The week in security: SSL mandate expands as White House, EU move on security
- 22 June, 2015 11:15
Australian ISPs are set to be forced to block Web sites facilitating the download of illegal films and other content, after the passage of controversial laws forcing them to take such action.
Even as a Belgian privacy lawsuit against Facebook highlighted weaknesses in European Union privacy legislation, the EU Council issued a long-awaited plan for online privacy. There's no telling how it will impact the collection of log data – which, according to a new SANS Institute survey, is the most likely use of big-data investments in most large enterprises.
Over in the US, White House authorities ordered an all-hands-on-deck cybersecurity push after a significant data breach that exposed sensitive data for a year and had lawmakers worried that it will have national-security implications. Online password locker Lastpass was also pushed into action after a significant hack, even as the FBI began investigating one major-league baseball team accused of hacking the systems of a rival team.
Wikipedia became the latest major Web property to make HTTPS connections mandatory for all users, and Reddit soon followed suit. Amazon.com published its first-ever transparency report, sharing details of its responses to requests for customer information from law enforcement agencies. Several privacy groups said they would quit US talks about facial-recognition standards over concerns that they won't deliver adequate privacy protections.
There were concerns about the ease of stumbling upon the SpeedUpKit scareware even as weaponised Word documents proved effective in getting past conventional defences. There were also concerns about digital-certificate integrity after analysis of the Duqu 2.0 malware showed that it was using certificates from contract manufacturer Foxconn Technology Group to mask its activities. Some believe a free SSL-certificate project may offer better security by increasing use of legitimate – and free – certificates.
Cybersecurity issues with international implications reflect the growing importance of nationally based cybersecurity collaborations, with one INTERPOL expert lauding the progress of Australia and other regional countries in centralising their cyber-response resources. A stronger regional posture will also help Australian financial-services and other businesses securely extend their presence into other parts of the region.
Use of open-source components is introducing an average of 24 vulnerabilities to commercial and in-house developed applications, according to one study. Little wonder a survey of consumer-oriented Web sites found that news and Internet of Things-related Web sites failed security and privacy tests – or that Google is offering up to $US38,000 ($A48,900) for bugs in its Android mobile operating system.
Samsung was moving to plug a significant security hole in its Galaxy smartphones, even as Australian carriers were left in the dark about the problem. Not to be outdone, iOS devices were also vulnerable after researchers found a flat what allows malicious App Store apps to bypass a range of security protections.
Cloud-storage company Dropbox is doing its own bit for security by integrating its service with mobile-management products, while a new Cisco Systems study highlighted the need for a change: with IPv4 depletion looming ever closer, the shift to IPv6 will accelerate to the point that a quarter of Net traffic will be carried using the new protocol. Security practitioners will need to be ready to deal in both spheres.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
