Vulnerabilities and attacks

Power utilities in the U.S. are under daily cyberattacks, according to report released Tuesday by members of Congress.

Of about 160 utilities surveyed in the 35-page report (PDF), more than a dozen reported "daily," "constant," or "frequent" attempted cyberattacks on their computer systems.

"Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks," the report said. "While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber … Read more

After the hacking collective Anonymous launched a Twitter campaign pledging to go after the Guantanamo Bay Naval Base in Cuba, the U.S. military barred all Wi-Fi access on the base, according to the Associated Press. All social media, including Facebook and Twitter, also has been banned.

Army Lt. Col. Samuel House told the Associated Press that the shuttering of the base's Wi-Fi was because of Anonymous' public plans to "disrupt activities" at the military prison.

While no disruptions have yet been reported, according to the Associated Press, Anonymous has promised to make good on its threats.… Read more

U.S. officials are concluding that the 2010 hacks into Google's servers may have ended with Chinese hackers getting ahold of sensitive data, according to The Washington Post.

Current and former government officials told the Post that the hackers were able to access information on U.S. intelligence, as well as find out which possible Chinese spies government officials may have been targeting.

In January 2010, Google shocked the security community by being one of the first tech companies to disclose that it and other companies had been hit by attacks that originated in China. The Web giant said … Read more

Mozilla is taking steps to lock down mixed content Web sites for Firefox in an update Friday to Firefox 23 Aurora.

In Firefox 23 Aurora, the pre-beta version of the browser for Windows, Mac, and Linux, Mozilla will block by default mixed active content. Mixed content is a term that refers to a Web site secured with HTTPS that loads some of its content, such as images or scripts, from standard HTTP sources, and can lead to eavesdroppers and man-in-the-middle attacks.

Mixed active content describes things like scripts because they can actively change how you interact with the site. Mixed … Read more

How do you create a password that's strong yet easy to remember? That's the challenge we all face, and one that's prompted a few words of wisdom from McAfee.

In honor of Intel's so-dubbed Password Day, McAfee unveiled a series of tips and tricks on Tuesday aimed at helping all of us juggle the passwords we're forced to maintain across the Web. Its parent Intel has also chimed in with a page that tells you how long it would take to break a certain password. Let's look at Intel's page first.

Browse to … Read more

Twitter knows that many high-profile accounts have suffered at the hands of hackers in recent days, but is putting much of the onus of responsibility on the account holders themselves.

On Monday, Twitter sent a memo to major media and news outlets about the threat -- if they hadn't known already or at least reported on some of them -- and noted that it believed these "attacks will continue." (Buzzfeed posted the memo in full.)

Twitter acknowledged that the "incidents" appear to be "spear phishing attacks that target your corporate email," that appear … Read more

We've all heard of a distributed denial of service (DDoS) attack and know what it is: when a person or people attempt to take down a Web site by flooding it with connection requests. These max out the site's bandwidth, making it unable to accept new requests. The attacks are usually automated and can be accomplished in a variety of ways. The loss of traffic during the attack itself, and the recovery afterward, can end up costing Web sites quite a lot.

But what does that actually look like? Well, nothing by itself; but thanks to a Web site traffic visualization tool called Logstalgia, Ludovic Fauvet, developer of the Web site VideoLAN (which created and distributes the free multimedia player VLC), managed to capture an April 23 DDoS attack on his site. … Read more

Daily deals Web site LivingSocial is the latest database target for hackers, who have compromised the personal information of more than 50 million people.

In internal LivingSocial e-mails obtained by AllThingsD, the unknown culprits appear to have made off with the names, e-mails, birthdates, and encrypted passwords of what appears to be the vast majority of LivingSocial customers.

The Washington, D.C.-based site, owned in part by Amazon, claims around 70 million customers worldwide. The company's divisions in the Philippines, South Korea, Indonesia, and Thailand remain unaffected because they are hosted on different servers.

To put this breach … Read more

Authorities in Barcelona have arrested a Dutchman for his alleged involvement with one of the Web's biggest cyberattacks, the BBC reported today.

Spanish police detained a 35-year-old man believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker. Officials are making plans for his transfer to the Netherlands.

It was widely reported previously that Cyberbunker, a site hosting company, was behind the multiple Web attacks on Spamhaus, an antispam organization. The attack -- called a distributed denial-of-service, or DDoS, attack -- involved overloading Spamhaus' severs with requests. It also slowed down the Internet for part of Europe, … Read more