Security & Privacy

Just over a year after the European Justice Commissioner Viviane Reding lifted the lid on plans to reform the data protection and privacy laws in the region, Brussels is facing its greatest challenge yet by no other than its own member states.

The Commission may "water down" proposals after a group of EU member states said they were heavily opposed to a number of proposed measures, according to the Financial Times of London. These include measures that could see EU-based firms fined up to 2 percent of a company's global revenue for data breaches.

Due to an … Read more

Google today became the first Internet company to shed light on a highly secret -- and controversial -- warrantless electronic data-gathering technique used by the FBI.

The technique allows FBI officials to send a secret request to Web and telecommunications companies requesting "name, address, length of service," and other information about users as long as it's relevant to a national security investigation. No court approval is necessary, and disclosing the existence of the FBI's request is not permitted.

Because of that legal prohibition, Google was able to disclose only the numerical ranges of requests it receives … Read more

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

HANOVER, Germany--You're traveling and your coworker needs your key to get into your office. Why not just e-mail it?

That's the idea behind Fraunhofer Institute's Key2Share technology, which the German research lab is developing in partnership with Bosch and showing off here at the CeBIT show.

Key2Share uses smartphones equipped with near-field communications (NFC) short-range wireless networking abilities to unlock phones. But because approval to use the key becomes digital data, a person can e-mail that approval.

It could be useful for other situations, too, said Ahmad-Reza Sadeghi, a researcher involved with the project. For example, a … Read more

HANNOVER, Germany--In today's James Bond world, smartphones get you instant access to top-secret information. In the real world, security constraints mean mobile phones generally aren't nearly so clever or convenient.

BlackBerry and Secusmart hope to change that through a partnership that at least has won over the German federal government. It has authorized purchases of phones with the BlackBerry 10 operating system augmented with Secusmart's SD card-mounted security chips for classified communications, said Hans-Christoph Quelle, Secusmart managing director, speaking here at the CeBit technology show.

The approach uses a feature in BlackBerry 10 called Balance, which partitions … Read more

They're arguing now about who let it happen, but happen it did, with entertaining consequences.

Somehow Nicholas Webber found himself in an IT class while in jail. He's serving five years for creating a site called GhostMarket, which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate.

He was caught using hacked personal information to buy everything from iPods to luxury hotel stays.

One might have thought that an IT class would have been quite dull for him. One might also have thought that inviting him to an … Read more

Web security service CloudFlare was offline for about an hour this morning due to a systemwide failure of its edge routers.

The outage, which began around 1:47 a.m. PT, removed the security layer for 785,000 Web sites, including 4chan and Wikileaks, according to TechCrunch. CloudFlare said the outage occurred while it was trying to defend one of its customers from a distributed denial-of-service attack.

The outage affected Juniper routers running the Flowspec protocol, which allows customers to broadcast router rules to a large number of routers efficiently. CloudFlare uses the protocol to update the rules on routers … Read more

Yet another company has fallen victim to a hack, with attackers breaking into systems at Evernote, maker of a Web-based note-taking application used by about 50 million people.

The company said in a security notice that some user data had been accessed and that Evernote was requiring all users to reset their passwords. Apparently, though, no sensitive financial information was stolen, and no user content was affected:

"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost," the company said in the statement, which was … Read more

Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing … Read more