Hacking and Anonymous surfing

So you told your boss that you bought your Android smartphone so that you could track your business calls, be more effective when traveling for your company, have easy access to Gmail and keep your organization’s Twitter feed current. But we know what’s really going on — you got that smartphone because it was cool and because you wanted to play with all the apps. (And possibly because it wasn’t Apple or AT&T.)

Just for the heck of it, I’ve gathered eight free apps that are just plain fun to use. A couple of them are also actually useful; another two are sort of useful (if you stretch the point a bit); the last four are just there to play with.

The Army is planning to cut its $400 million-a-year email bill by consolidating its email systems and outsourcing the operation. In a draft solicitation request, the Army said it plans to build the entire system on Microsoft Exchange 2010. Lt. Gen Jeffery Sorenson, the Army’s chief information officer who is spearheading the effort, said he’d like to see the entire Defense Department use the system.

It’s a massive undertaking for the Army which supports 950,000 accounts. When a soldier moves from one location to another, he or she currently has to get a new email address, and the old one has to be deleted. And these multiple accounts open many doors for cyber hackers.

Warren Suss, president of Suss Consulting, a federal information technology consulting firm, estimates the Army could cut its $400 million operating bill in half with this new plan.

Microsoft fixed eight flaws in Windows and Office today, but passed on patching one Windows component because it cannot be automatically updated.

The eight bugs patched today were far from the near-record 26 that Microsoft fixed last month when it delivered 13 security updates. Both of today’s bulletins were ranked “important,” the second-highest rating in Microsoft’s four-step severity scoring system, even though the company acknowledged that the eight vulnerabilities could be used to completely compromise a Windows PC.

Although security experts recommended that users deploy the Office fix first, several argued today that the Windows update was more interesting because Microsoft declined to patch one of the two pieces of involved software.

Symantec showed off a new approach to mobile security here at company headquarters during a media event this week. Symantec Mobile Reputation Security (SMRS) is a prototype for what the company calls a next-generation solution to mobile security developed by its research labs.

John Kelly, Symantec’s (NASDAQ: SYMC) senior director of technology and business development, said mobile security requires a unique approach that both preserves open access to applications and provides assurance that those applications are safe to run.

“Symantec believes the future of mobile operating systems is openness and open APIs,” he said. “Today, the applications are pre-vetted by companies like Apple (NASDAQ: AAPL) for the iPhone, but in the future that will change with Android and others.”

There have been recent reports of how a Twitter scam has affected some well known UK politicians, issuing embarrassing Tweets from their personal accounts. Whilst these headlines may seem amusing, Lloyd Borrett, the Marketing Manager at AVG (AU/NZ), says it is worth considering the potential impact of this type of scam on your business reputation.

Reputation is everything in the world of a small business, often taking years to establish. Being targeted by a similar scam can have a detrimental effect on the reputation of your company. In a recent NCSA (National Cyber Security Alliance) study on small business security, 69% of small business owners said they would let their customers know if they suffered a security breach, whilst almost half agreed that their customers are concerned about the IT security of their business.

Microsoft on Tuesday warned that hackers are targeting a freshly-uncovered weakness in some earlier versions of its Internet Explorer (IE) Web browser software.

Microsoft said it is investigating a hole that cyber attackers are taking advantage of in IE 6 and IE 7. “At this time, we are aware of targeted attacks attempting to use this vulnerability,” Microsoft said in an advisory posted along with a routine release of patches for Windows and Office software.

“We will continue to monitor the threat environment and update this advisory if this situation changes.” Hackers could use the flaw to remotely seize control of computers. The new IE 8 Web browser and an old IE 5 version are not affected, according to the US software colossus.

With a view to tackle today’s enterprise security challenges Cisco has evolved a new architecture for enterprise security that will help enable business users to access information from any device and any location with a high degree of ease and security, The Secure Borderless Network architecture focuses on four critical anchors: enterprise end-points (mobile or fixed), the Internet edge, the data centre, and policy that is context- and location-aware.

Tom Gillis, VP and general manager, Security Technology business unit, Cisco says, “The security needs of businesses are changing and becoming more complex, as more employees spend time out of the office accessing the corporate network via their smart phone or laptop. As a result, enterprises need a solution that will not hamper employee productivity, while helping to ensure that the network is not exposed to hackers, malware and other threats. AnyConnect Secure Mobility is the solution that our customers have been demanding, enabling them to strike that balance between providing consistent security and supporting access from individuals using any device to connect to the network from anywhere in the world.”

The Pentagon warned its employees over the weekend of a new threat to its cyber security: e-mails that look like they were sent by the U.S. government but weren’t.

Calling it an attempt at “cyber exploitation,” officials urged Defense Department employees against clicking on links in e-mails from the Office of the Director of National Intelligence with the subject line “DPRK has carried out nuclear missile attack on Japan.” Employees who had been duped by the message were told to cease using their computers and contact the help desk.

“The attacks utilize e-mail messages attempting to fool DoD users into clicking on embedded links and opening e-mail attachments,” reads a cautionary e-mail sent out by a Pentagon IT official to employees of the Office of the Secretary of Defense. “E-mail has historically been a very successful attack mechanism. Studies indicate that a success rate of user compromise is about 70 percent during the initial attack phase.”

Ubisoft has confirmed its rights management servers were hit by a fierce DDoS attack over the weekend that left some customers unable to play its games for much of Sunday.

The attack is an apparent protest at controversial new DRM controls by the video game publisher which mean customers have to be online in order to play its latest PC games such as Assassin’s Creed II and Silent Hunter 5.

The introduction of so-called Online Services Platform technology last month means it’s impossible to play a game without an internet connection or save progress while playing a game if an internet connection is lost, as explained in a interview with Ubisoft by PC Gamer here.

The Government’s security chief has issued a thinly veiled threat to state sponsors of cyber terrorism that the country could only stand by for so long before retaliating.

Lord West of Spithead, the parliamentary under-secretary for security and counter-terrorism, told The Observer yesterday that the UK had been the target for 300 significant attacks on core government networks over the past year, and said such attacks were only like to increase in scope and frequency. He added that many of these daily attacks were clearly the work of foreign states, but the nature of the attacks made it difficult to acquire concrete proof.

“There is no doubt that some state actors have sucked out huge amounts of intellectual copyright, designs to whole aero engines, things that have taken years and years of development,” West said. “The moment you mention a particular state, they will deny it. The problem with cyberspace is that attribution is extremely difficult. It’s almost impossible to do it in terms of evidence that would be necessary in a court of law.”