Security & Privacy

This week, the Massachusetts Office of Consumer Affairs and Regulations pushed back the deadline to comply with a new state law mandating encryption of sensitive consumer data. The law, passed in September 2008, was supposed to take effect on January 1, 2008. Instead, the deadline will now be pushed back to May 1.

Why the change? The extension was driven by the current economic crisis in order to give companies a bit more leeway.

OK, I read the papers and see what's going on. Yes, the economy is a mess and it ain't gonna get much better between … Read more

Think you can spot the difference between a legitimate e-mail and a phishing scam sitting in your in-box? According to one security vendor, many people can't.

The SonicWall Phishing and Spam IQ Quiz test presents a series of e-mails that may or may not be from PayPal, Wells Fargo, the IRS, and others. Test takers must decide whether the e-mail is a phishing attempt, legitimate, or provide no answer. Afterward, a score card is presented and if any questions were missing, there's an opportunity to see why: A page opens up identifying the clues that should have told … Read more

Google has adopted OAuth, an open Web authentication standard for controlling privacy, for its widget platform, Google Gadgets.

If a user has personal information stored on one Web site, OAuth provides a mechanism for him or her to authorize that Web site to share the data with another Web site or widget. It also makes it possible to do this without the first site having to reveal the user's identity to the second site.

Google announced in June that it was to adopt OAuth for sharing data through its Google Data application programming interface. The company on Tuesday said … Read more

Teens and young adults interested in downloading High School Musical-related music and video on peer-to-peer networks should be wary of malware, warns Panda Security.

While this may be obvious to older computer uses, younger users may not yet have experience with the social engineering used by malware writers, the security vendor said Friday in a press release.

Social engineering is not new, of course, and its creators are constantly trying new ways to hook people in. The day after the U.S. presidential election, for example, there was a wave of Barack Obama-related video links that attempted to download malware … Read more

President-elect Barack Obama's cell phone billing records were improperly accessed by employees of Verizon Wireless, CNN reported late on Thursday.

Obama's transition team was informed of the breach by Verizon Wireless representatives on Wednesday, team spokesman Robert Gibbs told the news agency. The Secret Service has been informed, Gibbs said.

The phone, a voice flip-phone with no e-mail access, is no longer active or being used by Obama, the report said. Lists of phone numbers and calls made by Obama could have been accessed, but "nobody was monitoring voicemail," Gibbs is quoted as saying.

Verizon Wireless … Read more

As the economy worsens and more people get laid off, online fraud and financial scams are rising, security experts say.

Many of the scams lure people in with promises of quick and easy money. For instance, there has been a marked increase in money mule recruitment scams for people to transfer funds online between countries, and other illegal work-related spam in recent months, security firm Panda said on Thursday. Such offers promise $225 or more a day for what they call "rebate processing" work at home.

"The schemes are aimed at people who are desperate in rough … Read more

USB thumb drives are convenient, popular and often free--and they're spreading viruses like sailors on shore leave.*

The US-CERT (Computer Emergency Response Team) issued a warning on Thursday that malicious code is increasingly propagating via USB flash drive devices.

Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus, a variant of the SillyFDC worm, according to Wired.

We've seen this before with portable external storage devices. Floppy disks were the culprit in the early 1990s, followed by CDs. The fact that USB thumb drives are being used by so many people makes them an attractive target for virus writers.

"The bad guys are intentionally developing new flavors of malware designed to propagate through USB devices," said Gunter Ollmann, chief security strategist for IBM's ISS security division. "They are today's floppy drives."

But USB drives are even handier. Their small size makes them easy to slip into a pocket or carry on a lanyard around your neck. A common swag item in the tech industry, they also are mainstream consumer storage devices. They literally litter my desk drawers.

There are a couple of ways USB thumb drives can be used to spread viruses and other malicious software.

… Read more

British prime minister Gordon Brown spoke on Thursday (at least indirectly) about the future of Gary McKinnon, a 42-year-old UFO enthusiast accused of hacking into several U.S. military sites. It was the prime minister's first public comments on the case which, after six years, took a twist over the summer.

McKinnon lost his last fight against extradition in July but has yet to arrive in the United States to stand trial. His lawyers are continuing to appeal within the E.U. courts. McKinnon, who has been diagnosed with Asperger's syndrome, has said he would prefer to stand … Read more

White lists will be on every desktop within the next five years, according to Patrick Morley, CEO of Massachusetts-based Bit9. Morley was in town to address the Dow Jones VentureWire Technology Showcase in Redwood City, Calif., on Tuesday. He stopped by CNET News afterward to discuss why he believes white listing will be important in the next few years.

The basic idea behind "white listing" is to define a set of software, a set of vendors, and allow only those trusted applications or files from those vendors to run on your machine. If a file or application is … Read more