Data privacy dominated security headlines this past week as
the European Commission set out to change its 17-year-old data privacy law. The
changes would not be applicable to just companies that are based or operate in
the European Union, but to every company that does business with an EU citizen.
The changes, once adopted, would apply to American giants
such as Microsoft, Google and Facebook.
The proposed changes are designed to simplify the rules and
reduce bureaucracy while giving "teeth" to the regulators charged
with enforcing them. Companies welcomed the idea of streamlining the rules but
were critical of the requirement that all data breaches must be disclosed
within 24 hours.
Google caused a
lot of ripples as it consolidated its privacy rules and structured them around
its Google + social networking platform. The changes were extensively
communicated to users, which are supposed to take in effect March 1. Lawmakers questioned
whether the company could make these changes.
A group of Android applications infected the
Android.Counterclank malware were discovered in the Android Market. A botlike
threat, Counterclank can receive commands to carry out certain actions, as well
as steal information from infected devices, according to Symantec. The malware
relies on social engineering to trick users into downloading it.
However, the mobile security company Lookout questioned
whether Counterclank actually met the criteria to be classified as malware or
as a bot. Users should be careful and avoid these apps as they may potentially
intercept information, but they are not necessarily malicious, Lookout said.
Several studies came out during the past week that examined
consumerization of IT within the enterprises, but they drew very different
conclusions. A Cisco report found that personal tablets and smartphones in the
enterprises are causing IT staffs a lot of concern. The IT managers in the
report said they would restrict the use of those devices internally. In
contrast, a report from consulting organization Avanade found that C-level
executives and IT "decision-makers" are embracing the
bring-your-own-device (BYOD) trend and are making changes to the infrastructure
to accommodate the influx of devices.
Also during the week, Twitter acquired anti-malware specialist
Dasient. Dasient launched a service in 2010 that allows organizations to test
online advertisements for any that may direct users to malicious sites or load
malware on the victim computers. With Twitter rumored to be launching a new ad
platform for the microblogging site, the security deal appears to be a sign
Twitter is thinking about ways to secure the ads.
Symantec may have preferred to focus attention on its
earnings results this past week, but its urgent advice that users should stop
using the pcAnywhere remote PC access software until the company patches the
application code stole some of the limelight. The warning was the latest twist
in the story of how unknown attackers stole source code from Symantec in 2006.
Wired's ThreatLevel reported that while Symantec had known about the network
breach back in 2006, it had not known about the code theft until this month.
The company had to re-examine its logs to figure out what happened.
Anonymous and other online hacktivists continued their Internet
campaign to retaliate against the Megaupload takedown and to protest congressional
con innocent Internet bystanders into participating in
distributed-denial-of-service attacks against various Websites the previous
This past week, they shifted some of their tactics to hijack
the Domain Name System records to divert traffic from major Internet sites.
Users were unable to get to the Web page and thought the sites had been taken
down or compromised.