The week in security: Companies pressured to act on breaches

News of new security breaches continued to roll in throughout the week.

News of new security breaches continued to roll in throughout the week, with the Australian Securities and Investments Commission (ASIC) kicking off the week with a warning that users of online stockbroking services should review their security, change their passwords, and ensure all software was current. Seems someone has been poking their heads where they shouldn't be, and ASIC is eager to prevent any more unwanted intrusions.

Speaking of intrusions, authorities in Europe are set to overhaul that region's 1995 Data Protection Directive with a focus on shortening reporting times when security is breached. Under the new guidelines, companies will be given just 24 hours to fess up to their customers – much longer than customers were left waiting during recent attacks such as the Sony, Stratfor and other hacks.

Looks like they're concerned about improving the responsiveness of efforts to quickly stop the likes of Andrey N. Sabelnikov, a Russian developer and apparent photography fan that Microsoft this week fingered as the developer of Kelihos malware. Yet there's no telling, however, whether all companies will be as forward as Symantec, which this week warned www.cso.com.au/article/413574/symantec_disable_pcanywhere_until_fully_patched/ all customers of its pcAnywhere remote-access product to stop using it because its source code has been leaked to the blackhat community.

There's no telling what they might do with that source code, but there were warnings of more imminent problems as revelations emerged that many companies are configuring their building management systems (BMSes) with no security beyond a simple password-protected Web login. That would make it easier than ever to put the heat on a target company – literally – although hackers were much subtler when they planted text and image files on the Governor-General's Web site which, it was this week revealed, had been publicly accessible online for the past 10 months.

Social application Grindr was also feeling the heat after the Sydney Morning Herald reported that a hacker had found a way to log into the site as a different user and sent messages, chat and send photos on their behalf. Given that Grindr is targeted at homosexual men and has more than 100,000 Australian users – many of whom have shared compromising photos and would hardly want their personal information exploited – the company has moved quickly to fix the bug in the site and its heterosexual sister site Blendr.

The week progressed amidst warnings of a growing worldwide cyber-warfare threat, while figures released closer to home revealed that authorities were granted over 243,000 telecommunications interception warrants in the 2010-2011 year. On a similar note, Greens senator Scott Ludlam was warning that ISP data-retention proposals are still very much on the table and even went as far as to claim his mobile phone was being tapped. That one was the subject of debate – but not so a malware attack that found a legitimate small business banned from Google AdWords after its hosting provider was compromised by malware and blackballed online. Just goes to show that online, collateral damage can be significant and unintended.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Australian Securities & Investment CommissionGoogleMicrosoftScott CorporationSonySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts