05/11, 1:20am
BlackBerry likely to suffer due to loss of monopoly on secure devices
A spokesperson for the Pentagon has told Bloomberg that mobile devices using Apple's iOS 6 as well as Samsung devices supplemented with the company's Knox security lockdown as well as BlackBerry devices running BB10 are expected to be allowed onto the Defense Department's high-security data networks early next week, barring final approvals. The news comes on the heels of iOS's FIPS 140-2 certification for the CoreCrypto kernel module, which was added in the iOS 6 release.
more
05/10, 1:55pm
Agencies stymied by locked-down operating system
Apple is receiving so many requests from police agencies looking to decrypt seized iPhones that the company has started a waiting list, CNET reports. In an example exposed by court documents, the ATF is said to have wanted to break through the encryption of an iPhone 4S owned by a Kentucky man accused of distributing crack cocaine. The agency "contacted Apple to obtain assistance in unlocking the device," according to US District Judge Karen Caldwell, but was "placed on a waiting list by the company."
more
05/10, 1:22pm
Unlocking Technology Act of 2013 to allow DRM circumvention
The Digital Millennium Copyright Act (DMCA) has come under attack by a newly-proposed legislation. The Unlocking Technology Act of 2013 seeks to legalize the unlocking of cellphones, as well as clarifying that the DMCA should only apply in cases where circumventing digital rights management or other copyright systems will aid in copyright infringement itself.
more
05/10, 10:51am
Option will appear automatically in account details
Apple is extending its two-step verification option for Apple IDs to a wider range of countries, users say. When the feature first launched in late March, it was restricted to the US, UK, Australia, Ireland, and New Zealand. Now though people in Canada, Argentina, and Pakistan are reporting getting the feature, and other countries may be following suit.
more
05/09, 10:06am
Founder Ren Zhengfei claims Huawei not connected to US security issues
The founder and president of Huawei has made a rare appearance in front of reporters to defend his company. Ren Zhengfei spoke out against claims made by the US government that it is a national security risk, due to apparent close ties with the Chinese government, and allegations that Huawei equipment could have allowed sensitive details to be passed to Chinese agencies.
more
05/08, 5:47pm
Service first of its kind for corporate and government
Electronic device security and management solutions provider Absolute Software has announced the launch of Computrace Mobile Theft Management, the first iOS loss mitigation and theft recovery service on the market for business. Computrace MTM provides both loss prevention and theft recovery for a company's entire iOS deployment.
more
05/08, 5:28pm
Google transparency report among first to report disconnection
Following yesterday's unexpected disappearance of Syria from the Internet, service to the war-torn country seems to be completely restored with no feared large-scale attack by the Syrian government against the rebels. Both the state-run Syrian Arab News Agency and Google's real-time reporting have demonstrated that traffic is increasing in the country.
more
05/08, 11:01am
Weak security resulted in DRM-free MP3 file downloads
A vulnerability found in Spotify's web player has been exploited, allowing users to download permanent copies of songs from the service. A Chrome extension by the name of Downloadify used the exploit to download MP3 files that were free of DRM, rather than just stream them, something which Spotify has been quick to rectify.
more
05/07, 5:30pm
First transfer with new protocol requires only an email to unlock
File-sharing network BitTorrent has revealed a "direct-to-fan" collaboration with music label Ultra. Using a new protocol called the BitTorrent Bundle, an interaction by the downloader -- such as providing information or even paying for the content -- is required before unlocking restricted content. The mechanism for secure distribution is embedded within the protocol, and compatible with existing BitTorrent clients.
more
05/07, 2:33pm
A cryptographic component in iOS 6 has received FIPS (Federal Information Processing Standard) 140-2 Level 1 security certification from the US National Institute of Standards and Technology, says TUAW. In particular, the NIST says that when running in FIPS mode, iOS 6's CoreCrypto Kernel Module 3.0 "generates cryptographic keys whose strengths are modified by available entropy." The module is identified as "a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
more
05/07, 12:07pm
Apple can't ask for 'global consent' for data use, court finds
A Berlin court has struck down eight provisions in Apple's terms of use for data because they violate German law, Bloomberg reports, citing local consumer group Verbraucherzentrale Bundesverband (VZBV). The ruling states that Apple can't ask for "global consent" to use personal data, including location information. Previous to the decision, Apple had already signed a binding agreement that it wouldn't use seven of the 15 provisions VZBV objected to prior to the lawsuit. Today's judgment invalidates the remaining eight, although Apple can appeal if it chooses.
more
05/07, 12:04am
Trojan horse points to non-functional webpage, part of sound file
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.
more
05/04, 10:58am
Attack targeted nuclear weapons workers accessing health information
A US Department of Labor website tailored for nuclear weapons researchers has been compromised, redirecting visitors to a series of alternative websites. If the accessor was using Windows XP and Internet Explorer 8, the culmination of the attack inserted the "Poison Ivy" malware onto the computer, giving access to the user's data by "DeepPanda", a group of hackers believed to be located in China.
more
05/02, 5:04pm
Cellphones accounting for large percentages of thefts in major US cities
The cellphone industry -- including both carriers and phone makers -- is turning a blind eye toward the problem of smartphone theft, to its own benefit, a New York Times piece claims. The paper, for instance, quotes District of Columbia Police Chief Cathy Lanier as saying that "the carriers are not innocent in this whole game. They are making profit off [smartphone theft]." In 2012, the DC area witnessed a record 1,829 phones being stolen.
more
05/02, 1:12pm
Friends-based system
Facebook has announced plans to roll out a new security feature for accounts, dubbed Trusted Contacts. Under the scheme, an account owner will be able to pick three to five people to whom they can give special PINs. Should the owner have trouble getting into their account, three PIN holders will be able to help them log back in. It's not clear how quickly Trusted Contacts will become available to Facebook users.
more
05/01, 1:44pm
Targeted sites narrowed down to Houston IP address
The people responsible for a new Apple ID phishing scam have compromised 110 websites, says security firm Trend Micro. All of the sites are hosted on a specific IP address, 70.86.13.17, which is registered with an ISP based in Houston, Texas. "Almost all of these sites have not been cleaned," Trend Micro remarks.
more
05/01, 12:14pm
Report scores tech companies on protecting user data from the government
An annual report by the Electronic Frontier Foundation (EFF) has declared that Twitter and Sonic.net are the best tech companies for protecting its users from government snooping and requests from courts and law enforcement. Out of the 18 companies examined in the report, MySpace and Verizon were judged the worst, failing to score a single star in any category, while Apple, AT&T, and Yahoo managed to attain at least one star out of a possible six.
more
04/30, 2:14pm
Twitter account intrusions could rise as hackers crave press coverage
Twitter has written to news organizations in order to help prevent their highly-followed accounts being hijacked. The memo comes in the wake of a number of high-profile attacks on media Twitter accounts, with the micro-blogging service expecting the compromising of high-profile accounts to continue in the future.
more
04/29, 12:30pm
San Francisco pursues 'fear and distrust' strategy
The San Francisco Police Department is pursuing a "fear and distrust" strategy in an attempt to wreck the city's black market for mobile devices, particularly iPhones, the Huffington Post writes. Sting operations are targeting both the buyers and sellers of stolen devices, the idea being to deter people from going the illegal route. The SFPD has reportedly had help from Apple, which loaned a collection of iPhones that were then sold by undercover police officers.
more
04/28, 2:30pm
LivingSocial issues warning for users in all countries
Daily deals coupon site LivingSocial has issued a warning to its customers that their user data may have been breached in a recent cyberattack. The company last week reported an attack on its systems that gave malicious parties access to as many as 50 million users' names, email addresses, dates of birth, and "encrypted passwords," according to Reuters. The company says it is working with law enforcement to investigate the issue.
