InSecurity Complex

Hackers supportive of the Occupy Wall Street protests today released personal information of former Citigroup and Goldman Sachs executive Robert Rubin who was U.S. Treasury Secretary under President Clinton when the banking reform Glass-Steagall Act was repealed.

The CabinCr3w, hackers aligned with the Anonymous group of online activists and the protests, have been releasing personal data of the CEOs of Citigroup, JP Morgan Chase, Goldman Sachs and other bankers. They also released information on a New York police officer accused of unprovoked and excessive use of pepper spray on people at the protests, which began September 17 in New … Read more

Adobe Systems is working on a fix for a Flash-related vulnerability that could be used by Web sites to surreptitiously turn on a visitor's microphone or Webcam.

The problem is in the Flash Player Settings Manager on Adobe's servers and not with software on customer computers, Adobe spokeswoman Wiebke Lips told CNET today.

"Engineering is currently working on a fix," she said in an e-mail. "Note that this issue does not involve/require a product update and/or customer action. (In other words, there will not be a security bulletin.) It's a fix we … Read more

The voice-activated feature on the new iPhone 4S will let anyone use the phone to send e-mails and text messages and make calls even if it is passcode locked, Macworld has reported.

Try it. Grab a friend's locked iPhone 4S, press the button and ask Siri to do something. I was able to send a text message, make a call and send an e-mail, all without knowing my friend's passcode. Another colleague confirmed that she could get an address and a phone number out of the phone and even see the calendar.

There is an easy fix for this situation, which was reported on by Macworld on Friday, followed by security firm Sophos today. In the Passcode Lock settings, switch Siri to "Off" (see below). This lets you continue to use the feature once your iPhone is unlocked, but keeps users from accessing these features when security is enabled. … Read more

Google announced today that it will encrypt by default Web searches and results for users who are signed in.

People who don't have a Google account or are signed out can go directly to https://www.google.com, the company said in a blog post.

Encrypting the communications between an end user and the Google search engine servers will protect against snooping by anyone who might be sniffing on an unsecured Wi-Fi network, for instance. Secure Sockets Layer (SSL) is available now for Web search, image search and all the search modes except for Maps, Google said in this … Read more

Malware has been discovered on computer systems in Europe that has identical code to the Stuxnet worm and could be the precursor to the next big computer attack on critical infrastructure systems, Symantec said today.

Unlike Stuxnet, which targeted specific Siemens SCADA (supervisory control and data acquisition) software and appeared to have been written to sabotage Iran's nuclear program, the new malware installs a backdoor and is designed to gather information, like design documents, that could be used in future attacks, Symantec said.

The malware, written to run on Windows systems, is dubbed Duqu because it creates file names … Read more

Officials in the Obama administration considered compromising Libya's government computer networks to block early-warning data gathering and missile launches on NATO war planes during the American-led strikes this spring but decided against it, according to The New York Times.

While the move would have lowered the risk to pilots, it could have opened up a can of worms, which is ultimately why it was nixed. In addition to worrying there wouldn't be enough time to find the holes in Libya's networks to exploit before the strikes, there was a question of whether Congress would have to be … Read more

Hackers released personal information about the head of Citigroup today in retaliation for the arrest of protesters during the Occupy Wall Street demonstrations this weekend.

The data on Vikram Pandit, Citigroup's chief executive officer, includes phone numbers, address, e-mail address, family information, and some legal and financial information. It was released by CabinCr3w, which is affiliated with the Anonymous online activist group that has been involved in the monthlong protests.

"During Occupy Wall Street, protesters had made way to CitiBank to withdraw their funds and close their accounts," CabinCr3w wrote in a statement. "They were met … Read more

Many people are concerned about hacked e-mail accounts (even celebrities), but what about when several years worth of your digital file cabinet are deleted, say, by a malicious intruder?

That happened to Deb Fallows six months ago, and her husband, author James Fallows, wrote a riveting account of their ordeal for The Atlantic that makes for fascinating reading.

His words of advice are: use strong, unique passwords on important important online accounts; take advantage of Google's two-step verification service; and back up our cloud-based data on our own. Oh, and act fast. Deleted messages are purged from the Trash … Read more

The latest antivirus detection file update of Norton Antivirus blocked access to Facebook after mistaking it for a phishing site, Symantec told CNET today.

The problem was fixed yesterday within hours of it being noticed, according to a statement from Symantec, which acquired Norton and its antivirus software a decade ago. "The issue occurred due to content within the site being falsely identified as a phishing risk," the company said.

"We are aware that some Norton customers encountered a security warning page when attempting to access the Facebook Web site," Symantec said in a statement. "… Read more