Sign up for our Technology Newsletter 
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Privacy Advocates & Lawmakers Push For Google Probe
Comments Off on Privacy Advocates & Lawmakers Push For Google Probe
Privacy groups and lawmakers are pushing for a new and more expansive investigation into Google and its privacy practices after the U.S. Federal Communications Commission announced that it found no evidence that the company violated eavesdropping laws.
Late last week, the FCC reported that there was no legal precedent to find fault with Google collecting unprotected home Wi-Fi data, such as personal email, passwords and search histories, with its roaming Street View cars between 2007 and 2010.
However, the FCC did fine Google $25,000 for obstructing its investigation.
A Google spokesperson took issue with the fine.
“We disagree with the FCC’s characterization of our cooperation in their investigation and will be filing a response,” said the spokesperson in an email to Computerworld. “It was a mistake for us to include code in our software that collected payload data, but we believe we did nothing illegal. We have worked with the relevant authorities to answer their questions and concerns.”
The Electronic Privacy Information Center (EPIC), a national privacy watchdog, disagreed with the FCC findings.
In a letter sent to U.S. Attorney General Eric Holder today, EPIC asked that the Department of Justice investigate Google’s surreptitious collecting of Wi-Fi data from residential networks.
“Given the inadequacy of the FCC’s investigation and the law enforcement responsibilities of the attorney general, EPIC urges the Department of Justice to investigate Google’s collection of Wi-Fi data from residential Wi-Fi networks,” wrote Mark Rotenberg, executive director of the advocacy group.
“By the [FCC’s] own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretap law to Google’s interception of emails, usernames, passwords, browsing histories and other personal information,” Rotenberg added.
Maryland Bill To Ban Employers From Facebook Snooping
Comments Off on Maryland Bill To Ban Employers From Facebook Snooping
The practice of employers requesting job applicants to provide their account login information for Facebook and other social media sites will soon be a think of the past, as Maryland is poised to be among the first states to ban the practice. The state’s General Assembly has passed the bill, which now awaits the signature of Gov. Martin O’Malley, reports The Baltimore Sun.
O’Malley is expected to sign the bill into law, reports The Gazette.
Melissa Goemann, who directs the American Civil Liberties Union’s legislative efforts in Maryland, tells the Sun, “this is a really positive development, because the technology for social media is expanding every year, and we think this sets a really good precedent for limiting how much your privacy can be exposed when you use these mediums.”
Goemann says the ACLU took up the case of Maryland Corrections Officer Robert Collins, who had been asked to give his Facebook login and password to Corrections officials during a recertification interview.
As news spread of similar cases, legislators at the state and federal level vowed to take action and ban the practice, on the grounds that it is an unreasonable invasion of a job-seeker’s privacy. Sens. Chuck Schumer and Richard Blumenthal say they asked the U.S. Justice Department to investigate whether the practice is illegal.
Microsoft Seizes Botnet Servers
Microsoft Corp scored a win in efforts to fight online banking fraud, saying it had seized several servers used to steal login names and passwords, disrupting some of the world’s most sophisticated cybercrime rings.
The software giant said on Monday that its cybercrime investigation group also took legal and technical actions to fight notorious criminals who infect computers with a prevalent malicious software known as Zeus.
By recruiting computers into networks called botnets, Zeus logs the online activity of infected machines, providing criminals with credentials to access financial accounts.
“We’ve disrupted a critical source of money-making for digital fraudsters and cyber thieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, which handled the investigation in collaboration with the financial industry.
Microsoft’s Digital Crimes Unit is worldwide team of investigators, lawyers, analysts and other specialists who fight cybercrime. A year ago they helped U.S. authorities take down a botnet known as Rustock that had been one of the biggest producers of spam e-mail. Some security experts estimated that in its heyday Rustock was responsible for half the spam in junk email bins.
WordPress Attacked By Hackers
March 14, 2012 by admin
Filed under Around The Net
Comments Off on WordPress Attacked By Hackers
Security outfit Websense said that more than 200,000 infected pages that redirect users to websites displaying fake antivirus scans have been created. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said.
