Featured
PRISM NSA Spying

How to avoid NSA spying

By on June 6, 2013 at 7:00 PM.

How to avoid NSA spying

The latest Guardian bombshell reveals that NSA has gained access to several leading U.S. tech giants in a massive dragnet hoovering email, photo, filesharing and chat info from Yahoo, Google, Skype, Apple, AOL and YouTube services. According to Guardian, DropBox will follow soon. However, the government spying program seems to have a fatal flaw: It’s really unhip. More →

No Comments
Former Google engineer builds service to stop companies from tracking people online

Former Google engineer builds service to stop companies from tracking people online

By on April 17, 2013 at 9:50 AM.

Former Google engineer builds service to stop companies from tracking people online

As advertising companies continue to push the boundaries of online tracking in an effort to woo clients with eerily accurate ad targeting techniques, online privacy is seemingly becoming a thing of the past. One startup is looking to stop third-parties from tracking users on the web, however, and one of the company’s co-founders may be in a better position than most to accomplish this lofty goal. More →

No Comments
Samsung Smart TV Hack

Samsung Smart TVs: The next frontier for data theft and hacking [video]

By on December 14, 2012 at 12:40 PM.

Samsung Smart TVs: The next frontier for data theft and hacking [video]

Smart TVs, particularly Samsung’s (005930) last few generations of flat screens, can be hacked to give attackers remote access according to a security startup called ReVuln. The company says it discovered a “zero-day exploit” that hackers could potentially use to perform malicious activities that range from stealing accounts linked through apps to using built-in webcams and microphones to spy on unsuspecting couch potatoes. Don’t panic just yet, though. In order for the exploit to be activated, a hacker needs to plug a USB drive loaded with malicious software into the actual TV to bypass the Linux-based OS/firmware on Samsung’s Smart TVs. But, if a hacker were to pull that off, every piece of data stored on a Smart TV could theoretically be retrieved.

More →

No Comments

Relax, Facebook isn’t accidentally exposing old private messages

By on September 25, 2012 at 6:05 PM.

Relax, Facebook isn’t accidentally exposing old private messages

Facebook Security Breach Confirmed False

Facebook (FB) confirmed on Thursday that reports of users seeing old private messages displayed as public wall posts are incorrect. A Facebook spokesman told TechCrunch that users are confusing old public Wall posts as old private messages because “before 2009 there were no likes and no comments on wall posts. People went back and forth with wall posts instead of having a conversation [in the comments of single wall post].” The issues appears to have stemmed from the global rollout of Timeline. Facebook says it has conducted its own investigation and “is satisfied that there has been no breach of user privacy.” Despite Facebook’s official statements denying the reports, users are still reporting that their old messages are being exposed for all their friends to see. For those worried, TheNextWeb offers some advice on how to remove all old posts (public or private) from Timeline. More →

No Comments

New software aims to preemptively nab Wall Street crooks

By on August 9, 2012 at 3:00 PM.

New software aims to preemptively nab Wall Street crooks

Digital Reasoning Software

With so many big banks’ reputations in the toilet, one software vendor is betting that they’ll want to do a better job of cracking down on their more unethical employees before they become a public relations headache. MIT’s Technology Review blog reports that Digital Reasoning, a software company that has traditionally sold its data-combing software to intelligence agencies and the military, is marketing its wares to scandal-plagued financial institutions that are presumably tired of getting fined by assorted regulatory agencies on a regular basis. More →

No Comments

Court makes spying on Americans legal with new warrantless wiretap ruling

By on August 8, 2012 at 3:05 PM.

Court makes spying on Americans legal with new warrantless wiretap ruling

U.S. Wiretapping Legality

A federal appeals court on Tuesday ruled in favor of President George W. Bush’s controversial Terrorist Surveillance Program, which allows the government to spy on Americans without a warrant. The court reversed an earlier decision in which two American attorneys were awarded more than $20,000 in damages and their lawyers $2.5 million in legal fees after they proved the government had spied on them without warrants. The earlier lawsuit was the first and only case that successfully challenged the controversial program. More →

No Comments

Your parents pick better passwords than you do

By on June 1, 2012 at 12:00 PM.

Your parents pick better passwords than you do

Password Security Study

Computer users over the age of 55 employ passwords that are twice as secure as passwords used by those under 25 years old. A recent study conducted by Joseph Bonneau, a computer scientist at the University of Cambridge, analyzed almost 70 million passwords belonging to Yahoo users around the world. Ensuring that data was kept anonymous and passwords could not be tied to individual accounts, Bonneau looked at password strength alongside other data such as age and locale. Beyond the relationship between age and security, the researcher found that German and Korea speakers generally use the strongest passwords, and the presence of credit card data on a user’s account seemingly does not prompt that user to avoid weak passwords such as “123456.” Bonneau’s study was the largest of its kind, and he unveiled his findings at the Symposium on Security and Privacy in San Francisco, California earlier this month. More →

No Comments

U.S. warns gas pipeline companies of cyberattacks

By on May 8, 2012 at 9:50 PM.

