Friday, 15 June 2012

IET Security for Mobile Devices - 20th June 2012, London


Next Wednesday, I'll be chairing the Institute of Engineering and Technology's Security for Mobile Devices event, which takes place at the impressive RIBA building in London. With topics ranging from the complex subject of mobile forensics to the good and bad of Bring Your Own Device (BYOD) policies in businesses, it is going to be an interesting day with some lively debate. I'm also pleased with the stellar line-up of speakers there. The programme includes: 

  • An opening address by Mike Short of Telefonica (and also President of the IET)
  • Charles Brookson - the GSMA Security Group Chair
  • Former RIM Security Research guru and bluetooth hacking pioneer, Ollie Whitehouse
  • Head of the Metropolitan Police's Digital and Electronic Forensics unit, Mark Stokes
  • Co-Founder of the Trusted Computing Group (TCG) and CEO of Wave Systems, Steven Sprague
  • ...and many more excellent speakers and panellists!
I'm really excited about the event. There are a few places still available. To sign up, head over to this site: http://conferences.theiet.org/mobile/registration/index.cfm

Cyberbullying: Victims to unmask public perpetrators, but what about bullying in private?

I invited Matt Williams to write a guest post on cyber bullying. Thanks for a great article Matt!


Cyberbullying is a topic of discussion that is becoming increasingly mentioned in today’s electronic world. In a time where the Internet is a staple part of our everyday lives, the ability to communicate one’s feelings by the click of a button is often taken for granted. This is particularly the case when referring to the mobile arena, as thoughts and ideas can translate to an SMS, Tweet or Facebook post almost instantly. Whilst many welcome the advancement with open arms, such steps forward naturally arrive with significant disadvantages. Cyberbullying is one of the most profound, and after a recent case of the practice came to light in the media, the UK Government is now being put under pressure to increase its efforts in a bid to address the matter.

Unmasking trolls and cyberbullies
The consistent rise in pressure began to escalate last week, when a British woman successfully won a court order allowing the identities of the individualsharassing her online to be revealed. Nicola Brookes had suffered a barrage of abuse from other users of the popular social media website, Facebook. Having achieved the court order, the users who posted defamatory comments against Mrs Brookes will now have a select amount of their personal details made known. This includes the IP addresses of the devices used by the cyberbullies. It is hoped that the added threat of having parts of a person’s personal profile revealed will help in the fight to combat the ever-growing threat of cyberbullying.

However, some organisations have expressed great concern about having the ability to reveal the proposed information. Privacy International states its position on the matter, claiming that on an international scale, certain operators may become too lax on the ability given to them. They fear that such organisations are at risk of exposing personal details, even in the event that only an allegation has been made. Therefore, the appearance of this ability in the social media market comes with new considerations, in many other aspects and on a much wider scale. But how would this tie in to mobile devices?

Image by Adam Clarke
 
Well, the clear advantage of the portability of mobiles phones poses as a threat in itself, as it presents one of the best methods of allowing cyberbullying to take place. These days, it is difficult to find a person in the UK without some form of mobile device. For many, the simplicity of being able to communicate with another individual has never been greater, thanks to the mobile phone. It is for this reason that mobile devices can more easily act as a catalyst to such an act as cyberbullying.

Cyberbullying in Private via Mobile
Another reason why cyberbullies prefer to use mobile to carry out their attacks is because phones often come with a lack of parental interference. Considering that the issue is most common within the teenage demographic, parents of younger phone users tend to distance themselves from their child’s mobile communications and online lives. Likewise, it is common for adolescents to find a means of preventing their parents from accessing their messages. It is this separation that can pave the way for cyberbullying to take place on a more private scale. In many aspects, this is more significant than a public example of online harassment, as the issue can steadily manifest itself and worsen with time.

