Articles about Security

SMS could be a critical iPhone vulnerability, says white-hat hacker

In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.

Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."

Continue reading

Google talks spam trends, spiffs up Gmail labels

The first of the month always brings a bountiful harvest from Google's blogging troops, and two posts yesterday pointed us to some nifty changes to Gmail's labels features and passed along some cheerful numbers concerning spam levels as measured by the company's Postini group.

With one notable exception, those who rely even moderately on Gmail's labels ought to like where things are going. The section is finally positioned above the chat area, for starters, and your labels can be easily grouped and rearranged for your convenience rather than only in alpha order. (Gmail attempts to help you out by picking a few to put at the top of the list, hiding the rest, but we found that it didn't guess well at all; fortunately, sorting it out was drag-and-drop simple.)

Continue reading

The law vs. the right to know: Whose news is it anyway?

How far would you go to save a life?

How far would you go to save a business model?

Continue reading

A Michael Jackson post-mortem on Internet journalism

The first I heard of Michael Jackson's death was six minutes before he was pronounced dead. That's saying something, because I'm not exactly the expert on pop culture, so my ability to have prognosticated the near future, based on something a little bird told me, on the subject of a fellow I seriously believed was still living in Tokyo, would normally be suspect. But there it was, in one of my IM feeds at about 5:20 Eastern time last Thursday, "Michael Jackson died."

My friend and colleague Angela Gunn suggested last Friday that something changed in the fabric of online journalism that day -- a high water mark had at last been reached. And indeed she may be correct, because if this Internet thing is capable of predicting the future even six minutes down the road, then I may want to get into the stock trading business.

Continue reading

With Clear's airport security dissolving, what happens to all that personal data?

After days of uncertainty following Verified Identity Pass's abrupt shutdown last week, representatives of the defunct company are coming forward with at least some data on what will happen to the large collection of personally identifiable information (PII) it acquired from its customers.

In a letter to former members that's also posted to its Web site, Clear Customer Service attempted to address at least a few of the questions that have come up. The company (the letter was unsigned) reiterated that the data "is secured in accordance with the Transportation Security Administration's Security, Privacy, and Compliance Standards." The company revealed that Lockheed, which has been the firm's lead systems integrator, is working with parent company Verified Identity Pass, Inc. and the US Transportation Safety Administration "to ensure an orderly shutdown as the program closes."

Continue reading

Microsoft updates its controversial Firefox plug-in for .NET 3.5

If you're wondering what Microsoft is doing producing a plug-in for Mozilla Firefox, then perhaps you haven't heard the complaints from Firefox users who are not only wondering how that Microsoft plug-in got there, but are puzzled as to how to get rid of it. Today, Firefox users are seeing an update for that plug-in in their Automatic Updates for Windows XP, Vista, and Windows 7 RC.

Whenever Microsoft automatically installs a service with an Orwellian sounding title, automatically folks become skeptical. In this case, the .NET Framework Assistant is a device that allows a kind of security pre-authorization feature that Microsoft tried to make prettier with the marketing name ClickOnce -- which works in Internet Explorer -- to extend to Firefox.

Continue reading

Good riddance to the Clear 'frequent flyer' program

Those who subscribed to the Clear (formerly Verified Identity Pass) program, paying $199 to allegedly speed up the TSA checkpoint process, are dismayed that they're out that money now that Verified Identity Pass has abruptly folded. Amazing that they're not as concerned about all that personal data they provided the system, but were they ever?

After a considerable amount of nudging, Verified Identity Pass has confirmed that yes, they're securing the data as required by the TSA's privacy standards for Registered Traveler programs, which a security pal of mine sums up with a snort as, "We decide who gets to buy it." That's a little mean, though as you may remember it took TSA from 2005, when the Registered Traveler pilot program was launched, until July 2008 to notice that Verified Identity Pass was keeping data on thousands of passengers on unencrypted laptops. It's that laser-like focus on detail, you know, that makes TSA what it is today.

Continue reading

Microsoft calls omission of IE8 CSS rendering in Office 2010 a 'powerful' feature

4:00 pm EDT June 24, 2009 · In a marketing driven response that looks a lot more like the old Microsoft than the new Microsoft in terms of explaining away its design decisions, a Microsoft corporate vice president characterized Outlook 2010's reliance upon Word instead of Internet Explorer 8 for rendering HTML text symbolic of what he called "The Power of Word."

Corporate Vice President William Kennedy confirmed that the component of the company's new Office 2010 software -- whose technical preview is currently next month will be limited to select testers -- will rely upon Word rather than IE for reasons that include system security. "For e-mail viewing, Word also provides security benefits that are not available in a browser: Word cannot run web script or other active content that may threaten the security and safety of our customers," he wrote.

