Tag Archives: Tony Anscombe

AVG

AVG kicks off National Cyber Security Awareness Month with updated product suite

Leave a comment

I am delighted that that we have released our updated Protection and Performance products and suites – consciously timed with the inauguration of National Cyber Security Awareness Month.

Introduced in the US by President Obama, National Cyber Security Awareness Month was conceived to raise awareness and education about cybersecurity, and help citizens protect the nation in the event of a cyber-incident. Throughout October, companies and organizations will be holding conversations, hosting events and taking part in Summits as they look to educate us to “Stop. Think. Connect”.

AVG fully supports this initiative, and is involved in a number of similar, designated days and months throughout the year, such as European Cyber Security Month, which aim to further security education. As we increasingly live our lives online, and the everyday devices in our homes become connected, cybersecurity has rapidly become a personal issue as well as a one of global importance. Most of us now own multiple devices and use apps for everything we do; but our growing dependency on technology, while simple to use, they bring high levels of complexity; and all too often, security and privacy become an afterthought. One of AVG’s goals is to take the complexity of your everyday, online environment and simplify it, making it as easy as possible for you to secure and manage you and your families’ digital lives and keep them protected.

The digital landscape is always evolving, and so too, must the products you use to protect yourself. The latest release of AVG’s protection products and suites are now auto-updated on a continual basis, so users will always have the latest features and capabilities without any required action on their part, removing the need for you to accept or search for an upgrades.

The new release adds significant protection capabilities, including Real-Time Cloud Detection, AI Detection and Improved Malware Detection, are also focused on real-time protection – ensuring customers are always secured against the latest threats.

These product releases continue to underscore our leadership in online security and commitment to protecting devices, data and people, at home and at work – in the August test results from AV-Test, AVG Internet Security scored 100% for both real-time and wide spread malware detection. Make sure to check back here on our blog, AVG Now, throughout the month, to hear more product and service news, and to read some of our top cybersecurity tips.

You can find out more about the latest AVG Performance and Protection products here: http://now.avg.com/avg-new-protection-performance-press-kit/

AVG

Apple finds apps infected with malicious code – XcodeGhost

Leave a comment

You’ve probably heard the news: Potentially millions of Apple iPhone and iPad users may be at risk after the first-ever major Apple hack — a breach made possible by fake developer tools used to create iOS apps that made their way onto the Apple App Store.

Developers in China sought to reduce software download times by downloading a copy of the Xcode developer tools hosted on a Chinese server instead of the official version available from Apple. Unknown to developers, this counterfeit version of Xcode automatically embedded some malware, called ‘XcodeGhost’, into their apps. According to Apple this may have led to a number of infected iOS apps leaking, “some general information such as the apps and general system information.”

Apple, which prides itself as one of the most secure OS platforms in the world, quickly responded and apparently removed over 300 pieces of malware-infected software from the App Store. It also simultaneously began working with developers to make sure they were using the correct version of Xcode, and not the fake developer code used to create the infected apps.

The full list of affected apps has not yet been disclosed, but Apple has published a list of the most popular currently-known impacted apps.

Ironically, the Apple hack occurred just as Chinese leader President Xi Jinping was arriving in the U.S. to attend a summit with President Barack Obama to discuss concerns about China’s slowing economy and cooperation on cyber security; as well as meet with top tech firms including Apple.

If you feel you’re at risk of having downloaded any infected apps, here are some things you can do:

  • Check the Apple breach list for the known infected apps and delete any of the iOS apps noted above.
  • Be on the look out of prompts asking for your name, password or other information, such as your social security number or other sensitive information from a source you cannot verify.
  • Change your passwords, including your Apple account password.
  • Make sure your apps are up to date.

AVG

Will your kids ever have privacy?

Leave a comment

A study carried out by the Global Privacy Enforcement Network (GPEN), involved over 29 privacy enforcement authorities in 21 countries. It found that only a third of websites had effective control of the information collected on our kids.

Understanding what happens to the personal information of your children needs to be high on the agenda of all parents. I’m not sure it’s understood due to the covert way that the data is being collected. Have you ever tried reading the privacy policy that accompanies websites and apps? if you haven’t then I am fairly certain your kids haven’t.

Imagine someone knocking on your door and asking for your child’s email address and access to their friends contact details. You would be shocked at the audacity of the request and send them away with nothing. When our kids go online or use apps, this very information is being given up without thought about what happens to it.

When something is free, such as an app or web service, it’s not because the company developing it is just being nice. Companies need to make money so that they can fund innovation that will keep us functional and entertained. One of the ways they can do that is by using our data. As consumers, especially when it’s our kids, we need to understand the trade off between free and acceptable data collection and use.

In a recent BBC article about the GPEN findings, Mr Adam Stevens, head of the UK’s Information Commissioner’s Office, said: “The most common concern domestically was a lack of information being provided about how their information would be used.”

The study identified concerns with 41% of the websites examined and that a minority of sites had an accessible way to allow families to delete data.

It’s important that we engage with our kids and teach them the value of their data. They need to understand how apps and services they’re accessing are using their personal data, and we need to guide them on what is acceptable usage.

Data breaches are now common place, and with vast amounts of personal data being collected and stored the consequences for our kids could be significant.

While I would not encourage kids to tell untruths, I might encourage them to have a modified set of data for use online, for example: their place of birth could be anywhere and the day of their birth does not need to be the real one, however their year and month of birth should not differ from reality as the reputable websites and apps deliver content that is age appropriate.

I personally have multiple email addresses: one for my serious stuff like banking and family communication, and an account that I can burn if it becomes compromised or I start getting too much spam. While this maybe a complicated thing for our kids to do, the principal behind this is something worth educating kids about.

Follow me on Twitter @TonyatAVG

AVG

Thomson data breach exposes passenger details

Leave a comment

Thomson, a UK based holiday company, apologized to their customers this weekend about a small but rather significant data breach. This comes on the back of much larger breaches such Ashley Madison in the US within the last few weeks.

My attention was grabbed by the depth of what data was breached and also the method in which it was distributed, rather than the quantity of what was mistakenly disclosed. Just 458 people have been effected, all of them UK based.

In a statement, Thomson apologized and said “We are aware of an email that was sent in error, which shared a small number of customers’ information. The error was identified very quickly and the email was recalled, which was successful in a significant number of cases”.

The interesting element to this story is that regardless of the perimeter security that Thomson has in place to avert hackers and cybercriminals, a simple human error of attaching data to an email has caused concern for a number of customers.

The data included in the breach includes: name, home address, telephone number, flight dates, email address and the outstanding balance due. The data was shared with all the people on the list itself, so 458 people have the data.

There are technologies available that allow companies to limit the data that is sent out in emails or other communications. These are termed ‘data leakage prevention’ technologies and I am sure that the Thomson IT team will be evaluating a solution of this type.

In the BBC article that covered this breach the people effected are talking about cancelling holidays and are of course worried about being burgled.

What advice can be offered in this instance? An obvious one is to change the dates of your holiday and insist that Thomson cover the costs. In reality though many people have probably scheduled time off work, and its not easy to change plans. I think if this happened to me, the option I would take is to have someone house sit for me while I am away.

Follow me on Twitter @TonyatAVG

AVG

Ashley Madison hack – the importance of securing your personal data

Leave a comment

I have just read the informative blog written by my colleague Michael McKinnon, detailing the extent of the data breach that AshleyMadison.com suffered earlier this month.

As with all data breaches, the first thing people ask themselves is, “does it affect me and what precautions can I take?”  When a large amount of data is stolen that includes personal details such as credit card numbers and date of birth, you can take measures now to minimize the risk of your data being misused in the future.

What can we do to protect ourselves after a data breach?

  • Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
  • Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  • Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
  • Avoid using the same email address or profile name across multiple online accounts. For example, have a primary email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
  • Set privacy settings.  Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
  • Check electronic statements and correspondence.  Receipts for transactions that you don’t recognize could show up in your mail.
  • Use strong passwords and two-factor authentication: See my previous blog post on how to create complex passwords that are easy to remember.
  • Have updated security software.  Updated antivirus software will block access to many phishing sites that ask for your personal data.

Lastly, you may want to consider enlisting an identity monitoring service.  Commercial companies that have been breached often offer this reactively to the victims but understanding where or if your identity is being abused in real-time will give you the ability to manage issues as they happen.

Follow me on Twitter @TonyatAVG

AVG

Parents, have you signed a school digital policy?

Leave a comment

When your child starts school in the next few weeks, they may be taking a laptop, tablet or phone to school so that they can access work and content to assist with their education. As parents, we assume that our kids will behave responsibly and obey school rules for online activity.

Most parents have had to sign a school digital policy, detailing exactly what “acceptable behavior” looks like, but how many of us really read the ‘acceptable usage policy’ before we signed it?

I recently had a conversation like this with a colleague here at AVG. They stated that they had signed no such policy and had no clue what I was talking about. Sure enough, a few days later they confirmed that they had signed it and did not read or know it even existed. We assume that all the signatures are for things we fully understand; after all, we went to school, how different can it be?

 

Check the school policy

Take a look at the policy from Virginia Minnesota Public Schools, in section XI – C, it states ’must be read and signed by the user, the parent or guardian, and the supervising teacher’. I bet the majority of parents signing this never read it and probably don’t even remember signing it.

It’s important that when we send our kids to school with gadgets, that we respect the school rules on devices and usage. My own son went to a school in the Bay Area that even stipulated a minimum specification for the machine, processor, memory etc.

 

Purchasing a device

As a basic principal, I think its accepted that laptops are productivity devices and tablets are content consumption devices. This is of course changing, as more tablets appear with keyboards and are becoming a hybrid of the two.

When we purchased my son’s laptop, I made sure it was robust ( in fact it has a metal case rather than plastic!) and on advice of the AVG IT department I purchased accidental breakage insurance for the laptop. Sure enough, they were right and we are already on the second one!

The school my son attends has strict rules on laptop use. A teacher needs to give permission for devices to be used in a classroom and there are penalties for use without permission. I like this structure. I watch my son doing homework and gone are the days when the homework needs to be carried back to school. Electronic delivery straight back to the teacher and a log system that shows submission dates and overdue work makes school life very different from my school days.

 

If in doubt, check

What I am keen to learn about is how school policies stand up to wearable devices. For example, take a smartwatch that allows texting, reading emails and some basic app functionality. Can a child wear this in class and look at their watch during a lesson? I think this makes policing device use challenging for educators as technology moves to devices that are less obvious and wearable by the user.

Be sure that when running to the shop to get your kids new devices this summer that you connect with the school and ensure what you are buying fits with both their recommendation and also that you understand the usage policy and can re-enforce this with your kids.

AVG

A text message with a lot more than just abbreviations and emojis!

Leave a comment

A blog released this week by Cybersecurity firm Zimperium details how Android phones can be infected when receiving an MMS (multimedia messaging service), giving hackers complete control of your phone. The report estimates that the security vulnerability is present in 950 million devices.

All the hacker needs for the attack is your phone number, and they can send you the message. In some cases the clever attackers have the message delete itself after delivery. The phone needs to be running Android 2.2 or later for it to be effected, that’s the majority of phones.

MMS Messages sent to Android phones that use the default messenger app use a piece of software called Stagefright that processes the messages.  It is this component that potentially vulnerable to attack.

The real danger in the attack is that it requires no user intervention or action and can be installed completely without the victim’s knowledge.

Zimperium are a responsible company and not only alerted Google to the issue but also provided them with the necessary code to resolve the issue, and Google being responsible as well patched the software quickly, within 48hrs.

The big question is how do you get the fix and what is required? Generally this is dependent on your handset provider building the fix into their Android software and then pushing the fix to you. Typically, new software updates are not pushed to devices older then 18 months, this is of course due to the way we, as consumers, churn our mobile phones and always want a new one.

Disabling Auto-Retrieve

Alternatively, you can reduce the risk by switching off the ‘auto-retreive’ option in the Android MMS service, this would then mean that any MMS destined for your phone would need to be accepted by you. I have just taken these preventive steps on my Nexus 6 as follow:

  • Open the messenger app
  • From the menu (top right corner) take the option for ‘Settings’
  • Then select ‘Advanced’
  • You can then change the ‘auto-retrieve’ option to off
Auto-retrieve

If you are running Google Hangouts as the default way to receive MMS messages then switching back to the standard messenger and switching the auto-retrieve option off will help mitigate the risk.

There are other vendors who also use the Stagefright code, some of whom have responded quickly and already released and delivered the fix to their users, they include Mozilla, Silent Circles Blackphone and CyanogenMod.

The research paper detailing the exact details of the vulnerability is due to be delivered at the Black Hat conference in Las Vegas next week. Every year around this time hacker’s use the conference to publish major issues found in our everyday devices. Just last week Charlie Miller published a report on taking control of a Chrysler Jeep.

I wonder what devices are next on the list and isn’t it worrying that they wait for Black Hat to publish the details rather than raise the concern when they actually find it.

Follow me on Twitter @TonyatAVG

 

 

AVG

Just how safe are connected cars?

Leave a comment

Last week, Wired published an article ‘Hackers remotely kill a Jeep on the highway – with me in it’ detailing the actions of two well know hackers Charlie Miller and Chris Valasek. In the words of the journalist, Andy Greenberg, he agreed to be their ‘digital crash-test dummy’.

The hackers managed to remotely control many important functions of the Jeep, including braking, transmission and accelerator. They also controlled the wipers, air-con and radio, but the threat is very different when someone can control the driving and safety features of the vehicle.

Miller and Valasek proved in 2013 that they could hack a car, at that time a Ford Escape and Toyota Prius, but at that time they demonstrated it from the back seat and they needed to be physically connected in the car.

This latest demonstration of their skills show that in this instance they could control the vehicle remotely, which is of course a very different risk.

This story has so many similarities to the recent stories about the ability to hack an aircraft and control it. Experts in avionics were quick to disclose that only in a few aircraft have the infotainment systems connected to the control of the aircraft and in all cases the pilot has a manual control button in the cockpit to take control and fly without the reliance on technology in this way.

While similar stories they are two very separate industries, the automotive industry regulators would appear to be in catch up mode as opposed to setting definitive standards for the industry to follow in advance of deployment in the field.

My other concern raised by this and previous stories about car vulnerabilities is the method of deployment of the fix. There is a software update available for the Jeep, it can be downloaded and loaded through a USB stick. While this sounds simple it should not be left to the consumer to perform updates of this importance, if there was a manufacturing fault in the breaks of a car they would be recalled and a trained mechanic would repair them. While the dealer may load the software for you its my opinion that when a major vulnerability like this is found the car companies should be made to do a full recall and take responsibility.

I wonder how many car drivers of connected cars have the latest software loaded in the cars today? I suspect that many BMW drivers that were subject to the ‘unlock’ hack earlier this years are still driving around in a vulnerable car.

There is light on the horizon as US and UK Government departments that control standards in this area are both reportedly writing new guidance. I am sure that in the next few months they will be published but of course implementation in manufacturing takes time and the risk grows with every new ‘connected’ car that rolls off the production line.

 

AVG

AV-Comparatives describes AVG AntiVirus for Mac® as ‘flawless’

Leave a comment

While this makes us at AVG proud it’s the commentary that the editor uses to describe our Mac product that really pleases us. “AVG AntiVirus is a simple, easy to use antivirus program for Mac, with all the essential features. Its detection of Mac malware was perfect”.

In fact the test results state that not only did the AVG product score 100% in the detection of Mac malware but it also scored 100% in Windows Malware Detection. We at AVG believe that you should feel protected across all of your devices, so we work hard to block the bad stuff regardless of which operating system you prefer.

Our Mac product is simple and easy to use, with features to scan the ‘Entire Mac’, ‘File Scanner’ and ‘Real-Time Protection’ it could not be easier to keep your Mac secure.

If you are one of those Mac users sitting there without protection then you need to think about the assets and information that you have on your machine. While there are limited examples of malware for the Mac platform it could be devastating if it infects your machine.

Imagine taking the view that you have never seen someone you don’t know try opening the front door of your house, so you leave it unlocked. On the day that the chance burglar does try the door and its unlocked then the burglary is likely to be very bad as there is nothing stopping them from emptying your entire house.

Loading the AVG Antivirus product on you Mac, just like locking your door, is a preventative measure that all Mac users should take to stay safe. And what makes this even more compelling is that it’s completely free.

Download AVG AntiVirus for Mac from here.

You can follow me on Twitter @TonyatAVG and find my Google+ profile here.

AVG

Three reasons to be happy that Apple Pay has arrived in the UK

Leave a comment

I’ve long been a fan of Apple Pay and the fact that it is finally available in my homeland, the UK, is a good thing.

While most Americans are still using credit card magstripes to make payments, a few early adopters have been using Apple Pay since it was released around a year ago in the US. I am one of them, and I have to admit I’m impressed.

First and most obviously, there’s the convenience of being able to make small purchases quickly and easily using just my phone. No more digging around for my wallet or cash but a quick bleep and I’m done.

Next is the security. Paying with Apple Pay isn’t just convenient but secure as well. When you hover over the contactless payment point, you use the Touch ID to authenticate the transaction, making it much more secure than the contactless credit and debit cards already in use in the UK which have no authentication at all and can be used by anyone for small purchases.

Touch ID

 

Apple Pay also helps protect your privacy thanks to Apple’s Unique Device Account Number. A system specifically designed for Apple Pay, using a Unique Device Account Number means that Apple never needs to transmit or share your actual card or banking details with the merchant. This adds a significant layer of protection for your payment data.

 

Apple Pay Diagram

Image source

 

For more information on how mobile payments work check out this blog from my colleague Judith Bitterli and these three trends from Charlie Sanchez.

In You can follow me on Twitter @TonyatAVG and find my Google+ profile here.