STE WILLIAMS

September 5, 2013 – Atlanta – Damballa, the advanced threat discovery company, today released customer research data that indicates over 75% of active infections easily evade detection by traditional protection methods. As malware is evolving so quickly, the research indicates that some of the most frequently deployed security solutions cannot identify active infections that lead to costly breaches.

“While next-gen malware is starting to leverage non-HTTP channels, such as peer-to-peer, HTTP continues to be the predominant channel used by 80% of all malware we see,” said Terry Nelms, researcher at Damballa. “Malware today is using HTTP to ‘blend in’ and evade detection by sending small traces of information over the core ports and protocols that enterprises allow in and out of their network. Our research indicates that firewalls and IPS are highly ineffective at detecting next-gen malware infected devices.”

Nelms presented this research (code name: ExecScent) in a USENIX paper titled, “ExecScent: Mining for New CC Domains in Live Networks with Adaptive Control Protocol Templates.” The tool identified hundreds of infected hosts on networks that had traditional security products deployed.

The company today announced new capabilities to detect emerging and never-before-seen malware by utilizing ExecScent as the basis for a new HTTP Request Profiler. In recent customer trials, the new HTTP Request Profiler within the Damballa Failsafe platform detected five times the number of active infections that traditional technologies found. Leveraging Damballa’s Big Data harvesting and machine learning systems, trained on millions of malware samples a week from malware repositories and consumer and enterprise records, the new HTTP Request Profiler can statistically identify similar structures within HTTP requests to discover hidden infected devices.

Detecting today’s advanced threats requires great efficiency and solutions that go beyond a single approach to recognizing malware. The new HTTP Request Profiler joins seven other Profilers in the Damballa Failsafe platform to deliver the most accurate determination that a device has actually been compromised.

Threat actors are constantly changing their control server destinations and modifying their malware with new serial variants and one-time use server malware sites to evade detection by traditional signature and sandboxing-based systems. When this occurs, it is valuable to perform both behavioral and content-based approaches for active threat discovery to analyze the syntax or structure of the communications, which does not change as frequently.

Damballa can now leverage this statistically similar structure to determine that a device is infected with a new variant of a known malware family. The new HTTP Request Profiler can identify malicious activity by analyzing the content of an HTTP requests, indifferent of the malware variant or destination involved.

For more information on the ExecScent research and the HTTP Request Profiler, visit https://www.damballa.com/downloads/a_pubs/Damballa_ExecScent.pdf

Click to Tweet: @DamballaInc finds over 75% of #malware evades detection by traditional #prevention methods http://ow.ly/ozgEV #infosec

About Damballa

As the experts in advanced threat protection, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patent-pending solutions leverage Big Data from the industry’s broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world’s largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.

Article source: http://www.darkreading.com/vulnerability/new-research-from-damballa-80-of-malware/240161072

Cambridge, MA, September 9, 2013– Bradford Networkstrade, the best choice to enable secure network access for corporate issued and personal mobile devices, today announced the availability of a cloud-based Network Access Control (NAC) service offering. The first and only NAC cloud service available today will utilize Bradford Networks’ award winning Network Sentry solution to provide organizations that have limited internal resources with a cost-effective, flexible solution to address network security needs brought on by Bring-Your-Own-Device (BYOD) adoption.

Bradford Networks’ Network Sentry cloud service will be hosted by Windstream Hosted Solutions, part of Windstream, one of the nation’s premier providers of enterprise-class managed network and hosting services, and supported by DecisionOne, the largest independent technology support organization in North America. Through these partnerships, customers can rapidly utilize Network Sentry without capital or resource investments. The solution is available as a pure software as a service (SaaS) solution, or can delivered as a managed service (MSSP) by DecisionOne.

“With the explosion of BYOD, controlling access to corporate networks is a top security priority for organizations of any size and across all industries. As the pioneers of the Network Access Control market, we are excited to deliver the industry’s first cloud NAC service in partnership with such leaders as Windstream and DecisionOne, and offer organizations yet another easy, risk-free option to address their network security needs,” said Dan Haley, CEO of Bradford Networks. “With the addition of this service to our portfolio, we now offer our Network Sentry solution with a wide variety of deployment options to suit any company’s environment, budget and resources. This enables us to extend the depth and breadth of our global reach and positions the company to maintain and enhance its leadership of the market.”

Benefits of Bradford Networks’ NAC cloud service include:

Full-featured NAC solution – delivers all the features of Bradford Networks’ patented Network Sentry solution, including complete visibility and control over who and what is accessing wired/wireless networks;

No capital expense – the only pure-cloud NAC solution available today that requires no equipment on-site;

Highly scalable – out of band architecture, hosted by Windstream’s secure, reliable enterprise-class infrastructure;

Secure communication – communication between the corporate networks and the cloud infrastructure is via a highly secure VPN connection. Perimeter firewalls, intrusion detection systems, network monitoring and Denial of Service (DoS) protection all ensure the highest degree of network defense;

Complete security – Network Sentry does not capture or store any data traversing a network, and no organizational data is stored in the cloud;

Rapid time to deployment – supported by DecisionOne experts who can deliver customized installations and tailored security policies;

Outstanding service – Windstream provides some of the strongest SLA’s for uptime and service available in the industry. All Network Operations Centers and DecisionOne support centers are domestic and manned by trained technicians 24/7/365;

Multiple deployment options – to address specific environments, budgets, expertise and resources;

Supports customers’ existing environments – seamlessly integrates with customers’ existing network infrastructure;

Integrates with existing BYOD ecosystem technologies – seamlessly integrates with leading security, mobile management, and wired/wireless vendor solutions to provide complete and secure solutions for BYOD;

Supports compliance – an easy and cost-effective solution for compliance with PCI, HIPAA, SOX and other regulations.

“Cloud security solutions are growing in maturity and popularity for many enterprises looking to address IT security issues in a cost-effective and easy manner,” said Steven Lack, Senior Vice President of Managed Services of DecisionOne. “Until now however, we have not been able to leverage the benefits of the cloud to address the BYOD phenomenon that plagues organizations of all sizes. We are excited to be working with Bradford Networks and Windstream to share the first-ever pure-cloud NAC solution with our existing and new customers to mitigate the threats introduced by devices in a BYOD environment.”

Bradford Networks Network Sentry cloud service is available immediately. For more information, please contact [email protected].

About Bradford Networks

Bradford Networks offers the best solution to enable secure network access for corporate issued and personal mobile devices. The company’s flexible Network Sentry solution is the first network security offering that can automatically identify all devices and all users on a network, providing complete visibility and control. Unlike vendor-specific network security products, Network Sentry provides a view across all brands of network equipment and connecting devices eliminating the network blind spots that can introduce risk. Network Sentry is now used by more than 900 enterprise customers worldwide in markets such as healthcare, financial services, retail, government, education and more. For more information, please visit www.bradfordnetworks.com.

About Windstream

Windstream (Nasdaq: WIN), a FORTUNE 500 and SP 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas. For more information, visit www.windstream.com.

About DecisionOne

DecisionOne Corporation is the largest independent technology support organization in North America delivering world-class managed infrastructure services, legacy equipment support and logistics management across all technologies. As a vendor-agnostic partner, our highly skilled international team enables DecisionOne to deliver outstanding support services to organizations anywhere, anytime DecisionOne uses best-in-class tools to deliver a holistic solution for each unique infrastructure, allowing our clients to predict IT costs, and reallocate and refocus their valuable IT resources toward achieving business objectives. Visit us at www.DecisionOne.com, follow us at @DecisionOne, become a fan on Facebook, visit our company page on LinkedIn, subscribe to our YouTube channel, and link to us via Google+.

Article source: http://www.darkreading.com/endpoint/bradford-networks-announces-availability/240161044

MOSCOW, Sept. 10, 2013 /PRNewswire/ — Group-IB has presented its annual research entitled “Market of high-tech crimes: status and trends of 2013”. The presentation, which has become a tradition, was held today at the press center of news agency RIA Novosti. According to the company’s estimates, cybercrimes reached $1.9 billion in volume.

