Android phones account for 79% of malware, study finds Americans willingly open malicious emails and the New York Times and Twitter are hit by the SEA

Android phones account for 79% of malware
The Department of Homeland Security and the Federal Bureau of Investigation have reported that 79 percent of malicious attacks on mobile phones in 2012 occurred on devices that were running Google’s Android operating system. The mobile operating system is the world’s most popular, but authorities have blamed the high number of attacks on the system’s ‘market share and open-source architecture’. Nokia’s Symbian operating system had the second highest number of attacks, while Apple’s system has had only 0.7 percent. The news comes in the wake of security firm Symantec’s discovery of a ‘master key’ bug for Android devices which is already being widely exploited in China.

Americans willingly open malicious emails
A study conducted by TNS Global has found that 30 percent of Americans surveyed would open an email even if they knew that it was suspicious or contained a virus. A further one in eleven admitted to infecting their computer with a virus as a result of opening a malicious email attachment. According to statistics from the Anti-Phishing Working Group, more than 74,000 unique phishing campaigns were uncovered during their reporting period which targeted more than 1,100 brands. The fact that so many Americans would knowingly open a malicious email is even more alarming when you consider that anyone who’s willing to open these emails at home is also likely to be willing to open them at the office, putting corporations at risk.

New York Times and Twitter hit by Syrian hackers
The New York Times’ website and Twitter are both still experiencing problems in the wake of a hack carried out at the beginning of this week by the Syrian Electronic Army (SEA). The hacking group have also recently claimed responsibility for attacks on companies including the BBC and the Financial Times. The SEA gained access to the two websites by editing their Domain Name System information, which resulted in the domains redirecting visitors to websites hosted by the SEA. Hosting company Melbourne IT has said that the hackers managed to enter through the ‘front door’ and added that they were looking at implementing ‘additional layers of security’ in order to protecting the details of their domains.

China hit by ‘biggest ever’ cyber-attack

China has been hit by its biggest ever cyber-attack, causing multiple websites with a ‘.cn’ domain name to be taken offline for several hours.
The distributed denial of service (DDoS) attack began at 2am local time on Sunday before becoming more severe at around 4am. Information about the attack was published on the China Internet Network Information Centre’s (CNNIC) website, along with an apology to any affected users. CNNIC has also promised to ‘enhance the service capabilities’ of the network that is responsible for the affected domains.

The CNNIC has said that they can’t yet be certain about the groups responsible for the attack, but the DDoS method is commonly used by many hacktivists worldwide. It works by flooding websites with excess traffic to disrupt their normal operation.

While DDoS and other hacking attacks aren’t particularly new to China, the country is frequently the focus for accusations of hacking from other nations, particularly the USA. A recent investigation by The New York Times alleged that Chinese hackers had repeatedly targeted their systems over a four-month period – an accusation that the Chinese foreign ministry described as ‘groundless’.

The ease with which the sites seem to have been disrupted has surprised some independent onlookers, with Matthew Aid, an independent analyst, commenting that, 'If all internet sites ending in .cn can be taken down by nothing more sophisticated than a conventional denial-of-service attack, the Chinese internet system is more vulnerable than we previously believed. Clearly Chinese cyber defences are not what they should be.' It's certainly an interesting revelation given how many of America's accusations rely on the extreme sophistication of Chinese governmental hacking capabilities.

Using the internet comes with an inherent risk of attacks, but there are methods individuals can use to help defend the data stored on their personal devices, like a VPN service. A VPN gives your computer an extra layer of security when online, helping to ensure that any malicious external forces are prevented from intercepting information.

Concerns raised by activists over DHS facial recognition technology plans

The USA’s Department of Homeland Security has been warned by civil rights activists that unless it develops a clear ethical framework to cover its facial recognition technology, there will be little to prevent a repeat of the National Security Agency's widespread privacy violations.
The intention is for the video surveillance technology to become capable of picking out fugitives or suspected terrorists from a crowd of people, but privacy advocates are warning the government that the technology will need to come with a civil rights protection clause in order to avoid following in the NSA's footsteps.

