Security and spyware

Microsoft online customer accounts hacked in India

Microsoft's online store in India was hacked on Sunday, resulting in the theft of usernames and passwords of the site's customers.

A Chinese group of hackers calling itself Evil Shadow Team took credit for the hack, posting screenshots of obscured usernames and passwords that it found unencrypted on the site, according to Reuters. The group touted the attack on its own blog (here's an English translation). posting a screenshot of the hacked Web site with the message: "Unsafe system will be baptized."

Microsoft has since taken down the hacked site and replaced it with a … Read more

Do Not Track Plus add-on stops the tracking paparazzi

If ad-blocking is the hacksaw of Internet-protecting add-ons, the overhauled add-on Do Not Track Plus bows today as a finely honed scalpel, excising tracking behaviors embedded in sites without destroying the modern Web.

Released exclusively through CNET Download.com, Do Not Track Plus 2.0.4 follows last year's beta release with a greatly expanded feature set, better performance, and is available on four of the five major browsers. You can download Do Not Track Plus for Firefox (Windows | Mac), Chrome (Windows | Mac), Internet Explorer (Windows only), and Safari (Windows | Mac).

The intent of the free add-on is as … Read more

Hackers release source code for Symantec's PCAnywhere

A group of hackers has released the source code for Symantec's PCAnywhere product.

The public release of the code yesterday came as no surprise as the hackers had been threatening such an action in a series of e-mail negotiations with what they thought were representatives of Symantec. The group, known as Yamatough but operating under the umbrella of Anonymous, had been demanding a $50,000 payoff from Symantec to keep the source code private.

Yamatough was actually negotiating with law enforcement officials posing as Symantec representatives in an attempt to draw out the group. But a "spokesperson" … Read more

Path shares photos--oh, and uploads your contacts, too

The popular photo sharing service Path is deep in the weeds today after a blogger revealed that the company's app automatically uploads iPhone users' entire address books to its servers.

In a blog post, a developer named Arun Thampi said that he discovered that his "entire address book (including full names, emails, and phone numbers) was being sent...to Path." And while he also wrote that he wasn't accusing Path of doing anything "nefarious," he noted that the service had never asked for his permission to upload something as sensitive as his contacts.

In … Read more

Symantec declares PCAnywhere safe with latest security patch

PCAnywhere customers' computers are apparently safe again as long as they apply the latest security patch to the software.

Following news of the theft of the product's source code, Symantec last week advised customers to disable the software to guard against cyberattacks.

But a round of free upgrades released last week were aimed at cleaning up the vulnerabilities.

On January 23, Symantec released a patch to secure PCAnywhere 12.5. And then January 27, the company rolled out another patch directed toward PCAnywhere versions 12.0 and 12.1.

Posting the latest information about the security updates and the source code theft, … Read more

Google responds to Congress over privacy policy inquiries

Google has responded to Congress, defending its decision to make a controversial change to its privacy policy.

In a 13-page letter (document) to several Congress members, Google explained its decision for changing its privacy policy, and answered a host of questions posed by the lawmakers after the search giant announced its plans.

"Last week we heard from members of Congress about Google's plans to update our privacy policies by consolidating them into a single document on March 1," Google director of public policy Pablo Chavez wrote today in a blog post accompanying the letter. "Protecting people'… Read more

Mobile security app from McAfee hits 2.0

The latest update to McAfee Mobile Security opens a window onto app permissions and gives you a filter to screen out annoying communiques.

McAfee Mobile Security 2.0 (download for Android) arrived in the Android Market three days ago, and brings two new features to its already-robust set of options for Android, BlackBerry, and Symbian users. The new App Protection interprets how apps handle your personal and private data, and tells you whether those app permissions are risky. What it doesn't do is advise you what to do about those risks, but to be fair, none of the other … Read more

Symantec tells customers to disable PCAnywhere

Symantec is urging customers to disable PCAnywhere until it issues a software update to protect them against attacks that could result from the theft of the product's source code.

Someone broke into Symantec's network in 2006 and stole source code for PCAnywhere, which allows customers to remotely connect to other computers, as well as Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks, the company said last week. Earlier this month, hackers in India affiliated with the Anonymous online activist group said they had gotten the code off servers run by Indian military intelligence.

Hackers have threatened … Read more

Intego publishes a 2011 Mac security overview

Security company Intego has offered an overview of the OS X security scene (PDF) in the past year.

The overview summarizes the various malware attempts we've seen on OS X in 2011, but also covers a number of other security vulnerabilities both in OS X and common applications, as well as on social media sites and even e-mail phishing scams.

The article covers a number of details about Mac security, but overall touches on the following key points:

2011 offered the most malware for the Mac since the introduction of OS X. None of the malware was viral in … Read more