Articles about Security

Wikimedia secures connections with HTTPS encryption by default

There is a movement calling for the encryption of all web traffic. The cause of this could be laid at Edward Snowden's door, but there's no getting away from the fact that in recent years there is an increased interest in security and privacy. To this end, Wikimedia has announced that it is now using HTTPS to encrypt all of its traffic -- including that to Wikipedia.

We've already seen the US government embrace HTTPS, and companies like Google and Facebook are making it easier to control privacy settings. Apple has hit out at companies that fail to do enough to protect users' privacy, and Wiki media is taking the extra step of also implementing HSTS, just days after Microsoft announced that this would be supported by Internet Explorer 11 under Windows 7 and 8.1.

Continue reading

Uber puts passengers at risk with a flawed driver-approval process

Uber, the San Francisco-based private taxi firm, is putting its passengers in grave danger. The company uses a computerized driver sign-up system that can be easily fooled into authorizing drives with fake insurance papers.  The transport network exploded onto the scene a few years ago, and a whistleblower claims that it is all too easy to cheat the system making it possible for virtually anyone to sign up to be an Uber driver.

The vulnerability was found to have been exploited in London where there are around 15,000 Uber drivers in operation. The scam has been demonstrated by The Guardian who worked with a whistleblower to fraudulently sign up as a driver. It was achieved using fabricated insurance papers from a made up company with a fake letterhead.

Continue reading

Mozilla offers up to $10,000 to security bug hunters

Bounty hunters can make a killing if they uncover security problems with software. There are lots of companies who will pay out in cold, hard cash to anyone who managed to unearth security vulnerabilities, and Mozilla has announced that it is increasing its top level bounty.

The company is appealing to white hat hackers and security experts to help plug holes in its software, and it is willing to cough up for it. Mozilla's security program had already paid out $1.6 million over the years, and the Client Bug Bounty Program has just been updated so that maximum payout is now $10,000.

Continue reading

Snapchat for Android, iOS gets two-factor authentication

Snapchat has bolted on some extra security to its Android and iOS apps in the form of two-factor authentication.

The Verge spotted that with the latest version of the Snapchat app, when you log on from a new device, the software will send a text to the mobile registered with your account containing a security number.

Continue reading

Reddit starts killing off harassment subreddits

Reddit is both famous and infamous. It's a source of news, a platform for disseminating such delights as the pictures that came out of the Fappening, and home to the ever-interesting Ask Me Anything sessions. But like any social website, it also has problems. Like Facebook, Twitter, and other sites, there are issues with spam, trolling, and abuse. Reddit has a particular problem with sections that are dedicated to harassing and abusing groups of people.

Now the site is fighting back. It is taking a proactive approach and removing subreddits whose raisons d'être are the harassment of people. The cull initially sees the removal of five offending subreddits, but the Reddit team explains that only one with a sizeable userbase is affected -- r/fatpeoplehate.

Continue reading

Twitter's block lists make it easier to avoid trolls and spam

You don’t have to be following too many accounts on Twitter for it to become overwhelming; there is an incredible amount of data created every minute. To make things more manageable, lists make it possible to organize content into different categories so it can be quickly filtered. Today Twitter announces an extension of the lists concept that can be used to tackle spam and trolling.

It is now possible to not only create lists of accounts you would like to block (so you are invisible to them), but also share these block list with others. It's a technique that has already been implemented by some third party Twitter clients, but it is now officially supported. Privacy and abuse have long been issues for Twitter, and this is just the latest move to try to tackle the problem.

Continue reading

Ecommerce traffic being hijacked by client side malware

Web redirect

According to new research 15 to 30 percent of eCommerce site visitors are infected with Client Side Injected Malware (CSIM) that causes them to view injected ads, malicious links and fraudulent spyware on otherwise legitimate sites.

These findings are from a study by online security company Namogoo which shows that CSIM has grown rapidly in the past two years and is able to operate completely undetected by site publishers because it lives locally on consumers' systems.

Continue reading

Windows Phone security is top notch, says Kaspersky

There is lots of talk surrounding the level of protection offered by leading mobile operating systems Android and iOS. Whether it is about a new vulnerability, or new security features, it does not take you long to find an authoritative comment assessing their security capabilities.

That is, however, not the case with Windows Phone, which is hardly -- if ever -- given similar levels of attention. It can be argued that this is due to the low popularity of the tiled smartphone operating system, which borders on 3 percent market share, making it a significantly less-attractive target. Nonetheless, there is now an assessment of Windows Phone's security that we can rely on, coming from Eugene Kaspersky.

Continue reading

iOS Mail vulnerability lets hackers steal your passwords

iPhone in Red leather case held in left hand, tapped on the screen

Users of iOS, beware. An unfixed vulnerability has been found in the Mail app, which allows hackers to steal passwords by sending an email.

The flaw was first noticed by Ernst and Young forensic bod Jan Soucek. He has created a tool capable of generating slick iCloud password phishing emails he says exploits an unpatched bug.

Continue reading

Security firm Kaspersky Lab hacked by a 'nation state'

Security firms are supposed to keep us safe from threats like malware and hacker attacks, but occasionally they fall foul of the bad guys too. A year ago Avast was hacked, and some 400,000 user details were stolen. Two years ago, AVG and Avira had their websites taken over by pro-Palestinian hackers.

The latest security firm to be hacked is Russian anti-virus software maker Kaspersky Lab.

Continue reading

How businesses should tackle information security

As the role of Information Technology continues to grow and evolve within business, the potential risks associated with accessing, storing, sharing and protecting information are similarly increasing. In order to better equip themselves to adjust to these kind of threats, businesses need to consider the various risks they might be vulnerable to and implement a reliable strategy to deal with these effectively and efficiently.

Firstly, let’s consider a few threats. In each of the scenarios below, a vulnerability can result in a serious risk to your business:

Continue reading

Four things businesses need to know about payment card compliance

We reported last month that new security standards for the payment card industry, known as PCI DSS, were coming into force by the end of June.

Security company Rapid7 has produced an infographic looking at PCI compliance, cybersecurity and new related requirements for penetration testing. Based on data from the Verizon 2015 PCI Compliance Report it sets out four things enterprises should know about going into PCI compliance.

Continue reading

Windows 10 will keep you safe from malware

security hand

Microsoft’s past attempts at protecting Windows users from malware have been patchy at best. However, with Windows 10 the company is offering a new way to help protect its customers from dynamic script-based malware and other forms of cyberattack.

AMSI (Antimalware Scan Interface) is an interface standard that allows applications and services to integrate with any existing antimalware product on your PC. Those apps can call the new Windows AMSI APIs at any time to scan for malware.

Continue reading

Internet Explorer 11 gains HTTP Strict Transport Security in Windows 7 and 8.1

Internet Explorer 11 gains HTTP Strict Transport Security in Windows 7 and 8.1

As the launch of Windows 10 draws ever-nearer, we're hearing more about Microsoft Edge and less about Internet Explorer. Edge (formerly known as Project Spartan) may be the default browser in the upcoming version of Windows, but the browsing stalwart that is IE will live on nonetheless.

Anyone using the Windows 10 preview has had a chance to use the HTTP Strict Transport Security (HSTS) in Microsoft Edge, and today the security feature comes to Internet Explorer 11 in Windows 7 and Windows 8.1. This security protocol protects against man-in-the-middle attacks and is being delivered to users of older versions of Windows through an update in the form of KB 3058515.

Continue reading

Ransomware sees 165 percent increase in 2015

ransom note

The first quarter of this year saw a 165 percent increase in new ransomware driven largely by the new, hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt, and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.

This is the main finding of the latest McAfee Labs Threats Report released today by Intel Security. Among other highlights are a 317 percent increase in Adobe Flash malware samples and the emergence of new efforts to exploit hard drive and SSD firmware.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.