A recap of the past week's IT security news features a serious breach in Dropbox security, various cloud initiatives and Apple's OS X update.
The week began with the news
that online file storage provider
had accidentally disabled passwords on all its user accounts,
potentially allowing anyone to wander in and access other people's files.
While Dropbox fixed the
issue, which was the result of a "code update," the accounts were
unprotected for four hours. The company claimed only a small fraction of
accounts had been accessed during that time period and that it didn't seem as
if anyone had acted maliciously.
Many irate customers
threatened to take their files to other competing services, reigniting the
debate over the security benefits of
, which Dropbox uses, and client-side encryption,
favored by several other cloud-storage companies.
Speaking of the cloud,
, of the Cloud Security Alliance, pointed out that companies are
taking the outsourcing mentality when it comes to moving applications to the
cloud and not thinking about the underlying architecture. Organizations need to
take a measured approach to make sure they are covering all the key points,
such as security, business continuity and disaster recovery, Reavis said.
Law enforcement has been
busy this week, as British police, with assistance from the Federal Bureau of
Investigation, arrested a
19-year old hacker
and charged him with attacking the United Kingdom's
Serious Organized Crime Agency's Website.
In a series of coordinated
raids around the globe, the FBI broke up two cyber-crime gangs that had racked
up nearly $74 million distributing
scareware and fake antivirus
software to more than a million users.
Two studies painted a bleak
picture of enterprise security, with one finding that organizations are almost
certainly to be attacked, and the other showing that security professionals
consider regular malware a bigger threat to their organizations' networks than
reported 90 percent of surveyed businesses had at least
one IT security breach over the past 12 months, and more than half expected to
be hit in the next 12 months. Over half, or 55 percent, of IT security
professionals surveyed by
said mass malware was a "very large" or "large"
threat to the enterprise.
It was the week to pick on
end-users for poor security practices, as well. An analysis of user passwords
from the Sony breach revealed that users are not picking strong passwords
and two studies found that users were not being
careful when surfing online. If that wasn't enough, scammers are taking
advantage of the intense interest around Apple's forthcoming
platform to hijack search-engine results to distribute fake antivirus
software to end-users.
Apple rolled out what may be
the last major
before it releases Mac OS X 10.7 "Lion" this summer,
perhaps in July. Apple doesn't schedule updates like Microsoft or other vendors
do for their software.
So it's not entirely out of
the question for the company to squeeze in another update for "Snow Leopard"
before the big launch. However, this update is "Lion-ready," in that
the Mac App Store was updated to make the upgrade process easier.