more
04/27, 3:17pm
Rooting of Google headset could allow local file storage options
The Google Glass headset has been rooted, shortly after it has started being issued by the search giant to developers. Jay Freeman, a hacker that goes by "Saurik" and creator of the Cydia app store for jailbroken iPhones and iPads, gained access to a level that he could theoretically prevent the device from being affected by Google's own restrictions.
more
04/26, 2:36pm
Stolen iPhone used in Boston Bomber tracking
According to several recent news reports, an iPhone's GPS chip was used to help track the Boston Bombers to Watertown. Time, the New York Times, and Boston.com all have reported that after the bombing the two suspects stole a Mercedes and proceeded to flee the crime. However, what the thieves didn't realize is that the car itself was equipped with an mbrace tracking system and that an active iPhone had been left inside. None of the sources directly mention Find My iPhone, but it is likely that the device finding service played a part in the location of the stolen car.
more
04/26, 6:01am
Policy change to affect Facebook, other independently-updated apps
Google has updated its Play store with a small change to its developer program policies, to prevent malicious code appearing on devices. The small change now forbids applications supplied through the Google Play store from receiving updates using another process, in an effort to improve the overall security of apps provided to Android users.
more
04/23, 11:59pm
New $10 billion by 2017 estimate may still be too optimistic
Citing a new "deeper understanding of the market," telecommunications equipment manufacturer Huawei has cut its previous estimate of $15 billion in annual sales by 2017 to $10 billion. As part of the reduction of expectations, Huawei CEO Eric Xu said that "we are not interested in the U.S. market anymore" in response to questions about the US House Intelligence Committee report calling the state-supported manufacturer a threat to US national security.
more
04/23, 2:02pm
Over 130 points lost, regained after false attack on White House
The Twitter account of the Associated Press news agency falsely declared an attack on the White House, after hackers took control of the account. The message, appearing on the AP's main Twitter feed, has since been confirmed as "bogus" by the agency, but not before it negatively-affected the Dow Jones for a short period of time.
more
04/22, 9:58am
Street View Wi-Fi data collection issue strikes again
Google has been fined 145,000 euros ($189,230) by a government regulator in Germany for collecting data from Wi-Fi connections in the country. The fine stems from when the company's Street View cars were in operation between 2008 and 2010, inadvertently collecting data packets from individuals and businesses as the fleet drove around the country.
more
04/19, 11:25am
Apple claims data anonymized, used to improve technology
All the requests people have made through Siri are being stored on Apple servers for a period of up to two years, says Apple spokeswoman Trudy Muller. The statement comes in response to Wired inquiries about ambiguity in Siri's privacy policies, initially pointed out by American Civil Liberties Union lawyer Nicole Ozer. Muller insists that Apple is anonymizing the request data, and only collecting voice clips in order to improve Siri.
more
04/17, 3:22pm
Microsoft enables two-step verification to Microsoft Accounts
Microsoft has enabled two-factor authentication for Microsoft Accounts. Leaked earlier this month, users will see the option to add the extra security measure through the account management menu over the next few days, and can download an authenticator app from the Windows Phone store or use third-party apps on other platforms, according to a company blog post. Apps and devices that will not work with the new security measure directly can have application-specific passwords created in order to function.
more
04/16, 7:45pm
Restores more user control to Java web plug-in
Apple on Tuesday updated both Java and its web browser Safari for users of OS X 10.6.8 (Snow Leopard) and higher. The updates now allow users to enable the Java web plug-in on a site-by-site basis, as opposed to the "active" or "inactive" options it had previously. Following a spate of serious issues, Apple forcibly disabled the Java plug-in because of malicious, in-use threats -- though users could reactivate Java once they updated.
more
04/12, 4:22pm
Microsoft has identified problem, posted an OS repair procedure
Microsoft declared that it has revised the "patch Tuesday" package from April 9, removing a fix that was causing some PCs to fail to blue screen, and not boot thereafter. The problem is being blamed on incompatibility with some third-party security software, and Microsoft is recommending that affected users uninstall the patch. All editions of Windows 7 and Windows Server 2008 are affected.
