Security & Privacy

IE 8 to include private browsing feature

As CNET News first reported last week, Internet Explorer 8 will include a way to surf somewhat anonymously, allowing the user to suspend browsing history, cookies, and other identifying information. Mozilla had considered such a feature for its Firefox 3 release, but dropped it for technical reasons. Apple Safari also includes a similar feature.

Known as InPrivate, Microsoft is touting the feature as one of several security enhancements within its next major browser release. The scenarios for using InPrivate include when you're using someone else's computer, when you need to buy a gift for a loved one without … Read more

Data on 84,000 U.K. prisoners is lost

Unencrypted data on all 84,000 prisoners in England and Wales has gone missing after a Home Office contractor lost a USB stick on which it had been stored.

Contractor PA Consulting alerted the Home Office to the loss last Monday evening--and by midday Tuesday, the contractor confirmed "rigorous" searches had failed to uncover the whereabouts of the memory stick and its cachet of sensitive information.

According to a Home Office statement, the missing USB stick contains:

Data relating to all prisoners in England and Wales, including names, birth dates, and, in some cases, expected prison release data … Read more

Google making SSL changes, other sites quiet

A security researcher has been in discussions with Google on an exploit he plans to release that would allow a hacker to easily intercept someone's communications with supposedly secure Web sites over an unsecured Wi-Fi network, but other sites, like Facebook, Yahoo Mail, and Hotmail, remain vulnerable.

Mike Perry, a reverse engineer and developer at Riverbed Technology, says he announced on the BugTraq e-mail list a year ago a common flaw with the way Web sites implement the SSL (Secure Sockets Layer) protocol that is designed to protect people's data when they surf the Web. Typically, they only … Read more

Red Hat, Fedora servers compromised

Red Hat warned on Friday that a network attack compromised some servers last week that are involved with both its commercially supported and free versions of Linux.

The breaches involved Red Hat Linux Enterprise servers and those from its community-supported Fedora project that it sponsors.

Red Hat said in a security advisory that it is confident the intrusion did not compromise the Red Hat Network, which is the chief mechanism used to distribute changes to its Red Hat Enterprise Linux product, or updates sent over the network. Therefore customers are not at risk, the company said.

The open-source vendor also … Read more

Phreaker calls buddies overseas on U.S. government dime

Someone broke into a U.S. Homeland Security Department phone system and made 400 calls to the Middle East and Asia, racking up $12,000 in long-distance charges, The Associated Press reported.

The phone phreaker got into the voice mail system of the Federal Emergency Management Agency last weekend and had free calling to places like Afghanistan, Saudi Arabia, and Yemen for at least two days before someone at Sprint noticed, according to FEMA spokesman Tom Olshanski.

It appears that a hole was left open by a contractor during an upgrade of the voice mail system, but further details were … Read more

Brazilian charged in U.S. in connection with operating botnet

A Brazilian man has been charged in connection with operating a botnet composed of more than 100,000 computers infected with malicious software allegedly designed to send spam, the U.S. Department of Justice said on Thursday.

A federal grand jury in New Orleans handed down an indictment charging Leni de Abreu Neto, a 35-year-old from Taubate, Brazil, with one count of conspiracy to cause damage to computers worldwide. If convicted, he faces up to five years in prison and up to three years of supervised release, as well as a fine of $250,000 or more based on the … Read more

Psychological profiling on the Web

Yesterday I ranted on Facebook about how annoyed I was with it. I've also had my share of emotional posts about various topics on Twitter. And I'm frequently opinionated in my blog postings on this site.

Unless you are following my writings on all the various sites, you might not know how cranky and critical I can be. My emotions and opinions may not be of concern to anyone beyond my close personal friends and co-workers (who have to listen to my occasional verbal tirades). But if you did care, there might soon be an easy way to … Read more

Security expert: DNS attacks are happening

A fatal flaw with the DNS (Domain Name System) is being exploited in Internet attacks and more attacks are likely, the security researcher who discovered the flaw said on Thursday.

"I do think we are going to see attacks. I think we have been seeing attacks already going on in the field," said Dan Kaminsky, director of penetration testing for IOActive, who warned the industry about the DNS vulnerability nearly five months ago. "We're doing everything we can to mitigate and reduce its incidence."

Kaminsky mentioned a DNS-related incident with China Netcom (possibly the incident … Read more

Malicious Flash ads attack, spread via clipboard

A new type of Internet-based attack is spreading in which Flash-based ads seize control of a Web surfer's clipboard and paste in a link to a malicious site in the hopes that it will be spread from there into e-mails, blogs, and instant messages.

The ads have been spotted on MSNBC.com, Newsweek.com, and Digg.com, and victims have reported on numerous forums and blogs that they appear to be fake alerts that a virus has been detected on the computer and offer to clean it up, according to antivirus vendor Sophos.

The malicious link, which includes "… Read more