The week in security: Is Apple to blame for breach, or SMS?
- — 28 August, 2012 10:55
What's the best way to ensure your data isn't compromised in the cloud? Encrypt everything and don't let your cloud provider have the password, advises one security expert. You can even encrypt Android devices with FIPS 140-compliant technology now available.
Yet while you can run, you may not necessarily be able to hide: the online threat profile continued unabated, with revelations that Crisis malware can even infect VMware virtual-machine images; Microsoft warning about password-stealing 'man-in-the-middle' attacks based on vulnerabilities in its MS-CHAP authentication protocol.
The standoff over Julian Assange, predictably, became the latest cause celebre for hackers as Anonymous targeted the UK Ministry of Justice. It was a successful attack – as was the high-profile laptop hack and data recovery of tech journalist Mat Honan – although authorities were a bit less convinced by another threat to hack NASA's Mars Curiosity rover.
Apparently responding to a French hacker's claims he has found a flaw in the iPhone's implementation of SMS, Apple was warning customers that SMS messages are insecure and that – surprise, surprise – customers concerned about security should use its iMessage service instead. Security experts, of course, rushed to offer their perspectives and advice on the issue (many were unimpressed), and on security in general. But it didn't take long for Android to suffer its own attack as a reported 500,000 Chinese users were infected with the 'SMSZombie' backdoor malware attack; it can be no surprise that BYOD strategies are causing security types to revisit mobile data protection strategies.
Turns out the practice of cracking popular apps, riddling them with malware and re-posting them to trick unsuspecting Android users has become hugely popular, according to a new study. The US Department of Justice took the interesting step of seizing three sites for alleged copyright violations around pirated Android apps, but it's the tip of the iceberg. Little wonder companies like McAfee are redoubling their efforts to secure the platform, although McAfee created its own problems after an update to its antivirus products crippled many users' computers. Others were worried about technology's dark side – new devices designed to harm users – or inadvertent compromises of common technology such as in-car systems.
Meanwhile, Siemens was flagged for a complex security hole and Adobe reinforced concerns over existing technologies as it patched six serious flaws in Flash – which some warn is "under siege" as hackers launched a malware attack to capitalise on Google's decision to stop distributing the platform through Google Play.
As analysis of the Shamoon malware suggested it may be related to the recent Saudi Aramco attack and analysis of Gauss malware turned up some surprising conclusions, security types are working to improve defences against rootkit attacks with new BIOS security standards. And all this talk about data security has many executives nervous, with boardrooms becoming increasingly aware of security considerations. As they should: the string of high-profile security issues continued as it was revealed authorities are looking into concerns about the security of retail giant Tesco's website.
Time will tell whether security concerns hobbled ad agency Facedeals, which is testing the boundaries of privacy with an app that targets local ads at potential customers as they walk through the doors of a retail shop. But with data security and privacy clearly a growing issue, you'd hope that authorities could get their acts together and figure out how to collaborate to shut down hackers, but conflicts over the procedures for the recent multinational effort to take down the DNSChanger malware showed that things are often not as smooth as you'd hope.
Even as a German man was given seven years in prison for online fraud and LulzSec turncoat 'Sabu' was given a six-month sentencing delay, London police were warning users to use paper maps rather than smartphone maps to avoid becoming targets for thieves. Those concerned about smartphones' use of personal data got a new cause for concern after it was revealed that apps for US presidential candidates Barack Obama and Mitt Romney "suck up" personal data.