Security & Privacy

Skype's president said that the company was largely unaware of a major security breach affecting Skype users in China.

In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.

He said the company knew that instant-messaging chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in … Read more

To the short list of life's certainties--death and taxes--we can now add "Web threats."

Early indications are that there will be no quick fix for clickjacking, which enables a PC to be infected with malicious software simply by clicking a disguised link on a Web page. All browsers are equally vulnerable, and there appears to be no sure solution, at least in the short term. Even disabling JavaScript and other advanced Web features won't prevent an infection.

Does this mean you should cancel your broadband account and dig out the ham radio? I don't recommend … Read more

On Thursday, Panda Security released its report for the third quarter stating that adware is responsible for one third of all new malicious software. In particular, the security company cited increased use of fake antivirus scanners.

The fake scanners typically report a computer infection and suggest downloading an application to remove the malware. Once downloaded, the scanners then ask computer users to purchase the application before it can remove an infection that never really exists. The goal of these attacks is financial gain.

In addition to seeing increasing amounts of adware, Panda Security reported that Trojan horses account for almost … Read more

Eighteen months after a denial-of-service attack, the Estonian Ministry of Defense has posted a detailed report (PDF) on the attacks. While focusing on specific steps the nation needs to take to prevent another attack, the report contains global recommendations as well.

In May 2007, the Baltic nation experienced a series of denial-of-service (DoS) attacks as a result of its government's decision to relocate a statue honoring an unknown Russian person killed during World War II. At Black Hat in 2007, security expert Gadi Evron said the attacks were not directed by the Russian Federation, or any government entity; he … Read more

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their … Read more

Caution: Web sites about the Tampa Bay Rays baseball team and the U.S. vice presidential debate may cause serious harm to your computer.

Cybercriminals who want to steal data and take control of computers are doing so by luring victims to sites with hidden malware. But how do they attract unsuspecting victims?

The answer: Google Trends.

This makes a lot of sense. Google Trends lists the most frequently searched topics, displays them on a graph, and shows news articles and blog posts that relate to that topic. (Google has trend-type tools for Web site owners and advertisers, too.)

So, … Read more

As the federal government makes efforts to protect citizens online, it is encouraging people to look out for themselves as well.

To kick off its fifth annual "National Cyber Security Month," the National Cyber Security Alliance, an organization of government, academic, and industry representatives, paired with Symantec to release the results of a national poll on Thursday showing Americans do not feel very safe online, yet they believe they are more protected than they actually are.

Just 26 percent of respondents said they felt their computers were "very safe" from viruses, and 21 percent felt their … Read more

Updated at 1:30 p.m. PDT with the New York Times saying they fixed the hole.

A new report from researchers at Princeton University reveals serious Web site security holes that could have been exploited to steal ING customers' money and compromise user privacy on YouTube, The New York Times' Web site, and MetaFilter.

The sites have all fixed the holes after being notified by the report's (PDF) researchers, William Zeller and renowned security and privacy researcher and Princeton computer science professor Edward Felten.

The vulnerability arises from a coding flaw that could allow someone to do a … Read more

Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available.

The TCP stack defines a set of rules by which a computer can communicate over any network. Robert E. Lee, chief security officer for Outpost24, told CNET News, "the vendors we are in talks with seem to be taking the threat seriously."

The discovery follows a test using a port scanner called UnicornScan, which Lee and senior security researcher Jack Louis created. The tool is … Read more