Security and spyware

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

NBC's Web site is up and running again after being knocked offline by a cyberattack for several hours yesterday.

The NBC site was the victim of a form of malware known as the Citadel Trojan. This specific strain targets companies in an attempt to steal usernames, passwords and other sensitive data. People who visit sites infected by the trojan can find their own PCs infected as well.

In the past, Citadel typically attacked banks and financial firms but has since expanded its reach to a wider range of organizations.

NBC, which is part of cable giant Comcast, is still trying to figure out how the attack occurred, … Read more

Oracle has rushed out a new Java security patch designed to plug up a range of holes in the software.

The February Critical Patch Update for Java SE addresses 50 security vulnerabilities, 44 of which affect the use of Java as a plug-in for Web browers, according to an Oracle blog posted Friday. If not properly patched, the plug-in could open the door for attackers to remotely execute code on a PC or Mac by directing users to malicious Web sites.

"The popularity of the Java Runtime Environment in desktop browsers, and the fact that Java in browsers is … Read more

To improve security and cut crashes, Firefox will block plug-ins including Microsoft Silverlight, Adobe Reader, Apple's QuickTime and Oracle's Java, Mozilla said.

Only the newest version of Adobe Systems' Flash Player will be run by default, said Michael Coates, Mozilla's director of security assurance, in a blog post yesterday.

Plug-ins extend a browser's ability to run software or handle different media and file formats, but that extra ability opens new avenues for attack. They've been a staple of Web development for years, but browser makers are working hard to reproduce their abilities directly with Web … Read more

Microsoft will fix a zero-day hole in IE today almost a week after this month's regular Patch Tuesday updates.

Discovered late last month, the vulnerability could allow attackers to gain control of a Windows computer running one of the older versions of IE by directing users to malicious Web sites. In response, Microsoft had suggested several workarounds and even offered a "one-click fix" designed to mitigate the problem, but those were considered temporary solutions.

Today's update will fully resolve the issue, according to Microsoft. Scheduled for rollout at 10 a.m. PT, the fix will be … Read more

The Chinese government is once again imposing new restrictions on Internet use.

A decision approved today by the Standing Committee of the National People's Congress institutes an "identity management policy," according to China's official Xinhua news agency. Such a policy requires Internet users to use their real names when registering with an online provider or mobile carrier.

Though most Chinese Internet users already use their real names to sign up for online accounts, the new policy makes it the law.

Li Fei, deputy director of the Commission for Legislative Affairs of the Standing Committee, did acknowledge … Read more

Facebook has started dribbling out the latest changes to its ever-changing privacy controls.

New privacy notifications and menus are now greeting members as they log in to the social network, according to The Next Web. Facebook users in New Zealand seem to be the first on the list to have received these updates.

Based on screenshots published by TNW, members receive a new message alerting them to the changes and explaining how they can block specific users.

A privacy shortcut menu is now part of the main toolbar at the top of your Facebook page. Previously, you'd have to … Read more

Twitter users who post tweets to their feeds via SMS could be vulnerable to a security flaw, according to a security consultant.

Jonathan Rudenberg yesterday posted to his blog an SMS vulnerability he discovered in Twitter that allows anyone who has knowledge of someone's mobile number to post tweets to that person's feed.

In order for the vulnerability to be exploited, victims must have SMS tweeting authorized on their accounts. From there, the would-be poster needs only to spoof their actual mobile number through an SMS gateway -- something Rudenberg says can be done very easily -- and … Read more

Bradley Manning, the U.S. Army private accused of sharing documents with WikiLeaks that were eventually released on the Internet, is now one step closer to handling some of the claims brought against him.

Military judge Col. Denise Lind today accepted the language used to describe seven charges to which Manning could plead guilty. The charges include Manning willfully sending videos, war logs, and other classified materials to WikiLeaks.

The Associated Press was first to report on the ruling.

To be clear, Col. Lind's ruling does not imply that Manning willl offer a guilty plea. Instead, the ruling approves … Read more