The week in security: Cloud security boost as DDoS attacks ravage the Net
- 17 July, 2014 09:10
Ever wondered what websites are being censored? One group of university academics is working to enlist Web site operators to figure it out – even as the US NSA was called out for surveilling Muslim Americans and defended its practices of collecting data even from US residents who are not suspected of terrorist activities.
While some feel the NSA may be engaging in a bit too much data matching, the launch of the Respect Network – a consortium of cloud-based service providers who have agreed to respect each others' data privacy controls – is hoping to use data matching to improve online security. For small businesses concerned about the integrity of their data, it could be a sea change.
A Russian man was arrested and charged with hacking US point-of-sale (POS) systems, even as another botnet targeted POS systems and wrapups of the June threat landscape suggested a raft of DDoS attacks had made for a truly woeful security environment.
An antispam organisation was pushing for the arrest of perpetrators of a major 2013 DDoS attack, while Google caught a unit of India's Ministry of Communications and Information technology with unauthorised digital certificates for several Google domains. Turns out the [[xref:http://www.cso.com.au/article/549741/digital_certificate_breach_indian_authority_also_targeted_yahoo_domains_possibly_others/ and that the attack also targeted domain names owned by Yahoo. Microsoft deprecated the digital certificates, which exposed users to man-in-the-middle attacks through fake Google and Yahoo domains.
Already used to being the focal point of Microsoft's Patch Tuesday security updates, Internet Explorer users running an AVG security tool were themselves revealed to be potentially exposed to a security hole. This is hardly good news for browsers which, as the short-lived recent CEO of Mozilla argued, must be positioned as bastions of security and privacy.
And, as if it weren't already bad enough, a growing consensus suggests the expanded use of the Internet of Things (IoT) paradigm is going to leave society even more exposed to the depredations of hackers. Even lightbulbs can be hacked. Expect more revelations on the vulnerabilities of the IoT model as it continues to grow.