The week in security: Aussie execs lag on privacy, millennials lag on security
- — 05 November, 2013 11:40
Young, digital-literate citizens may be particularly vulnerable to online security exploitation, if the results of a new Raytheon study are anything to go by.
Yet not all young people are so gullible, as Information Security Rookie of the Year Christina Camilleri told CSO Australia. As a uni student who already has a job in information security, Camilleri is not only an early entrant into the local security field – but as a woman, she is among just 11% of security professionals that a new survey has found are women.
Yet even digitally-illiterate users would have been amongst the 38m users compromised by an early-October breach of Adobe security, in which a file with 150m Adobe user names and passwords was published online – and the source code for its iconic Photoshop application was stolen.
Some were arguing that law-enforcement agencies should have stronger powers to hack into computers during their investigations, while others were pushing for a range of security features for the KitKat 4.4 release of Google's Android operating system – which, as the US Department of Homeland Security has found, can be its own problem when it comes to keeping security current.
Social-media scheduler Buffer upgraded security after spammers accessed its network, while the Intro tool from social-media giant LinkedIn was held up as a potential honeypot for hackers – even as the company's iPhone app was fingered for poor privacy design. Also in the social-media world, a new project was seeking to collect everything Mark Zuckerberg has ever said publicly – in an effort to better understand his position on privacy. This position might be quite obvious, however, if reports that Facebook is considering ways to track the movement of your mouse cursor are true.
Most Australian companies don't understand their positions on privacy either, if the results of a Clearswift survey are anything to go by: fully 73% of respondents said they were still unaware of the new privacy requirements that will be legally enforceable after they come into effect on March 12. This could be a problem for many reasons – not the least because hackers are said to be targeting SAP systems that are veritable treasure troves of personal information. Yet even more problematic could be the data-breach notification laws now gaining momentum in a range of jurisdictions.
Security researchers were on a roll when it came to finding security bugs in existing products, with the popular IZON surveillance camera fingered for security holes, security tools from ZoneAlarm and Norton struggling to make the jump to Windows 8.1, a piece of ATM malware expected to spread from Mexico to the English-speaking world, and participants in DEF CON 21's Social Engineer Capture the Flag contest showing how broadly vulnerable our information is. A fake social-media account was even enough to trick security staff at a US government agency.
Other researchers suggested Apple's iOS apps were subject to man-in-the-middle attacks and could be hijacked over public Wi-Fi, while Microsoft was warning of Windows XP's insecurity and was considering making its Windows Defender security tool mandatory for computers that have been left unprotected. The company ultimately relented, but security peer Sophos was looking forward by taking steps towards rolling out its cloud-security strategy – a move that is set to take off, according to Gartner figures.
Even as security contractor Thales launched a £2m ($A3.38m) cyber-security 'battle lab' in the UK, IT giant NEC was arguing for the use of facial recognition technology in highly-populated countries like Hong Kong, while Mozilla released critical patches for Firefox and was promoting a new geolocation data service that it says will respect privacy better than existing alternatives. Also on the browser front, Google has developed a Chrome security feature that will stop malware downloads as they're happening.
Speaking of Mozilla, some were pushing for open-source software projects to improve their handling of vulnerabilities after a survey found many open-source developers were clueless about managing security remediation. Concerns over data privacy were so significant that there were suggestions they could derail EU-US trade talks, while others were more concerned about ensuring security in virtual machines and Citrix was upgrading its XenMobile platform to tighten its controls over virtual environments on mobiles.
Little wonder that just 4% of UK businesses were fully confident in the capability of their IT security functions. The situation is no better in Africa, where mobile devices are increasingly important but security tools are seen as increasingly less important. Yet they're not the only ones: small and medium businesses (SMBs) broadly suffer from a false sense of security in believing they are safe from hackers, according to figures from security firm McAfee.