The Chinese military wants to beef up its cyberdefense efforts as it anticipates greater threats originating from the U.S.
"The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak," the Chinese military wrote in its official newspaper, Liberation Army Daily. "Their actions remind us that to protect the nation's Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army."
Though Liberation Army Daily isn't an official mouthpiece for the Chinese … Read more
Hacking group LulzSec was touting a hotline yesterday that let people call in and request takedowns of Web sites.
"Call into 614-LulzSec and pick a target, and we'll obliterate it," LulzSec wrote on its Twitter account yesterday. "Nobody wants to mess with The Lulz Cannon--take aim for us Twitter."
The LulzSec hotline's area code encompasses the Columbus, Ohio, metropolitan area, though it's unlikely the people behind the organization are there. According to LulzSec, its hacking request line was lighted up all day, and it accommodated a total of eight requests. By the end … Read more
The U.S. government is failing to safeguard American businesses from persistent and widespread online attacks emanating from China, former U.S. national security official Richard Clarke argues in The Wall Street Journal today.
"In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault," Clarke wrote in an op-ed piece.
Actions being taken at the federal level are lopsided and insufficient, he argues:
Rather than defending American companies, the Pentagon seems focused on "active defense," by which it means offense. That cyberoffense might be employed if China were ever … Read more
A new burst of hacks has left companies and government organizations picking up the pieces.
Earlier today, The Hacker News reported it had received a message from hacking group Pakistan Cyber Army, claiming the PCA had hacked an Acer Europe server and stole sensitive information. The publication posted a screenshot of the data reportedly collected, which included the personal information of 40,000 customers, including their names, addresses, phone numbers, e-mail addresses, and the names of products they had purchased.
According to The Hacker News, the PCA plans to release more data within the next 24 hours, and will follow … Read more
A security researcher in Italy has discovered a flaw in Internet Explorer that he says could enable hackers to steal cookies from a PC and then log onto password-protected Web sites.
Referring to the exploit as "cookiejacking," Rosario Valotta claims that a zero-day vulnerability found in every version of Microsoft's IE under any version of Windows allows an attacker to hijack any cookie for any Web site.
Demonstrating his findings at security conferences this month in Switzerland and Amsterdam, Valotta acknowledges that to exploit the hole, the hacker must employ a bit of social engineering because the … Read more
After LastPass reported a possible security breach and potential theft of some of its users' master passwords last week, we wondered what it meant for other password managers, such as RoboForm.
Both LastPass and RoboForm help you create and manage strong passwords to log into the increasing array of secure Web sites that we all juggle these days. But is there an inherent vulnerability in relying on a single service to keep track of all your passwords? Should RoboForm users be concerned about the possibility of a similar "anomaly" exposing any of their data?
To answer those questions and learn how RoboForm strives to keep its own customers' data secure, CNET recently spoke with Bill Carey, RoboForm's vice president of marketing.
Q: Bill, from what you may know of what happened at LastPass, what was your take on it? Carey: That's a good question. I don't think anybody really knows what happened yet. I'm not even sure LastPass really knows what happened yet. I've read some of the articles and I read their blog, and they said there was an anomaly. It appears someone had access to their servers for a certain amount of time and that there could've been a transfer of data. But I don't think it would be fair for me to comment on it because I'm not really sure what happened yet. But I appreciate that you're writing it from our standpoint because no one's really thinking about "well, who else is out there and what are they doing and how are they protecting [their data]."… Read more
Following yesterday's revelation of a likely security breach at password management company LastPass, the company's CEO is revealing more details about the incident and trying to offer some comfort and advice to his users.
Speaking yesterday with PC World, LastPass CEO Joe Siegrist admits he may have been too "alarmist" in sounding the alarm bell over the potential security breach. But the anomalies the company found when looking over its logs raised too much of a red flag.
Siegrist explained that he doesn't think a lot of data would've been hacked, but just enough … Read more
Users who manage and store their passwords through password management service LastPass are being forced to change their master passwords after the site noticed an issue this week that raised the spectre of a possible security breach.
As described in a blog yesterday, LastPass (download) recently followed a string of breadcrumbs that pointed to an anomaly in its network traffic on Tuesday. Though such anomalies aren't unusual, LastPass found a matching anomaly in one of its databases. Unable to identify a root cause for either anomaly, the company made the decision to assume the worst--that some of its data … Read more
Web browsers are ground zero for Internet security threats, and the debate over responsibility for preventing those threats has resulted in a Gordian knot. The people behind the new add-on for Firefox called Cocoon (download) want to cut through debate by serving the entire Web to you via proxy. (Cocoon is also available at GetCocoon.com.)
Made by Santa Barbara, Calif., start-up Virtual World Computing, Cocoon's goal is to put the Internet on a server to prevent individual users from having to touch it, Cocoon Chief Executive Officer and co-founder Jeff Bermant said in an interview today at CNET'… Read more
Twitter has tweaked its security settings to offer an option to always enable Hypertext Transfer Protocol Secure, or HTTPS.
Although the more secure setting has always been available, in the past Twitter users had to browse specifically to https://twitter.com to take advantage of it. Now, the tighter security is a new option found in the Twitter settings page.
Clicking on your account name in Twitter and then selecting Settings brings up the appropriate page. From there, you'll see the new option at the bottom of the page. Checking "always use https" ensures that each Twitter … Read more