Security & Privacy

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their … Read more

Caution: Web sites about the Tampa Bay Rays baseball team and the U.S. vice presidential debate may cause serious harm to your computer.

Cybercriminals who want to steal data and take control of computers are doing so by luring victims to sites with hidden malware. But how do they attract unsuspecting victims?

The answer: Google Trends.

This makes a lot of sense. Google Trends lists the most frequently searched topics, displays them on a graph, and shows news articles and blog posts that relate to that topic. (Google has trend-type tools for Web site owners and advertisers, too.)

So, … Read more

As the federal government makes efforts to protect citizens online, it is encouraging people to look out for themselves as well.

To kick off its fifth annual "National Cyber Security Month," the National Cyber Security Alliance, an organization of government, academic, and industry representatives, paired with Symantec to release the results of a national poll on Thursday showing Americans do not feel very safe online, yet they believe they are more protected than they actually are.

Just 26 percent of respondents said they felt their computers were "very safe" from viruses, and 21 percent felt their … Read more

Updated at 1:30 p.m. PDT with the New York Times saying they fixed the hole.

A new report from researchers at Princeton University reveals serious Web site security holes that could have been exploited to steal ING customers' money and compromise user privacy on YouTube, The New York Times' Web site, and MetaFilter.

The sites have all fixed the holes after being notified by the report's (PDF) researchers, William Zeller and renowned security and privacy researcher and Princeton computer science professor Edward Felten.

The vulnerability arises from a coding flaw that could allow someone to do a … Read more

Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available.

The TCP stack defines a set of rules by which a computer can communicate over any network. Robert E. Lee, chief security officer for Outpost24, told CNET News, "the vendors we are in talks with seem to be taking the threat seriously."

The discovery follows a test using a port scanner called UnicornScan, which Lee and senior security researcher Jack Louis created. The tool is … Read more

Risks factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, according to a report released Thursday by Verizon Communications.

The new report (PDF) builds on data released in June. The initial report spanned four years and included more than 500 forensic investigations involving 230 million compromised records.

In the initial report, Verizon found that 73 percent of the data breaches were the result of outside sources, with only 18 percent from insider threats. Of the outside sources, 39 percent were attributed to business partners. But that's an average.

The new … Read more

Even before someone hacked Sarah Palin's Yahoo Mail account I had been wondering whatever happened to encryption.

Encryption -- the science of rendering plain text unreadable by anyone but the intended reader -- made a splash in the mid-1990s. At the time the U.S. government was investigating human rights activist Phil Zimmermann for allegedly violating the Arms Export Control Act by distributing his PGP (Pretty Good Privacy) e-mail encryption software. The government eventually relaxed the restrictions and PGP was no longer programa non grata.

Nearly a decade has passed and it struck me recently that encryption still hasn'… Read more

TOM-Skype, eBay's joint venture in China, is recording customer text chats and censoring them if they contain certain keywords related to topics the government deems objectionable, according to a report released on Wednesday (PDF) by researchers in Canada.

"TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance," the report concludes. "What is clear is that TOM-Skype is engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding … Read more

Updated at 7:55 a.m. PT on Wednesday to specify that the FBI cleared Mitnick of any wrongdoing in this event.

Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.

After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.

The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.

"There was uncertainty, fear, and panic because I didn't know what was going on, and I didn't do anything wrong," he said in a recent telephone interview with CNET News. "In my mind, I thought I was being set up for something."

Here's a rundown of what happened:

Mitnick's Delta Airlines plane landed in Atlanta on September 16 at around 3 p.m. He had flown in from Bogota, where he had gone to give a speech to the newspaper El Tiempo and to visit his girlfriend.

The first sign of trouble was when a U.S. customs agent swiped his passport through the computer system and started staring intently at the screen and typing. "Kevin," the agent said with a big smile on his face. "Guess what? There are some people downstairs who want to have a word with you, but don't worry. Everything will be OK." … Read more