But it is important to remember that cyberbullying isn’t only exclusive to text communications. Photos, videos and audio recordings, that demonstrate offensive behavior, also contribute to the problem. In many situations offensive material of any form is deleted soon after having being sent, especially on mobiles. This is often the case for both the architect of such material and the victim themselves. As a result, a record of the exchange becomes difficult for parents, teachers and the Police to trace, as the evidence is no longer present on the front end.

Government pressure on cyberbullying should continue
However, this recent development enabling victims to unmask cyberbullies can ultimately be considered to be a significant step forward, when attempting to tackle online perpetrators. Consequently, it is a move by the Government that will be well received. But it is important to remember that the private side of cyberbullying will continue to take place, and the Government must maintain its interest in combating the matter in the long run.

Last night's Channel 4 News in the UK carried a piece on cyberbullying and guidance on what to do if you are being bullied: http://www.channel4.com/news/cyberbullying-what-should-i-do 

About Matt Williams
Matt Williams has just completed his second year as a student at the University of Derby, pursuing an undergraduate degree in Computer Forensics and Security. He has a keen interest in up-and-coming mobile technologies, particularly in reference to mobile security.

Saturday, 9 June 2012

Playstation Network mysteriously down - security again?

Not mobile security, but possibly big emerging security news (more on why I think so below). The Sony Playstation Network is currently down (as of 20:39 UK on the 9th of June).

Germany-Portugal 0-0 you say?

Just before 8pm, I noticed I was signed out of the PSN, so went to the "Sign In" menu. This immediately took me to a change password menu. It said that my password was "no longer valid". The dialog asked me to enter and then re-enter a password. Quite painful on a PS3 controller with complicated passwords, but it did slightly concern me that it hadn't asked me for my old password (I need to spend some more time thinking about this though but my first thoughts were about whether I could get access to my credit card info etc, once I had done this). Anyway, I didn't even get that far as the system locked up on me. After a restart, I submitted the new password and it timed-out, with "This service is currently undergoing maintenance".

The PSN website says that the service is "Partially available" but there is no statement at all about what is going on. Obviously it could just be a major hardware failure somewhere, but equally we could be seeing the effects of an emergency shutdown due to a security issue (like last time). And, it was about this time last year it all happened. Added to that the fact that there have been a lot of password related breaches this week (LinkedIn et al), could this be linked?

As I write this (now 20:51), I've just been able to sign in again. No password change screen or anything, so it is all a bit strange.

To be updated...

Update 14/06/12 - No word on what happened the other day from Sony by the looks of things, but this afternoon (c.14:30 ish) the PSN network is down again, with some tweets giving very similar symptoms to the ones I had above. Again, nothing from Sony as to what is going on...

Friday, 1 June 2012

This Computer is Dead [it must be a virus]

I've dug up an old copy of Amstrad Action (issue no.85, October 1992) which has quite a funny letter from a reader in its technical forum section. You can see a scan of the letter below:


This is a really good example of the kind of paranoia users get into. It also probably reflects what was being touted around the media at the time. Earlier in 1992, the Michelangelo virus had caused a bit of a media storm after some hardware and software manufacturers accidentally shipped infected products.

I can't find any reference on the web to the German Amstrad CPC virus referred to, but I do remember seeing some CPCs in Dixons in Scarborough in about 1990 which had some kind of anarchistic screen displayed saying it had been hacked, which as a kid I found pretty cool. Someone had obviously sneaked in and loaded it up on the machines while the salesmen weren't looking.

Anyway, fast forward to today and we find this ludicrous - why were users jumping to conclusions about viruses on a machine like the CPC? Similar events are happening today - users seem to jump to extremes - either they ignore the possibility completely that they have clicked on something bad and are now part of a botnet or, at the other end of the scale (like the guy above), that because their computer is running slowly or broken, it must absolutely be a virus. This also extends to either the misplaced notion that Apple machines are immune to malware or that Android devices are riddled with maliciousness. Both incorrect views, but popular ones (and perpetuated by the media in many cases). 

Users need independent trusted sources of honest advice and that isn't necessarily found in those who have a vested interest in selling a fix to them.