security

RSA sees 'big data' as key to corporate security (podcast)

Big data is one the the big themes at this week's annual RSA security conference in San Francisco.

That's because analyzing a company's stores of data is another step in improving information security, RSA Vice President Brian Fitzgerald said.

"Classic security defenses are no longer that effective in a world where data centers no longer have a fixed perimeter. They're connected to suppliers and to customers. Information is flowing between partners on a massive scale," he said in an audio podcast (scroll down to listen).

Analyzing a company's data allows you to "… Read more

Feds strike a deal with alleged illegal streaming site operator

After taking down Channelsurfing.net and arresting its alleged owner in 2011, the feds now seem to be easing up. Before going to trial, the government struck a deal earlier this month with the alleged site owner Brian McCarthy.

In a "Deferred Prosecution" memo filed on February 11, which was obtained by TorrentFreak, U.S. Attorney Preet Bharara writes that "after a thorough investigation, it has been determined that the interest of the United States and your own interest will best be served by deferring prosecution in this District. Prosecution will be deferred during the term of … Read more

Upcoming iOS update likely to kneecap Evasi0n jailbreak

One of the most popular jailbreaking tools for iOS could be snuffed out as part of an upcoming software update from Apple.

iOS 6.1.3, which Apple gave to developers for testing last week, reportedly keeps Evasi0n from being installed, leaving would-be jailbreakers in a lurch.

Evasi0n came out earlier this month and gives iPhone, iPod, and iPad owners deeper access to the software on their devices than Apple allows. The two key benefits for those who install it is that you can make significant changes to basic system software, as well as add additional apps through third-party software … Read more

Samsung amps up business push with Knox security software

BARCELONA, Spain--Samsung Electronics is getting serious about attacking the business world.

The South Korean consumer electronics giant unveiled Knox, an additional layer of security software that will run as part of its SAFE (Samsung for Enterprise) initiative. Samsung is considering embedding Knox into Samsung's next flagship smartphone, YH Lee, executive vice president of Samsung Mobile, told CNET.

Samsung considers the business world to be its next avenue of growth, and has already positioned its ads to emphasize the security and enterprise-ready aspects of its products. In doing so, Samsung is going after a business long dominated by BlackBerry, and … Read more

Add Microsoft to list of hacked companies

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised.

In a blog post late Friday, Matt Thomlinson, who directs the company's Trustworthy Computing Security program at Microsoft, wrote:

Consistent with our security response practices, we chose not to make a statement during the initial … Read more

Hacker says security flaw let him access any Facebook profile

A security hacker recently found a flaw in a Facebook system that allowed developers to access anyone's Facebook account through app permissions.

Though Facebook has fixed this issue, Nir Goldshlager, a Web application security specialist who looks for these types of flaws professionally, found more app authorization bugs that need fixing, according to his blog. App permissions are what developers use to access the user data needed to run their apps. Users give them access permission when they install the apps.

"I found a couple more OAuth flaws in Facebook, just waiting for a fix to post about … Read more

HTC settles with FTC over software security vulnerabilities

Mobile handset maker HTC has agreed to settle a complaint filed against it by the Federal Trade Commission accusing the company of failing to take "reasonable steps" to patch a security flaw in software running on its smartphones.

As part of this settlement, HTC has agreed to patch handsets that were left vulnerable to the security risks. And the company has agreed to develop a security program to address future security issues on its handsets.

HTC has already begun rolling out the patches to devices in the U.S., according to the FTC.

In its complaint, the commission … Read more

Homeland Security: Let's be clear about aerial drone privacy

A Homeland Security office says it plans to review the privacy implications of using drones to monitor U.S. citizens.

The department's Office for Civil Rights and Civil Liberties has created a working group that will "clarify any misunderstandings that exist" about DHS's drone program, as well as make an effort to "mitigate and address any outstanding" privacy concerns.

Tamara Kessler from DHS's civil rights office and Jonathan Cantor, DHS acting chief privacy officer, sent the memo (PDF) describing the review to Secretary Janet Napolitano last September. It was released this week.

It … Read more

Twitter aiming to slash phishing e-mails sent from 'Twitter.com'

If you get an e-mail saying it's from Twitter, the social-networking company wants to assure you that it's really from Twitter and that there's no need to worry that someone's out to steal your password.

At least, it's almost certain that the e-mail you just got from a Twitter.com address is not a phishing attack, the company said in a blog post today.

Twitter said it has adopted a new security protocol known as DMARC that was designed by a consortium in order to cut way down on phishing attempts.

DMARC solves a couple … Read more