The week in security: Weighing iPhone 5s' fingerprint privacy

CSOs and CIOs gathered to discuss cloud and BYOD security issues at the jointly-hosted CSO-CIO Insights Breakfast series, Changing the Enterprise Landscape. Among the topics discussed was the CIOs’ belief that cloud computing still presents security concerns.

As it should: a new survey suggests even government networks are still not ready for the transformative change to be wrought by cloud computing, big data, security, mobility, and data-centre consolidation. Reports advise that potential BYOD adopters look carefully at the risk before jumping into the model, although the all-in commitment of early adopters like New York Law School shows that some are happy with the risks.

It looks like the NSA’s extensive surveillance of online communications has delivered some useful information after all: it turns out terrorists love Gmail above other Webmail services, while critics argue that a federal court was wrong in allowing the NSA to collect nearly any type of information on the people it was surveilling.

The NSA wasn’t only doing Webmail surveys, however: a new report says the NSA was also monitoring global financial transactions. It probably should have monitored Edward Snowden a bit better, some argue, but nonetheless its secretive ways have led some security experts to draw on its techniques for better PC security. And the NSA itself was said to be pushing for even closer partnerships with the IT industry, even as some experts praised the US Defense Department’s network consolidation and its security implications.

Google updated its Google Play service to allow remote changing of passwords on Android devices. But it was Apple’s new iPhone 5s and iOS 7 led the headlines for much of the week, with mobile device management (MDM) vendors get more control under the new platform and the iPhone 5s’s fingerprint scanner was hailed as a game changer by some.

For its part, Apple was patching away, with 80 vulnerabilities corrected and new ones appearing. For example, a lock-screen bypass allowing access to photos, contacts and social-networking details. A US senator was pushing for more information about the privacy controls around the iPhone 5s’s fingerprint technology.

Some were criticising a proposed plan for a closed domain-name record system, which would address some of the recent security incidents involving DNS vulnerabilities, as putting too much power into one group’s hands. Another group was asking 21 countries to disclose requests for electronic surveillance.

In vulnerability news, security firm Damballa said the Mevade botnet’s efforts to tap into the Tor anonymity network were a botched attempt to hide. Others were offering tips for defending against DDoS attacks, while security researchers figured out how to create undetectable hardware Trojans. Fully 70 per cent of business users were said to be vulnerable to the latest Internet Explorer 0-day, while

In other interesting news, there were revelations that online-content interest Netflix monitors pirate-content sites to determine which TV shows are worth watching. BlackBerry finally readied iOS and Android versions of its enterprise-favourite BlackBerry Messenger (BBM) technology, reflecting the rapidly-changing situation at the onetime mobile powerhouse.

In product news, HP rolled out a next-generation firewall family and threat-detection service, while Zettaset said it plans to add encryption capabilities to big-data analysis systems running Hadoop. Zscaler released a cloud-based APT protection service, while Australian hosting provider OzHosting pushed into the secure file-exchange market with an encrypted file-storage service that gives each customer its own virtual server with Web and other access. UK bank Barclays moved along similar lines, with a cloud-based document management service designed to securely store customer documents for the long term.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleAPTBlackBerryCSOGoogleHPMessengerNetflixNSAzScaler

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts