The week in security: Weighing iPhone 5s' fingerprint privacy

CSOs and CIOs gathered to discuss cloud and BYOD security issues at the jointly-hosted CSO-CIO Insights Breakfast series, Changing the Enterprise Landscape. Among the topics discussed was the CIOs’ belief that cloud computing still presents security concerns.

As it should: a new survey suggests even government networks are still not ready for the transformative change to be wrought by cloud computing, big data, security, mobility, and data-centre consolidation. Reports advise that potential BYOD adopters look carefully at the risk before jumping into the model, although the all-in commitment of early adopters like New York Law School shows that some are happy with the risks.

It looks like the NSA’s extensive surveillance of online communications has delivered some useful information after all: it turns out terrorists love Gmail above other Webmail services, while critics argue that a federal court was wrong in allowing the NSA to collect nearly any type of information on the people it was surveilling.

The NSA wasn’t only doing Webmail surveys, however: a new report says the NSA was also monitoring global financial transactions. It probably should have monitored Edward Snowden a bit better, some argue, but nonetheless its secretive ways have led some security experts to draw on its techniques for better PC security. And the NSA itself was said to be pushing for even closer partnerships with the IT industry, even as some experts praised the US Defense Department’s network consolidation and its security implications.

Google updated its Google Play service to allow remote changing of passwords on Android devices. But it was Apple’s new iPhone 5s and iOS 7 led the headlines for much of the week, with mobile device management (MDM) vendors get more control under the new platform and the iPhone 5s’s fingerprint scanner was hailed as a game changer by some.

For its part, Apple was patching away, with 80 vulnerabilities corrected and new ones appearing. For example, a lock-screen bypass allowing access to photos, contacts and social-networking details. A US senator was pushing for more information about the privacy controls around the iPhone 5s’s fingerprint technology.

Some were criticising a proposed plan for a closed domain-name record system, which would address some of the recent security incidents involving DNS vulnerabilities, as putting too much power into one group’s hands. Another group was asking 21 countries to disclose requests for electronic surveillance.

In vulnerability news, security firm Damballa said the Mevade botnet’s efforts to tap into the Tor anonymity network were a botched attempt to hide. Others were offering tips for defending against DDoS attacks, while security researchers figured out how to create undetectable hardware Trojans. Fully 70 per cent of business users were said to be vulnerable to the latest Internet Explorer 0-day, while

In other interesting news, there were revelations that online-content interest Netflix monitors pirate-content sites to determine which TV shows are worth watching. BlackBerry finally readied iOS and Android versions of its enterprise-favourite BlackBerry Messenger (BBM) technology, reflecting the rapidly-changing situation at the onetime mobile powerhouse.

In product news, HP rolled out a next-generation firewall family and threat-detection service, while Zettaset said it plans to add encryption capabilities to big-data analysis systems running Hadoop. Zscaler released a cloud-based APT protection service, while Australian hosting provider OzHosting pushed into the secure file-exchange market with an encrypted file-storage service that gives each customer its own virtual server with Web and other access. UK bank Barclays moved along similar lines, with a cloud-based document management service designed to securely store customer documents for the long term.