Can the Cloud Shield Google Wallet From Pickpockets?
Google has redesigned its Wallet mobile payment system with an eye on security. Instead of stashing credit card info on the phone itself, the user's digits are stored in the cloud. That way, if a phone is lost or stolen, it's easier to protect the user's payment information.
Some folks' answer to wallet security is chaining it to their belts. Google's is to chain it to the cloud.
The Search Giant added some security features to its Google Wallet product last week intended to make it safer for consumers to use. For example, credit card information no longer resides in the Google Wallet mobile app. Its new home is in the cloud, in a Google online wallet.
What lives in the mobile app is a wallet ID. When a purchase is made from the wallet, the ID travels to Google's online servers, which finish the transaction with the credit card information stored in the mobile walllet's online counterpart.
That can make the phone more secure, according to Robin Dua, head of product management for Google Wallet. "There doesn't need to be connectivity between the phone and the cellular network in order to stop transactions from taking place," he told TechNewsWorld.
If a phone is lost or stolen, the owner of the phone can go online and put a block on all transactions from the phone, he explained.
What's more, he added, "When connectivity comes back to that phone, the wallet application will be reset and any information stored on the device related to the application would be deleted."
The new security features make the wallet a lot safer, according to McAfee Labs mobile security researcher Jimmy Shah. "They make the wallet much less of a useful target for an attacker," he told TechNewsWorld.
Big Data Meets Big Threats
Malware threats have been growing at an astounding rate in recent times. For example, Trend Micro notes that in 2008, it found about 1 million malware samples. In the first eight months of this year alone, it's tracking 30 million unique threats.
With that in mind, the company will be announcing this week an expansion of its Smart Protection Network. The cloud-based network, which is used by the company's consumer and and business products, is designed to nip security threats in cyberspace before they reach their intended targets.
The new version of the security scheme will enlarge its advanced big-data analytic capabilities that can identify new security threats across a broad range of data sources to stop threats in their tracks.
"We have the largest big-data analytics threat intelligence network in the world," Trend Micro Vice President for Cybersecurity Tom Kellermann boasted to TechNewsWorld.
"We've essentially sent the brain of Trend Micro to get its doctorate in cyber self-defense," he explained. "That's what we're achieving with this big data analytics framework and the actionable, global threat intelligence it provides all of our users."
How big is the "big data" Kelllermann is talking about? Trend Micro estimates that it identifies and blocks more than 200 million threats a day, or more than 2,300 threats a second.
Free Attack Surface Tool Released
Microsoft released version 1.0 of its Attack Surface Analyzer last week. The tool is designed to help developers understand how installation of an application can change the attack surface of Windows.
A number of improvements have been made in the tool, which is available as a free download from Microsoft. False positives have been reduced, for instance, and the tool's Graphic User Interface performs better.
While some security tools use signatures and known vulnerabilities for their attack surface analyses, Microsoft's tool looks for classes of weaknesses when application are installed. It also identifies in its reports changes made to a system that could effect its security profile. Those changes include alterations to files, registry keys, services, ActiveX controls, listening ports and other things affecting a system's attack surface.
Developers should find the software a handy tool for making systems that use their products more secure.
- July 28: Petco informed employees that five laptops containing personal information about them were stolen from the offices of the auditors of the company's 401(K) plan. Information included names and Social Security numbers. The number of affected employees was not released by Petco.
- July 29: Korean police arrested two men for allegedly stealing and selling to telemarketers the personal information of 8.7 million customers of KT, a wireless phone carrier. Information included the name, mobile phone number, membership number, personal identification number and mobile phone serial number of each subscriber.
- July 31: Dropbox reported that a compromised account of one of its employees was used to mount a spam campaign against some of its users. A document with user email addresses in it was stolen from the account and used as a mailing list by the spammers.
- July 31: Oregon Health & Science University Hospital began notifying patients that a USB drive containing information for more than 14,000 patients was stolen. None of the information on the drive is the kind used for identity theft, the university said. It added that nearly all the data was password protected and all of it was in a format for software not commonly found on personal computers.
- Aug. 2: LinkedIn reported it spent from US$500,000 to $1 million on computer forensics following a breach of its systems in June that exposed on a Russian hacker site the hashed passwords of 6.5 million of its members. It added that it expects to spend another $2 million to $3 million to beef up its security this year.
- Aug. 2: A New Hampshire man filed a lawsuit in a California court against Yahoo for failing to adequately protect his personal information during a data breach of the company's systems in July that resulted in the posting to the Internet information of 450,000 user accounts. The man did not disclose the damage settlement he is seeking from Yahoo.
- Aug. 2: The U.S. Environmental Protection Agency acknowledged that a data breach has exposed the Social Security and banking information of almost 8,000 people, most of them current employees.
- Aug. 16: Call for speakers closes for RSA Conference 2013 in San Francisco.
- Aug. 20-23: Gartner Catalyst Conference. San Diego, Calif. Standard price: $2,295.
- Aug. 23: Washington D.C. Tech-Security Conference. L'Enfant Plaza Hotel, 480 L'Enfant Plaza SW, Washington, D.C.
- Oct. 9-11: Crypto Commons. Hilton London Metropole, UK. Early bird price (by Aug. 10): Pounds 800, plus VAT. Discount registration (by Sept. 12): Pounds 900. Standard registration: Pounds 1,025.
- Oct. 16-18: ACM Conference on Computer and Communications Security. Sheraton Raleigh Hotel, Raleigh, N.C.
- Oct. 25-31 Hacker Halted Conference 2012. Miami, Fla. Sponsored by EC-Council. Registration: $2,799-$3,599.