Some eye-opening stats out today from McAfee, the Intel-owned IT security company: a study of 28 million computers in 24 countries has found that 17 percent of all PCs do not have any form of security at all on them against viruses, worms, spyware and other Internet malware – a transgression that McAfee compares to “walking around naked on the Internet.”
But McAfee notes that while the average worldwide figure for unsecured PCs works out to one out of every six users, some countries are taking their security more seriously than others…
→ Read More
Google just announced that its Google Apps for Business service has earned ISO 27001 certification. This certifies that Google is following the standard ISO information security management protocols and best practices “for the systems, technology, processes and data centers serving Google Apps for Business.” If you’re a startup or individual user, chances are you don’t care too much about whether a company you are working with is following any of the ISO’s over 19,000 standards. This certification, however, will likely give give larger and more highly regulated businesses (and the executives who sign off on these deals) the necessary reassurances that moving to Google’s cloud solutions is safe. → Read More
Remember address book-gate? Locationgate? I-don’t-know-what-my-apps-are-doing-on-my-phone-gate? (Oh, that last one might not be a real thing.) Regardless, we’re living in age where companies are pushing us to rethink the boundaries between what we consider private, personal information and what should be public. The resulting backlash is an overreaction(-gate) when we discover that some of the data we presumed to be ours alone was actually being stored, accessed and shared by others…in many cases, “others” being mobile app developers.
Well, leave it to a security firm to capitalize on the privacy scare trend. And by capitalize, I mean launch a $4 app that tells you what the apps on your phone are doing. Introducing Bitdefender’s Clueful. → Read More
This video by Tenable Security is pretty wild. It shows a visualization of an office network. Using different colors and lines users can pin-point problem areas based on traffic and data being sent and received to each machine.
The system lets you call out various aspects of the network using marker shape, color, and network lines. For example, you can change symbol colors depending on vulnerabilities and even change the shape and position of mobile devices. You can see a little more of the visualization over here.
→ Read More
As you may have seen over the weekend, someone has discovered a security hole in FileVault, which arose with the OS X Lion security update, version 10.7.3, back in February: FileVault encryption passwords are now visible in plain text outside of a computer’s encrypted area.
The hole was apparently spotted by someone back in February, although it was most publicly first pointed out by security consultant David Emery on the Cryptome blog a few days ago and the rest of the blogosphere has run with it.
Now, it appears that the problem could be bigger than previously thought: it turns out that the developer who first noticed the hole back in February has discovered that it exists outside of FileVault, too, with at least one other company’s security encryption software, Lion VM, from VMWare Fusion, showing the same behavior. → Read More
ID and fraud protection service AllClear ID, is launching a new feature today which aims to protect kids’ Social Security Numbers (SSNs) from being stolen and used to secure things like mortgages, loans and other big ticket items. It’s a major problem, the company says, noting in a new study that 10.7% of children have had their ID stolen.
The idea with the new service is to create the equivalent of the “Do Not Call” list for children’s SSNs. Once on the list, if any criminal tries to use the kid’s ID for any reason – even just a credit check – credit reporting agency TransUnion will immediately flag and block the ID’s use. Oh, and the best part? It’s free. → Read More
This afternoon, the U.S. House of Representatives passed the controversial Cyber Intelligence Sharing and Protection Act (CISPA) by a vote of 248 to 168. Unlike SOPA, which focused on copyright violations, CISPA wants to give Internet companies and the U.S. government the tools to protect and defend themselves against cyber attacks by sharing information with each other. Critics, however, argued that this information sharing would be happening with very little oversight and would put Americans’ privacy rights at risk. → Read More
If, for whatever reason, you need to cover your tracks while you are browsing the web on your desktop, you have plenty of options to keep anonymous. Thanks to Orbot, Android users, too, have the option to use the Tor network to anonymize their web browsing sessions and avoid being monitored. Now, thanks to Onion Browser ($0.99), iPhone and iPad users also finally get an easy option to encrypt and tunnel their web traffic through the Tor Onion router network. → Read More
Big corporations have been riddled by security attacks over the past year, and hackers seem to be growing even bolder and more resolute. As a result, market research firm The Radicati Group said that it expects the corporate web security market to grow to $2.5 billion over the next four years. It’s in this climate that a young, stealth startup is trying to put companies back on the offensive, and some notable Silicon Valley investors are buying in.
Mountain View-based Shape Security is announcing this morning that it has raised $6 million in series A financing, led by Kleiner Perkins Caufield & Byers and Google Executive Chairman Eric Schmidt’s TomorrowVentures. Accel Partner Peter Wagner, Sequoia Limited Partner Guarav Garg, Baseline Ventures, and unnamed executives at LinkedIn, Twitter, and Facebook also participated in the round. → Read More
As Facebook pushes ever closer to one billion users, one of the biggest issues it has faced has been backlash from consumers around the areas of privacy and security. Today, the social network is taking two steps in an effort to improve its image around that area, and potentially positioning itself as a software reseller in the process.
