sorinmustaca.com – Sorin Mustaca – personal blog. Security software, agile development, scrum, programming and more

When Consumers Go To The Cloud, Businesses Should Watch Out
Companies should take a look at what cloud services their employees are using following last week’s authentication bug at Dropbox

Dropbox encrypts data on the servers, but not to individual accounts, notes Sorin Mustaca, a product manager with security firm Avira. Anyone with admin access to the server can read all of its data. In addition, data on the servers of external services have lesser legal protections, Mustaca says.

“I always advise our users to be very, very careful what they put online because if they put anything online, then the data does not belong to them anymore — it belongs to the cloud,” Mustaca says. “This is the most important lesson that needs to be learned by anybody. If you put it online, you lose control of the data.”

Source: Browser War: What Is It Good For?

“All vendors are trying to implement the latest trends in the industry in order to remain competitive and face the challenges of the online world, and to react to vulnerabilities,” Sorin Mustaca, a data security expert at Avira, told TechNewsWorld.

“For example, two years ago, nobody thought of sandboxing plugins in a different process, and now everybody’s doing it,” Mustaca added. “And almost every week we see some new vulnerabilities discovered which get exploited. Vendors have to react immediately to these threats,” he said.

Browser vendors have to serve two categories of users, Avira’s Mustaca pointed out.

One is home users, who adopt new technologies very fast “because they always want the best, the fastest and the richest Internet experience,” he said. These users are the testers of new technologies.

The other category is corporate users. They have a very slow adoption rate, and will only change their browsers when they change their operating system, Mustaca stated.

“We are seeing right now the effect of this battle to release new versions faster — every week new vulnerabilities are made public,” Avira’s Mustaca said.

“Every bug fix and every new feature potentially introduces other bugs,” Mustaca elaborated. “And if the reaction time from browser vendors is expected to be closer to hours than days, as it was before, the situation can only become worse.”

Five Apple Security Myths — and the Disturbing Truths

Five hard lessons

With that in mind, here are five Apple security myths — and the brutal truth behind each:

Myth: I don’t need antivirus and spam protection because I work on a Mac.

Truth: The Mac OS X operating system is targeted less frequently by malware only because it’s not as widespread as Windows. It’s no more secure than any other operating system, said Sorin Mustaca, data security expert at Germany-based Avira.

As for phishing attacks, said Mustaca, “the biggest problem in this case is not the computer itself, but rather it’s the user.”

Myth: I can’t be infected by any malicious software because I get my applications exclusively from the iTunes App Store.

Truth: “We’ve seen a couple of times already that the App Store is not such a secure fortress as one might have hoped,” said Mustaca. “It is extremely difficult to check every single application that is inserted there.”

Myth: Mac OS X is inherently more secure than Windows.

Truth: Apple’s brand-new products are being hacked almost immediately upon arrival. For example, “jailbreaking” your iPhone is as easy as browsing to a specific website.

“For a while, it was easier to write exploits for Mac OS X systems than it was for Windows, but now they’re relatively equal,” said Core Security technical specialist Dan Crowley. “Bugs seem to be just as easy — if not easier — to find in Mac OS versus Windows.”

Myth: Apple’s Safari browser is more secure than Microsoft’s Internet Explorer.

Truth: Safari had more than twice the number of reported vulnerabilities in 2009 (94) than did Internet Explorer (41), according to Symantec’s Global Internet Security Threat Report.

Myth: iPad users are not susceptible to the same sorts of attacks that Windows users experience.

Truth: According to Anup Ghosh, founder and chief scientist of Fairfax, Va.-based Invincea, Apple released the iOS 3.2.2 software update for the iPad specifically to fix a critical vulnerability in Adobe Reader that can be exploited by malicious PDF files.

So what can you do to make your Apple device more secure? First of all, never open an e-mail attachment you’re not expecting, even if it’s from someone you know.

Always check the URL — the long string of characters that begins with “http” — in your browser address window when surfing the Web, even on an iPhone or iPod Touch. Be very careful about using free Wi-Fi hotspots in coffeeshops, libraries or airports — it’s safer to just use your cellular carrier’s data service.

The source of the article ist the statistics for July, published in the techblog:

“Because of the holiday season, many people started to buy games and spend more time in the social media websites, so the increase in attacking such web sites comes quite naturally,” Sorin Mustaca, manager of international software development at Avira, noted.

http://www.itbusinessedge.com/cm/blogs/poremba/trustworthy-ssl-certificates/?cs=42832

As Sorin Mustaca, manager of international software development at Avira, explained to me:

A Certificate Authority is, by common understanding, an entity having a trust level beyond any doubt. This means that in the case of digital certificates, a CA can generate certificates which are trusted by all parties involved in a communication. Any entity, private or corporate, is allowed to request such a digital certificate, the only proof required is an official identification document. This means that such a certificate can only guarantee that the entity you are communicating with is who she pretends to be. It doesn’t guarantee that the owner of the certificate can be trusted.

http://it-republik.de/php/news/Security-Hinweise-zu-Facebook-Anwendungen-und-mehr-053600.html

Sorin Mustaca von Avira berichtet, dass Googles Chrome in Version 4 durch ‘Extensions’ erweitert werden kann, die von Google in der ‘Extension Gallery’ gesammelt und bereit gestellt werden – ohne ihre Funktionsfähigkeit oder Verhalten zu prüfen, so dass bösartigen Extensions Tür und Tor offen stehen.

and the original article:

http://techblog.avira.com/2010/01/27/google-chrome-4-now-with-extensions/en/

http://www.pcwelt.de/start/sicherheit/firewall/news/2107737/die-haeufigsten-phishing-zielscheiben/

Ursache sei vermutlich, so Sorin Mustaca von Avira im Unternehmens-Blog, das Weihnachtsgeschäft. Viele Internet-Nutzer tätigten ihre Einkäufe online und benutzten Paypal zum Bezahlen. So sei auch die Zahl der Phishing-Angriffe auf Paypal angestiegen. Die Chase Bank liegt auf Platz 2, gefolgt von der Paypal-Mutter eBay. Erst mit deutlichem Abstand zum Spitzentrio folgen American Express und die Bank of America.

and the original:

http://techblog.avira.com/2009/12/19/the-most-phished-brands-of-2009/en/