Security & Privacy

'Copyright Alert System' rolls out to catch illegal downloaders

The "Copyright Alert System," aka "six strikes," kicked off today with the cooperation of five major Internet service providers. The goal of the new campaign is to curb copyright infringement by going after consumers rather than pirates.

While the CAS seems like something that would raise the hackles of privacy and civil liberty groups, the plan isn't to arrest, sue, or fine people downloading illegal movies, games, or music. Instead, the group managing the program -- the Center for Copyright Information -- says its objective is to "educate" such downloaders that they are … Read more

Add Microsoft to list of hacked companies

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised.

In a blog post late Friday, Matt Thomlinson, who directs the company's Trustworthy Computing Security program at Microsoft, wrote:

Consistent with our security response practices, we chose not to make a statement during the initial … Read more

HTC settles with FTC over software security vulnerabilities

Mobile handset maker HTC has agreed to settle a complaint filed against it by the Federal Trade Commission accusing the company of failing to take "reasonable steps" to patch a security flaw in software running on its smartphones.

As part of this settlement, HTC has agreed to patch handsets that were left vulnerable to the security risks. And the company has agreed to develop a security program to address future security issues on its handsets.

HTC has already begun rolling out the patches to devices in the U.S., according to the FTC.

In its complaint, the commission … Read more

Sentencing of LulzSec double agent postponed

Hector Xavier Monsegur, better known by his nom de plume "Sabu," was slated to face sentencing in New York City today for his role hacking into public and private Web sites as one of the hacktivists operating under the LulzSec label. All told, he faces a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft.

But Monsegur, who subsequently worked as a double agent for the FBI, still awaits his fate. The authorities abruptly postponed his sentencing. No explanation was offered.

His cooperation … Read more

FTC plans mobile security event for June 4

The Federal Trade Commission said today that it will convene a one-day event on security-related "threats to mobile devices."

The event, to be held on June 4 in the agency's Washington, D.C., conference center, will be the latest in a series of similar events that have focused on topics including online data collection and advertising. It's open to the public.

An announcement posted on the FTC's Web site says the event will likely include discussions of "emerging mobile security threats and trends, security challenges in the mobile environment and infrastructure, potential solutions to … Read more

NBC Web site back up after hack attack

NBC's Web site is up and running again after being knocked offline by a cyberattack for several hours yesterday.

The NBC site was the victim of a form of malware known as the Citadel Trojan. This specific strain targets companies in an attempt to steal usernames, passwords and other sensitive data. People who visit sites infected by the trojan can find their own PCs infected as well.

In the past, Citadel typically attacked banks and financial firms but has since expanded its reach to a wider range of organizations.

NBC, which is part of cable giant Comcast, is still trying to figure out how the attack occurred, … Read more

Zendesk hack snares user data from Twitter, Tumblr, Pinterest

At a time when it seems no company is immune from hackers, user information from three high-profile social-networking sites has been compromised due to a hack at another company.

Customer support service Zendesk revealed today that it had been the victim of a security breach and that information from three of its clients had been downloaded. As first reported by Wired, those three clients are Twitter, Pinterest, and Tumblr.

Zendesk revealed the hack in a company blog post today that said the vulnerability was immediately identified and patched:

Our ongoing investigation indicates that the hacker had access to the support … Read more

Twitter aiming to slash phishing e-mails sent from 'Twitter.com'

If you get an e-mail saying it's from Twitter, the social-networking company wants to assure you that it's really from Twitter and that there's no need to worry that someone's out to steal your password.

At least, it's almost certain that the e-mail you just got from a Twitter.com address is not a phishing attack, the company said in a blog post today.

Twitter said it has adopted a new security protocol known as DMARC that was designed by a consortium in order to cut way down on phishing attempts.

DMARC solves a couple … Read more

Malware getting smarter, says McAfee

Malware continues to grow, not just in volume but in sophistication, according to a new report from McAfee.

Released today, the security vendor's fourth-quarter 2012 Threats Report found that more organizations are being targeted by more clever cyberattacks.

The number of trojans designed to steal passwords rose 72 percent last quarter. Some of these trojans are part of "customized" threats, while others are packaged with more "off-the-shelf" forms of malware. As one example, the Citadel trojan was specifically designed to hit financial services companies.

Operation High Roller and Project Bliztkrieg were also cited by McAfee … Read more