Tag Archives: 2010

Sophos Security Threat Report 2011



Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.

The report covers the key threats from 2010:

  • Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
  • SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
  • Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
  • Survey scam – in order to complete a questionnaire that typically offers a non-existent but  sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
  • Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
  • Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
  • Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
  • Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
  • Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.

The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.

The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.

Give it a read. Warning – 4MB .pdf download.


So You Got An iPad for Christmas…



If you got an iPad for Christmas, here’s what you did with it over the holidays, according to mobile telco Three.

– You had your iPad unwrapped and working by 10am on Christmas Day.

– You downloaded Maps, Skype, Angry Birds, ebay, YouTube and Sky Sports News apps.

– You visited Google search, iTunes and Facebook the most often, followed by ebay.  Were you selling unwanted presents or looking for the gift you didn’t get?

– While you were out and about and using 3G data, you were using GPS navigation, reading news websites and playing games.  You were also dreaming about your next holiday, surfing travel sites.

– But it wasn’t until Boxing Day that you really got to play with your new toy.

I know this isn’t exactly surprising but I think it captures in a snapshot the essence of consumer technology and activity at the end of 2010. Remember the iPad didn’t exist at Christmas 2009, Angry Birds wasn’t yet the phenomenon it was to become and no doubt 2011 will bring its own crazes and defining technology. It will be interesting to look back at this in a year’s time and see what’s changed.