And the joke will be on whom? It is not a good joke, actually. In fact, if it indeed happens, it will be one of the worst jokes in cyber security. The Conficker worm has been the subject of many discussions and the target of many security experts’ attention; and rightly so. This worm has infected millions and millions of machines worldwide and has proved to be a headache.

Now, the rumor is that on April’s Fools Day of this year, the third version of the worm will be activated. Those behind the worm designed the first two versions to spread like wildfire. According to experts, those two versions are nothing compared to the third one, 32.Downadup.C, which is supposed to “solidify its position.”

The good news is that the first two versions of the Conficker worm have been thoroughly scrutinized and reverse engineered by security experts. These activities have given them an understanding of how the worm works. The bad news is that the creators of the virus know this, and they will definitely work on creating a “better” version this time around.

Experts say that while the first two versions are able to contact 32 web addresses out of 250 per attempt, the third version could probably generate about 500 domains. More so, the activation of the third version will mean that computers that are already infected can connect to each other AND receive updates of the worm. Worse, the third version will probably be able to fight off security bots. This is more than enough reason to be ultra careful come April 1.

Photo from http://nuevayolblog.net/wp-content/uploads/2009/02/conficker.png

Categories: Malware, Real-World Issues, Tips

Leave a Comment

Two posts ago, I wrote something about British people NOT paying much attention to security on their mobile phones. If the results of the Pwn2Own smartphone hacking contest are to be relied on, then there might not be much too worry about – unless someone physically steals your phone.

According to a story ran by Apple 2.0, hackers were kind of stymied during the contest. Here is a snippet of the feature:

The contest, sponsored by 3Com’s (COMS) TippingPoint computer security division, pitted some of the world’s sharpest hackers and computer security experts against five smartphones: an Apple (AAPL) iPhone, a Research in Motion (RIMM) BlackBerry and phones running on Google’s (GOOG) Android, Microsoft’s (MSFT) Windows Mobile and Nokia’s (NOK) Symbian operating systems.

Although the rules were relaxed each day to make hacking easier, the phones managed to withstand the few attempts that were made to “pwn” them — Internet-gamer slang meaning to conquer or gain ownership.

I believe this was the same convention where the Safari was hacked by Miller. Luckily for the smartphones, though, none were cracked by the time the contest ended. This spells good news to smartphone owners like me and you. I was just thinking about searching for more security applications for my Nokia smartphone but perhaps it is not that urgent.

So are the phones just that good? Perhaps. Or maybe, they are still new and they have not really been the focus of hackers. While this is good news, I am thinking that pretty soon, they will become the targets. What do you think?

Photo from 3g

Categories: Real-World Issues, Wireless Security

Leave a Comment

And I thought Apple was unhackable. That goes to show that there seems to be no such thing these days. After all, most everything has a “hole,” and it is only a matter of finding that hole and exploiting it, right?

Security expert Charlie Miller will surely agree with you, and unlike me, he can back up his statements too! Charlie Miller is known for hacking a MacBook Air last year. He did this feat in less than two minutes, and won $10,000 for it. He did not stop there, though. About two weeks ago, Miller joined another contest; this time to hack Safari.

He said that he discovered a hole in the security last year. This hole, when exploited, can give a remote user control of the machine. Miller was able to demonstrate how this is possible in about 10 seconds! This is how he did it: he got the computer user to click on a link (a “malicious URL”) and voila, in one click, he had control.

Naturally, the contest rules stipulate that Miller cannot disclose exactly how he got it done. He said, however, that he told the people at Apple the details of what he was planning to do. At the end of the day, everyone walks away happy. Miller gets his cash prize and the MacBook he used to boot. Apple, on the other hand, gets to discover a bug AND fix it as well.

As for us mere mortals, it just goes to show that we should be careful in clicking.

Photo from http://www.flickr.com/photos/colinzhu/542471747/sizes/s/

Categories: General, Web browsers

Leave a Comment

The average person spends a lot of time and money on making sure that his personal laptop or desktop computer is secure. From firewalls to anti-virus software to spyware removers – all these kinds of software are installed onto computers to make sure that any kind of malware is kept out. But do you pay as much attention to security on your mobile phone?

According to a recent survey conducted in the UK, mobile phone users do not really pay that much attention to security. IT Pro has this story:

Results from a survey of UK mobile phone users has found too many of us are playing fast and loose with sensitive data stored on our mobile phones.

More alarmingly though, it also found that the majority (99 per cent) of those questioned also used their mobiles for business use, creating a potentially weak security link to their employers’ corporate systems.

So what kind of sensitive data is stored in mobile phones? I think that you can answer this yourself but let’s take a look at some of them:

• Bank account details
• PINs
• Passwords
• Social security numbers

More than these things, mobile phone users also admitted to accessing and storing business data on their phones. This includes downloading spreadsheets and other business documents.

The worst part is that despite the fact that this information is stored in mobile phones, the units themselves do not have passwords and other forms of security measures.

The bottom line? At the very least, we have to put passwords on our mobile phones. Even better, enable encryption.

Photo courtesy of http://www.flickr.com/photos/osde-info/763025492/sizes/s/

Categories: Real-World Issues, Tips, Wireless Security

Leave a Comment