Monthly Archives: September 2012
Feds snooping on email activity and social networks, without warrants - and it's on the rise
Documents released by the American Civil Liberties Union (ACLU) on Thursday show that law enforcement agencies in the U.S. have greatly increased surveillance of Americans’ electronic communications – often without a warrant or judicial oversight.
Adobe revokes certificate after hackers compromise server, sign malware
Adobe security chief Brad Arkin has warned that hackers have managed to create malicious files with Adobe's digital code-signing signature.
Chinese hackers linked to breach of control systems used in electric grids
Telvent tells customers that it's discovered that attackers breached its internal firewall and security systems, implanted malicious software, and stolen project files linked to its smart grid product. Experts detected digital fingerprints implicating a Chinese hacking group.
Leading US banks targeted in DDoS attacks
A string of attacks against the websites of leading American banks may be tied to politically motivated hacktivism, according to reports.
Companies agree to stop spying, taking secret photos on rented home computers
The US Federal Trade Commission has reached a settlement with a remote monitoring software firm and its customers over what the agency said was flagrant computer spying on customers of the rental stores.
"Google and Microsoft can't outbid the US govt - they will never win a bidding war with the NSA"
Christopher Soghoian gave the keynote presentation at the VB2012 conference in Dallas, exploring the growing industry in selling details of exploitable vulnerabilities to the highest bidder.
Free speech or weapons in need of regulation?
Free anti-virus and privacy app for Android, Sophos Mobile Security, now updated
Sophos has announced a new version of its free anti-virus app for Android, Sophos Mobile Security.
SourceForge serves up malware-infected phpMyAdmin toolkit
Being careful where you download from isn't always enough.
SourceForge, the hosting service for phpMyAdmin, has disclosed that the official phpMyAdmin 3.5.2.2 distribution was Trojanised some time last weekend.
How Earth Day could save both the planet... and the internet
Earth Day really did make a difference - at least in the world of internet security.
That's one of the conclusions revealed in a paper presented today at the Virus Bulletin (VB2012) conference in Dallas, Texas.
Security spill at the IEEE
By its own account, the IEEE is the world's largest professional association for the advancement of technology.
Not quite the organisation you'd expect to store 100GB of HTTP logs in a world readable internet facing directory.
How to read the minds of strangers.. with a little help from Facebook [VIDEO]
![How to read the minds of strangers.. just by using Facebook [VIDEO]](http://sophosnews.files.wordpress.com/2012/09/mind-reader-thumb.jpg?w=115&h=115&crop=1)
Over a million people have watched a video revealing the simple secrets of how to read people's minds, and even discover specific financial information.
And it's not as hard as you might think..
New security hole found in multiple Java versions
The same team of Polish researchers who discovered a critical security hole in Oracle’s Java software say that they uncovered another such hole, which could be used to bypass the secure application “sandbox” on most recent versions of Java.
Facebook stops asking users to rat out friends using fake names online
Facebook has wrapped up an experiment that entailed surveying people whether Friends are using pseudonyms, which is a violation of its long-standing real-names policy.
Will Do Not Track cripple the tech industry?
Eric Wheeler's CNET article spelled out the apocalyptic future that awaits us if we don't stop Do Not Track. But is it actually true?
Are Android phones facing a remote-wipe hacking pandemic?
Are Android phones about to be wiped off the face of the earth? Will hackers be triggering a factory reset on your phone whenever they feel like it?
That's the question going around since New Zealand geek Dylan Reeve put a "test your Android mobe for imminent disaster" page on his website.
US senator blames Iran for cyber attacks on banks
US Sen. Joe Lieberman says people in the know are tracing the attacks to the government's cyber army and theorizes that the DDoSes are retaliation for economic sanctions and/or Stuxnet.
UK’s top ecrime investigator describes a life fighting cybercrime
UK Cybercrime investigator and Sophos consultant Bob Burls has been on the inside of some of the biggest law enforcement takedowns of the last decade.
How to avoid fake Sophos Support pages
Sophos has received reports that some Google searches for "Sophos Technical Support" lead to bogus pages purporting to be official Sophos Support contact information. Remember, Sophos Support provides free support to all customers and partners experiencing any software issues, including the Shh/Updater-B false positive.
Ransomware - would you pay up?
Here's a tale from the Australian outback about a ransomware demand. The victim was asked for $3000.
He paid up. But would you? Should you? Or is there a better way?
Android NFC hack lets subway riders evade fares
Disposable or limited-use contactless fare cards used in New Jersey and San Francisco have insecure implementations of the Mifare Ultralight chip that can be reset to get free rides, security researchers have shown.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
