The week in security: what privacy tech giveth, the law taketh away

It turns out not even your lounge room is safe from hackers: reports suggest a LAN-based attack on a number of Samsung TVs can put the TV into an infinite restart loop that can't be stopped without calling in a technician.

Yet TVs aren't the only targets under threat. Concerns were being raised over the security of planned e-health records, while a survey found that Australians are worried about personal data drifting offshore. Men are apparently more careful than women about erasing personal data from old devices, while such concerns guaranteed a rocky reception for the new Google Drive service – which had Google defending itself against critics that said it had set itself up to do basically whatever it wanted with user data.

CSO spoke with a trust manager at US ticket-swapping site Stubhub about his experiences spotting and blocking fraudulent transactions, while vendor Guardian Analytics launched a fraud-detection tool for mobile devices. This sort of tool may be crucial moving forward, with an audit of secure HTTPS sites suggesting that most of the Internet's 200,000 busiest secure sites are in fact insecure. On a related note, engineers continue pondering the best way to fix a major vulnerability in the Internet's routing system.

Many of those devices are made by Google, which has been working on its own ways of securing its environment – and is putting its money where its proverbial mouth is. The bounty for hackers that identify flaws in Google's systems has been raised to $20,000 – although there are new rules around the offer. And, in a similar crowd-sourcing exercise – albeit one that offered nothing more than pizza and Coke as a reward – thousands of keen hackers around the world took to local venues to build new systems around masses of NASA data.

Efforts to eradicate the surprisingly-effective Mac Flashback Trojan have been of questionable value, with many unsure how well the cleanup has gone. Yet even as that cleanup continues, revelations suggested one in five Macs is carrying Windows malware. Given these kinds of numbers even on non-Windows platforms, there's little surprise Microsoft has updated its free AV Security Essentials tool.

Yet new tools will do nothing to counter human error, as one researcher found after he mistakenly published details of an unpatched Oracle Database Server vulnerability.

Even Facebook is jumping onto the security bandwagon, partnering with a number of security vendors to offer a range of antivirus packages. That said, the world's largest social network might want to up its own security after a hacker penetrated the company's core systems and stole its source code; he explained how it was done. A new survey found that most IT professionals believe the Anonymous hacking group is a serious threat to their companies. And why wouldn't they? Hackers are getting more resourceful all the time; witness claims by Nissan that says hackers had planted malware on its network to steal employee user IDs and hashed passwords. Social engineering remains an issue, and new vectors of attack are popping up in all sorts of places. India recently overtook the US as the world's top originator of spam, while estimates from a Russian security firm suggest cybercriminals from that country earned $4.5 billion from their scams last year.

Little wonder the European Union is pushing to invest in security technologies and taking a stance against the ongoing ACTA copyright treaty, which Europe's privacy watchdog has warned could lead to widespread breaches of individual privacy.

Not everyone is of the same mindset, however. The US House of Representatives is set to vote on CISPA, a bill that would increase the amount of cyberthreat information being shared between private companies and the US government. An amendment from CISPA sponsors was designed to alleviate privacy concerns, but others are concerned that the growing trend of ever more-intrusive legislation is violating the Obama administration's personal-freedoms base. The Obama White House opposes CISPA but the legislation passed the House anyway. Time will tell if privacy advocates' deepest concerns bear fruit.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about ASAetworkFacebookGoogleLANMacsMicrosoftmobilesNASANissan AustraliaOracleSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place