Security & Privacy

Adobe said today it will revoke a code signing certificate after discovering malware that was digitally signed with the certificate.

"Adobe is currently investigating what appears to be the inappropriate use of an Adobe code signing certificate for Windows," Brad Arkin, senior director of security at Adobe, wrote in a blog post. "We plan to revoke the impacted certificate on October 4, 2012 for all software code signed after July 10, 2012."

"The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates … Read more

Telvent Canada says someone sneaked past its internal firewall, installing malicious software and stealing files related to control software it makes that's used to manage the electric grid in various countries.

The company warned customers last week that it learned of a breach of its network on September 10, according to the KrebsOnSecurity blog. Project files associated with the firm's OASyS SCADA (supervisory control and data acquisition) software were stolen, the post says.

"Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to … Read more

The American Civil Liberties Union today sued the U.S. government to get access to information about how authorities are using automated license plate readers to track people's movements and location.

The ACLU filed Freedom of Information Act requests on July 30 with the departments of Justice, Homeland Security, and Transportation to try to find out how much officials use the technology and how much it is paying to expand the program. Agencies are required by law to respond to FOIA requests within 20 working days, but more than a month later, only one DOJ office and a few … Read more

Eight companies accused of spying on consumers via rented computers have agreed to settle charges that they broke the law and engaged in unfair business practices, the Federal Trade Commission announced.

The rent-to-own companies are accused of using a program called "Detective Mode" that pinpointed the whereabouts of computers via geolocation tracking software if consumers were late on payments.

The software also was used to log key strokes, capture screen shots and take photos with the webcam, and it displayed a fake software registration screen ostensibly from Microsoft or Yahoo that tricked customers into providing their personal contact … Read more

A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.

Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to "at least partially" fix the problem.

The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing … Read more

In an attempt to find out which ads lead to purchases, Facebook is partnering with Datalogix, a company that compiles consumer purchasing data from retail stores. But the move has privacy advocates asking federal regulators to scrutinize the deal.

Marc Rotenberg, president of the Electronic Privacy Information Center, told CNET today that he will ask the Federal Trade Commission to investigate the new Facebook-Datalogix deal and determine whether the business practice complies with the terms of a recent $9.5 million agreement Facebook reached with the FTC to settle privacy complaints.

"In light of the recent consent order with … Read more

Researchers have uncovered a new cyberespionage campaign being waged on a large Philippine oil company, a Taiwanese military organization and a Canadian energy firm, as well as targets in Brazil, Israel, Egypt and Nigeria.

The malware being used is called "Mirage" and it leaves a backdoor on the computer that waits for instructions from the attacker, said Silas Cutler, a security researcher at Dell SecureWorks' Counter Threat Unit (CTU).

Victims are carefully targeted with so-called "spear-phishing" e-mails with attachments that are "droppers" designed to look and behave like PDF documents. However, they are actually … Read more

Upgrading to iOS 6? Be careful about leaving your locked iPhone unattended unless you change some settings. Otherwise an unscrupulous stranger could order Siri to send tweets and Facebook posts from your account that you didn't make -- even if your phone is locked.

Apple has added the ability for Siri to interact with Twitter and Facebook from the lock screen, just like you can use Siri to send text messages and e-mails and make calls on a locked device running iOS 5. If you don't want Siri to conduct these sorts of activities while the device is … Read more

Facebook today launched a plug-in for Web app developers to use that gives people greater control over what activities of theirs are shared back with Facebook to be broadcast to their friends.

Currently, when people use apps like Spotify that are linked to their Facebook accounts, they have to go to Facebook to change the privacy settings if they don't want to spam all their Facebook friends with the latest song they are listening to. But if developers add the "Shared Activity" plug-in to their apps, users can control the privacy settings related to what is shared … Read more