The technology works by combining computers, video cameras and facial recognition software to allow it to scan crowds of people and differentiate between individuals, although recent tests have established that the system, known as BOSS or Biometric Optical Surveillance System, is a long way from perfection. A recent test by the Department of Homeland Security found that the system was too slow and unreliable, estimating that several years of additional work would be required before an official release.

For privacy advocates, that makes this the ideal time to act in order to ensure that legislation stays up to date with the technology. Their main concern at present is that the technology thus far lacks a function to keep the public safe and protect their privacy. Very little is known about the technology that BOSS would use, and it’s feared that the database, theoretically there to store images of people on a ‘watch-list,’ could in fact include almost anyone.

Julia Horwitz of the Electronic Privacy Information Centre, which received documents informing them about BOSS, has stated that, 'we didn't see any mention of privacy protection at all,' and confirmed that there were no details given regarding what would warrant an individual's inclusion on the database. As yet another example of the law failing to keep up with technology, it's clear that vigilance is required to ensure we're not faced with another 'Prism'-style scandal.
At least in your own home you can still keep your technology safe by investing in a VPN service to help secure your internet connection. A VPN works as an additional layer of defence that provides a barrier between the private data on your computer and any external users trying to access it.

UK considers ban on ‘key fob’ mobiles, Groklaw news site shuts down over US surveillance, and high speed, in-flight wi-fi is expected by 2014

UK considers banning ‘key fob’ mobile phones
The UK is considering placing a ban on the sale of small mobile phones that have been designed to look like car key fobs. The phones are sometimes marketed as the ‘world’s smallest mobiles’ and feature logos from companies such as BMW, Audi and Volkswagen. The Times has reported fears that the products have been advertised with prisoners in mind, allowing inmates to get around the ‘no mobiles in prison’ rule. The UK’s Society of Motor Manufacturers and Traders says that it had reason to believe that the phones were being made without the permission of its members. Although the devices are still currently available on eBay and Amazon, the National Trading Standards Board has asked retailers to stop selling them.

Groklaw news site abandoned due to US surveillance
Groklaw founder Pamela Jones has announced that the award-winning legal news site is to close, citing her inability to guarantee contributors’ privacy. The site was launched 10 years ago and is known for its coverage of technology law, including privacy disputes and software patents. The news comes after secure email provider Lavabit also announced its closure, referring to an ongoing legal dispute, presumably with the US government, in its closing message. The owner of Lavabit supposedly spoke to Jones and warned her of the privacy dangers when it comes to using email. After concluding that Groklaw would be unable to run without email, Jones decided she felt too uncomfortable with the possibility of constant surveillance and shut down the site.

High speed, in-flight wi-fi expected by 2014
It’s thought that in-flight wi-fi fast enough to stream services such as Netflix could be available on airlines by 2014. The communications regulator Ofcom is currently considering licensing a new satellite that would deliver connections to aircraft, ships and trains at speeds ten times faster than those currently available. Certain communications operators are already planning to launch networks that support the higher speed Earth Stations on Mobile Platforms (ESOMPS) in just a few months. The Federal Communications Commission has already legalised the use of ESOMPS in the US.

HMA! Pro VPN Windows Client 2.8.1.10 Announcement

We’re very excited to announce the latest release of HMA! Pro VPN 2.8.1.10 (for Windows) and to get it into the hands of our users. This is our latest major release and will be available as an automatic update to all our users in the next coming weeks. You can also install this update straightaway if you prefer not to wait, by downloading the latest version from your VPN control panel.

In a nutshell, we have made stability a top priority across all our windows platforms. We have made significant improvements in fixing Windows 8 bugs, so users switching over to Microsoft’s latest operating system will have smoother ride using Hide My Ass!.

We’ve also reworked our load balancing messages, so that users are never left disconnected from our VPN when the client is trying to find the best server to connect to.
We have made many small tweaks to the user interface. Some of our favourites are:

• The client will automatically save what is typed into the ‘username’ and ‘password’ fields. There is no longer an additional step of clicking ‘connect’ to save your login details.
• If you like to test the same servers when doing a speed test, the client will now remember your choice from before, saving you time of having to tick the same servers every time.
• The ‘IP address change’ needed a better on/off switch, so we have now included a checkbox to quickly enable or disable the ip address change feature.

