The Malicious Hacker’s Ever-Sharper Eye

Targeted attacks on organizations and Web-born infections like the recent Flashback outbreak on Macintosh computers will continue to poison the security landscape in 2012, according to John Harrison, Symantec group product manager for endpoint threat protection and security technology and response.

Targeted attacks — attacks aimed at specific individuals within an organization — were a “rising tide” last year, averaging 94 a day by November, according to Symantec’s annual Internet Security Threat Report for 2011, released last week. And that will continue in 2012, Harrison said.

A target growing in popularity among denizens of the cyber underworld are human resources departments, he noted.

“The education that we give end users is don’t open attachments from someone you don’t know,” he told TechNewsWorld. “But people in HR or recruiting for a company, their job is to process every resume that comes in and to process those attachments.”

Web attacks will also continue to be a key vector for hackers and malware authors, he added, “because it works.

“Many enterprises, organizations and consumers are not protected against some of the basic vulnerabilities that these toolkits exploit,” he explained.

Attacks on Macs will also grow in 2012, he added.

“Whatever platform, if it becomes popular, the bad guys will target it and monetize it,” he said.

All Ages Concerned With Facebook Privacy

Facebook members — regardless of age — are concerned about privacy, according to a survey released last week by cybersecurity software maker Webroot.

The survey of more than 1,600 adults worldwide revealed that more than 87 percent of them were “somewhat” or “very” concerned about the privacy of information they posted to their Facebook profiles.

That level of concern appears to cross age categories. For 18-29 year olds, 90.3 percent were somewhat or very concerned about privacy; 30-39 year olds, 90.6 percent; 40-49 year olds, 86.5 percent; and 60-plus year olds, 85.8 percent.

“A lot of people say, the younger generation doesn’t care at all about privacy, and they do just what they want, and the older is more concerned, but that didn’t seem to be the case with these numbers,” Webroot Chief Information Security Officer Jacques Erasmus told TechNewsWord.

Pollsters also found that the respondents were less concerned about the privacy of information they stored in their Google accounts, with more than 82.5 percent saying they were somewhat or very concerned about privacy there.

New Biometric Protocol

A new protocol makes it easier for biometric devices — fingerprint readers, iris scanners and facial recognition devices — to communicate with computers, tablets and smartphones.

The protocol, developed by researchers at the National Institute of Standards and Technology (NIST), is called “WS-Biometric Devices” (WS-BD), and it uses a common Internet technology to add a device-independent layer in the protocol used for communication between the biometric devices and other devices.

The web services technology used by the new protocol is similar to what’s used to stream video from the Net to devices like smartphones and tablets.

For organizations that use biometric systems to accomplish their missions or for authentication, identification and other security purposes, the protocol can greatly simplify setting up their biometric systems.

That’s because the protocol will make it easier to build a system with interoperable components and avoid systems with proprietary device-specific drivers and cables.

Breach Diary

  • May 1: A group calling itself “The Unkowns” posted to the Internet information it claims it gathered from NASA, the U.S. military, the European Space Agency, the Thai Royal Navy, Harvard, Renault Company, the French Ministry of Defense, the Bahrain Ministry of Defense and the Jordanian Yellow Pages.
  • May 2: ICANN revealed that a glitch in its TLD Application system created 455 instances where a file name and its associated user name may have been viewed by another applicant in the system. The agency is in the process of notifying applicants who may be affected by the flaw.
  • May 3: Belgian credit provider Elantis acknowledged that information on 3,700 customers may have been compromised by hackers who are demanding $197,000 for not posting the information to the Internet.
  • May 3: The Wall Street Journal reported that as many as 7 million credit card accounts are now being considered vulnerable due to a breach at Global Payments which was made public in March.
  • May 4: British military’s head of cyber security Jonathan Shaw acknowledged that cybercriminals have hacked into Ministry of Defense’s top secret computer systems and that some of the attacks had gone undetected.


  • May 8: Patch Tuesday. Microsoft will issuethree critical and five important bulletins which will address 23 security vulnerabilities in Office, Windows, .Net Framework and Silverlight.
  • May 11: Spring Into IT. 8 a.m. – 1 p.m., ET. Ann Arbor, Mich. Sponsored by Online Tech. Presentations will focus on data security and compliance.
  • May 14-16: FS-ISAC & BITS Annual Summit. Turnberry Isle Resort and Club, Miami, Fla. Sponsored by Financial Services-Information & Analysis Center. US$1250-$1750. Registration deadline April 20.
  • May 23: Code Red to Zbot: 10 Years of Tech, Researchers and Threat Evolution. Webcast. 2 p.m., ET. Sponsored by RSA.
  • June 29: Third Suits and Spooks Anti-conference. Bel Air Bay Club, Palisades, Calif. Sponsored by Taia Global and Pacific Council on International Policy.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels