The week in security: mobile insecurity bites Oz as authorities weigh privacy risks, options
- — 13 December, 2012 12:29
There was quite a lot of kerfuffle around the did-they-or-didn't-they in relation to the alleged capture of McAfee founder John McAfee, with reports suggesting he was still free even after a blog entry said he was caught trying to leave Belize. McAfee was traced to Guatemala and eventually arrested there, ending an extraordinary international manhunt that continued to generate headlines as McAfee pushed for – and was refused – political asylum in Guatemala, then was hospitalised for chest pains.
'Endpoint protection' has become a critical catchphrase as mobile devices and virtual desktops increase the enterprise threat profile faced by many organisations. Android, in particular, has proved to be particularly problematic after statistics revealed that the platform draws more malware attacks than PCs; Australian Android devices, it turns out, are attacked more frequently than devices in any other country.
Little wonder mobile network operator Orange will be installing Lookout's Mobile Security application on many Android-based tablets and smartphones next year. Other firms are offering new mobile-device security such as Good Vault's two-factor authentication method for iPhones.
In this climate, deciding whether iOS or Android is better for enterprise users is a matter of security – particularly as BYOD growth puts new pressure on corporate security policies. Research In Motion, for its part, is introducing a password blacklisting feature in its upcoming BlackBerry 10 mobile operating system. Meanwhile, the UK Ministry of Social Development has been racing to deal with a "critical" security flaw in its kiosk system. Good thing the UK's Cyber Security Strategy is working so well, with the policy receiving accolades from the government after its first year in operation. Not everybody agrees, however: some critics say the policy cuts corners and ignores consumers.
The UK isn't the only country tightening the screws on cybercrims. The Netherlands government will soon introduce a bill that would impose heavy penalties on criminal suspects that refuse to decrypt data needed for criminal investigations. Australia's Information Commissioner is considering whether whitelisting could be a "reasonable" privacy measure. Experts in the US are pushing for a government-level cybersecurity doctrine, even as EU experts concede that most US companies aren't likely to conform to strict EU privacy standards in the near future.
Apple computers were targeted with a new piece of malware that has been classified as low-risk, while hacker group Anonymous was planning and eventually instigated a crippling attack on the International Telecommunications Union's website. Yet authorities had a win against Anonymous, with a former member convicted for 2010 DDoS attacks on PayPal, Mastercard, Visa and other financial-services companies.
The ramifications of a breach continue to be significant: the UK's Cheltenham Council, for one, found itself racing to recover after a malware attack disrupted a broad range of services. Japan's space agency was online banking scam was found to have netted $US47m by exploiting mobile devices over the past year. Given these risks, it's hardly surprising to see vendors like TAS Managed Services partnering with ethical-hacking company Pure Hacking to broaden their service offerings for financial-services customers.
Even developer hooks can be abused, with Yahoo! users tailor ads according to what they're doing. The patent was rejected by the US Patent Office but the fact that it could even be proposed, may send shivers down more than a few couch potatoes' spines.