Must-read articles on computer security, including virus alerts and much more!
Cyber cops: Target hackers may take years to find
- WASHINGTON (AP) — Secret Service investigators say they are close to gaining a full understanding of the methods hackers used to breach Target's computer systems last December.
Hackers make Siri vastly more useful by modifying it to control Nest, Spotify
- Siri is getting a lot of competition from Google Now and Microsoft’s Cortana these days, but some young hackers have just made Siri much more useful, even if they did so without Apple’s permission. Engadget draws our attention to GoogolPlex, a new hack for Siri developed by a quartet of freshmen at the University of Pennsylvania that lets you use Apple’s voice-enabled personal assistant to adjust the temperature on your Nest thermostat or to shuffle through your Spotify playlist. What makes this particular hack really great is that it’s extremely easy to set up. First, you need to go to your Wi-Fi settings on your iOS device and click on the “i” icon next to the network you’re connected to. From there,
Researcher finds flaw in Samsung fingerprint check
- BERLIN (AP) — A Berlin-based researcher says he has managed to fool the fingerprint-based security system on Samsung's new Galaxy S5 smartphone using wood glue and a picture of the original print.
Police charge Canadian in Internet privacy breach
- OTTAWA, Ontario (AP) — Police have charged a 19-year-old Canadian man in connection with the loss of taxpayer data from Canada's tax agency website.
It Took Just Four Days to Hack the Samsung Galaxy S5's Fingerprint Scanner
- It took German "researchers" at SRLabs just four days to created a fake fingerprint using wood glue that can bypass the scanner on the brand new Samsung Galaxy S5. Unlike the iPhone, the Samsung Galaxy S5 is integrated with PayPal, and the fingerprint scanner is used to authorize transactions and money transfers in the device. PayPal issued a statement in regards to the security scare: “PayPal never stores or even has access to your actual fingerprint with authentication on the Galaxy S5. Brett McDowell, head of ecosystem security at PayPal, believes that this hack proves only a very minor threat: “This is not something you can do on any number of devices.
U.S. SEC releases cyber security examination blueprint
- By Sarah N. Lynch WASHINGTON (Reuters) - U.S. securities regulators have unveiled a road map that lays out how they plan to make sure Wall Street firms are prepared to detect and prevent cyber security attacks. The SEC also plans examinations of more than 50 firms that will focus on cyber security-specific issues. The document's release comes several months after Jane Jarcho, an associate director in the SEC's investment adviser examination program, announced in a speech the agency planned to scrutinize whether firms have policies to prevent cyber attacks. The SEC subsequently followed up with a March 26 roundtable where experts debated how public companies, brokerages, asset managers and exchanges can protect themselves from cyber threats, and what role the U.S. government should play to ensure such attacks are adequately disclosed.
American Funds urges password change to counter 'Heartbleed' bug
- By Jim Finkle and Ross Kerber BOSTON (Reuters) - American Funds, the No. 3 U.S. mutual fund family, advised some customers to change user names and passwords on Wednesday as the number of companies and people affected by the notorious "Heartbleed" bug grows. American Funds also advised customers who logged into Americanfunds.com from December 12, 2013 to April 14 to create new security questions and delete their browsing history. Heartbleed refers to a security bug in software known as OpenSSL used in about two-thirds of all websites and many other technology products. Dan Guido, chief executive of cybersecurity startup Trail of Bits, said more warnings are likely because no company will want to be remiss in trying to protect customers.
Why Heartbleed could be much worse for Android users
- Even though Google does not have a Heartbleed problem, particularly since the company has known about the OpenSSL bug a month before everyone else, a large number of Android users may still be at risk, The Guardian reports. And that’s not because Google has not patched the security flaw, but rather because Heartbleed indirectly benefits from several factors. For starters, Heartbleed only affects one version of Android and that’s the “old” Android 4.1.1. However, that also happens to be a very popular Android version running on Android phones, with as many as 50 million users running it on their current devices. The number comes from analytics firm Chitika, although Google is only saying that “less than 10%” of Android devices activated worldwide are
Not even Tor can keep you safe from Heartbleed
- So here’s some sort-of good news: Cybercriminals might be just as freaked out about the Heartbleed bug as the rest of us. Trend Micro analyst J.D. Sherry writes that revelations about the gaping hole in the Open SSL, the security protocol used to encrypt web traffic, have caused “shell shock in the Deep Web as many of the hidden services within the TOR (The Onion Router) are impacted as well.” Why is Heartbleed so potentially thorny for people who use Tor? Well consider what makes Tor so popular for criminals in the first place: It keeps your online activity anonymous by routing your traffic through several different servers before sending it through to your computer. However, the anonymity of your communications can become compromised
Beware, phone thieves: The smartphone ‘kill-switch’ is coming
- The five largest U.S. wireless carriers and many smartphone makers including Apple, Google, HTC, Huawei, Motorola, Microsoft, Nokia, Samsung and others on Tuesday announced they have agreed to include “kill-switch” technology in all smartphone models released after July 2015, Re/code reports, in a move that should help decrease smartphone thefts and further protect customer data. The companies have agreed to include software features in upcoming models that will allow users to remotely wipe their data and render the devices inoperable once they’re lost or stolen. Apple already has such features in place in iOS 7, allowing iPhone users to better protect their devices against theft – the “Activation Lock” feature in iOS 7 prevents devices from being reactivated even after being
Terrifying interactive map shows global cyber attacks happening in real time
- Heartbleed is hardly the only online threat we have to worry about these days. The massive OpenSSL bug should certainly be taken seriously — here are all the passwords you should change immediately because of Heartbleed — but there are threats around just about every corner on the Internet. LaCie on Wednesday confirmed that it was the last company to fall victim to a massive cyber attack where users’ credit card data was compromised, but it is hardly the only recent target. In fact, you’ll be shocked to learn how many cyber attacks are taking place right now as you read this. Antivirus and Internet security software firm Kaspersky recently created a beautiful and terrifying interactive world map that gives us a real-time
LaCie is the latest victim of massive credit card breach
- French company LaCie, maker of various storage solutions, on Tuesday announced that it has been the victim of a massive attack that exposed the personal data of buyers, including credit cards, to a third party. The company said it was informed by the FBI on March 19 that “an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie’s website.” The company has hired an investigation firm, and has temporarily disabled its online store, while it secures it. LaCie said that it believes all transactions made between March 27, 2013 and March 10, 2014 may be affected. Hackers were apparently able to access customers’ names, addresses, emails, card numbers and expiration dates and
Once-Leading Bitcoin Exchange Mt. Gox Calls It Quits
- Mt. Gox, once the leading Bitcoin exchange, has given up its plans to rebuild following a devastating data breach in February. On February 28, Mt. Gox filed for bankruptcy just days after going offline due to security concerns. The resulting public relations nightmare caused bitcoin prices to dip and ruined Mt. Gox’s credibility as a secure place to store cryptocurrency.
Samsung executive says Galaxy S5 to outsell S4, sees second quarter rollout for Tizen phone
- By Miyoung Kim and Se Young Lee SEOUL (Reuters) - Samsung Electronics Co Ltd's new Galaxy S5 smartphone should outsell its predecessor and defy predictions that the South Korean titan's latest model will struggle in a tough market for high-end handsets, a top executive said. The world's biggest smartphone maker has slashed prices of the S5, which rolled out globally on Friday, offered a gift pack worth $600, and more than doubled the number of initial launching countries to 125 in a bid to sustain growth in the mobile business, which generates 70 percent of its total profit. A smooth launch is crucial for Samsung, which reported its second straight quarter of profit decline earlier this month as margins in the key smartphone business come under growing pressure from cheaper Chinese rivals. "(The S5) is selling faster than the S4 so far, though it's difficult to share specific numbers as we're still at early stages," Yoon Han-kil, senior vice president of Samsung's product strategy team, told Reuters in an interview.
Wireless industry makes anti-theft commitment
- SAN FRANCISCO (AP) — A trade group for wireless providers said Tuesday that that nation's biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.