Continue reading

Wired editor accused of plagiarizing Web sources for 'free' book

Waldo Jaquith, writing for the Virginia Quarterly Review, was reading through a preview copy of Chris Anderson's upcoming Free: The Future of a Radical Price when he noticed that a passage sounded familiar, and then another, and then another. He eventually located several dozen passages in the 274-page book that appear to have been lifted directly and without attribution from Web sources -- Wikipedia mostly, but there were others.

Mr. Jaquith reached out to Mr. Anderson (pictured right) -- who is currently the editor-in-chief of Wired -- and his publishers at Hyperion before going public with the saga on Tuesday in the company blog. Mr. Anderson said he'd correct his "screwups" online by the time the book is released (in July) and in future editions; Hyperion said that was good enough for them.

Continue reading

New Microsoft 'Morro' anti-malware will share competitors' security events

Download Microsoft Security Essentials Beta Build 1.0.1487.0 from Fileforum now.

It's an argument we've seen before from Microsoft's competitors and opponents, as well as from many sensible observers: It may be unfair for the manufacturer of the operating system to leverage its customer visibility to advance a free software platform that cuts out commercial competitors. But there's another argument from opponents as well, many of them the same people: Microsoft should be responsible for the health and well-being of its customers' systems when the operating system is threatened, either through malicious use or from system defects.

Continue reading

Sign up to beta test CA's 2010 edition Security Suite

With the debate only beginning now over whether Microsoft's Security Essentials will provide adequate protection for Windows 7 users or merely placate users who settle for mediocre security, the question becomes whether competitors in the security field have an appropriate alternative. CA has informed Betanews it's looking for willing participants in a registration-only beta test of its Internet Security Suite Plus 2010 edition.

Rather than consider anti-malware and anti-virus as separate functions, the new edition will utilize a unified engine managed through a completely new front end. So veterans of the 2009 edition should take note that this is a completely new product. Personal firewalls and spam and phishing filters are included in the new edition just as before; but for 2010, the Web site blocking filter has been expanded for more personal -- and more parental -- control. A P2P filter has also been added to the suite.

Continue reading

Up Front: DHS shelves domestic spy satellite program

Privacy advocates on Monday applauded plans by the Obama administration to kill a spy satellite program that would have pointed the cameras at domestic targets. Meanwhile, the company running the nation's biggest "Registered Traveler" program, intended to whisk customers through TSA lines, is out of business.

DHS shelves domestic spy satellite program

Continue reading

Solid Oak Software and the Chinese deserve each other

Of all the filtering software makers in all the world, it's interesting and appropriate that Chinese software developers chose Solid Oak Software's CyberSitter to (allegedly) pirate -- not because it's the best out there, but because it's historically hewed the closest to enforcing the kind of heavy-handed control that Beijing likes.

Santa Barbara-based Solid Oak set up a hue and cry over the weekend, saying that China's "Green Dam Youth Escort" filtering software bears unmistakable proof of piracy. Examination of the software and its server logs seems to indicate the company is correct -- aside from the long list of sites to be filtered, there are bits of familiar code and even calls back to Solid Oak's servers. (Chinese officials have flatly denied that any intellectual property was stolen, and a subsequent update to the package eliminated many of the callbacks and other suspect code.)

Continue reading

Tracking Vista's elusive 'Black Screen of Death'

What we've been calling a "perception problem" with Windows Vista -- the notion that users may tend to think it's less secure or reliable than it has proven to be on a large scale -- isn't just about perception for users faced with severe unreliability issues. As a Windows user for over two decades, I have been to the far depths of unreliability, and have lived to tell the tale. Probing the problems with Windows is actually part of my job, and one reason I actually am a Windows user -- unlike the rest of the world.

Yesterday, a problem that's far beyond perception afflicted a 64-bit Vista SP2-based Betanews production system for the fourth time in a year, this time with the remedy being so far out and unusual that everyday users could not possibly have discovered it by normal means. As we've found out, it's a problem that has affected a small number of Vista users since the system's debut three years ago, though that number appears to be growing steadily just as Vista is preparing to vacate the spotlight for Windows 7.

Continue reading

Up Front: Google may take a tiny step toward better security

Certain Web standards have been in place since the mid-1990s, since there was a Web. And certain companies rose to prominence by promoting their use. But when it comes time to evaluate which is more convenient, a few microseconds of delay or private communication in the clear, suddenly it's Google that's hiding behind a wall of public relations. Google's listening to its users now, and yesterday it demonstrated that fact, but why all the fuss about this privacy kick everyone's on?

Google considers defaulting to encrypted connections

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.