Posts

Honeymoon Over: Flashback Trojan Infects Apple

, ,

(and what you can do about it)

For years, Apple Mac users have been able to smugly preach security supremacy over fellow Windows users. Apple computers were less susceptible to viruses because they accounted for such a small share of hack-able devices. With the explosive growth of Mac laptops, iPads and iPhones, that honeymoon is all but a nostalgic memory. Apple’s Mac OS X no longer has impunity from virus infection. For the second time in the last year, Apple’s OS X has been successfully breached by malware. Here are the details, and steps you MUST take to protect yourself:

Flashback Trojan Facts:

  • The Flashback Trojan has currently infected more than 600,000 Macs.
  • Flashback is a ‘drive-by’ virus, meaning users only have to visit a site that exploits the flaw; you don’t have to download anything to be at risk.
  • The flaw exploits weaknesses in Java coding, an fairly essential and widely used web browsing tool.
  • First, the Trojan loads software onto your system that directs victims to additional malware.
  • Once the malware is installed, the Trojan steals passwords and banking info from Safari.

Tips for Protecting Your Mac:

  • Immediately download and install all Apple updates and security patches (the latest of which corrects the Java flaw).
  • Configure your system to download and install security and software updates automatically as they are released.
  • Make sure you are using the Apple version of Java that is patched for this virus (Java 6 update 31 or greater).
  • Consider installing ant-virus software or a security suite on your Apple computer, much like would on your Windows systems.
  • Check to see if your Mac has been infected with the Flashback Trojan.
  • If you suspect that your Mac has been infected, visit F-Secure’s website and follow its removal instructions.
  • For casual users, consider doing away with Java all together. The Web itself provides the processing power previously provided by Java.
  • Don’t fall prey to the belief that as a Mac user, you are immune to viruses, trojans and malware. Actually, you are probably now more exposed than Windows users, who have been building their defenses for years.

The Apple virus-free honeymoon has been long and satisfying. But as with all relationships, it’s time for you move into a more mature, long lasting companionship.

John Sileo is an award-winning author and speaker on protecting the sensitive data that makes your business run (even the data you access on your iPad, iPhone or Macbook). He is the CEO of The Sileo Group, which advises clients on defending privacy and leveraging trust. His clients included the Pentagon, Pfizer & Homeland Security. Sample his keynote presentations or appearances on 60 Minutes, Anderson Cooper & Fox. 1.800.258.8076.

iPad & Tablet Users Asking for Identity Theft

, ,

The identity theft and corporate data risk problem isn’t limited to iPad users – it affects all Tablets – but iPads are leading the way. With the rapid increase in highly powerful tablet computers, including the Motorola Xoon and Samsung Galaxy, a new survey is urging users to beware of the risks. Harris Interactive just released a study showing that tablet users transmit more sensitive information than they do on smartphones and are considerably less confident of the security protecting those tablets.

The survey shows that 48% of tablet users transfer sensitive data using the device while only 30% of smart phone users transfer sensitive information. The types of sensitive data included credit card, financial, personal and even proprietary business information. Many factors contribute to the increased risk:

  • Users initially bought tablets as book readers and web browsers, but have increasingly added to their functionality with new Apps.
  • Tablet computers are in their infancy and haven’t been equipped with the same security features as laptops and desktops.
  • Corporate users haven’t yet been trained on securing the data on tablets.
  • Tablets are more capable than smartphones, making it a natural laptop replacement, but without the robust, time-tested security.
  • Indiscriminate App downloading (covered in detail in the Smartphone Survival Guide) greatly increases chances of accidentally loading malware to your tablet.
  • Many companies buy their employees tablets rather than laptops because they are less expensive, more mobile, and have similar capabilities. Unfortunately, they are failing to consider the increased risk posed by the trendy computers.

If you are using your tablet like a laptop (email, accessing bank accounts, transmitting business documents), take the following minimum steps:

  1. Turn on password protection to get into the device.
  2. Enable remote tracking and wiping capabilities in case the device is lost or stolen.
  3. Utilize secure wireless connections only (not free WiFi hotspots in cafes, airports and hotels) to eliminate signal sniffing.
  4. Limit the data you store and transmit on your tablet until the security features have caught up with the functionality.
  5. Physically lock up the device when not in use. Never leave it on the table at Starbucks like someone did in the photo to the right.

Tablets are a slippery slope – they make computing so user friendly that you start to think it’s a friendly computing world out there. Unfortunately, cyber criminals and your competitors have a different idea. Don’t wait to find out what they can do with your private data.

John Sileo trains organizations to protect sensitive data, including that exposed on tablets, smartphones, laptops and social networking sites. His clients include the Department of Defense, Pfizer, Homeland Security and organizations of all sizes. Learn more about bringing in a Data Security Speaker or contact John directly on 800.258.8076.