Why you should expect your favorite websites to crash over the next few weeks
- If you find yourself unable to access your favorite websites over the next few weeks, don’t worry: The Internet isn’t broken, it’s just undergoing very needed repairs. The Washington Post has talked with some security experts who expect that patching the Heartbleed bug is going to cause major disruptions on the Internet for a while as major web companies scramble to guard their websites against a bug that caught the tech world flat-footed last week. “Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council, told the Post. “The kinds of bad things it enables is
Google knew about Heartbleed for around a month and never told anyone
- For the past week, a lot of the tech world has been trying to figure out what to do about the Heartbleed bug that has the potential to compromise the security of any website that uses the Open SSL encryption protocol. However, The National Journal reports that Google got a big head start on patching Heartbleed because it discovered the security hole back in March and never told anyone else about it. In some ways this isn’t too surprising since companies often make sure to patch their own websites and services when they discover security flaws before telling the world about them. However, The National Journal notes that “keeping the bug secret from the U.S. government may have left federal
Regulators: No interruption after utilities hacked
- Electric, natural gas and major water companies and regional distribution systems in Connecticut have been penetrated by hackers and other cyber attackers, but defenses have prevented interruption, state ...
Major Google Glass update rolls out, as new orders open up
- Google on Friday is not only opening up Google Glass orders to interested buyers looking to score a pair of smart glasses, but it’s also rolling out a major update to its wearable device, bringing KitKat to Glass owners. Starting with 9 a.m. EDT, Google will be opening up a “limited number of spots in the Explorer Program,” but the device will only be available to U.S.-based customers willing to spend $1,500 for it. As for KitKat for Glass, Google describes it as its “most exciting” update for the device yet. “Our most exciting update is subtle, but big,” the company wrote on Google+. “We’ve been working on a significant upgrade to a new version of the Glass software. It’s not a
Not even BlackBerry can escape the Heartbleed bug
- Here’s how you know that Heartbleed is a serious and widespread problem: Even BlackBerry is scrambling to push out patches for it. Although BlackBerry prides itself with being the world’s leader in mobile security, Reuters reports that it was caught flat-footed by the Heartbleed bug just like everyone else and is now planning “to release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs” exposed by the massive new security flaw. Heartbleed is a major flaw in OpenSSL, the security protocol used to encrypt web traffic, that could potentially allow hackers to swipe any data that users send over the web. News about the bug sent shockwaves throughout the tech industry last week as companies are now
Google unveils email scanning practices in new terms of service
- By Alexei Oreskovic SAN FRANCISCO (Reuters) - Google Inc updated its terms of service on Monday, informing users that their incoming and outgoing emails are automatically analyzed by software to create targeted ads. The revisions more explicitly spell out the manner in which Google software scans users' emails, both when messages are stored on Google's servers and when they are in transit, a controversial practice that has been at the heart of litigation. Last month, a U.S. judge decided not to combine several lawsuits that accused Google of violating the privacy rights of hundreds of millions of email users into a single class action. Users of Google's Gmail email service have accused the company of violating federal and state privacy and wiretapping laws by scanning their messages so it could compile secret profiles and target advertising.
'Heartbleed' blamed in attack on Canada tax agency, more expected
- By Jim Finkle and Louise Egan BOSTON/OTTAWA (Reuters) - Canada's tax-collection agency said on Monday that the private information of about 900 people had been compromised as hackers exploited the "Heartbleed" bug, and security experts warned that more attacks will likely follow. The breach allowed hackers to extract social insurance numbers, which are used for employment and gaining access to government benefits, and possibly some other data, the Canada Revenue Agency said.
Maker of Android flashlight app with 50M downloads avoids fine after selling location data
- This past December, we reported that a popular Android app called Brightest Flashlight could do more than just shine light. Brightest Flashlight was a simple flashlight app that was highly-rated and had over 50 million installs. However, it had one devious, hidden feature: It would share personal data, such as your location, with advertisers. The FTC caught wind of this and began investigating the developer. According to GigaOm, the FTC reached a settlement with the developer last week, and it looks like he got away easy. Erik Geidl, the single developer behind Brightest Flashlight, will have to stop collecting location data unless he clearly explains how and why he’s doing so. He will also have to delete any location data he
U.S. retailers to share cyber threat data after Target attack
- U.S. retailers are planning to form an industry group for collecting and sharing intelligence about cyber security threats in a bid to prevent future attacks in the wake of last year's big attack on Target Corp. The National Retail Federation said on Monday it will establish an Information Sharing and Analysis Center, or ISAC, for the retail industry in June. ISACs are industry groups that typically run security operations centers that operate around the clock, providing alerts about emerging threats to their members and sharing information provided by law enforcement and other government agencies. There are more than a dozen such organizations among industries including financial services, emergency services, healthcare, technology companies, public transportation and utilities. The financial services industry ISAC, which is widely considered the most successful group of its type, will help retailers set up the new organization.
