Articles about Security

Shellshock -- we ain't seen nothing yet

Security attack

It's now just over a week since news of the Shellshock bug broke and analysts are still trying to work out just how much of an impact it could have.

Security specialist Incapsula has been tracking the vulnerability to get an idea of its magnitude, looking at the number of sites attacked and the damage caused.

Continue reading

Ransomware is an increasing security concern for IT professionals

Ransomware is an increasing security concern for IT professionals

There are always plenty of security concerns causing furrowed brows of IT professionals, but a survey shows that it is ransomware that is causing the biggest headaches at the moment. A survey carried out by Spiceworks and published by Webroot found that 88 percent of professionals had concerns about ransomware, while one third of those questioned had dealt with a ransomware attack first hand. By far the most common strategy for dealing with a device that has been maliciously encrypted is to simply wipe it.

Two-thirds expect the number of attacks to increase in the next year which is particularly concerning when you consider that two thirds of IT professionals know someone who has been affected by ransomware. Despite the threat and attempts to thwart the flow of ransomware with filtering, firewalls, and email scanning, just 44 percent believe their current security setup is "somewhat effective".

Continue reading

Facebook admits it screwed up, but its proposed research guidelines are meaningless

Facebook commits to changing its user research techniques

Facebook is no stranger to controversy, nor is the social network unfamiliar with upsetting its users. It seems as though Zuckerberg's baby has been hitting the headlines for all the wrong reasons lately, and it's not all that long since users vented their fury after it was revealed that their newsfeeds had been manipulated in the name of research. Now the social network says that it was "unprepared for the reaction the paper received when it was published and have taken to heart the comments and criticism" and is now implementing new user research guidelines.

"There are things we should have done differently" may seem like something of a half-hearted admission that mistakes were made, but it's the second semi-apology from Facebook this week. Research into how people use the social network will still continue, but Facebook now says "we want to do it in the most responsible way." So what does this actually mean?

Continue reading

Increase in unpatched browsers and operating systems leads to security concerns

Patch download

October is National Cyber Security Awareness Month (NCSAM) in the US and security company Secunia has marked this by issuing its latest Country Report assessing the state of security among PC users.

Key findings include that Microsoft’s Internet Explorer, with a market share of 73 percent, had 218 vulnerabilities with 11 percent of installed programs being unpatched and vulnerable. The percentage of users running unpatched operating systems has increased to 12.6 percent, from 11.1 percent in the previous quarter.

Continue reading

NoSpyProxy wants to put your data and identity out of reach of the NSA

Spying

Since the Edward Snowden revelations that governments as well as hackers were likely to be snooping on your internet activity it's been widely assumed that there's no such thing as safe online access.

VPN specialist CyberGhost has other ideas and has been seeking funding via Indiegogo for what it calls a NoSpyProxy. The company's VPN already uses AES256 military-grade encryption to protect passwords, bank accounts and other details as well as obscuring locations and IP addresses. It now aims to make things even more secure by placing the data center hardware under the control of an additional layer of security. This will put CyberGhost in control of the whole process from login through encryption protocol, key management and finally also the server itself.

Continue reading

Facebook apologizes to LGBT community, 'backs down' on real name policy

Facebook apologizes to LGBT community, 'backs down' on real name policy

Facebook has issued an apology to "drag queens, drag kings", and the LGBT community for forcing users of the social network to reveal their real names or face having their pages suspended. The social network also bowed to pressure, saying that users will not necessarily have to use their real names in the future. Chris Cox, Facebook's Chief Product Officer, made a statement in an online post that admits the negative response to the policy "took us off guard". Why the sudden interest in real names? It seems that one person may have been to blame.

Facebook caused something of a storm of controversy recently when it forced many users to reveal their real names. Large groups of people were affected by this, but it was a number of drag artists who were most vocal in their complaints -- numerous petitions and campaigns, including #MyNameIs, started up. While it was drag queens who hit the headlines, Facebook's sudden enforcement of its long-standing real names policy also affected performers such as musicians -- fans and friends were confused when seemingly new people appeared in their friend list. Despite the backlash Facebook faced, the social network stuck to its guns, remaining adamant that the policy was here to stay, and dismissing complaints out of hand.

Continue reading

Just how effective are parental control products?

School children laptop

Parents are keen to ensure that their offspring don't access inappropriate material on the web and for that reason most security software providers now offer parental control products, whether as a standalone product or part of an internet security package.

In a study commissioned for a German magazine, AV-Comparatives has looked at the leading products for Windows and mobile platforms to assess which are the most effective.

