12/9/2010

Microsoft unveils new privacy feature for IE

Filed under: — Aviran Mordo

An upcoming version of Microsoft Corp.’s Internet Explorer browser will let users add lists of sites that they don’t want tracking them, a peace offering amid uproar over the sneaky ways that websites watch their users as they bounce around the Internet.

The new feature, however, won’t be as sweeping as a “do not track” option that the Federal Trade Commission is proposing to limit advertisers’ ability to do that. Users will have to create or find their own lists of sites they want to block.

And the feature won’t be automatically turned on when it debuts with the release of Internet Explorer 9 early next year.

Part of the reason for the uproar over tracking is that it’s hard to tell which sites you’re sharing information with. Websites use many third-party advertising partners, and some may use shady surveillance schemes, perhaps without the knowledge of the websites.

10/19/2010

Facebook apps leak user information

Filed under: — Aviran Mordo

Facebook users are inadvertently providing access to their names and in some cases even their friend’s names to advertising and Internet tracking companies, through some popular applications, the Wall Street Journal said.

According to the Journal’s investigation, the issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings, the paper said.

The practice violates Facebook’s rules and raises questions about its ability to keep identifiable information about its users’ activities secure, the paper said.

On Sunday, a Facebook spokesman told the Journal that it is taking steps to “dramatically limit” the exposure of users’ personal information.

10/3/2010

Iran claims it has arrested Stuxnet worm cyber-spies

Filed under: — Aviran Mordo

Iran, which acknowledged earlier that many of the computers in its nuclear operations have been attacked by the Stuxnet worm, has arrested an unspecified number of “nuclear spies,” its intelligence minister, Heydar Moslehi, said Saturday. No details on the arrests were given, and the arrests could not be independently verified.

The Stuxnet worm targets Siemens SCADA, or “supervisory control and data acquisition” systems. Those systems are commonly used to manage oil rigs, power plants, water facilities, and other industrial plants.

Because of the sophistication of the Stuxnet worm, many believe it was developed by some government’s cyber intelligence agency, and was created with Iran as a specific target. The worm has surfaced in other countries as well, however.

9/25/2010

2 men get 18 months for attack on Comcast website

Filed under: — Aviran Mordo

Two men who hacked into Comcast Corp.’s website have been sentenced to 18 months in prison.

Twenty-year-old Christopher Lewis of Newark, Del., and 28-year-old Michael Nebel of Kalamazoo, Mich., were sentenced Friday in federal court in Philadelphia. Both had pleaded guilty to conspiring to disrupt service at http://www.comcast.net .

The May 2008 cyber-attack on the Philadelphia-based cable giant redirected all traffic from Comcast’s home page to sites that boasted of the hack.

9/21/2010

Twitter says suffered security attack

Filed under: — Aviran Mordo

Twitter, the popular social media website for broadcasting short messages, said on Tuesday it has suffered an XSS attack, a security flaw on its website, which it is fixing with a patch after users complained.

The Twitter site was flooded with tweets by users complaining of a “mouseover security flaw” or “Twitter got hacked” as the top trending topics on the home page.

Twitter said on its status blog it expects the patch to be fully rolled out shortly and will update users when it is.

According to a blog by security firm Sophos, the website is being widely exploited by users who use a security flaw which allows messages to pop up and third-party websites to open in a browser just by moving a mouse over a link.

Google adds extra security step to e-mail, apps

Filed under: — Aviran Mordo

Google Inc. is making it tougher for computer hackers and other imposters to break into e-mail accounts and other password-protected services.

An additional security measure introduced Monday will require typing a six-digit code after an accountholder’s Google password is entered. The codes will be sent to people’s mobile phones.

The two-step process means it will take more than a password to get into an account, at least the first time that an attempted login is made from a particular computer. After logging in, users can ask Google to remember that their identity has been verified on that device and security codes won’t be required to get into the account again.

I think this security measure raises privacy concerns about giving out their phone number to Google, which already holds too much private information. Up until now associating your phone number with your Google account was not mandatory, and not many users used it. This way Google is forcing users to give out their phone number

9/19/2010

Intel confirms Blu-ray HDCP encryption is cracked

Filed under: — Aviran Mordo

Intel has confirmed Blu-ray HDCP encryption is cracked after admitting a leaked master key is the real deal.

High-bandwidth Digital Content Protection (HDCP) copy protection technology is designed to protect high-definition video content as it travels across digital interfaces. The technology was developed by Digital Content Protection, a subsidiary of Intel, and licensed to HDTV, set-top boxes and Blueray disk manufacturers and the like.

A leaked key, now confirmed as genuine, was published online on Tuesday via Pastebin, and quickly spread around the web. The master key creates a mechanism to strip the encryption from, for example, a HD satellite TV broadcast and a DVR, at least in theory. The availability of a master key effectively renders the key revocation feature built into HDCP impotent.

7/30/2010

FBI backs record-keeping on prepaid cell phones

Filed under: — Aviran Mordo

FBI Director Robert Mueller has endorsed anti-terrorism legislation that would require prepaid cell-phone sellers to keep records of buyers’ identities.

The bill sponsored by Sens. Charles Schumer, D-N.Y., and John Cornyn, R-Texas, would require purchasers to present identification at the point of sale.

At a Senate Judiciary Committee hearing, Mueller said the bureau would be very supportive of such a reporting requirement and that it would be essential to the success of investigations.

6/30/2010

Google Finds Flaws In Android Security Report

Filed under: — Aviran Mordo

The security of Android apps was called into question by a report issued on Tuesday by SMobile Systems, an Ohio-based mobile security company.

The survey of over 48,000 apps in the Android Market notes that “one in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes.”

It further states that one in twenty Android apps have the potential to place unauthorized calls. “One out of every twenty applications has the ability to place a call to any number without interaction or authority from the user,” the report says.

Google says the report has problems. “This report falsely suggests that Android users don’t have control over which apps access their data,” a company spokesperson said in an e-mailed statement. “Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.”

6/27/2010

ATM security flaws could be a jackpot for hackers

Filed under: — Aviran Mordo

A security expert has identified flaws in the design of some automated teller machines that make them vulnerable to hackers, who could make the ubiquitous cash dispensers spit out their cash holdings.

Barnaby Jack, head of research at Seattle-based, security firm IOActive Labs, will demonstrate methods for “jackpotting” ATMs at the Black Hat security conference in Las Vegas that starts on July 28.

“ATMs are not as secure as we would like them to be,” Jeff Moss, founder of the Black Hat conference and a member of President Obama’s Homeland Security Advisory Council said. “Barnaby has a number of different attacks that make all the money come out.”

Frenchman convicted for hacking Obama’s Twitter

Filed under: — Aviran Mordo

A court in central France has convicted a young Frenchman accused of infiltrating Twitter and peeping at the account of President Barack Obama, and given him a five-month suspended prison sentence.

The lawyer for Francois Cousteix, whose online name was Hacker Croll, said his client was happy with Thursday evening’s decision by the Clermont-Ferrand court. He risked up to two years in prison and a 30,000 euro fine for breaking into a data system.

6/22/2010

Apple collecting, sharing iPhone users’ precise locations

Filed under: — Aviran Mordo

Apple Inc. is now collecting the “precise,” “real-time geographic location” of its users’ iPhones, iPads and computers.

In an updated version of its privacy policy, the company added a paragraph noting that once users agree, Apple and unspecified “partners and licensees” may collect and store user location data.

When users attempt to download apps or media from the iTunes store, they are prompted to agree to the new terms and conditions. Until they agree, they cannot download anything through the store.

The company says the data is anonymous and does not personally identify users. Analysts have shown, however, that large, specific data sets can be used to identify people based on behavior patterns.

Powered by WordPress