The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea.
Browsing Category: SMB Security
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.
Facebook has fixed a critical flaw in a user feedback feature that allowed any user to access private photos posted in other users accounts. Before it was fixed, the flaw was used to hack the account of Facebook CEO Mark Zuckerberg and post photos online.
Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Thus, our use of the terms “virus,” and “worm.”) Now it turns out that the links may not be so arbitrary, after Microsoft researchers discovered that tools they developed to detect spammers’ efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus.
The FBI says that more than 2.5 million systems infected with the DNSChanger malware connected to DNS servers set up by the authorities in the week following a crackdown on a global criminal network dubbed Ghost Click.
Researchers have known for years that virus writers and attackers pay close attention to the analyses researchers do of their work, and it appears that the Duqu authors are no exception. Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009.
The security industry has no shortage of hard problems to solve, but the one that’s getting the most attention right now is finding a way to improve, or ideally, replace, the CA infrastructure. The latest in what has become a series of recent proposals to help shore up the certificate authority system comes from a pair of Google security researchers who have laid out a plan for providing auditable public logs of certificates as well as proofs for each certificate that’s issued.
It’s going to be considerably harder to get that sweet, knock-off Louis Vuitton bag you’ve been eyeing, and you can thank the US Immigrations and Customs Enforcement Agency (ICE) for that. The agency reportedly seized control of some 130 websites last week in advance of Black Friday and Cyber Monday, according to a report from The Register.
Unlucky: Supermarket Chain Tells Customers That Self-Service Checkout Lanes In 20 Stores Were Outfitted With Card Skimmers
Customers of the Lucky supermarket chain in California were feeling rather unlucky last week, after receiving notice from parent company Save Mart Supermarkets said that self-service checkout lines in 20 of its stores were found to have debit and credit card readers that had been outfitted with card skimmers.
When CrowdOptic, a Silicon Valley, venture funded startup, developed a cool application that could stream real-time, context-aware information streams to mobile devices, the applications seemed straight-forward (and lucrative) enough: a blend of advertising and broadcasting that sports franchises and concert promoters might use to create an enhanced and “immersive experience” for fans attending live events. Along the way, however, the company discovered another, even more powerful use for their technology: crowd control.