Security

Apple's culture of secrecy delays security response -- again

If it wasn't for the news reports of Apple's "goto fail" fix released on Tuesday, you might not have known that there had been a security problem with your Macs.

More than a decade ago, Microsoft was notorious for ignoring security problems. Years of complaints from independent security researchers and industry professionals resulted in big changes in how the company handles security problems.

After Windows security measures repeatedly fell to malicious hackers, and the company was in danger of becoming the laughingstock of the security community, Chairman Bill Gates wrote a now-famous 2002 letter saying security … Read more

MasterCard to boost credit card security with smartphones

With hacks, stolen credit card data, and identify fraud constantly on the rise, some credit card companies are looking into how to better beef up security.

MasterCard announced Tuesday that it has partnered with mobile technology company Syniverse to make it more difficult for unauthorized users to buy goods with nabbed credit cards. While working to heighten credit card security is nothing new, MasterCard's most recent plan is a bit different because it involves users' smartphone geolocation while they're traveling abroad.

The idea is that a users' credit card cannot be used unless it is within close range … Read more

iOS security hole reportedly exposes your screen input

Every tap, touch, and press you make on your iPhone and iPad could be monitored and captured remotely due to an iOS security flaw. At least, that's the claim from security firm FireEye.

In a blog posted Monday, FireEye researchers said they conducted a test on non-jailbroken iOS 7.0.x devices in which they installed a "monitoring" app. This app was able to record all touch and press events in the background, including screen touches, home button presses, volume button presses, and TouchID presses. Based on its findings, the team concluded that an attacker could use … Read more

New TextSecure delivers smoother encryption

TextSecure is a far cry from driving a multibillion-dollar buyout. But for people who care about having their SMS and instant messages protected from prying eyes, it's an app that just got easier to use and more secure.

The new Android version of TextSecure, announced Monday, still uses the TextSecure v2 protocol that debuted with its CyanogenMod integration last year. Open WhisperSystems' founder, a security researcher and developer who goes by the pseudonym Moxie Marlinspike, said that the partnership has helped his company.

"It's been great," he said. "Their userbase is enormous, and it's … Read more

Apple promises to fix OS X encryption flaw 'very soon'

Apple said it will fix a bug "very soon" that allows hackers to spy on financial, e-mail, and other personal data on computers from its Mac desktop and notebook lineup.

The Cupertino, Calif.-based technology giant confirmed in an e-mail to Reuters that it was aware of the issue and already has a software fix that will be released likely in the next few days.

The severity of the bug was significant enough for Apple to issue an iterative update to its more popular iOS 7 software -- version 7.0.6, released on Friday -- instead of … Read more

Adobe issues emergency patch -- again

Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.

Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."

However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix … Read more

Bitdefender doubles protection for half the price

Bitdefender's latest AV suite, Total Security, has already been touted as the Best Antivirus of the Year by AV-Test. It's sure to win you over with its balance of form and function as it did our security editor. Total Security's award-winning AV, unobtrusive interface, and lightning-fast scanner managed to garner an outstanding 4.5/5 star-rating on Download.com. Starting this week, Bitdefender is offering the suite (normally priced at $79.95/year for three PCs) for the low price of only $39, for two years -- and up to five PCs.

You'll enjoy

The award-winning &… Read more

Belkin WeMo smart home networks in danger of hacks

Smart home networks are rapidly gaining popularity, but some security experts worry that not enough encryption controls are coming with the products.

Security firm IOActive released an advisory (PDF) on Tuesday saying more than half a million Belkin WeMo devices are susceptible to widespread hacks. The firm uncovered several vulnerabilities in these devices, which would let hackers gain access to home networks and remotely control Internet-connected appliances.

The hacks could range from a mean-spirited prank to actually posing a danger. For example, they could be as benign as turning someone's house lights on-and-off to something dangerous like getting a … Read more

Asus router vulnerabilities go unfixed despite reports

It may be news to you that some Asus wireless routers leave your computer and networked drives open to hackers, but Asus has known about the problems for months, reports indicate.

The vulnerabilities make it possible for hackers to access directories on networked drives using Asus' proprietary AiCloud option. Enabling features such as "Cloud Disk," "Smart Access," and "Smart Sync" appear to enable the vulnerability, security researcher Kyle Lovett told Ars Technica.

Enabling the file-sharing tool Samba in the router also exposes the vulnerability to hackers.

Lovett told CNET that following his report of … Read more

NSA targeted WikiLeaks, Pirate Bay, leaked documents show

The National Security Agency and the UK's Government Communications Headquarters targeted WikiLeaks and Pirate Bay -- and ultimately users of those sites as well, according to leaked files.

Examining a series of classified documents leaked by whistle-blower Edward Snowden, news site The Intercept reported on Tuesday that the NSA wanted to deem WikiLeaks a "malicious foreign actor." Such a designation would have subjected the site to extensive surveillance without the use of "defeats," an NSA action that aims to prevent US citizens from getting snared in the surveillance.

The UK's GCHQ went a step … Read more