U.S. warns gas pipeline companies of cyberattacks

U.S. warns gas pipeline companies of cyberattacks

Natural gas pipeline operators in the United States have reportedly been the target of sophisticated phishing attacks since last year, and the Department of Homeland Security has been helping firms deal with incidents since March. “DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies,” DHS spokesman Peter Boogaard told CNET on Tuesday. “The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats.” More →

No Comments

New malware exploits flaw in old versions of Office for Mac

By on May 4, 2012 at 7:30 PM.

New malware exploits flaw in old versions of Office for Mac

Malware exploits flaw in old versions of Office for Mac

Microsoft researchers recently discovered a piece of Mac OS X malware that exploits a three-year-old flaw in old versions of Office for Mac. The threat uses a multi-stage attack, just like a Windows virus would. While Microsoft did fix the problem in 2009, the software giant notes that not every machine is up-to-date. The company’s data indicates, however, that the malware is not widespread. “No operating system that exists outside a laboratory is entirely immune to malware,” Microsoft stated on its blog. “As different operating systems continue to gain in popularity they attract more attention from would-be attackers – especially since, as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms. And even though an operating system may include many risk-reducing mitigation technologies, any machine’s defenses against vulnerabilities are directly related to how current its security updates for applications are kept.” Microsoft concludes by warning users of Office 2004 for Mac, Office 2008 for Mac or Open XML File Format Converter for Mac to update their software in order to protect themselves from possible threats. More →

No Comments

Numerous websites found to contain malware specifically targeting Android devices

By on May 3, 2012 at 5:40 PM.

Numerous websites found to contain malware specifically targeting Android devices

Android malware found on numerous websites

Hacked websites are frequently used to infect PCs with malware, however the team at Lookout Mobile Security has discovered that hacked websites are specifically targeting Android-powered mobile devices for the first time. The malware, called NotCompatible, is a Trojan that poses as a system update but acts like a proxy redirect. After visiting an infected website, the Android mobile web browser will automatically begin downloading the NotCompatible malware, which is named “Update.apk.” Like any drive-by downloads, to become infected a user needs to install the downloaded application. The malware is found on a number of websites, but all have relatively low traffic. Lookout notes that the threat does not appear to cause any direct harm to an infected device, although it could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. If an Android device has the “Unknown sources” settings disabled — thus disabling sideloading — the NotCompatible malware will be unable to install. More →

No Comments

Religious websites contain more malware than porn sites

By on May 3, 2012 at 12:40 PM.

Religious websites contain more malware than porn sites

Religious websites contain more malware than porn

People who browse religious websites are more likely to have their computers infected with a virus than those who visit pornographic websites, according to Symantec’s annual “Internet Security Threat Report.” The firm found that websites with religious or ideological themes had triple the average number of threats than those featuring adult content. “It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth,” Symantec said. “We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.” The report was based on information gathered from more than 200 countries through the Symantec Global Intelligence Network. Symantec blocked a total of 5.5 billion attacks last year, an 81% increase from 2010. More →

No Comments

WTF is CISPA?

By on May 2, 2012 at 12:25 PM.

WTF is CISPA?

WTF is CISPA

The United States House of Representatives voted last Thursday to pass a piece of legislation called the Cyber Intelligence Sharing and Protection Act, or CISPA. The controversial bill now sits in the hands of the Senate and faces further modifications if it hopes to gain approval from the White House, which has already gone on record with a veto threat. Legions of Internet users expressed outrage when the bill was passed, and numerous protests are being staged. According to President Obama’s office, the bill would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” but what exactly is CISPA? Greg Vokes of Paralegal.net sought to make the answer as easy to digest as possible, and the result is a terrific infographic titled “WTF is CISPA?” that can be viewed below in its entirety. More →

No Comments

Skype exploit reveals users' remote and local IP addresses

By on May 1, 2012 at 10:15 PM.

Skype exploit reveals users' remote and local IP addresses

Skype exploit reveals IPs

A new security vulnerability in Skype has been discovered that allows a third-party script to reveal users’ remote and local IP addresses, according to GHacks. The script, which was uploaded to Github, allows users to lookup the IP addresses of any online Skype accounts. The code then initiates the contact addition process, but does not complete it. The log file will instead display the local and remote IP of the requested Skype user, even if the user is not added to the list of contacts. An IP address can be used to determine the location and Internet service provider of the user, and the only method of protecting against this vulnerability would be to use a virtual private network or proxy to hide the IP address. More →

No Comments