Security

New utility nabs OS X keychain passwords

Yesterday a new open-source project was posted on GitHub that contains the source code for a utility to scour a Mac system's memory and list the entire contents of a targeted keychain. While this utility may raise some concern and its approach potentially be used for malicious activities, its abilities do not arise from a vulnerability in OS X.

The utility is a small C program called keychaindump that, with administrative privileges, will scan the system's active memory for the wrapper and master keys to unlock a targeted keychain file; however, the utility will work only on keychains … Read more

Feds probe alleged hacking theft of Romney's tax returns

The U.S. Secret Service is looking into claims that someone stole presidential nominee Mitt Romney's income tax returns and is threatening to release them if he doesn't pay up.

Secret Service spokesman George Ogilvie told CNET today that the agency is investigating, but had no further comment.

The claim was made in a post on the Pastebin site on Sunday that alleged that Romney's federal tax returns were taken from the offices of PriceWaterhouse Coopers in Frankin, Tenn., on August 25 by someone who snuck into the building and made copies of the document. The message … Read more

AVG goes all-in with Windows 8

Microsoft is forcing everybody to rethink the operating system that everybody loves to hate with Windows 8, and that includes security suite makers. Freeware faves AVG leap into the future today with a touch-friendly interface, a zippy installation, and impressively fast scans.

The upgrades are available at no cost as AVG Anti-Virus Free 2013 (download), or as a paid update to AVG Anti-Virus 2013 (download) and AVG Internet Security 2013 (download), exclusively from Download.com today.

Security vendor claims about being faster, or better, or able to protect your computer while doing your dishes, are perennial boasts. At least in … Read more

Cybercrime costs U.S. consumers $20.7 billion

U.S. consumers lost $20.7 billion to cybercrime over the past 12 months, with 71 million Americans falling victim to online perps, according to new research.

Meanwhile, worldwide losses resulting from cybercrime including malware attacks and phishing hit $110 billion between July 2011 and the end of July 2012, a report by security company Symantec (PDF) has found.

On average, each victim experienced $197 in direct financial loss. In the United States, the average loss was $290.

According to the report, an estimated 556 million adults across the world had first-hand experience of cybercrime over the period -- more … Read more

As Windows goes touch, Norton goes social

Symantec's annual Norton security suite delivers an interface optimized for Windows 8, but its new features address the mobile and social implications of the era arriving with the new operating system at the end of October.

The new features in Norton Anti-Virus 2013 (download), Norton Internet Security 2013 (download), and Norton 360 2013 (download), aim squarely to cut down on social engineering threats like scams and phishing attacks.

Windows 8 is already gaining a reputation as the safest version of Windows to date, but this doesn't surprise Gerry Egan, Norton's senior product manager. "Each time Microsoft … Read more

FBI finds no evidence that AntiSec hacked its laptop

The FBI said today that it does not know anything about a laptop that hackers say they compromised and that led them to millions of Apple iOS device user details, of which 1 million have been released on the Web.

"The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed," said an FBI spokesperson. "At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data." Before the statement was released the … Read more

How the pros thwart computer spies with James Bond tricks

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to Shanghai on a work trip. For a computer, though, he carried only a stripped down Netbook that he modified using a trick even James Bond would have admired. He sawed off the end of one of the laptop case screws and mashed a small bit of a crushed Altoids mint into the hole before putting the screw back in. After leaving it in his hotel room for a few hours, he came back to find that the powder had disappeared. Something had caused … Read more

A who's who of Mideast-targeted malware

What's up with all the malware aimed at the Middle East?

For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known … Read more

Oracle patches Java 7 vulnerability

In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.

In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.

Even though … Read more