The week in security: Security cracks galore as RBA hacked, Apple outed

Revelations that the Reserve Bank of Australia suffered a malware attack, back in 2011, had tongues wagging – not the least because customers, it turns out, are more concerned by the data security concerns of bank contact centres.

They would probably be even more concerned if they found out not only that their Facebook ‘likes’ were revealing too much about them, but that their financial information was publicly available through a credit-reporting site, as apparently happened to several well-known figures. Three retailers certainly were concerned, signing up for online-payment security services from Visa CyberSource.

Yet there’s no telling whether the average user would be happy or concerned about another security innovation that could find its way to banks: a Japanese team has suggested that over-the-shoulder attacks could be stopped by surrounding the PIN-entry field with dummy cursors to confuse onlookers and screen-capture malware.

In the US, the industry was weighing up the implications of president Barack Obama's government cyber security executive order, even as Colin Powell’s Facebook page was hacked and the government warned China to tone down cyber-attacks – which the government sees as a top threat to the US this year.

Commercial exploit kit Cool proved it’s a force to be reckoned with after adding a days-old zero-day flaw to its repertoire of attacks. Interestingly, Google’s Chrome OS also proved to be a force to be reckoned with after a hacking contest received no winning entries for the platform.

Less resistant to hacking were Adobe Flash, which was patched for the fifth time this year. Microsoft fixed a USB-related vulnerability and received mixed reviews after it pledged it would roll out Windows Store app patches as they’re available.

In the wake of ongoing security difficulties for Java, security of open-source software was also under scrutiny, while Google launched a site for Webmasters of hacked Web sites.

Revelations suggested Apple's App Store servers were leaving some information unencrypted, exposing users to several potential attacks – not that it would matter, after researchers improved a technique for extracting user data from an SSL stream. Apple was also one of several big-name tech companies – Facebook, Microsoft and Twitter were the others – confessing they had been hit with a targeted Trojan.

It’s hardly surprising app developers and app-store maintainers were warned by the EU to improve the security of user data. The DSD certified a mobile-sandbox security solution from Good Technology under its security-assessment program, while the AFP is pushing a multi-faceted user education campaign to reduce security incidents.

BlackBerry, for its part, extended the sandbox protections of its BlackBerry 10 operating system to iOS and Google Android. Yet even as we pay more attention to mobile app security, better mobile-security tools could backfire as they draw attention from hackers, we were warned. Also problematic are security appliances riddled with serious vulnerabilities.

Some were considering the privacy implications of DNA cross-matching, while security researchers warned about traffic chaos if hackers influence real-time traffic-flow-analysis systems. And one Seattle cafe decided the implications of Google Glass eyewear were so significant that it's banned the technology even before it's been released.

Speaking of uproars: advocacy group Reporters Without Borders was up in arms, naming five nations that it says spy on media and activists. On a similar note, prestigious Harvard University was trying to talk its way out of a report that university administrators had secretly accessed emails of 16 university deans.

The US government was warning citizens to apply an HP LaserJet printer firmware upgrade for a remote-execution vulnerability, while a New Zealand group of businesses was thinking far bigger as they agreed on voluntary standards for system security. It comes none too soon: hackers are now exploiting trusted VPN connections between suppliers and clients, security firm Mandiant warns.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Adobe SystemsAppleBlackBerryBordersCSOEUFacebookGood TechnologyGoogleHarvard UniversityHPMicrosoftReserve Bank of AustraliaTechnologyVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts