This week we talk about one major security flaw in the Apple Watch, plans by the US and its allies to up their spying game, Google’s new IoT OS and very welcome news about the revamp of Outlook.com. Also, amidst Adultfinder and Italy’s Expo hacks, top security guru Amit Yoran talked about how the way we do security in this day and age might be stuck in the Dark Ages.
Apple Watch a criminal’s delight?
Most smartphones and computers are locked down by passwords so that even if your unit gets purloined, your data would be very hard to access. This also makes it difficult to repurpose these devices.
The Apple Watch however, has a far different approach. In fact it is a piece of cake to reset the watch, and insert a new passcode. All a thief needs to do is hold the power-off button long enough to do a full reset. This is certainly an odd state of affairs, especially when you consider that the iPhone is far harder to crack, and can even be remotely wiped in case it’s lost or stolen.
The US and four allies had plans to crack into Android smartphones
Edward Snowden has a new blockbuster – he claims the US and its allies had well-formed plans to break into Google and Samsung app stores, and install all manner of spyware and malware. One goal was to be able to send misleading information out to those infected. The five countries have their eyes on the so-called UC Browser, which doesn’t just run on Android, but Windows Phones, iOS, BlackBerry and Symbian. The so-called Five Eyes include Australia, Canada, New Zealand, the United Kingdom and the US.
This browser was apparently easy pickings since it tended to leak user data already, or so the NSA discovered in 2011. The UC Browser was also an attractive target since it was built by Alibaba, the Chinese equivalent of Amazon. While China is an enticing target, reports have it that the real goal was to unearth information about Muslim countries in Africa. It is still unclear where these techniques may be in actual use and what the future use will be.
Google aims new OS at Internet of Things (IoT)
Google knows a thing or two about the Internet of Things (IoT). After all, it shelled out some USD$3.6 billion to acquire home automation Nest Labs.
Now Google is poised to increase its IoT footprint with a new operating system aimed exclusively at these small connected devices. There will be many times more IoT devices than PCs, laptops, tablets and smartphones put together. If Google can stake out a strong position in IoT operating systems, it will make the Microsoft PC monopoly look like a kid’s lemonade stand.
The OS, nicknamed Brillo, is a super lightweight bit of code, and runs just fine without a screen or display. Interesting things ahead!
Microsoft to make Outlook.com more like Outlook
In 2012, Microsoft force-fed a replacement for Hotmail. The client was called Outlook.com. Confused? So was the rest of the digital world. To most of us, Outlook was a hard-drive installed email client, or as Outlook Web Access (OWA), the cloud version of the same. The new Outlook.com resembled neither, and three years later, still doesn’t.
Now Microsoft is finally prepping a new Outlook.com that indeed looks and feels more like Outlook and OWA. Outlook.com had some other advances too – such as the ability to turn your Twitter, Facebook, LinkedIn, Gmail and Yahoo contacts into a master contact list. The new rev also adds improved Skype integration, a better way to work with OneDrive, and a new approach to prioritizing mail called Clutter.
RSA boss says we’ve got security all wrong
Amit Yoran is a well-known name in the security world. He is the president of RSA and oversees a large-scale security conference. With such great powers he also has the ability to direct users into new ways of approaching computer security and this is just what he did at a recent RSA Conference.
Yoran is not a fan of taking a purely defensive posture where we simply try to erect walls around our networks and system. This is a passive approach and we don’t always have a full pictures of what threats exist and we end up reacting to anything that seems abnormal.
His view now goes beyond that. “As we look through the doorway amazed at what lies ahead for our civilization, we still surely stand in the Dark Ages of Information Security,” Yoran said. ”The largest enterprises with the most sophisticated, “next-generation” security tools were not able to stop miscreants from making off with millions of dollars, personal information, and sensitive secrets and damaging reputations.”
The problem, Yoran explains, is our focus on perimeter security, which only addresses part of the problem. “We say we know the perimeter is dead, we say we know the adversary is on the inside, but we aren’t changing how we operate,” Yoran argued. His answer? “We must adopt a deep and pervasive level of true visibility everywhere – from the endpoint to the network to the cloud – if we have any hope of being able to see the advanced threats that are increasingly today’s norm.”
“In a world with no perimeter and with fewer security anchor points, identity and authentication matter more than ever,” he continued.
Finally, organizations should focus on what needs protection the most. “You must understand what matters to your business and what is mission critical. This asset categorization isn’t the sexy part of security but it is critical to helping you prioritize the deployment of limited security resources for the greatest possible impact. You have to focus on the important accounts, roles, data, systems, apps, devices – and defend what’s important and defend it with everything you have,” he concluded.