Continue reading

WordPress and other CMSs are 'inherently insecure'

WordPress and other CMSs are 'inherently insecure'

A large proportion of websites are not standalone sites in their own right, but creations based on CMSs such as Drupal, WordPress, and Joomla. This is particularly true for personal blogs, but using a CMS as the basis for a site has been increasingly popular among larger companies. CMSs are used because they allow for articles to be posted easily, make it simple for multiple people to contribute to a site, and allow for different users to be assigned different access rights. They can also be extended through the use of plugins, but these self-same extensions are also a security disaster waiting to happen.

Security experts High-Tech Bridge frequently discover vulnerabilities in extensions and plugins for popular CMSs. It is standard procedure to notify the developer before going public three weeks after the discovery -- this provides an opportunity for the problems to be fixed without alerting others who might exploit it. High-Tech Bridge CEO, Ilia Kolochenko, says that CMS security issues are nothing new:

Continue reading

Another data breach... Yeah, yeah, whatever

yawning

It seems like data breaches are seldom out of the news these days, but whilst that means we're more likely to be aware of their existence it also means there's a risk that individual threats begin to fade into the general day-to-day techy chatter and we don't give them the attention they deserve.

The growing number of breaches -- up 10 percent over last year according to a recent study by the Ponemon institute -- means they're less likely to catch our attention. Security training firm KnowBe4 refers to this phenomenon as "breach fatigue" and warns that it may be placing companies at risk.

Continue reading

Weak passwords are still a major problem for business security

Obvious password

According to data released by security company Trustwave which has analyzed evidence from almost 700 security breaches that took place in 2013, retail is the most compromised industry, accounting for 35 percent of attacks investigated.

The food and drink industry ranks second on 18 percent followed by hospitality on 11 percent. Perhaps not surprisingly e-commerce is most at risk, making up 54 percent of assets targeted whilst data centers account for only 10 percent. Point of sale breaches made up 33 percent of Trustwave’s investigations.

Continue reading

The Fappening part 3: Hundreds of nude celebrity photos leak once again

secrets shock surprise man woman

For an increasing number of celebrities who have seen their nude photos being leaked online, The Fappening will always be a never-ending nightmare, which will come back to haunt them for a long time to come. Once it's online, it stays there, ready for the world to see. Meanwhile, for others it will serve as a source of frequent enjoyment, in no small part thanks to Apple. Its iCloud service appears to be the source of the leaks for most files, and this includes the latest batch, called The Fappening part 3, which just surfaced.

Reddit and 4chan have served as the gateways to the new leaked photos, with download links showing up this past weekend. It's a recurring theme, as the two community forums have been involved in propagating hundreds of such images since The Fappening hit in early-September. Threads on the topic have been banned and new policies have been implemented, but, despite these efforts, it is all for naught apparently.

Continue reading

Touch ID on iPhone 6: Still hackable

photo-3

Apple's recently released iPhone 6 is susceptible to the same fingerprint forging attack as the iPhone 5s, according to the latest security research.

Mark Rogers, principal security researcher for mobile security firm Lookout, used techniques which are well-known to police officials and prototypers to access the device.

Continue reading

Apple: Most OS X users shouldn't worry about Shellshock

Satisfied Happy Businessman Relaxing Office

Apple has admitted that most OS X users have nothing to be concerned about when it comes to the bug that has been dubbed "worse than Heartbleed".

In a statement the firm admitted that it is already working on a software update for advanced UNIX users that repairs the major exploit that can be used by hackers to gain access to connected devices by inserting malicious code into the "Bash" command shell in OS X and Linux.

Continue reading

How to protect yourself from the Shellshock Bash bug

cyber_defense_800_contentfullwidth

A worrying new security vulnerability has muscled its way onto the Internet, and world-leading security experts are saying it's even worse than this year's Heartbleed fiasco. Called "Bash" or "Shellshock", the security flaw is inherent to a computer's shell. This is the user interface that accesses operating systems like Command Prompt, and means that many Linux, UNIX, and some BSD systems (including Apple's OS X) are vulnerable. Worryingly, the ubiquitous nature of the bug means that a large percentage of software is engaged in constant interaction with the shell. Consequently the bug can infiltrate software in a number of different ways.

So what can you do to protect yourself against this frightening new bug, and how can you avoid Shellshock? Well, the answer is basically the same as it's always been. There's no special tool or patch that'll keep you protected from Shellshock. It's just pure, common-sense cyber security.

Continue reading

Shellshock bug is bad and could take years to eradicate say experts

Despair

Ever since yesterday’s news of the Shellshock Bash bug broke cyber security experts have been lining up to make clear how bad it really is.

Unlike Heartbleed, which affected mainly servers, Shellshock leaves a whole host of systems vulnerable including Apple OSX systems and many internet of things devices with embedded code that’s based on Unix or Linux.

Continue reading

© 1998-2014 BetaNews, Inc. All Rights Reserved. Privacy Policy.