more
04/12, 6:44am
High bills generated by children using freemium games under scrutiny
A United Kingdom government department has launched an investigation into in-app purchases aimed at children. The Office of Fair Trading (OFT) is attempting to find out if the methods used by developers to encourage children into performing the purchases are "misleading, commercially aggressive, or otherwise unfair."
more
04/11, 4:17pm
Statement by NSC claims revisions made to bill insufficient
The White House has responded to the 2013 version of the Cyber Intelligence Sharing and Protection Act (CISPA) bill heading to the House floor for a vote. National Security Council (NSC) spokesperson Caitlin Hayden issued a statement saying that "[the White House believes] the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities" and intimated that the President would veto the bill as it stands.
more
04/10, 8:08pm
Changes to bill limited to personal information restrictions
A slightly modified version of last year's failed Cyber Intelligence Sharing and Protection Act (CISPA) has been voted through the House Intelligence Committee, with an 18-2 victory. The new revision of the bill, left mostly unaltered by the committee, will likely reach the House for a general vote by April 19 along with a number of other cybersecurity bills.
more
04/09, 5:50pm
All passwords reset, company offering a year of identity protection
According to Vudu, unknown perpetrators broke into the video streamer's office on March 24 and stole a number of items, including hard drives that contained customer information with names, email addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers. The company has since reset all passwords, and noted that the password database was encrypted.
more
04/09, 10:31am
Microsoft accounts can be linked to Authenticator Windows Phone app
Microsoft is preparing to add a two-factor system for account authentication, according to a report. The new system, aimed at improving account security overall by adding a number-based token to the Microsoft Account log-in system, has reached a point where the company is close to turning it on for all users, though it is not clear when this will be.
more
04/09, 12:52am
Update gives developers just three weeks to update their apps
Google has finally released an update for its AdMob advertising SDK for iOS developers that leaves those reliant on it just three weeks to update affected apps before Apple's hard deadline for rejecting apps that still use Unique Device Identification (UDIDs) to track app usage and advertising effectiveness. The new version, 6.4.0, retires the UDID scheme (which had emerged as a potential security and privacy risk that could compromise personal information) and adds support for test ads, along with some bug fixes.
more
04/04, 5:55pm
Anti-Kim Jong Un photos posted, Anonymous demands reiterated
In the latest phase of hacker collective Anonymous' attack against the bellicose North Korean regime, the Twitter and Flickr accounts associated with a North Korean propaganda site have been seized. The accounts taken over belonged to Uriminzokkiri, a web site which had 14,000 users' records stolen earlier this week by the same hacker group.
more
04/04, 11:18am
iMessages sent via SMS still vulnerable, agency says
The US Drug Enforcement Administration is complaining that it can't intercept content on Apple's iMessage service, even with a warrant, according to an internal note obtained by CNet. "On February 21, 2013, the DEA San Jose Resident Office (SJRO) learned that text messages sent via iMessages between Apple products (iPhone, iPad, iPod touch, and iMac) are not captured by pen register, trap and trace devices, or Title III interceptions," the DEA writes. "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider."
more
04/04, 2:15am
Tweaked in response to growing need for parental awareness
Possibly in response to a growing number of stories of inept or naive parents who have inadvertently allowed their children to run up huge bills through in-app purchases (IAPs), Apple's App Store now puts the age recommendation of a given app directly below the title and author credit. The move effectively relocates the age recommendation to the first thing a buyer will likely see after the title. The change may also help parents who fail to activate parental controls to ferret out more adult apps that are not appropriate for a given child.
more
04/02, 9:05pm
Companies could be forced to hand over data
The California State Assembly is set to consider a new bill, the "Right to Know Act of 2013," that may force companies to disclose personal data. Supported by the Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, the proposal (PDF) would require companies to provide copies of all data collected on its customers, including a list of third parties with which the personal data has been shared.
