Security & Privacy

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more

Security company Dr. Web is reporting on a new adware Trojan attack that is targeting Mac users, where malicious Web sites will trick users into installing a plugin that will track your browsing and display ads to you.

The malware, called "Yontoo," will be first encountered as a media player, download manager, or other plug-in requirement for viewing contents on some maliciously crafted Web sites disguised as sources for file sharing and movie trailers. When the plug-in prompt is clicked, you're redirected to a site that downloads the Trojan installer and requires you to run it. The … Read more

A new Mac OS X Trojan is making the rounds, installing an adware plug-in that renders ads on Web pages to generate revenue for its author.

Dubbed Trojan.Yontoo.1, it is the most prominent of an increasing number of adware Trojans making the rounds, according to Russian antivirus company Dr. Web, the same company that discovered the Flashback virus last year.

"Criminals profit from affiliate ad network programs, and their interest in users of Apple-compatible computers grows day by day," Dr. Web said yesterday in a statement. "Recently discovered, Trojan.Yontoo.1 can serve as a … Read more

Matthew Keys, the deputy social media editor at Reuters who was recently indicted of charges of conspiring with Anonymous, has denied allegations he fed information to the hacktivist group that led to the defacement of the Los Angeles Times Web site.

Prosecutors alleged last week that Keys, a former Web producer for a TV station owned by the Tribune Company, handed over log-in credentials and passwords for the network of his former employer to members of the hacker group a couple of years ago. The Tribune Company also owns the L.A. Times.

The Los Angeles Times site's defacement … Read more

The cyberattack that targeted banks, TV broadcasters, and an Internet service provider in South Korea yesterday originated from an IP address in China, but the identities of the people responsible remain unknown, South Korean regulators say.

"We've identified that a Chinese IP has connected to the organizations affected," a spokesman for South Korea's Communications Commission told a press conference on Thursday, according to a Reuters account of the event.

The revelation comes a day after a massive coordinated attack on servers in South Korea led officials to raise the alert status for the nation's army … Read more

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them … Read more

A security researcher has revealed a method for accessing applications running on a locked Samsung handset.

The flaw is somewhat similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.

According to Terence Eden, who discovered the flaw and posted … Read more

Apple has finally managed to contain the Evasi0n jailbreak.

Released yesterday, iOS 6.1.3 fixes a security bug that allowed someone to sneak past the lock screen and make phone calls, listen to voice mail, and view contact photos.

But the update also patched several holes that Evasi0n exploited to perform an untethered jailbreak on all iOS devices, including the latest iPhone, iPad, and iPod Touch. People who upgrade to iOS 6.1.3 will no longer be able to use Evasi0n to jailbreak their devices. And once on 6.1.3, newer Apple devices cannot be downgraded to … Read more

South Korea's police are currently investigating a "massive" hack attack on Internet service provider LG Uplus, which led to server outages at three domestic broadcasters and two major banks.

As a result, the army raised its alert status amid concerns the attacks were initiated by its neighbors in North Korea.

Reuters reported Wednesday that authorities were looking into the attack on LG Uplus, which was suspected to be conducted by a group calling itself the "Whois Team".

The investigations were triggered by disrupted servers at television networks YTN, MBC and KBS. Customers at Shinhan Bank … Read more