security

Information security is always one of those topics that is hard to report on, especially with the sheer number of devices available today. The problem lies in what is dangerous, what is bad, or what is no-big-deal. Frankly, opinions vary on the risks and threats involved.

One neat feature in Windows Phone is the ability to select text and hit the Search key. The Windows Phone OS copies the information over to Bing (or Cortana), and it lets you search without having to copy/paste the selection. It is super useful and certainly convenient for speedy searches.

However, there does seem to be one instance where this feature works where it should not: password fields.

More →
4
loading...
125
loading...
79
loading...
0
loading...

Update: A new report in The Intercept claims that Gemalto is drastically downplaying the effects of this attack. In the report, several security researchers came to the conclusion that "the company made sweeping, overly-optimistic statements about the security and stability of Gemalto's networks, and dramatically underplayed the significance of the NSA-GCHQ targeting of the company and its employees."

Original story: Digital security vendor Gemalto revealed its findings today following last week's report of an incursion by the NSA and the GCHQ into the vendor's SIM card encryption keys. While Gemalto noted that an operation by NSA and GCHQ "probably happened" in 2010 and 2011, the intrusion could not have resulted in a "massive theft" of SIM card encryption keys as the breach affected the company's office network and not its secure networks.

More →
47
loading...
78
loading...
58
loading...
0
loading...

Lenovo has just released an automatic removal tool for the Superfish software it pre-installed on some of its notebooks in 2014. This follows a manual procedure that the company detailed yesterday, and an update to Microsoft's Windows Defender from this morning that will also remove the software and its root certificate.

More →
3
loading...
73
loading...
45
loading...
0
loading...

According to new documents leaked by Edward Snowden, the NSA and its UK counterpart, Government Communications Headquarters (GCHQ), hacked into the computers of Gemalto, a company that manufactures SIM cards for a large number of carriers around the world. In doing so, the intelligence agencies acquired encryption keys that would allow them to intercept communications from customers of all four major U.S. carriers, along with 450 others around the world.

More →
289
loading...
235
loading...
95
loading...
0
loading...

After having outed a vulnerability in Windows a few weeks ago, Google is at it again. This time a Google security researcher detailed another vulnerability in in both Windows 8.1 and Windows 7. Similar to the exploit that Google previously detailed, this vulnerability could allow a user to impersonate another ID, allowing encryption and decryption of data he or she otherwise wouldn't have access to.

More →
1
loading...
231
loading...
82
loading...
0
loading...

An unpatched vulnerability in Windows 8.1 has been disclosed on Google Security Research. The issue was subject to a 90-day automatic disclosure policy, meaning the existence of the vulnerability is published after 90 days without a broadly available patch for the issue. The issue allows for privilege elevation in ahcache.sys/NtApphelpCacheControl.

More →
1
loading...
150
loading...
64
loading...
0
loading...

T-Mobile US is quietly upgrading the security of their older 2G network, moving to more advanced encryption that prevents eavedropping. The new, more secure network has already been deployed in at least three locations, New York, Washington, and Boulder, Colorado. The T-Mobile 2G network has previously relied on older A5/1 encryption, with the new security standard known as A5/3.

More →
49
loading...
60
loading...
29
loading...
0
loading...

Beginners' Tips Series!

Now, more than ever before, people have tons of data about themselves stored online. We have information in emails, bank accounts, social media, and countless other places. And at no other time has all of this data been more at risk.

While we cannot prevent the Targets and Home Depots of the world from being breached and exposing our credit card data, there are some measures that we can take in to help secure our information.

One of the easiest and most effective ways of doing that is by setting up two-step verification in our online accounts, like our Microsoft account.

More →
1
loading...
170
loading...
67
loading...
0
loading...

Earlier today, a thread surfaced on Reddit offering up 400 Dropbox usernames and passwords in plain text, with a note that over seven million accounts have been compromised in total. Dropbox has since announced on its blog that it wasn't hacked, and that the leaked passwords were stolen from a third party service.

More →
250
loading...
0
loading...
0
loading...
0
loading...

Another day, another apocalyptic prognostication of computer security doom, this time focusing on the omnipresent USB connection. It's called 'BadUSB', and it's a malware proof-of-concept created by security researchers Karsten Nohl and Jakob Lell that exploits a flaw in and resides in the firmware that controls the basic function of USB devices. The researchers claim that it's not a problem that can be patched, saying that they're "exploiting the very way that USB is designed," but in the end all they've done is highlight that you shouldn't go around plugging USB drives, devices, or whatnot that you don't trust into your computer.

More →
65
loading...
0
loading...
0
loading...
0
loading...

Microsoft has issued a security advisory that affects users of all currently supported versions of Windows, including Windows 8, Windows Phone, and Windows RT. Though no immediate action may be required from the user on select platforms, it is important to know what is happening as it relates to the improper issuance of SSL certificates, which Microsoft says "could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks."

More →
7
loading...
1
loading...
0
loading...
0
loading...

The UK government is looking to reinforce powers of security services to require internet and phone providers to maintain records of customer email and calls. Emergency laws are to be introduced into the Commons next Monday, following private talks and gaining support of both Labour and the Liberal Democrats on the basis that there will be new board to oversee the functioning of new powers. The move is an effort to continue protecting UK citizens from external threats.

More →
59
loading...
0
loading...
0
loading...
0
loading...

1Password is a solid solution for those who require apps to store randomized passwords. Agile Bits, the development house behind the service and apps, have announced version 4.0 for Windows on their blog. Sporting rather old and basic apps for both Windows Phone and Windows, this is welcomed news as what's contained in the release is a bunch of revamped features.

More →
2
loading...
0
loading...
0
loading...
0
loading...

Earlier today, eBay issued a press release letting users know that a cyberattack "compromised a database containing encrypted passwords and other non-financial data." Users will be asked to change their passwords just in case, though they noted that eBay "has seen no indication of increased fraudulent account activity." This is sadly just one of many attacks recently, and something that won't be going away anytime soon, if ever.

Attacks like this are nothing new, over the years plenty of big-name sites have become victim to similar cyberattacks. Retial chain Target has been all over the news lately, and there's also vulnerabilities like the recent Heartbleed Bug that affected Google, Facebook, Yahoo and dozens of other sites.

More →
6
loading...
0
loading...
0
loading...
0
loading...

The Governor of Minnesota signed a new bill into law that prohibits the sale of any smartphone without anti-theft software pre-installed. The idea is to deter criminals from stealing handsets in the first place by allowing users to remotely disable and wipe a phone's data, rendering it useless. If a stolen phone is remotely disabled, there wouldn't be any monetary incentive left in the endeavour.

More →
1
loading...
0
loading...
0
loading...
0
loading...

Pages