Antivirus -- myths and evolution
Antivirus products have steadily evolved over the years but a number of obsolete myths still persist.
For example, many people still believe that AV software can detect only what it knows, uses only static signatures and offers little or no protection. A new report from NSS Labs looks at the history of antivirus software and how it has, and continues to, evolve to meet new threats. It concludes that whilst endpoint protection is still essential it has evolved beyond simple antivirus programs.
Who's driving your car? AVG warns about connected vehicles
The 2014 South by Southwest festival is in full swing. It's a combination of tech, music and film rolled into one Texas-sized good time. While it all sounds like a fun-house, there is a serious note to some of the discussions. AVG was part of a forum on connected cars, taking a look at the data collected and what happens to it.
It's not all doom and gloom -- nobody showed a hack that will let the perpetrator literally take over your car. But who controls the data being collected by said vehicle is certainly a security concern. The security company's Judith Bitterli spoke during the meeting and then put her thoughts together in a quick post.
Closing the time to protection gap with threat forecasting
The dominant theme at this year’s RSA Conference in San Francisco was actionable security intelligence, a term which can mean different things to different people. For example, do bad IP addresses, DNS fast fluxing information, and geolocation constitute security intelligence? Additionally, do malware campaigns and adversary tracking count as security intelligence?
The answer is yes for both questions, but it is important to note that these are not the only high-level indicators that can be considered security intelligence. The key challenge is understanding how to "apply" security intelligence in such a way that it is actionable. The following may be considered provocative and even go against the grain of opinion in Silicon Valley: In most approaches to security, there is too much emphasis on the adversary and not enough on understanding the attack surface.
Cybercrime industry refines its techniques to steal data
Last year saw a number of credit card data breaches that made the headlines. A new report says that this shows how well the "deep web" of cybercrime is serving its customers.
McAfee Labs Threats Report for the fourth quarter of 2013 says that not only did Point of Sale (PoS) attacks like that on Target steal large numbers of records they point to a refinement in criminal technique.
Europol warns users of WiFi hotspot security risks
Europol, the law enforcement agency for the European Union, is warning that people should exercise extreme caution when using WiFi hotspots when out and about. Citing an increase in the number of "man-in-the-middle" attacks on such connections, the head of Europol's cybercrime division, Troels Oerting, said that public WiFi connections are being used to "steal information, identity or passwords and money from the users who use [them]". The advice is to not necessarily stop using public networks, but to avoid using them for anything that involves transmitting personal data.
Singled out for particular attention is online banking, which Oerting suggests people should do "from home where they know actually the wi-fi and its security" rather than in a coffee shop. Europol is currently working with several member states of the European Union following an increase in the number of WiFi network attacks.
Twitter bug exposes protected accounts -- puts users at risk
Privacy in social media can be a falsehood. The whole concept of sites like Twitter and Facebook is to share. Sure, you can limit what you share, and with whom you share, but once the information hits the servers, you have lost control. Hell, there is the possibility of accidentally sharing something by simply not understanding the settings. Some argue that the settings on some sites are intentionally confusing.
People sometimes need to limit or hide sharing for important reasons -- maybe someone is stalking them or maybe they are sharing sensitive business details with a specific intended group. Sadly, Twitter announces that a bug has affected 93,788 protected accounts, which allowed unauthorized users to read protected tweets.
Say cheese! -- new Android malware can hijack your camera
Remote access toolkits (RATs) for Android are nothing new, but until now they've mostly targeted the Asia region.
Now researchers at mobile security specialist Lookout have uncovered Dendroid, a custom RAT aimed at users in western countries. Dendroid’s author is selling the toolkit online with payment in virtual currencies like Bitcoin and even offers a warranty promise that it will remain undetected.
pCell is only as good as the Linux it runs on
I’m still working-away on my IBM book and it is still a week from being finished (the well-known second 90 percent syndrome). The book, if I am allowed to sell it on Amazon, will cost a whopping $3.99 and will be worth the money. But I’m still a columnist of sorts so here are my thoughts on pCell, an impressive new technology for increasing performance of LTE mobile data networks. It was invented by WebTV founder Steve Perlman, introduced two weeks ago in New York (very impressive video here, but fast-forward to 5:30) and was the talk of the Mobile World Congress in Barcelona the following week. pCell is amazing. It is also probably a security nightmare waiting to happen.
This is not me being a bad-ass or somehow wanting pCell to fail. I think it is great and I want it to wildly succeed, but there are a couple things about pCell that have been going over the heads of most reporters, security being one of them. I’ve read all the stories about pCell and the word security doesn’t appear in any of them, none.
Enterprise mobile security? Not my problem
The increasing trend towards BYOD and mobile devices in the workplace leads to added risks, but employees are often unaware or feel it isn't their problem.
These are among the findings of a survey by security specialist Absolute Software which polled workers in companies with a 1,000 or more employees who use mobiles for work.
Americans like it for free but Europeans still prefer to pay for protection
Independent testing group AV-Comparatives has released its 2014 Internet Security Survey.
The survey asked 5,845 users from around the world their views on security and reveals that when it comes to antivirus protection Americans like to get it for free whilst Europeans prefer to pay.
Kaspersky 2015 Technical Previews now available
Kaspersky Lab has announced the first public betas of Kaspersky Anti-Virus 2015 and Kaspersky Internet Security 2015.
There are no details on new features, as we write, but the most obvious change so far is the simplified, subdued interface. Plain buttons highlight four key task areas -- "Scan", "Updater", "Reports" and "Virtual Keyboard", for Anti-Virus 2015 -- and clicking any of these causes a new task pane to fade into view.
Dell adds new training products to build security awareness
It's often the case that the weakest link in any system's security is the person sitting in front of the screen.
As companies recognize this they're tending to invest more in training so that they can avoid threats rather than have to clean up after them. In a recent worldwide survey by Dell, 67 percent of security decision makers say they have increased funds for education.
Twitter, you had me going for a while
Every day, right after I wake up, I check my email accounts to see who reached out during the night. This morning it was Twitter that grabbed my attention with an email informing me that my password has been reset.
The reason? "Twitter believes that your account may have been compromised by a website or service not associated with Twitter", says the email received from the social network. "We've reset your password to prevent others from accessing your account". This is not something that one wants to hear, is it?
The most popular stories on BetaNews this past week February 23 -- March 1
Webcam porn! Spying! Cell phones! Bitcoin controversy! Just another normal week in the world of tech news! Bitcoin exchange Mt Gox disappeared offline amid concern about missing millions and then filed for bankruptcy. After panic spread through Mac users following the discovery of a serious SSL bug in Mavericks, Apple released an update that plugged the hole -- but it was also discovered that iOS 7 has a keylogging vulnerability. Microsoft released Service Pack 1 for Office 2013, but anyone using Office 365 will need to force the installation of newer updates in order to reap the benefits.
Security updates are all well and good for operating systems and applications, but it will do little to protect you against the wandering eyes of government agencies. As if everything we have already learned about the activities of the NSA et al, this week's revelations about what the UK's GCHQ has been getting up to is sure to raise ire. Not content with logging emails and web searches, the UK intelligence agency apparently spent a number of years tapping into the webcam chats of millions of Yahoo users. There may be little good news in this revelation, but it was at least slightly amusing to find that the surveillers were rather taken aback by the amount of pornographic content they encountered. It makes ya proud!
Apple's 'good enough' security response: why it’s not going to change, isn’t fair, but doesn’t matter anyway
Apple’s handling of the recent "goto fail" vulnerability has brought about another round of the usual criticisms that we’ve heard from the security research community for years. In this most recent episode, Apple’s decision to provide security updates for iOS devices while leaving the vulnerability unpatched on Mac OS X for four days and giving no clear sign of the company's intentions has revived the oft-repeated criticisms that Apple isn’t transparent in its security response, isn’t timely, and doesn’t engage with the researcher community positively. Often the criticism will point to Microsoft as an example of what Apple doesn’t do and should.
I’m a ten year veteran of the Microsoft Security Response Center (MSRC), and I and my colleagues have said much the same things about Apple’s security response. In fact, one of my colleagues, Stephen Toulouse, made news in 2006 by calling on Apple to implement some of the many programs that Microsoft had put together. For us, it was always particularly frustrating to see Apple essentially get a pass on behavior that would lead to huge outcries if Microsoft did it. Think of the outcry if there was an SSL/TLS vulnerability that enables man-in-the-middle attacks affecting Microsoft Windows and Internet Explorer that’s unpatched for four days with no information from Microsoft. Now, compare that with what we saw with Apple. Forgive the pun but its Apples to oranges, really and Apple gets off easy every time.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.