The week in security: Wi-Fi targeted as CIOs prioritise security spending in 2015
- 12 January, 2015 16:16
Educators like to talk about the importance of teaching coding to students, but the network security protocols in place on some UK school networks are holding them back, according to some reports. No word on whether those same protocols will do much to stop the use of a new, free tool that automates the process of phishing for Wi-Fi passwords on open networks.
Proponents of the bitcoin online currency were reassuring the world after an attack on a bitcoin exchange forced it to shut down, even as hackers made off with $US5 million ($A6.1m) worth of bitcoin.
In-flight Internet provider Gogo Internet was taking a somewhat contentious approach to security, targeting in-flight video streaming by rerouting users' requests for some high-traffic Web sites – substituting their HTTPS certificates with other certificates signed by the company in a novel man-in-the-middle attack. That makes airline Wi-Fi less secure than you think in the same way that hotel Wi-Fi is, by reports, less secure than you think.
Back down on Earth, security-focused operating system vendor Qubes patched some security bugs and formally advised that it has not in fact been ordered by a government to install a back door into its environment. Online seller Moonpig didn't need to intentionally do so, after it was revealed that a fault in its API had jeopardised the data of millions of its customers. And if ever employees needed a reason not to skimp on information security, investment firm Morgan Stanley has provided one – terminating the employment of an employee who briefly posted the details of 900 of the company's clients online.
Speaking of leaking details online: Sony's CEO broke his silent streak with a public statement praising the work of the company's staff and partners for getting the company's movie, The Interview, into theatres despite the work of cybercriminals that aired a large quantity of the company's confidential information and intellectual property. The US FBI restated its conclusion that North Korea-sponsored hackers were responsible for the attack, saying that “sloppy” work by the hackers left clues that pointed straight to them.
Indeed, according to IBM, such highly-productive attacks are becoming more common, even as the number of attacks seems to be reducing. That is a good-news-bad-news situation that, unsurprisingly, is likely to correlate with an overall increase in security spending during 2015. Much of this will be in the mobility area, where ever-faster app sales are expanding the potential attack surface for corporates – and driving privacy authorities to push vendors to make privacy policies more obvious when users buy new apps.
Such investments should increase the proactivity of major online companies in protecting their online assets: AOL, for one, moved to stop the delivery of malicious ads from its advertising platform after it was informed of the goings-on – which affected users including GameZone and Huffington Post – by a security company. Yet there was little done to change another innovation that users might consider to be a security issue: the use of so-called 'super cookies' that can track users despite the protections afforded by browsers' 'private browsing' modes.
Speaking of security workarounds, there were suggestions that macro-based c – an early scourge of Microsoft Office users – is making a comeback. Also in the what's-old-is-new-again department was CryptoWall, the stubborn ransomware that has been appearing in new forms that are frustrating security researchers. Even Apple may need to do some careful fixing, blocking a tool that brute-forces iCloud passwords but facing a new flaw in its Thunderbolt ports can be used to write custom code directly into the boot ROM of a target Mac computer.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
Register Today Seats are limited
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)
