Apple Geo-Location, Sony PlayStation Network, Lead Week's Security News
After six days of near-silence, entertainment and electronics giant Sony admitted attackers had breached the PlayStation Network, an online gaming service, and waltzed off with personal information for its 77 million users.
Sony shut down the PlayStation Network and the Qriocity music service without any explanation on April 20 to deal with the data breach. Unfortunately, the company wasn't sure whether the intruders had stolen user credit card numbers.
The theft from Sony's cloud services and Amazon's EC2 outage from the week before increased overall worries about the security of putting applications and personal information on the cloud. "The ultimate lesson here is that all businesses are vulnerable to hackers, regardless of size or industry," Mandeep Khera, CMO at Cenzic, told eWEEK.
Sony's incident has dwarfed the data breach in Texas where the personal information of 3.5 million people was accidentally exposed on a public Web site at the State Comptroller's Office earlier this month. The Comptroller Office has confirmed spending $1.8 million so far to notify users and investigate the incident.
Enterprises remain jittery about data security, a recent vendor survey found. The PhoneFactor survey found that organizations were re-evaluating multi-factor authentication schemes and many of them were shying away from token-based platforms.
The furor surrounding Apple collecting location data from iPhone users continued as Congressional lawmakers asked Apple and wireless carriers to clarify their location-data-collection policies. Google also came under scrutiny by the Illinois attorney-general over privacy concerns. After days of silence on the topic, Apple finally claimed a software bug was to blame for the fact that cell tower information in the database was being retained beyond seven days.
All this has had some impact. The iPhone brand perception has dropped, according to YouGov's BrandIndex.
Department of Justice officials and the Federal Bureau of Investigation went back to the United States District Court of Connecticut to continue its fight against the Coreflood botnet. The FBI is working with internet service providers to identify users whose computers have been infected by the botnet and getting written permission to remotely execute a software program that would remove the malware permanently. The FBI requested a 30-day extension to continue running the command-and-control servers that have been instructing the zombies to temporarily stop running the malicious code.
The FBI also warned that in the past 12 months, cyber-thieves have attempted to wire over $20 million from small-and-midsized businesses to China. The thieves have successfully stole $11 million across 20 incidents using unauthorized wire transfers, according to the federal agency.
While the United States was more secure and better prepared than it was a few years ago, the rapid evolution of cyber-space and threats meant the government had to work together with academia and the private sector to combat them, Department of Homeland Security Secretary Janet Napolitano said in a speech to engineering students at UC Berkeley.
The week started with a spot of happy news as Ivan Kaspersky, the 20-year-old son of Yevgeny Kaspersky, the CEO and co-founder of Russian security firm Kaspersky Lab, was safely rescued from kidnappers demanding a $4.3 million ransom. The rescue of the young Kaspersky was carried out by Moscow police and Russian Federal Security Service investigators. No ransom was reportedly paid.