Security posts on CNET - Page 5

Security

NSA targeted WikiLeaks, Pirate Bay, leaked documents show

The National Security Agency and the UK's Government Communications Headquarters targeted WikiLeaks and Pirate Bay -- and ultimately users of those sites as well, according to leaked files.

Examining a series of classified documents leaked by whistle-blower Edward Snowden, news site The Intercept reported on Tuesday that the NSA wanted to deem WikiLeaks a "malicious foreign actor." Such a designation would have subjected the site to extensive surveillance without the use of "defeats," an NSA action that aims to prevent US citizens from getting snared in the surveillance.

The UK's GCHQ went a step … Read more

Google acquires password sounds startup SlickLogin

Google has acquired SlickLogin, an Israeli security startup that uses smartphones and high-frequency sounds for identity verification on Web sites.

SlickLogin's three-person team revealed the acquisition in an announcement posted to the company's Web site.

"Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way," the announcement reads.

Terms of the deal were not revealed, but the acqui-hire is said to be valued at "several million," according … Read more

Kickstarter hacked, user data stolen

Hackers hit crowd-funding site Kickstarter and made off with user information, the site said Saturday.

Though no credit card information was taken, the site said, attackers made off with usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts … Read more

'The Day We Fight Back' calls for protests against NSA spying

Those of you angered over reports of NSA spying are being urged to add your voices to those of a group of 5,300 companies and Web sites staging a worldwide protest.

Dubbing February 11 "The Day We Fight Back," organizations such as the Electronic Frontier Foundation, the American Civil Liberties Union, Free Press, Mozilla, Reddit, and Tumblr want Internet users to call or e-mail their legislators to pressure them to end the National Security Agency's mass surveillance program. The groups also are asking Web site owners to set up banners on their pages to urge visitors … Read more

Multifactor authentication extended to all Office 365 users

Microsoft has extended multifactor authentication to all subscribers of its Office 365 suite and plans further expansion of the security feature to other Office desktop applications later this year.

Also known as two-factor authentication, the log-in verification feature is aimed at reducing users' vulnerability to online identity theft, phishing, and other scams by adding a second level of authentication to an account log-in. Twitter, Apple, PayPal, Google, Facebook, and other vendors already have implemented two-factor authentication.

After correctly inputting their username and password, Office 365 subscribers will be required to acknowledge a phone call, text message, or an app notification … Read more

Block Android apps from phoning home without your permission

There's lots of talk lately about leaky apps: Angry Birds and Google Maps are among the smartphone apps accused of informing the government all about who you are and what you've been up to, as Nick Statt reported late last month.

A recent blog post by Serge Malenkovich of the security firm Kaspersky Labs questions the need for the latest version of Facebook's Android app to automatically access your SMS messages to facilitate the service's two-factor authentication.

Granted, Facebook and other app developers have perfectly legitimate reasons for wanting automatic access to your phone's network … Read more

Sochi hack report 'fraudulent,' security researcher charges

A report this week that attendees at the Sochi Winter Olympics were being hacked the second they booted up their electronic devices is "100 percent fraudulent," a security researcher charged Thursday.

Robert Graham of Errata Security was criticizing a report by NBC reporter Richard Engel on the safety of logging onto Russian networks. Engel reported that during a security test at cafe with a security expert, "before we even finished our coffee" the bad actors had hit, downloading malware and "stealing my information and giving hackers the option to tap or even record my phone … Read more

Turkey approves legislation to block Internet sites

Turkey is one step closer to enacting a law that would give the government the power to block any Internet site.

Late Wednesday Turkish lawmakers passed a bill that would let the presidency of regulatory agency Telecommunication and Communication (TIB) curtail access to an Internet site within four hours of receiving complaints alleging privacy violations, The Wall Street Journal said on Thursday. Such an action would not require a ruling from a court. Further, Turkish Internet companies would have to hold onto traffic information for as many as two years.

The next step falls to Turkish president Abdullah Gul, who … Read more

Heating vents may have given Target hackers their opening

The Target hack that shook the American credit card industry and delivered up to 110 million customer records to the bad guys was reportedly successful thanks to a side-door left open by a Target contractor.

The hackers were able to get credentials for Target's network stolen from Fazio Mechanical Services, a heating, ventilation, and air conditioning (HVAC) company, according to independent security reporter Brian Krebs. They were first used to access Target's network on November 15, 2013.

Fazio President Ross Fazio told Krebs that the US Secret Service, which customarily investigates these kinds of cases, visited his company'… Read more

How Big Brother's going to peek into your connected home

For as long as people have envisioned the inevitable advent of smart home, critics and privacy advocates have warned how it might all go horribly wrong.

We're not just talking Orwellian paranoia or a dystopian future where our personal lives are intertwined with corporate identities constantly siphoning data from them. The security and privacy issues at play in haphazardly wiring up our personal spaces are becoming increasingly more substantive and -- with the proliferation of smart devices -- opening up our lives to more points of vulnerability, both from real-world threats and existential ones.

"There's been nearly … Read more