rise-walking-biking-graphic

Phone Oximeter

 

Romance! Suspense! Freddie Mercury singing! It’s everything you’d want marketing a medical device, right?

Perhaps not for every medical device, but researchers at the University of British Columbia‘s Electrical & Computer Engineering in Medicine have put out this campy YouTube video to demonstrate a very real device that integrates an FDA approved pulse oximeter with your smartphone.

 

Work issued mobile devices emerging as key security 2 risk

Mobile devices are emerging as a key security risk, especially for companies. As a result, the vast majority — 95% — of companies have mobile security policies in place.

But two-thirds of employees aren’t aware of their employers’ mobile security policies, according to a new study by the online security provider McAfee and Carnegie Mellon University.

Furthermore, most of the 1,500 companies surveyed report that their employees don’t understand how the permissions and other access settings on their mobile devices work.

These security issues are complicated by the report’s finding that 63% of work-related mobile devices are also used by employees for personal activities. In fact, where companies do not provide mobile devices, many employees tend to use their personal smartphones and other mobile devices to handle work-related tasks.

This report also examined mobile security for laptops and netbooks, not just mobile phones and tablets.

Theft and malware

Both consumers and companies report being most concerned about security risks posed by lost and stolen mobile devices. Here, the greatest risk is access to sensitive data — from contacts and phone logs to e-mail, documents, text messages, and more.

According to the report, 40% of companies surveyed have experienced the loss or theft of their mobile devices — and half of these devices contained “business critical data.” Over one-third of these device losses had a “financial impact” on the organization. The types of sensitive data lost include customer data, corporate intellectual property, financial data, and employment data.

In response to lost/stolen mobile device incidents, two-thirds of companies increased their device security afterwards. But 10% “did not implement further security after device losses because of a lack of budget.”

Companies are also concerned that mobile devices might introduce malware onto their networks, or that employees might use mobile devices to share sensitive data in unauthorized ways.

User behavior is a key risk factor. According to the report, “Fewer than half of device users back up their mobile data more frequently than on a weekly basis. Around half of device users keep passwords, pin codes or credit card details on their mobile devices. One in three keeps sensitive work-related information on their mobile devices.”

Several vendors sell online security services, such as BullGuard, SMobile, Lookout, Norton, and others. (McAfee offers mobile security for enterprises, which is worth noting, since McAfee co-produced this study.) The study found that at most companies, administrators are unwilling to pay for mobile security products or services.

How can consumers protect themselves?

When it comes to being safe with your mobile device, the most important issue is how you configure and use it. The other important thing is choosing a good security tool. If you regularly download apps or media files, or access shared Wi-Fi networks via your phone, it’s a good idea to purchase a mobile security package.

Many mobile security packages are available for $20-$30 up front, plus about the same amount per year. TopTenReviews.com recently published a comparison chart of 10 leading mobile security services for consumers.

In the article accompanying the chart, TopTenReviews explains the mobile security risks for consumers:

“Mobile malware can cause a number of serious problems. A mobile virus can drain your phone’s battery extremely fast, delete your personal and important business information and even render certain features completely nonfunctional. Not only can a virus disable a function on your phone — snoopware may also take control of it, turning your mobile device into a walking tape recorder. It can even turn your camera on, take pictures and display them online.

“But the nuisance of mobile viruses doesn’t stop there. A virus on your smartphone may send infected files to your contacts or transfer them to your computer when you connect or sync. And what about sending mass messages without your permission, or making expensive calls resulting in unwarranted billing? Malware can do that, too.”

How to choose a mobile security service

Key features should include real-time protection against viruses and spam, as well as working with firewalls. Additionally, secure remote backup of data from the mobile device that occurs at least daily (if not hourly) is very useful, as is the ability to locate a lost or stolen device via the security provider’s website, and to lock or wipe all data from the device by remote.

Try the service out before you commit. Make sure the service you choose is easy to configure and use. Test that its features work well. Get your money back if you don’t think it’s the right tool for you.

Adopt good mobile security habits. For instance, you can configure your device to require you to enter a passcode or security pattern every time you turn the phone on or wake it up from its sleep mode.

Many users neglect take this simple precaution because it feels like a repetitive hassle. But if your phone got lost or stolen, how stupid would you feel for not doing it?

Also, be skeptical of apps that you download to your phone. Scrutinize the permissions an app requires before you download and install it. Check user reviews, keep your installed apps updated, and uninstall apps that you don’t use or don’t like.

Similarly, be careful of links included in e-mails, text messages, and instant messages that you receive on your mobile device — they’re a common phishing tool. Don’t click links that you weren’t expecting to get, especially from people you don’t know or trust well or hear from regularly.

Remember, links can be spoofed, and your friends’ phones can be infected to send scammers’ messages. Also, it can be more difficult to spot a spoofed or untrustworthy link on a mobile phone than on a device with a larger, more fully featured display and browser.

Don’t download to your phone pictures, videos, or other files on your phone that come from people you don’t know, or that you weren’t expecting. These can also contain viruses or malware.

If you’re not sure whether someone you know really did intend to send you a link, photo, or file, call or text them first before you click. People usually respond quickly to such requests — and if they don’t, it’s a possible red flag that their device or accounts may have been compromised.

 

 

Microsoft latest security risk: "Cookiejacking"

A computer security researcher has found a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites.

He calls the technique “cookiejacking.”

“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta said via email

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.

“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.

“In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into,” Bryant said.

 

340x_file_human_body_silhouette-2

Microsoft latest security risk: “Cookiejacking”

A computer security researcher has found a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites.

He calls the technique “cookiejacking.”

“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta said via email

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.

“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.

“In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into,” Bryant said.

 

Twitter says to protect users' right to self-defense

 

Twitter will seek to notify its users so they can defend themselves before it hands over user information to the authorities, a senior manager said on Wednesday when asked about a privacy dispute in Britain.

“Platforms should have responsibility not to defend the user, but to protect that user’s right to defend him or herself,” said Tony Wang, general manager of Twitter’s European operations.

Users have posted details on Twitter of celebrity scandals, in contravention of so-called super injunctions.

Super injunctions, issued by English courts, ban media outlets from mentioning not only the details of the case and the identities of those involved but even the existence of the injunction itself.

Breaching the order would put someone in contempt of court, liable to an unlimited fine and up to two years in prison.

Mainstream media organizations have reluctantly obeyed such court orders, but in recent weeks a string of identities have leaked, largely via Twitter and the wider Internet — in an echo of the unsuccessful attempts to suppress the publication of WikiLeaks cables on the Internet.

Lawyers representing one of the celebrities named, Manchester United footballer Ryan Giggs, have asked U.S.-based Twitter via a London court for information about the users who published his name in tweets.

Wang, who was speaking at the e-G8 Internet forum in Paris, said he could not comment specifically on the cases in Britain, but said: “If we’re legally required to turn over user information, to the extent that we can, we want to notify the user involved, let them know and let them exercise their rights under their own jurisdiction.

“That’s not to say that they will ultimately prevail, that’s not to say that law enforcement doesn’t get the information they need, but what it does do is take that process into the court of law and let it play out there.”

A British politician identified Giggs on Monday in parliament as the soccer star fighting a legal battle to prevent newspapers publishing allegations of an affair.

John Hemming, who campaigns for press freedom, used parliamentary privilege, which allows parliamentarians to raise legal issues without fear of prosecution.

Hemming said he had acted after lawyers asked for information about Twitter users. “If you are going to have an expensive firm of lawyers chasing down ordinary people, with a view to threatening them with a jail sentence because they have gossiped about a footballer, that is fundamentally wrong,” he told BBC television.