“This Group-IB report, centered on empirical evidence gathered on Russian cyber crime, shows a global rise in cyber criminals using an array of methodologies to attack end user’s online banking services,” states Dan Clements, US Managing Partner. “The report also shows that these types of attacks are carried out by cyber gangs, some of which have been dismantled and some arrests have taken place.”

“The report also shows that global cyber laws are still somewhat ambiguous and that that governments vary on cyber crime punishments. These issues provide a challenge for law enforcement and the financial sectors to work more closely in a transparent cross border effort to apprehend cyber criminals.”

It should be noted that the company postponed the release of this research for six months in order to enrich it with the most current data from its database. The following experts presented the research at the event:

— Ilya Sachkov, CEO, Group-IB.

— Dmitry Volkov, Head of Information Security Incidents Investigation Division.

— Nikita Kislitsin, Head of Organizational Strategic Development, Botnet monitoring service.

These company executives presented detailed description of new threats to financial institutions and their customers. They also showed the sad consequences of fraudulent mechanisms applied to specific cases, gave an expert assessment of the market size, and revealed the results of investigations into computer incidents involving major criminal groups.

“Our company’s work relies on the unique experience and systematized knowledge and skills accumulated by our experts over the years of our activities. This report is an evidence to that, depicting the most current, in our view, picture of the criminal segment of the Internet and describing in details the new tools used by attackers. We want to use real numbers to draw attention to the cybercrime problem, which continues to grow and cause damage to various sectors of the economy of Russia and other countries,” – Ilya Sachkov, founder and CEO of Group-IB, commented in his publication.

The report and its main points can be downloaded or viewed at the official page of the research: http://report2013.group-ib.com

About Group-IB

Group-IB – one of the leading companies in fraud prevention, cybercrime and hi-tech crime investigations.

Key activities of our company: Cyber Intelligence and Threat Prevention,Information Security, Assessment and Vulnerability Research,Computer Forensics,Cybercrime and Hi-Tech crimes investigations,Innovative software products development for monitoring, detection and prevention of emerging cyberthreats.

In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).

Article source: http://www.darkreading.com/vulnerability/russias-cybercrime-market-reaches-19-bil/240161073

NEW YORK — (September 9, 2013) – Solve Media (www.SolveMedia.com) issued its latest Bot Traffic Market Advisory update today. The data revealed suspicious activity increased for both web and mobile advertising – from 43% to 46% for web advertising and from 29% to 35% for mobile advertising. For the second quarter, bot traffic patterns remained consistent in a range of 24% to 29% for web advertising and 11% to 14% for mobile advertising.

Solve Media security engineers have detected a new threat targeting the video ad marketplace, where budgets are increasing and the risk of non-human audience is growing.

A geographic analysis revealed that China, Venezuela, and Ukraine had the highest levels of suspicious activity in the display category and Singapore, Macau and Qatar had the highest levels of suspicious activity in mobile. In the US, suspicious web activity reached 43% and suspicious mobile activity reached 22%. In the UK, suspicious web activity reached 44% and suspicious mobile activity hit 32%.

Solve Media, a leader in the security and digital advertising industry, has been monitoring bot traffic for four years. The company reviews a monthly average of over 230 million human verifications across more than 6,500 global publishers. Solve Media’s anti-bot CAPTCHA security platform specifically addresses bot traffic affecting publishers, advertisers and agencies by authenticating that audiences are, in fact, human. Authenticating users as human is critical: based on current levels of bot traffic, the global digital advertising industry is on pace to waste up to $9.5 billion in 2013 advertising to bots.*

“Analysis has shown that bot traffic affecting the online advertising ecosystem has grown from 10% to at least 24% in less than a year. Protecting website publishers from automated submissions, spam, attacks, and other types of fraudulent activity must become a crucial industry priority,” said Adam J. O’Donnell, Chief Architect, Cloud Technology Group at Sourcefire and Solve Media security council member. “Through the application of big security data, effective solutions are emerging in this fight and publishers concerned with security are likely to embrace them.”

