FBI Director Robert Mueller has endorsed anti-terrorism legislation that would require prepaid cell-phone sellers to keep records of buyers’ identities.

The bill sponsored by Sens. Charles Schumer, D-N.Y., and John Cornyn, R-Texas, would require purchasers to present identification at the point of sale.

At a Senate Judiciary Committee hearing, Mueller said the bureau would be very supportive of such a reporting requirement and that it would be essential to the success of investigations.

The security of Android apps was called into question by a report issued on Tuesday by SMobile Systems, an Ohio-based mobile security company.

The survey of over 48,000 apps in the Android Market notes that “one in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes.”

It further states that one in twenty Android apps have the potential to place unauthorized calls. “One out of every twenty applications has the ability to place a call to any number without interaction or authority from the user,” the report says.

Google says the report has problems. “This report falsely suggests that Android users don’t have control over which apps access their data,” a company spokesperson said in an e-mailed statement. “Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.”

A security expert has identified flaws in the design of some automated teller machines that make them vulnerable to hackers, who could make the ubiquitous cash dispensers spit out their cash holdings.

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for “jackpotting” ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

“ATMs are not as secure as we would like them to be,” Jeff Moss, founder of the Black Hat conference and a member of President Obama’s Homeland Security Advisory Council said. “Barnaby has a number of different attacks that make all the money come out.”

A court in central France has convicted a young Frenchman accused of infiltrating Twitter and peeping at the account of President Barack Obama, and given him a five-month suspended prison sentence.

The lawyer for Francois Cousteix, whose online name was Hacker Croll, said his client was happy with Thursday evening’s decision by the Clermont-Ferrand court. He risked up to two years in prison and a 30,000 euro fine for breaking into a data system.

Apple Inc. is now collecting the “precise,” “real-time geographic location” of its users’ iPhones, iPads and computers.

In an updated version of its privacy policy, the company added a paragraph noting that once users agree, Apple and unspecified “partners and licensees” may collect and store user location data.

When users attempt to download apps or media from the iTunes store, they are prompted to agree to the new terms and conditions. Until they agree, they cannot download anything through the store.

The company says the data is anonymous and does not personally identify users. Analysts have shown, however, that large, specific data sets can be used to identify people based on behavior patterns.

Wi-Fi traffic intercepted by Google’s Street View cars included passwords and e-mail, according to the French National Commission on Computing and Liberty (CNIL).

CNIL launched an investigation last month into Google’s recording of traffic carried over unencrypted Wi-Fi networks, and has begun examining the data Google handed over as part of that investigation.

Google revealed on May 14 that the fleet of vehicles it operates to compile panoramic images of city streets for its Google Maps site had inadvertently recorded traffic from unencrypted Wi-Fi networks. Google’s intention was only to record the identity and position of Wi-Fi hotspots in order to power a location service it operates, the company said. However, the software it used to record that information went much further, intercepting and storing data packets too.

At the time, Google said it only collected “fragments” of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54M bits per second, it always seemed likely that those one-fifth of a second recordings would contain more than just “fragments” of personal data.

That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.

Responding to a major security flaw in its Flash Player, Adobe Systems released a large patch Thursday. A security bulletin published on the company’s web site recommends that users of Flash Player 10.0.45.2 and earlier versions on Windows, Mac, Linux and Solaris update to version 10.1.53.64.

To determine which Flash Player version you are running, the company recommends going to http://www.adobe.com/software/flash/about/, or right-clicking on Flash content in the browser and selecting About Adobe Flash Player.

The bulletin also advises that users of Adobe AIR 1.5.3.9130 and earlier versions should update to AIR 2.0.2.12610. Users of Flash Professional CS5, CS4 Professional, and Flex 4 are encouraged to update to 10.1.53.64, and Flash CS3 Professional and Flex 3 users should download 9.0.277.0.

AT&T Inc. on Wednesday acknowledged a security weak spot that exposed the e-mail addresses of apparently more than 100,000 users of Apple Inc.’s iPad, a breach that could make those people vulnerable to precision-targeted hacking attacks.

The vulnerability only affected iPad users who signed up for AT&T’s “3G” wireless Internet service.

It involved an insecure way that AT&T’s website would prompt iPad users when they tried to log into their AT&T accounts through the devices. The site would supply users’ e-mail addresses, to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads. SIM cards are used to tell cell-phone networks which subscriber is trying to use the service.

The hacker group that claims to have discovered the weakness - the group calls itself Goatse Security - said it was able to trick AT&T’s site into coughing up more than 114,000 e-mail addresses, including those apparently of famous media personalities and important government officials.

Hackers have planted viruses in video games for smartphones running on Microsoft Corp’s Windows operating system, according to a firm that specializes in securing mobile devices.

The games — 3D Anti-Terrorist and PDA Poker Art — are available on sites that provide legitimate software for mobile devices, according to John Hering, CEO of San Francisco-based security firm Lookout.

Those games are bundled with malicious software that automatically dials premium-rate telephone services in Somalia, Italy and other countries, sometimes ringing up hundreds of dollars in charges in a single month.

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

Google will begin letting users run encrypted searches on its flagship search site Google.com starting next week, the company said in a blog post Thursday.

Allowing users to search using https - the web security system which many associate with online banking and shopping — would mark a first for a major search engine, and could begin a move by web services such as social networks to begin offering encryption for more than just log-ins. Such increased adoption would cut down on network eavesdropping and also have the added benefit of preventing some online attacks.

The United States is losing enough data in cyber attacks to fill the Library of Congress many times over, and authorities have failed to stay ahead of the threat, a U.S. defense official said on Wednesday.

More than 100 foreign spy agencies were working to gain access to U.S. computer systems, as were criminal organizations, said James Miller, principal deputy under secretary of defense for policy.

Terrorist groups also had cyber attack capabilities.

“Our systems are probed thousands of times a day and scanned millions of times a day,” Miller told a forum sponsored by Ogilvy Washington, a public relations company.

He said the evolving cyber threat had “outpaced our ability to defend against it.”

“We are experiencing damaging penetrations — damaging in the sense of loss of information. And we don’t fully understand our vulnerabilities,” Miller said.