The week in security: what privacy tech giveth, the law taketh away
- 01 May, 2012 17:11
It turns out not even your lounge room is safe from hackers: reports suggest a LAN-based attack on a number of Samsung TVs can put the TV into an infinite restart loop that can't be stopped without calling in a technician.
Yet TVs aren't the only targets under threat. Concerns were being raised over the security of planned e-health records, while a survey found that Australians are worried about personal data drifting offshore. Men are apparently more careful than women about erasing personal data from old devices, while such concerns guaranteed a rocky reception for the new Google Drive service – which had Google defending itself against critics that said it had set itself up to do basically whatever it wanted with user data.
CSO spoke with a trust manager at US ticket-swapping site Stubhub about his experiences spotting and blocking fraudulent transactions, while vendor Guardian Analytics launched a fraud-detection tool for mobile devices. This sort of tool may be crucial moving forward, with an audit of secure HTTPS sites suggesting that most of the Internet's 200,000 busiest secure sites are in fact insecure. On a related note, engineers continue pondering the best way to fix a major vulnerability in the Internet's routing system.
Many of those devices are made by Google, which has been working on its own ways of securing its environment – and is putting its money where its proverbial mouth is. The bounty for hackers that identify flaws in Google's systems has been raised to $20,000 – although there are new rules around the offer. And, in a similar crowd-sourcing exercise – albeit one that offered nothing more than pizza and Coke as a reward – thousands of keen hackers around the world took to local venues to build new systems around masses of NASA data.
Efforts to eradicate the surprisingly-effective Mac Flashback Trojan have been of questionable value, with many unsure how well the cleanup has gone. Yet even as that cleanup continues, revelations suggested one in five Macs is carrying Windows malware. Given these kinds of numbers even on non-Windows platforms, there's little surprise Microsoft has updated its free AV Security Essentials tool.
Yet new tools will do nothing to counter human error, as one researcher found after he mistakenly published details of an unpatched Oracle Database Server vulnerability.
Even Facebook is jumping onto the security bandwagon, partnering with a number of security vendors to offer a range of antivirus packages. That said, the world's largest social network might want to up its own security after a hacker penetrated the company's core systems and stole its source code; he explained how it was done. A new survey found that most IT professionals believe the Anonymous hacking group is a serious threat to their companies. And why wouldn't they? Hackers are getting more resourceful all the time; witness claims by Nissan that says hackers had planted malware on its network to steal employee user IDs and hashed passwords. Social engineering remains an issue, and new vectors of attack are popping up in all sorts of places. India recently overtook the US as the world's top originator of spam, while estimates from a Russian security firm suggest cybercriminals from that country earned $4.5 billion from their scams last year.
Little wonder the European Union is pushing to invest in security technologies and taking a stance against the ongoing ACTA copyright treaty, which Europe's privacy watchdog has warned could lead to widespread breaches of individual privacy.
Not everyone is of the same mindset, however. The US House of Representatives is set to vote on CISPA, a bill that would increase the amount of cyberthreat information being shared between private companies and the US government. An amendment from CISPA sponsors was designed to alleviate privacy concerns, but others are concerned that the growing trend of ever more-intrusive legislation is violating the Obama administration's personal-freedoms base. The Obama White House opposes CISPA but the legislation passed the House anyway. Time will tell if privacy advocates' deepest concerns bear fruit.