Suck it up -- you're still going to get spied on after House votes for continued NSA surveillance
A move to close down NSA surveillance of US phone records bites the dust after a vote at the House of Representatives. The closely fought battle ended with a nail-bitingly tight vote that saw 217 votes against limiting the Agency's data collection abilities and 205 for.
Republican Justin Amash looked to end the indiscriminate collecting of phone records that was brought to light by whistleblower Edward Snowden. Rather than looking to simply stop the NSA's actions, the proposed amendment took a slightly different approach and aimed to block funding instead.
First use of Android 'Master Key' vulnerability discovered
Security specialist Symantec is reporting the first malicious use of the Android 'Master Key' vulnerability that allows hackers to inject malicious code into apps without invalidating the digital signature.
The vulnerability was discovered earlier this month but Norton Mobile Insight has now detected its first use in the wild. Mobile Insight harvests and analyzes Android apps from marketplaces around the world and has discovered the infection labelled Android.Skullkey in two applications from China. These are legitimate apps used to make appointments with doctors.
Mobility management and security is getting a little less messy
Security and management in the mobility space, at least since the dawn of the iPhone, has always had a "figuring it out as we go along" quality to it. So far we’ve gotten away with it; even though the potential for significant security breaches via mobile devices has always been there, and even though compliance with best practices in mobility is a rare thing, I’ve seen no evidence that they are a significant source of actual breaches. The real problems are what they always have been: SQL injection, weak passwords, social engineering, and so on.
In the meantime, the market for products to manage and secure mobile devices has been maturing. Of course management and security should be closely-intertwined, if not run by the same products. That can be difficult when the major products don’t include more than trivial management capabilities and very little is compatible cross-platform.
Internet Explorer has the worst phishing catch rate of all major browsers
A new report by security research firm NSS Labs looks at the comparative performance of popular browsers when it comes to blocking phishing attacks. Over a 12-day test period the average phishing catch rate ranged from 96 percent for Firefox 19 to only 83 percent for Internet Explorer 10.
Of the other big three, Chrome 25 scored 92 percent, Safari 5 managed 95 percent, and Opera 12 scored 89 percent. Chrome, Firefox and Safari all make use of Google's Safe Browsing API so it's unsurprising that they scored within a few points of each other. Microsoft uses its own SmartScreen technology in IE, whereas Opera uses a combination of blacklists from Netcraft, PhishTank and TRUSTe.
The Ask Toolbar is another reason to avoid Java
I love free software but I’m not a huge fan of all the junk that often gets bundled with programs -- toolbars and the like -- or the changes that the software sometimes wants or tries to make to my search provider. The order, as far as I’m concerned, should always go like this -- Google first, Bing second, Ask never. But so long as the extras are clearly labeled, can be deselected without problem, and easily uninstalled afterwards if I accidentally miss one, I don’t have a real issue with this bundling. It provides a way to get the software for free and funds future development.
However, I’m a savvy computer user and as part of my job I install and uninstall a lot of free software, so I know what to look out for. For the less technically astute, it’s easy to get caught out and end up installing a lot of crap you don’t want. Which takes me to the point of this article -- Oracle and the Ask Toolbar.
New Android security tool helps businesses analyze threats
Information security consultancy MWR InfoSecurity is set to release drozer, its new open source Android testing tool, at Black Hat Arsenal in Las Vegas on August 1. Allowing dynamic analysis of applications running on Android devices, drozer is able to compromise a device using publicly available exploits so that organizations can understand how mobile exploits can threaten their business.
Based on the company's previous Mercury tool, drozer adds a number of new features, most notably the ability to get it on to an Android device remotely. Tyrone Erasmus, Senior Security Consultant at MWR InfoSecurity, says, "It is a major step forward as previously, various remote Android exploits were scattered across the internet and in some cases were not very reliable. Taking up Mercury's lead, drozer unifies these publicly available exploits into a single framework and improves the quality of the exploitation code and payloads available to the penetration tester".
Apple Developer site STILL down four days after 'intruder' prompts database rebuild
The Apple Developer site remains inaccessible after a security breach on Thursday. The company is quick to point out that personal information accessed in a database was encrypted, but goes on to say the possibility that personal data had been accessed could not be ruled out. Apple is taking the intrusion very seriously it seems.
