Mobile Worker Population Continues Boom, Cherry on Top for Ice Cream Sandwich Android</h1> <article> <h1>Mobile Worker Population Continues Boom, Cherry on Top for Ice Cream Sandwich Android</h1> <p>Stephanie Jordan — Thu, 09 Feb 2012 02:54:28 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-worker-population-continues-boom-cherry-top-ice-cream-sandwic" data-lang="en">Tweet</a></div><p>For those with Android 4.0, this week’s Chrome beta release is exciting and for some long awaited. Anticipated since 2008, Google is offering the latest browser direct from the Android Market, alleviating users from the wait for an operating system upgrade from handset makers.</p> <p>The Chrome for Android beta is based on Chrome 16.0.915.75. Unfortunately for some this version is only for devices running Ice Cream Sandwich (namely Samsung’s Galaxy Nexus smartphone and Motorola’s Xoom tablet). Google is asking users to <a href="http://code.google.com/p/chromium/issues/entry?template=Android%20Issue ">file bug reports</a>. The company is also making a plea to the developer community and launched <a href="http://code.google.com/chrome/mobile">a new developer site</a> specifically for those that might be interested in working with Chrome and Android. </p> <p>Mobile web is quickly becoming a hot area with makers trying to mimic the desktop experience with a mobile device and being able to sync between the two. Firefox mobile browser and now Chrome for Android are clear steps in that direction.</p> <p>Much of the demand for a seamless experience while surfing comes from consumers and mobile workers alike. The BYOD (bring your own device) trend has now reached critical mass in many organizations. Last month analyst organization IDC stated that by 2015 the world’s mobile worker population will reach 1.3 billion, representing 37.2% of the total workforce. This growth is enabled not only by the ease of use and increasing functionality of smartphones, but also the sheer penetration of smartphones into different markets in a range of price points.</p> <p>All over the Net this week readers are seeing articles quoting a report from analyst organization <a href="http://www.canalys.com">Canalys</a> that found more smartphones were shipped by vendors than client PCs in 2011, even with pads, notebooks, netbooks and desktops in the client PC category.</p> <p>“In 2011 we saw a fall in demand for netbooks, and slowing demand for notebooks and desktops as a direct result of rising interest in pads,” explains Chris Jones, VP and principal analyst for Canalys. “But pads have had negligible impact on smart phone volumes and markets across the globe have seen persistent and substantial growth through 2011. Smart phone shipments overtaking those of client PCs should be seen as a significant milestone. In the space of a few years, smart phones have grown from being a niche product segment at the high-end of the mobile phone market to becoming a truly mass-market proposition. The greater availability of smart phones at lower price points has helped tremendously, but there has been a driving trend of increasing consumer appetite for Internet browsing, content consumption and engaging with apps and services on mobile devices.” </p> <p>Even as the Android market grows, and Chrome for Android will only accelerate it, Apple, according to Canalys, had an amazing 2011. “Apple’s impressive end to the year resulted in it becoming the leading smart phone and client PC vendor in Q4 2011, with shipments of 37.0 million iPhones, 15.4 million iPads and 5.2 million Macs. It also smashed the record for the most smart phones shipped globally by any single vendor in one quarter, beating Nokia’s previous record of 28.3 million shipped in Q4 2010. Moreover, Apple’s performance meant that it displaced Nokia, for the first time, as the leading smart phone vendor by annual shipments. Apple shipped 93.1 million iPhones in 2011, representing growth of 96% over 2010. The iPhone 4S benefited from pent-up demand resulting from the launch coming in October rather than June, but Apple’s overall volume was also buoyed by continued shipments of the now more aggressively priced iPhone 4 and 3GS models.”</p> <p>The growth in smartphone and other devices, and the BYOD trend, has prompted the organizers of <a href="http://www.rsaconference.com/">RSA Conference 2012</a> to introduce a mobile security breakout track this year. (The show takes place later this month.) The description of the track says, “Sessions focus on managing employee-owned devices, smartphone/tablet security, and mobile security policies. In this track you’ll find information on, mobile malware, handling eDiscovery on employee-owned devices, mobile application threats, managing consumerization, and emerging threats to mobile devices and mobile workers.”</p> <p>As we have seen in the past, where the people are, malware writers are not far behind. Mobile security features, at least from an IT department’s perspective, just might be the future driver of BYOD recommendations.</p> </article> <article> <h1>Next Up, Social Media Law</h1> <p>Stephanie Jordan — Tue, 31 Jan 2012 03:23:54 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/next-social-media-law" data-lang="en">Tweet</a></div><p>More and more today, for the corporate user, social networking is giving way to social business, and along with it, experts predict, will be specific social media law and regulations.<br /><br />A recent eWeek article,<a href="http://www.eweek.com/c/a/Enterprise-Applications/IBM-Goes-Social-25-Examples-of-Big-Blue-Becoming-a-Social-Business-601979/?kc=EWKNLEDP01202012A"> IBM Gets Down to Social Business</a>, points to how “Social networking, and its social-business offspring, has become a fashionable field of study at universities. Student projects often focus on using social networks to solve everyday and business-related problems.” The story notes how students are using social-business projects for their master’s thesis.<br /><br />As social networking becomes more tightly woven into business processes, it is no surprise that greater regulation is anticipated. Well known legal firm <a href="http://www.mofo.com">Morrison & Foerster</a> (MoFo) recently launched a new blog called <a href="http://www.sociallyawareblog.com"><em>Socially Aware</em></a>, “to help companies understand the legal implications of social media use – including privacy protection for workers’ Facebook musings, securities laws governing blog postings, or the confidentiality of instant messaging.”<br /><br />This blog may sound familiar, as it is a companion to the firm’s <em>Socially Aware</em> newsletter. While it is still emerging, social media law is a high interest area for Fortune 500 companies. Morrison & Foerster’s Social Media Practice Group says it advises companies and financial institutions across industry sectors on social media law, regulation and policy affecting privacy, data security, intellectual property, employment, securities, advertising, defamation, online contracting, user-generated content and use of social media in the workplace.<br /><br />According to the blog, there will be “an explosion of employment law disputes involving social media this year.” John Delaney, a founding editor of <em>Socially Aware</em> and co-chair of Morrison & Foerster’s Social Media Practice Group, believes everyone from Fortune 500 companies to mom-and-pop neighborhood stores are rushing to embrace social media, and says the medium is perhaps the greatest tool for reaching customers since the creation of the World Wide Web. <br /><br />Delaney warns however, “Corporate users of social media need to be aware of emerging intellectual property, privacy, employment law and other legal risks associated with social networks. This is an area where implementing a few protective measures today will help a company avoid expensive legal headaches in the future.”<br /><br />In 2012, companies that have been slow to adopt social media, MoFo expects, will begin to do so. Notes a blog entry, “We will see even the most conservative Fortune 500 companies adopting internal, company-wide social media platforms of the type offered by Jive, NewsGator and SocialText. In 2013 and beyond, we’ll be seeing a new generation of privacy, employment, defamation and other legal claims arising out of these enterprise social platforms.”<br /><br />It won’t be just companies that will experience an increase in social media law activity. MoFo says that regardless of Facebook’s recent settlement with the FTC over its data collection practices, the firm anticipates still further privacy law headaches for social media companies. “Many social media providers, anxious to justify astronomical valuations, are undoubtedly feeling pressure to make more aggressive use of personal information collected from customers.” MoFo predicts we will witness much more in 2012, especially by European regulators.<br /><br />Even though social media law is not “new” — just look at the blog’s interesting <em>Key Moments in Social Media Law</em> that begins with an entry for 1984 — it is clearly building in complexity, especially as it pertains to privacy and content ownership rights.</p> </article> <article> <h1>SMBs Need Email Archiving Too, Five Common Mistakes to Avoid</h1> <p>Stephanie Jordan — Wed, 30 Nov 2011 18:37:08 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/smbs-need-email-archiving-too-five-common-mistakes-avoid" data-lang="en">Tweet</a></div><p>Increasing regulation and litigation mean that email archiving is becoming essential for companies of all sizes and in all industries—not just for finance, health care, and government. Deborah Galea, COO and co-founder of <a href="http://www.policypatrol.com/email-archiving-exchange.htm">Red Earth Software</a> recently shared with me five common mistakes that SMBs make when thinking about email archiving<br /><br /><strong>Mistake One:</strong> Thinking small companies do not need an email archiving solution. Civil litigation can hit any company at any time, and if you cannot provide emails during the eDiscovery process, you could get hit with major financial sanctions. It’s also important to archive emails in the event of any sort of employee dispute, such as a layoff or a firing. Protect your company and make sure to have an email retention policy in place.<br /><br /><strong>Mistake Two:</strong> Putting off implementing an email archiving system to save on costs. Although there are certainly a lot of expensive email archiving systems out there, more cost effective solutions are now becoming available. Cost is really no excuse anymore for not having an email archiving solution in place.<br /><br /><strong>Mistake Three:</strong> Having only one employee knowledgeable about the system. Employees come and go and you don’t want only one person, such as a lone IT manager, knowing how to update and troubleshoot the system. Make sure all employees are aware of the email retention policy and make sure more than one person is able to use it effectively.<br /><br /><strong>Mistake Four:</strong> Not having a data map. It is important to know what kind of electronic data your company has, where it is located and how to access it. Any company, large and small, should have an eDiscovery data map (<a href="http://www.policypatrol.com/docs/ediscovery-data-map.xls">view sample data map</a>) to ease eDiscovery requests and to help meet retention guidelines.<br /><br /><strong>Mistake Five</strong>: Not regularly testing or updating the system. An email archiving solution is useless if it has any downtime or is out-of-date. Make sure that the system is spot-checked regularly and remember that this is not a “build it and forget it” project.<br /><br />As Galea notes: “Even just a few years ago, many companies had no idea what email archiving entailed. Fast forward a few years and most companies know that they need to have an email archiving solution in place.” <br /><br />Whether you are moving from knowing you need an email archiving system to actually implementing one or if you already have one, these five common mistakes are good review for us all.</p> </article> <article> <h1>User Education Key Element in Messaging Security Strategy</h1> <p>Stephanie Jordan — Thu, 17 Nov 2011 02:15:14 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/user-education-key-element-messaging-security-strategy" data-lang="en">Tweet</a></div><p>Do your users take IT security seriously? A recent poll would indicate many workers do not. This trend is not exclusive to the U.S with the poll including respondents from around the globe. What the poll reflects is that employees look to IT to be the responsible ones, and in today’s climate of sophisticated attacks, speed and connectivity, it really should be in every employee’s job description to adhere to security policies and be a part of protecting the company from outside threats.</p> <p>The poll was conducted earlier this fall by <a href="http://www.avira.com">Avira</a>, a German antivirus software company and published last week. The company asked three questions under the heading of: How careful are you when it comes to IT security in your company? There were 991 respondents with the majority (717) of the respondents being either German, English or Russian speaking.</p> <p>1) We have strict and detailed policies for IT security and the entire company takes care to follow all the policies in order to protect the company - 38.95 percent of the respondents who answered this question agreed.</p> <p>2) We have security policies, but I don’t think anybody cares if we follow the policies or not - 35.42 percent of the respondents who answered this question agreed.</p> <p>3) I don’t think about IT security at all; our system administrators are responsible for security so it’s not my concern. - 25.63 percent of the respondents who answered this question agreed.</p> <p>The employee attitude of question two and three is essentially saying to IT, “it’s not my job.” This is where the need for employee education becomes more critical. </p> <p>Hopefully, most organizations these days have published messaging policies that cover everything online - from mobile, to social media, to email and Web. Providing that is in place, making sure that employees are more aligned toward that question one camp (“… the entire company takes care to follow all the policies in order to protect the company”) takes effort.</p> <p>“When we see that less than 40 percent of workers take IT security seriously while at work, we know there is more to be done when it comes to educating people about IT security,” said Sorin Mustaca, data security expert at Avira. “Holding regular employee sessions to address the importance of staying vigilant while at work to make sure nothing happens to the corporate or small business network is equally important.”</p> <p><strong>Recommendations for Employee Education</strong></p> <p>Mustaca believes that using recent scary statistics of all the bad things out there to try to make employees get on board is not the best tactic. As he thinks the impression would be fleeting and soon forgotten. </p> <p>Instead Mustaca says, “I can imagine some live sessions demonstrating how malware gets into computers and how users like themselves get infected (the attack vectors). We have malware today that comes via email, gets dropped by simply visiting a web site, gets transmitted via Instant Messaging or gets transmitted because of a vulnerability in a software. It is important to show them also the effects of such an infection. Many malware these days steal or encrypt documents, install keyloggers, steal banking information and so on.”</p> <p>Phishing is another area that employees need to better understand. Mustaca recommends describing how many methods to get phished exist. “Any user should be able to identify a phishing web site, because this can affect them also when they are home.”</p> <p>Big company-wide sessions are not ideal believes Mustaca. He recommends that educational sessions be small so that employees are able to concentrate on the facts and ask questions. He also thinks it is very important that the sessions have mixed participation from people with various backgrounds. “This way it can be seen that anyone can be hit if he or she doesn’t pay attention.”</p> <p>Today, employees are expected to perform tasks at heightened speeds. This has created a daily routine that means employees may take more risks with company information and simply be too busy just getting through their day to pay much attention to company policy or IT security. </p> <p>Mustaca notes that while he understands people see computers as tools to do their jobs, “I am disappointed to see that a quarter of the users who took the survey are completely ignoring the importance of IT security. If all who access the Internet would fulfill some minimum security requirements then the online world would be a much safer place.”</p> <p>Unfortunately, many outside of IT do not take messaging security seriously, but perhaps with ongoing user education and smaller-sized training sessions, progress can be made toward enlisting every employee to follow IT security policies.</p> </article> <article> <h1>Privacy and Social Networks; LinkedIn Almost Doubles in a Year</h1> <p>Stephanie Jordan — Mon, 17 Oct 2011 02:36:06 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/privacy-and-social-networks-linkedin-almost-doubles-year" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/privacy-and-social-networks-linkedin-almost-doubles-year" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/privacy-and-social-networks-linkedin-almost-doubles-year" data-lang="en">Tweet</a></div><p>Messaging, both professionally and personally, would not be complete these days without including social networks. Even those earlier resisters are now relenting and joining social media networks. In Q2 of this year, LinkedIn claimed that membership had climbed from 61 million to 116 million in the span of one year, while reporting revenues of $121 million, which is a 120% increase from revenues posted last year, according to <a href="http://www.radicati.com">The Radicati Group</a>. The steady growth of social networks, with Facebook clearly leading the pack, parallels the incredible growth of email of days gone by, and just as email became a target for malware and other ills, social networks today are experiencing an increase in threats to security and privacy.</p> <p>Even though Facebook has been under scrutiny for its privacy policies, people still come to the site in droves. In a recent study by <a href="http://www.barracudalabs.com">Barracuda Labs</a>, researchers found that one in five people has been negatively affected by information that was exposed on a social network. But is this enough to drop the social network as a messaging medium? No, as another finding points out, ease of use and friends using the network are almost equally valued to privacy and security concerns.</p> <p>And are companies concerned about security or privacy when employees are online? Of the hundreds that participated in the survey, 86 percent felt that employee behavior on social networks could endanger company security. However, only 31 percent of respondents reported limitations on Facebook. LinkedIn was the least blocked in the workplace at 20 percent of respondents stating limitations being experienced.</p> <p>Malware is creeping up more and more in social networks, of the survey respondents, one in four has received a virus or malware on a social network. “Social networks are a significant part of how we communicate with one another. At the same time, the dangers associated with social networking have climbed exponentially”, warns Dr. Paul Judge, chief research officer and vice president for Barracuda Networks. “The fact that nine out of 10 users already have been attacked proves that attackers are taking over social networks.”</p> <p>This is an area of particular interest to Barracuda Labs, as earlier this year the company launched <a href="http://profileprotector.com/">Profile Protector</a>, a free service that protects social networking users against malicious threats on Facebook and Twitter. For more on the visual report, download <a href="http://www.barracudalabs.com/SNSreport">The 2011 Social Networking Security & Privacy Study</a> or simply <a href="http://www.barracudalabs.com/SNS">view the beautiful graphics</a> accompanying the information.</p> <p>October is National Cyber Security Awareness Month. Reports such as this one are good to share with your users and executives. As always, safe messaging.</p> </article> <article> <h1>Cyber Attacks and Safeguarding the Internet</h1> <p>Stephanie Jordan — Thu, 15 Sep 2011 04:35:00 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/cyber-attacks-and-safeguarding-internet" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/cyber-attacks-and-safeguarding-internet" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/cyber-attacks-and-safeguarding-internet" data-lang="en">Tweet</a></div><p>Homeland Security Secretary Janet Napolitano recently stated that we might be able to keep our shoes on while going through airport security checkpoints in the near future. It seems there is technology on the way that will allow for that. Technology has been responsible for many wonders that improve our lives or at least make things easier. The promise of the Internet was one such stride. But according to a recent comment by Napolitano, while the U.S. is ‘categorically safer’ since 9/11, cyber-terrorism is now at the top of the security concern list.<br /> <br /> In today’s world there is a wide range of online threats to safeguard against — identity theft, fraud, hackers, spam, viruses and spyware all come quickly to mind. But the persistent threats that have been experienced this year by RSA, Lockheed-Martin, Google, Sony and a host of other well-known brands and companies make us wonder just how vulnerable are we? <br /> <br /> Some experts are claiming that cyber warfare will replace traditional warfare. All that has transpired recently makes that seem less far-fetched than the general populace might have thought a few years ago.<br /> <br /> Did you read the interesting interview conducted by <a href="http://www.cisco.com">Cisco’s</a> Jason Lackey with ex-Anonymous hacker known as SparkyBlaze? If you have only read excerpts the <a href="http://blogs.cisco.com/security/life-after-anonymous-interview-with-a-former-hacker/">full reading</a> is illuminating. For me getting a sense of what is “ethical” and what is not to this 20-something-year-old was revealing. He gives advice too, which very much parallels what security companies have been saying for years. If you missed these 14 points, here they are again direct from SparkyBlaze:</p> <ul> <li>Deploy defense-in-depth </li> <li>Use a strict information security policy </li> <li>Have regular audits of your security by an outside firm </li> <li>Use IDS or IPS </li> <li>Teach your staff about information security </li> <li>Teach your staff about social engineering </li> <li>Keep your software and hardware up to date </li> <li>Watch security sites for news on computer security and learn what the new attacks are </li> <li>Let your sysadmins go to defcon ;D </li> <li>Get good sysadmins who understand security </li> <li>Encrypt your data (something like AES-256) </li> <li>Use spam filters </li> <li>Keep an eye on what information you are letting out into the public domain </li> <li>Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?</li> </ul> <p> If, like me, you sometimes take for granted all we know about security in messaging and computer security in general, the rest of the world is now starting to wake up to it. The topic is becoming of interest to a wide range of lay-people, let alone legislators and government officials. This current trend has elements of mystery, intrigue, conspiracy and drama. Indeed, a colleague recently brought to my attention a detailed <a href="http://www.vanityfair.com/culture/features/2011/09/chinese-hacking-201109">Vanity Fair magazine article</a> that makes some of the recent exploits sound like one big spy novel. What’s the old saying? May you live in interesting times. Well, we sure do. </p> <p>Data security today, and really for some time now, is no longer just a sys admins job. It is not just a “set it and forget it” appliance. Securing an organization is a complex, on-going battle that needs to be waged with regularity, education and solid company policies. And it isn’t cheap, but it is worth it. </p> </article> <article> <h1>IDC Take on Google/Motorola Acquisition: Not as Dramatic as the Headlines</h1> <p>Stephanie Jordan — Thu, 18 Aug 2011 05:33:15 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/idc-take-googlemotorola-acquisition-not-dramatic-headlines" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/idc-take-googlemotorola-acquisition-not-dramatic-headlines" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/idc-take-googlemotorola-acquisition-not-dramatic-headlines" data-lang="en">Tweet</a></div><p>Monday’s announcement from <a href="http://www.google.com">Google Inc.</a> and <a href="http://www.motorola.com/mobility">Motorola Mobility Holdings, Inc.</a> has the industry Twittering and posting like crazy this week. Google will acquire Motorola Mobility for about $12.5 billion, a premium of 63% to the closing price of Motorola Mobility shares as of Friday, August 12. The announcement of the price this week makes all the more impact when one considers the current Wall Street landscape.</p> <p>According to the companies, Motorola Mobility, a dedicated Android partner, will “enable Google to supercharge the Android ecosystem and will enhance competition in mobile computing.” In his statement, Google CEO Larry Page welcomed, “Motorolans to our family of Googlers.”</p> <p>Even with a clear statement in the announcement that declares the roadmap for Android unchanged and fully committed to, there is considerable buzz going around that Android’s days may be limited. Motorola is expected to function as an independent company and an independent licensee of Android.</p> <p>IDC Observations</p> <p>Analysts at <a href="http://www.idc.com">IDC</a> (Ramon T. Llamas, Stephen D. Drake, Stacy K. Crook, Tom Mainelli, and Greg Ireland) offered lengthy commentary on Monday. One of the main benefits to this acquisition is Motorola Mobility’s deep patent portfolio. The IDC authors observe: “Google has been the target of numerous patent lawsuits from Apple and Microsoft, two companies at the forefront of Nortel’s patent auction. Motorola Mobility has a long-standing patent history within mobility, which will not only provide protection to Google, but also the ability to challenge other vendors for patent infringement.” All of a sudden teenage Google is able to take advantage of adopted Grandpa’s history (Motorola was founded in 1928), which, according to IDC may allow either delays in pending lawsuits or settlement out of court.</p> <p>For its part, Motorola Mobility gets cash resources. IDC notes, “How Motorola Mobility will use this money remains to be seen, whether it be for research and development, marketing, or channel distribution enhancement.”</p> <p>A potential downside to the acquisition, believe the analysts, is the alienation of other Android device vendors - in particular HTC, LG Electronics, and Samsung - because “Android is the cornerstone of their respective strategies.” Especially as Motorola Mobility gains synergy between its and Google’s’ integration of software and hardware in phones and tablets. IDC also warns that if current Android OEMs get “nervous and are not getting the proper partner attention from Google there is a potential for defection as these OEMs seek other partners or acquisitions for the mobile OS.”</p> <p>With all the talk and speculation of what this acquisition <em>really</em> means the analysts at IDC seem to be taking the news quite calmly. While they recognize the announcement as significant to the mobile industry, “the impact may not be as dramatic as the headlines.” The IDC analysts note in their final word, “Beyond an improved hardware and software integration for both companies, much needed patent protection for Google and more financial stability for Motorola, this announcement does not shake-up the market, but rather provides the opportunity to enhance the Android experience across the ecosystem.”</p> <p>The Google and Motorola Mobility deal is expected to close by the end of this year or early next.</p> </article> <article> <h1>Mobile Device Usage Continues to Accelerate - Along for the Ride: SMS Spam</h1> <p>Stephanie Jordan — Thu, 14 Jul 2011 22:33:44 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-device-usage-continues-accelerate-along-ride-sms-spam" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-device-usage-continues-accelerate-along-ride-sms-spam" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/mobile-device-usage-continues-accelerate-along-ride-sms-spam" data-lang="en">Tweet</a></div><p>As mobile devices continue to dominate as a preferred messaging method, businesses are adopting SMS as a way to interact with their customers. Financial institutions, medical offices, and many other types of businesses use SMS for appointment reminders and service alerts. The popularity of mobile devices and SMS is also catching the interest of advertisers and others as they try to find a way to leverage the technology for profit; some of those “others” are producers of spam and malware.</p> <p><a href="http://www.cloudmark.com"> Cloudmark, Inc.</a> is tracking SMS attacks and last month published its 2011 Mobile Spam Guide, which the company describes as “a definitive toolkit designed to help the wider ecosystem address the growing problem of mobile spam”.</p> <p> In the whitepaper, the company says there are three main categories of attack: spam, fraud and malware, including botnets built through SMS spam messages. The paper walks through each category and also outlines how email spam and SMS spam differ, the rise of SMS spam profitability, and the effects SMS spam is having on a number of stakeholders (consumers, operators, marketers).</p> <p> The paper also offers steps that subscribers can take to protect themselves. The authors offer the following good advice to pass along to mobile device users:</p> <ul> <li>Never click on a link or call a number embedded within an unexpected SMS message, even if it looks like it is from a friend. This may download a self-propagating virus on the device that can send itself to all of the user’s contacts. </li> <li>Only download mobile applications from reputable app stores. Be aware that the Android Market is not policed by Google in the same way that the Apple Store is monitored by Apple and instances of applications containing malware have been identified on this platform. Juniper Networks recently revealed that the number of Android malware attacks has increased by 400 percent since last summer. </li> <li>Never respond to an SMS requesting login details or other personal details, particularly if it claims to be from a bank. </li> <li>If an offer in an SMS seems too good to be true, then it probably is. Companies such as Microsoft, Nokia or your network operator do not run free lotteries for subscribers, nor do reputable banks offer cheap loans via SMS advertising. </li> <li>Request your Mobile Network Operator to set up content filters on your mobile account so that premium rate texts cannot be charged or adult material displayed.</li> </ul> <p> I’m sure we’ll be hearing more about mobile spam. This spring research firm <a href="http://www.infonetics.com/ ">Infonetics</a> forecasted sales of mobile security software to grow 50 percent a year through 2014, with an expectation of reaching $2 billion. Of course the concept of mobile spam is not new, in the past the threat has been held somewhat at bay because proprietary networks and overall number of handsets made the payload smaller and therefore less attractive to cybercriminals when compared to email. However, these days the mobile market is very mature with growth exploding in the popularity of iPhones, Androids, and BlackBerry’s. A lot more users make for a lot more potential targets.</p> <p> The<a href="http://www.cloudmark.com/en/spamguide/"> 2011 Mobile Spam Guide</a><strong> </strong>is available for download.</p> </article> <article> <h1>Are We Ready for a Cyber Wallet?</h1> <p>Stephanie Jordan — Thu, 30 Jun 2011 02:58:25 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/are-we-ready-cyber-wallet" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/are-we-ready-cyber-wallet" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/are-we-ready-cyber-wallet" data-lang="en">Tweet</a></div><p>Google Wallet, the free Android mobile app that turns a phone into a mobile wallet, stores virtual versions of plastic credit cards on a users’ phone. The Google Wallet plan is to launch pilot programs this summer in New York and San Francisco starting with Citi PayPass eligible MasterCards and Google Prepaid Card and then extend Google Wallet to include all major cards found in most wallets today; but is this a technology we want? <br /> <br /> Google Wallet relies on near field communication (NFC) technology that enables data transmission between two objects when they are brought within a few inches of each other. Smartphones enabled with NFC technology can exchange data with other NFC enabled devices or read information from smart tags embedded in posters, stickers, and other products. NFC is expected to be used not only for credit cards, but bus passes, in-store credit cards, coupons, insurance cards, and the like.<br /> <br /> Earlier this month, I was sent an interesting study that looks at who is ready to start paying for items in-store using their cell phone. Published by <a href="http://Retrevo.com">Retrevo.com</a>, a consumer electronics review and shopping site that “helps people decide what to buy, when to buy, and where to buy”, the study looks not only Android, but iPhone too.<br /> <br /><strong> Retrevo’s new “Pulse” study reports:</strong><br /> - iPhone owners want NFC (mobile wallet) compatibility in their next cell phone (40%) more than Android owners (24%)<br /> - Of people over age 50, 75% were not at all interested in a phone with a mobile wallet<br /> - Men are more interested in a mobile wallet (27%) than women (15%).<br /> - Retrevo asked cell phone owners what company they would trust to provide a mobile wallet:</p> <ul> <li>36% Said Google </li> <li>33% Said Apple </li> <li>32% Said Visa, MasterCard or American Express </li> <li>26% Said AT&T, Verizon or their cell phone carrier </li> <li>33% Said none of the above</li> </ul> <p><br /> “The big question of whether or not Apple will put NFC in the rumored iPhone 4S remains unanswered at this point,” says Andrew Eisner, director of community and content for Retrevo.com.<br /> <br /> In his article, <a href="http://www.retrevo.com/content/blog/2011/06/iphone-owners-ready-mobile-wallet-will-apple-deliver">iPhone Owners Ready For Mobile Wallet, Will Apple Deliver?</a> Eisner reports that according to the study only around 25% of consumers would like to buy things with a mobile wallet and are waiting for that capability to be in their next cell phone.” He goes on to say that, “Unfortunately for mobile wallet providers, the overwhelming majority (79%) of consumers in this study, are either not interested in mobile wallets or don’t know what a mobile wallet is.”<br /> <br /> As consumers have become more savvy to the dangers of online shopping and fraud, it appears this new-found awareness is already becoming a hurdle for the mobile wallet concept. Eisner reveals that study participants were concerned about privacy and security commenting, “The Retrevo study found nearly half of those not interested in mobile wallets saying they wouldn’t trust any of the companies that we suggested to provide a mobile wallet and that includes major credit card providers, carriers and other prominent companies.”<br /> <br /> The study conducted this month by Retrevo polled over 1,000 people located in the U.S. of various ages, genders and incomes.</p> <p>If the marketing folks behind the mobile wallet do a great job of selling this ability, Capital One credit card company may have to re-think its slogan: “What’s In Your Wallet” the answer may be…not much.</p> </article> <article> <h1>Parents’ Work Computers Should Be Off Limits to Teens, Reduce Malware Exposure</h1> <p>Stephanie Jordan — Thu, 16 Jun 2011 09:52:37 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/parents-work-computers-should-be-limits-teens-reduce-malware-exposur" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/parents-work-computers-should-be-limits-teens-reduce-malware-exposur" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/parents-work-computers-should-be-limits-teens-reduce-malware-exposur" data-lang="en">Tweet</a></div><p>As I mentioned last week in the article <a href="http://www.messagingnews.com/story/national-internet-safety-and-security-month-maawg-and-passwords">National Internet Safety (and Security?) Month, MAAWG, and Passwords</a><a href="http://www.messagingnews.com/story/national-internet-safety-and-security-month-maawg-and-passwords,">,</a> June is National Internet Safety Month. This week a study was released that examines the online behavior of U.S. parents and their teenage children; this is relevant not only because the data is interesting, but also in context of the blurring between home and work and possible exposure of systems (or files) that go from one location to the other. <br /> <br /> The 2011 Parent-Teen Internet Safety Report was published by <a href="http://www.gfi.com">GFI Software</a> and looks at online behaviors related to content, communications and malware exposure. While the study is from a security company - the net finding is that in most cases kids AND their parents engage in risky online behavior – given the state of the Internet today, it is not surprising that the conclusion is that this type of behavior puts the parents’ employers at risk.<br /> <br /> According to GFI, report highlights include:<br /> <br /> 65% of parents say a virus has infected at least one of their home computers, and 62% of these have been either “somewhat” or “serious” problems.</p> <p> 90% of parents who have work computers at home say they’ve used them for non-work related purposes and 37% of these say they let their teens use them as well. Meanwhile, 47% of teens say they have been infected by a virus while using a computer at home.</p> <p>34% of teens say they have created online accounts that their parents do not know about.<br /> </p> <p>Only 28% of parents who have antivirus software say they update their virus definitions daily, and 24% are unsure if they are updating these definitions at all.</p> <p> 36% of parents use Web monitoring or Web filtering software to keep tabs on their teens’ activities online and to block inappropriate content.<br /> <br /> Now for a few highlights in light of Internet Safety Month that might be worth sharing as a discussion starter with the family:<br /> </p> <p>15% of all teenage girls surveyed have been bullied online or via text message.</p> <p> 31% of teens admit they have communicated something to someone online that they would not have said face-to-face.</p> <p> 31% of teenage boys admit to visiting a Web site intended for adults, and 53% of all teenagers who have done so say they lied about their age to gain access.</p> <p> Nearly one-third (29%) of teens have been contacted online by a stranger, and 23% of those say they have responded in some way.<br /> <br /> “The Parent-Teen Internet Safety Report is a real eye-opener as to how modern computing introduces families to a host of new dangers that reflect our evolving online lives,” comments Alex Eckelberry, general manager of GFI Software’s Security Business Unit. “It is not surprising to see teenagers engage in risky online behavior – just as they will often engage in risky behavior in the physical world. It is surprising, however, to see that parents are often compounding this problem with highly insecure computing practices like letting their children use their work computers, or being lax in updating their virus definitions. As a result, home Internet use is a source of significant risk not only to families but also to employers.”<br /> <br /> The <a href="http://www.gfi.com/parent-teen-internet-safety-report <http://www.gfi.com/parent-teen-internet-safety-report">full report</a> and a document with the full survey questionnaire and responses are available from GFI Software.<br /></p> </article> <article> <h1>Who Will Be Next Victim in Breach and Hacks? Nintendo Joins List Including Google, RSA Security, PBS, Lockheed Martin, Sony</h1> <p>Stephanie Jordan — Tue, 07 Jun 2011 10:16:19 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/who-will-be-next-victim-breach-and-hacks-nintendo-joins-list-includi" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/who-will-be-next-victim-breach-and-hacks-nintendo-joins-list-includi" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/who-will-be-next-victim-breach-and-hacks-nintendo-joins-list-includi" data-lang="en">Tweet</a></div><p>While only half-way through the year, 2011 may be best remembered as the year of spectacular hacking and breaches. The headlines this year are full of well-known brands being attacked. From the RSA Security breach earlier this year, to news that Lockheed Martin had been compromised, to Google admitting that Gmail hackers have targeted U.S. government and military personnel, there is no shortage of news on the subject of hacking.</p> <p>While Google is pointing an accusing finger at China, which China denies, others are wondering why government personnel have Gmail accounts at all. In a Friday <a href="http://www.computerworld.com/s/article/9217294/So_why_are_senior_U.S._officials_using_Gmail_">post Sharon Gaudin</a> asks that very question and quotes Brad Shimmin, an analyst with Current Analysis, who says Google has been “pushing hard to get government agencies - all the way from small and local to big, federal organizations - to move to Google Apps.” The article goes on to offer more possible reasons for having the accounts.</p> <p>But Google, while perhaps the most well-covered, is not alone in its troubles. Hotmail and Yahoo! Mail have also reported being targeted. These phishers are very exacting moving from spear-phishing (the targeting of a specific organization) to possible whaling (the targeting of a particular person). A number of blogs have offered possible reasons behind the attacks – I found <a href="http://blog.trendmicro.com/targeted-attacks-on-popular-web-mail-services-signal-future-attacks/">Nart Villeneuve with Trend Micro</a> account interesting reading.</p> <p>Also, don’t miss reading last week’s: <a href="http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-gmail-account-being-hacked/#why">How to Stop Your Gmail Account Being Hacked</a> by Graham Cluley, senior technology consultant with Sophos, where he suggests steps to reduce the chances of your Gmail account being hacked:</p> <ul> <li>Set up two-step verification</li> <li>Check if your Gmail messages are being forwarded without your permission</li> <li>Where is your Gmail account being accessed from?</li> <li>Choose a unique, hard-to-crack password</li> <li>Secure your computer</li> <li>Why are you using Gmail anyway?</li> </ul> <p>Meanwhile, Lulz Security (or LulzSec) is loud and proud of its recent exploits – which include compromising PBS’s website and posting a story that Tupac Shakur is “alive and well” as well as infiltrating servers at Sony Pictures. The group is also taking credit for replacing the homepage of a FBI partner (InfraGard) with a YouTube joke video and publishing an internal configuration file for one of Nintendo’s U.S. servers.</p> <p>In the case of InfraGard, according to reports, “The server’s user database was apparently not properly protected. LulzSec published the personal data of 180 InfraGard members and a number of passwords in plain text. They also made 700 MB of emails available as a torrent download.”</p> <p>Further, the group tested the InfraGard user database and found that many of the passwords were being re-used on other websites making the payload even sweeter.</p> <p>In the case of Sony, LulzSec compromised millions of user records gaining access to names, passwords, email addresses, birth dates and home addresses. After the multiple attacks, Sony’s brand is reeling amid questions of poor data management.</p> <p>In the wake of the PBS hack last week, Chester Wisniewski, a senior security advisor at Sophos Canada wrote in a <a href="http://nakedsecurity.sophos.com/2011/05/30/pbs-org-hacked-lulzsec-targets-sesame-street/">blog last week,</a> “Whether you are related to political causes or not, an easy way to ensure you aren’t the next victim is to make sure that you protect the information you are entrusted with. Data stored insecurely is a bomb waiting to detonate. Security must be a proactive attitude because reacting is simply too dangerous.”</p> <p> Hear, hear.</p> </article> <article> <h1>Twitter's Role in OBL Coverage: Medium Shifts from Its "Inconsequential Information" Roots to Bearer of Significant World News</h1> <p>Stephanie Jordan — Fri, 06 May 2011 01:34:15 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/twitters-role-obl-coverage-medium-shifts-its-inconsequential-informa" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/twitters-role-obl-coverage-medium-shifts-its-inconsequential-informa" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/twitters-role-obl-coverage-medium-shifts-its-inconsequential-informa" data-lang="en">Tweet</a></div><p>Twitter has accomplished a lot in the five years since its first public introduction in 2006 (and as its own company beginning in April 2007). With over 200 million users, the text-based posts have become the Western Union Telegram of the 21st century. It wasn’t that long ago that Jay Leno made fun of tweeting during an opening monologue for The Tonight Show. Indeed it began as just a fun way to communicate to a bunch of friends. Founder Jack Dorsey has been quoted as saying: “…we came across the word ‘twitter’, and it was just perfect. The definition was ‘a short burst of inconsequential information,’ and ‘chirps from birds’. And that’s exactly what the product was.”</p> <p>When you look at the role the communication medium played in this week’s dissemination of news regarding the death of Osama bin Laden, it appears Twitter has outgrown its original lightness of being. The now-understood Twitter play-by-play of the events leading up to bin Laden’s death, more than six hours before it happened, has taken the significance of live-tweeting to new heights. With an amazing immediacy, the tweets and retweets of unconfirmed supposition were hours ahead of the official White House announcement. The wee-hour tweetings of Sohaib Athar (@ReallyVirtual) became a central point of contact for the world trying to get as much detail as possible in the short bursts that Tweeter allows.</p> <p>The need for additional information on the event made for so much speculation around the world that it is not surprising given our reliance on social networking for news and information that it was not television, but rather these other mediums that broke the news first. While the president feverishly worked on the right wording for his speech to the nation, and the press corp waited as the scheduled public address time came and went, the “tweet heard ’round the world” went out at 10:25 p.m. EST. Keith Urbahn, the chief of staff for the former defense secretary Donald Rumsfeld, wrote at that time, “So I’m told by a reputable person they have killed Osama Bin Laden. Hot damn.”</p> <p>Urbahn, covering himself, followed quickly with other Tweets: “Don’t know if it’s true, but let’s pray it is.” “Ladies, gents, let’s wait to see what the President says. Could be misinformation or pure rumor.”</p> <p>Tweets on the reactions from around the world to the news of bin Laden’s death are being monitored by <a href="http://research.ly/">PeopleBrowsr</a>, with examples from Indonesia, France, Pakistan, the U.S. and others.</p> <p>The intense interest in the topic has not gone unnoticed by cybercriminals, always quick to cash in on current events. <a href="http://securitylabs.websense.com/">Websense Security Labs</a> published a warning that Athar’s website had been compromised by hackers. Patrik Runald, senior manager for security research, for Websense says, “Cybercriminals are constantly exploiting where the masses go, and news on Osama bin Laden’s death is no exception. We want to warn everyone looking for news on bin Laden’s death to be cautious when clicking new links. Make no mistake—hackers are going after websites, like <a href="http://twitter.com/ReallyVirtual">@ReallyVirtual</a>’s (Athar’s), along with search engine results to prey on visitors looking for more information.”</p> <p>Runald also states that organizations are at risk when employees search online using company computers potentially exposing the organization to exploits. In the quest to link to information on bin Laden, reputable sites like CNN have pointed to poisonous sites. “So the end result is that users trying to follow one of the most highly visible stories in the world on very legitimate sites were within two clicks of a malware-infected site,” observes Runald. “They were often brought there by the sites they trusted.”</p> <p>It appears there is malware lurking everywhere from Facebook and YouTube to other poisonous sites showing up among first search results on the topic of bin Laden. “The bad guys know you far too well,” says Randy Abrams, director of technical education, Cyber Threat Analysis Center for ESET North America. “They know that all they have to do is say they have video footage of bin Laden and many people will mindlessly click. As is always the case with any big news headlines, there are fake videos being posted with the intent of infecting your computer…”</p> <p>Abrams offers this advice, “Look carefully at your search results and stick to well-known sites. YouTube does not count as a well-known site because they have virtually no control over what gets posted, hence it is a common place for the bad guys to post videos. The folks at YouTube are quite good at removing the bad posts, but it takes time.”</p> <p>Aryeh Goretsky, distinguished researcher for ESET North America, adds, “The sheer amount of search activity has unleashed a tidal wave of scams and malware. We were so taken aback by the volume that our last four posts to the <a href="http://blog.eset.com/2011/">ESET Threat Blog</a> have been on this phenomenon.” Goretsky’s blog offers commentary on <a href="http://blog.eset.com/2011/05/04/osama-bin-laden-is-alive-and-well-on-facebook">threats to Facebook and other social media services</a>.</p> <p>According to <em>The New York Times</em> writer Brian Stelter, even before the President spoke his address by 11 p.m. EST every single second “there were more than a dozen Facebook posts with the word ‘bin Laden.’” The viral nature of how we receive news through social media has forever changed our expectation for immediate knowledge of current events and world happenings.</p> </article> <article> <h1>Data Vulnerability—Combating Data Loss with Best Security Practices</h1> <p>Stephanie Jordan — Thu, 21 Apr 2011 09:07:43 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-vulnerability-combating-data-loss-best-security-practices" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-vulnerability-combating-data-loss-best-security-practices" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-vulnerability-combating-data-loss-best-security-practices" data-lang="en">Tweet</a></div><p>All businesses operating today are at risk of data loss. In some cases it is human error and in others it’s with deliberate malicious intent. The very connectedness that characterizes messaging today enables great benefits and ease of business, while at the same time the potential for abuse.</p> <p>With the latest data breach against <a href="/story/lessons-learned-expense-epsilon-what-s-name-and-email-address">Epsilon</a> just a few weeks behind us, the topic of data vulnerability is still top of mind. It is important to remember that more than email marketers are at risk for being targets of organized cybercrime, advertising networks, certificate authorities and mailbox providers have all been compromised in the past 90 days. In 2010, the Online Trust Alliance (OTA) recorded 407 breaches, and 26 million records compromised. This translates to high costs as OTA puts the cost per record at $204 USD, and a $5.3 billion impact to U.S. businesses. It is generally accepted that many breaches that occur go undetected or unreported, so the 2010 incident numbers are actually higher. How much higher we have no way of knowing.</p> <p>In response to the recent string of attacks targeting email service providers and the marketing community, OTA yesterday unveiled its <a href="https://otalliance.org/resources/securitybydesign.html ">Security by Design Framework</a>, a set of guidelines that recommend a re-investment in security best practices and operational disciplines.</p> <p>“The Security by Design Framework transcends technology and requires that all organizations foster collaboration within their corporate and partner ecosystem. By adopting these best practices, organizations will not just challenge their own security constructs, but also ensure that prospective vendors and partners are adhering to the same high standards,” comments David Daniels, CEO and co-founder of <a href="http://www.relevancygroup.com">The Relevancy Group</a>.</p> <p>Working with leading organizations, the email community and security experts, OTA’s guidelines offer a holistic framework, predicated on the belief that all members of the messaging community have a stake in the preservation of consumer trust and that data stewardship is everyone’s responsibility. According to OTA, here are a few steps to effective “Security by Design”:</p> <ol> <li>Create a cross-functional security team headed by a chief security officer (or equivalent) as the single point of authority with security accountability.</li> <li>Map the data workflows within your organization and providers to identify points of vulnerability. Examine how you handle data, from collection and storage to transmission, usage and destruction. Define who should have access to the data, how and why.</li> <li>Include security review milestones in every project, from the development of functional specifications through trial and launch.</li> <li>Audit your network infrastructure, mapping it to both internal and external facing sites and all points of connection. Implement processes to monitor the security of your network and data assets to detect unauthorized access or unusual patterns of activity.</li> <li>Develop an incident response plan and team with pre-defined action items and communication strategies that can be activated should a breach occur.</li> </ol> <p>OTA believes that in today’s cybercrime landscape, businesses need to assume if they collect and retain data they will lose it. If businesses accept this premise, they can then better protect, detect and remediate potential losses.</p> <p>While the creation of the Security by Design Framework had online marketers—like Epsilon—in mind, these best practices and the need to safeguard data is for everyone.