Monthly Archives: April 2014

Google stops data-mining students' email

Google stops data-mining students' email

The same goes for all Google Apps customers. The rest of us Gmail users are still going to be data-mined up the wazoo, of course.

Firefox 29 is out - it's more secure, but does it *look* better, too?

ff-250

Firefox 29 is out, in accordance with Mozilla's regular Tuesday-based 42 day update cycle.

There are numerous security fixes combined with some rather in-your-face visual changes...

SSCC 145 - Zero-days x2, fixing Heartbleed x2, and security-by-design [PODCAST]

sscc145-thumb-250

An 0-day in IE and an 0-day in Flash; two approaches to fixing OpenSSL after Heartbleed; how to get a free pass to Infosec Europe 2014; and why security happens by design and not by accident!

Join Chet and Duck for another podcast in the weekly Chet Chat series...

Apple fixes hole that leaked employees' and developers' personal info

Apple fixes hole that leaked employees' and developers' personal info

Apple quietly slipped its Developer Center offline on Sunday night to patch a serious security hole that let anybody access personal contact information for any registered Mac, iOS or Safari developer; every Apple Retail and corporate employee; and some key partners.

AOL Mail accounts breached, users advised to change passwords

AOL Mail accounts breached, users advised to change passwords

AOL users, change your passwords. AOL said it is investigating a large-scale breach of AOL Mail accounts in which user passwords, security questions, mail addresses, and contact lists were compromised.

Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash

flash-250

Hot on the heels of Microsoft's IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash.

(No, they're *not* related, even though the current IE exploits use a Flash file to kick things off.)

Big data can be used to discriminate, says government review

Big data can be used to discriminate, says government review

Big data can be used as a tool to discriminate against Americans in areas including housing and employment, according to a soon-to-be-released government review of big-data use. For example, employers can decide not to hire us if they think we live too far away, while banks can use data brokers' products to target financially vulnerable people with high-interest loans.

Monday review - the hot 26 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

The internet of everything - bringing more risk to more places

iot-250

The Internet of Things (IoT) is a ubiquitous buzz-phrase these days. The idea is that just about everything we make or use could be connected, allowing anything to be remotely controlled or monitored.

What could possibly go wrong?

Anonymous takes on Boston Children's Hospital in #opJustina

Anonymous takes on case of custody battle over US girl, goes after Boston Children's Hospital

Last week, outrage over the case of Justina Pellitier rose to a head and burst into cyber warfare when people affiliating themselves with Anonymous launched #opJustina. DDoS attacks preceded the #op launch and continued throughout the week.

Microsoft acknowledges "in the wild" Internet Explorer zero-day

ie-11-250

Microsoft has published a security advisory of the heart-dropping sort.

An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.

Paul Ducklin gives some tips for mitigating the risk...

New Russian law aims to curb online anonymity and free speech

duma-250

Russia just passed amendments to anti-terrorism laws, requiring popular bloggers and social media posters to register with a government agency and abide by a raft of rules covering what they say online...

Barclays bank heist ringleader jailed for five-and-a-half years

bars-250

The man at the head of a gang responsible for a string of thefts and frauds from UK banks, including one haul of at least £1.25 million in a single day, has been sentenced to five years and six months in prison.

LibreSSL, Linux Foundation, Play Store refunds and Viber shabbiness - 60 Sec Security [VIDEO]

2014-04-26-thumb-250

How do you recover from Heartbleed? Can you get your money back from Google? And just how safe is the Viber instant messaging app?

Find out in 60 Second Security...

More post-Heartbleed love/cash for OpenSSL

openssl-250

The Linux Foundation has announced the Core Infrastructure Initiative - a multi-million dollar project to fund and support critical elements of the global information infrastructure.

It's starting (surprise, surprise) with OpenSSL...

FBI informant Sabu tied to foreign cyber attacks

Sabu

The former LulzSec leader "Sabu" (aka Hector Xavier Monsegur) coordinated hundreds of attacks against foreign government computers throughout 2012 while working as an FBI informant.

Feds argue for warrantless phone search to avoid suspects kill-switching evidence

Criminal. Image courtesy of Shutterstock.

For a long time, the law has been demanding kill-switch technology as a way to thwart mobile phone theft. But in a recent brief to the Supreme Court, the DOJ cares much more about grabbing evidence before a suspect bricks or wipes his phone.

Here we go again: Viber mobile messenger app leaves user data unencrypted

viber-250

Viber, a mobile messenger app that allows users to make phone calls and send text messages for free, also gives up plenty of free user data to anyone who wants to listen.

Will Viber, WhatsApp and Snapchat ever learn?

Bank of England to hire penetration testers to attack financial firms

Bank of England to hire penetration testers to attack financial firms

The Bank of England this year will hire penetration testers to poke and kick at the computer-system defences of more than 20 major UK banks and other financial players.

Parents win against cloud storage of US students' private information

inBloom logo

Since inBloom's rollout, privacy and security experts and parents have been aghast at schools using the technology to suck up everything from students' tax ID numbers to intimate family details - and to then share the private information with software companies. The nonprofit gave up after states backed out, closing up shop on Monday.