Security

iOS security hole reportedly exposes your screen input

Every tap, touch, and press you make on your iPhone and iPad could be monitored and captured remotely due to an iOS security flaw. At least, that's the claim from security firm FireEye.

In a blog posted Monday, FireEye researchers said they conducted a test on non-jailbroken iOS 7.0.x devices in which they installed a "monitoring" app. This app was able to record all touch and press events in the background, including screen touches, home button presses, volume button presses, and TouchID presses. Based on its findings, the team concluded that an attacker could use … Read more

New TextSecure delivers smoother encryption

TextSecure is a far cry from driving a multibillion-dollar buyout. But for people who care about having their SMS and instant messages protected from prying eyes, it's an app that just got easier to use and more secure.

The new Android version of TextSecure, announced Monday, still uses the TextSecure v2 protocol that debuted with its CyanogenMod integration last year. Open WhisperSystems' founder, a security researcher and developer who goes by the pseudonym Moxie Marlinspike, said that the partnership has helped his company.

"It's been great," he said. "Their userbase is enormous, and it's … Read more

Apple promises to fix OS X encryption flaw 'very soon'

Apple said it will fix a bug "very soon" that allows hackers to spy on financial, e-mail, and other personal data on computers from its Mac desktop and notebook lineup.

The Cupertino, Calif.-based technology giant confirmed in an e-mail to Reuters that it was aware of the issue and already has a software fix that will be released likely in the next few days.

The severity of the bug was significant enough for Apple to issue an iterative update to its more popular iOS 7 software -- version 7.0.6, released on Friday -- instead of … Read more

Adobe issues emergency patch -- again

Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.

Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."

However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix … Read more

Bitdefender doubles protection for half the price

Bitdefender's latest AV suite, Total Security, has already been touted as the Best Antivirus of the Year by AV-Test. It's sure to win you over with its balance of form and function as it did our security editor. Total Security's award-winning AV, unobtrusive interface, and lightning-fast scanner managed to garner an outstanding 4.5/5 star-rating on Download.com. Starting this week, Bitdefender is offering the suite (normally priced at $79.95/year for three PCs) for the low price of only $39, for two years -- and up to five PCs.

You'll enjoy

The award-winning &… Read more

Belkin WeMo smart home networks in danger of hacks

Smart home networks are rapidly gaining popularity, but some security experts worry that not enough encryption controls are coming with the products.

Security firm IOActive released an advisory (PDF) on Tuesday saying more than half a million Belkin WeMo devices are susceptible to widespread hacks. The firm uncovered several vulnerabilities in these devices, which would let hackers gain access to home networks and remotely control Internet-connected appliances.

The hacks could range from a mean-spirited prank to actually posing a danger. For example, they could be as benign as turning someone's house lights on-and-off to something dangerous like getting a … Read more

Asus router vulnerabilities go unfixed despite reports

It may be news to you that some Asus wireless routers leave your computer and networked drives open to hackers, but Asus has known about the problems for months, reports indicate.

The vulnerabilities make it possible for hackers to access directories on networked drives using Asus' proprietary AiCloud option. Enabling features such as "Cloud Disk," "Smart Access," and "Smart Sync" appear to enable the vulnerability, security researcher Kyle Lovett told Ars Technica.

Enabling the file-sharing tool Samba in the router also exposes the vulnerability to hackers.

Lovett told CNET that following his report of … Read more

NSA targeted WikiLeaks, Pirate Bay, leaked documents show

The National Security Agency and the UK's Government Communications Headquarters targeted WikiLeaks and Pirate Bay -- and ultimately users of those sites as well, according to leaked files.

Examining a series of classified documents leaked by whistle-blower Edward Snowden, news site The Intercept reported on Tuesday that the NSA wanted to deem WikiLeaks a "malicious foreign actor." Such a designation would have subjected the site to extensive surveillance without the use of "defeats," an NSA action that aims to prevent US citizens from getting snared in the surveillance.

The UK's GCHQ went a step … Read more

Google acquires password sounds startup SlickLogin

Google has acquired SlickLogin, an Israeli security startup that uses smartphones and high-frequency sounds for identity verification on Web sites.

SlickLogin's three-person team revealed the acquisition in an announcement posted to the company's Web site.

"Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way," the announcement reads.

Terms of the deal were not revealed, but the acqui-hire is said to be valued at "several million," according … Read more

Kickstarter hacked, user data stolen

Hackers hit crowd-funding site Kickstarter and made off with user information, the site said Saturday.

Though no credit card information was taken, the site said, attackers made off with usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts … Read more