Android Security State of the Union

After years and years of headlines and statistics about Android security and malware, ranging from questionable statistics to outright bs, Google finally fired back with some hard numbers through a report titled “Android Security State of the Union 2014”.

Through conversations with the Android Security Team over the years, I know having the data to refute the headlines but not being able to make it public was a big thorn in their side. So props to Google and the Android Security Team for finally publishing some detailed metrics on the real scope of the threat to Android devices.

Long story short: it’s nowhere near as dire as many of the mobile antivirus companies want you to think it is. But hey, truth doesn’t help sell their product, so to each their own.

PDF of the report is here.

China’s Non-Denial Denial of Service

It’s well-known that China is not a fan of anyone trying to subvert the Great Firewall (GFW) censorship system. Based on the the 118-hour denial of service attack on GitHub, it’s clear that that indirect support of anti-censorship information can make you a target too.

While the Chinese government did not admit to the attack, it was interesting that they didn’t explicitly deny the attack either. When a Chinese official was questioned on the GitHub attack during a press conference, she stated:

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks.BOOM! What a deflection! That’s US-presidential-debate-level spin right there! But interestingly, no outright denial. As James Mickens’ infamous article predicted, sometimes your adversaries will “hold a press conference and say ‘It wasn’t us’ as they wear t-shirts that say ‘IT WAS DEFINITELY US’”.

Of course, China’s not the only one doing this…

So, apparently non-denial denial of service is the new norm for state vs. state cyber conflict.

Please read the rest of this article on Duo Security’s blog here.

About Jon Oberheide

 Bio: Jon is the co-founder and CTO of Duo Security, responsible for leading product vision and the Duo Labs advanced research team. Before starting Duo, Jon was a self-loathing academic, completing his PhD at the University of Michigan in the realm of cloud security. In a prior life, Jon enjoyed offensive security research and generally hacking the planet. Jon was recently named to Forbes “30 under 30” list for his mobile security hijinks.

About Duo Security

Duo Security is on a mission to provide advanced security solutions for organizations of all sizes. Duo’s innovative technology protects users, data and applications from credential theft and breaches with a focus on streamlined usability. The company was co-founded by CEO Dug Song, a major contributor to the security community, and CTO Jon Oberheide, expert cloud, mobile, and malware security researcher.