Trend Micro rates Windows Phone behind iPhone but ahead of Android for enterprise security
Trend Micro has compared four mobile operating systems, Blackberry 7, iPhone, Windows Phone 7 and Android for suitability for enterprise use, scoring them on a combination of factors including built-in security, application security, authentication, device wipe, device firewall, virtualisation, and many others.
The final outcome was BlackBerry 7.0 scored highest across the board (2.89), ahead of (in descending order) Apple iOS5 (1.7), Windows Phone 7.5 (1.61), with Google’s Android 2.3 scoring the lowest at 1.37.
On Windows Phone they said:
Windows Phone - Microsoft has learnt the lessons of the past and created a reasonably robust and secure smartphone operating system in Windows Phone. The OS uses privileges and isolation techniques to create sandbox processes. These “chambers” are based on a policy system that, in turn, defines which system features the processes operating in a chamber can access.
Android was criticized for not having a central means of providing Operating System updates, meaning that many users remain unprotected from critical vulnerabilities for a prolonged period, having removable storage and allowing the user to give apps privileges which can easily compromise security.
Windows Phone 8 is expected to increase Enterprise support tremendously, which should vault the OS over the iPhone, if not completely up to Blackberry territory. Maybe buying RIM will solve that problem 
.
Read the full report here.
Introducing Password Jinni – The Most Flexible And Polished Password Manager.
 |
 |
 |
Don’t you feel a bit overwhelmed to remember a myriad of passwords, PINs, logins, bank accounts and all that private data? Hope you are not using your birth date as password everywhere! Password Jinni is here to help organize your private data and remember just ONE password.
In Password Jinni you can preserve passwords, bank account, credit card and passport numbers, membership data, work credentials, private contacts, web logins and everything else. All remain secure on your phone, always close at hand.
To ensure your data is securely stored and prevent any future data loss, Password Jinni features a unique backup system with automated local backups and user SkyDrive backup. You can save and restore from any of your previously created backup files.
Password Jinni will impress you with ease of use , smooth operation and endless flexibility. It entirely utilizes the Metro design paradigm and promotes dark and light themes, landscape orientation and fast application switching (with time-out lock).
Features include:
Fast and Secure:
- Military-strong 256 bit-AES encryption. Not just your passwords, but all data is encrypted in proprietary binary format. No one can read it outside the application.
- Unbeatable performance. Can handle thousands of records in a second.
- Robust passwords with an integrated password generator.
- Password strength estimate bar to ensure your manually typed passwords are good enough.
- Mask password fields to hide them from view.
- Mango support of fast applications switching. Timeout lock when navigate away for additional security.
SkyDrive Backup:
- Unique backup system with local automatic backup and SkyDrive backup to ensure your data will be safely preserved.
Flexible:
- Fully customizable entries for username, password, pin, email, website, phone, address, date or your own text custom fields.
- Predefined templates to speed up creating new records. Save custom templates for your particular needs.
- Easy categories. No limit of categories associated to a record
- Password expiration management. Notification for expired records, easy filter expired records for review. Fast setting of standard expire periods.
Find what you need.:
- Quickly access any record marked as favourite.
- Powerful search – Search inside a category, search by first letter or search by all record fields.
- View all records associated to category in just two clicks.
Easy to use:
- Quick copy your credentials directly in Internet Explorer or other apps.
- Launch phone calls, emails, websites, or address maps straight from the app.
- Familiar classic Metro interface. Enjoy dark and light themes.
- Full landscape support.
Multilingual:
- Use Password Jinni in your own language. It supports English, German, French and Swedish. You don’t have to set up anything. The language will be automatically chosen based on the regional settings of your device.
Try before buy:
- With a generous 30-days trial period, you can ensure with quality in confidence. No functionality limitation, except backing up data.
Webkit mono-culture strikes as major browser vulnerability affects iPhone, Android and Blackberry
An often heard refrain is that Microsoft should stop trying to develop its own browser rendering engine and just capitulate to webkit, the browser engine used in most of the mobile web.
Microsoft’s stubbornness is paying off today, as George Kurtz, CEO of the new security company CrowdStrike warned of a new vulnerability affecting all Webkit Mobile browsers which could give malware complete control of your phone.
He warned the malware could listen in on your conversations, view through your camera, track your location and record everything in your email and messages, and that devices can be infected by simply visiting a malicious website. Devices would even potentially be infected by SMS messages.
Kurtz has some credibility, having discovered the Chinese Shady Rat operation that compromised US government and defence contractors in 2011 while he was CTO at McAfee. He left that company after the Intel acquisition.
Kurtz is set to demonstrate the vulnerability at the RSA security conference tomorrow, but until the issue is fixed he said there is not much users can do except not to click on untrusted links and wait for updates, something which on Android especially can be an issue.
Kurtz confirmed Windows Phone 7 was unaffected.
Read more at Computer World UK here.
Windows Phone SMS bug fixed in Tango
Using unspecified sources, The Verge claims that Microsoft has successfully fixed the messaging bug in Windows Phone that was found in December. Microsoft quickly determined the cause of the bug and began testing a fix, which is now apparently ready for distribution.
Originally discovered by Khaled Salameh, the bug would crash and permanently disable the messaging hub upon receiving a special text message, be it through SMS, Messenger or Facebook Chat. A similar issue has since been reproduced on many Microsoft desktop applications as well, though there’s no word yet on whether and when those will be fixed.
As for Windows Phone, the fix is expected to be included in the upcoming Tango update, slated for April.
Source: The Verge
Android Malware increase 3325% in 2011
We are used to seeing massive growth rates with Android, but I am sure this is one statistic Google will not be touting in their quarterly reports.
Juniper Networks Mobile Threat Center reports Android malware samples had increased from 400 to 13,302 during the last 6 months of 2011, a growth rate of 3325%.
The worst offenders were Spyware, at 63%, but 36% could have cost you actual money, in the form of premium rate SMS Trojans.
Malware was also becoming more sophisticated, like Droid KungFu using encrypted payloads to avoid detection and Droid Dream disguising itself as a legitimate app.
While Juniper Networks found some malware on Windows Mobile (0.7% of the total) they did not identify any such threats on Windows Phone.
The full report can be seen here.
Via ZDNet.com
A talk on how OEMs compromise Windows Phone 7 security (video)
The Deepsec conference have posted a video of the talk given by Alex Plaskett at the DeepSec 2011 security conference, held November last year.
Alex describes how the security model of Windows Phone 7 is relatively good, but how sloppy coding by OEMs, who have privileges beyond normal developers, can introduce weaknesses.
The talk is about 30 min long and can be seen above.
Up to 5 million Android handsets infected with information-stealing bot
Symantec has released a report detailing a new variation on a trojan malware which may have infected up to 5 million Android handsets.
Android.Counterclank is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.
The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year. With 250 million Android handsets activated, it appears a significant percentage of Android users are suffering the effects of malware, downloaded directly from the Android Marketplace, and a problem which has only continued to escalate, with Juniper Networks saying Android malware is increasing at a rate of 1,320% per year.
While Windows Phone has not been free of its issues, it is by design much, much less of a wild west than the Android ecosystem. Feeling secure when you downloads apps is definitely a clear reason to chose Windows Phone over Android.
Did the 8107 update also fix the Windows Phone SMS vulnerability?
When the news of the 8107 update for Windows Phone 7 appears I was pretty excited about a solution for the disappearing keyboard problem.
Now however Chris Walshie has found there may be a much more significant fix included with the update. He found the package contains patches also for the SMS module and contacts in the Windows Phone 7 OS. Windows Phone 7 was recently revealed to be vulnerable to a messaging bug where a specially crafted message, either via SMS or Windows Live Messenger/ Facebook could reboot the phone and then deny further access to the Messaging hub, which could only be fixed by a hard reset, which would lose SMS messages and other app data which could not be backed up.
While this is no proof (I guess we will have to wait for either Microsoft or the developer of the DOS hack to verify this) I cant imagine Microsoft releasing an OS update without fixing this serious issue first.
Update: Tom Warren has directly confirmed that it does not fix the issue. I guess we are due another one soon then?
Microsoft Found Cause For Messaging Bug, Testing Fix
Microsoft apparently found the root cause of the messaging bug and is currently testing a fix.
Two weeks ago, WinRumors revealed the bug, which would crash the device and kill the messaging app upon receiving a special text message, and contacted Microsoft with the details, including the specific text which otherwise has not been published.
Now Microsoft apparently contacted Khaled Salameh, who originally found the bug. He tweeted that Microsoft’s security team “confirmed the WP7 SMS Bug and found the root cause, a fix is currently under testing”.
However, it should be noted that this bug seems to be common across a wide range of Microsoft products using its Silverlight/WPF framework, which includes Windows Phone but also desktop applications such as Windows Live Messenger, Visual Studio and Blend, according to Salameh. He says Microsoft is still investigating this issue.
Microsoft confirms Windows Phone Messaging killing bug
Tom Warren from Winrumors revealed (pretty irresponsibly we feel) that Windows Phone 7 has an SMS bug that would allow specially formatted messages (be it from Facebook, SMS or Windows Live) to reboot devices and then cause the Messaging system to lock up permanently, requiring a hard reset to fix.
This would of course be a pretty good denial of service attack on a user, and given that it can come from a SMS message, it could originate from people completely unknown to you.
Microsoft has now confirmed the bug and promised to work to fix it, with Greg Sullivan, Senior product manager for the Windows Phone division telling the Verge:
“We are aware of the issue and our engineering teams are examining it now. Once we have more details, we will take appropriate action to help ensure customers are protected.”
