Security & Privacy- Page 4

LivingSocial hacked; 50 million affected

Daily deals Web site LivingSocial is the latest database target for hackers, who have compromised the personal information of more than 50 million people.

In internal LivingSocial e-mails obtained by AllThingsD, the unknown culprits appear to have made off with the names, e-mails, birthdates, and encrypted passwords of what appears to be the vast majority of LivingSocial customers.

The Washington, D.C.-based site, owned in part by Amazon, claims around 70 million customers worldwide. The company's divisions in the Philippines, South Korea, Indonesia, and Thailand remain unaffected because they are hosted on different servers.

To put this breach … Read more

Google: No, app makers, you can't skip the Play Store

A change to the Google Play Store policy corrects a security loophole and forces all apps installed through the store to update through the store, too.

DroidLife is reporting the security fix puts the kibosh to apps that had been installed via the Play Store, but had been asking users to install updates outside of the marketplace workflow.

The change to the Content Policy, apparently shown to developers when they log in to the Play Store, admonishes them to not coerce their users into skipping the store. "An app downloaded from Google Play may not modify, replace or update … Read more

Police arrest Dutchman for alleged Spamhaus Web attacks

Authorities in Barcelona have arrested a Dutchman for his alleged involvement with one of the Web's biggest cyberattacks, the BBC reported today.

Spanish police detained a 35-year-old man believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker. Officials are making plans for his transfer to the Netherlands.

It was widely reported previously that Cyberbunker, a site hosting company, was behind the multiple Web attacks on Spamhaus, an antispam organization. The attack -- called a distributed denial-of-service, or DDoS, attack -- involved overloading Spamhaus' severs with requests. It also slowed down the Internet for part of Europe, … Read more

New malware variant targets Uyghur Mac users

One of the ongoing malware sagas is a political fight that is targeting Uyghur activist groups in China, where spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of these groups in an Advanced Persistent Threat attack.

This week, security company F-secure uncovered yet another variant of this attack being used.

Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

The malware used has changed a little … Read more

Google: More government takedown requests than ever before

Requests by governments worldwide to remove content from Google's services have hit an all-time high, according to the company.

Between July and December 2012, Google received 2,285 government requests for the removal of content on its services. In total, 24,179 pieces of content were asked to be removed by the government entities, setting a new record, according to Google. In the first half of 2012, Google received 1,811 requests to remove more than 18,000 pieces of content.

Google's release, which is part of the company's Transparency Report launched three years ago, indicates that … Read more

Google joins FIDO's crusade to replace passwords

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok … Read more

Australian police arrest alleged leader of LulzSec hacking group

The Australian Federal Police has reportedly arrested a man who describes himself as the "leader" of the LulzSec hacking group.

The 24-year-old man was arrested on hacking charges Tuesday in the coastal town of Point Clare, according to ABC News Australia, which first reported the arrest. The report did not reveal that man's identity.

The arrest comes two weeks after three members of hacker group pleaded guilty in a British court to carrying out cyberattacks against various media and entertainment companies and the U.K. National Health Service.

LulzSec emerged on the hacking scene in 2011, claiming … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more

Germany fines Google $189K for Street View Wi-Fi data breach

Germany's privacy regulator has fined Google 145,000 euros ($189,000) after the search giant illegally collected private Wi-Fi network data, including usernames, passwords and Web site results.

It amounts to a minor bluff for Google, but an overall win, as the fine represents about 0.002 percent of its total net profit in 2012.

This is despite it being "one of the biggest data protection rules violations known," according to Hamburg data regulator Johannes Caspar in an e-mailed statement to Bloomberg, claiming that Google's "internal control mechanisms must have severely failed."

It's … Read more

Hackers send bogus tweets from '60 Minutes' account

The Twitter accounts for CBS News programs "60 Minutes" and "48 Hours" were used by hackers earlier today to send out messages accusing the U.S. of aiding terrorists, the network confirmed.

"We have experienced problems on Twitter accounts of #60Minutes & @48Hours; We apologize for the inconvenience; Twitter is resolving issues," read a tweet from @CBSNews. Read another from @60Minutes: "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve."

Bogus messages tweeted from the hacked accounts included this one from the @60Minutes account:

Exclusive: … Read more