Security & Privacy

Two-factor authentication: What you need to know (FAQ)

Twitter announced on Wednesday that they've started supporting two-factor authentication, joining a growing list of major Web services that offer the more secure login method.

Two-factor authentication, or 2FA as it's commonly abbreviated, adds an extra step to your basic login procedure. Without 2FA, you enter in your username and password, and then you're done. The password is your single factor of authentication. The second factor makes your account more secure, in theory.

"Twitter made the decision to use SMS [to deliver its second factor] because it makes sense from their position," said Jon Oberheide, … Read more

Is protecting intellectual property from cyberthieves futile?

LAGUNA BEACH, Calif. -- After the publication of the Mandiant report earlier in the year linking China's People's Liberation Army to ongoing and massive cyberattacks against U.S. corporations, government agencies, universities, and other organizations, policy makers and industry experts have been trying to figure out how to better secure their intellectual property against cyberattacks.

Call it a work in progress.

"The frustration for me is that in the U.S., parties who have valuable intellectual property are not adequately protecting their data," said Richard Marshall, former director of Global Cyber Security Management for the Department … Read more

Help protect yourself from signed malware in OS X

There is no question that regardless of the computing platform you use, malware happens. To help prevent these and other unwanted programs from running, Apple includes a data execution prevention routine called GateKeeper, which offers three layers of protection. The first allows everything to run, the second allows only applications signed with a valid Apple Developer ID to run, and the third allows only programs distributed through the Mac App Store to run.

Apple provides the Developer ID option with the assumption that most who use its Developer program create legitimate and trustworthy code, since their works will be easily … Read more

The wide world of hacking in China

China has been cited as allegedly hacking into U.S. government and corporate networks for years now. Generally, the thinking has been that the government is the only entity in the country actively hacking. But a new report seems to indicate that's not even close to the truth.

The News York Times on Thursday released a report on hacking across China. The Times found that not only does hacking occur at the highest levels of the government, but that everyone on down from local law enforcement officials to company owners to criminals are using their hacking techniques to take … Read more

Kim Dotcom threatens to sue Twitter, others over patent

Kim Dotcom says he doesn't really want to sue Google, Facebook, Twitter, and other companies, but he really needs some help funding his defense.

The eclectic and controversial MegaUpload founder today said he invented two-factor authentication, which is being used by more and more companies to secure access to their sites. The verification steps aim to reduce the likelihood of online identity theft, phishing, and other scams because the victim's password would no longer be enough to give a thief access to their information.

Along with Twitter's recent introduction, Microsoft, Apple, Google, Facebook, PayPal, and countless other … Read more

SAP touts service that sells customer data from phone firms

Verizon Wireless already sells its customers' mobile data to marketers. Now European enterprise-software giant SAP is taking things a step further by testing a service that will sell data collected by a number of wireless providers.

SAP announced its Consumer Insight 365 mobile service this week at the CTIA 2013 wireless show in Las Vegas. The service will, the company said in a release, pull data from SAP's "extensive partner network" including "over 990 mobile operators;" aggregate and analyze it "without drilling down into user-specific information;" and make results available to subscribers through … Read more

Power utilities claim 'daily' and 'constant' cyberattacks, says report

Power utilities in the U.S. are under daily cyberattacks, according to report released Tuesday by members of Congress.

Of about 160 utilities surveyed in the 35-page report (PDF), more than a dozen reported "daily," "constant," or "frequent" attempted cyberattacks on their computer systems.

"Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks," the report said. "While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber … Read more

Guantanamo Wi-Fi shuttered after Anonymous hacking threat

After the hacking collective Anonymous launched a Twitter campaign pledging to go after the Guantanamo Bay Naval Base in Cuba, the U.S. military barred all Wi-Fi access on the base, according to the Associated Press. All social media, including Facebook and Twitter, also has been banned.

Army Lt. Col. Samuel House told the Associated Press that the shuttering of the base's Wi-Fi was because of Anonymous' public plans to "disrupt activities" at the military prison.

While no disruptions have yet been reported, according to the Associated Press, Anonymous has promised to make good on its threats.… Read more

Google breach may have led to sensitive data leaks

U.S. officials are concluding that the 2010 hacks into Google's servers may have ended with Chinese hackers getting ahold of sensitive data, according to The Washington Post.

Current and former government officials told the Post that the hackers were able to access information on U.S. intelligence, as well as find out which possible Chinese spies government officials may have been targeting.

In January 2010, Google shocked the security community by being one of the first tech companies to disclose that it and other companies had been hit by attacks that originated in China. The Web giant said … Read more

Future Firefox takes tougher stance on mixed content

Mozilla is taking steps to lock down mixed content Web sites for Firefox in an update Friday to Firefox 23 Aurora.

In Firefox 23 Aurora, the pre-beta version of the browser for Windows, Mac, and Linux, Mozilla will block by default mixed active content. Mixed content is a term that refers to a Web site secured with HTTPS that loads some of its content, such as images or scripts, from standard HTTP sources, and can lead to eavesdroppers and man-in-the-middle attacks.

Mixed active content describes things like scripts because they can actively change how you interact with the site. Mixed … Read more