Nokia Lumia Blowout!!!

September Lumia Blowout!

Last month we gave a way an amazing Lumia 1020. That was pretty awesome. This month we wanted to take into consideration that maybe you aren’t on AT&T and would prefer a Lumia 925 or 928 to use on your carrier. Heck, it’s even possible you just don’t want a camera as awesome as the Lumia 1020 and would like a Lumia 920. If that’s the case then this months drawing is just for you. The winner will get their choice of a Lumia 920, 925, 928 or a 1020. The rules are simple:

1. You MUST live in the U.S. or Canada.
2. You MUST be an existing Windows Phone Developer WITH at least one published app currently in the marketplace.
3. You MUST be an active Windows Phone developer as of September 30th 2013, which means you must have either published a new Windows Phone application or have published an update to an existing Windows Phone application that required xap certification within a 180 day period (counting back from September 30th your last updated date must be April 4th 2013 or later.

Below is an example of where to find the last updated date on your Windows Phone application page in the Windows Phone Store.

Now that you know if you can participate or not here’s what you need to do. Email me the REQUIRED information below.

1. First and Last Name
2. Email address (this is the one we can reach you at, one you actually check daily)
3. The link to your qualifying application in the Windows Phone Store.
4. DVLUP.com username (If you haven’t registered yet, go do it, it’s free and you’ll be glad you did)
5. Your Windows Dev Center Publisher GUID (it’s on your dev center dashboard)
6. Your location: City, State/Province (and county if you are in TX or CA)

Make sure you include “September Lumia Blowout!” in the subject line or I might miss it. If you are missing any of the information above you will not be entered into the drawing for the new Lumia 920, 925, 928 or 1020.

Once I receive your entry I will verify your eligibility, enter you in the drawing then send it to the Ambassador for your area who will be your source for all things Nokia and Windows Phone development. We need your entry by September 30th. We will conduct the random drawing on October 1st 2013 and contact the winner.

No matter which area you are in the contest will be amazing and the entry is easy. So email me ASAP!

Send the email to ext-rich.dunbar@nokia.com with the subject “September Lumia Blowout!” .

Which smartphone is the most secure?

Not all mobile phone operating systems are created equal. As Spencer McIntyre of SecureState explains, there are unique differences and threats specific to each smartphone and, in the end, security is largely up to the user.

 

These days, it is almost impossible to meet someone who doesn’t own a cell phone. More specifically, smartphones, whether it be the trendy iPhone, corporate favored Blackberry or modern Windows Mobile, almost everyone has joined the smart phone frenzy — and with good reason. A smartphone offers more advanced computing ability and connectivity than a contemporary phone.

Just like a handheld computer, most of the population relies on their operating system to multitask the demands of work, personal life and finances. However, many Smartphone users forget about the risks of malware on these crucial devices. In fact, a study from Rutgers’s University disclosed that malicious software for cell phones could pose a greater risk for consumer’s personal and financial well-being than computer viruses.

[Also read about security and privacy apps for smartphones ]

Clearly, there is a need for greater protection of cell phone software and greater awareness of cell phone vulnerabilities from owners, especially when it comes to what kind of operating system you are using. There are unique differences and threats specific to each Smartphone. Here are some important key points that consumers should consider to protect their mobile operating systems.

iPhone
There is a lot to be found regarding this popular device, half of our research findings surrounded the iPhone. Malware for this device took a different approach with the release of IOS 4. The multitasking that users take part in on their systems easily goes unnoticed, allowing the presence of malware to be easier to miss and less intrusive. Malware is more commonly found on iPhones that have been jail broken.

“Jail breaking” means freeing a phone from the limitations imposed by the wireless provider and in this case, Apple. Users install a software application on their computer, and then transfer it to their iPhone, where it “breaks open” the iPhone’s file system, allowing you to modify it; however, this also opens it up to malware. By jail breaking a phone, users are possibly allowing malicious applications into their device which has access to their personal information including their bank account. These applications are not subjected to the same limitations as Apple and therefore are easier to get from a rogue reference and infect cell phone.

Additionally, by not changing the password on a jail broken iPhone, the SSH service, is easy for malicious attackers to create worms used to infect the users operating device. An example of how important this threat is to note was highlighted by Ike, a worm created to raise security awareness when it comes to using these jail broken devices. It illustrates how once the core app has run its route, the vulnerability can gain complete control of the system.

 

Apple is slow to pinpoint vulnerabilities, including the SMS (texting) exploit released in the summer of 2010 by Charlie Miller. This also revealed that Apple is so slow to release that third party organizations were able to produce a security patch before Apple.

 

[Check out these 5 questions to ask before creating mobile device security policy ]

 

Windows Mobile
When it comes to threats, Windows Mobile takes the cake when it comes to attracting malware via SMS. Specifically the amount of SMS malware found on Windows Mobile devices is much higher in comparison to others. An interesting facet of the Windows Mobile OS is that many of the system calls are shared with it’s full-featured desktop counterparts. This detail has contributed to many pieces of malware that have originated on the Windows OS being ported to the Windows Mobile OS. A noteworthy example of this is the Zeus botnet that in recent years has begun to appear on mobile versions of Windows.

BlackBerry
A popular alternative to the previous two mobile operating systems, the BlackBerry is also quite different from the typical smart phone. The BlackBerry uses what is arguably the most closed source of the operating systems discussed herein. Research In Motion, the developers of BlackBerry have done an excellent job of keeping the sensitive inner workings of this smart phone a secret from the public. This is a contributing factor for the relatively small number of reliable exploits for the BlackBerry smart phone.

BlackBerry also suffers from the multitasking concerns that make it easier for malware to run unnoticed. An interesting proof of concept developed for the BlackBerry is the BBProxy application that was presented at DEFCON.

Symbian
There is not a lot of information regarding malware for this operating device, although it is the oldest of the smart phones and one of the most popular outside of America. Windows, Blackberry and Symbian are malware populated and not present on Android or iPhone. Along with the Windows Mobile family of Phones, Zeus has be ported the Symbian as well. The mobile version of Zeus is being used to intercept text messages sent as the second factor of authentication in many services.

Android
The Android operating system is the only open source operating system discussed herein. Android is unique in that it is community driven. The Android operating system is not owned by an individual organization, so it is developed in the best interest of the users. However, the applications are not monitored for vulnerabilities in the marketplace, so anyone can submit applications containing malicious functions which are less likely to be caught. Essentially, it is up to the users to determine if it is a safe and reputable source from which they are getting the app.

Amazon now has a 3rd party market place, which imposes additional policies and restrictions on applications that are distributed.

Android is based on the Linux operating system. On Linux, availability on Android is unlike others and there is not much evidence of ported malware. This is not because there is not any known Linux malware out there, but because it doesn’t receive much attention.

In Conclusion
All operating systems have distinct strengths and weaknesses; however, many are the same and essentially are up to the user and the configuration of the password. Users need to remember not to install apps from unnecessary sources, especially if they are unknown. While users can’t know them all, users need to ensure that they are from a reputable source. If not, that is where malware commonly comes from, with backdoor apps masquerading as secure applications. Also, jail broken phones are at a huge risk if the user maintains the default password and an even higher risk if not used in the Apple marketplace. Instances of malware exist on all of the phones and are even more relevant on ones using untrusted app sources. Consumers can keep this research in mind when using their smartphone to best protect their valuable information.

Spencer McIntyre is a security consultant at SecureState where he focuses on penetration testing and tool development.

Translator App For Windows Phone 8

Click on any screenshot to see the app in the store.

Language Translator for Windows Phone 8 is possibly one of the best language translation tools on the Windows Phone market. This translation app is equipped with speech recognition, text-to-speech, voice-to-text, and voice translation for your convenience. Language Translator app supports almost 50 different languages, making it one of the best translation tools and the best choice for anyone that needs to break the language barrier.
Language translator is an app that is designed to allow you to communicate with anyone, anywhere, at any time.

Features:

* Social Media Integration
* Full voice support
* Text Prediction
* Share From Unlimited Accounts
* Share Translations using Email and SMS
* Share Translations using Social Networks
-Facebook
-Twitter
-LinkedIn
-Sina Weibo(China’s Twitter Network)
-and Any Other Verified WP8 Account
* Customize Preference Settings
* Voice Translation
* Text Translation
* Text-to-Voice
* No Advertising
* Supports More Languages than Almost every other Translator in the Windows Store.

-Text Prediction

The text editor will help you predict text and correct any misspelled words.

-Social Media Integration

You are now able to share your favorite translations with friends on Facebook, Twitter followers, your LinkedIn contacts, Sina Weibo, and many more, right from the UI.
You can share translations from multiple social media accounts. Simply set up your social media accounts and choose which account you would like to share from.

