This week, more details on the Duqu malware surfaced, adding fuel to the fire of an already hot discussion. But while Duqu remained at the center of attention, new privacy allegations against Facebook and a breadth of research on data retention trends gave the industry a detailed image of the state of security at both the consumer and enterprise levels.
Duqu first grabbed headlines about two weeks ago, after a Hungarian research firm known as Crysys brought it to light. The news attracted attention because of its resemblance to Stuxnet, the virus blamed for destroying the computer infrastructure that supported Iran's hotly debated nuclear infrastructure. Some researchers claimed that Duqu's code was similar enough to that of Stuxnet to suggest that they came from the same source.
Others debated that point, though, calling on the industry to wait for more details to come as researchers worldwide break down the virus' biology.
Some of that information did arrive this week, reigniting the debate. One security firm released its analysis on the Trojan, asserting that it was built with three components: a rogue library that communicates with the server that controls it, the kernel driver that injects it, and a file for configuration. More telling, though, were the additional targets that were uncovered.
Iran, once again, was the home of the infected computer systems, the researchers announced. Four different networks were found to have been infected by Duqu, one of which contained two affected computers. Other targets were discovered in Sudan, as well.
If nothing else, the new findings will only keep the issue alive and at the forefront of the security sector, giving more evidence that Duqu may have been linked to Stuxnet.
However, the outlook is still vague, especially considering researchers said the latest findings included just six of the 13 different driver files involved in the Duqu attack. More information will likely come to light soon.
Similarly, another topic that has a history of raising eyebrows was brought to the table this week, with another government organization taking issue with Facebook's privacy implications.
The Hamburg Data Protection Authority (DPA) in Germany was the latest to express concern with Facebook's data collection practices, claiming that its investigation discovered that the social network stored its users' cookies even after they have canceled their accounts. According to the DPA, this could lead to fines of as much as $420,000.
The accusations echo other recent charges against the site. In September, Australian hacker Nik Cubrolovic accused Facebook of collecting data from its existing users even after they had logged off the website. That was enough to get the attention from the U.S. Congress, with bipartisan Representatives Joe Barton and Edward Markey each writing letters to the Federal Trade Commission calling for an investigation into Facebook's practices.
The charges out of Germany appear to be along the same lines, but to an even higher degree. This time, Facebook is facing charges of tracking those who no longer want to do business with it, and therefore may be in violation of the law.
"Facebook is cooperating fully with the audit and we would anticipate that it will implement and necessary changes," the organization said, according to PC Magazine.
The cooperative nature could be a move to retain some its 800 million users, who are growing increasingly protective over their data. And it comes at an opportune time. Internet privacy and data security issues continue to concern consumers, and may be enough to prompt a backlash from Facebook's users.
Research from several different sources surfaced this week, each of which suggested the value of sensitive data may be on the rise.
A survey of 1,000 Americans conducted by IT firm Unisys found that the majority – 53 percent – of respondents would take legal action against a company that lost their data. In addition to the legal risk that companies face when it comes to data protection, loss of revenue appears to be a legitimate threat, with 76 percent of respondents saying they would close their accounts with the company responsible.
In an interview with SCMagazineUS.com, lawyer Brendon Tavelli said that this is a sign that consumers will be quick to turn on a company that puts their sensitive information, and subsequently their financial well-being, at risk.
"The larger the breach, the larger the possibility that some legal action would follow," Tavelli told the news provider. "There's not that personal connection with the company. They're just consumers, in the broadest sense of the term."
The extreme lengths consumers are apparently willing to take in response to data loss is a result of the high value they place on it. Separate statistics released this week by Wakefield Research and online backup company Carbonite showed that 50 percent of respondents would rather lose all of their vacation time than all of their data. Another 62 percent said they would "pay dearly," while 38 percent of married respondents said losing data would be worse than losing their wedding ring.
Many respondents appeared to have developed this mindset after learning the lesson firsthand. Fifty-one percent said they have experienced an incident in which all of their data was lost.
However, as high as they value that information, some still haven't changed their ways, as another 39 percent said they never back up their computers or haven't done so in more than a year.
These issues merely touch on the dynamics that drive the security industry, and will shape it as more information and events come into play.