Google acquires drone-making startup Titan Aerospace
- Google announced on Monday that it would be acquiring Titan Aerospace, a startup that develops high-altitude, solar-powered drones. Titan Aerospace was previously courted by Facebook for a reported $60 million buyout, but it appears that Google struck first. The Wall Street Journal reports that Google did not divulge the price of the acquisition, but the search giant did say that the 20 or so employees of Titan will remain in their New Mexico location. CEO Vern Raburn will also continue to run the company. Google plans to ingratiate the Titan team with its own Project Loon, an undertaking which hopes to expand Internet coverage by building large, Internet-enabled balloons for areas of the world that are not yet online. “It’s still early days,
Study shows increase in online information thefts
- NEW YORK (AP) — The number of Americans who say they've had important personal information stolen online is on the rise, according to a Pew Research Center report released Monday.
Everything iPhone users need to know before switching to Android
- iPhone fans are by far the most loyal fans out there, but Android Authority has put together a very comprehensive guide for the tiny minority of iPhone users out there who are interested in making the switch to Google’s mobile operating system. The guide contains five major sections for iPhone users that tell you how to move your iPhone contacts, calendars, images, bookmarks and music over to your shiny new Android device. Interestingly, most of the transfers can be done pretty easily through Apple’s own iCloud service that backs up your iPhone’s contacts, calendar events, bookmarks and other key data. In fact, the only part of Android Authority’s guide that doesn’t at all involve iCloud is its recommendations for moving your
Here’s how to protect yourself with two-step verification on 11 top websites
- Heartbleed is a very scary bug that came to light recently and once again sent the Internet into a frenzy with talk about how to protect yourself from security vulnerabilities and hackers. Several sites also published guides covering how to protect yourself from Heartbleed, suggesting that using stronger passwords could somehow have kept users safe from having their data compromised by Heartbleed. Using complex passwords is always a good idea, but even the longest password would have been vulnerable in the case of this particular flaw. What would have offered users solid protection, however, is two-step verification. Two-step verification is a security measure that adds an additional layer of authentication in order for users to log into a website. So, for example, you might first
German research center target of espionage attack
- The German Aerospace Center says it was the target of a suspected espionage attack for several months. The research center on Monday confirmed a report by German magazine Der Spiegel and said it had asked ...
The tale of two Androids: Before and after the iPhone
- Taking the stand on Friday in the second U.S. Apple vs. Samsung patent lawsuit, Google’s Android engineering vice president Hiroshi Lockheimer said that the company did not copy iPhone when designing Android. However, Re/code and AppleInsider have obtained internal Google documents submitted into evidence that remind us just how different Android was in the beginning, with the first Android devices not even supposed to support touchscreen displays. “We like to have our own identity,” Lockheimer said while defending Android, revealing that he joined Google in April 2006 to work on Android. The documents in question, however, show how the identity of Android was shaped around the iPhone’s launch, turning it from a BlackBerry lookalike into an iPhone alternative. The “Android Project Software Functional
Why Obama's response to the Heartbleed bug is so troubling
- On Friday, the Obama administration unequivocally denied a report that the NSA had exploited the Heartbleed vulnerability to gather intelligence, part of a swift effort to shut down a damaging storyline that featured the government knowingly failing to shield millions of Americans from an online security flaw. But in so doing, the administration also made two important admissions. First, it can, if pressed, use plain English free of obvious deceit, in contrast to the obfuscation that has characterized the government's response to a stream of revelations about the NSA's vast internet dragnet. The vulnerability made it possible to obtain whatever data was in the memory of the computer during the authentication process, which meant that protective measures like user passwords or security questions might be accessible to hackers.
Blackberry plans Heartbleed patches as mobile threat scrutinized
- By Jim Finkle BOSTON (Reuters) - BlackBerry Ltd said it plans to release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the "Heartbleed" security threat. Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace. Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc's Android software and Apple Inc's iOS software. Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.
