Security & Privacy

Bots dominate small Web site traffic, research shows

A surprising 51 percent of traffic to an average Web site -- one with 50,000 to 100,000 monthly visitors -- is potentially bot generated, according to new research from Web security and performance company Incapsula.

On top of that, 31 percent of overall traffic to these such sites is malicious.

The news is worse for very small sites -- or those with fewer than 2,500 monthly visitors. Incapsula examined more than a thousand small sites and found that 83 percent of each site's traffic comes from non-human (bad bots and good bots) with bad bots accounting more

Rebekah Brooks charged in phone-hacking scandal

The former head of News Corp.'s U.K. newspaper business Rebekah Brooks has been formally charged in the phone-hacking scandal that took the popular News of the World down.

The U.K.'s Crown Prosecution Service (CPS) today announced that it has charged Brooks with three counts of "conspiracy to pervert the course of justice." CPS claims that last July, Brooks "conspired" with her husband, chauffeur, and others to "conceal documents, computers, and other electronic equipment from officers of the Metropolitan Police Service." CPS also charged Brooks and her assistant with "permanently" removing seven boxes from the News International more

Facebook attempts to clear up privacy questions

Facebook Chief Privacy Officer Erin Egan held a question-and-answer session this morning streamed live on the company's Web site to talk about the social network's latest privacy policy changes.

The revisions to its policy, announced late last week, come as the social network prepares for what is expected to be one of the largest initial public offerings in history, on Friday.

The company updated the policy because the Irish Data Protection Commissioner asked the company to expand on its data practices by spring of this year, Egan said. "That's a big driver of our changes," in addition more

After a decade of Windows malware, do you feel any safer?

By 2002, Bill Gates was fed up. He'd had his fill of reports about Windows malware causing grief for customers who similarly were fed up.

And so Microsoft's chairman sat down and authored a call to arms in a remarkably frank memo to employees, urging a series of changes to bring about what he called an era of "trustworthy computing."

Our new design approaches need to dramatically reduce the number of such issues that come up in the software that Microsoft, its partners and its customers create. We need to make it automatic for customers to get the

Kaspersky: Apple needs to face up to Mac threats

Last updated: 12:18 p.m. PT.

One of Apple's more outspoken critics investigated the security of the Mac OS, and the company may not be too happy with the results.

Apple is turning a blind eye to the security of its operating system, says Kaspersky Chief Technology Officer Nikolai Grebennikov, who conducted an analysis of the platform independent of Apple. Kaspersky has concluded that the company isn't taking the security of its own platform seriously enough.

In an interview with computing.co.uk, Grebennikov said the Mac is "really vulnerable" to malware, pointing to the recent Flashback more

Adobe will issue free security fixes for CS5 apps after all

Adobe has apparently changed its mind about requiring customers to pay to get recent security patches for its Photoshop, Illustrator, and Flash Professional products.

The patches cover vulnerabilities that could let a remote user execute malicious code and take control of computers that are running the products.

A post to Adobe's security blog dated yesterday says the following:

We are in the process of resolving the vulnerabilities...in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.
Users may monitor more

Startup proposes a safer Internet locale via a '.secure' domain

A security startup called Artemis Internet has proposed a new ".secure" top-level domain that would require Web sites using the domain to maintain stringent security practices.

The goal is to offer a place on the Web where sites have higher security standards and Web surfers can have more faith that their data and communications will stay out of the hands of malicious hackers and criminals.

"Right now software and security engineers are really bad at building good user experiences," Artemis founder Alex Stamos said in an interview today. "It's time for us to take responsibility and make (Web security) more

Adobe users must pay for security upgrades

Adobe's recent release of patches for Photoshop, Illustrator, Flash Professional, and Shockwave have all been marked critical by the company, but users will be required to pay out of their own pocket for almost all of them.

All of the related vulnerabilities, found in each of Adobe's four software suites, have the potential to allow a remote user to execute arbitrary code and take complete control of the user's computer. While the patch for Shockwave is free, no such patch is available for CS5.5, or earlier versions of Photoshop, Illustrator, and Flash Professional. Instead, users concerned more

EFF: Prosecutors want location data via a Twitter shortcut

By granting the subpoena request -- which Twitter has challenged -- the court is allowing prosecutors to bypass the need for a search warrant as typically required when seeking location information, the EFF argues.

"The judge also allowed the government to get access to location information without a search warrant. Twitter keeps a record of a user's IP address when he logs in to post a tweet," Hanni Fakhoury, EFF staff attorney, writes. "Since the majority of Twitter users access the site through mobile phones, these IP addresses are keys that help unlock a person's location."

The post more

Wording in cyberwar bill begs question: Who's in charge?

The House Armed Services Committee yesterday approved an amended version of the National Defense Authorization Act that removes language requiring presidential authorization for military offensive operations in cyberspace to defend the country.

Congressional sources working with House Armed Services Committee Chairman Howard "Buck" McKeon said the move did not grant the secretary of defense any additional powers and dismissed fears as unwarranted.

"We don't interpret this to mean that Congress is giving the Department of Defense new authorities," said a committee source. "It would all be within the context of the Authorization to Use Military Force (50 U.S.more