Mozilla disables password-stealing Firefox add-on

Mozilla has disabled and added to a block list a Firefox add-on that stole log-in information when users visited Web sites, the company says.

The software, called Mozilla Sniffer, had been downloaded about 1,800 times in the approximately five weeks it was available on addons.mozilla.org, Mozilla reported in a blog post on Tuesday.

The blocklist will prompt the add-on to be uninstalled for computers running the program. Users who installed it should change their passwords.

Mozilla Sniffer intercepts login data and sends it to a remote server that appeared to be down, according to the blog post. … Read more

Get 60 percent off on IObit's Advanced SystemCare Pro

The summer has officially started, but there is no slowing down for us here at CNET Downloads. As a partner manager at CNET, I work with the developer community on Upload.com to bring you special promotions you might find useful. These offers have been designed exclusively for CNET readers with the latest offers from AVG and Norton 360, so I hope you like what you've seen so far. Thanks to your feedback, we have a special offer for you Wednesday from IObit on one of its most popular products, Advanced SystemCare PRO.

As an all-in-one PC health care … Read more

Report says be aware of what your Android app does

Updated 4:30 p.m. PDT to change headline to reflect that SMobile says it isn't criticizing the Android model and Updated 10:30 a.m. PDT to change misleading headline and add information throughout stating that users are granting permission to apps when they download them.

About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday.

And some of the apps were found to have the ability to do things like make calls and send text messages without requiring … Read more

Free apps install spyware on Macs

Mac users downloading free screensavers and a video converter app from several popular download sites also got spyware that installs a back door, collects data, and sends encrypted information to remote servers, security company Intego said on Tuesday.

The high-risk spyware, dubbed OSX/OpinionSpy, was being installed along with nearly 30 screensavers developed by a company called 7art and an app called MishInc FLV to MP3, according to a list compiled by Intego.

They were found on Softpedia, MacUpdate, and CNET-owned VersionTracker, according to a post on Intego's Mac Security Blog.

VersionTracker had removed all of the items on … Read more

On iPhone, beware of that AT&T Wi-Fi hot spot

A security researcher has discovered that any wireless network can pretend to be an AT&T Wi-Fi hot spot and thus lure unsuspecting iPhone users to an untrusted network connection.

Samy Kamkar, who created a worm that garnered him a million friends on MySpace overnight in 2005, said in an interview this week that he can hijack any iPhone within Wi-Fi range in what is often dubbed a "man-in-the-middle" attack because of the way the devices are configured to recognize AT&T Wi-Fi connections merely by the name "attwifi."

Typically, an iPhone will look … Read more

Report: India targeted by spy network

Researchers have uncovered a spy network that stole classified and other sensitive documents from the Indian government, the Dalai Lama's office, the United Nations, and compromised computers elsewhere, according to a report released on Tuesday.

The operation, dubbed "Shadow Network," is detailed in a report that also cites evidence it says links the Shadow network to two people living in Chengdu, China, and the underground hacking community in that country.

The report is based on research from volunteers at the U.S.-based Shadow Server Foundation and Information Warfare Monitor, which includes researchers from the Citizen LabRead more

Exclusive offer: Get Ad-Aware Plus for $9.95

Hi, I'm Catherine Hwang, a Partner Manager at CNET Downloads. I manage software publisher relationships for Upload.com, and I'm here to tell visitors of Download.com about a software deal that's too good to pass up.

CNET Downloads teamed up with Lavasoft to bring you an exclusive special offer: Today only, you can upgrade your free version of Ad-Aware to Ad-Aware Plus for $9.95 (usually $26.95). That's 63 percent off the regular price, so take advantage of this special offer now, only at CNET Downloads. Click here to grab your copy.

Lavasoft Ad-aware … Read more

BlackBerry has spyware risk too, researcher says

We've heard a lot about security issues with the iPhone, but the BlackBerry isn't immune to threats from malicious apps.

Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.

And if I had wanted--and he had allowed me--I could have seen a log of all his calls, … Read more

StopBadware goes nonprofit with funding from Google, others

StopBadware, the anti-malware effort run out of Harvard's Berkman Center for Internet & Society, is spinning off to become a separate nonprofit with funding from Google, PayPal, and Mozilla, the organization was set to announce on Monday.

StopBadware was launched four years ago to help companies keep spyware, viruses, adware, and other malware off their sites. The project collects and analyzes data from Web sites and advocates for safer practices.

The group's "badware alerts," expose applications that violate its badware guidelines and have AOL, Real Networks, Sears, and others to change their practices regarding customer choice. … Read more

Google's spy case: Not the first, nor the last

The recent cyberattacks on Google and other U.S. companies became public because they prompted Google's dramatic showdown with China, but attempts to steal corporate secrets using the Internet happen under the radar on a daily basis.

"Espionage has been going on for decades. The Internet has made it a lot easier to conduct espionage," said John Bumgarner, chief technology officer at the government-funded think tank U.S. Cyber Consequences Unit. "The targets are mostly defense contractors and high-tech companies that have some type of competitive advantage that someone wants to steal."

When regular business … Read more