For all its efforts to protect citizen privacy, the revelation that the passwords of many Australian Tax Office (ATO) business customers had been stored in plain text highlighted the persistent ability of human error – in this case, at an ATO subcontractor with data stored external to the organisation – to compromise security measures.
Zero-day attacks, outdated vendor patches, malware toolkits spewing out new variants in their thousands, new threat vectors from unprotected and unmanaged mobile devices.
The Internet Industry Association (IIA) will accept public feedback for the next three weeks after completing its review of the icode – the ISP association’s voluntary code of conduct – with a view to a major update that will address mobile and other evolving security threats.
The hardest part of maintaining a security defence is figuring out the things we don’t know – but by applying monitoring to all network traffic and simplifying accessibility to analytics tools, it’s easier than ever to ferret out new malware and seal perimeters that have been compromised by mobile devices, a Palo Alto Networks analyst has advised.
The AusCERT 2013 security conference, which coincides with the government-sponsored National Cyber Security Awareness Week (NCSAW), dominated the news during the week, and the CSO Australia team was there in full force to hear the latest from industry experts from across Australia around the world.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
With Facebook's constant stream of changes, keeping up with your privacy settings can be daunting. Here's a rundown of the newest features, what the changes mean to your privacy and how to update your settings.
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
Symantec Vision 2011 Sydney in pictures
You just got your hands on a Google+ invite, but what next? Check out these ideas to get started using Google's new social network.
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
It seems like every other website we visit today presents us with a “login with a social network” button. We are sometimes presented with a choice, usually between Facebook, Twitter or LinkedIn. But the most common social network encountered is Facebook and the most common scenario where we are offered this option is when we attempt to use a technology-focused service online. This is starting to change and we will start to notice it in a matter of months.
How to protect your security and privacy on Facebook
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
We like our risk management, don’t we? It allows us to identify risks, and take action to mitigate them. Risk Management can and should be applied to social media usage. It makes good sense to manage the risk by having a very clear social media policy.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.