Security

Researchers report security flaw in Samsung's Galaxy S4

Here's some Grinchy news for those of you who put Samsung's Galaxy S4 on your holiday wish list: Israeli researchers have identified a vulnerability in the smartphone that allegedly allows a hacker to easily intercept secure data.

Samsung told CNET and other news outlets that it's looking into the issues and thus far doesn't believe the problem is as serious as the researchers present in their findings.

"Based on the information we currently have, the threat appears to be equivalent to some well-known attacks," Samsung said. "KNOX already includes mechanisms, such as per-app … Read more

Security firm RSA took millions from NSA: report

What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation … Read more

Target data stolen in hack showing up on black market

As if the Target hack ordeal couldn't get any worse -- data from the retail chain's massive security breach stolen between November 27 and December 15 is popping up in huge quantities on the black market, The New York Times reported Friday.

After Target conceded Thursday that its in-store point-of-sale systems were indeed hacked, compromising as many as 40 million debit and credit card accounts, fraud industry experts are seeing the information flood online card-selling markets to the tune of a "ten- to twentyfold increase" in high-value cards.

The hack, which affected only shoppers who made … Read more

Three privacy-focused browsers compared

Which is the safest browser? In terms of privacy, the answer may be Internet Explorer. According to NSS Labs' 2013 Browser Security Comparative Analysis: Privacy (PDF), Internet Explorer tops Firefox and Chrome by blocking most third-party cookies by default and offering a built-in tracking protection list.

In terms of security, the answer may be Firefox. When Mark Stockley of the Sophos Naked Security blog polled readers last September about which browser they considered the most secure, Firefox was the big winner, gleaning more than 50 percent of the votes, followed by Chrome with just under 27 percent and IE with … Read more

Wickr 2.0 makes self-destructing SMS more fun

When it comes to secure text messaging, you're often entirely dependent on the whims of the message server. Wickr goes to great lengths to flip that paradigm around, handing control back to you, the sender.

Wickr 2.0's debut on Friday makes it much easier to invite friends to use the app, thanks to a new address-book scanning feature that prevents Wickr from learning who you're inviting. That's a big difference from just about every other service out there, which accesses your address book -- usually with your permission -- and then holds on to that … Read more

Target: Hack may have hit 40 million accounts

Consumers who shopped at Target stores between November 27 and December 15 -- right in the thick of the high-volume holiday shopping season -- should check their credit card statements for any unusual activity.

On Thursday, the retail chain acknowledged a hack that obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items over the past few weeks, including the Black Friday weekend. Around 40 million credit and debit card accounts may have been affected by the attack.

The issue that let the hacker gain access to customer data has … Read more

Beware: MacBook Webcams can be used to covertly spy on people

Imagine going about your daily life and then one day receiving photos of yourself from inside your home. Sound spooky? Well, this really happened to a woman named Cassidy Wolf, according to the Washington Post. And, to make matters worse, she was nude in the photos.

How did this happen?

Apparently, there's a way for hackers to spy on people via their iSight Webcams in older Apple MacBooks. Typically, when the camera is on a little light is also set off. But, in a newly discovered workaround, this light can be deactivated -- meaning unsuspecting victims have no clue … Read more

White House sticks with double duty for NSA director

It looks like NSA Director Gen. Keith Alexander, and his successor, will hold on to the additional role as head of US cyberoperations.

The Obama administration said Friday that a single military official will continue to head up both the US National Security Agency and US Cyber Command.

"Following a thorough interagency review, the administration has decided that keeping the positions of NSA Director and Cyber Command Commander together as one, dual-hatted position is the most effective approach to accomplishing both agencies' missions," National Security Council spokeswoman Caitlin Hayden said in an e-mailed statement. "Given General Alexander'… Read more

New Gmail image server proxies raise security risks

A new Gmail policy that allows e-mailed image attachments to load automatically comes at a price, say two security researchers.

Google announced on Thursday that Gmail would once again load attached images by default. The feature had been disabled years ago, as a way of clamping down on malware and phishing attacks.

The news was accompanied by an explanation: Google proxy servers would host the images, thus preventing any malware they were hiding from surreptitiously showing up in the e-mail.

However, security researcher H.D. Moore determined that the proxy servers posed a tracking risk to e-mail recipients.

"If … Read more

Gmail now shows you all images by default

Before the dark times of drive-by malware, attached images would show in their e-mail. That practice went away as e-mail providers stopped displaying attachments to cut down on spreading malware, but Google has figured out a better solution: proxy servers for all.

The company revealed on Thursday that Gmail can maintain its current level of security while serving image attachments through Google's own proxy servers, instead of through the image's original host server.

What this means is that instead of seeing a box that asks you if you want to display an attached image, you'll see the … Read more