Security and spyware

OAuth 2.0 promised to improve authentication on the Net, but its author has resigned from the project after concluding the standard "is a bad protocol."

"When compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure," Eran Hammer-Lahav said in a blog post yesterday. "I resigned my role as lead author and editor, [withdrew] my name from the specification, and left the working group...Deciding to move on from an effort I have led for over five years was agonizing." … Read more

A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them.

"Let's just say that in some places you find guys with body piercings and nonregulation haircuts," U.S. Naval Postgraduate School professor John Arquilla said in an interview with The Guardian published today. "But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."

Arquilla argues that there are … Read more

The FBI today made good on its promise to take down its DNSChanger network. But people who ignored warnings may find themselves unable to get online.

At 12:01 a.m. EDT today, the FBI shut down the DNS servers that had kept computers infected by the DNSChanger malware still able to connect to the Internet, according to the Washington Post.

About five years, a group of hackers who deployed the DNSChanger malware, which modified the DNS settings of infected computers to point to rogue servers. After catching the criminal gang and taking controls of the servers, the FBI converted … Read more

If you're one of thousands of people infected with the DNSChanger malware, get rid of it before Monday.

On July 9, the FBI will be switching off servers it used to keep those infected with the malware on the Internet. The organization says maintaining the servers is costly and that therefore the agency won't extend its support.

DNSChanger was first discovered in 2007 and was found to have infected millions of computers worldwide. The payload effectively modified a computer's DNS settings to redirect traffic through its rogue servers. When users typed in a domain name in a … Read more

The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.

Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.

But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.

Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.… Read more

An Indian court has decided to clarify a previous order that saw entire Web sites taken down for fear of a single movie being pirated.

India's Medianama is reporting today that the Madras High Court recently limited a badly drafted April ruling on the subject. The court said in its updated ruling, according to Medianama, which obtained a copy of it, that "the interim injunction is granted only in respect of a particular URL where the infringing movie is kept and not in respect of the entire website. Further, the applicant is directed to inform about the particulars … Read more

Microsoft faces a tough time trying to pull off its goal of setting IE10's Do Not Track feature as the default.

The Do Not Track, or DNT, feature in a browser is supposed to send a signal to third-party Web sites, telling them not to track your Internet activity. Most browsers include this as an option that the user can turn on or off.

Microsoft wants to turn the feature on by default in Internet Explorer 10, seeing it as a necessary step in giving users more control over how their online activities are tracked, shared, and used. But … Read more

The infamous Flame virus can infect even secure PCs by tricking them into believing its malicious payload is actually an update from Microsoft.

As we already know, Flame has gained traction by tapping into security certificates for Microsoft's Terminal Server. Though they appear to be digitally signed by Microsoft, the certificates are actually cooked up by the people behind Flame, thereby tricking PCs into accepting them as legitimate.

Microsoft and Symantec revealed yesterday that the virus can up the ante by using the fake certificates to spoof Microsoft's own Windows Update service. As such, Windows PCs could receive … Read more

Have you ever received an e-mail with a link to an e-card and wondered whether it was legit?

Those of you who send or receive e-cards via American Greetings now have an extra layer of protection against phony phishing e-mails.

Working with security company Agari, American Greetings has put in place a new spec called DMARC (Domain-based Message Authentication, Reporting and Conformance) geared toward protecting its users.

DMARC is a verification system that can determine whether e-mails are coming from legitimate senders or imposters trying to coax people to click on malicious links. The system shares feedback among companies to … Read more