Security & Privacy

The Russian government has turned to censorship on the Web.

According to the New York Times, the government is utilizing a new law, which the Russian parliament approved in July and which took effect in November, that allows the government to selectively censor Web pages within its borders because of content that it believes is illegal or harmful to children. The law's supporters have said that it protects against child pornography and other harmful content, but detractors say that it's giving the government too much power to block whatever it deems unfit for its citizens.

Although smaller sites … Read more

Apple's nearly year-and-a-half old iMessage service has been found to be vulnerable to an attack that uses a flood of messages, or messages so long that the application is rendered unstable.

According to a report from The Next Web, a small group of developers have found themselves the target of an attack that does one of those things -- sending what could be thousands of messages.

The source is suspected to be someone with involvement in pirated iOS software, who could have gotten some basic information needed to send another user a message through Apple's messaging service, The … Read more

Nearly 13 years ago, the wizardly band of engineers who invented and continue to defend the Internet published a prescient document they called BCP38, which described ways to thwart the most common forms of distributed denial-of-service attack.

BCP38, short for Best Current Practice #38, was published soon after debilitating denial of service attacks crippled eBay, Amazon, Yahoo, and other major sites in February 2000. If those guidelines to stop malcontents from forging Internet addresses had been widely adopted by the companies, universities, and government agencies that operate the modern Internet, this week's electronic onslaught targeting Spamhaus would have been … Read more

Reports from Internet monitoring services show that recent news of a cyber attack so big that it made the Internet slow to a crawl around the world was a bit dramatic.

The New York Times reported about spam-fighting nonprofit Spamhaus and a distributed-denial-of-service attack on the Dutch group's site that became the "largest computer attacks on the Internet" and caused a "widespread congestion and jamming crucial infrastructure around the world."

Matthew Prince, the CEO of CloudFlare, the company enlisted to fight the attacks for Spamhaus, told CNET today that the attacks -- which ceased yesterday … Read more

A cyberwar is under way between two companies over a recent move made by one.

Spam-fighting organization, Spamhaus, which works with e-mail providers around the globe to block spam from entering in-boxes, has been in a battle over the last week that has seen distributed denial of service (DDoS) attacks exceed by several times the typical attacks inflicted on organizations.

Spamhaus hosts a blacklist made up of servers that, it believes, are designed to send spam around the world. Recently, the organization added a Dutch Web hosting company named Cyberbunker to its blacklist. Cyberbunker, which gets its name from its … Read more

Wells Fargo was the target of another distributed denial-of-service attack.

The bank's Web site was slowed down by the attack yesterday, affecting a certain number of customers, according to Fox Business News.

"Yesterday we saw an unusually high volume of Web site traffic which we believe was a denial of service attack," a Wells Fargo spokeswoman told CNET today. "The vast majority of customers were not impacted and customer information is safe. For customers who had difficulty accessing the site, we encouraged them to call us by phone, use ATMs or try logging on again as … Read more

A new Websense report suggests that approximately 94 percent of endpoints that run Oracle's Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril. 

According to security researchers at Websense, it's not just zero-day attacks that remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals.

With so many vulnerabilities, keeping browsers up-to-date can become an issue -- especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely. Keeping this in mind, the security … Read more

The People's Liberation Army unit (PLA) allegedly responsible for cyberspying on Western targets has collaborated with a top Chinese university on networking and security research papers.

In a finding uncovered by Reuters, Shanghai Jiaotong's School of Information Security Engineering (SISE) and the People's Liberation Army Unit 61398 have worked in partnership on at least three papers in recent years. PLA Unit 61398 is well-known for its alleged links to cyberattacks on the West, after a report was released by security firm Mandiant which stated that an "overwhelming" number of cyberattacks originate from the single unit … Read more

Apple has fixed the security issue involving its Apple ID password-reset page, a vulnerability that had made it possible for hackers with a user's e-mail address and birth date to reset the user's password.

Apple said yesterday that it was aware of the issue and was preparing a fix. Meanwhile, the company had taken the "iForgot" reset page offline for maintenance. Now the page is back up, and Apple has confirmed the fix with CNET.

The security exploit made use of a special URL that got around the need to answer a security question. Apple had … Read more