26 models of Trendnet webcams have been identified as vulnerable to a bug that lets anyone tap into the video stream with just an IP address. The flaw was noted a month ago and the company has been working to alert people and patch the devices. Unfortunately, the company has no way of contacting non-registered webcam owners, and so the devices may remain accessible if the users never suspect anything.
It’s a bit scary, but certainly not unprecedented. Although it’s not quite the same thing, two years ago a school was accused of spying on its students via the webcams in school-owned laptops (the district later settled). This time, it’s hackers who found their way in, and randoms on the internet who spent long hours watching the feeds. → Read More
My Dad, bless his heart, spends all day on the Internet and, like a reverse Cat’s In The Cradle, my dad is just like me in that he loves to find wild junk that he thinks is interesting. To wit: he just found the Brinno Peephole Viewer, an electronic system for looking through a peephole.
To be fair, this is definitely something people need. My parents are getting up in years so they’re getting both blind and paranoid, so anything to assuage those two situations is a plus. This thing attaches to your normal peephole and then displays the scene behind the peephole on an LCD screen. It runs on two AA batteries and costs about $90. → Read More
In 2011, Sony had several major security breaches: Sony Online Entertainment, Sony Pictures, and Playstation Network all were attacked and private data was successfully stolen. Their handling of the attacks, particularly the larger PSN one, was widely criticized.
Many users are either unaware or acutely aware of how many sites and services have financially or personally sensitive information on record. Events like the Sony hacks do not reassure them, and actions like Google’s yesterday (though arguably innocuous) may alarm them. Users want more control and more security.
And the EU is looking to give it to them. But with the threat of enormous fines, many companies will find that the most logical thing to do is move away from the entire business of storing and serving user identities. → Read More
Here’s Hongyi Zhou’s advice to Chinese entrepreneurs: “Don’t try to be cool.” Zhou is CEO of Qihoo 360 (NYSE: QIHU), whose company’s core is the definition of uncool: anti-virus software. Yet Qihoo has 370 million monthly active users and a very cool $1.9 billion dollar valuation.
If you want to build a big company in China, don’t build for your iPhone-toting friends, the Chinese tech blogs, or copy the latest fad on TechCrunch. Chinese entrepreneurs must appreciate the vast chasm between white-collar elites and the rest of the country. The Silicon Valley has an echo chamber of its own, but China’s is an order of magnitude louder. → Read More
There’s something weird going on with Chromebooks – the Google-branded laptop computers powered by the company’s web-based operating system Chrome OS. They’re not saving the password changes you make to your Google account. Basically, if you change your password, shut down your machine, then reboot, the Chromebook will ask you for your old password instead of the new one.
The problem has to do with Google’s sessions being persistent (that is, they don’t log you out), and leads to a relatively minor security threat. Meaning, if someone was to take advantage of this threat, they would need physical access to your Chromebook. In the grand scheme of things, that puts this threat on the low-end of the risk spectrum. However, because Chromebooks are pitched as low-cost, secure, easy-to-use alternatives to traditional laptops for businesses and educational institutions, it’s important to highlight issues such as this to make the community aware.
Also, I just think it’s annoying. → Read More
On the surface, the announcement sounds boring: Microsoft said this morning that it will begin automatically upgrading Windows customers to the latest version of Internet Explorer starting next year. But in reality, this was one of the most important things Microsoft could have done for the web, web security and the safety of all those who go online.
Nice move, Microsoft. It’s about time. → Read More
I’ve recently fallen into the habit of pulling and tugging at ATM slots before I slide my card through because I fear that someone nefarious has stuck one of these 3D-printed card skimmers over the opening. This skimmer, found in California, was 3D-printed to resemble the real Chase ATM slot almost perfectly.
Wildly enough, there’s a pinhole camera connected to a full PCB hidden under the plate and the ports designed to assist the visually impaired seem to be unimpeded, which means nothing would seem amiss even as this thing grabbed your card account number, PIN, and, presumably, the security code on the back of your card in some cases. The fact that this barnacle of electronics is attached, parasitically, to one of the most secure and human-proof devices in existence is an amazing feat. → Read More
More and more of us are getting comfortable sharing our real-world identities online, but the tools for helping us maintain our online privacy and security are still catching up to our behavior. Witness the porn-and-violence spam links attack that caused many users to accidentally share and see nasty images in their news feeds.
German company Secure.me has a solution, that it has recently launched to the world: an online service that analyzes your Facebook profile for any data that’s putting your privacy at risk.
