Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The week in security: Malware growth leaves Australian CIOs unprepared

David Braue | April 22, 2013
CIOs may only have glimpses of the future of mobile security, but security firm Bitdefender believes one of the recurring issues will be the continued channelling of private information even from paid-for apps in the Android Play app store.

Caught or not, some attacks are starting to resemble bank heists - which has security experts worried. Many data centre providers are seeking to fill in the gaps with strong security nous, but there's no need to even go out the door to find potential problems: an analysis of 13 popular home and small-office routers found critical security vulnerabilities.

Doubly so in Australia where, a survey found, CIOs feel broadly unprepared to deal with cyber attacks and aren't always sure about the best ways to clinch security funding. That's a problem, since the only way is up: a study from HP's new HP Security Research (HPSR) organisation found that vulnerabilities were up nearly 20% since last year, while DDoS fighter Prolexic released figures suggesting DDoS attacks are up this year in both number and size. Worse still, many customers are finding network security technologies ineffective, according to a new Ponemon Institute report.

Even gaming machines aren't free from problems, with one gaming-software developer moving to fix some identified flaws. Yet Oracle eclipsed even that number by shipping 128 patches covering security weaknesses across "hundreds" of its products. A new version of Java included 42 security fixes alone, and changed the way Web-based Java content will be presented inside Web browsers, while a new technical security standard is aiming at higher-level applications with an effort to improve supply-chain safety.

Even as the US government prepared to vote on, and eventually passed, the CISPA cyberthreat bill, one of its sponsors created a social-media storm by suggesting many of the opponents to the law are 14-year-olds in their basements.

Whether or not he's right, basement-bound 14-year-olds might intuitively be able to answer a question answered by more formal research: how much malware is there, really, on free pornography sites? Some sites are remarkably free from the nasties, although one Russian porn site has been delivering malware that uses victims' computers to mine bitcoins.

Anti-spam efforts scored a small victory after antispam vendor Cloudmark found that gift-card SMS spam had dropped after action by the US Federal Trade Commission against eight companies.

US Secretary of State John Kerry said cyber-defences will be crucial to ensuring security in the Asian region, while EU regulators were paying attention to open DNS resolvers after last month's Spamhaus DDoS attacks, which EU security agency ENISA pinned on ISPs having ignored decade-old recommendations on limiting false IP traffic.

Meanwhile, Microsoft moved towards optional two-factor authentication and, announcing that browsers are thebiggest security threats to enterprises, is developing a new client-side architecture called Embassies, which is designed to improve Web application security using Internet addresses for external communications.

Speaking of browser security: Apple has kept patching its Java version for the popular Snow Leopard operating system, even as it was revealed the next major version of Java - Java 8 - has been pushed backinto the first quarter of 2014.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.