It is partnering with Microsoft, McAfee, TrendMicro, Sophos, and Norton/Symantec to enhance its own URL blacklisting system; and it is launching a new service, the Antivirus Marketplace, with these five companies, to offer a selection of antivirus software to protect users even further. That software will be free of charge for the first six months of use. → Read More
Fragmentation isn’t just a problem reserved for mobile operating systems, it’s inherent to our online identities as well. Our digital identities exist in a loose and fragmented consortium of usernames, email addresses, scree names, social media accounts, passwords, and sitekeys. Many have tried to capture the single sign-on holy grail, and most have failed, because as much as we are inconvenienced by fragmentation, no one wants to hand over their personal information to one entity.
OneID, a San Jose-based startup founded by a Silicon Valley veteran, believes it can pick up where others have left off. Although it already has some serious tech working in its favor, to help get it over the hump and get the traction it needs, the startup is today announcing that it has closed a $7 million series A round led by Khosla Ventures and North Bridge Venture Partners. Plus, they’re adding a new CEO. → Read More
Late last week, one Justin Watt discovered something suspicious going on with the wi-fi at his hotel, the Times Square Marriott. Not content to charge him hundreds for the room and $16.95 for internet access, it appeared that the service provider was using JavaScript injection to serve banner ads on every website guests visited.
The story spread like wildfire for obvious reasons, and at last Marriott has responded, saying the problem has been remedied and won’t happen again. → Read More
Move over organized cybercriminals, the new gangs in town don’t want our money, but they want to make a point, and they’re going to do whatever it takes to make sure we listen. The annual Data Breach Investigations Report (embedded below this post) from Verizon and major security agencies has found that hacktivism from the likes of Anonymous accounted for 58 percent of all data stolen online in 2012 — a contrast with years past, when organized crime groups were the main culprits.
And, as is the way with hacktivists, they work on large volumes of records rather than multiple, targeted opportunities: “The megabreach is back,” said Chris Porter, principal on the Risk team at Verizon.
In an investigation that also involved United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police, Verizon found that 2011 was the second-highest year for data loss that it has recorded, since it stated the annual investigation in 2004. In all, it analysed 855 data breaches covering 174 million stolen records. → Read More
Jailbreaking, a term that has come to encompass several practices but generally refers to a user obtaining root access on their device, is controversial in a strange way. Companies like Apple and Nintendo hate it, and most users don’t care about it. Yet it’s constantly in the news because it is, in fact, a philosophical conflict.
RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. → Read More
Privacy and security issues have been at the forefront of tech news this week, with recently exposed loopholes in Apple’s iOS and Google’s Android indicating that apps can access much more content on our smartphones than most users realize. Superstar security researcherAshkan Soltani came by the TCTV studio to dig a bit deeper into how safe smartphones are today and whether things are getting better. → Read More
A vulnerability has been discovered on AT&T’s website which allows anyone to look up the phone numbers of AT&T subscribers, provided they have the subscriber’s email address. The issue involves a form on AT&T’s site where a subscriber can input their email address in order to recover their forgotten AT&T User ID. Except instead of simply emailing the User ID to the email address provided, the following page reveals the wireless phone number associated with that account.
UPDATE: AT&T says the vulnerability has been removed. See below.
→ Read More
If you’re a big website, you have a range of good options for staying protected from malicious hacks: hardware from enterprise-oriented companies like Cisco or McAfee, your own in-house support, or hosted professional blog services like WordPress VIP (which is what TechCrunch uses). If you’re a smaller site out on the open web, you have weaker options — at least if you want to get auto-updated responses to a wide range of security problems.
Israeli startup 6Scan is out to change that, launching a WordPress plugin today that automatically scans and updates to protect against the latest issues coming up across the web. By “automatically,” I mean that the company’s security team monitors the web and does its own research to find problems, then pushes an update to all of its users. These go out about every hour, according to co-founder and chief executive Nitzan Miron, as they’re discovered and added to the company’s system. → Read More
Software and SaaS security company Cenzic is today launching a new security product for mobile application developers which will allow for the testing of mobile apps on any platform – iOS, Android, J2ME, and more. The product will be the first that can test products without requiring developers to submit the source code, as all the testing is done through the cloud, while the app is up-and-running.
The service will then be able to tell what sorts of security vulnerabilities an app has, what sensitive data it could leak, what other sorts of security threats it may be vulnerable to, and what to do about it. → Read More
Mobilisafe, the stealthy Seattle-based mobile security startup with $1.2 million in funding from Madrona Venture Group and Trilogy Equity Partnership, is opening up access to its private beta program today (invite link below) for a handful of TechCrunch readers.
In addition, the company is revealing new insights it gained during its private beta period related to the penetration of mobile devices in the SMB market – the area which happens to be the startup’s current area of focus. → Read More
It’s a tense time for Google: controversial policy and user-experience changes are combining with a growing distrust of tracking and advertising to produce something of a toxic atmosphere. Not the moment, then, you would want a minor scandal to erupt in the form of Google circumventing, intentionally or unintentionally, the privacy settings of millions of Safari users.
The allegations have their source in a report by Stanford grad student Jonathan Mayer, who showed that using Safari triggered a special behavior in the normal cookie-creation process; his report was later played up by the Wall Street Journal. This behavior deliberately goes around the default Safari behavior of blocking all third-party cookies — like one from Google when you’re visiting TechCrunch.
Google says it’s a side-effect from something else, but even if that’s true, it’s still ugly. → Read More
San Francisco, CA
