The IT Security Attaché

Good day to you,

If you are a security vendor that provides solutions for mobile devices I am interested in talking with you about being a part of our MESS in February. Please feel free to contact me directly for further discussion.

Here is more information about the summit.

The Summit will be focusing on the proliferation of mobile devices (laptops, Tablet PCs, Pocket PCs, UMPCs, Smartphone’s, media players, mass storage devices and add-on cards) and the threats they present to the consumers/businesses and the data that resides on them. We will provide the products and solutions that will allow the management and control over these devices through the endpoints.

Live hands on demos will be available. There will be test/demo systems configured and setup to facilitate the effective use of the information and products being presented and demo’d. There will be mobile devices from the industry vendors such as HTC, Palm, Motorola, Google, Samsung and more.

We are all aware of how these devices can be used to steal data/information off the target system unbeknownst to the user.

The Summit will focus on 3 key areas of mobility and security.

1. The Devices – A look at the mobile devices on the market today.

a. Netbooks, Laptops, Tablet PCs, Mini PCs, UPMCs
b. Smartphone’s/Pocket PCs – HTC’s, Motorola’s, HP Smartphone’s, Samsung, Cell phones
c. Apple’s iPhone and Google’s Nexus One
d. Media Players – iPod’s, MP3 players and more
e. Mass Storage Devices (USB Flash drives, Compact and SD cards, mobile phone memory sticks, and more)
f. Wireless capabilities – Infrared, Bluetooth, Wi-Fi, WiMax,
g. The Operating Systems – Windows Mobile, Symbian, Apple, Android

2. The Threats – A look at the threats that affects these devices and how they are targeted and attacked from internal and external sources.

a. Viruses/worms proliferation from devices to network to world.
b. Unauthorized connectivity to and from unscrupulous devices and sources (wired and wireless).
c. The use of these devices for storing critical business data and information.
d. Sharing data and information to and from the device through messaging and wireless connectivity.
e. The availability of over the air messaging and other communications tools and the problems they present.
f. Data loss/Theft of these devices and the business impact it presents.
g. Addressing the myths about over-the-air wiping of the device and why it is not effective today. The device is still a threat if lost.

3. The Protection – How to manage, protect and secure these devices from the threats.

a. How to manage the devices on and off the network.
b. How to protect and secure your endpoints from these unauthorized devices.
c. How to secure the devices against malicious codes (viruses, worms, Trojans, keyloggers, hackers) with viral protection.
d. How to secure the data/information residing on the devices local store and storage cards with data encryption.
e. How to secure the wireless connections of the device.
f. What to do in the event of a device loss or theft – the incident alert/response, damage control and alerting process.
g. How to make the over-the-air wiping feature effective and to mitigate the loss of data if device is lost.

Please feel free to share this request with any vendor that may find it of value.

Thank you and have a great day,

~Brett A. Scudder~

Hi all,

I’m sure this will excite a lot of people and I’m more excited than you are. I just received confirmation that we will be having some copies of Windows 7 to give away thanks to Mr. Doi who has always supported our initiatives and efforts. Thank you very much sir.

More details to come but yes, Windows 7 will be a part of the promotion and we now have to decide on where to add it. Hmm, we’ll see.

This is too exciting.

~Brett A. Scudder~

Microsoft opens Windows Marketplace for Mobile with 246 apps

Posted by Mary Jo Foley @ 1:38 pm | http://blogs.zdnet.com/microsoft/?p=4160&tag=nl.e019

Windows Marketplace for Mobile, Microsoft’s equivalen to the Apple’s iPhone App Store, opened for business officially on October 6 with 246 applications.

Yes, that is nowhere near the more than 85,000 apps in the App Store. But Microsoft officials claimed not to be discouraged by the disparity. At Microsoft’s consumer-focused open-house showcase in New York City today, company officials noted that the company has 753 independent software vendors working on Windows Mobile ports.

Robbie Bach, the President of Microsoft’s Entertainment and Devices Unit, told press and analysts that he was upbeat about Microsoft’s progress.

“Apple had less than 100 applications when it first launched its marketplace,” Bach said. (I did a quick search and found a story claiming that number was actually closer to 500, when Apple launched its store in 2008.)

Bach also claimed it was “kind of goofy” to focus on the absolute numbers of applications in Microsoft’s Windows Mobile store, since the real measure of success is how many of those applications get used.

Bach told press and analysts who attended a private roundtable that there are more than 20,000 applications available for Windows Mobile 6 and 6.1 phones — and even if the applications focused on specific business verticals and IT tasks are subtracted, there are still “tens of thousands” of Windows Mobile apps out there.

The newly launched Windows Marketplace for Mobile currently only works with Windows Mobile 6.5 phones, which launched today. Microsoft officials have said that the Marketplace will also be accessible to Windows Mobile 6 and 6.1 phones before the end of the year. But that doesn’t mean the current crop of Windows Mobile 6 and 6.1 apps get an automatic berth in the Windows Marketplace; they still need to go through the certification and evaluation process.

Windows Live services – other than instant messaging — aren’t are going to be available via the Marketplace. Windows Live Hotmail will be included with all Windows Mobile phones, but the some other Windows Live services will be available preloaded on select phones, since “operators are trying to monetize this space separately,” as Aaron Woodman, Director of Product Management for Windows Mobile told me today. (Note: Corrected my misunderstandings here.)

Microsoft also officially “turned on” the commercial version of its My Phone premium service for Windows Mobile users on October 6. (My Phone is the service formerly codenamed Skybox.) The final version of the service includes several new capabilities that were not part of the beta service. These are:

• Social networking integration: Direct access to Facebook and other social-networking services is available from the My Phone cloud.
• Windows Mobile phones set to vibrate are able to be made to ring (at a high volume) via My Phone to help users locate lost phones.
• Windows Mobile phones may be locked and set to post a message via My Phone. (Example: “MJF’s phone. $50 bucks for its return. Call xxx.”)
• Windows Mobile phones may be located  on a GPS map via the service (in case they are stolen or lost)
• Windows Mobile phones may be wiped of data and reprogrammed remotely via My Phone.

Windows Mobile 6.0, 6.1 or 6.5 users can access these services, which Microsoft considers to be a “premium pack” for free until Nov. 30, 2009. After that date, seven-day access to the premium package will be available for purchase for $4.99.

Mary Jo has covered the tech industry for more than 20 years. Don’t miss a single post. Subscribe via Email or RSS. You can also follow Mary Jo on Twitter.

Got a tip? Send Mary Jo your rants, rumors, tips and tattles. For disclosure on Mary Jo’s industry affiliations, click here or to see Mary Jo’s full profile click here.

Greetings my readers,

I can truly say that after spending the past two days hammering out the features, functionality and usability of the two devices side by side, I am much more confident, comfortable and relaxed with the HTC Touch Pro 2 than my iPhone (which I only have for testing and comparative reasons anyway) as a professional, music connoisseur and just being able to have it manage my day to day activities, planning and scheduling. As a person that lives religiously off his calendar, I must feel comfortable in the device I carry and its ability to keep me on track.

Once Microsoft opens up the app like store I’m sure this will push the usability and functionality levels even higher and I can’t wait. My only fears, and I do mean fear, is that the upcoming Windows Mobile v.6.5 may bring changes to this setup that may not work best for me and so I will be making a backup of my existing setup before upgrading to WinMo v.6.5.

So now I prepare for WinMo v.6.5 and I will complete my full review of the device on the existing WinMo v.6.1Professional and post it shortly. Until then, I’m just all over the touching.

Have a great day,

~Brett A. Scudder~

Good day to you,

I would like to take this opportunity to share some very critical information with the self employed and home based business owners about the state of The IT Security Threats Landscape ~TITSTL~ and how it affects you. This is a discussion I have every day as more and more people in these categories are finding out the real effects and impacts of these threats are not excluding them and that they fall very much into the mix of it. As the economy tightens its grip on our lives, those who are being laid off are turning to home based and self employed business thus sparking an increased growth in this area of business. The SMB space has grown tremendously since his recession and to that end has become a serious security issue for us security professionals as we look across the IT Security Threats Landscape horizon.

Therefore, the reality of the issue must be faced thus bringing the question of, what am I to do about it.

I have published numerous articles on these threats, preventative measures and how to deal with the security issues of today and tomorrow on my blogs but I am going to do this as a summary of those here.

First let me say this, if it requires a security patch (let’s just keep it at security for now), it is vulnerable.

What does this mean?

Simple, any operating system, Microsoft, Mac, Linux, Solaris, you name it, that requires a security patch for any reason is vulnerable. The patch is to prevent exploit of the vulnerability right so it is a security risk.

I had to get that out of the way so that we wouldn’t get into the ridiculous argument of which is more secure than the other. The way I see it is simply that, if a door is left open for anyone to come through it, the length of time left open versus the threat that comes through it is just as critical. So, any open door is a threat no matter where. What comes through it may differentiate the severity. They all have their insecurities at some point but how the vendor/developer addresses it lessens the impact and wide scale visibility of the issue. While some may announce these vulnerabilities and findings, other may patch/update them behind the scenes thus limiting the visibility and knowledge of the user.

Second, anti-virus alone is NOT going to protect you from the threats of today. It takes a multi-layered approach and as such, the various layers of protection must be enforced. So telling yourself that you have anti-virus protection on your PC is being as naïve as saying the threats doesn’t affect me and i’m not worried about them. While it is true that most anti-virus vendors are bundling multiple threat protection/prevention layers into their solutions, the proper configuration becomes the caveat to that solution. While many deploy with an out of the box config, there will be tweaks needed to customize it to your environment and needs. So one must understand what is being deployed and if it will provide the layers of protection needed.

So why is IT Security so serious for me as a self employed or home based business?

Well, ask yourself these questions,

What is it that you do and how do you do it?

Do you use email?

Do you send emails to customers/clients/partners/associates/potential clients?

Do you leverage the powers of social networking/media (Twitter, LinkedIn, MySpace, Facebook, Ning and the list goes on) today?