</p> <p>=</p> <p>Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: <span class="spamspan"><span class="u">sjordan</span> [at] <span class="d">messagingnews [dot] com</span></span></p> </article> <article> <h1>Access Governance: Controlling Employee Access to Mitigate Data Loss</h1> <p>Stephanie Jordan — Mon, 11 Apr 2011 10:42:41 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/access-governance-controlling-employee-access-mitigate-data-loss" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/access-governance-controlling-employee-access-mitigate-data-loss" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/access-governance-controlling-employee-access-mitigate-data-loss" data-lang="en">Tweet</a></div><p>If the <a href="http://www.messagingnews.com/story/lessons-learned-expense-epsilon-what-s-name-and-email-address">Epsilon breach</a> doesn’t cause you to consider data protection, not much else will. With millions of consumer email addresses and names lost to a data breach, Epsilon stands as a reminder that data needs to be safeguarded, not only from cybercriminals, such as in the breach on March 30 and disclosed on April 1, but also from employees, temporary employees, contractors and partners. The breach this month reminded me of a study published a year ago by the Ponemon Institute exploring access governance trends. In light of this month’s activities, it seems like a good time to re-visit the findings.</p> <p>The study, <em><a href="http://www.ponemon.org/data-security">2010 Access Governance Trends Survey</a></em>, asked 728 IT practitioners in U.S.-based multinational organizations how they thought they were doing in access governance within their organizations. This is the second such study, with the first conducted in 2008, so the study analysts were able to compare results over time.</p> <p>The study asked questions like:</p> <ul> <li>How do organizations determine who should have access to information resources and what is the appropriate level of access? </li> <li>Is access governance important to an organization’s overall information security strategy and if so, why?</li> <li>What are the most frequently used approaches to assigning access rights?</li> <li>Who is accountable for governing access?</li> <li>How important is understanding risk relative to a user’s role and the type of information resources they are accessing?</li> <li>What are the critical success factors in an access governance program? </li> </ul> <p>In 2008 and in the 2010 survey, IT staff said they could not keep up with the constant change to information resources, regulations and user access requirements. The study points to how difficult it can be to have enterprise-wide visibility into user access and to gage compliance with policies. Study researchers say the lack of effective access governance can jeopardize an organizations’ ability to reduce the overhead and burden associated with achieving compliance, and mitigate access-related business risks. </p> <p>According to paper’s authors, key findings include: </p> <p><strong>User access rights continue to be poorly managed.</strong> Eighty-seven percent of respondents believe that individuals have too much access to information resources that are not pertinent to their job description – up 9 percent from the 2008 study. </p> <p><strong>Organizations are not able to keep pace with changes to users’ job responsibilities and they face serious noncompliance and business risk as a result.</strong> Nearly three out of four organizations – 72 percent – say they cannot quickly respond to changes in employee access requirements and more than half (52 percent) cannot keep pace with the number of access change requests that come in on a regular basis. </p> <p><strong>Policies are not regularly checked and enforced. </strong>Fifty-nine percent of organizations do not have<em> </em>or strictly enforce access governance policies and 61 percent do not<em> </em>immediately check access requests against security policies before the access is approved and assigned. </p> <p><strong>Organizations lack budget, resources and staff for effective access governance. </strong>Nearly two- thirds (65 percent) say that not having enough IT staff was a key problem in enforcing access compliance policies. Fifty-seven percent of organizations do not have enough technologies to manage and govern end-user access to information resources and even more<em> – </em>63 percent – do not<em> </em>have enough resources to do so. </p> <p><strong>Granting end-user access to information resources is increasingly seen as a responsibility for business units, not IT staff.</strong> Nearly two out of five respondents – 37 percent – say business unit managers in their organizations are responsible for end-user access requests to information resources, up 8 percent from 2008. Conversely, information technology and security personnel saw their overall responsibility drop 2 percent to 23 percent in the 2010 study. </p> <p><strong>Cloud computing is expected to impact access governance processes.</strong> Nearly three out of four (73 percent) respondents say that adoption of cloud-based applications will have a very significant or significant impact on business and end-users ability to circumvent existing access policies. </p> <p><strong>Company data and applications are considered the most at risk from poor access governance</strong>. From 2008 to 2010, respondents’ concern grew most for business unit-specific applications (63 percent, up 11 percent), company intellectual property (57 percent, up 7 percent) and general business information (56 percent, up 11 percent). </p> <p><strong>Recommendations</strong></p> <p>The researchers of the study recommend organizations implement an enterprise-wide access governance process that prevents employees, temporary employees and contractors from having too much access to information assets, and understand what role-based access individuals need in order to be fully productive in their jobs. Further the researchers say well-defined business policies to assign access rights should be centrally controlled and enforced consistently across the organization.</p> <p>Also, broaden your view of risk management, says the study authors, “Organizations need to go beyond the minimum requirements for compliance and think about risk in the broadest terms with the widest coverage. This is especially true because the loss of corporate IP is typically not covered under regulations or industry mandates.”</p> <p>While the Epsilon breach is a reminder of the threat that an outsider’s attack can have on the data that an organization keeps, this study is a good reminder of insider risk due to inappropriate access and ways to approach access management.</p> </article> <article> <h1>China-U.S. Effort to Fight Spam Previewed at MAAWG General Meeting</h1> <p>Stephanie Jordan — Thu, 10 Mar 2011 02:50:55 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/china-us-effort-fight-spam-previewed-maawg-general-meeting" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/china-us-effort-fight-spam-previewed-maawg-general-meeting" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/china-us-effort-fight-spam-previewed-maawg-general-meeting" data-lang="en">Tweet</a></div><p>There are a handful of groups that I always follow closely and one of them is <a href="http://www.maawg.org">MAAWG</a> (Messaging Anti-Abuse Working Group). The organization held its 21st General Meeting Feb. 22–23 in Orlando, FL. At the meeting the <a href="http://www.ewi.info">EastWest Institute</a> (EWI), a New York-based international think tank, announced an ongoing bilateral effort to reduce spam between China and the United States.</p> <p>Karl Frederick Rauscher, chief technology officer for EWI, previewed a joint China-U.S. report on cybersecurity: <em>Fighting Spam to Build Trust, </em>which will be the first product of talks between Chinese and U.S. experts convened by EWI. The report’s focus is on voluntary best practices for reducing spam.</p> <p>China is not one of the top 10 spam emitters (the U.S. holds that distinction), according to Cisco Senior Security Researcher Henry Stern; however, China became the most spammed country in February with a spam rate of 86.2 percent (says <a href="http://www.symantec.com/">Symantec</a> February 2011<a href="http://www.symantec.com/messagelabs"> MessageLabs</a> Intelligence Report.)</p> <p>MAAWG Chairman and Distinguished Engineer at Comcast Michael O’Reirdan, believes this effort is noteworthy, “This dialogue with China is a most welcomed breakthrough—a real step forward. It comes at an opportune time and can build on the work that has been going on at MAAWG for several years.”</p> <p>MAAWG works against spam and online exploitation, representing over one billion mailboxes worldwide. “Back in 2004 the ISP industry began its cooperative efforts to deal with spam, and now in 2011 we are working together on a wide range of abuse issues which encompass spam, bots, mobile threats, law enforcement issues and public policy,” says O’Reirdan. “Spam is a great starting point in working with China and it is still a major issue that needs resolution.”</p> <p>According to Rauscher, the EastWest Institute is a trusted convener of parties that have difficulty talking to each other. “The cybersecurity arena is one where there is tremendous distrust between China and the U.S.—the two biggest cyber super powers in the world,” he explains. “This first step of cooperating to fight spam is attractive because it is an area where both sides have very common interests. Not only is about 90 percent of all email messages spam, but spam is also the carrier of malicious code such as viruses and it is often used as a vehicle for fraud. Given the profound economic interdependencies that China and the U.S. have, opening some dialogue in cybersecurity is an important step.”</p> <p>Does China stand to gain more than the U.S. with this effort? With the rapid growth of Internet users in China, O’Reirdan notes that, “the possibility exists that there would be much more spam emanating from China over time. As such, this cooperative work is in the interests of both China and the U.S., as well as the rest of the Internet.”</p> <p>The report will have recommendations for combating spam and will include processes for creating international protocols aimed to differentiate legitimate messages from spam; a call for educating consumers about the risk of botnets; and measures for discouraging spam, such as encouraging ISPs in both countries to use feedback loops. “The guidance from the joint report will mostly be in the form of voluntary best practices,” says Rauscher. “These are applicable for network operators and ISPs from both China and the U.S., as well as for other countries.”</p> <p>EWI President and Founder John E. Mroz adds: “The United States and China face large moral and political dilemmas in cooperating on cybersecurity. Do we continue to see each other as enemies or rivals, or do we edge slowly forward trying to find common ground? We know that the economic and personal security of our citizens depends on a quantum leap in cooperation and an end to the rapidly escalating cyber mistrust.”</p> <p><em>Fighting Spam to Build Trust</em> is expected to be published this month.</p> <p>=</p> <p>Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: <span class="spamspan"><span class="u">sjordan</span> [at] <span class="d">messagingnews [dot] com</span></span></p> </article> <article> <h1>For Messaging, RSA Conference Focuses on Email, Web and Mobile Security</h1> <p>Stephanie Jordan — Thu, 17 Feb 2011 08:25:12 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/messaging-rsa-conference-focuses-email-web-and-mobile-security" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/messaging-rsa-conference-focuses-email-web-and-mobile-security" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/messaging-rsa-conference-focuses-email-web-and-mobile-security" data-lang="en">Tweet</a></div><p>The <a href="http://www.rsaconference.com/2011/usa/index.htm">RSA Conference</a> held in San Francisco’s Moscone Convention Center this week offers a glimpse into the hopes of a post-recession IT boom. Very debatable that the recession is actually over, but to me this year was characterized by more foot traffic than in recent years, the return of bigger booths and promotional stunts including knights in shinny armor, blue girls, and pirates.</p> <p>When it came to messaging, common discussion points included malicious activity on social media sites like Facebook and Twitter, the increase in interest and adoption of email encryption, the rise of hacktivisim, the decrease in spam levels (and the various theories as to why), and the cloud among other topics.</p> <p>While the show runs an entire week, the first half of this week has seen a variety of news announcements for the messaging space. Here are a few highlights as of press time: </p> <p><a href="http://www.barracudanetworks.com">Barracuda Networks Inc.</a> re-announced its Barracuda Web Security Flex, which unifies SaaS, appliance and remote filtering deployment options under a single management and reporting portal.</p> <p><a href="http://www.cisco.com">Cisco</a> announced its new SecureX Architecture, which enables context-aware security enforcement, and that the first to offer the context-aware firewalling and policy enforcement is the Cisco Adaptive Security Appliance (ASA).</p> <p><a href="http://www.globalscape.com">GlobalSCAPE</a> announced its new hosted MFT (managed file transfer) solution in its GlobalSCAPE’s cloud MFT suite. GlobalSCAPE Hosted Enhanced File Transfer Server is a service that expands the company’s cloud-based Managed Solutions, launched in July 2010.</p> <p><a href="http://www.m86security.com">M86</a> unveiled M86 MailMarshal 7.0, a complete overhaul and re-architecture of its software-based email policy management solution that boasts support for Microsoft Exchange 2010.</p> <p><a href="http://www.messageware.com">Messageware</a> offered a demo of its new software solution, OWA (Outlook Web Access) Guard for Exchange Server 2010, an endpoint security software enhancement that is designed to protect both businesses and their employees from unauthorized access to corporate information. (The product is in beta and expected to be released next quarter.)</p> <p><a href="http://www.soleranetworks.com">Solera Networks</a> demonstrated its recently announced Solera OS 5.0, a major update to its network forensics platform, which offers real-time and historical views of everything on the network, think surveillance camera.</p> <p><a href="http://www.sra.com">SRA International, Inc.</a> announced the launch of its SRA One Vault Messenger, an encryption solution for SMS text messaging for BlackBerry smartphones, the latest addition to the SRA One Vault suite of products released in 2010.</p> <p><a href="http://www.validedge.com">ValidEdge</a> unveiled its new Network Malware Security, a combined hardware and software solution, that monitors critical networks for any suspect code intrusion, performs instant analysis and issues alerts for IT personnel.</p> <p><a href="http://www.voltage.com/">Voltage Security, Inc.</a> announced v4 of Voltage SecureMail, an email encryption solution. The new version offers enhanced end-user experience and business features for global enterprises.</p> <p><a href="http://www.websense.com">Websense</a> offered a demo of its new Mobile DLP capability that uses Websense DLP technology to prevent the loss of confidential data on iPads, iPhones, Android, and other mobile devices.</p> <p><a href="http://zixcorp.com/">ZixCorp</a> announced a new product, ZixMobility, for the email encryption market that aims to enhance ease of use for encrypted email on a number of major smartphone platforms including Android, BlackBerry and iPhone.</p> <p><a href="http://www.Zscaler.com">Zscaler, Inc.</a> unveiled Zscaler Mobile, which works in tandem with Zscaler’s existing Web and email cloud security services, to enforce the same policy for users wherever they go, across all devices.</p> <p>There is always so much to see and learn at RSA. I always leave wishing I had more time for more meetings, more introductions and more lectures. This year proved to be no different!</p> </article> <article> <h1>Data Privacy Day Encourages Businesses to Pay Attention to Data Breach Prevention</h1> <p>Stephanie Jordan — Thu, 27 Jan 2011 02:46:25 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-privacy-day-encourages-businesses-pay-attention-data-breach-pre" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-privacy-day-encourages-businesses-pay-attention-data-breach-pre" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/data-privacy-day-encourages-businesses-pay-attention-data-breach-pre" data-lang="en">Tweet</a></div><p>Did you know that <a href="http://dataprivacyday2011.org/">Data Privacy Day</a> is celebrated on January 28 in the United States, Canada and about 27 European countries? According to proponents, Data Privacy Day promotes privacy awareness and education among teens and young adults, focusing on the privacy issues raised by the use of social networking sites, cell phones, BlackBerry devices, online gaming, and other online activities and mobile devices. Privacy-related events on Data Privacy Day have drawn the support of academics, politicians, and corporations. Microsoft, Intel and Google are among the day’s sponsors.</p> <p>To coincide with Data Privacy Day, the <a href="http://www.otalliance.org">Online Trust Alliance</a> (OTA) this week released its <a href="//localhost/resources/2011DataBreachGuide.pdf">2011 Data Breach & Loss Incident Readiness Guide</a> outlining key questions and recommendations to help businesses in breach prevention and incident management. The OTA Guide was developed in collaboration with and the support of dozens of industry organizations and corporations. </p> <p>“In the past five years, over 525 million records containing sensitive personal information have been compromised, significantly undermining the foundation of consumer trust,” says Craig Spiezle, executive director and president of the Online Trust Alliance. “With the onslaught of criminal and deceptive business activities, we are calling on business leaders to develop a readiness plan. Those failing to act may be faced with increased public scrutiny, regulatory pressures and a tarnished brand reputation.”</p> <p>The goal of the guide is to raise awareness of the severity of a data breach while helping businesses and organizations prevent and mitigate data security and privacy crises. Walking readers through the key points of designing a Data Incident Plan (DIP), the guide offers insights, prescriptive advice and actionable recommendations for businesses of all sizes.</p> <p>Want to take OTA’s <em>2011 Data Breach Incident Readiness Guide</em> challenge? Here’s a quick quiz for businesses: Your organization should be able to answer these five key questions:</p> <p>1. Do you know what sensitive information your company maintains, where it is stored and how it is kept secure?</p> <p>2. Do you have an incident response team in place ready to respond 24/7?</p> <p>3. Are management teams aware of security, privacy and regulatory requirements related specifically to your business?</p> <p>4. Have you completed a privacy and security audit of all data collection activities, including cloud services, mobile devices and outsourced services?</p> <p>5. Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?</p> <p>So, how’d you do?</p> <p>=</p> <p>Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: <span class="spamspan"><span class="u">sjordan</span> [at] <span class="d">messagingnews [dot] com</span></span></p> </article> <article> <h1>Spam Bouncing Back, Facebook’s New Threat</h1> <p>Stephanie Jordan — Thu, 13 Jan 2011 02:07:04 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/spam-bouncing-back-facebook-s-new-threat" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/spam-bouncing-back-facebook-s-new-threat" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/spam-bouncing-back-facebook-s-new-threat" data-lang="en">Tweet</a></div><p>In the fourth quarter of 2010 spam levels dropped to an all time low. The thrill has been short lived, however, as <a href="http://www.commtouch.com">Commtouch</a> reports spam has increased 45 percent this week.</p> <p>In its quarterly <em><a href="http://www.commtouch.com/download/1934">Internet Threats Trend Report</a></em>, which covers spam, phishing, malware and Web threats, Commtouch says December’s daily average for spam was around 30 percent less than in September. The average amount of spam for the fourth quarter (Q4) of 2010 was 83 percent of all email sent worldwide, down from 88 percent in the third quarter (Q3).</p> <p>According to the report, in Q4 approximately 288,000 zombies were activated daily, a significant decrease as compared to 339,000 during Q3. “An inactive botnet is like an idle factory, a money-losing proposition for spammers,” warns Asaf Greiner, Commtouch vice president of products. “We have seen situations where after a lull in spam or malware distribution a new tactic was introduced. Threat experts are wise to continue following changes in network behavior in order to proactively block new threats.”</p> <p>Commtouch found spam levels averaged 142 billion spam/phishing messages per day during Q4 compared to the 198 billion spam/phishing messages per day during Q3. Commtouch stated that spam activity increased by 45 percent just prior to the report’s publication on January 12.</p> <p>Also this week, <a href="http://www.appriver.com">AppRiver, LLC</a> released its year-end <a href="http://cts.businesswire.com/ct/CT?id=smartlink&url=http%3A%2F%2Fwww.appriver.com%2Freports%2Fmonthly_spam.asp&esheet=6568524&lan=en-US&anchor=Threat+and+Spamscape&index=2&md5=3f01ca1cef8f131671cf706db4eb5642"><em>Threat and Spamscape</em></a> report, which offers a summary and analysis of spam and malware trends traced over the course of 2010.</p> <p>According to Fred Touchette, AppRiver report author and senior security analyst, phishing techniques showed increasing sophistication in 2010. Touchette predicts that phishing campaigns will continue to be a trend in 2011. Specifically, he believes the following phishing characteristics will be seen this year:</p> <p><strong>Pretending to be a Banking Institution</strong>— Touchette says posing as a trusted bank is a tried and true persona for cyber criminals. Unsuspecting online bankers will continue to be victims, as they respond to simple emails that appear to be from their bank asking them to login. </p> <p><strong>Activating Botnets</strong>—Despite the take down of the Pushdo and Bredolab botnets, Touchette notes that the presence of botnets does not appear to be going away any time soon. Underground forums that sell kits, mostly ZeuS-based kits, will enable botnets to continue to spew out spam for the foreseeable future. </p> <p><strong>Targeting Mobile Devices</strong>—The steadily increasing use of mobile devices will increase the likelihood of these devices becoming prime targets for malicious attacks, predicts Touchette, offering evidence of the attack we saw in late August, where cyber criminals showed just how easy it is to create a believable Facebook spam campaign targeting smartphone users.