Print
Email
Print Edition Stories
Sandie Allen
Friday, August 14, 2009
Wave of threats drives security firms into consumer market
By Jackie Noblett
MHT's Rodney Brown: App developers see opportunity in new iPhone
Breaking down the MIT $100K
MHT's Efrain Viscarolasaga: Tech companies may have to wait for stimulus funds
A spate of recent attacks on some of the newest consumer technologies has local IT security firms scrambling to provide consulting and technology that protects computers against new forms of threats.
A growing number of consumers and businesses are storing data and accessing information on a wide variety of web services — from social networking sites to software-as-a-service applications and even applications for smartphones and other mobile devices — and hackers are beginning to target the most popular of those services.
Last week the social networking site Twitter was shut down for several hours after being hit by a so-called “distributed denial-of-service” attack, essentially meaning hundreds of compromised computers were commandeered to overwhelm the website’s servers.
A few weeks before the Twitter attack, several hackers disclosed at the Black Hat IT security conference a hole in Apple Inc.’s iPhone’s text messaging system that could be used to render the device useless.
Kaspersky Lab Inc., which has its U.S. headquarters in Woburn, is launching a new consumer security software suite this month that prevents PCs from accidently downloading viruses, bots or other malicious software from social networking sites. Company officials say the average user is unaware of the risks associated with putting their personal or corporate information on these sites.
“There’s not a lot of money on (attacking) social networks, but the surface area they can attack is huge,” said Dennis Fisher, a security evangelist at Kaspersky Lab. “People are really relying on social networking sites for storing information. I can’t tell you enough how bad of an idea that is.”
Once a computer clicks on or passes by a malicious website or application, the malware contained therein downloads code that not only provides a hole into the user’s personal information but could also allow that computer to be commandeered to attack sites like Twitter or online retailers.
So Kaspersky has revamped its consumer suite to detect whether a particular social network profile or site is likely to be a scam or warn users before they click on a link or download an application, although it declined to provide specific details until its launch on Aug. 18.
Smartphones, which have simplified versions of web browsers, are also prime targets for these types of attacks.
“The smartphone is basically a small computer — if you can install malicious software on it, data can be taken off the phone,” especially sensitive subscriber info, said Richard Lang, a security expert at Sophos Inc.’s Burlington security lab.
While hackers have yet to infiltrate smartphones en masse, despite publicized successes in hacking Symbian and iPhone operating systems, Sophos does provide encryption and other security software to mobile devices to protect against both attacks and the loss of the phone itself.
Yet the dangers of attacks via web applications extends beyond the consumer and into the corporate IT environment, especially as businesses store more client, employee and other sensitive data on third-party servers and web-based services. SystemsExperts Corp., a Sudbury IT security consulting firm, operates a practice specifically to audit and monitor the security of these types of services, and company officials say interest in ensuring that those entities are good stewards of a company’s data is high.
“Function is the leader and security generally lags in technology,” said Jonathan Gossels, president and CEO of SystemExperts. “If I was a brand-name company, I wouldn’t store my data on third-party servers.”
RSS Feeds
Comments
Please Login/Register to post comments.
No comments have been added or approved.