Fitbit遭到黑客攻擊,對於可攜式設備和物聯網意味著什麼?

(1月13日更新):Fitbit 公司代表已經聯絡了ESET官方博客We Live Security,討論提供一份關於Fitbit 公司遭電腦黑客攻擊的陳述報告,該報告被安排在本文的結尾部分。

正如Fitbit公司所開發的其他裝置一樣,可攜式活動追蹤裝置是過去一年的假日季節中最暢銷的禮物,電腦黑客們似乎也正在關注。根據布萊恩·克雷布斯(Brian Krebs)及巴茲費德(Buzzfeed)的報告, Fitbit公司的一些帳戶近期發現被盜用。

該事件中,客戶帳戶資料庫/伺服器雖被盜用,但並未帶來大規模的損害,據說只是個人帳戶密碼被盜、被猜測或被攻擊。不法分子能夠從黑市獲得被盜用的記帳憑證,有時也能從電腦黑客處獲得被盜用的記帳憑證。這些電腦黑客能夠使用鍵盤記錄惡意軟體攻擊電腦,也能夠使用先前通過攻擊不同的電腦系統獲取的用戶名/密碼,並瞭解這些用戶名/密碼能否被用於目標網站。請注意,沒有任何跡象表明黑客從Fitbit公司系統中盜用了帳戶密碼或通過該公司的系統盜用了帳戶密碼。

當上述不法分子獲得帳戶後,就會篡改帳戶上的資訊,從而阻止帳戶的真正持有人成功登錄。然後,不法分子會使用其所盜用的帳戶,在設備的保修期內要求用新的設備取代 「出現錯誤」的設備。結果不出所料,較高端的設備也遭到了黑客攻擊。

正如克雷布斯先生報告的那樣,Fitbit的電腦資訊安全團隊近期將風險等級調整到適合未來需要的等級。克雷布斯先生引用了Fitbit公司的首席執行官馬克·鮑恩(Marc Bown)先生的講話:「如果我們發現帳戶的使用存在疑點,或者從一小部分人群中收到大量登錄帳戶的請求,我們將鎖定該帳戶,並讓客戶重新確認具體資訊。Fitbit公司已經制定了相關計劃,引入雙因素認證以對抗黑客通過Fitbit公司網站對Fitbit 公司帳戶進行的攻擊。

值得注意的是,雖然此前發生過一些攻擊(比如去年10月報告的對Fitbit公司的惡意軟體攻擊,但是Fitbit公司對於該攻擊事件存在爭議),但該起事件並不是對Fitbit公司設備的攻擊。雖然慣於攻擊保質期內設備的黑客們並未攻擊Fitbit公司的設備,但是該事件卻表明了人們為甚麼關注可攜式設備所生成資料的私隱,這些資料中的一部分具有很強的個人私隱。

很明顯,活動追蹤裝置需要建立一個安全的操作環境。這意味著這些追蹤裝置需要高於平均水準的安全操作環境,比如高於基本的「用戶名及密碼」認證。實際情況是Fitbit公司只是在最近才採用了上述的防禦手段,這表明生產線或許並未按照設計上規定的私隱保護原則進行建造。

可攜式設備的出現讓使用者設備與醫療設備的界限變得模糊,使得上述一切問題變得更為棘手。如果人們已經充分認識到可攜式設備設備技術能夠帶來的益處,那麼每個使用可攜式設備的人都應認真考慮制定一套設計原則以杜絕上述資訊安全危害。根據設計原則,向公眾出售儲存大量個人資訊的設備,這些個人資訊中包含健康資訊,然後將保護資料安全的責任推給公眾,這種做法讓人無法接受。對於任何用戶來說,不論他們在何種程度上掌握上述技術,設備的預設設置都應保護資料的安全性及私隱。

作為用戶,我們需要重視使用上述設備所帶來的風險,並應該清楚我們需要部分地承擔保護上述設備免遭黑客攻擊的責任。我們一定要遵守網路安全規則,相關内容如下:

– 在購買可攜式設備或安裝可攜式設備應用程式時,應在Google網站中輸入裝置或程式的名字以及黑客、詐騙、欺詐等字樣進行搜索,以此警惕那些已公佈的問題,並獲得更多相關資訊以最終決定是否購買該設備或應用程式。

– 建立您的可攜式設備及任何相關的線上帳戶時,使用隱蔽的用戶名及獨特的密碼,用戶名及密碼應不易被猜出。

– 仔細閱讀使用的任何設備及應用程式的保護個人私隱規定,明確知道生產上述設備及應用程式的公司能夠在何種程度上保護個人私隱。

– 如果認為某些特有功能或應用程式的提供商在保護私人資訊安全方面不夠可靠,有可能暴露個人敏感資訊,就不要使用該特有功能或應用程式。

可攜式設備的銷售商可以獲得以下經驗:預先制定應急計劃,從而當資料安全遭到破壞時,無論該破壞所影響的範圍如何,其都能夠採取適當措施加以應對。請記住,喜歡使用健康追蹤器的人也同樣是社交媒體的積極參與者。當出現問題時,資訊將傳播得非常快,而你需要獲得使用者的正面評價。

