Security

Chinese Army Ends 3-Month Hacking Hiatus
May 20, 2013

After a three-month lull, China's People's Liberation Army has resumed hack attacks against United States companies and government agencies. Despite a ballyhooed February report from private security firm Mandiant, and despite public complaints from the Pentagon, Unit 61398, the PLA group made famous by the report, is again back to its hacking ways.

Island Nation's Web Domain Now Paradise for Spammers
May 20, 2013

Chances are you've never heard of the tiny Pacific island nation of Palau, but you may be familiar with its former Internet domain: PW. That's because the domain, now owned by Directi, has become a favorite of spammers. According to Fort Systems, Directi -- which christened PW "Professional Web" -- began offering the top-level domain to all comers at rock-bottom prices.

A New Approach for Blocking Zero-Day Threats
May 18, 2013

Cybercriminals use zero-day and unpatched application vulnerabilities to install data-stealing malware on corporate endpoints because these are -- and will continue to be -- an issue with virtually all software applications. Zero-day exploits that take advantage of unknown vulnerabilities are the hardest to defend.

Lawmakers Ask for Clarity on Google Glass and Privacy
May 17, 2013

Eight members of Congress have sent a letter to Google asking about the privacy implications of Google Glass. The letter was sent from Rep. Joe Barton (R-Texas) and seven other lawmakers from the bipartisan Congressional Privacy Caucus. It asks Google whether users will be able to opt in to various proposed scenarios.

Bloomberg Caught With Hands in the Customer Data Jar
May 16, 2013

Bloomberg has been embroiled in scandal since news broke last week that its reporters were using the company's corporate terminals to monitor its customers' activities. The story began to unravel when news surfaced that Goldman Sachs had confronted Bloomberg over the possibility that reporters were accessing its account data.

VMware, Verizon Split Mobile Personalities
May 15, 2013

VMware and Verizon on Wednesday jointly announced the availability of VMware Horizon Mobile, a dual persona solution designed to segregate corporate and personal information, on the LG Intuition and Motorola Razr M smartphones used by Verizon Enterprise customers. The dual persona system establishes a separate workspace for corporate data, while personal information remains separate and secure.

German Court Orders Google to Clean Up Autocomplete
May 15, 2013

A federal court in Germany has told Google that it must remove offensive or defamatory suggestions from its autocomplete function when it receives a complaint. The case that prompted the ruling started with a German businessman who, upon culling through Google.de, found that he was associated with scientology and fraud.

Mobile App Privacy Bill Likely to Languish
May 13, 2013

Rep. Hank Johnson, D-Ga., last week introduced into the House of Representatives a new bill that could considerably change mobile application development. The bipartisan Application Privacy, Protection and Security Act would require application developers to gain explicit consent from consumers before collecting their data.

DHS Raises Alarm Over Cyberattacks on Critical Infrastructure
May 13, 2013

The U.S. Department of Homeland Security has warned American companies involved with energy and infrastructure operations to be on their guard against cyberattacks. The warning was issued by the Industrial Control Systems Cyber Emergency Response Team, which works to help protect critical infrastructure.

Bank Internet Links Can Give Hackers Keys to Vaults
May 13, 2013

Willie Sutton once said that he robbed banks because that's where the money was. If Sutton were living today, he might have made the career move to hacker. That would allow him to do what he liked to do best -- steal money -- on a global scale, which is what a ring of bank robbing hackers have been doing. Eight of the alleged cybercrooks were arrested in the U.S. last week.

High-Tech Plot Leads to Record-Breaking Heist
May 10, 2013

In what is believed to be one of the biggest robberies ever executed, cyberthieves stole nearly $50 million from a pair of Middle Eastern banks. Far from bullying their way into vaults, members of this crime ring reportedly hacked into credit card processing firms and withdrew money from ATMs in 27 different countries.

How to Identify Bogus Banking Emails
May 09, 2013

There are ways to stop spam, but what do you do about bogus email -- that is, email that appears legitimate but isn't? Fake emails are sent by criminals in order to get your money, or to take advantage of your computer's processing power and Internet connection to launch Web-clogging Denial of Service attacks on other networks.

Obama May Pick Twitter Lawyer for Privacy Post
May 08, 2013

The Obama administration appears to be sending a message to privacy advocates that it's taking their issue seriously by creating a new position devoted to it -- and choosing a high-profile tech lawyer to occupy it. The White House reportedly is tagging Nicole Wong, Twitter's legal director for products, for a top privacy post.

Los Alamos Surfs Its Own Quantum Internet for 2 Years
May 07, 2013

Amid fears that state-sponsored cyberterrorists have set their sights on the U.S.'s critical infrastructure -- and complaints that the infrastructure's security is below par -- the Los Alamos National Laboratory said it has been testing a network using quantum cryptography for the past two years.

IE8 Exploit Had US Nuke Workers in Its Sights
May 06, 2013

A zero-day vulnerability in Internet Explorer 8 let hackers compromise a U.S. Department of Labor website linked to a database used by former Energy Department employees who had worked with nuclear weapons or uranium. That database was also used by Labor Department claims examiners. Security firm Invincea first reported the attack.

No Starry Eyes Yet for Google Glass
May 06, 2013

There's plenty to lust after in Google Glass -- if you're a tech aficionado, that is. A beta version of Google's widely hyped, Web-connected eyewear has been out for a few weeks, and rave reviews have been the rule rather than the exception. Developers are building Google Glass apps to tempt and titillate, including one that lets a Google Glass wearer take a photo with the blink of an eye.

Scan of Entire Internet Reveals Too Many Leaky Devices
May 06, 2013

There are 3.7 billion IP addresses on the Internet, and HD Moore has pinged every one of them. Moore is chief security officer at Rapid7, a cyberthreat and risk management company. In February, he decided as a hobby project to conduct a census of all the devices connected to the Internet, using a nest of computers in a spare room in his home.

Risk and Compliance: The Yin and Yang of Security
May 04, 2013

Mushrooming industry and government mandates that govern IT security have led to a highly regulated environment and annual compliance fire drills. Compliance, however, does not necessarily equal better security. We are reminded of this fact nearly every day when breaches make headlines. So what role should compliance and risk management play?

Mobile Industry Castigated for Limp Response to Cellphone Theft
May 03, 2013

The mobile industry isn't doing enough to prevent cellphone theft or to help its victims, critics allege. Theft of mobile devices is on the rise. In some cities, notably Washington, D.C., and San Francisco, it represents a significant portion of all robberies. Device manufacturers could offer tech solutions to help quickly trace devices or disable them once they are reported stolen.

Facebook's New Security Feature Puts Friends First
May 03, 2013

Have you forgotten or lost your Facebook password? Relax. You can now turn to friends for help. Facebook on Thursday rolled out Trusted Contacts account recovery, a feature it has tested with a limited number of people as the Trusted Friends capability since 2011. Users can select three to five trusted contacts from their security settings at any time.