Subscribe to this page now.

Obama signs BuySecure executive order to hasten US EMV adoption

10/20, 1:57pm

Initiative adds EMV support to government channels, more identity theft protections, reporting

Last week US President Barack Obama signed an executive order that will help consumers that a victims of identity theft, as well as speed up the adoption of the Europay, MasterCard, and Visa (EMV) chip standard for credit and debit cards. In the executive order signed by the president, parts of the federal government will be adopting EMV measures, as well as strengthening the public's ability to monitor financial health or seek help when necessary.

more

Chinese government hijacking iCloud, Microsoft logins, reports say

10/20, 12:40pm

Users being redirected to dummy sites

China's state firewall is currently hijacking attempts to visit iCloud.com or Microsoft's login gateway, login.live.com, redirecting people to dummy websites, reports say. People visiting iCloud.com through Firefox or Chrome will see a warning page, but visitors with Qihoo -- the most popular browser in China -- are being forwarded directly to a dummy site with no obvious signs it isn't Apple's. It's believed that the Chinese government may be trying to harvest iCloud and Microsoft logins.

more

MasterCard prepares credit card with fingerprint sensor for 2015

10/19, 1:59pm

Zwipe, MasterCard team up to combine fingerprint authentication, contactless payments

At a press event last week, MasterCard and Zwipe announced a new type of payment card dubbed the Zwipe MasterCard. Where the new card is different from the the standard credit or debit card is in the payment process, looking to biometrics to approve purchases. The Zwipe MasterCard uses authentication via fingerprint for MasterCard contactless payment terminals, while retaining Europay, MasterCard and Visa (EMV) chips on cards.

more

Anonabox project killed by Kickstarter over security, hardware issues

10/18, 10:35am

Hardware appeared to be sourced from Alibaba, software straight OpenWRT

Following allegations casting doubt on the project, the TOR-based Anonabox Kickstarter project has been terminated. Since the launch of the security-minded Anonabox, and nearly instant completion of funding goals, commenters and other figures questioned the source of the hardware, the actual security of the device, and criticized the lack of a promised and complete open-sourcing of the code.

more

Mac version of 1Password 5 gets Yosemite makeover, sync upgrades

10/17, 2:45pm

Wi-Fi sync starts automatically once iOS devices are in range

AgileBits has released v5.0 of its password and credit card manager for the Mac, 1Password. The software has been redesigned to match the look of OS X Yosemite, including support for the OS' new dark mode. AgileBits is also exploiting changes to iCloud for "faster and more robust syncing;" the company warns, though, that iCloud sync now requires v5.0 on both iOS and OS X.

more

FBI director warns Apple, Google away from encrypting devices

10/17, 1:32pm

Encryption of smartphones hampers security efforts, claims FBI head

The head of the Federal Bureau of Investigation (FBI) has asked for companies to back away from encrypting consumer devices by default. Echoing similar comments made last month, Director James Comey spoke to the Brookings Institute yesterday about the issue, which is claimed will make it difficult for law enforcement officials to collect evidence from mobile devices.

more

Briefly: Office 2011 Mac security patch, DevonTechnologies updates

10/16, 4:13pm

Microsoft Office for Mac 2011 receives security update

Microsoft released a security update for its Office for Mac 2011 software the latest release being v14.4.5. Resolving vulnerabilities, the update prevents the possibility of remote code execution if a specially crafted file is opened in an affected version. Attackers could gain the same user rights as the current user if successful, and subsequently install programs, view, change or delete data; or create new accounts with full user rights. Full details can be found in Mircosoft's latest security bulletin on the matter.

more

Validity of Anonabox project examined over hardware sources

10/16, 11:15am

Reddit users suggest Anonabox created from existing routers sold in China

A Kickstarter campaign for a privacy-focused Wi-Fi router has drawn the ire of some Internet users, with the suggestion that all may not be as it seems. Reddit users are complaining about the Anonabox Tor router's claimed "open hardware," with components apparently being sourced from Chinese resellers rather than being designed specifically for the project.

more

Apple's iAd now tracking iOS 8 users' in-app browsing behaviors

10/16, 10:56am

Apple pitching tech to advertisers as an alternative to cookies

Something quietly introduced alongside iOS 8 has been the ability for advertisers to retarget iAds based on in-app browsing actions, a new report says. Apple is, in fact, said to be pitching this to advertisers as a way of circumventing the absence of mobile cookie tracking in iOS. In a given example, someone who adds a pair of shoes to a cart in a retailer's iPhone shopping app -- but decides not to buy them -- may later see an ad for that same pair of shoes from the same retailer, even in another app on his or her iPad. Tapping that ad might redirect the person to their abandoned checkout page and add the shoes back to it.

more

Google warns of 'Poodle' SSL 3.0 vulnerability in browsers, servers

10/15, 8:41am

SSL 3.0 design flaw allows attackers to view contents of encrypted web traffic

Another Secure Sockets Layer (SSL) vulnerability has been discovered by Google, just six months after HeartBleed was first unveiled. Padding Oracle on Downloaded Legacy Encryption ("Poodle") is an issue affecting SSL 3.0, though researchers claim the issue this time is less severe than HeartBleed, despite potentially affecting nearly all browsers and a large number of servers.

more

Crowdfunding Critic: Anonabox Tor hardware router

10/14, 1:26pm

Kickstarter campaign for Anonabox vastly exceeds target in first day

Welcome to another edition of Crowdfunding Critic, an article series where the staff of MacNN and Electronista will highlight a new crowdfunded project from sites such as Kickstarter and Indiegogo, with this edition focusing on the popular Anonabox. As always, we are not endorsing a project or warning of any potential funding risks associated with crowdfunded projects, so it is advisable to do your own research before investing.

more

Dropbox denies 7M account leak caused through server hack

10/14, 6:44am

Third party services likely to blame for Dropbox account leak

Passwords from a supposed pool of 7 million Dropbox accounts have allegedly leaked by hackers, though Dropbox denies its service has been hacked. A thread on Reddit linked to batches of account credentials, with the user hoping to receive Bitcoin donations for the leaks, though the exact source of the leaked account details is unknown.

more

Kmart suffers huge breach, all shoppers since September likely victims

10/11, 11:22am

Kmart offering identity theft protection, credit monitoring

Sears-owned retailer Kmart has declared that it has suffered a massive data breach. The company said late Friday that a malware attack that began harvesting data from it its point-of-sale computer systems in early September was "new form of malware" and "similar to a computer virus." Few details have been released by Kmart, but the company warns that it could include every shopper between September 1 and Thursday, October 9. Online shoppers were not impacted by the breach.

more

Dairy Queen chain latest victim of Backoff POS malware

10/10, 1:42pm

August infection subjects customers of 395 stores to data theft

Restaurant chain Dairy Queen has confirmed that 395 of its 4,500 US locations have been affected by the "Backoff" malware, which has in turn, compromised customer's credit card information. Restaurants in 46 states were affected, with customers in Hawaii, Louisiana, Rhode Island and Vermont escaping the malware.

more

Third party SnapChat tools compromised; 13GB of photos stolen, leaked

10/10, 12:33pm

Breach from either Android app or third party web tool SnapSaved

Some supposedly ephemeral messages sent through the SnapChat service have been leaked to the Internet. Private photos collected for years through the either the SnapChat archiving Android app Snapsave or the shuttered SnapChat web client SnapSaved have been stolen, and posted en masse to chat forum 4chan, and other similar locations.

more

Symantec confirms pursuit of split into two independent companies

10/09, 8:03pm

Two publicly traded companies will emerge in areas of security, information management

Rumors of Symantec's possible company split look to be true, as the company announced today that a plan was voted on to break the company up. The company, which is known for its line of Norton security products, said that its board of directors unanimously approved a new plan that would create two publicly traded companies, each with their own focus.

more

Adobe Digital Editions e-book reader collecting, reporting data

10/08, 4:02pm

Information on ePubs sent in plain text over unencrypted channels to Adobe servers

If Adobe didn't enough problems with its reputation for security because of the frequency of the company's products being used for attack vectors, then the claim that the company collects detailed, personal data through Digital Editions 4 will undoubtedly further alienate some customers. The program, which is used to enforce digital rights management on borrowed books from libraries or other online avenues, is reporting details on the use of the ePub files back to Adobe - and is unencrypted, inviting further privacy and security issues.

more

Some Belkin routers not connecting to the Internet, workaround posted

10/07, 4:50pm

List of affected Belkin devices, cause of incident both unknown

Some of accessory manufacturer Belkin's router customers are experiencing connectivity issues, predominantly with older models. For reasons unknown, possibly due to a silent, automatic firmware update, some Belkin networking products are refusing connection to the Internet, but maintaining local area network connectivity. Some models can be restored by pointing Domain Name Services to Google's or other providers' services.

more

AT&T warns of customer data breach instigated by employee

10/07, 11:08am

Letter to Vermont attorney general advises of August intrusion

AT&T has admitted that it has suffered a data breach, and is warning customers about the intrusion. The communications provider has written to the Vermont attorney general about the breach, which took place in August, though unlike similar breaches at Home Depot, Target, and itself, this was instigated by an employee rather than an outside force.

more

Briefly: 1Password 5.1, Cycloramic both updated for iPhone 6

10/06, 9:36pm

Latest 1Password improves Touch ID support, adds iPhone 6 Plus support

A new version of password manager 1Password has been released for the iPhone and iPad, offering support for the iPhone 6 and iPhone 6 Plus in the form of 3x higher resolution images and improved icons. The update also improves Touch ID support to be more reliable, and simplifies the app's security settings. A new option has been added to disable third-party keyboards inside the 1Password app (since theoretically such keyboard could transmit keystrokes), and users can now create tags to help sort data. The app itself is free, but a "pro" in-app purchase to unlock additional features costs $10.

more

Apple updates OS X malware definitions to block 'iWorm'

10/06, 10:02am

Should halt further infections

Apple has issued a silent update to Xprotect, the anti-malware system in OS X, to detect and block the inaccurately-named "iWorm" trojan uncovered last week. The new definitions actually mention three variants, identified as "OSX.iWorm.A," "OSX.iWorm.B," and "OSX.iWorm.C." It's not clear what the differences between them might be.

more

Google fires back at celeb photo threat, claims decisive action taken

10/04, 11:12am

Search engine has scrubbed 'tens of thousands' of links to stolen photos

Google has responded to the letter threatening legal action should Google not purge the Internet of stolen, and sometimes intimate, photos of celebrities. The search engine has denied that it is intentionally profiting on the scandal, and instead has acted quickly and appropriately to takedown requests by removing "tens of thousands" of images from Google search results.

more

States launching independent investigation of JP Morgan Chase hack

10/04, 7:59am

Scope of theft makes consumer protection agencies wary of uptick in phishing

Despite JP Morgan Chase claiming that it isn't seeing enhanced fraud activity, two states have launched an investigation of the event that caused the reveal of 76 million household's information, with the promise of more to come. A recent regulatory filing showed the leak, with customers' names, addresses, phone numbers, and email addresses stolen -- the bank, however, claims no financial information was stolen.

more

Belgian teenager racks up over $46,000 in in-app purchases

10/03, 4:51pm

iOS and 'free-to-play' game blamed

A 15-year-old from Antwerp, Belgium has managed to accumulate over 37,000 euro ($46,000) in iTunes charges on a credit card through in-app purchases, according to local publication Nieuwsblad. The teenager was reportedly playing a free-to-play iOS game called Game of War: Fire Age; several months in, his mother asked him to buy some e-books using her credit card. The boy then discovered he could buy virtual gold in-game using real money, greatly accelerating his progress. The title even has a casino minigame.

