Security rundown for week ending Aug. 12

Not unlike the week before, this past week saw hacking once again grab everyone's attention. This time it was an alleged threat from the shadowy group Anonymous to "kill" the social-networking site Facebook. The reason given? Anonymous supposedly thinks Facebook abuses people's privacy and cooperates with authoritarian governments.

This rumored destruction of Facebook by Anonymous is not supposed to happen until Nov. 5, and though it's not readily apparent why that date was selected, it's worth noting that Nov. 5 is the traditional Guy Fawkes Night in Great Britain. Also called Bonfire Night, it commemorates how Fawkes in 17th century England was convicted and put to death for plotting to kill King James I in the "Gunpowder Plot." It's celebrated with effigies of Fawkes hung and burned on a bonfire. Is Anonymous thinking of treating Facebook creator Mark Zuckerberg like this?

Whatever you think of Anonymous, panelists at the recent Defcon conference said the success that Anonymous has had attacking its targets just shows that corporate security isn't that great. One security vendor took Facebook to task this week, saying the social-networking giant should beef up defenses if Anonymous is going after it.

SECURITY BACKGROUND: USB devices: The big hole in network security

Hacking got political in the eyes of a Taiwanese political party that said it suspects the Chinese government is behind a hacking attack that stole information about the party's election activities. Taiwan's Democratic Progressive Party last week said it traced attacks to China's Xinhua News Agency, the state-run press group. Now it's news employees doing the hacking? Well, seems that was why Great Britain's tabloid News of the World (not state-run, so far as we know) was shut down.

We were reminded this week that security holes comes in all shapes and sizes, such as USB devices, according to the Ponemon Institute survey of more than 700 IT and security managers and their difficulties controlling USB devices in their organizations.

And in the strange-but-true category, it appears it's also possible for cybercriminals to control botnets through VoIP, according to two researchers at the Defcon conference.

News last week also focused on the Payment Card Industry (PCI) data-security standards, which are issued by the PCI Security Standards Council.

These influential standards are required to be used by any business accepting payment cards or processing them, and PCI has been a strong influence on network security in the past few years. However, it can cost a lot -- like more than half a million dollars -- to go through PCI validation for compliance each year through a special audit. Interestingly, Visa last week said it would waive the PCI validation requirement to qualified merchants that agree to install dual-use EMV point-of-sale devices that also support near-field communication (NFC), the wireless technology for mobile payments in smartphones.

If Visa thinks the main incentive to get chip-based payment cards and NFC into the U.S. is by telling merchants they can wave goodbye to their annual PCI validation costs, is this a sign of the beginning of the end of the reign of PCI?

The PCI Security Standards Council would only comment, "Let's see what happens next," but they're still churning out security PCI guidelines, such as the one published last week on tokenization technology and how to use it to help with PCI compliance.

In other smartphone news, Heartland Payment Systems -- remember them from the devastating breach they suffered from hackers three years ago -- unveiled a mobile-payment device called "Mobuyle" that works with any Android or tablet to turn it into a payment-card processor. It's a direct jab at the Jack Dorsey "Square," the little mobile-payment device made by the guy who brought you Twitter. There's no PCI standard for mobile payments yet, but the council says it's trying to have one ready by yearend.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags DefconsecurityFacebook

More about CTIAFacebookGoogleLANNewsNFCStrategy&VisaWikipediaXinhua News Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place