The week in security: mobile insecurity bites Oz as authorities weigh privacy risks, options

There was quite a lot of kerfuffle around the did-they-or-didn't-they in relation to the alleged capture of McAfee founder John McAfee, with reports suggesting he was still free even after a blog entry said he was caught trying to leave Belize. McAfee was traced to Guatemala and eventually arrested there, ending an extraordinary international manhunt that continued to generate headlines as McAfee pushed for – and was refused – political asylum in Guatemala, then was hospitalised for chest pains.

'Endpoint protection' has become a critical catchphrase as mobile devices and virtual desktops increase the enterprise threat profile faced by many organisations. Android, in particular, has proved to be particularly problematic after statistics revealed that the platform draws more malware attacks than PCs; Australian Android devices, it turns out, are attacked more frequently than devices in any other country.

Little wonder mobile network operator Orange will be installing Lookout's Mobile Security application on many Android-based tablets and smartphones next year. Other firms are offering new mobile-device security such as Good Vault's two-factor authentication method for iPhones.

In this climate, deciding whether iOS or Android is better for enterprise users is a matter of security – particularly as BYOD growth puts new pressure on corporate security policies. Research In Motion, for its part, is introducing a password blacklisting feature in its upcoming BlackBerry 10 mobile operating system. Meanwhile, the UK Ministry of Social Development has been racing to deal with a "critical" security flaw in its kiosk system. Good thing the UK's Cyber Security Strategy is working so well, with the policy receiving accolades from the government after its first year in operation. Not everybody agrees, however: some critics say the policy cuts corners and ignores consumers.

The UK isn't the only country tightening the screws on cybercrims. The Netherlands government will soon introduce a bill that would impose heavy penalties on criminal suspects that refuse to decrypt data needed for criminal investigations. Australia's Information Commissioner is considering whether whitelisting could be a "reasonable" privacy measure. Experts in the US are pushing for a government-level cybersecurity doctrine, even as EU experts concede that most US companies aren't likely to conform to strict EU privacy standards in the near future.

That said, the US hasn't been completely without enforcement action: an advertising firm, for example, was banned from sniffing the browser histories of online consumers, and the state of California sued Delta Airlines for failing to include a privacy policy in its mobile app.

Apple computers were targeted with a new piece of malware that has been classified as low-risk, while hacker group Anonymous was planning and eventually instigated a crippling attack on the International Telecommunications Union's website. Yet authorities had a win against Anonymous, with a former member convicted for 2010 DDoS attacks on PayPal, Mastercard, Visa and other financial-services companies.

The ramifications of a breach continue to be significant: the UK's Cheltenham Council, for one, found itself racing to recover after a malware attack disrupted a broad range of services. Japan's space agency was online banking scam was found to have netted $US47m by exploiting mobile devices over the past year. Given these risks, it's hardly surprising to see vendors like TAS Managed Services partnering with ethical-hacking company Pure Hacking to broaden their service offerings for financial-services customers.

With so much nastiness out there, it's also hardly surprising that users are seen as security threats. Even as Facebook opened a vote on its users' voting rights – and early returns suggested overwhelming opposition to a change in the site's privacy policy – Irish privacy group Europe vs. Facebook is threatening to take the Irish government to court over Facebook privacy complaints. Facebook is also facing suits from consumer-rights organisations in Germany about the way it shares personal data with third parties.

Civil action may seem extreme, but some experts are arguing that the threat of litigation may prove to be a more effective motivator than legislation when it comes to system security.

Even developer hooks can be abused, with Yahoo! users tailor ads according to what they're doing. The patent was rejected by the US Patent Office but the fact that it could even be proposed, may send shivers down more than a few couch potatoes' spines.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleBlackBerryCSODeltaEUFacebookMastercardMcAfee AustraliaMotionOrangePayPalPurePure HackingResearch In MotionVerizonVerizonVisaYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts