The week in security: What they know about you, and what they want to

The SXSW conference in the US became a hotbed of debate over privacy around 'big data' collection, while the problem is set to get worse with a flurry of new apps debuting at the show based entirely around knowing and sharing your location. Cue the security and privacy issues that come from dumping untold amounts of personal information into online services.

App privacy is generating so much concern – even among users who are, ironically, happy to share every detail of their lives on Facebook – that the US government wants Apple to brief them on the privacy controls of iOS apps. Yet location information is only the beginning: the FBI has regularly issued Google with search warrants for user data, with 361 requests received in Australia alone between January and June 2011; this week, uncharacteristically, one curious punter has stumbled upon the details of the information requested. Yet the FBI is taking a far more legally appropriate method than News International – whose security chief was arrested as the fallout from its phone-hacking scandal continues.

Google's efforts to block Flash exploits within its Chrome browser had unexpected collateral, with certain games and applications being blocked inadvertently. Yet Google isn't the only one dealing with security issues around Flash: Adobe has had a long and significant history working to maintain the security of its Reader and Acrobat products, and we chatted with the Adobe executive whose job it was to keep attackers at bay. Or, keep up with them, depending on how you look at it.

If you're not au fait with the idea of advanced persistent threats (APT), you may want to have the concept explained for you; CSO took a clear-eyed look at the threat and walked through a real-life example of such a breach. We also offered a gallery of Web-based tools to keep up with the latest APT and other cyber-security threats.

There were certainly threats aplenty as always. One of the latest had criminals using fraudulent SIM cards to bypass online-banking protections, while others are cold-calling antivirus customers or using one-time mobile-phone passwords to perpetrate their scams. And a potentially major hole in Microsoft's Remote Desktop Protocol (RDP) had many worried about widespread exploitation.

Turns out the Ukraine is becoming a 'haven' for hackers, who are increasingly taking to the world stage with their exploits. Even as the Vatican was hacked– apparently by Anonymous – some wondered whether the LulzSec bust was part of a broader play against Julian Assange. Others have foreseen the increasingly aggressive attacks by many hackers as a harbinger of an intense cyber-warfare front that will continue throughout the year.

Closer to home, IT security managers are split on emerging bring-your-own-device (BYOD) policies and sceptical of devices running Google's operating system – but are stopping short of banning the devices on security grounds altogether. This leaves them in a perilous sort of limbo; ditto adoption of cloud computing, which works well – until it doesn't. Are you prepared for the latter?

We heard that public-safety organisations are suffering shrinking budgets that are forcing IT managers to get creative in their problem solving. Solutions such as Auraya's cloud-delivered voice authentication system reflect their own creativity, while a government-backed cyber-security competition will give the government its own injection of creativity by tapping into the natural inquisitiveness of university students.


CSO Announcement

Register Today.Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution, Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.



Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies