SEARCH CLINIC

German security statement warns iPhone and iPad users to visit only trustworthy websites and avoid PDFs until Apple releases fix.
Several Apple devices including the iPhone and iPad have two critical security weaknesses for which no patch exists, the German government warned yesterday.

Users of Apple mobile devices should only use websites they deem trustworthy and refrain from opening PDF files until Apple releases a fix, Germany’s federal office for information security said.

“This allows potential attackers access to the complete system, including administrator rights,” the statement warned. “It has to be expected that hackers will soon use the weak spots for attacks.”

Apple said it is investigating reports of vulnerabilities affecting the iPad, iPod Touch and iPhone.

The potential security flaw concerns the mobile internet browser Safari, and the way it opens PDF files in Apple’s iOS software. The vulnerability arose over the weekend when US-based hackers launched JailbreakMe, a browser-based service that can unlock Apple devices from restrictions imposed by the manufacturer.

Early reports suggest this system – last week ruled legal in the US, despite opposition from Apple – exploits the same shortcomings highlighted by the German government. The launch of JailbreakMe brought extensive attention to the vulnerability which security experts warn could be exploited for crime.

The warning relates to iPhones using iOS versions 3.1.2-4.0.1, iPads using iOS 3.2-3.2.1 and the iPod Touch using iOS 3.1.2-4.0, though the German federal office said older versions of the mobile operating system could possibly be affected.

A network of thousands of compromised computers that is being used to gain online banking details has been uncovered in the UK.Cyber criminals in Eastern Europe, who have control of the machines, are collecting personal data from the PCs. This includes login details for online banks, credit and debit card numbers and other passwords.

“The fraudsters are very familiar with UK banking systems,” said Amit Klein, chief technology officer at Trusteer, the firm which uncovered the network.

Mr Klein said that he had contacted the Metropolitan Police central e-crime unit to alert it to the scam, as well as affected banks.

“We’re aware of an allegation,” said a spokesperson for the Metropolitan Police. “We are working with UK Payments and Trusteer and inquiries are under way.”

A spokesperson for UK Payments, which tackles financial fraud, said attacks like this had “become the norm”.

“100,000 computers being targeted by a trojan does not necessarily mean that 100,000 UK customers will have had their details successfully used by the fraudster.

“In the highly unlikely event that any one of the 23 million UK customers who bank online is an innocent victim as a result of this attack they can expect to get their money back.”

The 100,000 Windows machines have been infected with a trojan known as Zeus, said Mr Klein.

There are currently hundreds of networks of computers infected with Zeus. However, Mr Klein said this one was unusual because it used a new variant of the malware and also predominantly targeted people in the UK.

Researchers at Trusteer were able to identify the geographical location of victims, he said, after they gained access to the command and control centre of the network.

“One of the nice features of that is that it provides you with stats regarding operating systems and the geographical information of the bots. We actually used the fraudsters’ own data to assess the botnet and determine that it actually targets the UK.”

The dashboard also allowed the firm to identify which banks had been targeted, but Mr Klein declined to name them.

He said victims’ computers had probably become infected by clicking on a link in a spam message or by visiting an infected website.

“When you initiate a transaction, they may change the destination and the amount of money that you wire,” he said. “Rather than sending £100 to your aunt, you may find that your account balance is sent to Ukraine.”

Mr Klein said that the scam was difficult to spot, but that people should be suspicious if there was any change in their bank’s login procedures or they were prompted to resubmit password and other details.

Mr Klein said it was likely that the criminals had targeted the UK because it had a developed banking sector.

More than two thirds of people have abandoned shopping because it was taking too long to be served, a survey by a bank has found.
Barclays found 68% of people, in a survey of 2,000, had abandoned a queue at one time or another.

The places most likely to upset their customers were supermarkets and stores selling food, drink or clothes.

The main dislikes included not enough staff at the till, followed by staff taking too long chatting to customers.

Shoppers taking too long to find their cash, cards or cheque books was also an irritation, and Barclays argues “contactless” payment technology would speed things up.

“By embracing technology and installing new payments systems, such as contactless, retailers will stay ahead of the curve and limit the amount of time that people are waiting in shop queues,” said Stuart Neal at Barclaycard.

The survey revealed that long queues had also put off most people entering shops or stores, with 29% of those surveyed saying this happens to them at least once a week.

Barclays claims that a third of retailers actually move their tills to hide the queues.

Businesses need to understand that this is a lousy way of influencing how we feel about the visit to their store.

In a way it’s good to learn that it was only physical businesses that were covered by this survey- but how confident are you that your online offering is any better?

In a physical shop you can easily see people dropping your products and walking out of the door empty handed.

But when did you last look at your website stats to see how many people have left your shopping cart and product pages? And what did you actually do about it?

It’s expensive to do nothing. Just cringing behind anonymity isn’t enough.

For help building your online business- please just ask the Search Clinic now!

The Saudi and UAE BlackBerry ban goes to the heart of how the mobile phone market has evolved.
The decision of Saudi Arabia and the United Arab Emirates to ban BlackBerry email, messenger and web browsing services goes to the heart of the way in which the handheld devices operate – itself a consequence of the way that the mobile market has developed.

When the first BlackBerry appeared, over a decade ago, mobile phone networks were far more basic than they are today. The most innovative service the majority of users had seen since mobile devices first appeared in the 1980s was the introduction of text messaging.

In the US, many mobile users were still making calls on analogue networks, while in Europe the new digital operators were only just introducing data services.

But the sorts of speeds possible over networks such as Orange and Cellnet in the UK were pitiful. Speeds of 9.6Kb per second – less than 1% of the average speed available in the UK today– meant the networks had to resort to offering a pared-down version of the internet using WAP (Wireless Application Protocol) technology.

Using a mobile phone to receive email, let alone access the “real” internet was almost unheard of.

By the mid-1990s, Canada’s Research In Motion (RIM) was already working with partners on a messaging device that would work on a new wireless data network, which its owners hoped would be rolled out across Europe and the US.

As a result, RIM switched to working with the existing mobile phone companies, but to squeeze emails across their networks meant using compression technology.

RIM also needed to be able to persuade jittery corporate IT departments their emails would be safe, which required encryption technology.

To create such a lean and secure service required an end-to-end solution, with both the device, the BlackBerry, and the server hosting the user’s email being able to understand each other. However, RIM wanted to be able to offer its devices on any mobile phone network.

As a result, it created the Network Operations Centre (NOC), which seems to have created such a headache in the Gulf.

Every mobile phone operator that wants to offer BlackBerry devices has to have a connection to a Noc: – there is one based in Canada to cover the Americas and one covering Europe and Asia. A company that wants to offer BlackBerrys to its employees, meanwhile, has to install software within its own IT systems that can communicate with the Noc.

When a user’s inbox receives a new email, that software securely communicates with the Noc, which then connects securely to the BlackBerry over a mobile phone network to deliver the email. It uses compression technology to make sure the email can be squeezed over even the most congested network.

Numerous research reports over the past year have suggested that BlackBerrys are at least five times more efficient at email and attachment viewing than any other platform.

RIM has since opened its network up to consumer email services such as Gmail and Hotmail, which together with the introduction of a range of stylish devices aimed at the consumer market has created a boom in usage of BlackBerry phones among teenagers.

Opening up the RIM network to the web has also allowed internet browsing, which is also faster on a BlackBerry than other devices. They are three times more efficient than other carriers, according to a recent research.

But there is another side-effect to the way that RIM’s network architecture is configured and it has been seized upon by cash-strapped teenagers: BlackBerry Messenger.

Because RIM knows every BlackBerry device in use, regardless of which network it is on, and they are all directly connected to its Nocs, BlackBerry users who have devices with the right software can communicate with each other without incurring the network interconnection and roaming charges associated with text messages.

Text messages and telephone calls, meanwhile, are routed solely over a mobile phone network, so neither will be affected by the UAE’s decision. That also explains why when there is a problem with RIM’s network – which has happened in the past – BlackBerry users can still make calls.

When the first BlackBerry appeared in the late 1990s it was effectively a two way pager.

BlackBerrys have fallen foul of two Gulf states after Saudi Arabia and the United Arab Emirates have announced bans on some functions of the mobile phone amid national security claims.
Users of the BlackBerry in the UAE, which is owned by Research in Motion (RIM), will be barred from accessing email, web browsing and instant messaging from October this year.

The move, expected to affect half a million users, comes after the government last week said certain BlackBerry applications allowed people to “misuse” the service.

Meanwhile, Saudi Arabia said it would bar the use of the BlackBerry instant messaging service. Both countries are understood to be concerned that they are unable to keep tabs on instant messaging.

The UAE’s regulator complained BlackBerry users’ data, which is automatically sent to overseas servers, was “managed by a foreign, commercial organisation”.

The current set-up allows users to behave “without any legal accountability, causing judicial, social and national security concerns”, the Telecommunications Regulatory Authority said.

Activists said the reality was that the BlackBerry system made it more difficult for conservative countries, which actively censors websites, to monitor what users were saying. Reporters Without Borders has accused the UAE government as viewing BlackBerry services, “especially its instant messaging, as an obstacle to its goal of reinforcing censorship”.

Abdulrahman Mazi, a board member of state-controlled Saudi Telecom, said the ban was intended to encouraged RIM to release data from users’ communications “when needed”.