The week in security: Yahoo!, Google learn security lessons

From the good-news-bad-news files, the federal Department of Broadband, Communications and the Digital Economy surprised many citizens by telling them that DVDs with their usernames and passwords had been lost in the post – but the news came four months after the event, which rendered it all but moot for most.

Apple saw its first malicious iOS app unleashed onto its app store, and copped criticism for its perceived lack of effort in preventing iPhone theft; ironically, the company is so concerned about iPhone security that it’s holding off providing its own mobile payment service despite successful efforts by rivals.

One of those rivals, Google, saw its Android platform hit with . Even an online Android forum was hacked – raising cheers from privacy groups. But not all mobile devices are insecure: many have been tweaked for better security, as a CSO gallery showed.

New security standards dropped references while outlining better protection – but they aren’t the only things requiring protection from cyber attacks, with European security authorities warning that smart energy grids are vulnerable and need better security.

UK police secured a 6.5 year sentence against a phisher who siphoned $461,000 from British students, while two men were jailed for a separate scam that picked off more than $2.3m by impersonating a student-loan company. And, in the US, authorities blasted a $2.7m online loan-fraud scheme.

Also on the policing front, the shutdown was hailed by some as a victory for law enforcement and a victory for morality by its creator. Retailer Best Buy revealed hackers were regularly trying to access online customer accounts and some questioned the long-term value of the DNSChanger shutdown even as ISPs were being credited with minimising its impact.

New malware emerged to take its place, with one Java-based Web attack installing backdoors across Windows, Linux, and Mac computers and a new Chinese Trojan tricking routers into spreading malware. Even Microsoft had trust issues, revoking 28 digital certificates for its BPOS cloud tools. The company also updated its Windows encryption policies to reject encryption keys smaller than 1024 bits.

Yahoo was investigating the breach of 453,000 user logins, which included a range of user names and passwords that spawned a raft of analysis – including the listing of the most common passwords in use on the service. Hackers facilitated this process by posting over 400,000 Yahoo! Voice passwords online. Armchair analysis blamed Yahoo! for negligence and incompetence in its security.

On the privacy front, French courts set an interesting privacy precedent by fining a company more than $12,000 after it refused to give an employee a GPS record it had made of his movements in his company vehicle. On a similar front, figures revealed that US law-enforcement agencies requested data on mobile users more than 1.3 million times last year. No wonder consumer concern over online privacy is up by half over last year.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleGoogleLinuxMicrosoftYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts