I had the privilege of discussing the state of mobile phone payments systems, like Google Wallet, on a local radio station show called “Backbone Radio” in mid-February, 2012, which is co-hosted by Joshua Sharf. The segment aired on 710-AM KNUS in Denver and 1460-AM KZNT radio out of Colorado Springs.
Much has been said in the last few days about the security of the Android platform in general and Google Wallet specifically. One frequent question that has been asked of the Google Wallet PIN vulnerability we found is “should the average consumer be concerned about mobile device exploits that require root privileges?” The unfortunate answer is “yes.” The reason is that while it is true that this PIN vulnerability requires root privileges to succeed, it does not require that the device be rooted previously.
Cell phone-based credit card payments are a burgeoning industry. There is a great deal of backroom negotiation going on today among players like Google, Verizon, AT&T and T-Mobile. They each want to establish themselves as a middleman in what they are betting will be a trillion dollar a year industry. The stakes are very high.
The Safer Internet Day (SID) is a commendable initiative organized by the UK Safer Internet Centre each February to promote safer and more responsible use of online technologies, especially amongst children. Each year hundreds of localized and virtual events are organized to raise awareness about online safety issues.
With the increasing complexity of threats appearing on the Internet, coupled with the rapid development of security products designed to mitigate them, the number of phishing-based attacks have grown. In the first half of 2011 and compared to the second half of 2010, the Anti-Phishing Working Group (APWG) reported a 62% increase in unique phishing attacks worldwide in 200 top-level domains (TLDs).1 This trend warrants swift action to address the growing threat.
IPv6 enabled websites are steadily increasing as the availability of IPv4 addresses continue to diminish. While most current company network architectures already support IPv4, it is crucial that applications be ready to support the new IPv6. Migrating to IPv6 is not easy and challenges may arise involving both the network and application layers, as zveloLABS.
zveloLABS™ reported live from the 2011 Hack in the Box Security Conference (HITBSecConf) in Malaysia. Following are additional reflections about the conference and other highlights worth mentioning.
The 2011 Anti-Phishing Working Group (APWG) eCrime Researchers Summit, out of San Diego, California, moved fast with a number of interesting presentations and fascinating people. The APWG is a non-profit global pan-industrial and law enforcement association focused on eliminating the fraud, crime and identity theft that results from phishing, pharming, malware and e-mail spoofing of all types. The eCrime Researchers Summit brings together malware researchers, counter-eCrime developers and responders, and includes the 2011 Fall General Meeting. Here are some highlights from the event.
In mid-September of 2011, I had the privilege of attending a SOPHOS seminar titled, “Anatomy of an Attack – How Hackers Threaten your Security,” hosted by Chester Wisniewski, a highly regarded Senior Security Advisor and frequent contributor to the award-winning Naked Security blog.
zvelo is proud to support the Internet Watch Foundation in its mission to make the internet a safer place for all. By working to assess and remove webpages that disseminate criminal content and child sexual abuse content, the IWF is helping to stop criminal activity and to protect web users.