The week in security: ACMA weighs Aussie security attitudes, AISA challenges them

The Australian Information Security Association's (AISA's) annual conference brought together a range of security minds to discuss the latest threats and opportunities in the security space. Among them was discussion about the mechanisms involved in delivering a universal identity system universal identity system to all Indians; a discussion of the value of targeted analytics the value of targeted analytics; the ongoing danger ongoing danger posed even when you have skilled security technicians; an interview with electronic voting-system hacker electronic voting-system hacker Dr Hugh Thompson; a perspective perspective on positive and negative information-security trends; and some thoughts on identity thoughts on identity, and on the inevitability of security breaches inevitability of security breaches. A full conference wrap is available here here.

ACMA research into Australians' perceptions of online security turned up some interesting findings – including the fact that malware fears are not the thing are not the thing keeping Australians from banking and shopping online. Many Australians still see mobiles and Macs as malware-proof see mobiles and Macs, results suggested, while younger Australians are less concerned less concerned about malware than older users and non English speakers non English speakers were significantly more aware of malware risks than English speakers.

Your likelihood of falling for phishing scams is related to your personality, according to new research new research that could be reinforced as phishers count the benefits of new information counting the benefits from Facebook’s new Graph Search. This sort of thing makes phishing awareness education phishing awareness education more important than ever; ditto techniques for protecting online privacy techniques.

Yet criminals were proving resourceful, as card-not-present scams soared card-not-present scams soared despite an overall reduction in online banking losses. UK banks were ready to stress-test ready to stress-test their readiness for a major cyber-attack, even as figures suggested figures suggested cybercrime was costing enterprises $US11.8m per year and generating 122 attacks per week and a report suggested that insider threats were the leading cause of data breaches insider threats.

Hosting provider LeaseWeb suffered a DNS hijacking attack suffered, Google's Malaysia site was knocked over by knocked over by a DNS attack, and Network Solutions was investigating another DNS hijack by a pro-Palestinian hacking group another DNS hijack. Meanwhile, Symantec won one for the Gipper by taking down taking down part of the ZeroAccess botnet and authorities arrested authorities arrested the author of the notorious Blackhole exploit kit in Russia, nicknamed 'Paunch' nicknamed.

Hackers were already moving to create its successor moving to create, while other hackers were celebrating after Microsoft handed out its first $US100,000 bounty to a UK researcher who discovered a serious flaw serious flaw in its software. Google, similarly, said it would pay developers pay developers for proactively improving security on some of its open-source applications.

The FBI was having a hard time accessing hard time the $US80m in Bitcoins that were seized during its raid on the owner of anonymous online service Silk Road, while some experts were warning that you should share your password with loved ones share your password so they don't have a hard time accessing your digital history in the event you're unexpectedly indisposed.

Even as revelations emerged that the Home Office's e-borders system had seen three-quarters of all records on drug and smuggling cases deleted deleted, the new National Crime Agency (NCA) – which brings a focus on cyber crime into the heart of its mission statement – became operational became operational and was on the tail of Silk Road-based illegal drug sellers on the tail of. The agency quickly chalked up its first conviction first conviction even as the similarly-named NSA got a reprieve got a reprieve in efforts by Yahoo to push for the declassification and release of documents related to its surveillance activities.

Reports suggested that Luxembourg is investigating Skype investigating Skype over possible links to the NSA's Prism program, even as the NSA's director was on bended knee asking the world asking the world to trust him and his staff, even as US politicians mounted their offensive mounted their offensive and surveys suggested fears of NSA backdoors were creating a crisis of confidence crisis of confidence in US high-tech products and services. Little wonder a crowdfunded effort will take the UK government to the European Court of Human Rights about its PRISM-enabled domestic spying crowdfunded effort – although the head of MI5 is now on record arguing that the Prism data leaks scandal is damaging is damaging the country's anti-terrorism efforts.

Cyber-freedoms organisation the Electronic Frontier Foundation was also speaking out against the NSA, resigning resigning from the Global Network Initiative because of the complicity in PRISM by founding members such as Google, Microsoft, Yahoo and Facebook. Also problematic for the NSA were revelations that the CIA had previously dismissed had previously dismissed NSA PRISM leaker Edward Snowden on suspicion of breaking into computers without authorised access.

It seems many people are still using the notoriously insecure and outdated Windows XP, according to a study that found it remains the primary operating system remains the primary operating system on a massive proportion of laptops. Small and medium businesses (SMBs) were hit hardest hit hardest by rising cybercrime costs, which is a double-edged sword because many are still reliant on their established Windows XP systems.

Meanwhile, the US government shutdown was credited with delaying credited with delaying critical patching of systems' security flaws, while Google CEO Eric Schmidt raised eyebrows – and laughs from the audience – when he said Google's Android operating system is "more secure than the iPhone" more secure. Statistics suggest otherwise, but either way it's important to regularly consult regularly consult your survival guide for an insecure cyber world.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AISAElectronic Frontier FoundationFacebookFBIGoogleMacsMicrosoftmobilesNSAPrismSkypeSymantecYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place