Re: [Fed-Talk] Q1 2013 Mobile Threat Reports
Re: [Fed-Talk] Q1 2013 Mobile Threat Reports
- Subject: Re: [Fed-Talk] Q1 2013 Mobile Threat Reports
- From: Dan Beatty <email@hidden>
- Date: Wed, 15 May 2013 16:46:28 -0700
- Thread-topic: [Fed-Talk] Q1 2013 Mobile Threat Reports
Title: Re: [Fed-Talk] Q1 2013 Mobile Threat Reports
Hi Peter,
I can certainly relate to two notions of employment in this case. One are a number of technicians who argue about altering the OS itself, and the other is the number of iOS developers (just by training).
It has very little to with altering the OS. The iOS kernel is a non-monolithic kernel, and therefore most of the modification classic to Linux are a little more trivial on iOS. That does not mean that one does not skill, but the amount of effort is reduced. I can see that becoming a labor dispute issue one is looking for something to do, and it happens to be a solved problem.
The second issue comes down understanding basic design paradigms. Given the hiring freezes at most bases, one simply can’t move people with skills from one command to another. Likewise, hiring new talent that has the skills is out of the question, too. By the way, I happen to develop for iOS, and make no apologies at all. My customers in Navy pretty much say they want iOS, and I am fairly capable of teaching and delivering.
It also would not surprise me that some one would try to make a stove-piped version of the Android on the premise of setting some elaborate contract. Right now it seems smarted to use the off the shelf notion, and apply standards in development to force each vendor to be competitive. Oops, I almost forgot your point on employment. Well, talk about a contradiction to law and policy.
Any who, I am developing and happy to obtain synergy.
V/R,
Daniel Beatty, Ph.D.
Computer Scientist, Detonation Sciences Branch
Code 474300D
1 Administration Circle M/S 1109
China Lake, CA 93555
email@hidden
(LandLine) (760)939-7097
(iPhone) (806)438-6620
On 5/15/13 3:10 PM, "Link, Peter R." <email@hidden> wrote:
Dan,
Sounds right to me. With iOS you can't mess around with everything like you can with Android. Because of this, the mobile IT managers and support staff won't have much to do (just like with Windows). We can't go and fire all those technicians that wouldn't have anything to do except a 15 minute deployment.
I don't believe Android per se was approved, just a specific Samsung implementation of Android. They call it a secure implementation but we'll see how long they keep it secure or how quickly they open it up to allow it to do all the important things they have to have. We'll also see how often and quickly Samsung is able to update that Android implementation to patch all the holes it grows. iOS isn't perfect but Apple is able to patch things quicker than any of the Android OEMs.
I have to wonder what justification they used to purchase a product with limited software support. Is Samsung (non-US company) going to provide software support or is a third party responsible for it? Has the third-party vendor been vetted by computer security? I guess if someone wants something, all the rules go out the window.
On May 15, 2013, at 1:04 PM, "Rubin, Bruce Civ USAF AFMC AFRL/RIEBA" <email@hidden> wrote:
Dan,
Perhaps I should assume that it since it seems that everyone where I work (Air Force Research Lab Information Directorate) that is involved with mobile is focused on Android, not iOS (I don’t know a single effort involving iOS), it is because it is a greater challenge to employ in the DoD than working with iOS.
Bruce Rubin
Computer Scientist
AFRL/RIEBA
525 Brooks Road
Rome, NY 13441-4505
DSN: 587-4506
Tel: (315) 330-4506
Cel: (315) 335-1323
"IF YOU FAIL TO PLAN, YOU PLAN TO FAIL."
From: fed-talk-bounces+bruce.rubin=email@hidden <mailto:fed-talk-bounces+bruce.rubin=email@hidden> [mailto:fed-talk-bounces+bruce.rubin=email@hidden <mailto:talk-bounces+bruce.rubin=email@hidden> ] On Behalf Of Dan Beatty
Sent: Wednesday, May 15, 2013 3:49 PM
To: Fed Talk
Subject: Re: [Fed-Talk] Q1 2013 Mobile Threat Reports
Hi Gang,
I should be careful on this notion, but one of the aspects barely covered in the report are the “mashups”. These are mobile applications that run in the web browser. Even a single source web site technically has a second source in terms of the browser, itself (thus the mashup term is valid).
Safari is sand-boxed on iOS, thus the system itself is more or less safe. However, the Androids are producing quite a bit of trouble that could spill over to other device’s web browsers. Ouch, droid does.
V/R,
Daniel Beatty, Ph.D.
Computer Scientist, Detonation Sciences Branch
Code 474300D
1 Administration Circle M/S 1109
China Lake, CA 93555
email@hidden
(LandLine) (760)939-7097
(iPhone) (806)438-6620
On 5/15/13 12:14 PM, "William Cerniuk" <email@hidden> wrote:
Looking over the Q1 2013 F-Secure Mobile Threat Report. Things look great for iPhone, BlackBerry but not so good for Android.
- 149 Threats in the wild
- 139 Android - 91.3%
- 13 Symbian - 8.7%
- 0 iOS (iPhone, iPad, iPod) - 0%
- 0 BlackBerry - 0%
- 0 Windows Mobile - 0%
From the report:
“The Android malware ecosystem is beginning to resemble that which surrounds Windows...”
What is really concerning is that the threats for mobile are not the typical hack the system threats, but according to F-Secure the majority are profit motivated (76.5%). Many of these malware packages coax the user to install a piece of software that contains a trojan. Given that you can download from anywhere on Android, it makes sense that this impacts Android vs iOS which requires all software to be vetted by Apple and come through the safety of the iTunes App store. The openness of Android is unfortunately a double edged sword.
http://www.infoworld.com/d/mobile-technology/android-threats-growing-in-number-and-complexity-report-says-218523
Sophos apparently threw in the towel and just reported on the malware state of affairs for Android:
http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf
But isn't it just the argument that Android is attacked more because there are more Android? Maybe not… and no matter what, the ratio does not hold true even if that old tired argument about popularity breeds malware were true.
http://www.netmarketshare.com/mobile-market-share?qprid=8&qpmr=100&qpdt=1&qpct=3&qpcustomd=1&qptimeframe=M
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94551-0808
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden