Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.
But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.
You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.
Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.
Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.
Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.
A security flaw has been discovered in a number of UK news websites, potentially placing 24.5 million users at risk. The problem was found in websites run by Johnston Press, a UK media group that is responsible for scores of regional news websites.
Just a few days ago we reported about the findings of security researcher Brute Logic. He discovered an XSS vulnerability on Amazon that risked exposing user data and could be used to compromise accounts. Now the same researcher has discovered another cross-site scripting security flaw that could be used to redirect visitors to malicious websites -- and it's worryingly simple to exploit.
A couple of days ago Google launched a Chrome extension that compresses web pages. This is a feature that has been available for the iOS and Android versions of Chrome, but now it has hit the desktop. It's something that will be off interest to people whose ISP puts data caps in place.
Launched on March 23, the Data Saver extension is currently in beta (come on, this is Google… what did you expect?) and it helps to "reduce the amount of data Chrome uses". This might sound appealing, but it does mean that your traffic is routed through Google's own servers. Do you trust Google enough?
Data leaks due to security flaws and hacker activity constantly make the news, but they're not the only ones that businesses have to worry about. Leaks can stem from employee or industrial espionage activity too and of course there's always government snooping.
Whilst larger businesses with sensitive data or intellectual property to protect often check for old-style surveillance they may not be as aware of the potential for PCs and other gadgets to gather intelligence as well as leak data. We spoke to Andre Ross, Director of Australian digital forensics and information security company Elvidence to find out how businesses may be at risk and what they can do to combat it.
A month ago, Malwarebytes reported that adult site RedTube had been compromised and was infecting unsuspecting visitors with malware. That issue was swiftly fixed, but now the security firm reports another adult site, Xtube, is currently serving exploits.
While attacks of this nature usually come via malicious advertising (malvertising), in this instance the nasty snippet of code has been injected directly into Xtube itself.
Yes, I know, on Tuesday we reported on a study showing that DDoS attacks were down in frequency, though increasing in severity. But another report from Corero Network Security now suggests that they've actually increased in numbers.
Measuring the number of DDoS attacks is beginning to look like asking how long a piece of string is. Anyway, Corero says that attacks are up with its customers experiencing attack 3.9 attempts per day.
Half of all Android users are still vulnerable to a security flaw uncovered in the most-popular mobile operating system early last year, according to a new report from security firm Palo Alto Networks. The vulnerability in question allows an attacker to modify or replace Android apps with malware without the user's knowledge.
Google was informed of the vulnerability in February 2014, a month after its discovery, and has since come up with a patch, which it has included in later revisions of Android 4.3 Jelly Bean and newer distributions. According to the latest data from Google, that still leaves 49.9 percent of all Android users unprotected.
Errors in software, whether operating systems or applications, are usually the root cause of security issues, allowing hackers and cyber criminals a way in to systems.
In 2014, 15,435 vulnerabilities across 3,870 applications were discovered according to a new report from vulnerability intelligence specialist Secunia. That represents an 18 percent increase in vulnerabilities compared to the year before, and a 22 percent increase in the number of vulnerable products.
A serious XSS vulnerability left Amazon customers in "real danger" of having their accounts compromised. The man who made the discovery is Brute Logic, the current top security researcher at XSSposed.org and "light-gray computer hacker". We spoke to him about the security issue as well as talking about the responsibilities involved in exposing vulnerabilities.
The cross-site scripting vulnerability was discovered on March 21 and was left unpatched for two days. In this time, Brute Logic says there was a real risk that people "could have their Amazon account compromised or had their computer invaded by means of a browser exploit". He says it is the responsibility of sites to fix problems when they are highlighted by the hacking community.
New variants of malware come and go with depressing regularity, but some have capabilities that offer more cause for concern than others.
The latest piece of scary software comes from researchers at security company Doctor Web who have uncovered a new Trojan dubbed BackDoor.Yebot that's capable of carrying out a wide range of destructive actions on an infected machine.
According to the latest quarterly threat report from network security specialist Black Lotus the frequency of DDoS attacks fell by 44 percent in the last quarter of 2014.
However, the average packet volume of attacks increased 340 percent to 4.36 million packets per second (Mpps), and the average bit volume swelled 245 percent to 12.1 gigabits per second (Gbps) over the same period.
Allowing employees to use their own devices for work offers lots of benefits for businesses, but there are risks involved too.
A new report from software company Flexera and research specialist IDC says that enterprises are not doing enough to understand which mobile app behaviors hitting their networks and data are risky, nor are they testing apps for those risky behaviors to ensure proper enforcement of BYOD policies.
As more and more transactions are carried out electronically, point of sale systems become an ever more tempting target for cyber criminals. Security researchers at networking company Cisco have identified a new strain of PoS malware that seeks to extract credit card data from memory and send it to remote servers.
Named PoSeidon it has a more sophisticated design than other PoS malware and has some resemblance to ZeuS. It's written to evade detection, can communicate directly with C&C servers, self-update to execute new code and has self-protection mechanisms to guard against reverse engineering.