Cybercriminals gangs have switched to drive-by download attacks that exploit vulnerabilities in outdated browser plug-ins to automatically download and install their rogue software. The large number of infected Web pages seen in this campaign is an indication that these scams still work. Vulnerable websites are a rich source of opportunity for cybercriminals. More than 85 percent of the compromised sites were located in the US, but their visitors were geographically dispersed.
Apple Goes Down In Court
Apple has lost a move in US District Court in San Francisco to keep some of its software ‘secrets’ out of view of the public.
It had asked Judge William Alsup to keep documents sealed that had surfaced in its lawsuit against Psystar, Bloomberg reports. The information about Apple’s Mac OS X operating system covers topics such as technological protection measures, system integrity checks and thermal management techniques.
The court turned down Apple’s request, however, noting that the company didn’t deny that the information was already public or claim that it had been misappropriated. Apple had argued that it still deserved trade secret protection because it didn’t release the information and had never confirmed it, but that didn’t convince Judge Alsup.
The information at issue is available on a web site about the Mac OS X operating system, the judge noted, adding that Apple’s decryption key haiku is available to any user that compiles and runs publicly available source code on a Macbook Air laptop.
.
Cell Phones Can Be Dangerous
June 5, 2011 by admin
Filed under Smartphones
Comments Off on Cell Phones Can Be Dangerous
It appears that an Australian brain surgeon has called the latest report in reference to the report on the potential harmful effects of mobile phones as a wake-up call to users and the telecommunications industry.
Dr Teo, said he was “pleased” that at last there came conclusive proof that mobile phones caused brain tumours. He also went on to say that the report should serve as a ”wake up call’ that should alert both the public and the mobile phone industry to the link between mobile use and cancer.”
As you know a report was released by the World Health Organisation’s cancer research wing that said radio frequency electromagnetic fields generated by cell phones are “possibly carcinogenic to humans” and heavy usage could lead to a possible increased risk of glioma, a malignant type of brain cancer.
Microsoft’s IE Latest Flaw: ‘Cookiejacking’
Comments Off on Microsoft’s IE Latest Flaw: ‘Cookiejacking’
A technology security researcher has discovered a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said may allow hackers to steal credentials to access FaceBook, Twitter and other websites.
He coined the technique as ”cookiejacking.”
“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.
Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta wrote.
Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”
The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.
To take advantage of this flaw, the hacker must first persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.
That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.
“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”
Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.
“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.
Sony Hacked Again
May 29, 2011 by admin
Filed under Around The Net
Comments Off on Sony Hacked Again
More than 2000 users of Sony Ericsson’s Canadian Website are impacted by the latest hack attack to hit a battle worn Sony. Sony Ericsson is joint mobile phone venture between Sony and Ericsson. According to Sony hackers made off with e-mail addresses, passwords and phone numbers–but no credit card details. Sony has now shut down the affected site. Around 1000 of the stolen records from the Sony Canadian Website are already online, posted by Idahc, a “Lebanese grey-hat hacker”.
“Sony Ericsson’s Website in Canada, which advertises its products, has been hacked, affecting 2000 people,” a Sony spokesperson told AFP. “Their personal information was posted on a Website called The Hacker News. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information.”
“Sony Ericsson has disabled this e-commerce Website,” Sony detailed to IDG News. “We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers.” For security, Sony has shut down the Canadian Sony Ericsson eShop page, which currently reads: “D’oh! The page you’re looking for has gone walkabout. Sorry.”
Hackers Breach WordPress Servers
April 15, 2011 by admin
Filed under Around The Net
Comments Off on Hackers Breach WordPress Servers
Hackers have gained access to several servers that support WordPress and may have obtained source code, according to the founding developer of Automattic, the company behind the popular blogging platform.
Matt Mullenweg wrote on the WordPress blog that Automattic has been reviewing log records to determine how much information was breached and re-evaluating “avenues to gain access.”
“We presume our source code was exposed and copied,” Mullenweg wrote. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”