Virtualization Newsletter
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Blogs and Discussion
 CIO Web 2.0
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Mid-Market CIO Panel: Tips and Techniques for Improving Vendor Relationships

July 15, 4:00 PM - 5:00 PM U.S./Eastern (GMT-4)

We'll highlight relationship priorities and best practices identified in a Council study, and we'll interact with a CIO panel on the approaches they've used to improve strategic vendor partnerships.

Secrets of Successful Vendor Contract Negotiations for the Mid-Market

Sept. 10, 2009, 11:00 AM - 12:00 PM U.S./Eastern (GMT-4)

On this free public Council teleconference, Matthew A. Karlyn, attorney at Foley & Lardner in Boston, will share tips on negotiating tactics and new, creative contract terms to help mid-market CIOs make better deals.

Executive Competencies Assessment Tool

Assess Your Business Leadership Skills with the Council's new benchmarking tool. Rate yourself in change leadership, strategy, customer focus and more.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News
 

Panel: Open Phones Are More Vulnerable

The opening up of the mobile industry is great news for application developers but not so good for IT security professionals who want to sleep at night, executives from the security industry said Thursday.

 

By Stephen Lawson

September 11, 2008 — IDG News Service —

The opening up of the mobile industry is great news for application developers but not so good for IT security professionals who want to sleep at night, executives from the security industry said Thursday.

Mobile phone operating systems have been highly fragmented and carriers have tightly controlled the applications that can easily be used on phones, but that approach is giving way to open-software platforms and easy-to-use application stores. In addition to Apple's recently introduced iPhone SDK (software development kit), Google's open-source Android platform is due on phones soon and an open-source version of Symbian is on the way.

"Everyone has now decided that the developers are very important for the future of this business. If a developer can load software on a device, a hacker can load software on a device," said Mark Kominsky, CEO of Bluefire Security Technologies, during a panel discussion at the CTIA Wireless I.T. & Entertainment show in San Francisco. "I think we're probably 12 to 18 months away from something big happening," he added.

Mobile devices are beginning to have high bandwidth, open platforms and the ability to load new software, Kominsky said. "Those are the critical elements that occurred in the notebook when viruses took off about 20 years ago," he said.

Symbian, the single most widely used mobile software platform, has already wrestled with the dangers of openness to third-party developers, said Khoi Nguyen, group product manager in mobile security at Symantec. Symbian 7 and 8 were fairly open and allowed almost any application to be installed and run. This led to a few hundred viruses being introduced within a couple of years, so Symbian 9 was locked down significantly, he said.

That made it much harder and more expensive to develop applications for the OS, even for a big company such as Symantec, Nguyen said.

Symbian and other platform vendors will have to find a balance between security and openness, he said.

By the same token, the fragmentation of the mobile world that has hobbled software developers still insulates phones from the onslaught of attacks on PCs.

Symbian has less than 70 percent of the market, Nguyen said. "It makes it very hard for a hacker to develop a single threat ... that can run on all these different platforms," he said.

Nevertheless, there are some new types of malware for enterprises to look out for, as well.

"Snoopware" is a form of spyware that can activate the microphone or camera without the user's knowledge, listen in on calls and collect text messages and call logs. Another type of threat, which he called "pranking4profit," can trick the user into allowing actions that will cost money. In one case, a hacker advertised a free Web browser for Symbian phones and convinced many users to download code that caused their phones to send thousands of premium SMS (Short Message Service) messages to a hacker's phone. Each one cost the sender US$2 or so, Nguyen said.

 
 
Loading...
 
WHITE PAPERS

5 Tips for Data Loss Prevention Solutions

RSA® The Security Division of EMC has identified 5 key considerations to help organizations simplify the evaluation process for selecting a DLP solution that is right for their business.
 

Communications Transformation Platform

The Communications Transformation Platform enables you to provide the services your customers demand - faster, cheaper and with less risk.
 

Global Change in the TV Industry

Capgemini and MediaXchange have captured key insight to the change across the TV industry.
 

Secure Training Videos to Prevent Theft

Learn how Dream Force extended their marketing reach without being constricted.
 

Prevent Intellectual Property Theft

Learn what the key components were in Hock International's purchasing decision.
 

Is Your PDF Security Software Really Secure?

Find out what security vendors might not be telling you about their products and solutions.
 

WEBCASTS

Managing Client Systems in the Enterprise

Keeping client systems costs under control is just one of the many initiatives IT must address when trying to manag...
 

Webcast with Dan Vesset: Investing in Business Analytics Technology

What exactly is business analytics and why should you care? Dan Vesset of IDC and Gaurav Verma of SAS answer this a...
 

Capitalize on Your SAP Content

After 18 years of partnership and over 3,000 successful customer deployments, Open Text has become SAP's premier pa...
 

Enterprise Cloud Computing: Ready for Primetime?

The progression toward enterprise cloud computing is happening today, as industry leaders deploy technologies that ...
 

Preparing Your Business Services for the Future

Would you trust your network monitoring tools enough to know when something is truly halting a business service? Wh...
 

Enterprise System Management Challenges in Big Organizations with Eli Almog

In this Podcast with Eli Almog, Corporate Architect in BMC's CTO Office, discusses how IT managers can know when it...
 

Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

Stop Application Fraud at the Source with Device Reputation

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Accenture IT Consulting: Enabling high performance. More...