Consumer software and hardware

A fresh installation of Windows offers users a chance to get things clean and tidy from the beginning, but it also means a lot of work reinstalling applications you may have had on an older build.

If you've planned ahead, you can go out and download all the installers you think you'll need, then put them on a thumb drive or a disc. Or you can skip all that work and use Ninite (formerly Volery), a very simple tool for Windows that will go out and download all the latest versions of the software you pick from its … Read more

Using VoIP-based mobile devices over Wi-Fi or IP video phones? Be careful.

Researchers plan to demonstrate this weekend how they can eavesdrop on voice over IP conversations made using an iPhone over a Wi-Fi network and snoop on video and audio communications between IP video phones.

These types of man-in-the-middle eavesdropping attacks aren't new, however these could be the first public demonstrations of them on these particular platforms.

In the VoIP demo at ToorCon in San Diego on Saturday, Jason Ostrom, director of Viper Lab at Sipera Systems will listen to the conversation of someone talking on an iPhone … Read more

In a security industry full of FUD and hype, cryptographer and consultant Bruce Schneier offers a no-nonsense reality check verging on social commentary.

He has worked on numerous ciphers, hash functions, and other cryptographic algorithms that are arcane to the average computer user but which have been instrumental in protecting the privacy of data. But his influence extends beyond the world of encryption.

Schneier wrote several bestselling books--including "Secrets and Lies: Digital Security in a Networked World," "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," and his latest, "Schneier on Security"--that provide perspective on risks and threats in everything from e-mail to airport security. And his Cryto-Gram newsletter and blog are considered must-reads inside and outside the industry.

Opinionated and cynical, he doesn't hesitate to point out that one of the biggest limitations of technology is people. ("The user's going to pick dancing pigs over security every time," he has been quoted as saying.)

In an e-mail interview with CNET News, Schneier pokes fun at National Cyber Security Month, talks about his background in crypto and working for the U.S. Defense Department, and says he fears privacy invasion more from marketers than governments or criminals.

Q: You started out as a cryptographer but are considered an expert on all types of security threats, hypes, and realities. Do you still do much cryptography? Schneier: Some. I'm a member of the cryptographic team that developed the Skein hash function, currently a second-round candidate in NIST's competition to choose an SHA-3. These competitions are kind of like cryptographic demolitions derbies: all the teams put their algorithms in the ring and try to beat up everyone else's. NIST received 64 submissions, of which 51 met the submission criteria. Of those 51, 14 proceeded to the second round. It's great fun to be working on this.

Overall, though, I am not doing a lot of cryptography. Over the past several years I have been studying security economics, and more recently, the psychology of security. These are important new fields that will have many lessons for security technology.

What are your thoughts on the state of cryptography today? There doesn't seem to be anything going on as exciting as the crypto battles of the 1990s. Schneier: We really have all the cryptography we need for the foreseeable future; the problem is using it securely. Computer and network security are by far the weaker links. Even worse are things like user interface, installation, implementation, configuration, use, and update. There's so much good cryptography that doesn't get used properly because of one of these issues. These are hardly new areas, but they're the areas that need the most work.

Do you encrypt your e-mail?… Read more

Corporate IT departments should be pleased with new security measures in Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say.

Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorized execution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating … Read more

Microsoft on Wednesday said it is fixing a bug in Bing that allowed spammers to bypass spam filters and distribute malicious links.

Researchers at Webroot Software discovered a spam campaign earlier this week that used the search engine's own redirection mechanism and a link-shrinking technique to send people to spam Web pages, according to a post on the Webroot threat blog.

The problem is with how Bing formats links in RSS feeds. The redirect from Bing to the spam site is not obfuscated, allowing scammers to append anything to the end of the Bing redirect URL and thus trick … Read more

Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.

The vulnerability in the SMC8014 cable modem/Wi-Fi router provided to customers was detailed in a blog post written by David Chen, a software engineer and co-founder of the Pip.io social communications platform start-up.

"We are aware of the issue and we are hard at work on a solution and … Read more

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting. … Read more

Microsoft has begun the process of restoring data to Sidekick owners who have been without it since a massive outage began at the beginning of the month, the software giant said Tuesday.

In a statement, Microsoft said it has posted a tool to T-Mobile's Web site that allows Sidekick owners to restore their address book.

Although it initially feared that much data might be lost, Microsoft said last week that it expected to be able to recover most, if not all, of the information. However, the company also said that the process of bringing back the data will go beyond this week. … Read more

Microsoft on Monday apologized for the length of time it is taking to restore missing data to T-Mobile Sidekicks. The company said it expects to begin restoring data this week, but added that bringing back all data will take longer than that.

In a note on its Web site, Microsoft said that the reason for the delay is that the company wants to make sure that it doesn't risk messing up data as it restores information to users' phones.

"The Danger/Microsoft team is continuing to work around the clock on the data restoration proces," Microsoft said. &… Read more