Monthly Archives: November 2013

Computer Security Day, Forward secrecy, XP 0-day and YouTube spam - 60 Sec Security [VIDEO]

2013-11-30-0-day-250

When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?

Have some fun finding out the answers in this week's 60 Second Security!

Drupal security update fixes a laundry list of problems, including "predictable random numbers"

drupal-250

The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.

In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...

Bitcoin millionaire throws $7.5m virtual currency in the bin

Bitcoin wallets: Protect your digital currency

When it comes to electronic devices, bad things do happen. Components fail, power outages do occur, files can be accidentally deleted... oh and millions of dollars worth of Bitcoins can be chucked in the bin.

Microsoft warns of zero-day XP kernel bug being exploited in the wild

xp-250

Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.

Full details are still to be released, as it isn't patched yet, but here's what we know so far...

Google admits that forcing G+ on YouTube users has increased spam

Google admits that forcing G+ on YouTube users has increased spam

Google's recent decision to revamp YouTube's comment system by integrating Google+ in order to reduce spam has proven to be extremely unpopular with users. Ironically, however, it has proven to be quite a hit with the spammers themselves.

87% of SMBs suffered a cyberattack last year, only 44% see security as a priority

87% of SMBs suffered a cyberattack last year, only 44% see security as a priority

The risk of cyberattacks on SMBs has been examined in detail in a recent Sophos-sponsored report by the Ponemon Institute. The report - The Risk of an Uncertain Security Strategy - surveyed over 2,000 IT security managers within organisations employing up to 5,000 people.

Blizzard Entertainment concludes its data breach investigation - fifteen months later!

bnet-250

15 months ago, we reported on a data breach at online entertainment company Blizzard. We were complimentary back then, not least because the company owned up within three days.

Blizzard's follow-up, however, hasn't been quite as swift or impressive...

Only 24% of Europeans use different passwords for different websites

Only 24% of Europeans use different passwords for different websites

According to a large-scale survey which questioned over 27,000 people across the European Union on their internet use, security attitudes and experiences, many are put off using online services by the potential dangers, but few are taking all the necessary steps to carry out their online business in safety.

Activists to Google: You could end Chinese internet censorship in 10 days

Activists to Google: Here's how you could end censorship in 10 days

Eric Schmidt said recently that encrypting everything can end government censorship in a decade. Activists battling China's Great Firewall say why wait, when we just did it in a fraction of the time?

WikiLeaks's Julian Assange unlikely to face charges

WikiLeaks's Julian Assange unlikely to face charges

US officials certainly don't like that he published top-secret documents, but they say that legally, he hasn't committed a crime - at least, not that they've determined so far. They've refrained from formally closing the grand jury investigation, though, so maybe they're holding out hope.

Bitcoin online bank robbery - "because that's where the money is"

btc-note-250

Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.

SSCC 125 - Happy hour, forward secrecy, $300 extortions and LG unrepentant [PODCAST]

sscc-125-thumb-250

Chet and Duck dig into the good and bad of the week's news, from the amusing "Happy Hour Virus", through Twitter's implementation of forward secrecy, to LG's data-grabbing TVs and the company's unamusingly casual attitude...

Hackers trot off with RacingPost.com customer records

Hackers trot off with RacingPost.com customer records

Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?

Tech firms way behind the curve on handling cybersecurity

Tech firms way behind the curve on handling cybersecurity risk

A study by risk analysis firm BitSight reveals US financial companies are best protected from cyberattacks, followed by the energy and retail sectors, while tech firms are left trailing.

Great Firewall of China bypassed by cloud mirrors

Great Firewall of China bypassed by cloud mirrors

Activists have uploaded mirrored copies of blocked sites to cloud hosting services, challenging China to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. How long can the Great Firewall last?

Facebook reveals friends list even when it's set to private

Facebook reveals friends list even when it's set to private

Don't want the entire Facebook-using and -abusing population to see your friends list? You could set your friend list to private, but fat lot of good that will do, given a researcher's discovery that Facebook sucks out and displays our friends in "People You May Know" feeds, in spite of the setting.

LG decides its TVs *don't* steal personal information - "viewing info" isn't personal

tv-250

The story of LG's "data stealing" TVs continues to twist and turn, with LG now on its third version of what happened, and why.

LG is sorry for the confusion caused by reports of problems, but not for the problems themselves - in fact, it doesn't seem to think they're a problem at all...

Monday review - the hot 24 stories of the week

Weekly Review

In case you missed anything last week, here's a roundup of everything we wrote in the last seven days.

Twitter joins the "forward secrecy" club for added resistance to surveillance

padlock-250

Twitter is the latest high-traffic social networking site to announce that it has added an extra layer of protection known as "forward secrecy" to its web servers.

And the company didn't say "surveillance" or "NSA" once in its statement.

LG TVs grab data, GitHub attacked, vBulletin breached - 60 Sec Security [VIDEO]

2013-11-23-sneaky-tv-250

How honest is your TV? Why do crooks like source code hacks? Should you brag when you publish a breach notification?

Find out now in 60 Second Security.