more
04/02, 6:30pm
News site's Twitter account, website taken down
In its latest cyber assault, the Anonymous collective has reportedly broken into the Chinese-hosted North Korean news site Uriminzokkiri.com and pilfered 15,000 user records -- including user names, email addresses, birthdates and hashed passwords. To prove the intrusion, the group has included details for six users, including three North Koreans, and three people from China. One of the identified Korean users had an email address from the Korea Electric Power Company.
more
04/02, 6:49am
Alma Whitten to be replaced by Lawrence You in coming months
Google's first Director of Privacy is stepping down from the role, after two and a half years in the job. Installed in the position after Google admitted to picking up Wi-Fi data through its Street View cars, Alma Whitten will continue as privacy director for a few more months until the transition to new team leader Lawrence You is complete, reports Forbes.
more
04/01, 4:05pm
Details still undisclosed
The designs for the next two generations of iPhone have already been developed, claims the district attorney for San Francisco, George Gascón. Unusually, in an interview about smartphone and tablet thefts, Gascón claims to have been personally informed about the future hardware by an Apple government liaison, Michael Foulkes. Their designs "preceded Tim Cook [becoming CEO]," Gascón says, while arguing that he would eventually like to see a killswitch technology that could disable a mobile device after it's reported stolen. Many devices can already be remotely wiped, including the iPhone, but all this does is remove any personal information or content.
more
03/28, 7:56am
One in six data buckets found to be publicly viewable
An investigation into Amazon's Simple Storage Service (S3) discovered a sixth of data stores, known as buckets, on the service are left open to public viewing. Further examination showed that a number of items on open display were of a sensitive nature, including source code for mobile games, user log-in details, and various other items of personal information.
more
03/27, 7:50pm
Consultation required prior to purchases from Chinese firms
As part of the funding law signed this week by President Barack Obama, Congress has included a provision for a formal assessment of "cyber-espionage or sabotage" risk when considering buying information technology systems from a company "owned, directed, or subsidized" by China. The requirement mandates consultation with law enforcement and other assessors prior to purchase, during the evaluation process.
more
03/27, 1:33pm
Denial of service attack over spam blacklist inclusion
The Internet is reportedly slowing down due to a large-scale online attack against an anti-spam organization, with the attack itself being declared the largest public denial of service attack in history. Non-profit Spamhaus is believed to be under attack from criminal gangs based in Russia and Eastern Europe, in a dispute that has escalated to a level that other services, such as Netflix, are feeling the impact.
more
03/26, 1:24pm
PrivacyScan update now in Mac App Store
SecureMac has launched the latest version of PrivacyScan in the Mac App Store. PrivacyScan is a utility that has been designed to remove bits of personal information that are left behind while browsing the internet. Version 1.2 includes expanded privacy cleaning support for Internet and desktop apps including flash cookies for the Google Chrome browser, SeaMonkey's auto-complete typed history, and QuickTime caches and history files. Additionally, updates have also been made to the user interface and a variety of bugs have been resolved. PrivacyScan can be purchased through the Utilities section in the Mac App Store for $15.
more
03/22, 10:52pm
Quick response prevents any reports of actual account compromises
A security flaw exposed earlier on Friday has already been fixed, just hours after it was discovered, according to Apple. The issue, which could have allowed malicious users to hijack and lock out the legitimate owners, just by knowing the email address and exact birthdate of a victim. In response, Apple temporarily took its "iForgot" password-resetting service offline while it resolved the issue.
more
03/22, 4:45pm
May be in response to string of child spending sprees
Apple has added an "Offers In-App Purchases" tag to the pages for applicable App Store titles, The Guardian observes. The warning is directly under the purchase/download button for any given app. There was already some indication of whether or not a title had in-app purchases, but only in the form of a "Top In-App Purchases" chart or a direct statement by a developer.
more
03/22, 3:47pm
Two-step verification only current defense
(Updated with Apple disabling the iForgot password retrieval page) A new exploit lets people hijack an Apple ID account using only an email address and someone's date of birth, says The Verge. The process involves pasting in a modified URL while answering the date of birth question on Apple's password retrieval page. Doing this lets someone reset an Apple ID's password, locking out the original owner unless they can get Apple's help.
more
