The week in security: ACMA weighs Aussie security attitudes, AISA challenges them

The Australian Information Security Association's (AISA's) annual conference brought together a range of security minds to discuss the latest threats and opportunities in the security space. Among them was discussion about the mechanisms involved in delivering a universal identity system universal identity system to all Indians; a discussion of the value of targeted analytics the value of targeted analytics; the ongoing danger ongoing danger posed even when you have skilled security technicians; an interview with electronic voting-system hacker electronic voting-system hacker Dr Hugh Thompson; a perspective perspective on positive and negative information-security trends; and some thoughts on identity thoughts on identity, and on the inevitability of security breaches inevitability of security breaches. A full conference wrap is available here here.

ACMA research into Australians' perceptions of online security turned up some interesting findings – including the fact that malware fears are not the thing are not the thing keeping Australians from banking and shopping online. Many Australians still see mobiles and Macs as malware-proof see mobiles and Macs, results suggested, while younger Australians are less concerned less concerned about malware than older users and non English speakers non English speakers were significantly more aware of malware risks than English speakers.

Your likelihood of falling for phishing scams is related to your personality, according to new research new research that could be reinforced as phishers count the benefits of new information counting the benefits from Facebook’s new Graph Search. This sort of thing makes phishing awareness education phishing awareness education more important than ever; ditto techniques for protecting online privacy techniques.

Yet criminals were proving resourceful, as card-not-present scams soared card-not-present scams soared despite an overall reduction in online banking losses. UK banks were ready to stress-test ready to stress-test their readiness for a major cyber-attack, even as figures suggested figures suggested cybercrime was costing enterprises $US11.8m per year and generating 122 attacks per week and a report suggested that insider threats were the leading cause of data breaches insider threats.

Hosting provider LeaseWeb suffered a DNS hijacking attack suffered, Google's Malaysia site was knocked over by knocked over by a DNS attack, and Network Solutions was investigating another DNS hijack by a pro-Palestinian hacking group another DNS hijack. Meanwhile, Symantec won one for the Gipper by taking down taking down part of the ZeroAccess botnet and authorities arrested authorities arrested the author of the notorious Blackhole exploit kit in Russia, nicknamed 'Paunch' nicknamed.

Hackers were already moving to create its successor moving to create, while other hackers were celebrating after Microsoft handed out its first $US100,000 bounty to a UK researcher who discovered a serious flaw serious flaw in its software. Google, similarly, said it would pay developers pay developers for proactively improving security on some of its open-source applications.

The FBI was having a hard time accessing hard time the $US80m in Bitcoins that were seized during its raid on the owner of anonymous online service Silk Road, while some experts were warning that you should share your password with loved ones share your password so they don't have a hard time accessing your digital history in the event you're unexpectedly indisposed.

Even as revelations emerged that the Home Office's e-borders system had seen three-quarters of all records on drug and smuggling cases deleted deleted, the new National Crime Agency (NCA) – which brings a focus on cyber crime into the heart of its mission statement – became operational became operational and was on the tail of Silk Road-based illegal drug sellers on the tail of. The agency quickly chalked up its first conviction first conviction even as the similarly-named NSA got a reprieve got a reprieve in efforts by Yahoo to push for the declassification and release of documents related to its surveillance activities.

Reports suggested that Luxembourg is investigating Skype investigating Skype over possible links to the NSA's Prism program, even as the NSA's director was on bended knee asking the world asking the world to trust him and his staff, even as US politicians mounted their offensive mounted their offensive and surveys suggested fears of NSA backdoors were creating a crisis of confidence crisis of confidence in US high-tech products and services. Little wonder a crowdfunded effort will take the UK government to the European Court of Human Rights about its PRISM-enabled domestic spying crowdfunded effort – although the head of MI5 is now on record arguing that the Prism data leaks scandal is damaging is damaging the country's anti-terrorism efforts.

Cyber-freedoms organisation the Electronic Frontier Foundation was also speaking out against the NSA, resigning resigning from the Global Network Initiative because of the complicity in PRISM by founding members such as Google, Microsoft, Yahoo and Facebook. Also problematic for the NSA were revelations that the CIA had previously dismissed had previously dismissed NSA PRISM leaker Edward Snowden on suspicion of breaking into computers without authorised access.

It seems many people are still using the notoriously insecure and outdated Windows XP, according to a study that found it remains the primary operating system remains the primary operating system on a massive proportion of laptops. Small and medium businesses (SMBs) were hit hardest hit hardest by rising cybercrime costs, which is a double-edged sword because many are still reliant on their established Windows XP systems.

Meanwhile, the US government shutdown was credited with delaying credited with delaying critical patching of systems' security flaws, while Google CEO Eric Schmidt raised eyebrows – and laughs from the audience – when he said Google's Android operating system is "more secure than the iPhone" more secure. Statistics suggest otherwise, but either way it's important to regularly consult regularly consult your survival guide for an insecure cyber world.

Tags: security

Review: Linux Security Distributions

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.