{"id":1386,"date":"2012-04-10T08:14:00","date_gmt":"2012-04-10T08:14:00","guid":{"rendered":"http:\/\/localhost\/projects\/horsesforsources\/apple-jewels_041012\/"},"modified":"2012-04-10T08:14:00","modified_gmt":"2012-04-10T08:14:00","slug":"apple-jewels_041012","status":"publish","type":"post","link":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/","title":{"rendered":"Flashback kicks the myth of Apple invincibility squarely in the jewels"},"content":{"rendered":"<p style=\"text-align: left;\"><strong>One of the critical areas we believe is too-frequently neglected in today&#8217;s business operations planning is security and risk. \u00a0<\/strong><\/p>\n<p style=\"text-align: left;\"><strong><\/strong>With the amount of data flitting between hundreds of global locations and millions of servers -to how much risk are your operations, today, being exposed? \u00a0How many local and regional regulations are you flouting? \u00a0How does the\u00a0introduction\u00a0of\u00a0multiple\u00a0service providers and SaaS applications exacerbate the issues?<\/p>\n<p style=\"text-align: left;\">And that&#8217;s not all &#8211; what about your staff&#8217;s\u00a0personal devices (and those of your providers&#8217; staff) that get plugged into your corporate network on a daily basis? \u00a0And even that <em>trusty Apple device<\/em> you use to make your own IT experience that little but more pleasant?<\/p>\n<div id=\"attachment_10750\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/www.hfsresearch.com\/the-team\/james-slaby\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-10750 \" title=\"Bonnie&amp;Slaby2\" src=\"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg\" alt=\"\" width=\"539\" height=\"534\" \/><\/a><\/p>\n<p class=\"wp-caption-text\">Because that&#39;s where the money is&#8230;<\/p>\n<\/div>\n<p>At HfS, we have been quietly exploring what today&#8217;s organizations are doing (or not doing) to protect themselves, which is why we brought in\u00a0security\u00a0and risk analyst veteran Jim Slaby last year (read some of his research <a href=\"http:\/\/www.hfsresearch.com\/search\/node\/james%20slaby\" target=\"_blank\" rel=\"noopener\">here<\/a>). \u00a0While he&#8217;s been running the treadmill of the obvious\u00a0security\u00a0issues and threats, he&#8217;s also been uncovering those in areas such as your Apple device &#8211; yes &#8211; YOUR APPLE DEVICE MAY NOT BE AS SAFE AS IT APPEARS.<\/p>\n<p>Over to you Mr Slaby to reveal more&#8230;<\/p>\n<p><span style=\"color: #ff6600; font-size: large;\">Flashback kicks the myth of Apple invincibility squarely in the jewels<\/span><\/p>\n<p><em>Reporter: \u201cWhy do you rob banks, Mr. Sutton?\u201d <\/em><\/p>\n<p><em>Willie Sutton: \u201cBecause that\u2019s where the money is.\u201d *<\/em><\/p>\n<p>Apple has long enjoyed a reputation for making computers that were largely immune to the viruses and other malware that have long afflicted Microsoft systems. Indeed, Microsoft practically created a hundred-billion-dollar security aftermarket &#8212; Symantec, McAfee, and countless other security vendors large and small owe their existence to the lousy job Microsoft did architecting its products to resist various security threats.<\/p>\n<p>But good OS design was only one of Apple\u2019s advantages; the other was that it only represented a tiny <!-- pagebreak -->fraction of the enterprise and consumer markets for server and PC operating systems and applications. If you were a black hat, you developed malware to rob sensitive data from Microsoft machines because that\u2019s where the money was. Of course, the world keeps spinning: Apple now has a market cap that seems destined to hit a trillion dollars, and everybody in your organization wants to connect their personal iPad or iPhone to your network. So the malware developers of the world have naturally turned their sights on Apple.<\/p>\n<p>While this isn\u2019t their first try, the bad guys are getting better at penetrating Apple\u2019s once apparently impervious peel.\u00a0 They scored a big, splashy coup last week when news hit the business press about Flashback, also known as Fakeflash, malware targeting the OS X operating system that successfully compromised more than half a million Mac desktops and laptops before Apple managed to issue a patch for it last week.<\/p>\n<p>In its early versions, Flashback was a trojan horse that pretends to be an Adobe Flash installer or Apple\u2019s Software Update tool. Users agreed to install Flash (to view some online video) or run an Apple software update, but the malware instead installed a backdoor that wreaks a variety of mischief like \u201cclick fraud\u201d, generating fake clicks to boost revenue from pay-per-click and pay-per-impression ads (for which the bad guys collect a kickback). But it could potentially do other harm, like collecting passwords and card numbers for resale to identity thieves and credit-card fraudsters. Flashback kept evolving, and now exploits a Java vulnerability to deliver its malware payload via drive-by download; now all the user has to do to get infected is visit a poisoned website.<\/p>\n<p>Flashback thus joins a small but growing collection of increasingly sophisticated malware threats like last year\u2019s DevilRobber, a backdoor that steals passwords and electronic cash tokens from infected Macs. Apple is responding with new security improvements to defeat exploits like these, but as the Windows malware and mitigation seesaw has long demonstrated, this will inevitably become an arms race &#8212; attackers will keep uncovering new vulnerabilities in Apple\u2019s security armor as long as they smell profit in it.<\/p>\n<p>Add to this the growing pressure in enterprises to support the BYOD (Bring Your Own Device) trend, to let employees and contractors connect their personally owned smartphones and tablets to enterprise applications, and it\u2019s easy to see that there\u2019s a whole new <a href=\"http:\/\/www.hfsresearch.com\/node\/723\" target=\"_blank\" rel=\"noopener\">Pandora\u2019s box of endpoint security issues<\/a> just beginning to crack open. And they\u2019re not all Apple OS X or iOS devices, which are still relatively exploit-free: many of them run Google\u2019s Android OS, itself the target of a growing and already better-established boom in malware development.<\/p>\n<p>The IT consumerization trend, in which business partners and customers will want to transact online business with enterprises from consumer devices and mobile applications that the CSO\u2019s team can\u2019t easily monitor or control, will only make this issue more urgent. HfS Research examined these trends in more detail in our recent report, \u201cBYOD in the Age of Cloud Services and IT Consumerization\u201d. To recap one of its recommendations, CSOs need to stop hoping this issue will just go away, or pretending they can just say no to the new welter of mobile endpoints and applications.<\/p>\n<p>Likewise, as BYOD and IT consumerization gather momentum, services providers ought to be exploring the opportunity to help buyers tackle the emerging challenge of mobile endpoint management, starting with consulting and managed security services. If there\u2019s one thing that Flashback has taught us, it\u2019s that the 21st-century Willie Suttons have figured out that there\u2019s gold in them Apples, they\u2019ve already cased the joint, and they\u2019re coming for yours.<\/p>\n<p><em>* Sutton robbed a hundred US banks to the tune of $2M over a forty-year criminal career that began in the 1920s. He claimed his most notorious quote was actually made up by a reporter, but became so famous for it that he eventually gave up arguing the point.<\/em><\/p>\n<p><em>James R Slaby (pictured left) is Research Director,\u00a0Sourcing Security and Risk Strategies for HfS. \u00a0You can view his bio and research <a href=\"http:\/\/www.hfsresearch.com\/the-team\/james-slaby\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the critical areas we believe is too-frequently neglected in today&#8217;s business operations planning is security and risk. \u00a0&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,50,51,81,838,836,91,92,832],"tags":[691],"ppma_author":[19],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries\" \/>\n<meta property=\"og:description\" content=\"One of the critical areas we believe is too-frequently neglected in today&#8217;s business operations planning is security and risk. \u00a0...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/\" \/>\n<meta property=\"og:site_name\" content=\"Horses for Sources | No Boundaries\" \/>\n<meta property=\"article:published_time\" content=\"2012-04-10T08:14:00+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg\" \/>\n<meta name=\"author\" content=\"Phil Fersht\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pfersht\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Phil Fersht\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/\",\"url\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/\",\"name\":\"Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries\",\"isPartOf\":{\"@id\":\"https:\/\/www.horsesforsources.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg\",\"datePublished\":\"2012-04-10T08:14:00+00:00\",\"dateModified\":\"2012-04-10T08:14:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.horsesforsources.com\/#\/schema\/person\/c4f084ff7ad43632f537b3b30918e69f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage\",\"url\":\"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg\",\"contentUrl\":\"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.horsesforsources.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Flashback kicks the myth of Apple invincibility squarely in the jewels\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.horsesforsources.com\/#website\",\"url\":\"https:\/\/www.horsesforsources.com\/\",\"name\":\"Horses for Sources | No Boundaries\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.horsesforsources.