如果個人私隱方面出了問題,應進行比用戶檢查更為仔細的檢查。美國聯邦貿易委員會及美國食品及藥品管理局對該領域都進行了密切關注。可以找到關於可攜式設備及相關安全性問題的更多討論。

Fitbit公司的陳述
「說這起事件是Fitbit公司的電子郵件或伺服器遭受了黑客攻擊是不準確的。我們的調查結果發現未經授權的一方登錄了帳戶,該方使用了之前從其他與Fitbit無任何聯繫的協力廠商地址中盜取或盜用的證書(電子郵箱或密碼)」

 「我們非常重視我們客戶的帳戶安全,也立即採取了保護我們客戶的行動。我們重新為受到影響的客戶設置帳戶密碼,並要求這些客戶創建新的密碼。作為一種有效的方法,我們建議客戶避免重複使用與其電子郵箱或其他帳戶相關的密碼,因為如果使用了這些密碼,就會更容易受到上述種類的惡意攻擊。值得注意的是,當前此類帳戶侵權行為已經成為很多熱門網站及商業經營中的常見問題。」

ESET Virtualization Security Is Now Available

ESET’s new agentless security solution for VMware vShield environments avoids troublesome AV storms.

ESET®, a global pioneer in IT security for more than two decades, today announces the launch of ESET Virtualization Security. This brand new VMware vShield-based agentless solution combines an ESET Virtualization Security appliance with ESET Remote Administrator to deliver ESET’s award-winning scanning core allied with proven management capability.


ESET Virtualization Security will be available from today in all regions except North America, where it will be launched on March 1st, 2016.


According to a Gartner Magic Quadrant* survey in 2015, “about 75% of x86 server workloads are virtualized”.  Virtualization brings countless benefits to companies, but without adequate protection of virtual systems it can be more dangerous than it seems.

ESET Virtualization Security was developed to protect sensitive data and to solve the main problems that companies experience when adopting virtualization, such as unprotected virtual servers, the need for multiple vendors to protect physical and virtualized environments, potential performance impacts and complicated licensing.

 “ESET Virtualization Security was developed for virtualized environments, meaning that as a GUI-less appliance it is easy to deploy, set up and operate. Its trademark light system footprint make the solution ideal for avoiding AV storms,” said Michal Jankech, Product Manager at ESET. “Moreover, ESET Virtualization Security is easy to manage thanks to ESET Remote Administrator, which gives IT administrators unlimited access anywhere, anytime.” 

ESET Virtualization Security is compatible with VMware vSphere 5.0 + with installed vCloud Networking and Security. It is consistent with ESET’s next-generation business products and its web-based console ESET Remote Administrator.


Learn more about ESET Virtualization Security and visit on our site.

* Gartner Magic Quadrant for x86 Server Virtualization Infrastructure:http://www.gartner.com/technology/reprints.do?id=1-2JFZ1KP&ct=150715&st=sb

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. . For more information, visit our local office at https://www.eset.hk.

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit https://www.version-2.com/ or call (852) 2893 8860.

ESET Releases Latest Version of ESET Remote Administrator

The service release of ESET Remote Administrator provides businesses with iOS device management, agentless security and ESET SysInspector®, a proven diagnostic tool.

ESET®, a global pioneer in proactive protection for more than two decades, today starts delivering to businesses its latest service release of ESET Remote Administrator. With features such as ESET Mobile Device Management for iOS and management of ESET Virtualization SecurityESET Remote Administrator now boasts even wider market appeal.

ESET Mobile Device Management for iOS allows customers to fully embrace the BYOD trend (Bring Your Own Device, i.e. allowing employees to use their own devices at work). Administrators can now conveniently configure the security-related settings of iOS devices alongside other devices in their business network.

ESET Mobile Device Management for iOS is easy to set up and allows administrators to manage, configure, remotely lock or even wipe mobile iOS devices,” said Michal Jankech, Business Product Manager at ESET. “Adding this feature to ESET’s remote management console makes ESET Remote Administrator a real single pane of glass for their environment.”

ESET Remote Administrator supports ESET Virtualization Security, ESET’s brand new product providing agentless protection for VMware vShield, which was launched today.

To manage and install ESET Virtualization Security in a network, administrators need only install a GUI-less ESET Virtualization Security Appliance in their VMware virtualized infrastructure and link it to ESET Remote Administrator. This will enable remote configuration of the solution and execution of tasks on virtual machines, which are protected in agentless form.

