5 Technology Security Myths, Busted

By Bill Snyder, CIO |  Security, privacy

The iPad has only been on the market for a month, but hackers have already found a way around its security features, at least for those using the tablet in tandem with a Windows PC.

According to the BitDefender, (an anti-virus maker) "This particular threat comes in the form of an unsolicited e-mail, promising to keep iPad software updated 'for best performance, newer performance, newer features and security.' Via a conveniently provided link, the email instructs iPad users to download the latest version of iTunes to their PCs. The download page to which users are directed is a perfect imitation of the one they would use for legitimate iTunes software downloads."

Once downloaded, the code opens a backdoor into the system and attempts to read the keys and serial numbers of the software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts, and protected storage.

This threat does not target Mac computers--but don't get smug, Apple fans. Macs are vulnerable to other threats. The main reason you hear less about attacks on Macs, is that hackers prefer to go for systems that have the widest possible distribution, and that means Windows. At this year's CanSecWest conference, security researcher Charlie Miller used a flaw in Safari to break into a MacBook in under 10 seconds.

3. The Amount of Malware is Waning

In fact, the threat is growing exponentially. McAfee got an ugly black eye in April when a so-called false positive by its anti-virus software crashed machines running Windows XP. But even the company's competitors were quick to acknowledge that the mishap could have happened to any of them.

The big reason: The exponential growth in malware and infected Web sites.

"We're identifying 20,000 or more signatures every day," says Zulfikar Ramzan, technology director of Symantec's security response group.

By signature, he means the footprint of a newly discovered bit of malware. Ideally, each signature goes through a quality assurance procedure that makes sure it is, in fact, malicious. In the McAfee case, the automated procedure slipped up, and wrongly identified a Window's system file as malware. And that's why XP-based PCs with that particular update crashed.

"The explosion of signatures means humans can't analyze them, so we automate," says Ramzan. "But as we add more automation, the risk of false positives increases, and so does the performance hit to machines."


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

Ask a Question