→ Read More
DARPA’s Shredder Challenge, a contest to reconstruct documents from a slurry of shredded paper, has been solved, suggesting that my grandmother may be barking up the wrong tree when she shreds the Campmor catalog. Three scientists with experience in computer vision and mobile technology, Otavio Good, Luke Alonso, and Keith Walker, scanned each chunk for unique characteristics that allowed them to reconstruct the documents automatically on screen. They then put the pages back together by hand.
Their team won a $50,000 prize. → Read More
A San Francisco-based team has just won the DARPA Shredder Challenge. DARPA, the government agency whose work led to the creation of the Internet, challenged the public to reconstruct five shredded documents. The winning team, called “All Your Shreds Are Belong to U.S.” completed the task in 33 days, spending nearly 600 man-hours building algorithms and piecing together more than 10,000 shreds.
9,000 teams registered to compete. The winning teams gets a $50,000 prize paid for by the U.S. Treasury. → Read More
You may be aware of the growing controversy surrounding Carrier IQ, a piece of software found pre-installed on Sprint phones that, according to developers who have investigated, is capable of detecting, recording, and transmitting various user actions and inputs. Among the data CIQ potentially has access to are location, SMS, apps, and key presses.
News of the software has been percolating for months on development forums, but when Trevor Eckhart recently summarized his findings, he found himself facing a cease and desist while Sprint vigorously denied the charges, saying “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.”
The C&D was quickly retracted, but Eckhart has now released a video that seems to give the lie to both Sprint and Carrier IQ’s assurances. → Read More
Valve CEO Gabe Newell has contacted all users of the Steam game distribution platform to let them know that the company has suffered a security breach. The hack was originally thought to be limited to the official Steam forums, but further investigation has revealed that the hackers had access to a database containing “user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.” → Read More
In an experiment that reveals as much about the people on Facebook as it does about Facebook itself, researchers from the Unversity of British Columbia Vancouver infiltrated the social network with bots and made off with information from thousands of users.
Around 250GB of data was stolen during the study, including personal and marketable information, and around three thousand users were targeted. Only one in five of the profiles were flagged by the Facebook Immune System, which clearly needs a boost. → Read More
New figures from Facebook reveal how often the social networking site’s users are hacked. In the blog post announcing the forthcoming “Trusted Friends” feature, Facebook also an included infographic detailing Facebook’s security measures. One figure in particular jumped out at security researchers: every day, “only .06%” of Facebook’s 1 billion logins are compromised. Or, to put it another way, 600,000 logins per day are compromised.
→ Read More
Facebook says it will soon allow you to get help from your friends when you get locked out of your Facebook account. According to a post on Facebook’s official Security page, you’ll be able to designate three to five friends as “Trusted Friends” who will be sent special codes in the event that you’re locked out of your Facebook account and unable to access your email.
It will also be introducing something called “App Passwords” to bring increased security to Facebook-enabled applications.
→ Read More
A hacking group calling themselves “Team Swastika” posted what they claimed was over 10,000 comprised Facebook accounts to Pastebin, a service that serves as an online clipboard. However, according to statements from Facebook PR, these email and password combinations don’t actually represent live Facebook accounts. Instead, it appears that the hackers obtained the accounts using common phishing techniques, where users were tricked into giving away their personal information. → Read More
Facebook is announcing a partnership with security firm Websense today, in order to protect its users from dangerous links that lead to malicious websites and malware sites. Going forward, when a Facebook user clicks on a link, the new system will first check the link against Websense’s system to determine whether or not it’s safe. If it’s not, a message is displayed warning the user that the link is potentially harmful and suggests you return to the previous page. → Read More
Oh, Microsoft! You are so cunning. With IE market share plummeting and many users opting for “alternative” web browsers like Firefox and Chrome, your base of power is crumbling. We thought you would succumb to melancholy and accept your fate. But you had a plan all along. Clever girl.
Yes, Microsoft has found a way to stanch the hemorrhaging of its users to other browsers: label them as malware in the built-in Security Essentials suite! → Read More
Remember Connectify? The downloadable software that turns PCs into Wi-Fi hotspots in just a few minutes? It looks like the company now has a new investor: In-Q-Tel (IQT), which just so happens to be the strategic investment firm that seeks out new technologies for the U.S. Intelligence Community, including the CIA.
→ Read More
“Did you see this photo of you?” “Look on your face in this pix is priceless!” “LMAO this video of you is funny!”
If you’re a regular Twitter user, you’ve probably see tweets like those come through as @replies or direct messages at some point. And you probably know not to click on the accompanying link. After all, there is no picture of you behind it, only a malicious web page set up by a criminal that wants to scam you, spam you or worse – infect your computer with malware.
But now there’s a tool that gives you added protection against these sorts of threats. Bitdefender’s new Safego protection for Twitter scans your profile for spam, phishing attempts and malware, and automatically notifies you when threats are detected. → Read More
