Security & Privacy

National ID cards compulsory for U.K. airport staff

Update at 10:05 a.m. PST: More information on the airports' participation has been added.

A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.

Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.

Also on Thursday, the government said that retailers, post offices, and … Read more

Former Intel worker faces more charges in alleged trade secrets theft

A former Intel employee who previously was charged with stealing trade secrets from the chipmaker reportedly faces four new charges of wire fraud.

The FBI in August charged Biswahoman Pani with theft of trade secrets after allegedly finding more than 100 pages of sensitive Intel documents, including 13 "top secret" files with designs for future processor chips, inside Pani's home. The information Pani obtained reportedly was worth more than $1 billion in research and development costs.

Pani resigned from Intel in May, stating he would continue working there through June 11, according to the FBI. However, he … Read more

Obama-themed malware on the rise

Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors. The U.K.'s Sophos reported 60 percent of all spam seen by the lab on Wednesday was in some way Obama related.

One piece of spam alleges to contain a link to video of Obama's acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you'll be asked to update your Adobe Flash Player with a file, adobe_flash9.… Read more

Campaign PCs of Obama, McCain cyberattacked

Last summer, Sen. Barack Obama's presidential-campaign computers came under cyberattack from an "unknown entity." His machines weren't alone; John McCain's computers were also attacked, according to a report appearing Wednesday on the site of Newsweek magazine.

The Obama attack was initially thought to be a piece of malware downloaded from a phishing site. Newsweek reports that "the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: 'You have a problem way bigger than what you understand,' an agent told them. 'You have been compromised, and a … Read more

MySpace plugging photo peephole

MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends with them.

The vulnerability, reported to CNET News by Canadian computer technician Byron Ng, was easy to exploit by plugging a member's ID number into a specific MySpace URL. However, someone would have to know which URL to use to be able to see the private photos.

Hours after CNET News notified MySpace of the security hole midday and several hours later a MySpace representative said the company had confirmed the vulnerability, disabled it, and was rolling out a … Read more

Core Security finds critical Adobe Reader hole

Updated 10:50 a.m. PT with Adobe releasing update and link.

A critical security hole in Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies.

The vulnerability affects version 8.1.2 of Reader, Core Security said in a statement issued on Tuesday to coincide with Adobe's planned release of a security update to fix the vulnerability.

The security bulletin was posted early on Tuesday. "Adobe is not aware of any reports of these issues being exploited in the wild," the company wrote in a security blog posting. … Read more

British tax site goes dark after data security breach

Security breaches happen all the time. But a recent incident in England is particularly worrisome and illustrates the risks of storing sensitive data on USB thumb drives which can easily slip out of a pocket or briefcase.

The British Department for Work and Pensions shut down a consumer Web site after a flash drive containing confidential passwords and source code was found in the parking lot of a pub two weeks ago, according to the Daily Mail.

The Government Gateway site, which about 12 million citizens use to file tax returns and pay parking tickets, contains addresses, salaries, National Insurance … Read more

Bots exploiting Microsoft's latest RPC flaw

Several antivirus vendors are reporting on Monday a new round of exploitation of Microsoft's out-of-cycle security bulletin last month. The flaw in MS08-067, which affects how remote procedure calls (RPC) are handled in the Windows Server Service, has the potential to become a fast-spreading worm, according to Microsoft. But experts predict any exploitation will be bundled within an existing Trojan horse or botnet package because that's where criminals can make the most money from the malware code.

Ken Dunham of iSIGHT Partners said his company was looking at three samples of interest.

One is what F-Secure is calling … Read more

Ex-McAfee worker arrested for alleged theft

A former marketing manager at McAfee has been arrested on charges that she directed more than $3.8 million of McAfee business to companies that she and her husband own.

Susan Despinic, 35, and Aurawm Almaneih, 37, posted $1 million and $500,000 bail, respectively, and were released after their arrest Thursday on grand theft charges.

At least one of the companies that made money off McAfee was a "shell" company created for that sole purpose, according to the Santa Clara County District Attorney's Office.

The Los Gatos couple faces up to seven years in prison.

Despinic, … Read more