You can see the complete list of improvements and fixes found in this release in our forum here.

Please reach out with any thoughts or questions. We look forward to continuing development and making Hide My Ass! the best it can be.

We have not forgotten about our customers using Macs and we are now underway with new software for OSX. We’ll let you know here first as soon as it is ready.

Google claims that UK privacy laws don’t apply to them as they’re faced with a landmark legal case

Internet search giant Google is using an unusual defence against claims that it illegally tracked internet activity, arguing that the British laws they are alleged to have broken do not apply to them.
The UK-based claimants say that Google bypassed a privacy setting on their iPhones and Apple Mac computers in order to illegally track their activity on the internet and are currently trying to bring a landmark group legal case against the company.

Apple’s default privacy settings mean that websites are blocked from installing things like cookies that let companies like Google track the user’s internet usage and target adverts towards them personally. It’s alleged that Google wrote software that was specifically designed to work around these settings without notifying the users beforehand.

Google maintains that it didn’t use these cookies to harvest personal information, but the Federal Trade Commission has already imposed a record $22.5 million fine on them. The company is now battling hard to have the case dismissed from UK courts in order to have it heard abroad, asserting that it is not subject to British laws because its consumer service, Google Inc., is based in Silicon Valley, California.

The claim has sparked outrage among many campaigners as it comes on the heels of the news that Google had failed to pay a significant amount of tax in the UK, prompting some to claim that the company operate in the country only when it suits them.

Google’s attempt to have their case heard elsewhere will be considered in October, but given the fact that the offences were committed under a ‘.co.uk’ web address - and that the firm is currently constructing headquarters worth $1 billion in the UK - it’s not looking promising for the search giant.
If you’re worried about the safety of the personal information you have on your computer, then a VPN service can offer you some extra piece of mind. A VPN provides your computer with an extra level of security when you’re surfing the internet so that your personal data stays private.

Syrian Electronic Army’s latest hack affects the Washington Post, CNN and Time magazine’s websites

The Syrian Electronic Army (SEA) seem to be everywhere at the moment and their latest hacking conquest has affected the websites of the Washington Post, CNN and Time magazine, placing links on the site redirecting readers to the SEA’s website for a short period of time.

The redirection was due to a security breach at Outbrain, a company that provides link recommendations for all three sites. A spokesperson for the group said that their staff had been fooled by a spoof email that claimed to be from the company’s chief executive. Outbrain immediately took their service down once they realised what had happened, and then took a further seven hours to ensure that everything was fixed and working correctly before they relaunched their site.

For the Washington Post, this attack marks the SEA’s second targeted attempt at the paper in the space of a week. The publication’s managing editor Emilio Garcia-Ruiz claimed that, ‘A few days ago, the Syrian Electronic Army, allegedly, subjected Post newsroom employees to a sophisticated phishing attack to gain password information.’ At present, however, all three affected websites believe that nothing else was altered on their pages other than the content of the links.

Chester Wisniewski, senior security advisor at Sophos, condemned the attack and warned that it was the same kind of technique used by hackers attempting to get malware out into the web. He claimed that, ‘In this case it may only be sending you to the Syrian Electronic Army's website but it could also be used to install viruses or copy cookies to try and later impersonate a visitor.’

Douglas McCabe, an industry consultant from Enders Analysis, warned that the attack was symptomatic of a wider challenge facing the media: ‘"It is a reminder that while digital news organisations have lower distribution costs, those of technology and security are greater. The technology sophistication required to protect sites is continuously growing. The commercial and editorial implications of down periods during major news events are clearly far-reaching.’

If you’re worried about the security of your personal computer, then using a VPN service can give you extra peace of mind. A VPN acts as a barrier between hackers and your personal data when you’re surfing the web, which means that your private information should stay safe.