by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2012
GCN DECEMBER 2012 • GCN.COM 15 CYBEREYE BY WILLIAM JACKSON A to cope with the use of per- sonal mobile devices in the workplace as employees ex- pect to be able to access work resources any time, from any place. But a recent survey of app users has troubling im- plications for administrators coping with this trend: De- velopers and users are paying little attention to the security of the applications that popu- late so many privately owned devices. It isn t that users are not picky and demanding about their applications. They are. According to the study con- ducted for Apigee, an Applica- tion Programming Interface platform vendor, 96 percent of users surveyed said they would write a bad review for a poorly performing app, and almost half were will- ing to delete it if it failed to perform as expected. Thirty- eight percent said they would delete an app that froze up for more than 30 seconds, and 18 percent would give it just five seconds before deleting. But no one said they cared about what services or pro- cesses an application accessed or whether it contained vul- nerabilities. If it worked, they were happy, even if it was working maliciously. As with many company- sponsored studies, you might want to take the specific num- bers in this one with a grain of salt. It was based on just 502 respondents. But the problem is real, says Apigee VP of de- veloper platform Ed Anu . The problem is the result of an "unrestrained need to ex- tend your user base through whatever mechanism you have available," he said. This puts a premium on interfaces and image quality rather than security. This focus on expanding the customer base also has made the uploading of contact lists a common fea- ture in many apps, he said. Anu hesitates to charac- terize this kind of access as malicious. Because of the way mobile operating systems work, the applications have to tell the user what permissions it is using before it is installed so the user supposedly ac- cepts this risk. It s a gray area, he said, and it does threaten to open a Pandora s Box. But, "this is an industry that is still in its infancy and is growing up." The user base apparently is not any more mature than the industry. "One of the lessons learned in the industry is that a lot of consumers are willing to pay for free applications with their confidential infor- mation," Anu said. "They continually vote with their wallets for the free app." The result is a proliferation of applications for mobile devices that have not been vetted for security, and if not outright malicious might well be buggy. The issue is not being ignored. The National Institute of Standards and Technology has revised its guidance for securely managing mobile devices. But e ective management is complicated by the lack of hardware-based protections in the devices because of size and power restrictions. So NIST is developing guidelines for building more secure hardware for a next genera- tion of the devices. In the meantime, in the ab- sence of serious incentives for developers and users to clean up their acts (and apps), it is up to IT administrators to ensure that mobile devices being brought into the enter- prise are secure, Anu said. "They are going to have to be agents of education and enforcement," he said. "If it s not them, it s not going to be anyone else." • MOBILE SURPRISE: LOW INFECTION RATE FOR MALICIOUS APPS There was a surprise for researchers at Georgia Tech analyzing emerging threats. It was "the relatively low infection rate of mobile devices in the United States," according to Paul Royal, associate director of the school's Information Security Cen- ter and an author of the Emerging Cyber Threats Report for 2013. Although the number of malicious and suspicious apps for the Android OS has exploded---from 30,000 in June to 175,000 in September---an analysis by the Info Se- curity Center of DNS traffic for one large cellular provider found only 0.002 percent of U.S. phones showed signs of infection. "People don't appear to be downloading them," Royal said. One reason is that many of the mali- cious apps are in foreign languages and targeted at phones in other countries, where they are more likely to be used for financial transactions, he said. That does not necessarily mean that phones or apps are safe, however. There are many apps that could be taking liberties with users' phones that are not counted as malicious because they ask for those permissions up front, when they are installed. When an app asks for access to your contact list, "people see that as a necessary evil," and not as a privacy viola- tion, Royal said. --- William Jackson SECURITY GETS SHORT SHRIFT IN MOBILE APPS