more

New OS X malware 'iWorm' discovered in pirated software [u]

10/03, 2:57pm

Formerly used Reddit as go between to steal user data

[Updated with corrected information and further details] A new Trojan threat, possibly disguised as a fake unauthorized build of OS X 10.10 Yosemite, is making the rounds by taking in users who attempt to pirate software. The new malware, dubbed "iWorm" by Russian research firm "Dr. Web," has supposedly been installed by duped users on over 17,000 unique IP addresses worldwide thus far. Users would have had to have downloaded and installed the software in order to be victimized by the Trojan, which is mostly aimed at gathering user data.

more

Google's Schmidt says Google encryption superior to Apple's

10/03, 8:22am

Google chairman defends company against implied Tim Cook remarks

Google chairman Eric Schmidt has fought back against comments over the company's security and privacy, following comments laid out by Apple CEO Tim Cook. In an interview which touched upon a recent open letter about privacy from Cook, Schmidt claims "Someone didn't brief [Cook] correctly on Google's policies. It's unfortunate for him."

more

JPMorgan Chase breach outlined in SEC filing, 76M households exposed

10/02, 9:58pm

Number of people affected revealed more than three months after breach discovered

A filing made with the United States Securities and Exchange Commission (SEC) Thursday revealed new information on the scope of the breach that JPMorgan Chase witnessed earlier in the summer. In July the company, along with at least four other financial institutions, discovered an attack by hackers that reportedly resulted in gigabytes of data stolen after they gained high-level access to 90 of JPMorgan Chase's servers worldwide.

more

EFF: ComputerCop software endorsed by law enforcement is spyware

10/02, 8:36pm

Tests reveal keylogger information unencrypted when sent, 'software is unreliable'

A program that is touted as the first step in Internet security for children was examined by the Electronic Frontier Foundation (EFF), only to discover that the software isn't very safe itself. ComputerCop, which the EFF says is distributed by approximately 245 agencies involved in law enforcement in 35 states, is nothing more than branded spyware that is unreliable and sends unencrypted key logs, the foundation says.

more

Facebook apologizes over emotion research, implements new guidelines

10/02, 5:42pm

Proposals for Facebook research to undergo more stringent reviews

Facebook has admitted fault over its handling of user-based research, a matter which erupted this summer, and is taking steps to prevent such incidents from happening again. The social network is putting in place measures that it hopes will place a greater degree of scrutiny on future research projects, at the time of proposal, and at the time of publication.

more

Source code for critical USB firmware exploit posted on GitHub

10/02, 3:14pm

Pair of researchers engineer hack, post code to shame companies into action

Security researchers Adam Caudill and Brandon Wilson have published source code for a theoretically-unpatchable USB firmware bug called "BadUSB." First revealed at at the Black Hat security conference in July, the two researchers who reverse-engineered the original finding say that they published for the public good, and "so people can defend against it." More severe exploits are possible using their method, but Caudill and Wilson are hesitant to release them, fearing more dangerous exploits.

more

Briefly: Google+ adds Audience setting, iLuv's new compact chargers

10/02, 3:11pm

Google+ now offering ability to restrict viewers based on age, location

Google's social network, Google+, has added a new privacy feature, allowing its users to limit who views their content based on age and location. The new section, found within Profile Settings, is called Audience; here, an age limit can be selected on content viewing, and users can also select what countries the content can be viewed from. Varying age restrictions can be chosen for each country if desired.

more

Pro-democracy protesters targeted with malware on iOS, Android

10/02, 1:47am

Malware entry vector not yet identified; may capitalize on jailbreak compromise

In an almost unheard-of claim, Lacoon Mobile Security has said that it has discovered a new spyware attack that targets both iOS and Android devices and which appears to be aimed specifically at Hong Kong pro-democracy protesters. Lacoon says it made the discovery while investigating the Android version, but did not clarify how the malware might be installed, or overcome the security built into iOS that has, thus far, kept it largely immune to serious malware or viruses.

