The week in security: SSL mandate expands as White House, EU move on security

Australian ISPs are set to be forced to block Web sites facilitating the download of illegal films and other content, after the passage of controversial laws forcing them to take such action.

Even as a Belgian privacy lawsuit against Facebook highlighted weaknesses in European Union privacy legislation, the EU Council issued a long-awaited plan for online privacy. There's no telling how it will impact the collection of log data – which, according to a new SANS Institute survey, is the most likely use of big-data investments in most large enterprises.

Over in the US, White House authorities ordered an all-hands-on-deck cybersecurity push after a significant data breach that exposed sensitive data for a year and had lawmakers worried that it will have national-security implications. Online password locker Lastpass was also pushed into action after a significant hack, even as the FBI began investigating one major-league baseball team accused of hacking the systems of a rival team.

Wikipedia became the latest major Web property to make HTTPS connections mandatory for all users, and Reddit soon followed suit. Amazon.com published its first-ever transparency report, sharing details of its responses to requests for customer information from law enforcement agencies. Several privacy groups said they would quit US talks about facial-recognition standards over concerns that they won't deliver adequate privacy protections.

There were concerns about the ease of stumbling upon the SpeedUpKit scareware even as weaponised Word documents proved effective in getting past conventional defences. There were also concerns about digital-certificate integrity after analysis of the Duqu 2.0 malware showed that it was using certificates from contract manufacturer Foxconn Technology Group to mask its activities. Some believe a free SSL-certificate project may offer better security by increasing use of legitimate – and free – certificates.

Cybersecurity issues with international implications reflect the growing importance of nationally based cybersecurity collaborations, with one INTERPOL expert lauding the progress of Australia and other regional countries in centralising their cyber-response resources. A stronger regional posture will also help Australian financial-services and other businesses securely extend their presence into other parts of the region.

Use of open-source components is introducing an average of 24 vulnerabilities to commercial and in-house developed applications, according to one study. Little wonder a survey of consumer-oriented Web sites found that news and Internet of Things-related Web sites failed security and privacy tests – or that Google is offering up to $US38,000 ($A48,900) for bugs in its Android mobile operating system.

Samsung was moving to plug a significant security hole in its Galaxy smartphones, even as Australian carriers were left in the dark about the problem. Not to be outdone, iOS devices were also vulnerable after researchers found a flat what allows malicious App Store apps to bypass a range of security protections.

Cloud-storage company Dropbox is doing its own bit for security by integrating its service with mobile-management products, while a new Cisco Systems study highlighted the need for a change: with IPv4 depletion looming ever closer, the shift to IPv6 will accelerate to the point that a quarter of Net traffic will be carried using the new protocol. Security practitioners will need to be ready to deal in both spheres.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritybreacheuSSL mandateSANS Institute surveyAustralian ISPsWeb siteswikipediaCSO AustraliaSpeedUpKitFacebookwhite houseinterpol

More about Amazon.comCiscoCSODropboxEnex TestLabEUFacebookFBIFoxconnGalaxyGoogleSamsungSANS InstituteTechnologyTwitterWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place