Telstra fined $18K for breaching judge's privacy; ATO's CIO resigns; WireLurker marks "new era" of iOS malware

Telstra has been ordered to pay $18,000 and apologise to a judge after it failed give him “reasonable notice” that his name and address would be published in the White Pages.

According to the Office of the Australian Information Commissioner (OAIC), the judge had contacted Telstra to have a phone line for an alarm system connected to help deal with security concerns related to his work.

“Telstra set up the phone line and published the complainant’s name, address and the number of the phone line in both the White Pages online and hard-copy directory through its subsidiary Sensis Pty Ltd,” a report from the OAIC said.

But Telstra did not advise the judge that his details would be published in the online and print versions of the White Pages, the OAIC said.

The OAIC report into the matter quotes the judge as saying: “Since the publication of my details a litigant from a matter decided by me has begun to loiter at and about our home. As my details and those of my partner are suppressed on every public register, I infer his knowledge of our address is the White Pages site.”

Privacy Commissioner Timothy Pilgrim found that Telstra had breached the Privacy Act. He said that the breach has had “serious consequences” for the judge, including a “well-founded fear for his physical safety and that of his partner”.

To redress the matter, Pilgrim has ordered Telstra to pay the judge $18,000 and apologise to him.

Pilgrim said that Telstra has not accepted that it breached the judge’s privacy, but that it “has advised that in light of this complaint it has amended its Privacy Statement to make specific reference to the publication of customer information in the White Pages and put processes in place which require sales consultants to notify each prospective customer of the option of taking out a silent line”.

Tax Office CIO Bill Gibson resigns

Australian Tax Office CIO Bill Gibson will leave his post of 11 years after recently tendering his resignation. This Friday will mark Gibson’s last day in the position.

Gibson is the second high-profile Australian CIO to announce their resignation in recent weeks; Telstra’s Patrick Eltridge recently revealed he was leaving his post after four years in the job.

Gibson took the position of CIO at the beginning of November 2003, meaning he will have spent a little over 11 years in the role by the time he leaves. He joined the Tax Office after a 15-year stint at Qantas.

ITnews has a lengthy write-up of an interview with Gibson, in which the CIO discusses his time at the ATO.

“The value of what the technology teams and the technology itself could do in terms of driving business value wasn’t well communicated. So the first step - they say you need to focus on processes, people and technology - was the people,” Gibson is quoted as saying.

According to ITnews, no one factor prompted Gibson’s decision to leave. He reportedly plans to spend two months travelling, after which he will begin looking for a new role.

WireLurker malware threatens iOS devices

Researchers have discovered a new family of malware targeting Mac OS and iOS systems that they claim can infect non-jailbroken iOS devices.

The news came last week from network security company Palo Alto Networks, which said that the malware family “heralds a new era in malware attacking Apple’s desktop and mobile platforms”.

The researchers have dubbed the malware WireLurker.

“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” the company said.

According to Palo Alto, WireLurker is:

• the first malware to automate generation of malicious iOS applications, through binary file replacement;
• the first known malware that can infect installed iOS applications similar to a traditional virus; and
• the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

The company has several words of advice for those concerned about WireLurker at this page.

Apple has reportedly claimed that it has taken steps to block WireLurker.

However, iOS security expert Jonathan Zdziarski claimed that these steps may not be adequate to deal with the threat, The Register reported.

Image courtesy of Tori Rector under CC