Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The week in security: Millions compromised in Apple, Linux forum hacks

David Braue | July 29, 2013
Are you covered for damage from a security attack? If you're like most companies, the answer may be 'no' even if you think otherwise

Are you covered for damage from a security attack? If you're like most companies, the answer may be 'no' even if you think otherwise. One insurance-industry figure warns that some uncomfortable truths may come out in the wash as growing pressure for mandatory breach warnings drives companies to fess up about their real vulnerabilities.

Amid increasingly-repeated concerns the NSA's spying activities could have a deleterious effect on US-based cloud firms, the White House opposed a bill that would curtail NSA surveillance spending and the court overseeing the activities of the US NSA has renewed the standing permission for continued collection of telephone-call metadata. A vote on the issue was tight enough that privacy advocates hope the tide is starting to turn against surveillance, even as the US-based American Civil Liberties Union (ACLU) released a report documenting widespread license-plate scanning on that country's highways. Little wonder a German government report recommended companies should stop sending Europeans' personal data to the US.

User forums have become the target du jour for hackers, with a Ubuntu Linux discussion forum breached andtaken offline after encrypted passwords and email addresses for nearly 2 million users stolen.

Apple's own developer site was hacked, suffering a high-profile multi-day outage that saw the company openly admitting the incidentclosing down the site and gradually overhauling and eventually restoring services throughout the week. Predictably, phishers wasted no time targeting the users' credentials.

Despite the high-profile user-forum hacks, good old security flaws were also abundant: for example, researchers found a major encryption flaw in older mobile-phone SIM cards that some said boosted the casefor secure mobile data containers. Others argued that the flaw has significant implications for mobile-reliant businesses, even though the researcher who identified the issues says they are easy to fix.

Indonesia came from nowhere to emerge as a major global source of malware in Akamai's latest State of the Internet report, while Network Solutions was facing its own problems as latency of its MySQL databases increased in the wake of its defence against DDoS attacks. A hacker group called the Syrian Electronic Armyhacked the customer support Web site of instant-messaging and VoIP provider Viber. Another report found a rise in Android malware that turns handsets into spying devices, while Symantec reported an Android flaw that's allowing apps to modify legitimate applications by using a 'master key' vulnerability.

Little wonder so many CSOs are thinking about mobile security policies. Yet others should also be looking at more practical matters such as the handling of digital certificates, which one security specialist has warned remains an often unrealised weakness in corporate environments.

Even as figures suggested 500 hosted Web sites are compromised every day and a new Trojan called KINS threatened the integrity of online banking, hackers' continuous ingenuity in identifying new vulnerabilities has shifted the focus of many vendors' tools elsewhere, with one security analyst pointing out that regardless of their nature it's relatively easy to spot malware based on its use of nonstandard IP ports.


1  2  Next Page 

Sign up for Computerworld eNewsletters.