We’re living our lives more and more in the online environment. Eventually, we end up giving a lot of our personal data, whether we’re talking about a social network account, email service or a national carrier. Our conversations are being wire-tapped, our online surfing is being stored. Which are the companies that fight for our rights when the government wants to know more? Who protects our privacy?

This privacy report has been done by the Electronic Frontier Foundation and should be taken seriously. When government agencies come asking for your personal data and your activity logs, who is fighting for your rights and who’s acting like a peaceful sheep, pleasing the Big Brother?

The chart shows how many stars the participating companies has been given.

Recently a vulnerability was found in both Mac and Windows versions of Adobe’s Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe’s Flash Player, which likewise could result in arbitrary code being executed on the system.

A data-logging software company is seeking to squash an Android developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company’s training manuals from his website.

Though the software is installed on millions of Android, BlackBerry, and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.

Eckhart called the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge in order to secretly intercept the device’s workings. Malware such as keyloggers and trojans are two examples.

An attack targeting sites running unpatched versions of the osCommerce web application kept growing virally this week, more than three weeks after a security firm warned it was being used to install malware on the computers of unsuspecting users.

When researchers from Armorize first spotted the exploit on July 24, they estimated it had injected malicious links into about 91,000 webpages. By early last week, The Reg reported it had taken hold of almost 5 million pages. At time of writing, Google searches suggested that the number exceeded 8.3 million

South Korea’ communications regulator said Thursday hackers from China had attacked an Internet portal and blogging site operated by SK Comms, accessing the personal information of up to 35 million users in what could be the country’s biggest cyber attack so far.

The incident follows a series of hacking incidents at South Korean financial firms in recent months, exposing the vulnerabilities of networks in the world’s most wired country.

The Korea Communications Commission said in a statement that hacking attacks Thursday morning targeted personal information including phone numbers, e-mail addresses, names and coded data of users of the Nate portal and Cyworld blogging sites, both operated by SK Comms.

Police are investigating the case and have yet to request the assistance of the Chinese authorities, an official at the commission said.

Computer hackers shut down al-Qaida’s ability to communicate its messages to the world through the Internet, interrupting the group’s flow of videos and communiqués, according to a terrorism expert.

“Al-Qaida’s online communications have been temporarily crippled, and it does not have a single trusted distribution channel available on the Internet,” said Evan Kohlmann, of Flashpoint Global Partners, which monitors the group’s communications.

The attack was carried out within the past few days by unknown hackers targeting al-Qaida’s Internet communications systems. It was “well coordinated and involved the use of an unusual cocktail of relatively sophisticated techniques,” Kohlmann said.

Sometimes seeing is believing. The FaceNiff Android app, released earlier this month, allows anyone to snoop on traffic on Wi-Fi networks and even hijack Facebook accounts. Sounds bad, but this video demo drives the message home by showing just how easy it is to do:

The app, which works on Android phones that have been rooted, offers “one-touch hacking,” says Kevin Mahaffey, founder and chief technology officer at mobile security firm Lookout. The technique isn’t new–it’s akin to a mobile version of the Firesheep Firefox extension released last year–but it makes it super easy and mobile.

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers. “The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet”.

Hackers breached the security of a defense industry news website and stole sensitive subscriber information that could be used in attacks targeting the US military and its contractors.

Gannet Co., publisher of DefenseNews, disclosed the bad news in an advisory published Monday. Data exposed included subscribers’ first and last names, usernames, passwords, email addresses, and in many cases military duty status, paygrade, and branch of service.

Computer hackers who previously broke into a U.S. Senate server and brought down the CIA web site struck an Arizona police web site on Thursday, releasing dozens of internal documents over the Internet.

Lulz Security, saying it opposed a tough anti-immigration law in Arizona, said it was releasing documents that related to border control and other law enforcement activities. Its headline was “Chinga La Migra,” Spanish for a more profane way of saying “Screw the Immigration Service.”

It released about a half a gigabyte of data, including account names, passwords and contact information for several people. Reuters was able to reach two of them to establish that they were accurate.

A scan of the dozens of files released revealed what appeared to be security bulletins from other law enforcement agencies, internal planning documents and even routine reports on traffic incidents.

Google has detected a campaign to gather Gmail account credentials that appears to originate from Jinan, China, and is warning users to take a few minutes to review their security settings.

Eric Grosse, engineering director for Google’s security team, said in a blog post that hundreds of users have been affected, including senor U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” Grosse said.

By changing these settings, which are only evident through the appropriate Gmail Settings tab page, the attackers could generate copies of incoming and outgoing email that would be forwarded without the account holder’s knowledge.

A March attack on RSA’s SecurID authentication service has possibly claimed its first big victim: Lockheed Martin.

According to a source speaking to Reuters, unknown hackers have broken into Lockheed Martin’s security systems by using duplicate SecurID tokens to spoof legitimate authentications into the network. These SecurID tokens are analogous to Blizzard’s World of Warcraft Authenticators: Tiny little keyfobs that display an ever-changing code one must enter to log into a protected service.

Lockheed hasn’t issued comment on alleged breach itself, leading only to speculation as to what data, if any, those breaching the company’s network were able to acquire. But the plunder could be vast: Lockheed is the nation’s largest military contractor, and it undoubtedly has treasure troves of data about existing and future weapons systems as well as information related to the various cybersecurity services the company provides.