Moreover, ESET SysInspector® is now integrated into ESET Remote Administrator. This helps admins track-back security incidents and system changes for each endpoint, using ESET SysInspector’s snapshots.

ESET Remote Administrator is a platform-independent remote management console designed to minimize downtime, while allowing actions to be performed automatically based on dynamic group membership.

Learn more about ESET Remote Administrator or check out ESET’s complete offer for businesses.  

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. . For more information, visit our local office at https://www.eset.hk.

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit https://www.version-2.com/ or call (852) 2893 8860.

ESET Earns ‘Top Rated’ Award from AV-Comparatives

ESET Smart Security 9 was named Top Rated in the AV-Comparatives Summary Report 2015, receiving six Advanced+ ratings from the independent testing organization.

AV-Comparatives, an independent anti-malware testing organization, today publishes its annual Summary Report 2015 summarizing its tests and providing a market-wide overview of security products.


ESET Smart Security 9 received six Advanced+ awards in 2015, won a Silver Award in the False Positives category and a Bronze in Proactive Protection. ESET products, along with five from other vendors, were awarded AV-Comparatives’ Top Rated badge.

“ESET has been a constant part of our Summary Reports since 2006. With each new version, ESET Smart Security retains its clean trademark detection and sustains its low performance impact. With improved graphic design and finger-friendly controls, we believe thatESET products are suitable for use on touchscreens,” said Andreas Clementi, CEO at AV-Comparatives.

In 2015, AV-Comparatives subjected 21 Windows security products from a range of vendors to rigorous investigation. All were tested for their ability to protect against real-world Internet threats, identify thousands of recent malicious programs, and provide protection without slowing down the PCs on which they ran. 

 Learn more about ESET or read more about ESET products in the AV-Comparatives’ Summary Report 2015.  

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. . For more information, visit our local office at https://www.eset.hk.

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit https://www.version-2.com/ or call (852) 2893 8860 .

Parents Can Help Their Children Explore Online Safely

ESET

Brand new, child-friendly ESET Parental Control for Android app is now available worldwide.

ESET®, a global pioneer in IT security for more than two decades, today announces the global availability of its ESET Parental Control for Android app, which helps parents to protect their children when exploring the online world.

Having a tool to manage what their children do with their tablets and smartphones is important for parents. A survey commissioned by ESET showed that 88% of parents are worried about what their children can access online. In that survey, 81% of parents said that they were troubled by the idea of their child visiting inappropriate web pages; 71% mentioned their children forwarding personal details to strangers; while 61% highlighted excessive amounts of time spent on devices. 

Despite parents’ fears, only few of them have installed a parental control app to help manage their children’s online experiences, the survey revealed.  

Children are increasingly moving from PCs to mobile devices in order to access the internet. Statistics show that Facebook alone has 1 billion active users a month connecting via mobile devices.  And with children, the dominant mobile platform is Android. Gartner forecasts that there will be 1.6 billion Android devices worldwide in 2017 and they are attractive for children due to their lower cost in comparison with other products.

ESET Parental Control for Android app is the answer to parents’ worries. It enables them to be sure that children of all ages can enjoy the wealth of information and entertainment available online without the fear of online threats.  

“ESET Parental Control app for Android safeguards children on smart devices by giving them protection and user experience, without limiting performance,” says Branislav Orlik, Product Manager at ESET.

ESET Parental Control for Android is a child-friendly family protection system which helps parents to build a respectful relationship with their children who use their own smartphones or tablets. Designed to help parents protect their children against internet threats and inappropriate web pages, the app boasts a wealth of child protection features and a friendly user interface.
 

Features include: 

Application Guard: blocks inappropriate content based on the child’s age by default.

Time Management: allows parents to limit the time their child spends playing games and using other apps, even when the child is away from home. 

Web Guard: the app automatically blocks predefined website categories, such as adult or offensive content, based on the child’s age. Additional categories or specific websites can be added too.

Child Locator: allows parents to request the current location of child device at any time.

Parental message: SMS sent from predefined parent numbers will lock the screen of the child’s phone until a read-confirmation button is pressed by the child.

Reports for Parents: detailed reports on app and web page usage. Reports are available to view at any time using parent mode in app; or via my.eset.com or can be sent regularly to parents’ email addresses.

The app contains an added option for children to ask their parents for special permission to access certain apps or web content, or ask for extra gaming or browsing time.

 
“These features make ESET Parental Control a unique application for the Android platform,” concludes Orlik.

ESET Parental Control for Android is available from the Google Play Store, at the my.eset.com portal or via ESET’s partners.  

About ESET

ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries. . For more information, visit our local office at https://www.eset.hk.

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit https://www.version-2.com/ or call (852) 2893 8860 .