In my day job I sell security products, including Lookout Mobile Security, to Telstra customers.
Here’s a post I wrote about the Ad Network Detector Lookout have just released to help users be certain software on their Android devices isn’t doing anything with their personal information they’d prefer it not to do.
Excellent article from Glenn Fleishman at TidBITS Safe Computing on how Elcomsoft Criticism of iOS Password Apps is Overblown.
The core point I took from the article is that there is a four factor authentication process before you can get to individual passwords:
Which doesn’t preclude a user of an application like 1Password from;
Disclaimer: I user 1Password on my Mac and on iOS and have done since I originally got a free install about 3 years ago. I have since then purchased both the Mac software (currently 3.8.17) and 1Password Pro for the iPhone. Both of which I use daily on both devices.
The summary of AV Test’s March 2012 Malware Protection for Android Tests includes the following:
“Close to two thirds of these scanners are not yet suitable for use as reliable products and identify less than 65% of the 618 types of malware tested”
Though I think the most damning quote was about one of the large number of “free” - mainly ad supported – services:
“…showed no detections in our tests and crashed several times. The advertisements worked properly”
Disclaimer: In my current role I promote Lookout Mobile Security which was in the top 7 tested applications
When Google were just a search company, they made the web one of the most usable things ever. Life was great and everything was a Google away.
Today, as they face the challenges of Facebook, Apple and potentially Microsoft in the turf they made their own, they’ve changed their search algorithms so much that finding a good result can be a challenge at the best of times on a desktop browser. Though surprisingly in the Safari browser on iOStheir results are more like the “good old days”.
So like many other companies who either fail to disrupt themselves or whose attempts at disruption are less successful than expected, they’ll do whatever it takes to maintain their lead. From next week they will make your Google Web history available to it’s other products. A bit like when Microsoft integrated Office into Windows, perhaps?
Because they still have a lot of soul, they at least make it very easy to prevent them from gathering said web history.
Well before the recent discovery Google were compromising, without permission, the privacy setting I had chosen in my browser, I’d already mostly stopped using them for search in the last 6 months. There will still be the odd time what is still the best search engine on the planet has to be used. But, for now, I prefer the growing ability of DuckDuckGo and other services to answer my queries.
DuckDuckGo sounds like they don’t want to be evil after all.
Which Banks iPhone application is, according to their own PR , a very popular way for their customers to access their financials online.
And they’ve generally done a great job. Retaining Security – the key focus in any banking service online – without sacrificing usability throughout the app.
Except in one simple case.
The close button.
At first glance it seems they’ve done the right thing with both the position and the behaviour of the button. In almost every app I use on the iPhone a button in that location signifies going to account settings or going back.
Until you realise any habitual, yet accidental, press will log out the banking session.
The challenge with habitualising yourself NOT to press it is a toss up between wasting a trunkload of time in Facebook figuring out an alternative way to find the kinky photos your friends share or repeatedly logging back in to your banking.
Perhaps they could remove the close button it and just let us use the “Log off” link they’ve helpfully provided instead. Or maybe it’s an undocumented security feature to protect us from ourselves and the HTML session embedded inside application wrapper.
Forbes are reporting that security researcher Charlie Miller has had his iOS developer program licence terminated following his decision to submit an application to the AppStore which hid a proof of concept for exploiting a javascript security bug.
Leaving aside the fact Miller deliberately broke his agreement with Apple, and potentially put other AppStore users at risk, you’d like to think that Apple should instead just take the app down, admit the flaw and work with him to help resolve the issue in a future update.
Security researchers seem to like to publicly embarrass companies who don’t admit to or schedule a fix for flaws they have found. And while there is good reason for that happening – keeping the developer on their toes as it were – there are converse reasons why a software company would refuse to admit the flaw and refuse to advise of a fix. Apple, particularly, for real or flawed reasons have been traditionally ostrich like when it comes to admitting they have a ghost in the machine.
Perhaps a bit less of the Head on and little more conversation between both sides of the equation might help resolve this fundamental dichotomy. In other words; get into bed guys, as a user I know I’d appreciate it.
- You are now two and a half times more likely to download an Malware ridden App than last year
- In July Lookout detected more Malware than in the Entire Calendar year of 2010
The Official Lookout Blog | A Mobile Menace: Trends in Mobile Threats Infographic.
Some good tips on how to find out if your phone is infected as well
Early in the week, Wikileaks started to release cables from American Embassies and consulates to the public. Much embarrassment and hilarity ensued as some of the cables were released. And then it got serious. Continue reading
Today, my colleagues and I are out and about talking about one of the latest online scams – anti-virus software that is actually malicious software in disguise. Not only is this big business for criminals, but it also represents a shift in their approach – rather than exploiting our lack of awarenss, they are now exploiting the fact that most of us know how important (genuine) AV software is. Visit the Get Safe Online homepage to find advice on how these scams work and what warning signs to look out for.• 1 in 4 UK web users targeted via cold calls
• Wolf in sheep’s clothing – AV software is malware in disguise
• 80% UK web users unaware of scam
• Latest cases indicate gangs are making millions
Not sure about the cold calls, but the other stats look familiar
This has been reported across the web since first reported on MacForums today. Continue reading
