New software aims to preemptively nab Wall Street crooks

By on August 9, 2012 at 3:00 PM.

New software aims to preemptively nab Wall Street crooks

Digital Reasoning Software

With so many big banks’ reputations in the toilet, one software vendor is betting that they’ll want to do a better job of cracking down on their more unethical employees before they become a public relations headache. MIT’s Technology Review blog reports that Digital Reasoning, a software company that has traditionally sold its data-combing software to intelligence agencies and the military, is marketing its wares to scandal-plagued financial institutions that are presumably tired of getting fined by assorted regulatory agencies on a regular basis. More →

No Comments

Court makes spying on Americans legal with new warrantless wiretap ruling

By on August 8, 2012 at 3:05 PM.

Court makes spying on Americans legal with new warrantless wiretap ruling

U.S. Wiretapping Legality

A federal appeals court on Tuesday ruled in favor of President George W. Bush’s controversial Terrorist Surveillance Program, which allows the government to spy on Americans without a warrant. The court reversed an earlier decision in which two American attorneys were awarded more than $20,000 in damages and their lawyers $2.5 million in legal fees after they proved the government had spied on them without warrants. The earlier lawsuit was the first and only case that successfully challenged the controversial program. More →

No Comments

Your parents pick better passwords than you do

By on June 1, 2012 at 12:00 PM.

Your parents pick better passwords than you do

Password Security Study

Computer users over the age of 55 employ passwords that are twice as secure as passwords used by those under 25 years old. A recent study conducted by Joseph Bonneau, a computer scientist at the University of Cambridge, analyzed almost 70 million passwords belonging to Yahoo users around the world. Ensuring that data was kept anonymous and passwords could not be tied to individual accounts, Bonneau looked at password strength alongside other data such as age and locale. Beyond the relationship between age and security, the researcher found that German and Korea speakers generally use the strongest passwords, and the presence of credit card data on a user’s account seemingly does not prompt that user to avoid weak passwords such as “123456.” Bonneau’s study was the largest of its kind, and he unveiled his findings at the Symposium on Security and Privacy in San Francisco, California earlier this month. More →

No Comments

U.S. warns gas pipeline companies of cyberattacks

By on May 8, 2012 at 9:50 PM.

U.S. warns gas pipeline companies of cyberattacks

U.S. warns gas pipeline companies of cyberattacks

Natural gas pipeline operators in the United States have reportedly been the target of sophisticated phishing attacks since last year, and the Department of Homeland Security has been helping firms deal with incidents since March. “DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies,” DHS spokesman Peter Boogaard told CNET on Tuesday. “The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats.” More →

No Comments

New malware exploits flaw in old versions of Office for Mac

By on May 4, 2012 at 7:30 PM.

New malware exploits flaw in old versions of Office for Mac

Malware exploits flaw in old versions of Office for Mac

Microsoft researchers recently discovered a piece of Mac OS X malware that exploits a three-year-old flaw in old versions of Office for Mac. The threat uses a multi-stage attack, just like a Windows virus would. While Microsoft did fix the problem in 2009, the software giant notes that not every machine is up-to-date. The company’s data indicates, however, that the malware is not widespread. “No operating system that exists outside a laboratory is entirely immune to malware,” Microsoft stated on its blog. “As different operating systems continue to gain in popularity they attract more attention from would-be attackers – especially since, as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms. And even though an operating system may include many risk-reducing mitigation technologies, any machine’s defenses against vulnerabilities are directly related to how current its security updates for applications are kept.” Microsoft concludes by warning users of Office 2004 for Mac, Office 2008 for Mac or Open XML File Format Converter for Mac to update their software in order to protect themselves from possible threats. More →

No Comments

Numerous websites found to contain malware specifically targeting Android devices

By on May 3, 2012 at 5:40 PM.

Numerous websites found to contain malware specifically targeting Android devices

Android malware found on numerous websites

Hacked websites are frequently used to infect PCs with malware, however the team at Lookout Mobile Security has discovered that hacked websites are specifically targeting Android-powered mobile devices for the first time. The malware, called NotCompatible, is a Trojan that poses as a system update but acts like a proxy redirect. After visiting an infected website, the Android mobile web browser will automatically begin downloading the NotCompatible malware, which is named “Update.apk.” Like any drive-by downloads, to become infected a user needs to install the downloaded application. The malware is found on a number of websites, but all have relatively low traffic. Lookout notes that the threat does not appear to cause any direct harm to an infected device, although it could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. If an Android device has the “Unknown sources” settings disabled — thus disabling sideloading — the NotCompatible malware will be unable to install. More →

No Comments

Religious websites contain more malware than porn sites

By on May 3, 2012 at 12:40 PM.

Religious websites contain more malware than porn sites

Religious websites contain more malware than porn

People who browse religious websites are more likely to have their computers infected with a virus than those who visit pornographic websites, according to Symantec’s annual “Internet Security Threat Report.” The firm found that websites with religious or ideological themes had triple the average number of threats than those featuring adult content. “It is interesting to note that websites hosting adult/pornographic content are not in the top five, but ranked tenth,” Symantec said. “We hypothesize that this is because pornographic website owners already make money from the Internet and, as a result, have a vested interest in keeping their sites malware-free; it’s not good for repeat business.” The report was based on information gathered from more than 200 countries through the Symantec Global Intelligence Network. Symantec blocked a total of 5.5 billion attacks last year, an 81% increase from 2010. More →

No Comments

WTF is CISPA?

By on May 2, 2012 at 12:25 PM.

WTF is CISPA?

WTF is CISPA

The United States House of Representatives voted last Thursday to pass a piece of legislation called the Cyber Intelligence Sharing and Protection Act, or CISPA. The controversial bill now sits in the hands of the Senate and faces further modifications if it hopes to gain approval from the White House, which has already gone on record with a veto threat. Legions of Internet users expressed outrage when the bill was passed, and numerous protests are being staged. According to President Obama’s office, the bill would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information,” but what exactly is CISPA? Greg Vokes of Paralegal.net sought to make the answer as easy to digest as possible, and the result is a terrific infographic titled “WTF is CISPA?” that can be viewed below in its entirety. More →

No Comments

Skype exploit reveals users' remote and local IP addresses

By on May 1, 2012 at 10:15 PM.

Skype exploit reveals users' remote and local IP addresses

Skype exploit reveals IPs

A new security vulnerability in Skype has been discovered that allows a third-party script to reveal users’ remote and local IP addresses, according to GHacks. The script, which was uploaded to Github, allows users to lookup the IP addresses of any online Skype accounts. The code then initiates the contact addition process, but does not complete it. The log file will instead display the local and remote IP of the requested Skype user, even if the user is not added to the list of contacts. An IP address can be used to determine the location and Internet service provider of the user, and the only method of protecting against this vulnerability would be to use a virtual private network or proxy to hide the IP address. More →

No Comments

Flashback OS X malware estimated to generate creators $10,000 per day

By on May 1, 2012 at 4:40 PM.

Flashback OS X malware estimated to generate creators $10,000 per day

Flashback OS X virus generates $10K per day

The “Flashback” virus that originated on a series of WordPress blogs and went on to infected more than 600,000 Mac computers last month may have generated its creators thousands of dollars each day. According to antivirus software firm Symantec, the Flashback malware has been generating revenue for its authors by hijacking users’ ad clicks, and due to the widespread nature of the infection, the authors could have been generating up to $10,000 per day. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click,” the firm explained, adding that Google never receives the intended ad click. Symantec notes that ad-clicking Trojans are nothing new and a botnet of 25,000 infections could generate an author up to $450 per day. More →

No Comments

U.S. House passes CISPA

By on April 26, 2012 at 7:00 PM.

U.S. House passes CISPA

The United States House of Representatives has voted to pass the controversial Cyber Intelligence Sharing and Protection Act (CISPA), talk of which has swept the Internet over the past few weeks. The House vote was moved up to Thursday night, and CISPA passed as 248 members of Congress voted for the bill and 168 voted against. The bill is sponsored by Representatives Mike Rogers (R-Michigan) and Dutch Ruppersberger (D-Maryland), and it now faces further modifications in the Senate if it is to avoid being vetoed by the White House. President Barack Obama has indicated that he intends to veto the bill if it makes it to his desk, noting that as it is written now, the legislation would allow “broad sharing of information with governmental entities without establishing requirements for both industry and the government to minimize and protect personally identifiable information.” The American Civil Liberties Union issued a statement following the vote. “Cybersecurity does not have to mean abdication of Americans’ online privacy,” said ACLU legislative counsel Michelle Richardson. “As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back. We encourage the Senate to let this horrible bill fade into obscurity.” More →

No Comments

Apple is 10 years behind Microsoft on security, expert says

By on April 26, 2012 at 5:35 PM.

Apple is 10 years behind Microsoft on security, expert says

Apple may be the most valuable company in the world, but when it comes to security, the Cupertino-based company doesn’t hold a candle to Microsoft. Kaspersky Lab co-founder and chief executive Eugene Kaspersky on Wednesday told CBR that Apple is a decade behind Microsoft in terms of computer security. “I think they are ten years behind Microsoft in terms of security,” Kaspersky said. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.” More than 600,000 Macs were infected by the Flashback trojan virus before it was discovered earlier this month and the exploit it used to infect OS X PCs was patched. “Apple will understand very soon that they have the same problems Microsoft had ten or 12 years ago,” Kaspersky said. “They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

More →

No Comments

Though risks are minimal, one in five Mac computers found to contain Windows malware

By on April 24, 2012 at 11:00 PM.

Though risks are minimal, one in five Mac computers found to contain Windows malware

Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below. More →

No Comments