more

Find My iPhone web page lets users check on Activation Lock status

10/02, 12:03am

Users can enter IMEI to learn more; technology is on by default in iOS 8

Users who are unsure if their iOS device has the anti-theft feature Activation Lock turned on can now easily check through a new page based on Apple's iCloud site. While the page is currently not linked to the main menu on iCloud.com -- suggesting it may still be undergoing testing -- it offers users a chance to input the devices serial number or IMEI identifier, and returns information on whether the device is protected.

more

Google increases cash rewards for Chrome bug bounties

10/01, 5:20pm

New $15,000 award for successful submissions, up from $5,000.

Google is increasing the rewards in its bug bounties program, as it tries to make its software more secure. The search company is updating its reward pricing range to between $500 and $15,000 per bug, up from the previous maximum of $5,000 for a high-quality report, with an increased focus on discovering potential vulnerabilities within the Chrome browser.

more

Second round of POS breaches strikes Albertson's, Supervalu chain

10/01, 3:14pm

Newest range of grocery store breaches spans 20 states

Supervalu and Albertson's shoppers may be in for another round of personal information theft notifications. The companies said that a second hack took place in late August or early September, with the company finding malicious software on systems that process credit and debit card sales at some of the company's 1,081 stores. Additionally, the malware was also found at Shoppers Food and Pharmacy, plus Shop 'n Save stores -- but the company believes that the installation was not successful, and failed to capture payment data.

more

FTC head speaks out against proposed FCC Title II regulation of ISPs

09/30, 12:56pm

Dueling regulatory boards fight over future of ISP regulation

Allegedly concerned about protecting the American consumer, US Federal Trade Commission (FTC) head Maureen Ohlhausen has come out as strongly against Federal Communications Commission (FCC) Chairman Tom Wheeler's net neutrality provision -- specifically, the possibility of Title II regulation of ISPs. The comment against the possibility of regulating Internet providers as a utility is the FTC's second in September.

more

Apple releases fix for 'Shellshock' Unix flaw

09/29, 6:13pm

Updates bash for OS X Lion, Mountain Lion and Mavericks

Although nearly all Mac users are unaffected by the issue Apple has made good on its word to quickly fix a serious security flaw in bash, a Unix shell that comes as part of OS X. Apple acknowledged the problem on Friday, and today released OS X bash update 1.0 for OS X Lion (10.7), Mountain Lion (10.8) and Mavericks (10.9). The flaw, known as "Shellshock," could potentially allow users who have set up advanced Unix services that interact with the web to be vulnerable to remote intrusion.

more

CloudFlare rolls out free SSL website encryption to all users

09/29, 1:41pm

SSL added after Google's decision to rank encrypted sites higher in search rankings

CloudFlare is pushing its users toward security in a good way, as it is adding secure socket layer (SSL) encryption to all of its customer accounts starting today. Where the company says that only around two million sites supported encrypted connections previously, CloudFlare believes it will double that number by the end of the day. The SSL encryption is being adding to all accounts, even free users.

more

Russia social media law starts early; Twitter, Google, Facebook warned

09/26, 9:26am

Fines not the central means of enforcement -- violators face wide block

Russia's Internet watchdog has sent formal notices to Google, Facebook, and Twitter this week, enforcing early compliance with the country's social media law, requiring services with more than 3,000 readers in a day to register with the overseeing governmental agency and store data within the country. Deputy chief Maxim Ksenzov of Roskomnadzor, the agency in charge of enforcement of the law, has said that the trio will be "forced one way or another to obey the law" despite being international companies.

more

Follow-up: most Mac users 'not at risk' from Bash vulnerability

09/26, 12:06am

Only those running advanced UNIX services should be concerned, fix is on the way

An Apple spokesperson has reassured Mac users that the "vast majority" of users are not at risk from a serious bug discovered in the UNIX shell Bash that some researchers have called "potentially bigger than the Heartbleed vulnerability." Apple says that only those who have configured "advanced UNIX services" using the Terminal in OS X could be a risk of the flaw -- which would mean that nearly all OS X users would be unaffected. Nevertheless, the company is said to be working on a fix.

