Archive for the ‘Uncategorized’ Category

New Site

Fri, 17 Dec 2010

The new site for the business that my lovely wife Louise and I have started is now available, with a rough-and-ready layout for the time being.

This blog will be continued at franklinheath.co.uk/blog, with a corresponding RSS feed at franklinheath.co.uk/feed. If you’d like to continue to follow my irregular ponderings, please do subscribe there!

I am intending to continue the Symbian OS Platform Security book wiki there too, but we haven’t got the MediaWiki hosting sorted yet. Please tune in for further announcements 🙂

Future of this Blog

Tue, 14 Dec 2010

Subscribers to this blog may well already have noticed that various symbian.org web sites will be shutting down on Friday. This blog, secblog.symbian.org, isn’t specifically mentioned; it is hosted at a free provider (actually sfsecurity.wordpress.com) so there’s no particular need for it to be closed, but the domain name may well be redirected along with the rest of the symbian.org subdomains.

Perhaps more to the point: this Friday will be the last working day for most Symbian Foundation staff, including me, so it won’t be appropriate for me to blog in Symbian’s name after that. I am planning to export the existing content from here though, and continue this blog* under another banner. I do want to say a few words about the Gawker Media breach while that’s still fresh, so I’ll do that here, and then update you on the new home for the blog before Friday.

* probably more accurate to say “restart this blog” as my last post was in July 😉

Security Roadmap and Strategy Published

Thu, 28 Jan 2010

This week we’ve published the first full version of the Symbian Platform Security Roadmap and Strategy. It’s by no means set in stone, so any and all comments and suggestions are welcome (either in the Security forum or using the comment facility on the wiki page).

I have taken some liberties with the format and tagged on a longish “wish list” of items Open for Contribution at the end. I’d particularly like to draw attention to the last four, which are opportunities for concerned individuals or organisations to address some consumer protection issues (which our traditional contributors probably won’t address).

I did allude to this six months ago, but this time I’ll be shorter and more to the point: 🙂

  • Notarised Call Recording
    how to hold faceless utility companies to account?
  • Pre-Advice of Premium-Rate Charges
    think twice before giving your money away?
  • Privacy Labels
    how not to embarrass yourself on social networking sites?
  • Vendor Relationship Management
    how to do e-commerce on your terms?

Volunteers welcome 😉

What Defines a “Botnet”?

Mon, 23 Nov 2009

There have been various reports over the weekend of a new development of the “Ikee” iPhone worm that now collects banking details. It is being reported as a “botnet“, which seems to be a popular term with journalists (possibly because it appeals to “Rise of the Machines” type scare-mongering 🙂 ).

I’ve been quite sceptical about such reports since this July when the “Sexy View” malware on the Symbian Platform was reported as the “first mobile botnet“. Now in my view that wasn’t even a proper worm (it had to be manually installed by the user on every phone it spread to) and definitely not a botnet (there was no remote control of the malware after it was installed), so is there any more truth in these latest reports?

According to F-Secure’s initial analysis, the latest iPhone malware connects to an IP address in Lithuania, and downloads something from it, but it’s not clear from that what the thing it downloads is, or what it does with it. Although they call the IP address a “command & control center”, I remain sceptical, and would like to see some more details before conceding that this actually is the “first mobile botnet”…