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.horsesforsources.com\/#\/schema\/person\/c4f084ff7ad43632f537b3b30918e69f\",\"name\":\"Phil Fersht\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.horsesforsources.com\/#\/schema\/person\/image\/86ee0c0ac2d033eed87f327162eb27f7\",\"url\":\"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2020\/11\/phill-150x150.png\",\"contentUrl\":\"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2020\/11\/phill-150x150.png\",\"caption\":\"Phil Fersht\"},\"description\":\"Phil Fersht is\u00a0a world-renowned analyst, writer and visionary in\u00a0emerging technologies, automation, digital business models, and the alignment of\u00a0enterprise operations to\u00a0drive customer impact and competitive advantage\",\"sameAs\":[\"http:\/\/hfsresearch.com\/team\/phil-fersht\",\"https:\/\/www.linkedin.com\/in\/pfersht\/\",\"https:\/\/x.com\/pfersht\"],\"url\":\"https:\/\/www.horsesforsources.com\/author\/phil-fherst\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/","og_locale":"en_US","og_type":"article","og_title":"Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries","og_description":"One of the critical areas we believe is too-frequently neglected in today&#8217;s business operations planning is security and risk. \u00a0...","og_url":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/","og_site_name":"Horses for Sources | No Boundaries","article_published_time":"2012-04-10T08:14:00+00:00","og_image":[{"url":"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg"}],"author":"Phil Fersht","twitter_card":"summary_large_image","twitter_creator":"@pfersht","twitter_misc":{"Written by":"Phil Fersht","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/","url":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/","name":"Flashback kicks the myth of Apple invincibility squarely in the jewels - Horses for Sources | No Boundaries","isPartOf":{"@id":"https:\/\/www.horsesforsources.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage"},"image":{"@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage"},"thumbnailUrl":"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg","datePublished":"2012-04-10T08:14:00+00:00","dateModified":"2012-04-10T08:14:00+00:00","author":{"@id":"https:\/\/www.horsesforsources.com\/#\/schema\/person\/c4f084ff7ad43632f537b3b30918e69f"},"breadcrumb":{"@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.horsesforsources.com\/apple-jewels_041012\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#primaryimage","url":"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg","contentUrl":"http:\/\/www.horsesforsources.com\/wp-content\/uploads\/2012\/04\/BonnieSlaby2.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.horsesforsources.com\/apple-jewels_041012\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.horsesforsources.com\/"},{"@type":"ListItem","position":2,"name":"Flashback kicks the myth of Apple invincibility squarely in the jewels"}]},{"@type":"WebSite","@id":"https:\/\/www.horsesforsources.com\/#website","url":"https:\/\/www.horsesforsources.com\/","name":"Horses for Sources | No Boundaries","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.horsesforsources.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.horsesforsources.com\/#\/schema\/person\/c4f084ff7ad43632f537b3b30918e69f","name":"Phil Fersht","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.horsesforsources.com\/#\/schema\/person\/image\/86ee0c0ac2d033eed87f327162eb27f7","url":"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2020\/11\/phill-150x150.png","contentUrl":"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2020\/11\/phill-150x150.png","caption":"Phil Fersht"},"description":"Phil Fersht is\u00a0a world-renowned analyst, writer and visionary in\u00a0emerging technologies, automation, digital business models, and the alignment of\u00a0enterprise operations to\u00a0drive customer impact and competitive advantage","sameAs":["http:\/\/hfsresearch.com\/team\/phil-fersht","https:\/\/www.linkedin.com\/in\/pfersht\/","https:\/\/x.com\/pfersht"],"url":"https:\/\/www.horsesforsources.com\/author\/phil-fherst\/"}]}},"authors":[{"term_id":19,"user_id":3,"is_guest":0,"slug":"phil-fherst","display_name":"Phil Fersht","avatar_url":{"url":"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2024\/02\/Phil-Fersht-HFS-Updated.jpg","url2x":"https:\/\/www.horsesforsources.com\/wp-content\/uploads\/2024\/02\/Phil-Fersht-HFS-Updated.jpg"},"first_name":"Phil","last_name":"Fersht","user_url":"http:\/\/hfsresearch.com\/team\/phil-fersht","description":"Phil Fersht is\u00a0a world-renowned analyst, writer and visionary in\u00a0emerging technologies, automation, digital business models, and the alignment of\u00a0enterprise operations to\u00a0drive customer impact and competitive advantage"}],"_links":{"self":[{"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/posts\/1386"}],"collection":[{"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/comments?post=1386"}],"version-history":[{"count":0,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/posts\/1386\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/media?parent=1386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/categories?post=1386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/tags?post=1386"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.horsesforsources.com\/wp-json\/wp\/v2\/ppma_author?post=1386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}