Apple had a new patent application published by the USPTO today, describing an unlocking method for digital devices that uses image identification to properly recognize an authorized user. The system would present a user with photographs from their iPhoto or iCloud collections, and then ask them to identify who or what the subject is in order to unlock the device. The item in question could also… → Read More
With hacking and malware on the rise, Europe is cracking down on cybersecurity: today the European Commission, working with the High Representative of the Union for Foreign Affairs and Security Policy, is launching a new cybersecurity strategy along with a proposed directive on how to implement it (both embedded below). Among other things, the directive calls for each member state of the EU to set… → Read More
Twitter is sending out emails to 250,000 users it says may have had their accounts compromised in the last week as the site experienced “unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data.” Twitter tells TechCrunch that this is “not related” to the widespread, but intermittent, outage the site saw yesterday. → Read More
If you run your own WordPress site, chances are you are using a pretty secure password to keep hackers from posting random stories to your blog. Still, even the best password isn’t as good as using Gmail-style two-factor authentication, but unless you are a programmer, chances are you don’t have the expertise to make this happen. Authy, which offers two-factor authentication as a service, is… → Read More
Competitions like Pwn2Own are a staple of the security research scene and with Pwnium 3, Google today announced the latest edition of its own competition. What’s different this time around is the target. For the first time, the focus of the Pwnium competition is now Chrome OS, Google’s Linux-based browser-centric operating system. In total, Google is making up to $3.14159 million in pi prize money… → Read More
What is the consequence of cyber warfare slowly becoming increasingly common? That was the basic question that guided the DLD keynotes of Eugene Kaspersky, the co-founder of security company Kaspersky Lab, and F-Secure‘s chief research officer Mikko Hypponen. → Read More
New research from Google suggests what we all likely know to be true – your pet’s name followed by a few numbers just isn’t cutting it as a password these days. The company will be publishing a new research paper in the IEEE Security & Privacy Magazine this month, but Wired got a sneak peak, and it details a number of alternatives based on requiring physical devices, in combination with some… → Read More
It’s been a bad week for online security. An “extremely critical” Ruby on Rails security hole; a Yahoo! Mail XSS exploit; and yet another Java 0-day vulnerability. I know, I know, security is hard: still, it’s difficult not to be left with a frustrated throw-up-your-hands “can’t anybody do anything right?” feeling. → Read More
ENISA, the European Network and Information Security Agency, today called out drive-by exploits as the biggest, most increasing threat of the moment in the Internet landscape, amongst a sea of other all-too-familiar issues like worms, phishing and botnets. Spam, one of the oldest and most annoying aspects of being online, is the only threat that is on the wane, according to ENISA’s Threat… → Read More
Lookout, the mobile security company with ambitions to become the Symantec of the wireless world, is picking up a new backer, and and a major distribution partner in its bid to become a household name. France Telecom, owner of the mobile carrier Orange, is making a strategic investment in the startup, and it has also signed a deal in which Lookout will be preloaded on devices that it sells. Orange… → Read More
Six weeks ago I was out drinking in a Kipling-themed bar in Rangoon, Myanmar–as you do–and happened to find myself next to a table of high-powered international telecommunications consultants, overhearing juicy lines like “Skype and Viber are going to kill us.” Needless to say I told Twitter right away. Then an old friend who’s also a genuine International Man Of Mystery got in touch and asked… → Read More
Pakistan’s domain registry provider PKNIC has posted an explanation of what it says happened when visits to a number of high-profile websites last weekend redirected to another page — in many cases to one with a photo of penguins and a message from someone called Eboz claiming responsibility. It says that during a security upgrade, a vulnerability opened up, which let someone breach four user… → Read More
When you’re dealing with 1 billion people’s personal info, security is critical. But Facebook didn’t want to sacrifice speed. That’s why it spent the last two years making infrastructure improvements so that its transition of all its users to HTTPS which starts this week will “slow down connections only slightly.” People will be able to opt-out of HTTPS for maximum speed if that’s how they like to… → Read More
ArmorHub is today launching a web security service targeting startups, small-to-medium sized businesses, and most importantly, the layperson who knows that website security is something to be concerned about, but doesn’t know how to monitor their site or what to do if an issue is found. The company is being bootstrapped by Evan Beard, previously the founder and CEO of eTacts, which sold to… → Read More
Bring up the topic of “enterprise security platforms” around polite company, and you may be quickly shown the door. The subject can be boring, but the truth is that enterprise security writ large are critical, ideally making the Web a safer place for both businesses and consumers by policing malware, botnets, phishing and other malicious software.
Of course, today businesses big and small are… → Read More
Skype faced a fairly serious security threat today, thanks to a flaw in the system that allowed people to sign up with email addresses already in use by other users and then force password resets for any accounts associated with those emails. Reset tokens could be delivered to the Skype client itself, meaning people didn’t need access to email accounts to reset passwords associated with them. → Read More
As Kaspersky Labs details in its latest State of the Union, the threats to the IT landscape are changing, as security teams now have to juggle threats coming from both new geographies and platforms — on top of vulnerabilities caused by the usual suspects, like malware, spam and cybercrime. As such, IT teams now monitor vulnerability data from a host of sources and tools, which can be tough to… → Read More
As I’ve noted before, Google’s shift to social as a company comes with great responsibility. As the company makes this transition, there are a lot of things to think about when building social layers to scale to the masses. One of those responsibilities is the safety and security of its users.
Today, the company rolled out new safety and security controls for Google+, and they include comment… → Read More
In a cool report by the Georgian Government, Georgian CERT researchers claim to have nabbed a hacker by infecting his PC with malware and tracking him down by grabbing his files, photographs, and even viewing him at work. The hacker ran the Georbot Botnet, a botnet designed to spy specifically on Georgian citizens. → Read More
Facebook has donated $250,000 to the Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham, in recognition of its efforts in tracking down the creators of the social media botnet Koobface and other spammers. The donation, in fact, comes from money Facebook recovered from spammers around the world. The center says it will be using the grant to… → Read More
Skype isn’t exactly immune to malware and spam, but criminals are hoping that its users are perhaps less vigilant about clicking through on random links sent to their accounts. According to multiple reports from security firms, as well as from a community forum thread on Skype.com, the popular communications service is the latest target of a malicious online worm. The worm, identified as… → Read More
A U.S. House of Representatives Intelligence Committee report recommends that top Chinese telecoms equipment makers Huawei and ZTE are shut out of the U.S. market because of the risk of espionage, Reuters is reporting. This follows an 11-month investigation of the two firms. The draft report is due to be released later today. → Read More
Using search engine optimization (SEO) to get unsuspecting web surfers to go to malicious websites isn’t exactly new and it’s a problem that Google, Bing and other search engines are very aware of. According to new data from online security firm Sophos, however, Bing is apparently not doing a great job here, as the majority of SEO redirects affect Bing users. → Read More
Microsoft has acquired PhoneFactor, a service which provides an additional layer of security during the authentication process, which today typically involves just a username and password (aka single-factor authentication). With PhoneFactor, as its name implies, the additional step it offers involves using a phone to further authenticate users upon sign in via a phone call, text, or mobile app. → Read More
When you’re managing a collaborative space for your team at work or a group of folks working on a project, you know that security is extremely important. Dropbox knows this, too, and launched its two-step verification process for all users in August. → Read More
As of today, one more enterprise cloud startup is now a publicly-listed company. Qualys — trading as QLYS — opened trading today on the NASDAQ with shares priced at $12, in the mid-range of the expected offering of between $11 and $13. After a slow start in the morning, the shares climbed up to $14.85 during the day, to settle down at $14.12 at close. Not quite as much of a rise as Palo Alto… → Read More
There are reports circulating related to the security of users’ Pandora passwords. It’s not a password leak or an attack, however, but there’s concern that passwords aren’t being well secured on users’ computers. Initially, word was that Pandora was storing cleartext passwords (meaning unencrypted) directly on users’ hard drives, which would have been a major concern. Specifically, those passwords… → Read More
Apparently not wanting GoDaddy and GitHub to have all the outage fun this week, Cloudflare confirmed on Twitter that it had issues this morning. Some sites may still be experiencing issues. → Read More
Dashlane, a desktop and mobile app which helps you login to websites, fill out forms and speed through checkout faster, has launched a new feature which will alert you if one of your web accounts may have been compromised. This addresses a growing need, as high profile hacks like those at companies like Zappos, LinkedIn, Dropbox and others seem to be making the news every few weeks. With a… → Read More
As carriers drop unlimited data plans and throttle bandwidth, the need to stay under a data limit is on more people’s minds.
“The thing about web data is that no matter how bad you think it is now, it’s only going to get worse,” says Snappli co-founder Roy Tuvey. Snappli has just raised $1 million from investors including Greylock Partners, Index Ventures and early Facebook investor Klauss… → Read More
Austin, TX
Seattle, WA
San Diego, CA
Menlo Park, CA
San Francisco, CA
Berlin, Germany
