security

iOS 6 allows tweets, Facebook posts from locked device

Upgrading to iOS 6? Be careful about leaving your locked iPhone unattended unless you change some settings. Otherwise an unscrupulous stranger could order Siri to send tweets and Facebook posts from your account that you didn't make -- even if your phone is locked.

Apple has added the ability for Siri to interact with Twitter and Facebook from the lock screen, just like you can use Siri to send text messages and e-mails and make calls on a locked device running iOS 5. If you don't want Siri to conduct these sorts of activities while the device is … Read more

iPhone 4S, Samsung Galaxy S3 hacked in contest

Dutch and British hackers compromised an iPhone 4S and a Samsung Galaxy S3, respectively, in separate gambits as part of a mobile Pwn2Own contest at a security conference in Amsterdam this week.

Joost Pol, chief executive officer of Dutch research firm Certified Secure, and colleague Daan Keuper created an exploit that allowed them to hijack the address book, photos, browsing history and videos from a fully patched iPhone 4S at the EuSecWest conference, according to CNET sister site ZDNet. And that effort has implications for Apple's new iPhone 5.

"We specifically chose this one because it was present … Read more

Microsoft issues fix for IE hole; full update coming Friday

Microsoft today released so-called "Fix It" software that will protect Windows users from a critical Internet Explorer hole being exploited in attacks until the company releases a cumulative update for IE on Friday.

The Fix It tool "is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the Web, and it does not require a reboot of your computer," Yunsun Wee, Trustworthy Computer Director at Microsoft, said in a blog post. "This will not only reinforce the issue that the Fix It addressed, but … Read more

Get an iZon remote room monitor for $64.99

Wi-Fi Webcams can be really cool, allowing you to stream live video to, say, a laptop or phone without having to run cables all over the place.

But many, if not most, of them are expensive, unattractive gizmos requiring complicated setup and delivering iffy results.

They're getting better, though, and for today at least, more affordable: Ben's Outlet has the Stem Innovation iZon Wi-Fi Webcam for $64.99 shipped. That's half the list price, and definitely the best deal I've seen on this product.

The small, white, cylindrical iZon stands about 4 inches high on its … Read more

Bromium secures computers by holding apps in isolation

Some of the minds behind virtualization technology used by Amazon Web Services are launching new security software today called Bromium, which is designed to protect against attacks by keeping apps and their individual tasks separate from the operating system.

While traditional antivirus software prevents known malware from infecting machines, and firewalls block unauthorized packets from getting into the network, there isn't really a good solution for the biggest problem in security today -- the naive end user. An unwise click on a malicious attachment or URL is often the easiest way into an organization's network.

"We're … Read more

Microsoft offers advice to deal with IE security bug

Users of Internet Explorer versions 6 through 9 are grappling with another security flaw without a fix, but Microsoft has a few suggestions to help shore up protection.

Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. Microsoft said it's already aware of attacks that have tried to take advantage of this weakness.

Since no fix is yet available, it's up to users of IE to protect themselves. A new Microsoft Security Advisory offers several recommendations.

To start, the usual advice always applies. Make sure you'… Read more

Virgin Mobile user accounts are easily hacked, developer claims

A developer is taking Virgin Mobile USA to task, arguing that its username and password handling put users at risk.

Kevin Burke yesterday took to his personal blog to report that Virgin Mobile's authentication process only allows for users to input numbers as their account PIN. What's worse, he says, the password is limited to six numbers, leaving "only one million possible passwords you can choose."

"This is horribly insecure," Burke wrote. "Compare a 6-digit number with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits -- the latter has … Read more

New Internet Explorer weakness already exploited in attacks

A previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.

Security blogger Eric Romang, who uncovered the vulnerability this weekend, wrote on his blog yesterday:

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. Romang found an attack that … Read more

Chat app used by activists has security flaws, say critics

Several bloggers allege that the WhatsApp mobile chat program has weak security that puts users, which include human-rights activists, at risk.

In a series of posts on blogs and public Web pages, security and mobile researchers have been piling on the criticism of WhatsApp. Unfortunately, representatives of WhatsApp have not commented on the recent allegations, though criticism cropped up in May and even last year. WhatsApp did not respond to an e-mail from CNET seeking comment today. The company is unlisted in the San Francisco phone directory. We will update this post if we hear back.

The main complaints with … Read more