Thieves, crooks, robbers, and manipulators all have one thing in common – their prime mode of operation to take away what belongs to others. As we advanced in technology, most of our information is stored online where we believe it is safe. This includes sensitive financial information, personal emails, and other web accounts that are of importance. Sometimes all that separates them from your information is a user ID and a password.

Thieves no longer need to physically hold up innocent bystanders to take their money. Savvy hackers can take entire bank accounts along with personal information, and identities from across the world. This new breed of cyber criminals are better known as hackers. They use sophisticated strategies such as phishing, pretexting, baiting, social networking and social engineering.

They utilize fake pop-ups or websites masquerading as authentic ones and the bait is usually some catchy phrase or offer to catch the victim’s attention who out of curiosity may click on it. This fake website will usually ask for a user’s ID and password. Once the information is submitted, the bait is swallowed and the information can be used by hackers to access private information from email applications such as a contact list and even make money transfers from bank accounts.

Hackers are very unpredictable as it’s impossible to predict where and when they will strike next. There are some staggering statistics in regards to hackers here in the United States and around the world. The following are just a few examples:

1. Recently in May of 2011 the FBI National Press Office issued a report citing malicious malware on a site featuring the death of the infamous Osama bin Laden. Users who clicked onto the link will had their computers infected, as the malicious software aimed at stealing important individual information became imbedded in the software. This was passed on to infect everyone on the users contact list.

2. At the beginning of the year 2011, the PlayStation Network was hacked causing a loss of vital information for approximately 70 million users. This placed any credit information given by customers to PlayStation Network or Qriocity (its music streaming service) at risk and possibly in the hands of the cyberspace pirates. As a result the Network had to close operations temporarily as investigations were conducted. This along with the cost of investigations will cause serious loss of revenue for Sony and fear and uncertainty for the customers.

3. The security firm Trusteer a leader in web fraud detection, issued a report that 73% of users on the web uses the same password for all their internet sign in purposes. Hackers are well aware of this and by utilizing one of their strategies, mostly phishing, can extract that ID from one of their fake pop-up sites and apply it to other online accounts to gain valuable information on that individual. This accounts for the rapid increase in identity theft and web fraud currently.

Hackers have also developed expertise in extracting information through the social media networks such as Facebook, Twitter, and any other sites people are using to connect with friends and family. Users of the internet must now be doubly vigilant and proactive in safeguarding their information on the web. The best method is to practice basic safety precautions such as making sure your computer is up-to-date with antivirus, antispyware, and antimalware protection. Never click on a pop-up site or give out your web information to people you do not know and use different ID and passwords for different sites.

This post has been from our friends at NetQin, learn more about their Mobile Security solutions below:

• Netqin on Android Tapp
• Netqin Official CNET Profile
• Netqin Official Brothersoft Profile

Mobile technology continues to grow as more consumers are trading in their ‘dumb’ phones and laptops for smart phones and tablets. Because of this, mobile applications and accessories have also gained in popularity especially in the business world where the ability to conduct business on the go is most needed.

One of the most innovative mobile accessory/application is Square. The system allows for point of sale processing from any iPhone, iPad, and Android mobile device, allowing businesses to process payment transactions without much hardware. It’s basically a credit card terminal at the literal touch of your hand via your smart phone. While this is a great solution for mobile payment, recent security breaches have raised some questions about the systems viability.
In August 2011, both Verifone (one of Square’s competitors) and researchers at Aperture Labs (not to be confused with the Cave Johnson entity) were able to exploit a security flaw within the system that could be allowed for fraudulent purchases.

Verifone, which offers its own traditional credit card terminals and mobile application for its business customers, has been after Square for its less than stellar processing system, stating that their card reader could easily be used to scan personal information from the entered card by use of a simple fake Square program. Verifone felt so strongly in this that they released a YouTube video in order to alert consumers in regards to the flaw.

Earlier in the month of August, two researchers at Aperture Labs discovered that they did not need a credit card in order to transfer money to their Square accounts. The idea is that thieves who have stolen credit card information would not need to physically scan the card in order to get the money transferred to their accounts. Instead, they figured out a way to use the magnetic strip data and convert it into a sound file. This was used to transmit a series of beeps to the card reader allowing for the data to be read and thus sent to an account.

Both of these recent security flaws point to the lack of encryption that Square’s device. CEO and founder Jack Dorsey (who is also the co-founder of popular microblog and social network Twitter) stated after the Verifone accusation that the card readers would start to use encryption. Despite this statement, encryption had not been implemented months later when Aperture Labs was able to exploit the same flaw to produce the skimming procedure.

These breaches add to the growing list of security problems for big corporations that hold customer financial and personal data. The first of Square’s issues began only one month before the infamous hacking of Sony’s PlayStation Network and the rest of their affiliates; this latest security flaw by Aperture demonstrates that anyone could easily use Square’s card reader as a means of fraud.

Adam Laurie, who discovered the skim ability along with fellow worker Zac Franken, stated that it didn’t take a lot of skill to turn the reader into a skimmer. The two only needed a US bank account, as they are based in the UK, and a few lines of code to create the skimmer. This exploit was communicated to Square in February of 2011 when the labs first discovered it, however Square didn’t think that this was an immediate threat.

Thanks to our friends at NetQin for the content contribution. Learn more about mobile security and NetQin at any of the following links:

• NetQin official PC World profile
• NetQin investor and analyst meeting update
• NetQin Android Central profile
• NetQin official Brothersoft profile

As computers become even more integral to our daily lives, and as software migrates outward from the personal computer to the cloud, application security becomes increasingly more important. One of the easiest ways to lose a customer is to lose data which was believed to be safe. If that data is lost to an attacker or thief, the problem is compounded if the missing information ends up in the hands of someone with nefarious intentions.

While application security should play a central role in any current software product design, this hasn’t always been necessary. Applications running on personal computers present very few attack vectors in most circumstances. Without a direct connection through a user’s firewall, an attacker’s potential for mischief is vastly reduced.

Furthermore, many common attacks necessitated some form of code injection. Causing an application to misbehave in a beneficial way is a complex process requiring knowledge of the specific application and version being used. While viruses and malware are certainly common, the problems these cause are often limited to a single computer unless they specifically hijack the user’s internet connection to spread.

This is all beginning to change, however. Users have come to expect a much greater degree of communication from their applications than has ever been available previously. Long gone are the days of applications tied to single computers, or which store data in a single place. Today’s applications synchronize files, communicate with central servers, and practically shout their details to anyone smart enough to pay attention.

Many applications even abandon the model of local storage entirely, or view it as unreliable and undesirable. Modern, cloud-based word processors might store documents online by default, only synchronizing them with local storage when specifically commanded to do so. As such, an attacker need not compromise the application code itself to gain access to private data. Simply attacking the storage system can be just as effective.

Application developers are coming to see the benefits of cross-platform development using the same languages and technologies. The upcoming HTML 5 specification offers greater access to hardware and other subsystems than any other web technology. Even the upcoming version of Windows is said to prefer HTML 5 for application development.

While this represents fertile ground for developers, attackers have many more vectors available to them. If most applications are developed in HTML 5, then the attacker already knows the languages needed to inject malicious code. Browser sandboxes will go a long way toward resolving this issue in future platforms, but one of the main appeals of HTML 5 is that it works well with legacy browsers. As such, application developers cannot count on the existence of a sandbox in lieu of secure development practices, as this will leave many legacy users open to a variety of security risks.

Technology is advancing to a point of greater convenience for users and more rapid development for programmers. Yet these same benefits are present for attackers as well. Future applications must take advantage of these technologies to remain relevant, but if doing so abandons security, then these applications simply will not last. Whether they are brought down due to lack of consumer confidence or litigation, the end result is a great idea rendered useless by inattention and lack of knowledge. As such, an attentive approach to security is key to application longevity and relevance.

Want to learn more about application security? Check out more about our friends at Veracode:

• Veracode in Mass High Tech
• Veracode on Mobile Apps
• Veracode on Amazon Web Server
• Gartner’s Magic Quadrant for Application Security Testing 2011

Ever since the Internet took off in mainstream culture, countless films have attempted to capture the essence of computer hacking and hacker culture, but is it all as equally romanticized as most action films? Films tend to build upon reality and movies depicting actual real-world events and sciences seldom ever convey the reality of the situation.

The scenes of pop archaeology in the Indiana Jones franchise are undeniably fun, but these scenes do not actually depict the dull science that is archaeology. The movie fails to show the hours of slowly chiseling away at dirt and erecting scaffolding and supports for certain digs. This “dumbing down” of sorts is to be expected with movies centered on hackers and computer security.

Perhaps the most well-known movie about hackers and their culture is “Hackers”. This film was a stylish interpretation of Hacker culture, and it was first released in 1995. Complete with ridiculous outfits and jumbled computer jargon, the movie tried to piece together a coherent plot. Unfortunately, this campy film has not stood the test of time. The film now seems extremely outdated and even a bit campy.

How accurate is “Hackers”? One of the major plot elements in the movie that makes no logical sense is the fact that any given mechanism, such as sprinkler systems, could be remotely enabled or disabled with primitive computer technology. Even fifteen years after the release of this movie, most components of buildings are still controlled manually and not by computers. The hackers in the film can even use their hacking skills to capsize an entire oil tanker, which isn’t very realistic.

Perhaps the film will be more relevant in a future context when every working part of a facility is controlled by a network of computers, but for now, we remain reliant on manual interfaces.

Why haven’t we computerized every aspect of our lives yet? From a practical standpoint, think of the logistics behind finding a globally-recognized operating system or framework to control fire sprinklers, door locks, and so on. How many individual operating system editions would need to exist to help computers interact with a variety of appliances? The question is mind boggling.

There are also major security concerns behind the computerization of all appliances. Imagine that somehow a hacker was able to hijack the mainframe of a home. They could literally do anything they wanted to create chaos. For power plants and government facilities, computerization can also be a major security risk. The United States hacked into one of Iran’s research facilities, dealing massive damage to the computer network and disabling the plant from normal operation for several months.

While most of the movie “Hackers” is really heavy fiction interspersed with moments of popular science, the computerization of all mechanisms is inevitable. Perhaps hackers won’t be able to hijack oil tankers out at sea or cause a global war, but computer security specialists will always have a job to do. As new forms of software are invented, new minds will have to search for solutions to insulate corporations, individuals, and governments against crafty hackers and system intruders.

Looking to learn more about mobile application security? Find out more about our friends at NetQin mobile:

• Official NetQin for BlackBerry App
• Official NetQin Yahoo! Finance Profile
• Official NetQin Twitter Profile
• Official NetQin Facebook Profile

Ever since the invention of the personal and/or business computer, security has been an issue when it comes to protecting the information processed. Security measures put in place must take into consideration all methods designed to steal and compromise the integrity of the information systems. These methods vary as time goes by and can be anything from system intrusion to outright theft of the hardware containing the information.

A programmer or a developer needs to be mindful that security can be compromised from a variety of directions. Sometimes the attack can be through the network, silent and hard to detect, and other times there may be an attempt to steal the software itself. One of the most common attacks to a web server is called a “denial of service.” This type of attack sends so many requests to the server at one time. This overloads the server causing it to overload and freeze. This attack is easy to defend against. There are scripts that watch for vast numbers of requests and either denies them or throttles them to a level which the server can handle and then makes a log of the incident.

Any developer using a pre-made script from a common source will sometimes find that attackers have spent the time to look for vulnerabilities ahead of time. If an attacker knows that a script is going to be comely used, then all they have to do is plan their attack for the one script allowing them access to any site using that script. The best way to defend against such an attack is to keep the scripts updated and watch the internet for postings about vulnerabilities for the script they are using. Most of the time, issues will be addressed quickly and solutions will be posted on forums.

When developing software with trial capabilities, it is important to be aware of how easy it can be to circumvent your trial protection. A lot of software trial protection is being done through a separate process these days. This means that the time of tracking the process doubles and becomes more difficult. Bear in mind that no protection is fool proof and that the more security attention your software gets, the lower the chance people are using your software for free. If there are people interested enough in your game of application to try to steal it, then you have done well in your development.

In the end, there is a balance that must be achieved between the resources spent preventing theft versus the actual cost of theft. Some people in the industry will tell you that it’s part of the cost of doing business. A brick and mortar store can conceivably spent three thousand dollars on security to prevent one thousand dollars’ worth of theft. This obviously doesn’t make business. A better solution would be to spend five hundred dollars and to let some of the theft go as part of doing business as long as it’s not more costly than investing in added security measures. On the internet the most important information to protect is your client’s. No one wants to do business with a web merchant and then find that someone has stolen all of their personal information. Protect your clients first and foremost.

This post was written by the folks at NetQin, you can get help in securing your mobile device? Learn more about NetQin’s mobile security products:

• NetQin Yahoo! Profile
• NetQin Google Profile
• NetQin Mobile
• NetQin for Android
• NetQin for Nokia
• NetQin for Blackberry