InSecurity Complex

Someone compromised the free-speech, antisurveillance repository Cryptome.org and hid malware on the site that infected Web surfers over the weekend, Cryptome.org reported.

A malicious PHP file was added to the site on Wednesday and a new directory was created that had logged nearly 3,000 IP addresses between Wednesday and Sunday, according to a post on the site.

The Cryptome.org post said thousands of HTML files in the site's main directory were found to be contaminated with a malicious script that appeared to download exploits from the Blackhole Toolkit "that may compromise a computer though … Read more

The CIA's Web site was down Friday afternoon in what looked like a distributed denial-of-service attack publicized by members of the online activist group Anonymous.

With the CIA site inaccessible, the Twitter account for @YourAnonNews tweeted "CIA TANGO DOWN: cia.gov #Anonymous" and included a link to a news story about the outage on Russian site RT.com.

A CIA representative declined to comment on the matter to CBS News beyond offering this statement: "We are looking into these reports."

The site was back online Saturday.

The Anonymous account also posted on Friday a Pastebin … Read more

Researchers at security firm zvelo have discovered that they can crack a Google Wallet PIN using a brute force attack on a device that is "rooted"--i.e., freed of security restrictions imposed by wireless carriers.

But don't panic. Chances are your Android device isn't rooted; typically only developers and true geeks are willing to root the device, which gives the user full control of the device with "root" privileges, but also removes certain protections.

And someone would have to get physical access to the device and install password cracking software on it to … Read more

Editors' note: This story was originally published June 17, 2011.

The number of hacking events of late is making our heads spin at CNET. There were scores of computer attacks, network intrusions and data breaches in 2011 and the trend shows no signs of abating in 2012.

In previous coverage, we've noted that it seems to be open hacking season, written about some of the hackers and groups who are behind the attacks,and speculated on their motives, so we thought we'd provide a chronological chart listing the attacks so we could all keep up on them. We … Read more

European Union officials have asked Google to refrain from implementing its plans to share user information across all of its services until the privacy implications can be analyzed, but Google is standing its ground.

In a letter to Google CEO Larry Page, Jacob Kohnstamm, chairman of the Article 29 working group of EU advisers on data protection issues, said: "We wish to check the possible consequences for the protection of the personal data of these [EU] citizens in a co-ordinated procedure," the Financial Times reported today.

The working group has asked French data protection watchdog CNIL to lead … Read more

In a string of attacks today, members of the digital activist group Anonymous apparently hacked into the Web site of defense lawyers for a U.S. Marine accused of leading a civilian massacre in Iraq, and have reportedly acquired e-mails exchanged by attorneys in the case.

They also reportedly: published the names, addresses and other information of more than 700 officers in Texas after compromising the Texas Police Association's Web site allegedly over a cop being investigated for child porn; attacked a Salt Lake City police Web site to protest an anti-graffiti bill; defaced a Boston police department site … Read more

When he's not at school, 15-year-old Cim Stordal spends his time playing the Team Fortress video game, shooting his Airsoft pellet gun, and working in a fish shop in Bergen, Norway. But his real passion is finding bugs in software used by millions of people on the Internet.

Stordal has made the Google Security Hall of Fame, been credited with disclosing a cross-site scripting bug to Apple, been thanked by Microsoft for disclosing a vulnerability to the company, and received an elite White Hat Visa card from Facebook with $500 credit on it.

"I got a card for … Read more

Hello, Facebook friends, I am male, straight, often ridiculously good-looking, and this is a real message: she's not that into you.

And by she, I mean one of those hot girls on Facebook who always seems too desperate and overzealous in trying to connect to you and everyone on your friend list.

Apparently, of some 850 million active Facebook users, a lot are fake profiles created to spread spam and viruses. These are often categorized as spammers or attackers. Security firm Barracuda Networks released today the findings from its most recent study that helps distinguish attackers from real users. … Read more

Google has added an automated scanning process that is designed to keep malicious apps out of the Android Market, the company announced today.

The new service, code-named "Bouncer," scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps, Hiroshi Lockheimer, vice president of engineering on the Android team, said in an interview with CNET this morning.

Every app is then run on Google's cloud infrastructure to simulate how the software would operate on an Android device, he said. Existing apps are continuously analyzed, too.

"The system … Read more