Security & Privacy

This was originally published at ZDNet's Between the Lines.

McAfee on Thursday announced it's acquiring MX Logic, which provides on-demand e-mail, continuity, and Web services, for $140 million in cash.

The move is designed to bolster McAfee's security as a service lineup. Security software vendors have been racing to the cloud. MX Logic has 40,000 customers who cover more than 4 million end users. McAfee said that it plans to cross-sell MX Logic with its Web services such as the Total Protection Service (statement).

Separately, McAfee topped second quarter estimates and delivered a better-than-expected third quarter … Read more

Adobe has released a patch for a critical Flash Player problem that could let attackers take over people's computers through content viewed in a browser.

The vulnerability affected a file that shipped with Flash Player 9.x and 10.x for Windows, Mac OS X, and Linux, and with Adobe Reader and Adobe Acrobat 9.x for Windows, Macintosh, and Unix. Adobe said Thursday it fixed the problem in a security advisory, and Adobe's Matt Rozen posted a note on Twitter that directed people to download the patched version from Adobe's Flash download site.

This was no … Read more

A three-man team of programmers and engineers announced on Thursday that it has found a way to park for free by bypassing the security of "smart" parking meters used in cities including San Francisco, which has about 25,000 of them.

The parking meters are manufactured by J.J. MacKay Canada and accept coins and prepaid plastic cards that can be purchased in $20 and $50 denominations from local drugstores and grocery stores.

Although MacKay claims (PDF) its meters use "sophisticated security algorithms to deter fraud," it took the trio of hackers three days to figure … Read more

LAS VEGAS--Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source.

This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an attacker to trick the recipient into visiting a malicious Web site or ultimately do something else to harm the phone or steal data.

The attacks work potentially on any type of phone that is MMS-enabled and operating on Global System for Mobile communications (GSM) networks, said Zane Lackey, a senior … Read more

This was originally published at ZDNet's Between the Lines.

Symantec's fiscal first quarter fell short of expectations as corporate customers opted for shorter-term maintenance and license renewals.

The company, which makes security and storage software, reported first-quarter net income of $73 million, or 9 cents a share, down from $172 million, or 20 cents a share a year ago (statement). On a non-GAAP basis, Symantec reported first-quarter earnings of $285 million, or 34 cents a share. Wall Street was expecting 35 cents a share. Symantec's revenue for the first quarter was $1.43 billion, down 13 percent … Read more

LAS VEGAS--Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they don't own and thus trick people into visiting those illegitimate sites or inadvertently sharing information.

Marlinspike, an independent researcher, said a flaw in the way browsers and mail clients implement … Read more

LAS VEGAS--Researchers have discovered a way to take complete control over an iPhone merely by sending special SMS messages and demonstrated it on my iPhone at the Black Hat security conference on Wednesday.

Although an attacker could exploit the hole to make calls, steal data, send text messages, and do basically anything that I can do with my iPhone, the researchers were kind and merely rendered it temporarily inoperable.

Here's what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I'm talking … Read more

LAS VEGAS--You can take the man out of Google, but you can't take Google out of the man.

While working as chief information officer and vice president of engineering at Google from 2004 to 2008, Douglas Merrill oversaw the search giant's internal IT systems. He left to be chief operating officer of new music at EMI, marrying his professional ambitions with his love of music.

At EMI, employees used Exchange Calendar, which uses a "painful remote-access methodology," he said in a keynote speech on Tuesday at the Black Hat security conference.

"I paid my admin … Read more

Your local police may soon be packing flying surveillance bots. At the AlwaysOn Stanford Summit, Aeryon Labs President Dave Kroetsch gave a compelling pitch on his company, which makes a two-pound robot helicopter that has enough on-board intelligence and stability control to allow it to be flown by people who just point to locations on a Google Map-based interface.

The whole kit, including a table-based control module, fits in a suitcase-sized crate and can be quickly assembled in the field. After the user snaps the flying bot together, he or she just tells it where to go by pointing to … Read more