Network Endpoint Security News - Watch Your End

Any IT managers not already disturbed by the appearance of iPhones in the office might change their minds after news that a group of ’security researchers’ claims to have found a hack that allows confidential data to be stolen from Apple’s last must-have gadget.

By creating a malicious html page, and then pointing the phone’s Safari web browser at it, the hackers were able to access all sorts of private information from the phone. Not good news for private individuals - but even worse for organizations when you consider that recent research estimates that more than 50 percent of staff regularly copy files from the corporate network to their personal storage devices.

According to Silicon.com: “The security researchers claim the iPhone’s “most glaring” security fault is that all major processes run with administrative privileges. This is a problem because a compromise of any application gives a attacker full access to the device.”

Still think iPhones are harmless ‘gadgets’?

The UK’s Information Commissioner, Richard Thomas, has described the lack of security measures put in place by banks, government departments and other bodies as “frankly horrifying”. He has called on those at the top to be accoutable for the IT secruity measures across their wider organizations.

In the past 12 months, the Information Commissioner’s Office (ICO) has dealt with more than 24,000 complaints and prosecuted 16 individuals and organizations. According to the ICO’s annual report, more than a third of complaints concern a likely data breach.

Organizations currently under investigation by the ICO include top high-street banks, retail giants and telecoms providers.

Financial processing company, Fidelity National Information Services, has reported that a worker at one of its subsidiaries has stolen 2.3 million consumer records, containing information such as credit card, bank account and other details.

The employee, whose name was not released, was fired. He was identified as a senior level database administrator who had worked for the company for seven years. This ties in with statements made recently by security specialists, who suggest that the employees has pose the greatest risk to confidential information are usually long-termers in mid-to-senior positions.

The company involved is bringing a civil case against the employee and is pressing for a criminal investigation.