Security & Privacy

Google joins FIDO's crusade to replace passwords

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok … Read more

Australian police arrest alleged leader of LulzSec hacking group

The Australian Federal Police has reportedly arrested a man who describes himself as the "leader" of the LulzSec hacking group.

The 24-year-old man was arrested on hacking charges Tuesday in the coastal town of Point Clare, according to ABC News Australia, which first reported the arrest. The report did not reveal that man's identity.

The arrest comes two weeks after three members of hacker group pleaded guilty in a British court to carrying out cyberattacks against various media and entertainment companies and the U.K. National Health Service.

LulzSec emerged on the hacking scene in 2011, claiming … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more

Germany fines Google $189K for Street View Wi-Fi data breach

Germany's privacy regulator has fined Google 145,000 euros ($189,000) after the search giant illegally collected private Wi-Fi network data, including usernames, passwords and Web site results.

It amounts to a minor bluff for Google, but an overall win, as the fine represents about 0.002 percent of its total net profit in 2012.

This is despite it being "one of the biggest data protection rules violations known," according to Hamburg data regulator Johannes Caspar in an e-mailed statement to Bloomberg, claiming that Google's "internal control mechanisms must have severely failed."

It's … Read more

Hackers send bogus tweets from '60 Minutes' account

The Twitter accounts for CBS News programs "60 Minutes" and "48 Hours" were used by hackers earlier today to send out messages accusing the U.S. of aiding terrorists, the network confirmed.

"We have experienced problems on Twitter accounts of #60Minutes & @48Hours; We apologize for the inconvenience; Twitter is resolving issues," read a tweet from @CBSNews. Read another from @60Minutes: "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve."

Bogus messages tweeted from the hacked accounts included this one from the @60Minutes account:

Exclusive: … Read more

Security certificate problem trips up Bing Web site

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m. PT when visiting https://bing.com.

The HTTPS standard governs how Web browsers and Web servers set up encrypted communications, for example so that others can't eavesdrop on network activity to find out what you're searching for, but valid and up-to-date security certificates are required for such communications.

"An attacker on your network could be trying … Read more

Boston bombings: How facial recognition can cut investigation time to seconds

After the Boston Marathon bombings, police in the city made a plea for people with cell phone video and pictures to turn over their footage, adding to the hours of surveillance video from nearby businesses. But what would normally take investigators hundreds of hours to review can now take minutes or even seconds, thanks to technology like facial recognition. The software, which can help pick a person out of crowd, looks for differentiating features -- from the shape of a mouth to the ridge on a nose to the distance between a pair of eyes.

3VR in San Francisco has … Read more

Mozilla takes hard stance on protecting Web site certificates

It's happened to everyone -- you visit a Web site and instead of the browser taking you directly to it, you get a notice that says you're about to visit an untrusted site. The reason this happens is because the browser hasn't certified the site.

This type of action could mean a slow death for such a Web site, since messages like these tend to scare off users.

Mozilla, Firefox's parent company, is now contemplating whether to give international telecom giant TeliaSonera this type of punishment, according to the Register. Apparently Mozilla might refuse to include … Read more

Top Wi-Fi routers easy to hack, says study

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken … Read more