The week in security: Inside the antivirus pressure-sell; Adobe's 38m-strong privacy breach
- 15 June, 2015 09:05
The closure of a shady telemarketing company came just days after an IDG report revealed new insights into online antivirus-related pressure sells that are netting big bucks from those “Your PC may be infected” advertisements.
Privacy was on the agenda as always, with Adobe front and centre as the Australian Privacy Commissioner stepped in to explore a privacy breach affecting 38 million customers. Meanwhile, advocacy group Privacy International lodged a complaint with a UK court about a controversial phone data collection scheme, with its head arguing that “privacy policies should be called surveillance policies”.
Turns out even large companies are struggling with security just like their smaller counterparts, according to a new survey. Even the German Parliament was suffering, potentially facing a complete systems replacement four weeks after a hack that has planted spyware in its systems.
Do you always remember to change your encryption keys after a security breach? Most information-security professionals don't, according to a new report. Managing encryption keys will become even more important as encryption becomes entrenched in everyday Web practice. Media-streaming company Plex added free SSL encryption capabilities for all of its users, while the US government – chastened, no doubt, by the hack of the US Army Web site that had privacy vendors concerned about secondary phishing attacks – mandated the use of HTTPS on all of its public Web sites and Web services by the end of 2016. And Apple, for its part, issued an edict that all iOS 9 developers should use HTTPS “exclusively”.
Increasing reliance on SSL certificates had some in Congress nervous about Web security, even as a union argued that hacked data on millions of US workers, stolen from US government servers, was unencrypted. A second breach was feared to have hit the US government's Office of Personnel Management.
Clearly, the fight for the Internet isn't over, with cybersecurity professionals honing their cybercrim-catching skills and information-security organisation ISACA appointing two Australian experts to its board of directors.
Apple announced that it would require a minimum of 6 digits for device PINs in its upcoming iOS 9 mobile operating system – although it also suffered a security flaw in Apple Mail that could compromise iCloud passwords. Adobe was fixing flaws in its Flash Player while Microsoft addressed security issues in its Internet Explorer browser.
New malware was targeting Oracle Micros point-of-sale software, while a startup security vendor offered a new approach to Web and email filtering in which it proxies the traffic and delivers a rendering of the content.
Meanwhile, a Parliamentary committee recommended that the government proceed with plans to force ISPs to block Web sites facilitating online film and television piracy. ISP iiNet had its own issues, investigating a security issue at its Westnet subsidiary, while reports suggested the Duqu spy group had also targeted telecommunications companies as well as compromising the venues hosting Iran nuclear negotiations and, in an embarrassing turn for antivirus pioneer Eugene Kaspersky, the company's own systems – prompting Kaspersky to suggest they were looking for intelligence.
This article is brought to you by Enex TestLab, content directors for CSO Australia.