Google, EU Data Privacy Policies Lead Week's Security News
Data privacy dominated security headlines this past week as the European Commission set out to change its 17-year-old data privacy law. The changes would not be applicable to just companies that are based or operate in the European Union, but to every company that does business with an EU citizen.
The changes, once adopted, would apply to American giants such as Microsoft, Google and Facebook.
The proposed changes are designed to simplify the rules and reduce bureaucracy while giving "teeth" to the regulators charged with enforcing them. Companies welcomed the idea of streamlining the rules but were critical of the requirement that all data breaches must be disclosed within 24 hours.
Google caused a lot of ripples as it consolidated its privacy rules and structured them around its Google + social networking platform. The changes were extensively communicated to users, which are supposed to take in effect March 1. Lawmakers questioned whether the company could make these changes.
A group of Android applications infected the Android.Counterclank malware were discovered in the Android Market. A botlike threat, Counterclank can receive commands to carry out certain actions, as well as steal information from infected devices, according to Symantec. The malware relies on social engineering to trick users into downloading it.
However, the mobile security company Lookout questioned whether Counterclank actually met the criteria to be classified as malware or as a bot. Users should be careful and avoid these apps as they may potentially intercept information, but they are not necessarily malicious, Lookout said.
Several studies came out during the past week that examined consumerization of IT within the enterprises, but they drew very different conclusions. A Cisco report found that personal tablets and smartphones in the enterprises are causing IT staffs a lot of concern. The IT managers in the report said they would restrict the use of those devices internally. In contrast, a report from consulting organization Avanade found that C-level executives and IT "decision-makers" are embracing the bring-your-own-device (BYOD) trend and are making changes to the infrastructure to accommodate the influx of devices.
Also during the week, Twitter acquired anti-malware specialist Dasient. Dasient launched a service in 2010 that allows organizations to test online advertisements for any that may direct users to malicious sites or load malware on the victim computers. With Twitter rumored to be launching a new ad platform for the microblogging site, the security deal appears to be a sign Twitter is thinking about ways to secure the ads.
Symantec may have preferred to focus attention on its earnings results this past week, but its urgent advice that users should stop using the pcAnywhere remote PC access software until the company patches the application code stole some of the limelight. The warning was the latest twist in the story of how unknown attackers stole source code from Symantec in 2006. Wired's ThreatLevel reported that while Symantec had known about the network breach back in 2006, it had not known about the code theft until this month. The company had to re-examine its logs to figure out what happened.
This past week, they shifted some of their tactics to hijack the Domain Name System records to divert traffic from major Internet sites. Users were unable to get to the Web page and thought the sites had been taken down or compromised.