A week after the release of iOS 5 several flaws and vulnerabilities that could affect your data security have been found. Unauthorized calls, Smart Cover unlocks and media access are all possible with system defaults.

Sophos and the NCSA are holding an event in Washington DC October 27th, 2011 to help spread the word about National Cyber Security Awareness Month. Join us for a cocktail reception and panel featuring Michael Kaiser, Rob Strayer and Chester Wisniewski.

Yet another scam is spreading rapidly on Facebook, this time claiming to offer a free £500 Argos gift card to British shoppers. Remember to always think twice before sharing "special offer" links with your friends!

Hackers have spammed out an attack, posing as pictures of the death of Libya's Colonel Gaddafi. The messages pose as photographs from the AFP news agency.

Messages are spreading rapidly between Facebook users about alleged ASDA Gift Vouchers, offering free shopping to "celebrate" the British supermarket chain's "birthday".

A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a regular desktop computer's keyboard via the accelerometers of a smartphone placed nearby.

We might never find out what really happened in the Stuxnet case. But what about Duqu, the son of Stuxnet? One writer already seems to know with certainty, and despite the absurdity of his claims, his story is getting picked up around the world.

Max Schrems, a 24-year-old law student, is now sitting on a pile of 1,200 pages that comprise his personal-data Facebook dossier. Here's how you can demand the same information from Facebook.

Investigating a few compromised web sites reveals some interesting behaviour in the PHP hacks that are being used to compromised legitimate web servers in order to redirect unsuspecting users to exploit sites.

Apple's new "Siri" feature, the voice-activated personal assistant built into the iPhone 4S, leaves owners' spanking new smartphones partially unguarded.

Mac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X.

When security researcher Patrick Webster recently alerted his investment fund company of a glaring security lapse, he was thanked with a legal threat and notice that he just might be billed for the security fix.

Reports have emerged suggesting a new piece of malware derived from Stuxnet has been reused to perform information gathering. Find out what we know and the links to the infamous Stuxnet worm.

Cybercriminals have spammed out malware, posing as an email from the Royal Mail. The emails, which claim that a package has been returned to the Royal Mail office, contain a Trojan horse designed to infect your computer.

Beware of links being spread on Facebook that claim you can eat for free at Pizza Hut. Don't be fooled into believing that you can receive a free pizza coupon, as this is just the latest scam spreading on the site.

In the world of Windows malware, SpyEye is a widely spread malicious toolkit for creating and managing botnets designed primarily for stealing banking credentials and other confidential information from infected systems.

SpyEye is a major competitor of infamous Zeus toolkit. Zeus (also known as ZBot) generated a lot of interest in the mobile security community a couple of months ago when an Android version was discovered.

Of course, we did not have to wait for too long before a version of SpyEye targeting Android was also developed, and sure enough a malicious SpyEye Android app was discovered a few days ago.

The functionality of Zeus and SpyEye on Windows is quite similar, so I was curious as to how similar their respective Android versions would be.

Zeus for Android purports to be a version of Trusteer Rapport security software. This social engineering trick is used in an attempt to convince the user that the application they are installing is legitimate.

SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a slightly different but similar social engineering technique.

When the user of a PC infected by the Windows version of SpyEye visits a targeted banking website, and when the site is using mobile transaction authorization numbers, the SpyEye Trojan may inject HTML content which will instruct the user to download and install the Android program to be used for transaction authorisation.

The SpyEye application package does not include an icon which would be displayed in the "All apps" menu, and the user will only be able to find the package when the "Manage Applications" is launched from the mobile device's settings.

The application uses the display name "System" so that it seems like a standard Android system application.

When installed, Zeus for Android displayed a fake activation screen, and Spitmo is again very similar.

However, Spitmo uses different tactics to reinforce user's opinion that it is a legitimate application.

It applies for the following permissions Android permission:

<action name="android.provider.Telephony.SMS_RECEIVED" />
<action name="android.intent.action.NEW_OUTGOING_CALL" />

This allows the malware to intercept outgoing phone calls.

When a number is dialed, the call is intercepted before the connection is made and the dialed phone number is matched to a special number specified by the attacker in the alleged helper application installation instructions.

If the number matches, Spitmo displays a fake activation number, which is always 251340.

Once installed, the functionality of Zeus and SpyEye are pretty much the same.

A broadcast receiver intercepts all received SMS text messages and sends them to a command and control server using an HTTP POST request. The submitted information includes the sender's number and the full content of the message.

So far, it does not seem that this attack is widespread, but it shows that the developers of major malicious toolkits are closely watching their competition and matching the latest features.

It also seems that support for Android is increasingly becoming an important part of their product strategy.

Follow @VanjaSvajcer

The faceless power of Anonymous rages on.

Like headless horsemen, they gallop across the internet, intent on causing massive headaches and embarrassment for some, while keeping their fans and the media informed via social media.

Sounds even too good for a Hollywood movie plot. You couldn't make it up.

But it turns out that someone did make up the recently disclosed FBI document 'Psychological Profile of the Anonymous Key Personalities' [PDF].

And the story was covered by several reputable media outlets, though admittedly some voiced skepticism.

On September 8, Anonymous used Twitter and Tumblr to distribute the fake document.

The question is why did anyone ever think it was real?

• Why would Anonymous leak a document that would put their esteemed leaders at risk?
• Why would the FBI actually use Wikipedia as their sole information source for Anonymous's background?
• The codename for the field informant is Marotte (which means prop stick, dummy head or fad)
• Looking at the copious typos and grammar glitches in the document, would the FBI have a profiler without a basic grasp of written communication?

So all this made us at Naked Security a bit suspicious at the time. So no surprise that this so-called FBI document turns out that it is a fake.

The thing is though, it does make for interesting lunchtime reading. I absolutely love some of the profiles in this faux document.

It defines "Kayla" as a violent, amoral bisexual with an inferiority complex, and "Topiary" as a youthful, obsessive idealist, possibly afflicted with Aspergers.

Forgive the quasi-psychology here - couldn't a fake document, if indeed it is written by the Anonymous leaders, be used to help the FBI and other authorities better understand the collective? What seems like nonsense to its authors could accidentally reveal some interesting insights for those that analyse and pigeon-hole personalities.

That said, some of you might remember that great article by Malcolm Gladwell where he concludes that criminal profiling isn't all that helpful to the capture of wanted criminals.

So what is the upshot? Whoever is involved in writing this didn't waste the FBI's time with this forgery, because they must have been aware from the get-go that this did not originate from their internal team.

Those responsible for the document did however manage to get the internet, media and bloggers yacking about it. Yes, even me. Anonymous have notoriety because many people have written about it. And if Anonymous did indeed pull this together, they have just lied to their online followers. tsk tsk.

Please, can we all make sure we take this collective's word with a grain of salt next time?

Follow @caroletheriault

British comedian Dom Joly has contacted the police, after an internet troll made abusive comments about his children via Twitter.

The star of "Trigger Happy TV" was upset that a Twitter user called @deathtojolykids sent a string of offensive messages, including ones hoping that the comic's children got cancer.

Joly managed to get the Twitter account suspended, and filed a complaint with his local police force asking them to investigate.

Earlier this week, in a separate incident, a man was jailed by a British court for 18 weeks for leaving hurtful messages on Facebook and YouTube memorial sites.

25-year-old Sean Duffy, was imprisoned after pleading guilty to two counts of "sending a communication of an indecent or offensive nature." His victims had included the family and friends of teenager Natasha MacBryde who had killed herself after being bullied.

Duffy had posted the upsetting comments, despite never even having met Miss MacBryde.

The internet is full of trolls

The internet can turn people who might appear perfectly pleasant if you met them face-to-face into ugly trolls online.

The fact is that it's a lot easier to be downright rude and offensive via a computer than if you're standing opposite someone. Sitting in front of a keyboard and monitor can make us forget that there's a real human being with feelings, reading the message at the other end.

Trolls take this to an extreme, revelling in the chaos they can stir up on an internet message board - the more people they offend, the better in their book as they purposely cause trouble.

Don't feed the trolls

The first piece of advice is one that should be familiar to us from fairy stories: "DON'T FEED THE TROLL".

If an internet troll is demanding attention, don't give them any.

Responding to them can just feed the flames, and encourage them to post more offensive remarks. Eventually they should grow bored and disappear.

As tempting as it is to fight fire with fire, you'll only be pouring fuel on the flames if you respond in kind.

Blocking and reporting trolls

When a troll stops being merely annoying, and is plainly harassing you then things get more serious. You should report the behaviour to the internet site you're using (such as Facebook), and block them - if possible - from contacting you again.

If you feel that the social network isn't being responsive, maybe you can get the media to apply some pressure?

You may have to be inventive to get the problem sorted. In my own experience, when my family was threatened by Facebook users, I found Facebook unresponsive and unwilling to remove highly offensive Photoshopped images until I complained that they might be a breach of copyright!

Physical threats against you and your family should be reported to the police, who should take a threat delivered via the net as seriously as one sent via the post or delivered via telephone.

If you're setting up an online tribute site, it can make sense to not make it open to the general public but request that people ask permission to join it. That way, you can delete any upsetting messages and banish any trolls who are merely there to cause offence.

No magic wand

It's a sad reality that trolls will always exist - we can't wave a wand and make them disappear entirely from the internet. But we can reduce the opportunities for them to cause trouble, and we can perhaps make them realise that what they're doing is destructive.

How trolls could make the internet a less safe place

What trolls might do well to realise is this - their antisocial activities, normally hidden behind a cloak of fake names and pseudonyms, plays into the hands of those who would like to do away with anonymity on the internet.

Do you really want to live in an internet world where anonymity has been banned, preventing freedom of speech and stomping on those who have a genuine need to keep their identity secret?

Don't feed the trolls, but most importantly - don't be a troll. You could make life worse for everyone.

Follow @gcluley

Mila Kunis, the star of movies such as "Black Swan" and "Friends with benefits", is the latest celebrity to be making the headlines over allegations that hackers broke into her mobile phone and stole nude photos.

In the wake of the story about nude photos of Scarlett Johansson, several gossip websites have reported that they were contacted by people offering to sell them pictures stolen from Mila Kunis.

In Kunis's case, the images are said to have been taken from her mobile phone, and apparently show her "Friends with benefits" co-star Justin Timberlake lying on a bed topless, wearing some pink underwear on his head, and an image of Mila Kunis in the bath.

A fourth explicit image is said to feature an intimate part of a man who cannot be identified because his err.. head is out of the frame.

It's also alleged that private SMS text messages between Kunis and Timberlake are available on the internet.

Clearly, there's a continuing theme of celebrities having nude photographs of themselves leaked onto the internet - whether to publicise their careers or latest movies, or to make money for those who stole the images.

Past victims have included Christina Aguilera, Lady Gaga, Miley Cyrus and Vanessa Hudgens.

So, here's my simple advice which I recommend to every Hollywood actor/actress, rapper and TV reality star. Cut it out and keep it in your wallet:

In fact, this is good advice for anyone to remember who finds themselves naked with a camera pointed at them, or is considering taking a self portrait before remembering to put on their clothes.

By the way, it's best to print out this page before you cut-out this advice. You don't want to damage your monitor. And ask a grown-up for help with the scissors.

And that's how you avoid having naked photos stolen by hackers.

Follow @gcluley

This weekend is the tenth anniversary of the infamous and pervasive Nimda virus.

In this article, we take a look back in time at the outbreak. After all, as the US philosopher George Santayana warned a century ago, "Those who cannot remember the past are condemned to repeat it."

Nimda first showed itself on 18 September 2001.

Those were heady days. The Code Red worm had appeared in July, taking everyone by surprise with its collateral damage - massive amounts of network traffic, dedicated only to redistributing the worm.

Microsoft's "Whistler" project had been released to manufacturing as Windows XP in August.

Terrorists attacked and destroyed the World Trade Center towers on 9/11 as a shocked world watched on.

And whilst US flights were grounded as a post-9/11 precaution, Australia suffered its own aeronautic outage as the country's second-biggest airline, Ansett, abruptly stopped operating, stranding passengers around the region - including a whole raft of Sophos Sydney colleagues who found themselves camping out at Melbourne airport with tickets to nowhere.

Nimda storms the internet

Boy, did Nimda show itself. It could spread every-which-way, and it did: by sending itself out to your email contacts; by breaking into web servers and infecting files all over your website; by spreading automatically across your network; and by parasitically infecting existing programs on your hard disk.

The result was that if an infected file made its way into your organisation and ran, you could end up with hundreds or thousands of infected computers on your network. And each infected computer - whether PC or server - might have hundreds or thousands of infected, damaged or modified files.

Coming just a week after 9/11, Nimda attracted plenty of speculation that it might be a form of cyberterrorism.

The virus code includes the text:

Concept Virus(CV) V.5, Copyright(C)2001 R.P.China

Since adjectives go before the noun in English, the country of China is known as PRC, not RPC. Does this tell us something? Is the error the sign of a mistake by a Chinese who knows only a bit of English? Are we looking at a Frenchman pretending to be a Chinese who knows a bit of English? Are we looking at a Russian pretending to be a Frenchman pretending to be a Chinese who knows a bit of English?

The answer is, as so often with malware and cybercriminals, that we just can't say. We couldn't know ten years ago when Nimda came out; and we often can't tell today.

Nimda as cyberterrorism

Perhaps, ten years on from Nimda, we can learn to tone down the finger-pointing a bit. It's certain that State actors around the world (that means "hackers paid by a country's intelligence services", not students at the Royal Academy of Dramatic Art) are involved in what might tabloidally be called cyberspying.

But if we trot out the talk of cyberwar and cyberterrorism too much, we distract attention from the clear and present danger of plain-and-simple cybercrime - which almost certainly costs us billions of dollars a year - by making it sound comparatively unimportant. (Things can be simple and important. In fact, simplicity is often the key to significance.)

Nimda as a proof of No Good Viruses

One intriguing aspect of Nimda - to techies, at any rate - is its parasitism: the mechanism it uses to infect other files.

Basic parasitic malware of the day usually carried the original host file around tacked onto the end of the virus. More sophisticated viruses inserted their content as a new code section, or even - as in the CIH, or Chernobyl, virus - into unused parts of the executable.

Nimda took the simplistic approach - carry the original host around with you - but in a complicated way. It embedded the infected host inside itself as a Windows resource. And needless complexity is often the enemy of correct behaviour (if any behaviour by a virus can be called "correct").

Nimda, indeed, would happily reinfect files it had already hit. So you could end up with NOTEPAD embedded inside Nimda, embedded inside Nimda, embedded inside Nimda, and so on.

Not ad infinitum, of course, since only in Turing Machines do you get an infinite amount of memory. But the embedding could get very deep: a colleague and I ended up preparing samples which had been reinfected up to 250 times each to use in testing Sophos's virus cleanup code.

This sort of unintended side-effect is yet another reminder of why there is no such thing as a harmless virus, since even a virus which was supposedly "just for fun" might have unexpected bugs. And once a virus is in the wild, spreading of its own accord, there's no chance of issuing a recall notice.

It also reminds us that virus writers aren't always the programming geniuses which they're sometimes made out to be, and why decent security companies don't queue up to hire virus writers - even if they're willing to overlook the business and moral issues of hiring a crook.

Nimda says we still make old mistakes

Of further interest in Nimda was its network-spreading technique. One problem facing a network-spreading virus is how to persuade users elsewhere on the network to run the newly-added files.

Nimda did this by dropping infected DLLs called RICHED20.DLL around your network. A DLL by this name is loaded as-needed by a variety of Windows programs when you start dealing with documents more complex than just plain text.

By putting an infected RICHED20.DLL into directories containing .DOC files, for example, the Nimda DLL would be loaded instead of the official DLL if the user were to browse to that directory and examine a document. This is because Windows loads DLLs from the current directory by default unless the programmer explicitly instructs otherwise.

And this is interesting because I wrote about sloppy DLL loading just two days ago! Two of the very latest Patch Tuesday updates from Microsoft fix bugs of exactly this sort.

Ouch. Ten years on, and we're still writing software which is incautious about how it chooses its add-on code libraries.

Nimda reminds us about patching

Another important lesson to be learned from Nimda is just how vital it is that we patch known holes inside our network quickly, so that if malware breaches our first levels of defence, it doesn't get open slather to roam internally.

Nimda greatly accelerated its spread by breaking into and infecting websites, using what is known as a directory traversal vulnerability in the IIS web server. Web servers aren't supposed to let you access files outside their own data directory, so they are supposed to watch out for character sequences such as "../../..", even if cunningly disguised.

The "dot-dot" element in a path name means "go up one level", and if allowed in a URI, could allow an outsider to access files which aren't supposed to be visible at all.

One month after Nimda, Microsoft issued security bulletin MS01-078, entitled "Patch Available for 'Web Server Folder Traversal' Vulnerability".

But this bulletin didn't actually announce the arrival of a patch. It was issued simply to remind everyone that a patch had been issued in MS01-057, more than a month before Nimda appeared.

Ouch, again. Ten years on, and at least some of us still have change control bureaucracy which dithers for weeks about individual patches. As I've written before, if you have a change control committee of that sort, you probably need to appoint a change control committee change committee.

Nimda shows us that prevention is better than cure

There. I've said it. I'll say it again, truism though it might be. Prevention is better than cure.

Follow @duckblog