-Email Integration

Share your translations from any email account that is associated with your WP8. Share from unlimited accounts.

Documents leaked by Edward Snowden indicate that the NSA can read certain BES communications

The U.S. National Security Agency is able to read messages sent via a corporate BlackBerry Enterprise Server (BES), according to a report by German news magazine Der Spiegel. The purpose of this spying is economic or political, and not to counter terrorism, the magazine hints.

The report, published in English on Monday, cites internal documents leaked by former NSA contractor Edward Snowden.

Governments have long demanded that BlackBerry provide access to encrypted messages carried by its email and BlackBerry Messenger (BBM) services, to allow them to monitor for terrorist activity.

BlackBerry has complied in the case of its consumer-grade BlackBerry Internet Service (BIS), notably providing the Indian government with access to consumer messages. Indeed, Der Spiegel cited NSA documents claiming that since 2009, analysts have been able to see and read text messages sent from BlackBerrys, and to collect and process BIS mails.

However, the company has always maintained that it cannot provide access to messages sent through its offering for corporate customers, BES, saying the encryption keys are known only to the company operating the BES.

However, among the documents leaked by Snowden are some that indicate the NSA, and its U.K. counterpart, the Government Communications Headquarters (GCHQ), can access text messages and emails sent between BES users, Der Spiegel said.

The two agencies have been targeting messages sent via BlackBerry’s platform since before May 2009, when they ran into temporary difficulties that U.K. analysts later traced to a change in BlackBerry’s messaging protocol following its acquisition of a smaller company. By March 2010, they were once again able to access the information, Der Spiegel said, citing GCHQ documents marked “UK Secret.”

The leaked documents seen by Der Spiegel contain no indications of large-scale spying on smartphone users, but “If the intelligence service defines a smartphone as a target, it will find a way to gain access to its information,” the magazine reported.

Der Spiegel said that to acquire BES data involves a sustained effort on the part of the NSA’s Office of Tailored Access Operations, a specialized hacking team based in Forte Meade, Maryland.

An NSA presentation entitled “Your target is using a BlackBerry? Now what?” seen by the magazine shows what can be achieved. It contained an image of a Mexican government email, the plain text of which appears in a slide under the title “Post Processed BES collection.”

Such cases raise questions for other states. As the magazine noted, the German federal government recently awarded a contract to BlackBerry for secure communications between federal agencies.

Ironically, though, other documents show the NSA is concerned about the effects on national security of BlackBerry’s declining popularity among U.S. government employees. Between August 2009 and May 2012, the “only certified government smartphone” saw its share of the U.S. government smartphone market fall from 77 percent to 50 percent, the documents said.

The Mexican email, and the agency’s concern for the security of government communications, are just some of the indications that the NSA’s focus on BlackBerry may not just be about the war on terrorism.

While BlackBerry devices are common in government and in corporate management, they are only the ninth-most-popular among users of extremist online forums, according to leaked NSA documents seen by Der Spiegel. The most popular phones in such circles are Nokia devices, with Apple iPhones in third place.

Der Spiegel also said that the NSA has in the past been able to obtain data from targets’ Apple iPhones, although the methods detailed are unlikely to scare most users. The allegations concerned only iOS versions 3 and 4, and Der Spiegel said data was obtained principally by hacking a target’s computer and downloading the backup copy of data such as photos and contacts synchronized with the iPhone. At one time this also allowed the NSA to obtain a log of locations visited by the iPhone in the seven days preceding the last data synchronization, but Apple ceased storing this log as of iOS version 4.3.3, Der Spiegel noted.

BYOD- Security Threats

Many companies today face serious threats due to the increase of smart phone usage by their employees. However, it is not just smart phone usage that creates the problem for employers. The BYOD trend has greatly increased serious security threats for employers as hackers found creative ways to penetrate wireless devices.

In a study conducted by Deloitte, respondents reported that the human element is among the biggest sources of information security risk (Deloitte pp.10). Respondents also identified the human element as the most difficult to control due to lack of their employees’ awareness (Deloitte pp.3). Although advances in technology have transformed our lives offering a higher level of convenience, these same technological advancements have opened up several doors for criminals that are technologically advanced. Even so, the benefits of having the new technologies outweigh the threat that it causes for some people (Deloitte pp.10).

It is essential to the companies using these new technologies that their employees receive the proper training, or that they are sufficiently made aware of the risks that are presented in today’s world with the introduction of such new technologies (Deloitte pp.10). Obviously, a company is not going to do without these new technologies or they will face other threats associated with competing in a cut throat business environment. Therefore, the companies must come up with a solution to control the threats in order to utilize the technology that will either yield a competitive advantage, or at the very least a competitive parody.

Since 70% of the TMT organizations that participated in the above mentioned study rate their employees’ lack of security awareness as an average or high vulnerability, it only makes sense that the companies start with their employees (Deloitte pp.10). Measures should be taken to ensure that employees do not talk about certain aspects of work, respond to phishing emails, let unauthorized individuals into the organization, or sell intellectual property to other companies (Deloitte pp.10).

Mobile devices such as smart phones are very convenient for today’s business environment and allow employees to work from virtually anywhere. However, these same

wireless devices also store sensitive company data. Examples include email, documents, contacts, and the company’s agendas (Deloitte pp.10). Many employees also tend to use these same devices to access their social sites such as Facebook and Twitter. This is where employees can cause several problems for the company by exposing sensitive company data. Using the same device to access social media and manage company affairs is what makes mobile devices the perfect candidate for a security breach by hackers (Deloitte pp.10). These mobile devices serve as another entry point for computer criminals to attack. Another issue with mobile devices is that “they are easily lost or stolen (Deloitte pp.10)”.  A stolen device exposes all of the company data that is on it which can include industry secrets or customer information that is meant to be protected.

The threat can be even worse when employers allow their employees to bring their own devices to work. According to the study, mobile devices are the second largest threat for TMT organizations (Deloitte pp.10). About 52% of organizations have policies that restrict the use of personal devices at the workplace, and 10% of the surveyed organizations do not even address the issue at all, making it very risky for those organizations (Deloitte pp.10).

The problem is was so big in 2012 because of the hundreds of millions of people that are using social media sites such as Facebook (Sophos pp.3). “Attackers have built creative new social engineering attacks based on key user concerns such as widespread skepticism about Facebook’s new Timeline interface, or users’ natural worries about newly posted pictures of themselves (Sophos pp.3)”. These attackers didn’t just revert to Facebook. They are now using Twitter, Pinterest, and other social platforms (Sophos pp.3).

In order to control some of these problems that can be initiated by an organizations employees, employers must put strict restrictions in place. Also, it is important to raise employee awareness through training.  The employees should be trained to understand potential security issues and risks (Deloitte pp.11).

IT and security professionals should also be trained on how to handle any threats that might come along (Deloitte pp.11). According to Deloitte, “the most common certifications for security professionals are CISSP (47%), CISA (36%), and CISM (37%) (Deloitte pp.11) ”. With all these security threats surfacing, it seems that companies would make it a priority to protect them-selves as much as possible through investing in awareness, and strict policy placement. However, only 8% of large organizations seem to be making this a priority (Deloitte pp.11).

Employees can cause some serious damage with one of these technologies. The employee can not only cause monetary damage, but also damage that can hurt the company by letting another company gain a competitive advantage if certain company secrets get leaked to a competitor. Another thing to consider is customer data. If the employee is using a company device and causes a security breach, the company’s data is exposed. If the company data includes customer information, this can cause issues such as customers’ credit or identity being stolen. It could also go in a different direction and allow a competitor to have access to the organizations contacts.

The possibilities are endless. One example of the damage that an employee can cause occurred in South Carolina. The Department of Revenue had a major security breach resulting in 3.6 million social security numbers being accessed by hackers (Trace Security, 2013). This is one of the largest data breaches data we have experienced in the United States and the results are devastating to American taxpayers that are now forced to cover this debt.

Situations like this illustrate exactly why employee awareness is an essential key to an organizations defense against computer criminals. Technology is evolving and we must evolve with it in order to survive. Mistakes like this one could wipe a whole company out. In this situation, we are discussing a government organization and therefore, the cost gets passed onto the tax payer. In other organizations the organization will have to cover the costs. It is better to invest in ways to protect the organization and spend a little bit of money than to be out on a limb later and not have an organization to invest in.

Works Cited

Deloitte. Blurring the Lines. TMT Global Security Study, 2013.

Sophos. New Platforms and Changing Threats. Security Threat Report, 2013.

Adams, T. Social Engineering Attack: Breach in South Carolina Part 1. TraceSecurity.com, 2013. http://blog.tracesecurity.com/2013/02/06/social-engineering-attack-breach-in-south-carolina/.