him down for parts.
This means that he is $400 million behind James Goodnight who is the co-founder of SAS who now ranks as technology's 10th- richest person, and apparently has to serve the other nine drinks and food until he moves up a spot.
Zuckerberg can go to the cash machine and collect $150 million. Bloomberg says he has other liquid assets - we guess that means a bottle of Talisker which Spinola has not nicked yet.