The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Tag: mobile apps

The best free apps for online students

Students who are earning their master’s degrees while also working full-time have a lot on their plates, and often not a lot of room in their bags. Between laptops, tablets, take-home work assignments or text books, having everything you need to transition from a working professional to an adult learner and back again can be, well…a literal weight on your shoulders. Luckily for us, it’s 2017, and there’s an app for that. Here’s a list of our favorite tools that can studying at work, at home, during your commute, or anywhere in between a little bit easier.

Tiny Scanner Enjoy taking notes on paper, but don’t want to carry your book or notepad along with you? Tiny Scanner allows you to take a picture of any sheet of paper and easily convert it into a PDF to email to yourself. Carry your work with you wherever you go, and don’t lug around more than you have to.

RefME Need some citation help with that research paper? With RefME, you can choose from over 7,500 citation styles, scan the barcode of your book or journal, and RefME automatically fills in the rest. Take some of the stress out of your assignments with this convenient tool.

Google Drive Many of us use the desktop version of Google Drive to store our documents and study materials but can’t easily access these material on our smartphones. Download the Google Drive app and access your files on the go.

Flashcards+ Do you prefer to study with flashcards over your lunch break but keep forgetting to toss them in your briefcase? With Flashcards+, you can create custom-made flashcards and access them on the go. Never worry again about losing a card or two while you’re out and about. These virtual flashcards aren’t going anywhere.

Scribd Create your own custom e-library and download all the books and texts you need.

Graphing Calculator Forget about carrying around your old TI-84. Graphing Calculator handles more complicated data sets than the standard smartphone calculator.

Pandora– Working in a loud space and need some music to put you in your own world? Tip: classical music helps many people focus in a loud space.

1Password– Keep your passwords all in one place with the secure and convenient 1Password app. You’ll save yourself time and effort and you’ll never have to go through the “forgot my password” process again.

Microsoft OneNoteDon’t want to carry around a notepad or notebook? Microsoft OneNote lets you take notes on your smartphone. With this app you can take notes, make to-do lists, and access these documents from anywhere by simply logging into your account.

Did we leave one of your favorite apps off our list? Tweet your suggestions to @BrandeisGPS!

Brandeis University’s Graduate Professional Studies division (GPS) is dedicated to developing innovative programs for working professionals. GPS offers 11 fully online, part-time master’s degrees and one online graduate certificate. With three 10-week terms each year, Brandeis GPS provides exceptional programs with a convenient and flexible online approach. Courses are small by design and led by industry experts who deliver individualized support and professional insights. For more information on our programs visit the Brandeis GPS website.

So What Is the Risk of Mobile Malware?

By: Derek Brink

Originally from: https://blogs.rsa.com/risk-mobile-malware/

Obvious, or oblivious? Short-term predictions eventually tend to make us look like one or the other—as Art Coviello astutely noted in making his own predictions for the security industry in 2014—depending on how they actually turn out. (Long-term predictions, however, which require an entirely different level of thinking, are evaluated against a different scale. For example, check out the many uncannily accurate predictions Isaac Asimov made for the 2014 World’s Fair, from his reflections on the just-concluded 1964 World’s Fair.)

Art’s short-term prediction about mobile malware:

Chapa NO MALWARE2014 is the tipping point year of mobile malware: As businesses provide greater mobile access to critical business applications and sensitive data, and consumers increasingly adopt mobile banking, it is easy to see that mobile malware will rapidly grow in sophistication and ubiquity in 2014. We’ve already seen a strong uptick in both over the past few months and expect that this is just the beginning of a huge wave. We will see some high-profile mobile breaches before companies and consumers realize the risk and take appropriate steps to mitigate it. Interestingly, the Economist recently featured an article suggesting such fears were overblown. It is probably a good idea to be ready just the same.

The Economist article Art references (which is based on an earlier blog) asserts that “surprisingly little malware has found its way into handsets. . . smartphones have turned out to be much tougher to infect than laptops and desktop PCs.” (Ironically, the Economist also publishes vendor-sponsored content such as How Mobile Risks Are Pushing Companies Towards Better Security. I suppose that’s one way to beat the obvious or oblivious game: Place a bet on both sides.)

RSA’s Online Fraud Resource Center provides some terrific fact-based insights on the matter, including Behind the Scenes of a Fake Token Mobile App Operation.

But the legitimate question remains: What is the risk of malware on mobile? Let’s focus here on enterprise risks, and set aside the consumer risks that Art also raised as a topic for another blog.

Keep in mind the proper definition of “risk”—one of the root causes of miscommunication internet-security1among security professionals today, as I have noted in a previous blog—which is “the likelihood that a vulnerability will be exploited, and the corresponding business impact.” If we’re not talking about probabilities and magnitudes, we’re not talking about risk.

Regarding the probability of malware infecting mobile devices:

  • The Economist‘s article builds on findings from an academic paper published by researchers from Georgia Tech, along with a recent PhD student who is now the Chief Scientist at spin-off security vendor Damballa. Their core hypothesis is that the activities of such malware—including propagation and update of malicious code, command and control communications with infected devices, and transmission of stolen data—will be discernible in network traffic.
  • From three months of analysis, they found that about 3,500 mobile devices (out of a population of 380 million) were infected—roughly 0.001%, or 1 in 100,000.
  • Compare this to the computers cleaned per mille (CCM) metric regularly reported by Microsoft: For every 1,000 computers scanned by the Microsoft Malicious Software Removal Tool, CCM is the number of computers that needed to be cleaned after they were scanned. For 1H2012, the infection rates per 1,000 computers with no endpoint protection was between 11.6 and 13.6 per month.

All of this nets out to say that currently, mobile endpoints are three orders of magnitude less likely to be infected by malware than traditional endpoints.

But doesn’t this conflict with other published research about mobile malware? For example, I’ve previously blogged about an analysis of 13,500 free applications for Android devices, published in October 2012 by university researchers in Germany:

  • Of 100 apps selected for manual audit and analysis, 41 were vulnerable to man-in-the-middle (MITM) attacks due to various forms of SSL misuse.
  • Of these 41 apps, the researchers captured credentials for American Express, Diners Club, PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.
  • Among the apps with confirmed vulnerabilities against MITM attacks, the cumulative installed base is up to 185 million users.

In another blog, I’ve noted that mobile applications have a more complex attack surface mobile-appthan traditional web applications—in addition to server-side code, they also deal with client-side code and (multiple) network channels. The impact of these threats is often multiplied, as in the common case of support for functions that were previously server-only (e.g., offline access). This makes security for mobile apps even more difficult for developers to address—mobile technology is not as well known, development teams are not as well educated, and testing teams are harder to keep current.

Meanwhile, malware on mobile is indeed becoming more prevalent: Currently over 350,000 instances from 300 malware families. It is also becoming more sophisticated—e.g., by obfuscating code to evade static and dynamic analysis, establishing device administration privileges to install additional code, and spreading code using Bluetooth, according to the IBM X-Force 2013 Mid-Year Trend and Risk Report.

But threats, vulnerabilities, and exploits are not risks. What would be obvious to predict is this: The likelihood of exploits based on mobile malware will increase dramatically in 2014—point Art.

The other half of the risk equation is the business impact of mobile exploits. From the enterprise perspective, we would have to estimate the cost of exploits such as compromise of sensitive corporate datasurveillance of key employees, and impersonation of key corporate identities—e.g., as part of attacks aimed at social networks or cloud platforms, where the mobile exploits are the means to a much bigger and more lucrative end. It seems quite reasonable to predict that we’ll see some high-profile, high-impact breaches along these lines in 2014—again, point Art.

Obvious or oblivious, you can put me down squarely with Art’s prediction for this one, with the exception that I would say the risk of mobile malware is much more concentrated and targeted than the all users/all devices scenario he seems to suggest.

About the Author:

BA8D94F2924E634831C8CA3D8E7179C7477BBC1Derek E. Brink, CISSP is a Vice President and Research Fellow covering topics in IT Security and IT GRC for Aberdeen Group, a Harte-Hanks Company. He is also a adjunct faculty with Brandeis University, Graduate Professional Studies teaching courses in our Information Security Program. For more blog posts by Derek, please see http://blogs.aberdeen.com/category/it-security/  and http://aberdeen.com/_aberdeen/it-security/ITSA/practice.aspx

Footerindesign

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)