The week in security: Anonymous claims hack, GoDaddy claims router stuff up

Can you really trust your IT staff? Turns out one in five has been accessing executives’ confidential data, according to one new study. Another case has emerged in which two US lawyers were found to be profiting from the hijacking of public companies' identities.

But that's not the only problem organisations face: a study from software certification firm OPSWAT has found antivirus programs are often poorly configured, while a separate report suggested that over half of Android smartphones and tablets have unpatched security vulnerabilities .

A survey of UK Web sites has found most only give visitors a minimal amount of information about their use of cookies, while there were more suggestions the US government is laying a technical framework to track its citizens' movements online. The five-year extension of a controversial surveillance law by the US House of Representatives did little to quell those concerns.

Speaking of tracking citizens: even though Google is offering do-not-track support in its Chrome browser, advertisers have been especially up in arms over Microsoft's decision to block user tracking in its Internet Explorer 10 browser, and it's now emerged that Apache Web servers will simply ignore the setting . Looks like Microsoft just can't win – especially when it was revealed that new computers being sold in China were saving hackers even more time by shipping with malware preinstalled .

Microsoft eventually downed that botnet , called Nitol , and was also busy patching a Windows 8 Flash bug before the operating system is released, while Apple fixed 163 security flaws in its WebKit browser engine.

Even as AISA was gearing up for its national conference and soliciting nominees for its AISA Information Security Awards, a number of new security tools hit the streets including Black Lotus' new DDoS mitigation service , AVG's cloud-scanning and touchscreen-driven 2013 suite , a broad security upgrade from HP, a URL-scanning acquisition by Google, and a slew of security-product upgrades from Cisco.

There were, as always, new exploits aplenty: a new Mac malware, for example, is stealing passwords while it emerged that the Taliban is using "sexy" Facebook profiles to trick Australian troops into giving up their secrets.

Domino's Pizza's Indian operation said its website had been hacked , while security researchers found a botnet command-and-control server running inside the anonymous Tor network. Details of the new CRIME attack emerged. And, adding to the fun, the creator of the Blackhole exploit kit released a new, stealthier version.

Ireland was struck by new ransomware purporting to come from national police service Garda, while a new app shows that perpetrating SMS fraud is gaining in popularity. Also popular is Harry Potter actress Emma Watson, who has been given the dubious honour of being named the most dangerous celebrity to search for online: search for her name and you've got a 12 per cent chance of coming up with malware.

Online-services site GoDaddy had a busy week after hackers rushed to claim responsibility for a four-hour service outage; a later apology from the company, which brought the site back online ASAP, confirmed the cause was actually technical. Hackers were similarly red-faced after their claims to have hacked an FBI laptop containing stolen Apple IDs proved false; turns out the UDIDs were stolen from a digital publishing firm called BlueToad.

But that doesn't mean hackers haven't had enough wins to make people assume the worst when something happens – but sometimes it doesn't even take a hacker. Turns out you can also get personal information from rubbish bins – although it will cost the person that's supposed to be looking after them. The Scottish Border Council learned this the hard way after copping a £250,000 ($A384,000) fine when an outsourcer dumped paper copies of digitised pension records in the bin.

Along similar lines, UK firm Companies House will be reviewing its systems after a security firm said it has been storing customer passwords in plaintext on its servers. No wonder the EU has established a permanent Computer Emergency Response Team (CERT-EU), which was matched by a similar announcement as the UK's GCHQ launched a new academic research institute to investigate the "science of cyber security".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts