Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The week in security: APTs up, skills down as Facebook Home ban advised

David Braue | April 15, 2013
A look at the security concerns for the week.

Perpetrators of advanced persistent attacks (APTs) are getting more evasive and persistent, observers warn, even as Scottish security startup Inquisitive Systems received £500,000 ($732,880) to fight APTs. SQL injection flaws are also proving problematic, a Veracode report suggested, in that they are both easy to find and easy to exploit.

Others were concerned about the security implications of the new Facebook Home overlay for Android smartphones, which is likely to make its way into more than a few companies via employees' Android proclivities (read some Facebook Home privacy facts here) and the lack of user education around such issues.

Mobiles are already known to view more private data than is necessary - prompting a warning from the EU that improving user experience isn't a justification for use of consumer information - and the use of a botnet-for-hire to boost Android malware spamming doesn't help either.

Yet even as news leaks that the US Air Force has reclassified cyber tools as weapons, law enforcement agencies may have similar concerns from iOS devices as they come to realise they can't decrypt Apple's encrypted iMessage communications service.

That's not the only place where encryption is proving to be an issue: cloud encryption is moving from fiction to "actionable reality", according to one security researcher, while reports suggest the creator of Secure Shell (SSH) encryption is working on a follow-up. Yet Gartner argues that it will be a "long hard climb" to boost cloud security to acceptable and universal levels, and that executives must show their real security interest bysupporting appropriate security spending in a time of IT budget stagnation.

It's certainly not helping things to note that hackers are finding new uses for a variety of common technologies: wireless IP cameras, for example, are open to hijacking over the Internet, while everything from electric car chargers to jet flight simulators to the high-end Canon EOS-1D X camera can be repurposed for other means. Twitter's OAuth feature can be abused to hijack accounts, while online poker applications have been breached. Even smart water meter trials are being executed with security in mind.

US public companies' filings suggest there are some inconsistent messages around the real extent of cybersecurity threats, while a new online library published by WikiLeaks is offering an historical repository of millions of Kissinger-era intelligence cables.

Speaking of old technology, some experts warn that many large businesses will still be using antiquated Windows XP desktops well after support for the platform is ceased altogether. This, compounded by a continuing security skills shortage, reflects the need to keep on top of cyberskills deficiencies - as will the formation of a new Oxford University cyber-security research centre designed to support a global program for cyber defence.

Companies concerned about security and vulnerability assessment should watch out for four common mistakes. One more thing to watch out for is the lack of control over mobile device environments, although startup Averail has launched its effort in this respect with a container and security auditing technology for iPads.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.