How to safely run Windows XP in the post-XPocalyptic world
- A lot of people are having trouble saying goodbye to Windows XP even after Microsoft has cut off support for the ancient operating system. Earlier this week we gave XP fans some tips for how to keep Windows XP around even if they upgrade to Windows 8, but what about those XP diehards who just flat-out refuse to upgrade to a new OS? For those hardy souls, The Guardian has put together a handy guide for XP stragglers who still can’t let go but who also don’t want to be open to the barrage of malware that will now run completely rampant on their machines without Microsoft’s support. The most obvious way to keep your XP computer safe from malware is,
Feds issue warning: Hackers trying to exploit 'Heartbleed' bug
- Hackers are targeting vulnerable networks in an attempt to exploit the "Heartbleed" bug, the U.S. Government warned on Friday.
White House, spy agencies deny NSA exploited 'Heartbleed' bug
- By Mark Hosenball and Will Dunham WASHINGTON (Reuters) - The White House and U.S. intelligence agencies said on Friday neither the National Security Agency nor any other part of the government were aware before this month of the "Heartbleed" bug, denying a report that the spy agency exploited the glitch in widely used Web encryption technology to gather intelligence. The White House, the NSA and the Office of the Director of National Intelligence issued statements after Bloomberg reported that the NSA was aware of the bug for at least two years and exploited it in order to obtain passwords and other basic information used in hacking operations. "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House National Security Council spokeswoman Caitlin Hayden said in a statement.
Amazon to unveil smartphone in time for winter holidays: WSJ
- Amazon.com Inc is preparing to launch its long-rumored smartphone in the second half of the year, the Wall Street Journal reported on Friday, citing people briefed on the company's plans. The Internet retailer would jump into a crowded market dominated by Apple Inc and Samsung Electronics Co Ltd. The company has recently been demonstrating versions of the handset to developers in San Francisco and Seattle. Amazon has made great strides into the hardware arena as it seeks to boost sales of digital content and puts its online store in front of more users. Amazon recently launched its $99 Fire TV video-streaming box and its Kindle e-readers and Fire tablets already command respectable U.S. market share after just a few years on the market.
3 things you can do to protect from Heartbleed
- The "Heartbleed" bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches ...
U.S. court voids man's conviction for hacking celebrities' iPads
- A federal appeals court on Friday unanimously threw out the conviction of an Arkansas man for stealing the personal data of about 120,000 Apple iPad users, including big-city mayors, a TV news anchor and a Hollywood movie mogul. The 3rd U.S. Circuit Court of Appeals said the prosecution of Andrew Auernheimer did not belong in New Jersey, hundreds of miles from his alleged crimes, and as a result, his November 2012 conviction and 41-month prison sentence could not stand. Writing for a three-judge panel, Circuit Judge Michael Chagares also admonished prosecutors that the Internet's "ever-increasing ubiquity" did not give the government carte blanche to prosecute cybercrime wherever it wishes. "Cybercrimes do not happen in some metaphysical location that justifies disregarding constitutional limits on venue." Auernheimer, who went by the names Weev, Weelos and Escher, had been convicted by a Newark jury of one count of conspiracy to violate the federal Computer Fraud and Abuse Act by accessing AT&T Inc servers, and one count of identity theft.
Heartbleed could harm a variety of systems
- NEW YORK (AP) — It now appears that the "Heartbleed" security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.
Surprise! The NSA Reportedly Knew About the Heartbleed Bug for Years (but They Deny It)
- The NSA knew about the Heartbleed, a security bug that potentially exposes sensitive consumer information, for about two years, according to Bloomberg. Citing "two people familiar with the matter," Bloomberg reports that the intelligence agency declined to make the security flaw public "in pursuit of national security interests." If Bloomberg's timeline is correct, then the NSA discovered the flaw almost as soon as it was introduced into the openSSL security protocols used by as much as two thirds of the web to secure traffic (learn more about Heartbleed here). When the bug became public knowledge on Monday, many speculated that the security flaw — which could potentially allow individuals to access passwords, credit card information, and other personal data from some "secure" servers — might have been something the NSA already knew about. Bloomberg's report is the first indication that the speculation is justified.