Paul Wallbank – Brilliant Communications

Tag: security

  • Discussing Cryptolocker and Internet of Things security on ABC Radio

    Discussing Cryptolocker and Internet of Things security on ABC Radio

    If you missed the program, you can listen to the segments through Soundcloud.

    Tuesday morning with Linda Mottram on ABC 702 I’ll be discussing Cryptolocker ransomware, the security of the Internet of Machines and the tech industry’s call for less internet surveillance.

    It’s only a short spot from 10.15am and I’m not sure we’ll have time for callers, but one of the big takeaways I’ll have for listeners is the importance of securing your systems against malware, there’s also some security ideas for business users as well.

    We’ll probably get to mention the ACCC’s warnings on smartphone apps and the current TIFF bug in Windows as well.

    If you’re in the Sydney area, we’ll be live on 702 from 10.15, otherwise you can stream it through the internet.

    Similar posts:

    • No Related Posts
  • Microsoft and the zero day Tiff

    Microsoft and the zero day Tiff

    One of the most dangerous things in computer malware is the Zero Day Exploit where an error in a program is used by the bad guys before it can the hole in software can be fixed.

    A particularly irritating zero day exploit is the TIFF bug in Windows systems where users using Microsoft products can be fooled into opening what appears to be an image file but what turns out to be something more malicious.

    Even more irritating with this bug is that Microsoft aren’t going to fix the problem in Windows XP systems until January’s patch Tuesday which means many people will be susceptible to this problem for nearly two months.

    Zero day exploits are a good reason why every computer user needs to have an up to date virus checker and to take basic precautions before surfing the web or downloading email.

    For Windows users it might be worthwhile taking extra care with email attachments for the next few weeks.

    Similar posts:

    • No Related Posts
  • Potentially unwanted applications – what are we are installing on our smartphones?

    Potentially unwanted applications – what are we are installing on our smartphones?

    One of the notable things about the technology industries is there are always new terms and concepts to discover.

    During a visit to Sophos’ Oxford headquarters last month, the phrase ‘Potentially Unwanted Applications’ – or PUAs – raised its head.

    PUAs come from the problem application developers have in making money out of apps or websites. The culture of free or cheap is so ingrained online that it’s extremely hard to make a living out of writing software.

    As result, developers and their employers are engaging in some cunning tricks to get customers to download their apps and then to monetize them, particularly in the Android world which lacks the tight control Apple exercises over the iOS App Store.

    “What’s interesting about Android,” says Sophos Labs’ Vice President President Simon Reed, “is it’s attracting aggressive commercialisation.”

    The fascinating thing Reed finds about this ‘aggressive commercialisation’ is where the distinction lies between malware and monetisation and when does an app or developer cross that line.

    Reed’s colleagues Vanja Svajcer & Sean McDonald explore where that line lies in a paper titled Classifying PUAs in the Mobile Environment which they submitted to the Virus Bulletin Conference last October.

    In that paper Svajcer and McDonald discuss how these applications have developed, the motivations behind them and the challenge for anti virus companies like Sophos and Kaspersky in categorising and dealing with them.

    The authors also flag that while the bulk of the revenue generated by these apps comes from advertising, there are serious privacy risks for users as developers try to monetize the data many of these packages scrape from the phones they’re installed on.

    Svajcer and McDonald do note though that potentially unwanted applications aren’t really anything new, we could well classify many of the drive by downloads that plagued Windows 98 users at the beginning of the century as being PUAs.

    What we do need to keep in mind though that what is driving the development of PUAs is users’ reluctance to pay for apps and that it’s going to take a big change in customer attitudes for this problem to go away.

    For businesses, this is something managers are going to have to consider as they move their line of business applications onto mobile devices, as Marc Benioff proposed at the recent Dreamforce conference.

    Sophos’ Simon Reed believes potentially unwanted apps won’t be such a problem in the workplace however. “Consumers may have a different tolerance towards PUAs than commercial organisations,” he says.

    The prevalence of PUAs on mobile devices does underscore though just how careful organisations have to be with who and what can access their data. It’s another challenge for CIOs.

    Similar posts:

    • No Related Posts
  • The ghost in the internet of machines

    The ghost in the internet of machines

    A funny thing happened two hours out of Auckland, the cabin crew on the Air New Zealand flight to San Francisco announced the inflight entertainment system had to be rebooted.

    In the thirty minutes it took for the system to reset and reload, various in-seat functions such as the cabin call button and light switch froze, it was a basic example of how complex systems interact with each other.

    The benefits of a connected egg tray involve the device telling us when more eggs are needed, but what happens when the thing tries to tell your online shopping service that you need 200 dozen?

    As the internet of things develops and business systems become more automated, complexity is going to become greater and more subtle. Understanding and managing the risks that extend from that is going to be essential for both public safety and the economy.

    “The Internet of Things creates a whole new range of attack surfaces” Cisco Systems’ Enterprise Group Vice President Rod Soderbery told the Internet of Things conference in Barcelona last month.

    One of those many ‘attack surfaces’ identified by Fraser Howard, Principle Researcher of Sophos Labs are the dozens of household devices from smart TVs to internet connected egg holders that are beginning to appear in homes.

    Almost all these devices will have flaws in their firmware and yet almost no vendor has an interest in maintaining or patching the firmware of this equipment.

    “Consumers have no way of managing this problem” says Fraser as it’s almost impossible for householders to upgrade their systems and consumer electronics manufacturers have a poor track security track record.

    “There’s a long history of companies with mass market items which deal with things like important items like credentials where they have not had a single thought about security,” says Fraser.

    Security is one the many challenges facing the internet of things along with to manage rogue devices in grid networks. There’s a lot of work to be done in ensuring systems aren’t disrupted by an outlier sensor or critical information disclosed by a poorly secured or out of date smart device.

    As connected egg trays start talking to the supermarket, we have to be confident that we aren’t going to come home to find our connected device hasn’t delivered a pallet load of fresh eggs or that it hasn’t given away our banking details to an organised crime ring.

    Similar posts:

    • No Related Posts
  • Greetings from the scammers

    Greetings from the scammers

    The notorious “419 scams” have been around since the early days of the consumer internet.

    419 scams are the elaborate internet frauds that try to convince people they unexpectedly come into money. Once a gullible victim takes the bait, they are duped into paying a range of ‘facilitation fees’ and costs that drains their saving.

    The term 419 scam comes from the Nigerian criminal code that covers this crime, which was appropriate as most — although not all — of these emails originated from the country.

    For a while in the early 2000s, internet users became used to receiving a few 419 scam emails every day but by the middle of the decade they largely dried up as the even the most gullible and greedy idiots became wise to the schemes.

    That’s not to say they have completely vanished, this morning quite a distasteful one landed in my inbox.

    Greetings,
    I wish to seek your assistance to execute a business deal. I am Paul Williams a Contract Agent based in London. I require your consent to present you as next of kin to a client of mine, who died along with his wife and Two kids in the Asian Typhoon Haiyan in the Philippines leaving behind a large sum of money without a next of kin. With your co-operation and information available to me you can make a claim on the funds as the next of kin to my deceased client. After release of the funds to you by the financial institution where it is lodged, we can share according to a percentage we agree upon. If you may be of assistance, please reply for further co-operation.
    Best Regards,

    Paul Williams.

    It’s unlikely that Paul Williams exists and even if he did it’s unlikely he’d have anything to do with this unsavory scam that most people would immediate bin when they receive it.

    Binning the message was my reaction as well, but as I was about to, it occurred to me that there are enough venal, stupid people in the world who would agree to be involved in such a deal.

    No doubt if you asked them they’d say defrauding the deceased family’s estate is a victimless crime as the money would only end up with the government anyway, these people would swear blind they are honest, honourable folk and no doubt they would think they are rather clever.

    It’s worth reflecting that dishonest, venal and somewhat dim people do occasionally get their come-uppance in today’s world.

    Similar posts:

    • No Related Posts