Items tagged with security
Verizon's Risk Team has published a blog post on a mind-boggling security adventure (it's the only term that really fits) detailing just how poorly some IT workers -- including those working for "critical infrastructure" companies -- understand the meaning of the term. The saga began when a US-based company contacted...
Read more...
Software vulnerabilities are common, but it’s not every day that the Computer Readiness Team (CERT) at the U.S. Department of Homeland Security steps in and starts warning the public. Not surprisingly, Oracle jumped on the security hole and released an update (Java Update 7u11) that resolves the problem. If...
Read more...
Consider this a PSA: Oracle is going to patch that hole in Java, the one that security pros discovered last week. Cybercriminals were using a zero-day exploit in Oracle’s Java to deliver malware payloads, steal identities, and take over computers to force them to commit nefarious acts. According to Reuters, Oracle said that “A...
Read more...
Here we go again. We're not even halfway through the first month of the New Year, and already we're being warned to disable Java. Not as a general practice, mind you (though that's not a bad idea), but because of yet another zero-day exploit spotted in the wild "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying...
Read more...
Nokia can ill-afford any missteps as it attempts to rebuild its brand into a major smartphone player, so it's a little concerning on a number of levels that it was caught intercepting Internet traffic on its phones and redirecting the data through its own server farm. Is Nokia engaging in so-called man-in-the-middle...
Read more...
The antivirus market is enormous, responsible for billions in revenue each year. That being the case, it'd be easy to believe that current offerings are quite good, but not so claims a report (PDF) by security company iMPERVA. This report states a couple of alarming facts, including one that shows that less than...
Read more...
Although it’s disturbing that there needed to be laws preventing employers and institutions of higher learning from demanding Facebook usernames and passwords from job applicants and employees, apparently the practice (or at least the threat of the practice) became widespread enough that six state legislatures...
Read more...
Microsoft is currently investigating reports of a zero day bug affecting Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, the company announced in a Security Advisory. At issue is a remote code execution vulnerability that would allow attackers to seize control of a Windows PC. How it works is IE...
Read more...
A couple of years ago, the Stuxnet worm went on a bit of a rampage worldwide and hit Iranian systems especially hard. Primarily, it hit industrial targets including nuclear power plants and oil rigs. Stuxnet itself has faded a bit, although it was revealed this summer that another particularly nasty piece of malware called Flame had a lot...
Read more...
Software vulnerabilities will be the main target of cyber criminals in 2013, according to research by Panda Security's malware laboratory, PandaLabs. Java and Adobe in particular will prove points of emphasis for both cyber criminals and intelligence agencies in countries around the world. "In 2012, we saw how Java...
Read more...
The quest for a bullet-proof but human-usable CAPTCHA continues. A couple of months ago, we talked about a CAPTCHA implementation that relies on human empathy to bypass, but for a couple of reasons, it might not be ideal for a lot of people. Now, the folks at Minteye have given us yet another option: slide-to-fit. The idea is simple, and so...
Read more...
Smart TVs are intriguing pieces of technology that seem to foreshadow a future where our TVs and computers are one and the same. It seems that if nothing else, one of the things that computers and smart TVs--in particular, some of the ones made by Samsung--have in common is a vulnerability to hackers. According to...
Read more...
Early last month, we learned about what Google had in store for its "App Verification Service" that comes bundled with Android 4.2 (Jelly Bean). The concept was simple; the app would gather bits of information about any app you are about to install, send that information to Google's servers, and then send back the...
Read more...
Security researcher Carlos Reventlov discovered a vulnerability in Instagram version 3.1.2 on the iPhone 4 (iOS 6) that leaves users’ Instagram accounts open to attacks. Specifically, users are at risk for partial eavesdropping and man-in-the-middle attacks that a ne’er-do-well could use to delete photos or even take over a user’s...
Read more...
It's a patent that sounds like a plot description for a science-fiction movie or the result of Apple's Siri and Google's AdSense mating. With it, Verizon could program its set-top boxes to survey a room to determine relevant ads to display either on your television or mobile phone. Sound a bit scary? It kind of is...
Read more...
On Friday, security firm Symantec discovered a Trojan called Backdoor.Makadocs, which in typical backdoor Trojan fashion accesses a compromised system and attempts to swipe data from it. The interesting bit is that it uses Google Docs as a proxy server to get around firewalls and connect to a C&C server, instead of attempting to connect...
Read more...
Skype temporarily removed the page that enables users to reset their password after a security hole was found that enables someone to take control of another user's account. After making changes to the password reset feature, Skype turned the page live again. The issue was first documented on a Russian forum two...
Read more...
It's beginning to feel like we're unable to go even a single week without learning of a public official caught in an affair, but last week's discovery of the affair of CIA Director David Petraeus came as a shock for a couple of reasons. David wasn't some mere politician, but a decorated war hero who most recently sat at the helm of one of...
Read more...
Blizzard has been hit with a lawsuit over its $6.50 Battle.net Authenticator keychains that it sells online. According to the lawsuit, Blizzard makes millions of dollars by "deceptively and unfairly" charging customers for an after-sale security product, essentially shifting responsibility from the publisher to the consumer to protect their...
Read more...
Windows 8 isn't without controversy, in that Microsoft designed the operating system to offer a unified experience between touch-friendly mobile devices and desktops that may or may not be equipped to handle touch input. But should we also be concerned about security? That depends on your perspective. On one hand, a new study by security firm...
Read more...
MasterCard is launching a new high tech card in Singapore that features an LCD display and a built-in keyboard. The card looks and functions just like a regular credit card but with the addition of the LCD screen and touch-sensitive buttons. MasterCard calls it Display Card technology. There are a number of banks and sites that require users...
Read more...
In many ways, RIM’s once mighty BlackBerry brand is now an also-ran in a mobile market that’s dominated by Android and iOS devices, but today’s news bodes well for the Canadian company. RIM announced that its BlackBerry 10 platform has received the prized FIPS 140-2 certification from the National Institute of Standards and...
Read more...
