security

Outdated Java weak spots are widespread, Websense says

A new Websense report suggests that approximately 94 percent of endpoints that run Oracle's Java are vulnerable to at least one exploit, and we are ignoring updates at our own peril.

According to security researchers at Websense, it's not just zero-day attacks that remain a persistent threat. Instead, Java exploits are now a popular tool for cybercriminals.

With so many vulnerabilities, keeping browsers up-to-date can become an issue -- especially as Java has to be updated independently from our preferred browser, and a mobile, cross-browser workforce is difficult to manage securely. Keeping this in mind, the security … Read more

New Microsoft study says your software is counterfeit

In a new IDC white paper commissioned by Microsoft, cleverly titled "The Dangerous World of Counterfeit and Pirated Software: How Pirated Software Can Compromise the Cybersecurity of Consumers, Enterprises, and Nations...and the Resultant Costs in Time and Money" ( full PDF), there's a boatful of interesting statistics around "the prevalence of malicious code and unwanted software -- such as viruses, Trojan horses, keystroke-capturing software, authentication backdoors, and spyware -- in pirated software and on the Web sites and peer-to-peer (P2P) networks where such software is found."

"[U]sing information from a 10-country survey of … Read more

GSA vulnerability highlights dangers of SSNs as IDs

Recently, the General Services Administration sent an e-mail alert to users of its System for Award Management (SAM), reporting that a security vulnerability exposed the users' names, taxpayer identification numbers (TINs), marketing partner information numbers, and bank account information to "[r]egistered SAM users with entity administrator rights and delegated entity registration rights."

The notice warned that "[r]egistrants using their Social Security Numbers instead of a TIN for purposes of doing business with the federal government may be at greater risk for potential identity theft." Also provided was a link to a page on the agency's site … Read more

Apple ID security issue fixed, password page back online

Apple has fixed the security issue involving its Apple ID password-reset page, a vulnerability that had made it possible for hackers with a user's e-mail address and birth date to reset the user's password.

Apple said yesterday that it was aware of the issue and was preparing a fix. Meanwhile, the company had taken the "iForgot" reset page offline for maintenance. Now the page is back up, and Apple has confirmed the fix with CNET.

The security exploit made use of a special URL that got around the need to answer a security question. Apple had … Read more

Apple ID password reset exploit reportedly in the wild

A new exploit lets anyone who knows your birthday and e-mail address reset your Apple ID password, according to a new report.

The exploit, described by The Verge though not posted publicly, makes use of a special URL that gets around the need for a security question, a security measure Apple put in place on all Apple ID accounts last April.

The reported exploit does not work on accounts with two-step verification enabled, which Apple introduced yesterday, and does away with the security question in favor of sending a four-digit PIN code to a cell phone that needs to be … Read more

Anti-drone revolt prompts push for new federal, state laws

An unusual bipartisan revolt has erupted against law enforcement plans to fly more drones equipped with high-tech gear that can be used to conduct surveillance of Americans.

A combination of concerns about privacy, air traffic safety, facial recognition, cell phone tracking -- and even the possibility that in the future drones could be armed -- have suddenly placed police on the defensive.

A public outcry in Seattle last month prompted the mayor to ground the police department's nascent drone program. Oregon held a hearing this week on curbing drones, following one in Idaho last week. And on Tuesday, Rep. … Read more

Lawmakers introduce bill on warrantless GPS tracking

A bipartisan group of lawmakers has introduced a new bill, known as the Geolocation Privacy and Surveillance Act, to force law enforcement to obtain a warrant to track suspects with GPS devices.

The bill, which was introduced to Congress yesterday, is sponsored by Reps. Jason Chaffetz (R-Utah) and Jim Sensenbrenner (R-Wis.), as well as Sen. Ron Wyden (D-Ore.) and House judiciary committee ranking member Rep. John Conyers (D-Mich.). If passed, it would provide a "legal framework" that provides clear guidelines on when and how GPS devices can be accessed and used.

"New technologies are making it increasingly … Read more

Track your stolen wheels with BikeSpike

You've got the quality locks, you've seen the how-to-lock videos, and you're very careful about where to leave your bicycle. But is that enough?

Not according to the backers of BikeSpike, a GPS tracking device being promoted on Kickstarter.

If a thief makes off with your ride, the BikeSpike will show its map location on your mobile device or home computer. Police can be given access to the data to help recovery. … Read more

How to set up two-step verification for your Apple ID

Apple took a big step in helping Apple ID users in securing their accounts this week with offering two-step verification.

Two-step verification (or authentication as it's commonly referred to) adds an additional barrier of security between would-be hackers and your account. The extra barrier comes in the form of a four-digit code, which will be sent to a device of your choosing via the Find My iPhone app or SMS, after you've entered your password.

Step one: To add the extra layer of security to your account you'll need to visit the Apple ID settings page on … Read more