The week in security: Cloud security boost as DDoS attacks ravage the Net

Ever wondered what websites are being censored? One group of university academics is working to enlist Web site operators to figure it out – even as the US NSA was called out for surveilling Muslim Americans and defended its practices of collecting data even from US residents who are not suspected of terrorist activities.

While some feel the NSA may be engaging in a bit too much data matching, the launch of the Respect Network – a consortium of cloud-based service providers who have agreed to respect each others' data privacy controls – is hoping to use data matching to improve online security. For small businesses concerned about the integrity of their data, it could be a sea change.

A Russian man was arrested and charged with hacking US point-of-sale (POS) systems, even as another botnet targeted POS systems and wrapups of the June threat landscape suggested a raft of DDoS attacks had made for a truly woeful security environment.

An antispam organisation was pushing for the arrest of perpetrators of a major 2013 DDoS attack, while Google caught a unit of India's Ministry of Communications and Information technology with unauthorised digital certificates for several Google domains. Turns out the [[xref: and that the attack also targeted domain names owned by Yahoo. Microsoft deprecated the digital certificates, which exposed users to man-in-the-middle attacks through fake Google and Yahoo domains.

Already used to being the focal point of Microsoft's Patch Tuesday security updates, Internet Explorer users running an AVG security tool were themselves revealed to be potentially exposed to a security hole. This is hardly good news for browsers which, as the short-lived recent CEO of Mozilla argued, must be positioned as bastions of security and privacy.

And, as if it weren't already bad enough, a growing consensus suggests the expanded use of the Internet of Things (IoT) paradigm is going to leave society even more exposed to the depredations of hackers. Even lightbulbs can be hacked. Expect more revelations on the vulnerabilities of the IoT model as it continues to grow.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud security

More about GoogleMicrosoftMozillaNSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts