Dennis Fisher talks with Paul Judge of Barracuda Labs about his new project, which uses data on the vendors and products on display at the RSA Conference to determine which topics and technologies are the hottest at the moment.
Browsing Category: Cloud Security
A security compromise at Linode, the New Jersey-based Linux cloud provider, has warned customers that hackers breached a Web-based customer service portal used by the company and emptied the Bitcoin accounts of eight Linode customers. One Linode customer reports the theft of Bitcoins totalling around $14,000.
It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that Twitter and some other iPhone apps were uploading users’ contact lists without their knowledge. Now, a researcher at Veracode has written a small app that allows users to figure out exactly which iOS apps are doing what with their personal data.
Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard.
Twitter has finally gotten on board the SSL train and made HTTPS the default login option for all of its users who sign in through the Web interface. The company had made secure login an option for users last year but hadn’t made it the default mechanism.
In the last couple of years, Google and some other Web giants have moved to make many of their services accessible over SSL, and in many cases, made HTTPS connections the default. That’s designed to make eavesdropping on those connections more difficult, but as researchers have shown, it certainly doesn’t make traffic analysis of those connections impossible.
After a researcher discovered that any person who decides to download the Path app onto their mobile device is unknowingly sending their address book to a server belonging to the social network and photo-sharing service without prior notification, the company has released a new version of the app that asks people to opt in to that behavior.
The Blackhole exploit kit has a near monopoly on infected Web pages, according to Web security firm M86’s latest Security Labs Report, issued today. (PDF)
A report from Web security firm zScaler finds that Web pages hosted by the firm Dreamhost are being redirected to a scam Web site in Russia following a hack of the company’s servers last month.