“The waste and inefficiencies associated with showing ads to bots are frightening from a return on investment perspective,” said Ari Jacoby, CEO of Solve Media. “We’re watching the video marketplace carefully and actively advising agencies on the topic of bot-safe media inventory. We encourage publishers to proactively add our free anti-bot security to their sites in order to guarantee human audiences.”

Bots crowd web, video and mobile traffic and cause advertisers to pay for impressions, views and clicks that are not being engaged with by real people. Malicious bots undermine the security of the web and cause harm, including stealing publisher content, creating spam assets and phishing.

* Based on ZenithOptimedia, 2013 Global Ad Spend Forecast

Article source: http://www.darkreading.com/vulnerability/global-bot-traffic-on-pace-to-waste-up-t/240161077

Tags: Apple, chet chat, coretext, Exploit, Facebook, Google, Microsoft, phishing, sophos security chet chat, sscc, sudo, vulnerability, WordPress

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/pydEStL3cRM/

Free ESG report : Seamless data management with Avere FXT

A Canadian security firm that developed a device which uses the rhythm of a person’s heartbeat as a biometric identifier has said that the technology offers a secure alternative to conventional biometrics.

The Nymi wristband bracelet, manufactured by Bionym and due to become available next year, bundles a sensor that monitors a person’s heart rhythm. The technology detects when the bracelet is in close proximity to a paired device such as a computer or tablet before unlocking the device.

As previously reported, the technology is touted as an alternative to passwords, PINs, keys and cards. The bracelet communicates with connected devices using Bluetooth short-range radio technology.

Bionym reckons the technology can be adopted to do anything from opening a car boot to making a payment in a coffee shop, as well as offering an additional form of authentication, particularly when used in conjunction with mobile technology. Developers reckon the heartbeat tech is just as reliable as conventional biometrics such as fingerprint scanners and facial recognition technology.

The Nymi is due to debut in early 2014 at a cost of around $79 apiece. The band can be combined with a person’s heart rhythm and a dedicated app, available for iOS, Android, Windows, and Mac OSX, to offer “three factor” authentication. A built-in accelerometer and gyroscope will allow for gesture controls with the Bionym, as explained in the promotional video above.

The technology apparently copes with changes in heart rate that are associated with exercise, excitement or stress but El Reg‘s security desk would still like to see more testing in this area.

Commentary on the security implications of a heartbeat-based biometric, as well as the future of other alternatives to passwords including gesture-based biometrics and swallow-able dongles, can be found in a blog post on the Sophos Naked Security blogpost by John Hawes.

“Just how resilient the authentication will be to stress, fitness, ageing and so on may well be a major factor in the success of the idea,” Hawes writes.

“There are also security concerns of course. The connection to the authenticating devices will have to be very secure, and the bracelet will have to ensure it remains connected to a live wrist; as with biostamps, if it can simply be slid (or hacked) off and still work, it’ll be no good.”

“Also like biostamps, there’s a potential issue with proximity; if it’s simply broadcasting a ‘yes’ to any request for ID, it would seem trivial to sneak up behind someone and steal their login,” he added.

Bionym’s chief executive, Karl Martin, told El Reg that the technology is secure by design, and withstands capture and replay attacks.

“We have a hardware-based secure element that signs the outgoing data as part of a challenge-response handshake protocol,” he explained. This makes it robust against replay attacks. We also have persistent sensing that ensures that as soon as the wristband is removed from the body, it will be deactivated.”

Martin added that initial applications would include device unlocking: “The most immediate applications are those that are already Bluetooth enabled: device unlock for smartphones, tablets, and computers, and identity authentication for applications on those platforms. However, more devices and systems are becoming ‘hackable’, including vehicles, making integration very feasible.

Integrating payment facilities remains a work in progress for Bionym, however.

“The main radio is Bluetooth 4.0. We may have NFC, but have not committed to it,” Martin explained. “There are no worldwide standards for payments, but we’re working on the partnerships to enable payments with the Nymi.” ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/10/heartbeat_biometric/

Supercharge your infrastructure

It’s more likely that the NSA has devoted its efforts to key capture and side-channel attacks rather than brute-forcing its way through ciphertext en masse – but it’s also true that our crypto maths won’t last forever.

Which draws attention to projects like this one (PDF), which is looking at protection of multi-party computation (MPC) activities.

According to Phys.org: “The idea behind Multi-Party Computation is that it should enable two or more people to compute any function of their choosing on their secret inputs, without revealing their inputs to either party. One example is an election; voters want their vote to be counted but they do not want their vote made public.”

As The Register understands the system, this might also be useful in cloud-based collaboration, since it would protect Average Joe’s data against the rest of the world, including Average Joe’s boss, if it so happened that her machine were compromised.

The aim of the work by a UK-Danish collaboration is to strap the supercharger onto a protocol called SPDZ – pronounced Speedz – to give it real-world performance.

In SPDZ, two machines working on a multi-party computation problem can do so without revealing their data to each other. They describe SPDZ as: “secure against active static adversaries in the standard model, is actively secure, and tolerates corruption of n-1 of the n parties. The SPDZ protocol follows the preprocessing model: in an offline phase some shared randomness is generated, but neither the function to be computed nor the inputs need be known; in an online phase the actual secure computation is performed.”

Let’s unpick this a little. The claims of security aren’t remarkable, and the protocol is designed so that your data will remain secure even if everybody else is compromised (“n-1 of the n parties”).

The protocol relies on a message authentication code (MAC, just to make sure there’s a confusion with Media Access Control) – and this made it computationally demanding. The MAC is partly shared between the parties, and parties had to reveal their shares of the code to communicate.

The problem with this is that revealing the code meant for every communication it had to be renegotiated – hence its slow performance. Other issues were that key generation was also demanding, covert security was considered weak, and the proposed new system is more secure “in the offline phase”.

The system as a whole is described on Slashdot this way:

“MPC is similar in concept to the “zero knowledge proof” – a set of rules that would allow parties on one end of a transaction to verify that they know a piece of information such as a password by offering a different piece of information that could be known only to the other party. The technique could allow secure password-enabled login without requiring users to type in a password or send it across the Internet. Like many other attempts at MPC, however, SPDZ was too slow and cumbersome to be practical.”

If the paper – which will be presented at this week’s ESORICS 2013 conference – holds up, it’ll eventually add a new string to the bow of those that want to protect information, rather than snoop on it. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/10/boffins_propose_more_spookproof_crypto/

Free ESG report : Seamless data management with Avere FXT

Earlier this year, The Register revealed how a massive security breach accidentally allowed access to thousands of images of people suspected of petty crimes. Now the private company behind that CCTV and image database is claiming its technology has led to the arrest of 100 suspects.

London’s Metropolitan Police has spent the past 12 months working with Facewatch, a website where business owners can communicate with each other and the police to share information about potential suspects.

The website streamlines the process of handing CCTV footage, snapshots, incident forms and other evidence to cops. The system’s makers say the force had already made 100 arrests using Facewatch and expects many more as businesses around the capital begin to use it. They had no numbers on the number of convictions that arose from those arrests.

Some 7,500 businesses and a further eight police forces across the UK are also using Facewatch, which the company hopes will become a key part of the British police’s armoury of crime-fighting tools. About 800 museums are also using the system, including London’s VA and the Ashmolean in Oxford, according to the firm.

El Reg was invited to have a look at the latest build of Facewatch at the firm’s headquarters near Embankment station in London.

Facewatch allows businesses to quickly upload footage or snapshots of suspicious individuals to the website. Customers can also use a neat process similar to Apple’s screenshot command to zoom in and cut out a frame of footage on screen and then upload it.

This removes two of the current snags which prevent police making the best use of any CCTV footage: the need to physically collect footage from a business and needing the correct codecs to actually view the footage once bobbies have brought it back into the station.

Each piece of “intelligence” – the term Facewatch uses for its uploads – is tagged and indexed. This allows it to be shared with local businesses, allowing them to quickly identify potential criminals and collate evidence which could lead to a conviction. When a crime is reported, the business is emailed at each stage of the police investigation, allowing it to keep an eye on how the case is proceeding.

According to Facewatch, this results in a detection rate of about 15 per cent, higher than the 5 per cent rate of most crimes. It only focuses on low-level crime, such as theft or antisocial behaviour, and is not designed to tackle serious crimes such as murder, rape or drug offences.

Simon Gordon, the system’s founder, said he was inspired to begin developing the system after becoming frustrated at the number of bag thefts at Gordon’s Wine Bar, which he also owns. The famous London wine bar is a fitting place to run a surveillance system, says Gordon, as it was once known as a meeting place for spies from either side of the Russian curtain.

Gordon said: “The old system of using CCTV footage in criminal investigations was so inefficient. We allow businesses to give intelligence directly to police, but also then get updates on how the investigation is proceeding.

“We want to help the victim of crime by speeding up the investigation. Police don’t have to waste time taking reports in person and are freed up to actually catch the criminal.”

Facewatch is currently working on facial recognition software, which will soon be tested in a shopping centre in Hampshire.

Detective Chief Inspector Mick Neville, head of the Met’s central forensics image team at New Scotland Yard, said: “Facewatch image submissions to the Metropolitan Police are on the increase and this has led to more prolific thieves being brought to justice. Just this week I have seen five persistent offenders identified thanks to Facewatch.

This is helping to make London safer for businesses and their customers. The more images and footage we get from businesses, the more success we will have in catching criminals caught on camera.”

Facewatch is preparing to launch a new app which will allow victims of crime to report the incident themselves. It already offers a “rogues’ gallery” app, allowing the public to identify and name suspects.

Previous figures show that CCTV has so far been a spectacularly inefficient way to catch criminals, with one crime in London solved per 1,000 surveillance cameras.

A Metropolitan Police spokeswoman added: “The Metropolitan Police is duty bound to investigate all crime reported by this or any other means. In the fast-moving digital age, it is important the MPS remains open-minded and receptive to innovations in the field of crime prevention. The MPS has worked with Facewatch amongst others to develop innovative ways for the public to engage with us in helping to reduce crime.” ®

Bootnote

The Met was not able to give the Register any details of convictions secured thanks to Facewatch information. The population of London is approximately 7 million people.

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/10/100_crims/

Privacy when using potentially data-leaking mobile phone apps is concern Numero Uno for 22% of smartphone users, according to a new study.

Privacy, it seems, trumps screen size, camera resolution, or whether a given handset weighs enough to bend your wrist in half.

The report – the TRUSTe 2013 Consumer Data Privacy Study, Mobile Edition – surveyed 700 US smartphone users from 12-19 June, 2013.

Privacy concern weighs in second only to battery life, which ranks as the primary concern for 46% of users.

Smaller slices of the surveyed are primarily concerned with brand or screen size, each of which is the primary concern for 9%.

Nearly 8 out of 10 smartphone users in the US steer clear of downloading apps they don’t trust.

Let us now spend some time nagging the 20% who don’t.

Dear Twenty-Percenter: If you’re not quite sure what a dodgy mobile app looks like, Sophos’ Paul Ducklin draws a pretty picture of one subset here, that being Android scareware. Scareware, also known as fake anti-virus, tricks you into paying money by pretending to find threats such as viruses and Trojans on your computer – or, in this particular case, your Android smartphone.

The study also found that the majority of those surveyed dislike the notion of being tracked, though nearly a third of smartphone users aren’t even aware of when it’s happening.

Security experts who’ve been warning about the risks to privacy from smartphones can take heart in the study’s finding that a sizable number of users – 48% – are now as worried about privacy on their smartphones as they are about privacy on their desktops.

Meanwhile, 63% worry “frequently or always” about privacy when banking online. (Hmmm…. OK…. but, given that we’re talking about our bank accounts, shouldn’t 100% of people worry – or at least consider the risks – all the time?)

Another 43% of smartphone users are choosing not to sell privacy down the river in exchange for a free or lower-cost app.

Interestingly enough, the number of smartphone users willing to share at least some information is creeping up.

More people are also willing to share age, full name and their web-surfing behavior.

On the other hand, people are increasingly cagey about their contacts and photos – more so than their home address, phone number or current location.

That might have something to do with revelations such as those from February 2012, when social media iPhone apps Path and Hipster were found to be uploading user address book information without permission.

The TRUSTe study also found that US smartphone users are actively managing their mobile privacy, with 76% saying that they themselves are ultimately most responsible for managing their privacy.

On top of that, 40% say they check for an app’s privacy policy, 35% say they actually read such privacy policies, and a growing number – 29% – check for a trustmark or seal.

It’s certainly a good idea for us all to take privacy into our own hands, because experience shows that our internet overlords often take a casual approach to letting us know how they handle our oh-so-tasty, revenue-generating data.

An example: at least as recently as the Path and Hipster revelations, Apple’s iOS permission system wasn’t providing notification of what information an app might have been sending to its keepers, aside from location information.

Here’s hoping that the numbers for people who check for an app’s privacy policy and then the smaller number who actually read it continue to grow.

(Want to see what apps are eating into your Android’s privacy? Check out the totally free, 4.5-star rated Sophos Mobile Security app!)

Follow @LisaVaas

Follow @NakedSecurity

Image of people with smartphones and smartphone privacy courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/mzOvjCOXdJs/

Free ESG report : Seamless data management with Avere FXT

Security researchers believe they have identified the botnet responsible for a recent spike in traffic on the anonymizing Tor network, but the exact purpose of the malware remains unclear.

On Friday, security firm Fox-IT called out the culprit as a variant of a botnet sometimes known as “Mevade.A”, which has been making the rounds under various names since at least 2009.

According to security analysts at Trend Micro, PCs in the US and Japan are most often infected by Mevade, although it is believed to have originated from a Russian-speaking region. It has occasionally been distributed via a malicious program disguised as the Adobe Flash installer.

Once it takes hold on a PC, Mevade downloads various modules, such as adware and browser toolbars, depending on what the botnet’s operators want to achieve. According to Fox-IT, infected systems have recently begun downloading components containing Tor functionality, which Mevade then uses to route command and control information through the anonymizing network (rather than using HTTP and other methods, as it had previously).

“The botnet appears to be massive in size as well as very widespread,” Fox-IT researchers observed. “Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor user increase.”

Fox-IT says it has also confirmed that the version of Tor currently being used by Mevade is version 0.2.3.25. That jibes with findings by the Tor Project’s Roger Dingledine, who observed last week that the influx of new Tor clients weren’t using the improved Tor handshaking protocol that debuted with version 0.2.4.

Because of the malware’s evasive nature, however, just what the Mevade botnet’s operators hope to achieve is not altogether clear, although direct or indirect financial gain is a likely goal.

“It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints,” Fox-IT researchers wrote.

Trend Micro, however, went as far as to name specific actors as being behind the botnet, saying they are “part of a well organized and well financed cybercrime gang” operating out of Israel and the Ukraine.

“We strongly associate these actors with installations of adware and hijacking search results,” Trend Micro senior threat researcher Feike Hacquebord wrote. “Therefore, we suspect that one of the ways the Mevade botnet is monetized is by installing adware and toolbars onto affected systems.”

Hacquebord added that unwanted ads aren’t Mevade’s only danger, either. The software contains a backdoor that can allow attackers to access infected computers, and it can communicate with remote hosts over encrypted links, which creates all sorts of opportunities for data theft.

Fortunately, because Mevade is not a new malware threat, it can be detected and dealt with by most up-to-date antivirus software. How long it will take to clear its traffic off of the Tor network, however, remains to be seen. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/09/malware_culprit_fingered_in_mysterious_tor_traffic_spike/