Do you use IM for personal and/or business use?

Do you browse the internet for data/information on whatever you’re working on or researching?

Do you do online banking or shopping?

Do you download multimedia contents from the web (music, movies, flash videos, etc)?

Do you download online presentations (PDF, PowerPoint)?

Did you know that PDF files presented one of the biggest security risks over the past 2 years but is the most widely distributed online document format?

Do you have a printer or some media player connected to you system(s) at home or in the office?

Do you have any applications running on that system aside from the operating system?

Do you know of the Breach Notification Law in your state and what it means for you?

When was the last time you downloaded a keygens or crack file to open full access to that app or game you really wanted but didn’t want to buy/pay for?

Maybe you didn’t crack/keygen it but someone did and opened a backdoor which planed a rootkit or some nefarious threats on your system(s). What happens when you use that for business purposes, what are you spreading to those you collaborate with?

Well by now i’m sure you’ve caught my drift and I don’t have to get technical for you to see how you’re affected. All these questions pose security risks in various ways and are able to be stopped, prevented and protected if the proper education, awareness and measures are put in place. Don’t ask if you’re affected or if I should be taking these things seriously, you must. You are as much a risk to me as I am to you if the proper steps are not implemented to secure your system and the data/information you have sitting on it about me, you and those you collaborate with.

That system is being used for personal and business use and at some point the access to/from or by a threat is heightened because of the lack of separation of the two. A system that is used by everyone in the home should not be the same used for doing your business. When someone in the home decides to crack that app and opens that backdoor, you’ll never know what can come through it and what your risk factor will be or are. Separate the two, business is business and personal is personal. The cost of a system today is much more affordable than a few years ago so it shouldn’t be a problem to get an extra one.

You are not a small business because you have 5 people working for you. You are not a small business because you only have 5 computers in your office or where you decide to conduct your business. To me as a security professional you are not a small business (home based or in an office) when you have records/information and access to 5000 people. A doctor who has an office with 5 employees and 8 systems managing 4000 patients’ info is not a small business in my eyes. If you’re a consultant running your own business and you manage systems or information for your clients you’re now there biggest risk because it’s your responsibility to control that. Every PC must be secured whether it is connected online or not as you never know if/when it will cross the line. This is how I see security.

When you decide to start doing business today you must consider the role you play with those in which you will be doing business and the kinds of interaction you will have with them. When sending an email from an infected system (whether you did or the resident worm) it is still coming from you and the possible effect on the recipient(s) can be adverse which may lead to legal issues.

When using social network can enhance your presence and what you do significantly, it is also an area of heightened risk both personally and professionally. Know the need and use it accordingly. Social networks are the future of collaboration but one must decide why the need and create the separation. If it’s for personal use one should always remember the impact on themselves as they are now putting themselves out there to the world. If for business, one should decide on how they want to be seen and what they would like the world to know about them and what they do. Social networking is a great thing to have and use, it’s the management and control of that presence that matters. The threats people face on social networks are the same they would face outside of it but just through a different medium. Educate yourself on these things and you will be ok.

As for the Breach Notification Law, most people didn’t even know of such laws about digital contents and its security. I strongly suggest you take a look at the law of your state and understand the legal and financial issues it presents for you. Learn it, know it, and understand it. If in doubt, reach out.

The active Conficker worm should be enough of an eye opener for you and if you don’t know what it is then you may have bigger problems that I thought. Security is not just about you, it’s about your way of life today both on and offline. I am not here to scare you but it is better to know before than after as the damage control, legal and financial issues after the fact is much worse and a very daunting issue.

As for the online scams, phishing and SPAM, it is only going to get worse and until you educate and make yourself more aware of and about them, you may fall victim to them as they are craftier than ever.

Ok so I have chatted enough and now you’re saying this is too much so I will leave a few articles of reference.  Feel free to contact me if you’d like to discuss further and in more details.

The Conficker Worm – my review

A grim day for browser security at hacker contest

State Security Breach Notification Laws as of December 16, 2008 and the Conficker worm

IT Security Education and Awareness 04-09 #1 – IT Security is a people problem, not an industry one

Apple Mac users warned of web-based malware threats RSPlug-F Mac Trojan horse distributed via HDTV website

TITSSN leverages the Twitter network for critical alerting, notification and network happenings (meetings and events) as of April 1st 2009

Security/Privacy Awareness 03-09 #1 – Do you understand the breach notification law is in your country/state, do you know what it means, all are affected.

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Original URL: http://www.theregister.co.uk/2009/03/19/pwn2own_day1/

A grim day for browser security at hacker contest

Safari, IE and Firefox all down for the count

By Dan Goodin in Vancouver

Posted in Anti-Virus, 19th March 2009 06:11 GMT

Free whitepaper – Trend Micro delivers security cloud

Original URL: http://www.theregister.co.uk/2009/03/25/pwn2own_ie_exploit/

Microsoft 24 hours late with IE8 pwn protection

What a difference a DEP makes

By Dan Goodin in San Francisco

Posted in Security, 25th March 2009 00:32 GMT

Free whitepaper – Trend Micro delivers security cloud