Ad: Manage updates with the Download App
  • CNET
  • All Security posts

Security

Airbnb starts verifying user profiles

Airbnb, which helps people find vacation rentals all around the world, today will start verifying the identity of all users by asking for their real-life papers, the company announced on Tuesday.

Airbnb is asking both travelers and those who have property listings to provide two forms of identification for a new verification process. The company will take people's IDs from Airbnb reviews and social media sites, like LinkedIn or Facebook, and will ask users to fill in information only they would know or scan a photo ID to confirm a match.

For now, the company plans to require 25 … Read more

See how beautiful a DDoS attack can look

We've all heard of a distributed denial of service (DDoS) attack and know what it is: when a person or people attempt to take down a Web site by flooding it with connection requests. These max out the site's bandwidth, making it unable to accept new requests. The attacks are usually automated and can be accomplished in a variety of ways. The loss of traffic during the attack itself, and the recovery afterward, can end up costing Web sites quite a lot.

But what does that actually look like? Well, nothing by itself; but thanks to a Web site traffic visualization tool called Logstalgia, Ludovic Fauvet, developer of the Web site VideoLAN (which created and distributes the free multimedia player VLC), managed to capture an April 23 DDoS attack on his site. … Read more

Google: No, app makers, you can't skip the Play Store

A change to the Google Play Store policy corrects a security loophole and forces all apps installed through the store to update through the store, too.

DroidLife is reporting the security fix puts the kibosh to apps that had been installed via the Play Store, but had been asking users to install updates outside of the marketplace workflow.

The change to the Content Policy, apparently shown to developers when they log in to the Play Store, admonishes them to not coerce their users into skipping the store. "An app downloaded from Google Play may not modify, replace or update … Read more

Google joins FIDO's crusade to replace passwords

A group of tech companies looking to replace passwords for online identity authentication gained a powerful ally Tuesday in the form of Google.

The consortium, called the Fast IDentity Online Alliance (FIDO), is working to develop standards-based alternatives for verifying a user's identity when trying to login to Web sites and online accounts. Formed in 2012, the group proposes specifications that will support a variety of authentication technologies, including biometrics such as fingerprint scanners and voice and facial recognition, as well as security tokens, near field communication, and one-time passwords.

The Web giant joins founding members Lenovo, PayPal, Nok … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more

Security certificate problem trips up Bing Web site

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m. PT when visiting https://bing.com.

The HTTPS standard governs how Web browsers and Web servers set up encrypted communications, for example so that others can't eavesdrop on network activity to find out what you're searching for, but valid and up-to-date security certificates are required for such communications.

"An attacker on your network could be trying … Read more

Boston bombings: How facial recognition can cut investigation time to seconds

After the Boston Marathon bombings, police in the city made a plea for people with cell phone video and pictures to turn over their footage, adding to the hours of surveillance video from nearby businesses. But what would normally take investigators hundreds of hours to review can now take minutes or even seconds, thanks to technology like facial recognition. The software, which can help pick a person out of crowd, looks for differentiating features -- from the shape of a mouth to the ridge on a nose to the distance between a pair of eyes.

3VR in San Francisco has … Read more

Top Wi-Fi routers easy to hack, says study

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken … Read more

Microsoft rolling out two-factor authentication

There have been hints for the past week-plus -- courtesy of Liveside.net -- that Microsoft was poised to roll out two-factor authentication for its Microsoft Accounts. On April 17, Microsoft did just that.

The company is calling this security process "two-step verification." Microsoft is making available two-step verification across all products and services accessible via a Microsoft Account. This includes Windows, Windows Phone, Xbox, Outlook.com, SkyDrive, Office, and more. The rollout will be happening over the "next couple of days," according to the company.

(Microsoft Account is the new name for Microsoft's Live … Read more

Targeted cyberattacks jump 42 percent in 2012, Symantec says

Internet users are seeing less spam but more targeted attacks, according to security software company Symantec.

Looking at last year's security landscape, Symantec's Internet Security Threat Report 2013 found that traditional spam accounted for 69 percent of all e-mail in 2012, down from 75 percent in 2011. Yet, 30 billion spam messages are still sent on a daily basis.

Junk e-mails that hawk sex or dating products and services now account for 55 percent of all spam, taking the top spot away from pharmaceutical spam.

Malware is also part of one out of every 291 e-mail messages, with … Read more