The week in security: Weighing iPhone 5s' fingerprint privacy

  • David Braue (CSO Online)
  • — 24 September, 2013 15:13

CSOs and CIOs gathered to discuss cloud and BYOD security issues at the jointly-hosted CSO-CIO Insights Breakfast series, Changing the Enterprise Landscape. Among the topics discussed was the CIOs’ belief that cloud computing still presents security concerns.

As it should: a new survey suggests even government networks are still not ready for the transformative change to be wrought by cloud computing, big data, security, mobility, and data-centre consolidation. Reports advise that potential BYOD adopters look carefully at the risk before jumping into the model, although the all-in commitment of early adopters like New York Law School shows that some are happy with the risks.

It looks like the NSA’s extensive surveillance of online communications has delivered some useful information after all: it turns out terrorists love Gmail above other Webmail services, while critics argue that a federal court was wrong in allowing the NSA to collect nearly any type of information on the people it was surveilling.

The NSA wasn’t only doing Webmail surveys, however: a new report says the NSA was also monitoring global financial transactions. It probably should have monitored Edward Snowden a bit better, some argue, but nonetheless its secretive ways have led some security experts to draw on its techniques for better PC security. And the NSA itself was said to be pushing for even closer partnerships with the IT industry, even as some experts praised the US Defense Department’s network consolidation and its security implications.

Google updated its Google Play service to allow remote changing of passwords on Android devices. But it was Apple’s new iPhone 5s and iOS 7 led the headlines for much of the week, with mobile device management (MDM) vendors get more control under the new platform and the iPhone 5s’s fingerprint scanner was hailed as a game changer by some.

For its part, Apple was patching away, with 80 vulnerabilities corrected and new ones appearing. For example, a lock-screen bypass allowing access to photos, contacts and social-networking details. A US senator was pushing for more information about the privacy controls around the iPhone 5s’s fingerprint technology.

Some were criticising a proposed plan for a closed domain-name record system, which would address some of the recent security incidents involving DNS vulnerabilities, as putting too much power into one group’s hands. Another group was asking 21 countries to disclose requests for electronic surveillance.

In vulnerability news, security firm Damballa said the Mevade botnet’s efforts to tap into the Tor anonymity network were a botched attempt to hide. Others were offering tips for defending against DDoS attacks, while security researchers figured out how to create undetectable hardware Trojans. Fully 70 per cent of business users were said to be vulnerable to the latest Internet Explorer 0-day, while

In other interesting news, there were revelations that online-content interest Netflix monitors pirate-content sites to determine which TV shows are worth watching. BlackBerry finally readied iOS and Android versions of its enterprise-favourite BlackBerry Messenger (BBM) technology, reflecting the rapidly-changing situation at the onetime mobile powerhouse.

In product news, HP rolled out a next-generation firewall family and threat-detection service, while Zettaset said it plans to add encryption capabilities to big-data analysis systems running Hadoop. Zscaler released a cloud-based APT protection service, while Australian hosting provider OzHosting pushed into the secure file-exchange market with an encrypted file-storage service that gives each customer its own virtual server with Web and other access. UK bank Barclays moved along similar lines, with a cloud-based document management service designed to securely store customer documents for the long term.

Forget BYOD – it's now BYOC

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Deep Security - Enterprise Virtualization Security

Advanced protection for physical, virtual and cloud servers

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.