Categories
Computing

The rising tide of Apple Mac Malware

A big selling point for Apple Macs has been the much reduced risk from viruses compared with Windows, however this may not be true for very much longer.

Set aside for now that since Apple switched to Intel processors that increasing numbers of users are using Windows operating systems and are thus as vulnerable as their PC Windows brethren.

Apple’s advertising campaign has worked and their market share is rising globally and has increased to 8.5% in the US which is nearing the 10% point that ArsTechnica believes will be tipping point and will see the malware authors begin to target MacOS X in earnest.

The malware authors may in fact start before the magic 10% barrier is passed as in some sectors two-thirds of retail sales of computers in the $1000 dollars and above bracket are now Macs.

As malware authors are increasingly more motivated by money than the fame that script-kiddies in the past sought the MacOs is now a lucrative market that is currently underexploited. Also given the blasé attitude that many Mac users have towards the threat of viruses and malware due to Apple’s marketingthis spoof of their famous advert may become the norm.

Categories
Computing

The 10 worst security breaches of all time from unencrypted data

Laptop Losers Hall of Shame: The 10 worst security breaches of all time from unencrypted data.

Slideshow of the ten worst incidents of a security breach caused by the loss or theft of a laptop computer.

Categories
Computing Surveillance

ISP Content Filtering Might be a ‘Five Year Felony’

In stark contrast with the UK a former federal computer crimes prosecutor believes that ISP Content Filtering Might be a ‘Five Year Felony’

University of Colorado law professor Paul Ohm, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers’ internet packets are putting themselves in criminal and civil jeopardy by breaking federal wiretapping laws.

In spite of this I’m sure that there will be a push by the US government as there has been here in the UK for ISPs to start doing this.

Categories
Computing Surveillance

UK goverment want email and phone database

The Times: ‘Big Brother’ database for phones and e-mails

A massive government database holding details of every phone call, e-mail and time spent on the internet by the public is being planned as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials.

This seems very much par for the course with this Labour government put absolutely everyone under surveillance in order to catch the criminals and terrorists. I think ministers are being lobbied by technology companies that promise more than they can deliver because the government seeks technological solutions to problems that might otherwise be solved in better ways or in ways that at least do not have a negative impact on British citizens as a whole.

This will be just a step towards a future where they keep a permanent database of every single email you receive, every website you visit and everything you download.

Categories
Computing Security

Security Engineering book – 1st edition available to download for free

Ross Anderson, Professor of Security Engineering at the Computer Laboratory of The University of Cambridge has just published the second edition of his book Security Engineering, the preface and six chapters of which is available to download.

Purchase from Amazon.co.uk

To quote Bruce Schneier “This is the best book on the topic there is, and I recommend it to everyone working in this field — and not just because I wrote the foreword.”

Professor Anderson has made the first edition of his fantastic book available to download for free as a 17MB pdf.

Categories
Computing

A new way to think about data encryption

Ars Technica: A new way to think about data encryption: two-level keys

Current encryption methods are far from perfect—a fact highlighted by the numerous data security breaches that have occurred over the past few years. Technological limitations in the “trusted server” model for encryption and psychological barriers hinder the robust protection of data. A trio of computer science researchers has set out to simplify encryption systems. Their research, which began in 2005, has led to a novel encryption system that they term “functional encryption” greatly simplifies the problem of key complexity.

In a functional encryption system, keys are personalized and only one is needed for a person to gain access to all the data that should be available to them. In addition to simplifying the key process, this idea allows users—with proper access rights—to search encrypted volumes for specific information.

For the mathematically inclined the published research paper.

Categories
Computing

New payment systems claim to make it safer to buy online, but do they?

The Guardian: Experts cast a wary eye over new online payment systems

Two new systems claim to make it easier and safer to shop online, by letting you pay for goods directly from your bank account without having to hand over card details. But experts are warning consumers not to be “lulled into a false sense of security”.

By acting as middlemen in the transaction these systems provide security by ensuring that credit card details are not passed to the retailer however if the banks don’t allow access to their back office systems (and why would they) then these two new systems rely upon users installing software on their computers to handle the transaction details.

But by making it necessary to install software the systems will introduce a vector of attack by criminals who will use phishing techniques and introduce trojans to steal users financial details.

Categories
Computing

Identity theft: Six clicks from a cyber crook

The Telegraph: Posting innocuous personal details on social websites could expose millions to fraud, says Heather McLean

Organised crime is no longer carried out by hackers and script kiddies; it’s gangs of criminals who are well funded and well organised,” warns William Beer, a security expert with Symantec.

The traditional view of computer hackers has been out of step with reality for quite a few years now. As more and more people come online and online services become integrated parts of their lives then the more lucrative it is for criminal gangs to become “cyber criminals”.

Categories
Computing

Confidential Home Office CD found hidden in laptop sold on eBay

BBC News: Home Office CD in auction laptop

A highly confidential Home Office disk was found hidden in a laptop computer sold on eBay.

The CD was found between the keyboard and circuit board of the laptop by computer repair technicians in Westhoughton, near Bolton.

This is an odd story because it is a mystery how it would end up being hidden inside the laptop. However it’s not all bad news because unlike other recent security lapses in this case the repair technicians discovered that the data on the CD had been encrypted.

Categories
Computing

Chip ‘n Pin security compromised

Research carried out by Saar Drimer, Steven J. Murdoch and Ross Anderson of the Computer Laboratory Security Group at the University of Cambridge, has shown how to compromise supposedly tamper-proof Chip and PIN terminals.

Without specialist equipment and with little technical knowledge fraudsters would be able to acquire all the necessary information to clone a user’s credit or debit card.

The full results of the team are published their academic paper. [via]

In Chip & PIN card transactions, customers insert their card and enter their PIN into a PIN Entry Device (PED). We have demonstrated that two popular PEDs, the Ingenico i3300 and Dione Xtreme, fail to adequately protect card details and PINs. Fraudsters, with basic technical skills, can record this information and create fake cards which may be used to withdraw cash from ATMs abroad, and even some in the UK. These failures are despite the terminals being certified secure under the Visa approval scheme, and in the case of the Ingenico, the Common Criteria system. Our results expose significant failings in the entire evaluation and certification process.

Newsnight coverage of the research.