The last time Microsoft had to send out a security update it was for the browser certificate security vulnerability, which was pushed out several months after the vulnerability was patched on the desktop. Lets hope Microsoft proves more nimble on this occasion.
Source:theVerge.com
Joe Belfiore confirms no CarrierIQ on Windows Phone
When we posted about CarrierIQ this morning we were a bit guarded crowing about the spyware not being present on Windows Phone 7 (unlike iPhone, Android and Blackberry), but Joe Belfiore now confirmed that Windows Phone 7 handsets are completely unencumbered by the keylogging software, meaning if you want a secure phone, there is one more reason to jump to Windows Phone.
CarrierIQ spyware now found on iOS, Android, Blackberry and Symbian – only Windows Phone not implicated so far
We don’t know if its simply due to not being investigated yet, but so far only Windows Phone 7 appears not to be infected with the Carrier IQ software, which is installed on not just millions of Android and Blackberry devices, but also installed on iOS, so far thought to be immune due to Apple’s supervision.
It is interesting however that, once Apple became involved, the tone of the conversation suddenly changed, with chpwn, who found the software on iOS noting:
It appears that if you really care about this, Windows Phone 7 is the only mobile operating system without this installed. ;P However, I think the blame here really belongs with the US carriers who obviously demanded this: personally, I am completely fine with this data being sent off (especially if it helps AT&T’s network improve), but I would definitely prefer if it was more transparent — even if you can disable it with that toggle, Apple only explains that it “might contain location data”.
CarrierIQ is likely a carrier requirement, but no-one likes being spied on, and so far, as far as we know, the only platform free of this scrounge, which is installed on 142 million devices, is Windows Phone 7.
Users on other platforms are free to switch – I hear AT&T have some pretty good deals these days
Windows Phone 7 browser exploit demoed
Alex Plaskett from MWR Labs have demoed a browser exploit in the pre-Mango Internet explorer which in combination with vulnerable code in HTC’s drivers can result in full kernel-mode access, which can be used to install rootkits, eavesdrop on a user or of course could be used to jailbreak the device.
Interestingly the browser vulnerability itself still does not allow full access to the OS, as it runs with least privileges, hence the requirement for the second vulnerability.
The hack also had to to defeat Address Space Randomization and eXecute Never flags.
The Mango update fixes the vulnerability and makes it more difficult to find new ones, but of course no platform is ever 100% secure. However MWR Labs lay a lot of the blame on OEM code, which they note have many more exploits that Microsoft’s native code. This problem did not go away with Mango.
Alex recently presented the hack at Microsoft’s BlueHat Redmond Security Brief and I am sure Microsoft is already hard at work making the OS more secure, as there recent job postings suggest.
Scan QR Codes, UPC, EAN, Code 39/128 or ITF barcodes on your Windows Phone 7 to find best prices online.
Enjoy slots? Blackjack? Video Poker? Play Crazy Casino FREE!
#1 FREE Solitaire on WP7
If your a fan of Pong then you will love this game. Heavenly Skies. Save the universe! Are you ready?
A rewarding mix of match 3 and tetris gameplay
Free, Live Tile support for Word Of The Day and so much more. Why NOT try it out?
Set up reminders with only two taps. Supports also text reminders and voice reminders.
Download the best puzzle game in WP7 Marketplace for FREE!
Are you a good Alchemist ?
Use your brain to discover Atomic Energy, Chuck Norris, Angry Birds and 1400 more !
Fun puzzle game with over 150 levels!
Fully featured, beautifully designed WP7 YouTube app.
u.n.i MEGA PACK (FREE), the ultimate addictive top GAMES bundle for Windows Phone 7! 7+ and growing!
Highly addictive word game designed for adrenaline junkies. Practice locally, but then are you fast enough to compete online?
The smartest Google reader app.
Air Soccer Fever - Realtime Online Multiplayer casual soccer game for FREE
Beat the Story Mode. When your done Bring your skill online. Rank up by winning online matches. Have 1 on 1's with anyone! Global Online Multiplayer!
Newest devices leaks, online charts and ultimate performance benchmark for every Windows Phone.
Every day, get great app deals from Windows Phone developers pushed to you!
Quick Tiles, a fully featured live tile editor for Windows Phone.
Great sports app for NFL, NBA, MLB, NHL. Pin scores/games to live tile on your home screen.
MobileFax gives you the opportunity to send fax pages from your mobile phone anytime, anywhere !
WP7 Exclusive version of Hanging with Friends
Fabulously fun, lovable, crazy! Bubble Pong Championship
A remake of the classic snake game. The snake wants to grow so don't wait and help her!
Promote your app on WMPoweruser.com
Facebook
Twitter
RSS
Youtube
GooglePlus