Security

A bipartisan group of lawmakers has introduced a new bill, known as the Geolocation Privacy and Surveillance Act, to force law enforcement to obtain a warrant to track suspects with GPS devices.

The bill, which was introduced to Congress yesterday, is sponsored by Reps. Jason Chaffetz (R-Utah) and Jim Sensenbrenner (R-Wis.), as well as Sen. Ron Wyden (D-Ore.) and House judiciary committee ranking member Rep. John Conyers (D-Mich.). If passed, it would provide a "legal framework" that provides clear guidelines on when and how GPS devices can be accessed and used.

"New technologies are making it increasingly … Read more

South Korea apparently still has a mystery on its hands. Who launched a cyberattack against several of its banks and broadcasters this week?

Regulators for the country initially pointed the finger at China, saying that the attacks originated from a Chinese IP address. But they admitted today that they jumped the gun.

The IP address used in the attack was actually traced to one of the banks hit on Wednesday. South Korea's NongHyup Bank had been using the address as a virtual one for its internal network, according to Reuters. By coincidence, that address matched one registered in China.… Read more

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them … Read more

A security researcher has revealed a method for accessing applications running on a locked Samsung handset.

The flaw is somewhat similar to one that was revealed by another researcher earlier this year on iPhones. On a Samsung handset, users can, from the lock screen, pretend to dial an emergency services number, quickly dismiss it, and with some sleight of hand, quickly gain access to any app or widget, or the settings menu in the device. The dialer can also be launched, allowing the "hacker" to place a call.

According to Terence Eden, who discovered the flaw and posted … Read more

South Korea's police are currently investigating a "massive" hack attack on Internet service provider LG Uplus, which led to server outages at three domestic broadcasters and two major banks.

As a result, the army raised its alert status amid concerns the attacks were initiated by its neighbors in North Korea.

Reuters reported Wednesday that authorities were looking into the attack on LG Uplus, which was suspected to be conducted by a group calling itself the "Whois Team".

The investigations were triggered by disrupted servers at television networks YTN, MBC and KBS. Customers at Shinhan Bank … Read more

JP Morgan Chase denied this evening that it had suffered a hack that many customers claimed had suddenly reduced their checking account balances to zero.

After discovering the apparently empty accounts via the Internet or mobile devices, many Chase banking customers turned to Twitter to express their frustration and show screen shots of zero balances. Other users were greeted with messages that their bank account balances were unavailable.

But a spokesperson for the bank told CNET this evening that the problem was related to an internal issue and not a security breach.

"We have a technology problem regarding customers' … Read more

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

I feel sure this story might be an inspiration to some, especially those who enjoy showing solidarity for their fellow worker.

For it seems that several doctors in Sao Paulo, Brazil, decided there was a way to fool the biometric scanners on which they clocked in with their fingers.

They allegedly created more fingers. Fake ones, out of silicone.

As AFP reports, an investigation by Globo television showed a doctor using the fake fingers to fool the machines.

The machines dutifully printed out a paper record of a doctor's attendance, when he or she wasn't actually there.… Read more