The online attacks launched against multiple banks, insurance companies and television stations in South Korea Wednesday knocked targeted networks offline. But according to security experts, the attacks were relatively unsophisticated and would have required little infrastructure or expertise to launch
The researchers said they’d expected to find “that smartphone devices will retain data from these storage services,” but didn’t know to what extent any leftover “artifacts” might include recoverable information. So they studied three popular cloud storage service apps running on the iPhone and on an HTC Desire running the Android operating system.
Here’s what they found: “Using mobile forensic toolkits, data can be recovered from a smartphone device which has accessed a cloud storage service,” they said. “The results from the experiment have shown that it is possible to recover files from the Dropbox, Box and SugarSync services using smartphone devices.” In addition, artifacts left by those services’ mobile apps in some cases allowed the researchers to gain a “proxy view” of files not stored on the device, but stored by the cloud service.
The Internal Revenue Service still has IT security holes that could put taxpayer data at risk, according to a report from the Government Accountability Office.The IRS identified the security of taxpayer data as its top management priority for fiscal 2013, and the GAO credits the agency for steps taken in response to security issues identified in earlier audits of its computer systems. But the report notes that some problems with the agencys financial and tax-processing systems remain and identifies new ones.
Banks can install only those swipe machines including the double swipe registers at supermarkets which are certified for PCI-DSS Payment Card Industry-Data Security Standards and PA-DSS Payment Applications -Data Security Standards. Merchants and aggregators, whose card acceptance machines are currently operational on Internet Protocol-based solutions, have to mandatorily go through PCI-DSS and PA-DSS certification.