Saturday, November 22, 2014

Can law save the unicorn?

We sometimes refer to current situation of security on the Internet as the Old West, but now we rectify: It’s an epic struggle where the bad guys are getting more and more clever. The forces of Good, however, act uncoordinated, sometimes even tripping up each other. We’re improving education about computer security, there are more and better programs for our protection, law enforcement agencies are up to date in this field ... But that's not enough to stop the plague. Now it’s togas’ turn: legions of judges and lawyers join the battle.

It’s this weekend big news: a Russian server showing thousands of links to IP cameras connected to the Internet. Their weak access passwords (admin, 1234) have made them easily hacked. Almost 400 of them are from Spain, showing parking places, shops or... babies!. Such oversight can only be explained by the lack of information security culture in the street, especially on devices that do not appear to pose a danger.

Instead, would you believe that a lifetime computer corporation as Microsoft has poor safety culture?. Well, recently somebody discovered a serious flaw in Windows operating system that has been there the last 19 years! The bug allows to access the victim's computer from a web site.  Attacks exploiting this hole, dubbed “Unicorn”, have already started. 

Anyway, it’s not uncommon that the cause of a safety problem is not the criminal guy but the attacked company or person, whom did not follow the proper protocols. Therefore, the latest trend in Internet Security is to intensify efforts from the legal front to make everyone take their responsibilities. From this point of view you must read the fine imposed on the Beth Israel Deaconess Medical Center in Massachusetts: $100,000 because of the stealing in 2012 of one of his employees laptop, with unencrypted data from 4,000 patients and center’s staff.

In parallel, prosecuting of criminals is increasing: the Federal Trade Commission has shut down two major telemarketing operations that offered free programs for securing computers and phones. Actually they made believe their victims that they had security problems that didn’t exist, to compel them to buy software that’d “solve” the problems. Meanwhile, in China, they have arrested three people accused of creating the malicious code WireLurker, the first infecting not free iPhones.

We will see more and more Law acting in the field of computer security. Would be the cure? Time will tell. Wish you a happy Saturday!


Post a Comment