Government employees will be subject to near-constant surveillance
US intelligence and military commands are in the process of evaluating a wide-spread government employee surveillance system that would accumulate databases to evaluate the behavior of security clearance holders. The system would be tailored to identify present and future corrupt officials, data leakers, and other "rogue agents" and pulls from aspects of a US military model that has been in the works for more than 10 years. The new system will collate data from many databases, public and private, to form a profile of a targeted individual, and evaluate them for threats to the US government from within.
Whistleblower addresses US cyber defense weakness, need for privacy
Despite US officials' protestations, NSA whistleblower Edward Snowden addressed a packed venue at SXSW today, by way of a Google Hangout routed through no less than seven proxies. In his hour-long moderated conversation, Snowden addressed that end-to-end encryption with readily accessible tools are the keys to privacy. Additionally, he cited NSA leadership and intrusive surveillance as a reason for the onslaught of digital intrusion by hostile powers, caused by weakening of US cyber defenses.
Available for all iOS 7-compatible devices
After a lengthy development and testing period, Apple has released the finished version of iOS 7.1 to the public. The code makes a number of improvements to iOS 7, for instance enabling CarPlay support in yet-to-be-launched vehicles. Siri will now let users hold down the Home button to decide how long a device should listen, instead of having to wait for the system to decide no one is talking. More naturalistic voices have been supplied for Japanese, British and Australian English, and Mandarin Chinese.
Filing intended to stave off at least two lawsuits in US
As expected following its Japanese bankruptcy disclosure, troubled Bitcoin exchange Mt. Gox has filed for Chapter 15 bankruptcy in the US. The filing will temporarily halt US-based lawsuits. The filing will allow potential investors to look at the exchange without legal ramifications, as well as give the exchange time to resolve some of the problems that cropped up over the weekend.
Intent of theft unknown, patients being informed a month after theft
Medical and personal information for up to 168,500 patients are potentially at risk, after a computer theft in Los Angeles, CA. The Sunderland Healthcare Solutions office was broken into on February 5, and computers with the data were purloined. Public notification of the potential data breach started going out on March 6, a month after the theft. Data at risk held on the computers that were taken are patients' full names, social security numbers, some medical information limited to diagnoses, birth dates, and addresses.
Documents posted purport 951,115 BTC still in accounting documents
Enraged Bitcoin holders are beginning to take the ongoing dispute with shuttered and bankrupt exchange Mt. Gox into their own hands. On March 9, hackers seized Mt. Gox CEO Mark Karpeles' Reddit account, posting what it alleged was proof that the executive was retaining much of the crypto currency that he claimed was lost to "transaction malleability." Additionally, what may be a separate group offered for sale what was alleged to be a 20GB stolen database from Mt. Gox, which it claimed had personal details of all of its users, including scans of passports used for identity verification.
Google encryption process upgraded according to Executive Chairman
At a panel in Austin, Texas during SXSW, Google Executive Chairman Eric Schmidt told the audience that the company felt "pretty sure that now the information inside of Google is safe from prying eyes, including those of the US government." This of course comes after the company completed a security system improvement, the process of which had began before the information was leaked by Edward Snowden and Britain's GCHQ data center data transmission interception.
Remote access tool Dendroid injects malware code into APK files
A HTTP new remote access toolkit (RAT) that is cause for concern has surfaced, according to anti-virus/anti-malware program maker Symantec, which makes turning legitimate Android apps into malware easier than before. The program, Dendroid (tagged as Android.Dendoroid by the security company), offers an easy-to-use commercial solution to inject malicious code for trojan access into APK files for placement on Android marketplaces, bypassing security checks.
ProtectCell report highlights iPhone, iPad desirability; tablet thefts rising
Third-party insurance firm ProtectCell has issued a report based on its two million policies with various mobile device owners, saying that while iPhone users are 46 percent less likely than other platform smartphone owners to need a replacement device due to accidental damage, they are 65 percent more likely to have their device get stolen or go missing than other groups.
Users move to 7.0.6 quickly to avoid threat of SSL and VPN-based attack
Following the discovery of a dormant but serious flaw in iOS 6 and iOS 7's handling of VPN and SSL security and the release of a patch by Apple to handle the issue, advertising and content-presentation company Onswipe estimates that more than 50 percent of the entire iOS userbase has already moved to iOS 7.0.6 as of March 3, under two weeks since the update became available. The transition has set a record for the fastest in iOS history.
Avira Free Mac Security adds Time Machine optimization, improved real-time tracking
Avira has updated its security software for Mac, offering performance enhancements and new security features, including Avira Protection Cloud and Avira Browser Safety. Avira produces free anti-virus and security software for PC, Mac, Android and iOS. Free Mac Security now includes optimized Time Machine back-ups, and an increase in scan performance for scheduled scanning. Quarantine management is also featured, as well as real-time detection of zero-day threats and notifications through Apple Notification Center. Avira's anti-virus software can be downloaded online.
Privacy-oriented offering from FreedomPop adds protection to
FreedomPop is entering the secure smartphone market, with the launch of the Privacy Phone. Just like the Boeing Black and the Blackphone from Silent Circle and Geeksphone, the Privacy Phone boasts a number of security features not typically offered in normal smartphones, such as 128-bit encryption of voice calls and text messages, as well filtering data traffic via a virtual private network (VPN) before reaching the Internet itself.
Secure a new Mac Pro with the $49 Switchd MacPro Lock
A new security solution for the latest Mac Pro has been announced from a company called Identified Media, which is taking pre-orders now for a new locking alteration referred to as the Switchd Mac Pro Lock. The lock is expected to ship next month, using a replacement part for the existing case lock switch on the 2013 Mac Pro that creates an opening for a standard cable lock. The pre-order price is $49, and emails are being accepted for notification about when the product debuts.
Third high-profile loss in a week may cause further instability in BitCoin
Yet another Bitcoin exchange has shut down. Flexcoin has shuttered, after disclosing that hackers appropriated 896 Bitcoins from its "hot wallet" on a computer facing the Internet. Customers whose coins were stolen will likely recieve nothing, with a small percentage of users whose coins were in a "cold wallet," not Internet-accessible, have already had their coins reimbursed.
Sprint alleged to have overcharged for illegal equipment install
Wireless carrier Sprint is being sued by the US government for overcharging for its services in cellphone surveillance. Allegedly, the carrier submitted $21 million above and beyond its actual expenses (which it is entitled to). The government, however, is seeking triple damages -- $63 million -- as the violation by the carrier is charged to have been a willing and blatant violation of the Communications Assistance for Law Enforcement Act (CALEA), the law that allows Sprint to be reimbursed for reasonable expenses associated with data collection.
PA Consulting using data to generate interactive maps using patient info
Health Select Committee member Sarah Wollaston is looking into reports in Great Britain that the entire National Health Service patient database has been uploaded onto a series of Google servers. Aggravating the situation, the servers in question are located outside the UK. While the data is as secure as possible, the breach in procedure by PA Consulting raises questions of patient data security and confidentiality. The report comes in the wake of a NHS England revelation that it would delay its own data-mining service, among criticism of how it handles the data.
Steam's Family Sharing feature exits beta
Digital game distributor Steam has officially released its Family Sharing feature. Originally released in beta, users can now authorize another user and their device to "borrow" a game from their library. Up to 10 computers can share one library at a time, with up to five different accounts permitted to use any of the aforementioned computers. Steam's Family Library Sharing is now available for all users.
Tied to cracked downloads of popular software
A Mac trojan aimed at stealing Bitcoins -- known as OSX/CoinThief -- has been found attached to pirated copies of more mainstream apps, says security firm ESET. Initially the malware was bundled exclusively with Bitcoin-related tools, but ESET says it has now found CoinThief in cracked versions of titles like Angry Birds, BBEdit, Pixelmator, and Delicious Library.
Automated facial recognition performed on webcam stills by UK security agency
The British security intelligence agency GCHQ secured millions of photographs from webcams used with Yahoo's chat services, a report alleges. The agency is claimed to have captured and stored images from more than 1.8 million users in one six month period in 2008 alone, with the surveillance activities said to have continued from 2008 to 2010, though it is possible the program continued for years afterward.
Boeing Black wipes stored data if casing is opened
A smartphone designed to offer highly-secure communications and data storage for governments and enterprise users has been unveiled by Boeing. Initially revealed to be in development in April 2012, the Boeing Black is an Android smartphone that is claimed to be tamperproof, with any attempt to open the casing automatically resulting in the deletion of data stored on the device, ultimately making the entire smartphone unusable.
Apple changes and adds to mobile device management programs
Ahead of the release of iOS 7.1, expected in the middle of next month, Apple has proceeded with an overhaul of its existing Mobile Device Management (MDM) platforms for educational, enterprise and institutional clients. It launched a new Volume Services web site earlier this month, and has now activated a number of features on that site, kicking off a big push for large-scale iOS deployments.
QuickTime 7.7.5 now available, addresses security weaknesses
Apple has released a QuickTime update to rectify multiple security issues with its Windows version. Users who play a maliciously-crafted movie file may lead to an unexpected application termination or arbitrary code execution, caused by an uninitialized pointer issue existent in the handling of track lists, memory corruption, and more. Improved error-checking is now included, and additionally a buffer overflow that was previously present in the handling of H.264 encoded movie files has been fixed through improved bounds checking. QuickTime v7.7.5 may be obtained from the QuickTime Downloads site, and is available for Windows 7, Vista, XP SP2 or later.
Critical SSL security fix will be on majority of devices by next week
[Updated with more recent statistics from Chitika] One of Apple's biggest advantages over other mobile platforms is its ability to update its OS quickly, and more crucially -- particularly in the case of the rare security issue -- to deploy the update across all compatible devices rapidly, rather than have to wait weeks or months for carriers and partners to incorporate their own apps and other processes and "skins" into the fix. Updted stats from mobile ad analysts Chitika show that more than 25.9 percent of all North American iDevices were already running the latest version within four days of its release.
Last minute revision adds prohibition to bulk unlocking
The US House of Representatives has approved a bill legalizing cellphone unlocking, against the will of the groups who originally sponsored the bill in the first place. The bill is now headed for the Senate, with what opposition has called a "poison pill" attached, preventing companies from bulk-unlocking devices for resale. If approved, the proposed bill extends an exemption currently in place for two years that legally allows cellphone unlocking, instead of the originally-proposed permanent solution.
No plan currently agreed upon, shutdown still possible
As directed by the Obama administration, a cadre of federal lawyers have developed a quartet of plans to restructure the National Security Agency (NSA) phone monitoring program. The proposals run the range from officially running operations through the telephone companies with full approval and support, all the way to completely shutting the program down, according to people familiar with the matter.
Effort would also push contextual offers from retailers to participants
MasterCard and connectivity provider Syniverse today joined forces to deliver a number of mobile and payment services designed to enhance peace of mind for mobile users when traveling abroad. The two companies are currently testing a technology for an opt-in service that will enable card transactions for users only when they have their mobile device switched on in a specific geolocation, adjacent to the transaction location.
Crisis strategy draft 'more or less' legitimate, confirmed by Mt. Gox CEO
While the Mt. Gox "crisis strategy draft" seems to actually be legitimate, further doubt on the future survivability of shuttered BitCoin exchange has been cast by both US and Japanese regulatory agencies and law enforcement. Departments from both countries have either already issued subpoenas, or are starting to look into the facts leading up to and surrounding the recent shutdown, which could cost users and the company itself over $350 million.
Even patched versions of iOS 6, 7 are exposed, firm says
A vulnerability in iOS could allow remote hackers to log every keyboard and button press a person makes, says security firm FireEye. The exploit is only theoretical -- and would require a compromised app to somehow make it through the App Store review process -- but is said to have been tested and could potentially expose both software and hardware interactions. This includes Touch ID unlocks, although not the actual fingerprint data involved.
SSL fix present but undocumented
(Updated with Safari, security updates for Lion, Mountain Lion) Following a long beta-testing period, Apple has released the finished v10.9.2 update for owners of OS X Mavericks. The software primarily adds support for FaceTime audio calls in both the FaceTime app and Messages. The two apps have also gained contact blocking, allowing people to screen out individual users.
Gox domain purchase, leaked relaunch document point to potential recovery
Headlining BitCoin's struggle for wide acceptance is the saga of Mt. Gox, once the premier exchange for the crypto-currency. Overnight, the exchange went completely down, giving rise to fears of the loss of millions of dollars of the currency. However, somewhat unexpectedly, domain investor Andy Booth has confirmed the sale of the Gox.com domain to Mt. Gox CEO Mark Karpeles, in parallel with the public release of what appears to be a pitch for investors in the exchange to relaunch Mt. Gox as simply "Gox" and offer limited withdrawals as it generates revenue to recover the exchange and repay investors.
Update expected to include FaceTime improvements, fix for SSL vulnerability
Apple has started seeding a pre-release version of OS X 10.9.2 to some of its own staff, sources tell AppleInsider. The code is listed as build 13C64, and is thought to foreshadow an imminent public release. Significantly the update is said to include a number of important changes, including the ability to block individuals in Messages, audio calls and call waiting for FaceTime, and a promised fix for SSL security.
New phone gives more privacy and security control to users at every level
Silent Circle and Geeksphone today announced its inaugural product, the Blackphone -- a smartphone designed from first principles to place privacy and control directly in the hands of its users. The company claims that for its $629 offering price, it is providing $1,469 in hardware and privacy-enhancing security services to purchasers of its forked Android-based device.
OS X said be vulnerable to same style of attack, patch to come
On February 21, Apple released a patch for iOS bringing iOS 7 and 6 to versions 7.06 and 6.16 (respectively), with little fanfare as to why the patch was issued. However, it now appears to have had more to it than a simple fix to SSL connections. The release notes mentioned a Secure Socket Layer (SSL) vulnerability for "an attacker with a privileged network," meaning that a flaw in the SSL implementation could conceivably allow for a "man-in-the-middle" attack as uncovered by ZDNet.
Microsoft announces roll out of Office 365's message encryption e-mail service
Microsoft announced this week on its Office blog that the company's Office 365 Message Encryption email service is now available. Originally announced in November 2013, consumers can now purchase a subscription for Windows Azure Rights Management to begin using the message encryption service; however, current users of Office 365 will also have access. Providing protection against unauthorized access, Office 365 Message Encryption is an enhanced version of Exchange Hosted Encryption (EHE).
Role unspecified, but had reverse-engineered iOS, OS X for porting
A well-known hacker of OS X and iOS, who single-handedly rewrote the core of both operating systems to allow them to be ported to other devices and contributed to various jailbreak apps for iPhones, has announced that he will be joining Apple as an intern or employee later this year. The coder, known as "winocm," is 17 years old but already an expert reverse-engineer who says he has been doing "insane things" with the cores of iOS and OS X.
iOS 7 update deals with SSL connection problems
Apple has released a pair of new iOS updates, iOS 7.0.6 and 6.1.6. Release notes indicate that the former deals with a problem in "SSL connection verification." 6.1.6, meanwhile, eliminates several bugs experienced by iPhone 3GS and fourth-generation iPod touch users.
At least three websites attacked so far
Adobe has issued a new version of Flash Player, 126.96.36.199, to deal with a serious vulnerability. Security firm FireEye notes that the hole has already been used to attack at least three non-profit websites. "This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues," it writes. "The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.
Supporting regions still under a dozen
Apple has brought its two-step verification process to several more countries, the company's support pages show. Until today, only the US, UK, Australia, Ireland, and New Zealand were supported. Now however the list also includes Canada, France, Germany, Italy, Japan, and Spain.
Nextt app that facilitates group communication adds 'self-destruct' option
Group communication app Nextt has been updated for iOS and Android. Nextt is a private network for close friends to connect online, aiming to make social planning easier. Nextt's update includes a "self-destruct" option, intended to focus group planning to make decisions before the conversation's expiry. The update also includes improved private messaging, and notifications through email or SMS. Nextt is free for both iOS and Android users.
Former jailbroken software bypasses App Store, poses security risk
A former "unofficial" app that required jailbreaking an iOS device to run its Game Boy emulator has attempted to "backdoor" its way onto non-jailbroken devices by hijacking a legitimate certificate, which has now been disabled by Apple. The app, GBA4iOS 2, offered emulation of Game Boy, Game Boy Color and Game Boy Advance games on iOS 7 devices, and included a built-in browser to allow users to pirate ROMs.
Entire line vulnerable, no fix currently available from Belkin
Security specialist IOActive announced today that it has uncovered multiple vulnerabilities in Belkin WeMo Home Automation devices that could affect over half a million users. The password leak allows miscreants to remotely control WeMo devices, perform malicious firmware updates, and access an internal home network.
Security startup SlickLogin purchased by Google
Israeli security startup SlickLogin has announced that it will be joining Google, in light of the company's recent buyout. Aiming to offer a simplistic yet secure method of user authentication, SlickLogin's users can authorize access to a secure account by placing their phone next to their laptop or tablet, which emits an undetectable sound. The sound acts as a unique audio password, and utilizes patent-pending technologies. Google's acquisition of SlickLogin suggests that its two-factor authentication technology may be replaced in the future.
Payment details not taken by hackers in Kickstarter intrusion
Customer data from popular crowd-funding site Kickstarter, famous for helping launch the Ouya and Pebble smart watch, has been taken by hackers, the company has revealed. Usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords of a number of accounts were accessed in the intrusion, though the company stresses in a blog post that payment information, such as partial credit card numbers, were not taken in the attack.
Bolt replaces Android phone's dialler, offers free VOIP calling
Android users have another option for a free VOIP calling service, with the recent release of Bolt. Bolt replaces the user's default phone dialler with a unified tool that activates VOIP when needed and connected to traditional phones otherwise. Calls made to other Bolt users are routed over the web for free, using 60KB per minute. Favorite contacts are automatically discovered and updated based on who one calls the most. Currently only available on Android, an iOS version of Bolt is expected in the future.
Federal measure would require both kill switch and remote wipe options
Four Democractic senators -- Amy Klobuchar (D-MN), Barbara Mikulski (D-MD), Richard Blumenthal (D-CT), and Mazie Hirono (D-HI) -- have introduced a bill for a federal law that would require "kill switches" on cellular devices. The bill would also require a remote wipe option, something that is already available on most smartphones through Android Device Manager or iOS' Find My iPhone. iOS 7 already includes a form of kill switch in Activation Lock, which prevents people from re-activating a phone unless they can provide the right Apple ID. The proposed legislation is similar to a bill under consideration in California.
Remote fob, keypad, or physical key used to unlock door
As homes move forward into the future with smart refrigerators and app-controlled overhead lights, the demand for "smart" consumer products is starting to come in all shapes and sizes. While we haven't quite reached the future many people grew up with in Saturday morning cartoons, technology is teasing us, giving us some tantalizing devices along the way -- the SimpliciKey is one of these products. Bringing deadbolt automation, keyless entry and programmable guest codes, the SimpliciKey adds a level of technological refinement to everyday life. But does this new lock actually improve things, or is it just a bump in the road of advancing technology? Check out our review to find out.
Now being spread through Bitcoin programs found on download.com
The newly-detected OS X malware dubbed "OSX/CoinThief.A," a "trojan horse" that disguises itself as a copy of a legitimate app, has spread to other Bitcoin applications. SecureMac, an anti-virus software seller, discovered the original implementation of the malware disguised as a pre-compiled version of an open-source Bitcoin tool. It has now been seen pretending to be other Bitcoin apps, some of which are available on Download.com.
G-Drive with Thunderbolt, G-Drive Mobile with Thunderbolt added to G-Drive line
G-Technology has announced its expansion of products utilizing Thunderbolt with the release of external hard drives G-Drive with Thunderbolt and G-Drive Mobile with Thunderbolt. Designed for consumers and creative professionals, the latest G-Drive storage products offer high-speed transfers, incorporating 7,200 RPM hard drives. Enclosed in aluminum, the hard drives are formatted for Mac computers by default, but can be reformatted for other compatibility if desired.
Adapted hunting technology purports to bring easy monitoring to the home
Hunting cameras are key to selecting the perfect spot for setting up a perch before hunting season begins. But what happens when a company wants to take their technology in hunting cams, and apply it to home security? The result is the TRACE line of home surveillance cameras from Moultrie. The company brings the same triggered recording technology and sensors to a suburban neighborhood with the TRACE Perimeter and the TRACE Premise. Do the cameras handle their transition from watching deer to watching cars pull in a driveway well? Or would the consumer be better off buying a dedicated, wired system over the individual TRACE cameras? Check our review to find out.
Kickstarter for alternative cloud service and device combo exceeds its campaign goal
San Franciscan siblings Karisma and Sam Nagar have successfully crowd-funded their cloud device and service Pixeom, with eleven days to spare in its Kickstarter campaign. The Pixeom Exchange Device is a prototype that offers an alternative to corporate cloud services that require access to its users' information to use its digital space. Aiming to facilitate a new type of data exchange for Internet users, Pixeom functions by centralizing one's own cloud network in a personal home device, as opposed to a large, remote data center. All of a user's cloud service needs will be supported within the device at a one-time purchasing cost, facilitating storage, social networking, and online auctioning functions that focus on privacy.