Privacy at peril: From one tweet, a full-blown hack

Meet Alex.

I knew remarkably little about him when we first met. Alex is not his real name -- it's a pseudonym to protect his identity. But everything else about him is very real. He travels to our New York newsroom and our San Francisco office from his home near Charlotte, N.C., where he lives with his family.

Alex is one of a growing population of "privacy ambivalent" users. He keeps his Social Security number close to his chest, and rarely gives out his personal e-mail address unless he has to. But he isn't clued … Read more

Comixology users must change passwords after data breach

Digital comic readers with accounts at Comixology will have to change their passwords the next time they visit the site.

In an e-mail sent Thursday to account holders, Comixology revealed that it was hit by a recent security breach. Specifically, someone hacked into a database containing usernames, e-mail addresses, and encrypted passwords. Though the passwords themselves were stored in a protected format, the site is still requiring all users to change their passwords.

Comixology users can reset their passwords through the site's change-password page.

Comixology's e-mail also stressed that payment information is not stored on its servers and … Read more

FreedomPop's 'Snowden phone' encrypts your calls and data

Want to protect your phone calls and data from the feds, hackers, and other snoops? FreedomPop's new Privacy Phone promises to do just that.

Nicknamed the "Snowden phone" after NSA whistleblower Edward Snowden, the phone is actually a Samsung Galaxy S2 that FreedomPop rejiggered into a call- and data-encrypting device. Equipped with 128-bit encryption, the phone aims to secure your voice calls and text messages. A built-in virtual private network lets you surf the Web anonymously.

Selling now for $189, the Privacy Phone comes with unlimited voice and texting. FreedomPop throws in 50MB of monthly data access … Read more

Edward Snowden to speak at South by Southwest

NSA leaker Edward Snowden will be on hand for an interview at South by Southwest Monday, but federal agents won't have anyone to arrest for espionage.

South by Southwest announced today that Snowden -- who is living in exile in Russia after his famous leak of countless documents detailing NSA surveillance -- will speak during the "Interactive" portion of the annual Austin, Texas, festival Monday at 11 a.m. Central by satellite. He will be in conversation with Christopher Soghoian, the American Civil Liberties Union's principal technologist.

The conversation will be focused on the impact of … Read more

Colbert turns his funny gun on Snowden in RSA keynote

SAN FRANCISCO -- Don't mistake this for something out of the mouth of Stephen Colbert's ultra-conservative, Bill O'Reilly-modeled TV persona: The popular funnyman actually believes that former NSA contractor and domestic spying whistleblower Edward Snowden should come back to the US and face trial.

In front of more than 6,000 people at the RSA Conference's closing keynote at the Moscone Center here, Colbert had the audience roaring within minutes over his jokes about computer security and encryption.

Colbert described the conference jokingly as a place where the best security experts "gather, talk shop, and … Read more

Klocwork: Our source code analyzer caught Apple's 'gotofail' bug

It was a single repeated line of code -- "goto fail" -- that left millions of Apple users vulnerable to Internet attacks until the company finally fixed it Tuesday.

That OS X security vulnerability, which also affected iOS users, arose out of Apple's custom implementation of a security standard known as SSL/TLS. By including the "goto fail" line twice in a row, the normal error check for some types of encryption signatures fails.

Now Klocwork, a company that makes source code analysis tools, is demonstrating that its product would have caught the errant second &… Read more

Yahoo taps TrustyCon co-founder Alex Stamos for chief information security officer

Yahoo has named Alex Stamos, current chief technology officer for security firm Artemis and co-founder of TrustyCon, as its next chief information security officer, Recode's Arik Hesseldahl is reporting based on sources familiar with the matter.

The company's last CISO, Justin Somaini, left Yahoo more than a year ago. Stamos, a well-known member of the industry and frequent face on the stage of prominent security conferences, will be filling the role starting March 10 and reporting directly to CEO Marissa Mayer. His position at Artemis remains unclear at this time.

On February 27, Stamos and a group of … Read more

TrustyCon's RSA Conference rebels promise more to come

SAN FRANCISCO -- What started as a one-man boycott of the annual RSA Conference here in response to the confab's parent company's ties to the National Security Agency has begun to blossom into a broader movement to reclaim the trust of technology and Internet users.

Alex Stamos, co-organizer of the event -- nicknamed TrustyCon -- and chief technology officer at the security firm Artemis, took the stage in Theater 14 at the AMC Metreon multiplex to explain just why the Trustworthy Computing Conference was needed in the first place. After all, with Security B-Sides earlier in the week, … Read more

Google keeps an ever-closer eye on non-Play Store apps

SAN FRANCISCO -- Android owners who use apps installed from outside of the Play Store will soon find their devices just a smidge safer, as Google announced at the RSA Conference here that Verify Apps will soon keep an eye on non-Play Store apps even after you install them.

Adrian Ludwig, Google's Android security engineer lead, said the change builds on the Verify Apps security feature introduced last year. He explained the change during a talk on how Google has created a secure open-source operating system.

When the Verify Apps option is checked, Google will scan apps installed outside … Read more

Bitcoin exchanges reportedly served with subpoenas

Mt. Gox and other Bitcoin exchanges have reportedly received subpoenas from a US Attorney investigating their handling of the recent cyberattacks launched against them.

Citing "a source familiar with the probe," Reuters said on Thursday that the subpoenas from Manhattan U.S. Attorney Preet Bharara were sent to Mt. Gox, other Bitcoin exchanges, and businesses that deal in the virtual currency. The investigation is focused on the recent distributed denial of service attacks that forced Mt. Gox and other exchanges to suspend withdrawals.

A spokesman for Bharara declined to comment to Reuters. A spokeswoman for the attorney's … Read more