</p> <p><strong>Capitalizing on Facebook and Twitter</strong>—Touchette sees social networking sites as prime locations for cyber criminals to prey on the naïve and unsuspecting. He says the large cross-section of users makes the potential for a successful attack significant.</p> <p>Speaking of Facebook, it was recently reported that <a href="http://nakedsecurity.sophos.com/2011/01/09/facebook-photo-album-chat-messages-spreading-koobface-worm/">a new social networking worm in the vein of Koobface</a> is currently doing the rounds. Chester Wisniewski, a senior security advisor at <a href="http://www.sophos.com">Sophos</a> Canada, commented that the reported threat is different from the usual Facebook malady because “unlike the majority of Facebook scams we report, this one actively infects your computer with malware instead of simply tricking you into taking surveys and passing on messages to other users.”</p> <p>It appears that an individual received a link in his Facebook chat from a friend, which pointed to an app.facebook.com/CENSORED link. Writes Wisniewski, “Typically when you go to a Facebook app page it prompts you to add the application and grant it permission to post on your behalf or read your profile data. The scary part about this one is that it immediately prompts you to download a “FacebookPhotos#####.exe” file with no prompting or clicking required.”</p> <p>Wisniewski goes on to say that a dialog box says that the photo has been moved to another location and encourages the user to click VIEW PHOTO in order to see it. Wisniewski warns, “If your computer has not already downloaded the malware, the “View Photo” button will download the virus for you.”</p> <p>Facebook quickly removed the application, but as Wisniewski concludes, there are no doubt more like this one out there. </p> <p>As we review 2010 and look forward to 2011, from a messaging security standpoint, it appears we are in for more of the same when it comes to spam, phishing and malware. Social networking sites with Facebook and Twitter perhaps in the lead, and mobile devices too will continue to be not only popular among users, but also popular with the bad guys.</p> <p>=</p> <p>Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: <span class="spamspan"><span class="u">sjordan</span> [at] <span class="d">messagingnews [dot] com</span></span></p> </article> <article> <h1>What A Difference A Decade Makes</h1> <p>Stephanie Jordan — Thu, 30 Dec 2010 03:16:54 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/what-difference-decade-makes" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/what-difference-decade-makes" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/what-difference-decade-makes" data-lang="en">Tweet</a></div><p>As 2010 comes to a close, so does the first decade of the new century. If you are like me, this realization is at once incomprehensible and awe-inspiring. Time seems to pick up speed as we go along and in this decade of messaging we have come a long way. In the beginning of the decade, malware writers were more apt to be brilliant pimpled teenagers wanting to be noticed and social networking meant working the room at a business function. </p> <p>Today, malware writers are still brilliant, but they desire to fly under the radar to look for payloads, not praise for their antics. One of the primary reasons <em>Messaging News</em> came into being in 2004, was to share information about this shift, covering viruses and tactics, best practices and thought leadership on the direction that messaging was moving and how to prepare for it.</p> <p>The same year our magazine was launched, another launch took place by the founders of Facebook. Of course today’s definition of social networking now means joining the more than 500 million people of Facebook and other such tools that allow one to many communications.</p> <p>In November, Facebook announced its latest effort meant to unify email, instant messaging, text messaging and its existing messaging system in what it terms a “social inbox”. The goal for this social inbox is to become a hub for those 500 million users’ online communications. While the intent is supposedly not to impact Yahoo! Mail or Gmail — or so says the company — it isn’t hard to imagine that if the capabilities are there, that the social inbox will change consumer messaging habits. As we have previously reported in <em>Messaging News</em>, consumer oriented and intended technologies, such as these, are crossing over into the business world at a fairly rapid pace, changing how technology is introduced into an organization. This will be an area of continued interest for us as we move into 2011.</p> <p>With the beginning of the New Year upon us, we’d like to take this opportunity to thank you for your support of our magazine and online efforts. Our faithful readers, advertisers, and friends allow us to continue to bring you the news on all that comprises messaging today. </p> <p>Best wishes and success to all in 2011!</p> <p>=</p> <p>Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: <span class="spamspan"><span class="u">sjordan</span> [at] <span class="d">messagingnews [dot] com</span></span></p> <p> </p> </article> <article> <h1>FTC’s Long Awaited Privacy Report to Guide Future Policy</h1> <p>Stephanie Jordan — Wed, 15 Dec 2010 03:06:31 +0000</p> <div class="fb-social-like-widget"><fb:like href="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/ftc-s-long-awaited-privacy-report-guide-future-policy" send="false" layout="box_count" show_faces="false" width="55" action="like" font="arial" colorscheme="light"></fb:like></div><div class="tweetbutton"><a href="http://twitter.com/share" class="twitter-share-button" data-count="vertical" data-via="messagingnews" data-related="messagingnews:News and trends on the latest in business email and messaging technology, including email & web security, virtualization, e-Disc" data-text="" data-counturl="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/ftc-s-long-awaited-privacy-report-guide-future-policy" data-url="http://www.messagingnews.com/eyeonmessaging/stephanie-jordan/ftc-s-long-awaited-privacy-report-guide-future-policy" data-lang="en">Tweet</a></div><p>Earlier this month the Federal Trade Commission (FTC) released its preliminary staff report on privacy entitled <em><a href="http://www.ftc.gov/os/2010/12/101201privacyreport.pdf">Protecting Consumer Privacy in an Era of Rapid Change</a></em>. The report offers a ‘proposed framework for businesses and policymakers’ and finally puts an end to the anticipation after a yearlong series of roundtable discussions by FTC staff.</p> <p>One of the reasons this report is a big deal to privacy advocates is because many feel the FTC to date has not done enough to protect consumer privacy. Justin Brookman, privacy project director for the <a href="http://cdt.org">Center for Democracy & Technology</a> (CDT), who has closely followed the FTC’s efforts, says: “The report acknowledges that the FTC’s previous approach focusing on notice-and-choice and harms (to users) have not provided sufficient privacy protection to consumers. The new framework centers on three principal ideas: privacy by design, simplified choice, and greater transparency.”</p> <p>Long-time privacy advocate Fran Maier, president of <a href="http://www.truste.com">TRUSTe</a> is happy with the direction the draft report is taking: “Generally, we think that the report is a positive inquiry that balances the need to protect consumer privacy while continuing to foster innovation in today’s online technology-driven markets. The report reflects a thoughtful understanding of the changing nature of the online ecosystem – with the advent of mobile and other platforms – and highlights the complex questions posed by the collection and use of consumer data in the digital age.</p> <p>While the report is an important step toward greater privacy protection, the FTC itself does not have especially sharp teeth. The expectation is that the report’s recommendations will in turn influence future rulemaking by legislators. In addition, it hopes that industry privacy policies will also be reflective of these principles. </p> <p>Specifically, the FTC makes the following recommendations to reduce the burden on consumers and ensure basic privacy protections: “Companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices. Such protections include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy. Companies also should implement and enforce procedurally sound privacy practices throughout their organizations, including assigning personnel to oversee privacy issues, training employees, and conducting privacy reviews for new products and services.”</p> <p>The FTC also states: “Consumers should be presented with choice about collection and sharing of their data at the time and in the context in which they are making decisions – not after having to read long, complicated disclosures that they often cannot find. The report adds that, to simplify choice for both consumers and businesses, companies should not have to seek consent for certain commonly accepted practices. It is ‘reasonable for companies to engage in certain practices – namely, product and service fulfillment, internal operations such as improving services offered, fraud prevention, legal compliance, and first-party marketing,’ the report states. By clarifying those practices for which consumer consent is unnecessary, companies will be able to streamline their communications with consumers, reducing the burden and confusion on consumers and businesses alike.” </p> <p>To the extent that it can, the FTC will enforce the principles. “We fully expect that the FTC will go to the limit of its authority to enforce these principles where they can, under its Section 5 authority to enjoin deceptive and unfair practices, and under various sector-specific laws such as the Fair Credit Reporting Act or the Children’s Online Privacy Protection Act,” believes Brookman.</p> <p>Overall, Brookman is pleased with the way the FTC is responding to the complex issue of consumer privacy. “This report should bolster efforts to enact a privacy bill next Congress. Its recommendations are consistent with what is being discussed on the Hill.”</p> <p>The FTC is accepting comments on the draft report until January 31, 2011.</p> <p><strong>EDITOR’S NOTE:</strong> Tomorrow, Jesse McCabe, of <a href="http://www.webroot.com">Webroot Software</a> and I present the Messaging News webinar “<a href="http://www.messagingnews.com/form/webinar-why-policy-based-email-encryption-is-critical-2011#form">Why Policy-Based Email Encryption is Critical in 2011</a>”. Privacy and data breaches are among the topics we will discuss. If you have an hour tomorrow beginning at 10:00am (Pacific), be sure to join us.</p> </article> </main></body></html>