Security & Privacy

Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.

The process would be similar to that of a typical malware infection.

An attacker might tempt users to visit a malicious Web site by promising something … Read more

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

The White House warned China today to end a campaign of cyberespionage against U.S. companies, saying in its toughest language yet on the issue that the hacking activity threatens to derail efforts to build stronger ties between the two countries.

U.S. companies are increasingly complaining that intellectual property is being stolen through attacks "emanating from China on an unprecedented scale," Tom Donilon, the president's national security adviser, said during a speech at the Asia Society in New York.

"The international community cannot afford to tolerate such activity from any country," Donilon said. "… Read more

Gawker's headline tells the story: Either Colin Powell's official Facebook page got hacked or the former U.S. Secretary of State has had a drastic change of heart about the president he served.

Powell's Facebook page was pulled down today after it wound up hosting a series of sometimes scatological references to George W. Bush, according to Gawker which saved some of the posts.

This is just the latest in a spate of high-profile hacks launched against personal and private accounts. Sometimes the object has been public embarrassment, other times an effort to insert malware. In mid-February, … Read more

AUSTIN, Texas -- Once again, Uncle Sam wants you. This time, the U.S. government is after your nerdy, data- and public policy-obsessed brains.

That was the message delivered by Acting Undersecretary of State for Arms Control and International Security Rose Gottemoeller to a small but actively curious group of techie and policy wonks at South by Southwest today.

In a session entitled, "Mobilizing Ingenuity to Strengthen Mobile Security," Gottemoeller and CNET reporter Daniel Terdiman discussed the U.S. government's interest in getting the public more involved in disarmament and the detection of weapons of mass destruction. … Read more

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

It's no secret that the Chinese government is spying on its own citizens, and censoring what they see and access online. But for major players in the technology industry, such as Microsoft, a foothold in the lucrative Chinese market is worth bowing down to certain ethical considerations that would not ordinarily pass in the Western world.

One U.S. student has shown that, amid rumors that Skype is not as secure or as private as it is believed to be, the Chinese authorities are able to snoop and censor text-based conversations for active censorship and surveillance purposes. 

A … Read more

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more