Sunday, July 1, 2012

On Mac and iOS Security, a Twitter Hack Epidemic, and Bindaas Spaces Spam

Here are links to a few articles I wrote recently for Sophos' award-winning blog, Naked Security, that I haven't mentioned yet on the JoshMeister on Security.

After the Sophos article links and descriptions, keep reading for some tidbits about the Bindaas Spaces spam group and more.
  • How secure are Apple's iPhone and iPad from malware, really? (29 June 2012)
    In the five years since the first iPhone was released, there has never been a serious known case of iOS malware on an non-jailbroken device.
    But should users really be congratulating Apple for iOS devices' apparent security?

    I wrote this article in response to a recent tweet from F-Secure's CRO, Mikko Hypponen:

  • Do the Mac App Store and Gatekeeper provide sufficient protection? (21 June 2012)
    Apple is pushing its users more and more to download apps from the Mac App Store. But what happens if the software on the Mac App Store is less secure than non-App Store versions?
    The article mentions (among many other things) that Apple is dragging its feet at approving the recent security update for Opera. The browser has now been outdated in the Mac App Store for over 2 weeks and counting; Apple has yet to approve 11.65.

  • Twitter account hack epidemic - Don't fall for "CNBC" spam! (20 June 2012)
    Throughout the month of June, Twitter accounts have been getting hacked and have subsequently been sending spam that links to fake CNBC news articles. Be cautious about links in direct messages or tweets, even if they're sent from a friend's account!
Bindaas Spaces spam still persists
I just updated my article about the Bindaas Spaces spam group based in India. Yep, they're still in operation after no less than 5 years of sending spam and refusing to let people opt out. Unfortunately, their operation doesn't seem to be big enough to get much attention, so I've been one of very few people trying to bring their activities into the public spotlight.

Here are the Web of Trust reports for the two domains I just added:
The company being advertised calls itself "Abhinav Institute of Technology & Management," and it claims to offer degrees and certificates. However, the site does not say anything about its accreditation status, which implies it is not accredited.

Oddly, the site's only contact information is a Gmail address. There's nothing wrong with Gmail; I strongly recommend it for personal e-mail accounts because its focus on security is unrivaled. However, companies should really have e-mail at their own domain in order to look professional. (If nothing else, they can use Google Apps for Business which gives them all the benefits of Gmail and more, but with their own domain in their e-mail addresses.)

Between engaging in blatant unsolicited spam, lack of accreditation acknowledgement, and unprofessional contact information, this supposedly degree-granting "institute" and its site are devoid of credibility.

How to Preview Shortened URLs: More interesting than LOST, apparently
On a more personal and lighthearted note, I just discovered that my popular article on How to Preview Shortened URLs (which I originally wrote in 2009 and updated again in June) has nearly as many pageviews as my entire LOST blog, which I thought was fairly popular back when the TV show was on the air.

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter or .

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)