The fact that the site is inaccessible is down to Apple rather than being the direct result of an attack. Apple states that as soon as it was aware of the breach, the site was purposely taken down. This initially saw the site replaced with a message informing visitors that the site was down for maintenance, but was later replaced with a message from Apple that goes into more detail.
Ubuntu Forums falls victim to hack attack -- 1.8 million passwords stolen
Well, it's happened again. If it's not the NSA spying on internet users, then someone else is always ready to spoil the fun. Yet another website has fallen prey to hackers, putting the personal details of hundreds of thousands of users at risk.
This time around, it is Ubuntu Forums that has been affected -- visit the site and you're greeted by the announcement that the forums are down for maintenance before some details of the security breach are revealed.
Google Glass successfully hacked -- right in front of your eyes
Google Glass may not have been officially released to the public yet (it is currently only available to testers dubbed "Glass Explorers" by Google), but mobile security juggernaut Lookout has already found a security vulnerability that makes it possible to hack the wearable computer for potentially dangerous and malicious purposes.
The vulnerability impacting Google Glass is initiated through QR codes -- basically advanced barcodes. By design, a Glass user can scan these barcodes with the device's camera to do things such as perform an action or change a setting. While this provides beneficial functionality to the user, it also offers a new gateway for malicious hackers.
TCHunt can uncover hidden TrueCrypt volumes on your drives
TrueCrypt is an excellent encryption tool, a very good choice for anyone who wants to protect their most confidential files. If you use its ability to save your documents in hidden containers, though, it’s worth keeping in mind that these aren’t quite as secret as you might think: TCHunt, a free Windows tool, can identify (though not decrypt) them in just a few seconds.
The program comes in the form of a compact (244KB) executable, with no extras and no installation required; you can just download and run it.
How the Ubisoft hack shows the password model is weak, and why device-based authentication is the answer
Just over a week ago game maker Ubisoft revealed that hackers had breached its database and accessed customer information including usernames, email addresses, and passwords. This is the latest in a series in hacks revealing that the outdated password authentication model is weak and does not provide adequate security for user information.
It’s time for a network architecture that considers new access models -- including the device itself. We need a shift to device-based authentication that provides the same added security, but is completely transparent to the user. The cable industry has used this model for years, assigning cable boxes a unique identity so that users do not need to enter a password to change the channel (since the service is delivered to box, not the user). Applied to computing, device-based authentication means that even if a hacker steals your password, they still need your device to log into the website. The foundations of this model are already in place, but there is still work to do.
Is it a bird? Is it a plane? No, it's a virus
As superhero fans prepare to gather in San Diego for this year's Comic-Con, McAfee has revealed its first ever Most Toxic Superheroes list. The company has compiled a list of superheroes whose search results are most likely to lead to malicious websites aiming to steal fans' personal details or infect their PCs with viruses.
The top 15 are as follows, the percentages indicating the chance of landing on a website that has rested positive for online threats:
Symantec opens up data from the dark side
Dark data, sounds like something from a sci-fi movie doesn't it? In fact analysts at Gartner define dark data as information that enterprises collect and store as part of their day-to-day business activity but then fail to use for any other purpose.
Symantec's latest product, Data Insight 4.0, aims to shine light into the gloom and allow companies to take control of their dark data. The package works to integrate Symantec's security and storage offerings, giving companies a unified method of handling their information.
Politicians Don’t Understand PRISM
PRISM enables the NSA to categorically violate your right to privacy and reach far beyond the boundaries typically enforced by courts. So why aren’t the politicians furious about this?
They instead seem to be focused on Edward Snowden. Since his leak of the PowerPoint slides detailing the NSA’s surveillance program, politicians from both parties -- including the liberal Nancy Pelosi and Republican House Speaker John Boehner -- have called his arrest.
Will the NSA Scandal Change Online Security?
Edward Snowden’s revelations about what data big companies like Facebook, Google or Skype give to the NSA -- and therefore to the US Government -- confirm what many already know: the internet is not a safe place.
Snowden’s leaks set alarms off in the business world, too. Even though people think our personal conversations and what we post online is monitored, many were unaware that company communications are also intercepted for espionage purposes. The USA and UK take the lead in this practice, but recent news suggests these governments aren’t the only ones. Other countries -- such as France -- have their own intelligence projects.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.