After his SSL certificate expired amidst the US government shutdown, this week didn’t get a lot better for President Barack Obama.
claimed that the Syrian Electronic Army infiltrated his Twitter and Facebook accounts, and re-election website after a series of updates linked to a YouTube video from the pro-Assad hacktivist collective. Symantec claimed
that rather than hacking passwords and taking control of the accounts, they compromised the URL shortening service ShortSwitch. In my last blog I talked of the third party being the soft underbelly” and could the URL shortener be the latest target for the attacker?
In other news affecting the President, the “Patient Protection and Affordable Care Act”, also known as Obamacare, has had teething problems for the launch of its
which allows Americans to apply for health insurance. CBS reported that they were unable to do so because of a networking malfunction that crashed the system when it was trying to be fixed.
This led to health secretary Kathleen Sebelius apologising
for the situation, promising that the website would be repaired by the end of November and saying: “You deserve better”.
In other US government news (never enough is there?) it was revealed
that legislation has been advanced that will require the Homeland Security Department to take additional measures to improve and assess the cyber security workforce. The case of hiring the right people is an ongoing challenge and this effort will “enhance efforts to bolster the cyber security workforce….by establishing occupations classifications and developing a strategy to address identified gaps in the cyber workforce”.
In my opinion you can pass all of the bills you want, but without the human capital you are going to face challenges in finding the right people.
It is now less than six months until Microsoft stop supporting its XP operating system and this week to tie in with the RSA Conference it releases its latest Security Intelligence Report which revealed statistics from 2013 such as the infection rates of its users OS. It claimed that Windows XP systems had an infection rate that was six times higher than Windows 8, while XP, Vista, 7 and 8 all had roughly similar “malware encounter rates”, between 12 and 20 per cent.
Microsoft has been pushing the “please update” message since Internet Explorer 6 was the vector the Aurora
attacks of 2009, and there is no general reason for not updating for home users, maybe apart from cost. In which case, it is probably mor
e efficient to buy a new laptop anyway.
For businesses, this is a massive issue as they face the prospect of upgrading hundreds or thousands of endpoints to a new OS in an operation that is more than just applying a patch. It makes sense for Microsoft to spread the message about the benefits of upgrading; I’m just not convinced that scare tactics are the right way.
Finally, most of the European security industry (apart from those of us in the UK at work, or at the PCI event) descended upon Amsterdam for the relocated RSA Conference Europe. As usual, the opening keynote was handled by Art Coviello, executive chairman of RSA, the security division of EMC.
His talk was widely reported, with Computer Weekly reporting
that he reiterated his oft-mentioned mantra on information sharing and the benefits to all of it, as well as saying that “traditional methods of defence are increasingly ineffective”. One of the most tweeted parts of his talk were his comments on privacy, he said that if a balance between big brother and anonymity can be struck “we can have the best of all worlds”.
TechWeek Europe reported him as saying: “We must strike a balance between Orwellian oversight of the people using our networks and an equally dogmatic [devotion] to anonymity. An anonymous network gives free reign to our adversaries, who want nothing more than that anonymity so they can get our private data with no risk of prosecution.”
Coviello is rightly one of the stars of the thrice-yearly conference, because he has views that stir people and make them think about the state of the industry. As far as I am concerned, long may he continue doing it.