Mobile Anti-Virus Firms Prey on Fear, Uncertainty, and Doubt (FUD)

Security software companies more and more prey on people’s fear to help sell more products. This shady marketing practice is commonly known as FUD which stands for Fear, Uncertainty, and Doubt. They tend to over-inflate threats to scare people into buying their product, usually through their studies showing startling statistics. These reports are fed to reporters, many whom post the information without any further investigation, helping to feed the frenzy. Many security software firms rely on the fact that many reporters are technically illiterate when it comes to security and count on them not digging into their research methods, or even asking a neutral third party and let them draw their conclusions. The one possible exceptions are VPN companies whose products actually are useful and can help keep you safe online.

“There are three kinds of lies: lies, damned lies, and statistics.” – Mark Twain

VPNs aside, one good example of such scare tactics revolves around mobile anti-virus products. I have written about the mobile anti-virus myth before regarding how these apps do very little to protect you, and in fact, in many cases, they decrease the performance and battery life of your phone. These applications do primary signature-based detection of applications but are not able to do heuristic detection, which means they cannot protect you from zero-day attacks, by the time the malicious app is detected it is pulled from the app stores. In actual cases where malware has been identified it is too late for those who have already installed the malicious application.

Google engineer Chris DiBona stated in a post:

“Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself… If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.”

Many of the actual malware cases we have seen have been applications that are installed outside the app store that affected only a handful of people, but this did not stop many of the folks who make mobile anti-virus products from telling everyone the sky is falling. Other cases have not been malware at all, but merely an application accessing data that it shouldn’t, this is hardly malware, if it were then companies such as Path, Twitter, Hipster and a handful of others would fall under this classification for accessing and uploading users’ contacts without consent.

Symantec Malware Scare

One such scare campaign backfired. When Symantec recently announced that they discovered a malware application they called Android.Counterclank in 13 apps which they claimed was a “a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device” infecting between 1-5 million devices. Are you scared yet? Well fear not, when third parties investigated the “malware” they discovered that it was merely a poorly designed slightly intrusive ad platform. Symantec then back peddled with an update on their blog where they even list the actual data the platform collects, which is no worse than any other analytics or adware platform. Symantec submitted the information to Google; Google responded saying that the applications met their terms of service. However Symantec achieved their goal, more reporters wrote about the original malware story than covered the recant and probably a lot of people downloaded and purchased their mobile anti-virus app as a result.

Anti Malware Useless

Security firm AV-Test conducted a test where they analyzed free Android virus scanners, keep in mind that these tools are using signature-based detection only, the malware used in the test does not exist in any app stores. They found that even those apps that have been identified as malware the detection rate was between 0 and 32%:

It is great that they did detect some of the malware. However, the likelihood of getting these applications are close to zero considering they do not exist in the Android Marketplace and have to be installed. Commerical Anti-Virus applications from F-Secure and Kaspersky identified the 10 sample files as malware, but again this is based on signature detection of known malware applications that do not exist in the Marketplace. The mobile apps need to be kept up to data consistently to ensure that any new malware discovered is added to their database, this requires the vendor to keep their data up to date and will do little to detect any new malware not in their database until it is too late.

Caution Over Fear

So is there no risk when it comes to mobile malware? No, there still exists dangers, but most of them can be avoided by being careful what you download and checking the permissions of the applications that you are installing. If a simple game requests permissions to access your contacts, browsing history, IP address (which can be used for tracking) and calls the odds are that it does not need such permissions and it should not be installed. You can also always use a VPN as a secondary line of defenese. We are living in a world where even brands we trust with our data abuse that trust by invading our privacy and mining data for profit and market share.

There is a possibility that in the future a real mobile worm or virus could wreak havoc on a particular platform or even on a specific subset of IPs. However, this is highly unlikely given the restricted sandbox apps run in on most platforms. If there were such a security hole, it would only be fixed by a firmware update from the manufacturer or carrier, not a third party app.

What to Do About Online Privacy Issues in the UK

Online privacy issues in the UK can be quite a problem. These days, the government spies on everyone pretty freely. Everyone wants to be able to stay safe online, but not everyone agrees on the best way to do so. And there are a lot of factors to think about too. Here are just some parts of online privacy that are worth addressing.

Purchase History

Some websites can take your purchase history and make ads out of it. If you have ever been shopping for something online, you might notice ads for that product showing up in different places you visit. This isn’t just a coincidence. You have to ask yourself if you want others knowing what you have been buying and making ads for you based on that information.

Browsing History

Just like your purchase history, companies can see your browsing history too. Many British businesses take advantage of this. Sometimes only talking about a website will bring up ads for it. Beyond e-commerce websites, there may be other ones you visit that you want to keep private. You certainly don’t want everyone to be able to see what you are looking at when you are online, let alone use to make money off you.

Personal Information

Personal information is just that, personal and you should keep most of it offline. This can be something as simple as where your kids go to school or even where you work. While sharing some details should be okay you never know who is paying attention. The British government has, for example, been known to take a peek from time to time. Make sure you are aware of who knows your details and use precaution when posting about your life on social media.

Physical Location

Your physical location should be a secret, but it doesn’t always stay that way. From your city showing up on your social media accounts to your actual address showing up in different places, having this information out there is disconcerting. It’s enough someone knows you live in the United Kingdom. They don’t need to know which city too.

You can turn this feature off in some places and doing so is recommended. You should also be aware of who you are telling your location and address. If you want to meet up with someone you have never met before, don’t do it at your own home but in a public place, like downtown London. Be smart with who you let know where you live.

Something else you can consider to protect your physical location is a virtual private network. When you connect your phone or computer to a VPN, it hides your IP address (which can easily be used to track you) and shows you as located at the server’s location. Some services work better than others, especially in the United Kingdom, so when you pick one, be sure it made this list of the best VPNs. A top provider will keep you well protected and keep the UK government off your back.

Email Address

Your email address is a part of you, and you should be concerned about who gets it. Setting up a fresh and entirely separate one to give out to stores is a good idea. That way you can keep your primary account safe. If you give out your email, people could misuse it, sell it or send spam your way. An email address is now a vital part of life and keeping it as safe as you can is very important.

Photos

It is always a lot of fun to share photos, especially with friends and family. Make sure to be aware of what you are sharing in a public online area. You don’t want to be sharing photos that could be giving away your personal information. Before you post a picture on social media, make sure that there is nothing that will identify anything important, like the location at which it was taken. This is information is called EXIF data.

If you have kids, make sure you are careful about what photos you post of them. Not everything needs to be seen by everyone. Share photos privately if you are unsure if they should be seen by the public.

Online safety is important, and there are things you can do to help protect yourself both in the United Kingdom or wherever else you may be located. Make sure to read up on how you can stay safe and vigilant. You want to keep your information as private as you can.

How Does a VPN Keep Your Data Transfers Safe

Do you transfer data either for work or personal purposes? If you haven’t experienced any problems yet, then consider yourself lucky. There’s no question that the Internet has made our lives easier in many ways, but this digital jungle is also home to hackers who readily attack the ill-equipped.

You may have heard stories of people having their sensitive information stolen just by surfing the web, leading to serious problems, not the least of which is identity fraud. Thankfully, using a VPN can keep your data transfers safe.

If you’re tech-savvy, then you may already be familiar with virtual private networks. In a nutshell, a VPN creates a secure and encrypted connection between your computer and a private server. When transferring data, hackers may see the data coming from your computer. But when using a VPN, the data looks as if it is coming from the VPN server. This means that hackers will not be able to see or modify the traffic.

VPNs are immensely popular among torrent users. This shouldn’t come as a surprise, as it’s easy for providers to convince torrent users that they may be the target of fraudulent attacks without securing their connections. However, the benefits of using a VPN goes well beyond allowing you to download torrents safely.

Equipped with the right VPN, you can avoid government surveillance or censorship. This is huge for anyone living or spending time in the UK. Using a VPN will also allow you to visit websites which are banned by the British government.

It’s worth noting, however, that VPNs do not grant total anonymity online. You may have seen VPN providers claiming to use a “no-log” approach, which means they do not keep track of their users. This has been proven to be unrealistic; a claim intended to lure in more paying customers. Instead of focusing on anonymity, be sure that you choose a provider that’s concerned with your privacy.

Transferring data might be something you do every day and have hence started to take it for granted. But you don’t want to wake up one day and find out your private information stolen. Even your ISP may be stealing data from you without realizing it. A VPN will protect your data so start using one every time you do anything online.

Top Benefits of Using a VPN in the UK

VPN technology has become very popular lately in the United Kingdom. It provides security when using any network, especially when sending encrypted data. If you’re interested in using a virtual private network, here are some of the benefits you can look forward to.

Utmost Security

If you’re connecting to any network through a VPN, you can rest assured you’re getting excellent security. That’s a VPN encrypts your data, thus preventing attacks from malicious third parties.

Remote Access

One of the best advantages of using a VPN is that you can always access information remotely. Whether you’re away from the office or on a business trip, you can get access to data wherever you are. It’s a great way to guarantee a company’s productivity.

Sharing Files and Data

Do you need to share data and files without using flash disks or email? A VPN always comes in handy especially if you’re planning on sharing many large files.

Anonymity

Are you looking for ways to browse the internet without someone keeping tabs on you? This is indeed something with which anyone living in the UK should be concerned. A VPN is the best solution since, unlike using web proxies or any software for hiding IP addresses, the VPN will allow access to websites and applications anonymously.

Bypassing Filters and Unblocking Websites

VPNs have become popular in countries with internet censorship. Because of how they work, they allow access to any blocked sites and can bypass almost all filters. By the way, whether you realize it or not, the UK very much is a country in which internet censorship is alive and well.

Changing IP Address

Do you ever need to change the location of your IP address? There are some other change IP software applications you can find online, but they are not nearly as effective as are VPNs.

Improving Performance

If you’re tired of slow bandwidth or inefficient networks, a VPN can make that pain go away. Wherever you are, you can always boost performance and productivity with faster access and sharing of data.

Using a virtual private network is always a good idea, regardless of whether you’re at home, at work, or traveling abroad. Among the many other benefits, VPNs are great for privacy. Find the right provider, one that works well in the UK, and start making use of this excellent technology.

How Your IP Address Can Be Used to Track You

IP (Internet Protocol) is a framework that governs activity by enabling 2-way communication on the internet. It does this by assigning unique protocol addresses to every device connected to the web. Hence, your IP is a unique numerical identifier that identifies you on the world-wide-web.

The functions related to IP addresses are to identify and locate your devices online and make sure that they can communicate with the websites or services you would like to access. Your IP address has two parts:

  • A network ID
  • The host ID of your device

IP addresses allow devices all over the world to communicate with each other and also let internet service providers differentiate your unique hardware from billions of others on the web. Internet Service Providers (ISPs) can track your online activities through your IP address and trace them back to your exact position. As a result, your approximate physical location is detectable by any website or person who has access to your IP address.

While your IP allows internet traffic to route to your devices, it does not disclose your location. Someone who has your IP address could learn some information about your browsing and may locate the city you are in, but they cannot locate your home or office address.

However, your ISP will know where you are at any time, and although they use means to protect your privacy, they do keep a log of our connections on the internet. If you are suspected of engaging in illegal activities, in most countries, a law enforcement agency can submit a court order to request your ISP to reveal your whereabouts. In the UK, however, a warrant is not even required. Ever heard of the Investigatory Powers Act 2016? It’s scary stuff.

Most people are unaware that they are being watched while browsing on the internet, or interacting on social media. All your online activity is monitored by your ISP, and some internet providers may even monitor data without consent for their advertising purposes. Government agencies have access to IP addresses and may use recorded information for legal or other purposes.

You can change your IP address to keep your details anonymous and private, and a hidden IP address can prevent your location from being determined or your activity from being traced back to you. Location data collected over time can tell a detailed story about you that ranges from information related to what you do on the internet to what you like and just about anything else in your life. For exact details on how to hide your IP address, visit fastestvpnguide.com/how-to-hide-my-ip-address-when-downloading.

Add to this are tweets, photos, shares, telephone numbers and addresses and your life story can become very detailed. Location information will reveal not only where you live and work, but the churches, bars, clinics, friends and lovers your visit, which political party you belong to and any even protests you have participated in. Bottom line, if you can hide that IP of yours, do it.

Sony PSN Data Breach – Plain Text vs. Hashed Passwords Explained

There has been a rash of data breaches where passwords are compromised that were stored as plain text and not converted to a one-way hash as they should be. However, most consumers and even many developers, particularly in startups, don’t know about the best practice of hashing passwords, what it means and how it can help protect users.

The Sony PlayStation Network hack and data breach are one of the most prominent examples to date, putting over 70 million customers at risk. But sadly, they are not alone. DSL Reports, Gawker and Trapster, have also learned this lesson the hard way and in the process, lost the trust of their customers.

Attackers who gain access to databases where passwords are stored in plain text it especially problematic. Recent studies show the majority of us use the same password across multiple sites. Worse yet, according to SecurityWeek, about 75% of social network usernames and passwords are identical to the ones used for email accounts.

What Is A “Hash”?

A hash is like a digital fingerprint of a chunk of data. It is a way of passing data through a one-way algorithm that returns a digital signature in place of the original data. A critical property of that signature is that it is unique but cannot be turned back into the original data. Another way to think about this is in terms of sausages. A sausage can be identified as pork, but it cannot be turned back into a pig.

The unique and irreversible nature of this process makes hashes ideal for storing your passwords. Although an attacker may compromise a database and reveal your list of password hashes, they can’t determine from the hashes alone what the actual password is and will not be able to try and log into other accounts with that password.

For example, if I use a popular hashing algorithm called SHA-1 (Secure Hash Algorithm) and run the word “sausage” through it I get a value of:

“0bd7ea460f5fb0fa2d368f737c3ce63e19fdec50“

If I run “sausage” through the same algorithm I get the same result every time, but if I change the word slightly and run “snausage” the signature is completely different:

“c419e1d2f0f173b170d85b520db7acb2bb777604“

You may see that there is an issue here. Assume, for example, the password the user sets is “password123” which generates a signature of:

“cbfdac6008f9cab4083784cbd1874f76618d2a97“

If a hacker runs this through a simple batch process of common password hashes, the hacker will be able to see that the user is using the password of “password123”. So we will need to take things a step further. We are going to add what is called a salt.

A salt is an additional value that helps randomize the unique key with a secret key that only we know. In our sausage analogy think of the salt as a proprietary secret blend of spices that we sprinkle in our sausage to make it uniquely ours. For this example I will hash the word “sausage” with a salt of “mysecretsalt” using the SHA-1 algorithm which gives me :

“1cf4c502ddd89b918c4bfefea76dadd590693b48“

This process will give me a result unique to my application that will be different from the generic “unsalted” one, so the hacker will not be able to guess what the value is based on known unsalted signatures.

One important thing to think about with security, a mentor told me a while back, is that it is never “if your system is compromised.” The attitude instead should be “when the system is compromised” and then think about how you can mitigate the risk when the data breach occurs. By hashing the passwords used to login you help protect your customers from the inconvenience of having to change all of their passwords or worse, risk having their email compromised.