Security rundown for week ending Aug. 12

12.08.2011
Not unlike the , this past week saw hacking once again grab everyone's attention. This time it was from the shadowy group to "kill" the social-networking site Facebook. The reason given? Anonymous supposedly thinks Facebook abuses people's privacy and cooperates with authoritarian governments.

This rumored destruction of Facebook by Anonymous is not supposed to happen until Nov. 5, and though it's not readily apparent why that date was selected, it's worth noting that Nov. 5 is the traditional in Great Britain. Also called Bonfire Night, it commemorates how Fawkes in 17th century England was convicted and put to death for plotting to kill King James I in the "Gunpowder Plot." It's celebrated with effigies of Fawkes hung and burned on a bonfire. Is Anonymous thinking of treating Facebook creator Mark Zuckerberg like this?

Whatever you think of Anonymous, panelists at the recent conference said the attacking its targets just shows that corporate security isn't that great. One security vendor took Facebook to task this week, saying the social-networking giant if Anonymous is going after it.

SECURITY BACKGROUND:

Hacking got political in the eyes of a Taiwanese political party that said it suspects the Chinese government is behind a that stole information about the party's election activities. Taiwan's Democratic Progressive Party last week said it traced attacks to China's Xinhua News Agency, the state-run press group. Now it's news employees doing the hacking? Well, seems that was why Great Britain's tabloid News of the World (not state-run, so far as we know) .

We were reminded this week that security holes comes in all shapes and sizes, such as USB devices, according to the Ponemon Institute survey of more than 700 IT and security managers and their in their organizations.

And in the strange-but-true category, it appears it's also possible for cybercriminals to control botnets through , at the Defcon conference.

News last week also focused on the Payment Card Industry (PCI) data-security standards, which are issued by the PCI Security Standards Council.

These influential standards are required to be used by any business accepting payment cards or processing them, and PCI has been a strong influence on network security in the past few years. However, it can cost a lot -- like more than half a million dollars -- to go through PCI validation for compliance each year through a special audit. Interestingly, it would waive the PCI validation requirement to qualified merchants that agree to install dual-use EMV point-of-sale devices that also support near-field communication (NFC), the technology for mobile payments in .

If Visa thinks the main incentive to get chip-based payment cards and NFC into the U.S. is by telling merchants they can wave goodbye to their annual PCI validation costs, is this a sign of the beginning of the end of the reign of PCI?

The PCI Security Standards Council would only comment, "Let's see what happens next," but they're still churning out security PCI guidelines, such as the one and how to use it to help with PCI compliance.

In other smartphone news, Heartland Payment Systems -- remember them from the devastating breach they suffered from hackers three years ago -- unveiled a mobile-payment device called "Mobuyle" that works with any or tablet to turn it into a payment-card processor. It's a direct jab at the Jack Dorsey "Square," the little mobile-payment device made by the guy who brought you . There's no PCI standard for mobile payments yet, but the council says it's trying to have one ready by yearend.

in Network World's Wide Area Network section.