Security

Thu
11
Feb
John Lister's picture

IRS Online Security Breach Affects 100k Taxpayers

The IRS has revealed that cyber attackers managed to trick its system in handing over more than 100,000 access codes for user accounts. Fortunately the breach was discovered before any sensitive data was compromised. The attack followed a data theft ... from a source outside of the IRS. The agency hasn't revealed what that was, but it appears to have involved a stolen list that included social security numbers. The attackers then set an automated program, or "bot" to work. Using stolen social security numbers (sourced from outside the IRS), the bot was used to generate E-file PINs ... (view more)

About the author:
Tue
02
Feb
John Lister's picture

Goverment Claims on Encryption Challenged

A Harvard University report challenged the government's argument that online encryption helps criminals go undetected. The report also suggests that the "Internet of Things" will give law enforcement officials more opportunity to surveil suspects. ... Politicians and government agencies (such as the FBI) repeatedly make the case that the law fails to keep up with technology, especially when it comes to being able to monitor communications between suspected offenders. For example, recently-updated wiretapping laws can still prove to be unworkable, especially if data is encrypted ... (view more)

About the author:
Thu
21
Jan
John Lister's picture

LastPass Password Manager a 'Phishing Risk'

A security researcher says he's published proof that users of password manager tool LastPass could easily be tricked into handing over login details. LastPass insists there is no bug with the service itself, but has made some changes to mitigate the ... issue. Sean Cassidy published details of the potential attack at a security conference. He says the way LastPass operates makes it too easy to create bogus looking login pages that could fool users into handing over their login credentials. According to Cassidy, two main problems combine to create the phishing risk. One is that LastPass ... (view more)

About the author:
Thu
14
Jan
John Lister's picture

Password Manager Proves Security Risk

Google has uncovered a major bug in a security software tool that could expose user passwords to hackers. Its the second time in a matter of weeks that Google's found problems with security software . On this occasion the problem is with the ... antivirus package from Trend Micro, specifically a Password Manager feature. This allows users to store passwords securely with a master security code; at the touch of a button, users can then have them the program automatically fill in passwords and logins on websites. According to Google's Tavis Ormandy, the feature is installed by default with ... (view more)

About the author:
Thu
07
Jan
John Lister's picture

Microsoft to Ditch Security Updates for Internet Explorer

Microsoft is to ditch support for all but the latest edition of Internet Explorer. The news coincides with reports that Microsoft's new Edge browser is rapidly falling from favor. The discontinued support Internet Explorer affects versions 8, 9 and ... 10 and will end on Tuesday, January 12, 2016. That will mark the final update for those systems, which will simply consist of an on-screen notification urging user to upgrade to Internet Explorer 11 or Edge. Officially, only Windows 7, 8, and 10 can run Internet Explorer 11, while Edge runs on Windows 10. Unlike some browsers such as Firefox ... (view more)

About the author:
Wed
06
Jan
John Lister's picture

North Korea's PC Operating System: At a Glance

Two German researchers have revealed that the world's most secure operating system could be Red Star OS. If you've never heard of it, that's probably because it's used only in North Korea. Florian Grunow and Nikalaus Schiess say that the system, ... which was created by the country's government, tracks virtually every file a computer user opens or handles. (Source: ccc.de ) The system is widely used on publicly owned computers. Reports from the country say the very few privately owned computers in North Korea are more likely to run Windows XP. System Uses Open-Source Base ... (view more)

About the author:
Thu
31
Dec
John Lister's picture

9 Million At Risk from Browser Security Tool

A popular antivirus browser extension has been labeled as a security risk by Google. The tool in question is called Web TuneUp and is a browser extension by AVG; in this case, the problem involves Web TuneUp and the Chrome Browser, but the threat ... itself likely includes other browsers as well. Web TuneUp works by validating links that appear on a web browser page, such as on a search engine results list. It then warns the user if a link points to a page that could compromise security. It's arguably overkill, given that Chrome includes similar tools - plus the fact that Google itself ... (view more)

About the author:
Wed
30
Dec
John Lister's picture

MS Defends Windows 10 Policy to Copy Hard Drive Keys

Microsoft has confirmed it automatically uploads Windows 10 disk encryption keys to its servers. The company says it was a deliberate decision based on weighing up the worst case scenarios. The encryption key in question is not related to logging ... into and running Windows itself. Instead its an encryption of the entire hard drive of the device running Windows 10. This means that if somebody physically steals your computer, they can't make any sense of the data, even if it's been copied to another device (using a disk image backup, for example). Encryption Key Would Help Computer Thieves ... (view more)

About the author:
Wed
23
Dec
John Lister's picture

Google Testing New Password-Free Login System

Google is testing a login method that doesn't require a password. The problem is that the method doesn't necessarily add any convenience and isn't as secure as it could be. Reports of the new method have come from a user at the discussion site ... Reddit, who was invited to test the new system. As part of the test, the user must have a smartphone registered. (Source: reddit.com ) The user posted screenshots which show the normal login screen but only asking for an email address (the Google equivalent of a user name) and not for a password. Code Sent To Mobile Screen The screenshots ... (view more)

About the author:
Wed
09
Dec
John Lister's picture

New 'Bootkit' Malware Sidesteps Security Software

A newly-identified piece of malware has achieved arguably the ultimate goal of cybercriminals. "Nemesis" is able to infect a Windows computer before the operating system is loaded. The malware is a particularly nasty form of a rootkit . That's ... software which is able to inappropriately access some of the core components of a computer (both hardware and software), often disguising its actions. A rootkit is a serious problem because it's often completely undetectable, which means that it can easily override antivirus software to carry out malicious tasks. In this case, the Nemesis ... (view more)

About the author:

Pages

Subscribe to RSS - Security