Security

A new kind of vulnerability popped up recently, one that lets hackers stick a USB thumb drive into a computer -- even if it's logged-off or locked -- type out a bit of attack code and steal whatever data they want.

In an effort to avoid this type of cyberattack, Microsoft issued its monthly software patches today and included a fix for this Windows vulnerability called MS13-027. This vulnerability lets a hacker get into the computer with a thumb drive and take over administrative privileges.

"When the Windows USB device drivers enumerate the device, parsing a specially crafted … Read more

The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.

The Chinese government today responded to a U.S. invitation to enter into a dialogue with the U.S. over acceptable behavior in cyberspace, Reuters reported.

At a daily news briefing, Foreign Ministry spokeswoman Hua Chuying said that "China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain … Read more

Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.

The process would be similar to that of a typical malware infection.

An attacker might tempt users to visit a malicious Web site by promising something … Read more

Gawker's headline tells the story: Either Colin Powell's official Facebook page got hacked or the former U.S. Secretary of State has had a drastic change of heart about the president he served.

Powell's Facebook page was pulled down today after it wound up hosting a series of sometimes scatological references to George W. Bush, according to Gawker which saved some of the posts.

This is just the latest in a spate of high-profile hacks launched against personal and private accounts. Sometimes the object has been public embarrassment, other times an effort to insert malware. In mid-February, … Read more

AUSTIN, Texas -- Once again, Uncle Sam wants you. This time, the U.S. government is after your nerdy, data- and public policy-obsessed brains.

That was the message delivered by Acting Undersecretary of State for Arms Control and International Security Rose Gottemoeller to a small but actively curious group of techie and policy wonks at South by Southwest today.

In a session entitled, "Mobilizing Ingenuity to Strengthen Mobile Security," Gottemoeller and CNET reporter Daniel Terdiman discussed the U.S. government's interest in getting the public more involved in disarmament and the detection of weapons of mass destruction. … Read more

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more

Identity thieves are more active than ever. In 2012, the Federal Trade Commission received more than 2 million consumer complaints overall, and for the 13th consecutive year, identity theft was the most-common complaint category: 369,132 ID-theft reports were added to the FTC's Consumer Sentinel Network in the year, an increase of more than 30 percent from 2011.

Last week the FTC released its 2012 Consumer Sentinel Network Data Book (PDF). According to the report, the fastest-growing category of identity theft relates to government documents and benefits: complaints in this category increased 46 percent from calendar-year 2010. Credit-card fraud (… Read more