more

FBI Director Comey worried Apple, Google encryption 'above the law'

09/25, 6:35pm

Agency thinks Android L, iOS 8 security put consumer security ahead of law enforcement

Addressing reporters in Washington today, Federal Bureau of Investigation (FBI) Director James Comey voiced his concerns over the recent shifts in security policy for Android and iOS 8. Specifically, Comey believes that the new security encryption measures that cannot be bypassed for law enforcement puts consumers before possible emergency situations.

more

Apple allegedly informed of iCloud flaw six months before pic thefts

09/25, 9:10am

Vulnerability in Apple iCloud patched a week after celeb photo leak

According to emails between Apple and a security researcher, the brute-force method of attack on iCloud passwords was clear to the Cupertino manufacturer since March 26 of this year, well before the attack on celebrity accounts. A lengthy email chain, made public in recent days documents communications between the researcher and Apple, as well as Apple's continued requests to Ibrahim Balic for more information on the exploit.

more

Bash vulnerability 'Shellshock' affects Linux, OS X systems

09/25, 6:58am

Major security risk could be bigger issue than Heartbleed

A new bug may have a greater potential for harm than April's Heartbleed vulnerability, according to reports. The "Shellshock" vulnerability in Bash, a Unix shell typically used in Linux systems as well as in OS X, apparently allows for code held in environment variables to be executed within the shell as soon as it is invoked, potentially allowing for the control of affected systems to be taken over by another user.

more

Jimmy John's discovers malware-laden POS in July, all-clear given

09/24, 5:56pm

Assault detected July 30, all stores purged by September 5.

Sandwich chain Jimmy John's has reported a security breach, exposing information from customers of 216 locations. According to the chain, the company discovered at the end of July that an unknown assailant stole credentials from a vendor, and accessed the point-of-sale system. This action installed data-collecting malware at some locations between June 16 and September 5 of this year, with most infestations cleared out before the middle of August. The company reports that the security problem has been addressed, and it is once again safe to use credit cards at all stores.

more

Piper home automation now available in US through Amazon

09/24, 1:56pm

Android, iOS security product featured on Amazon Home Automation

Home technology company Icontrol today announced that the Piper all-in-one home security, video monitoring and automation device is now available on Amazon's new Home Automation store. The CTIA award-winning Piper suite allows users to monitor and interact with home automation through the Internet, without service contracts or fees.

more

Bitcoin hardware firm Butterfly Labs sued by FTC over fraud

09/23, 1:40pm

Suit alleges deceptive practices, money dispersion, misuse of company funds

More controversy is further tarnishing virtual currency Bitcoin's reputation. Last week, the US Federal Trade Commission (FTC) filed a civil suit against Butterfly Labs, creator and manufacturer of Bitcoin mining rigs. The suit alleges that the three members of the board of directors have engaged in fraudulent and deceptive practices, plus misappropriation of company funding.

more

Bipartisan bill seeks to clarify overseas data warrant requirements

09/23, 12:38pm

New bill gives information same protection as material goods under law

In the shadow of Microsoft's dispute with the US Department of Justice, Senators Orrin Hatch (R-UT), Dean Heller (R-NV), and Senate Judiciary Committee member Chris Coons (D-DE) have proposed legislation to codify law enforcement access to citizen's data stored internationally. The bill, titled the Law Enforcement Access to Data Stored Abroad Act, seeks to authorize the use of extraterritorial search warrants, but vacate said warrants if it requires parties involved to break the laws of a country to do so.

more

Home Depot transaction security reportedly ramshackle since 2008

09/20, 3:08pm

Refrain from managers asked for more training: 'we sell hammers'

Following the revelation that 56 million credit card transactions were stolen by miscreants, more information is coming out about the hack and The Home Depot's reportedly long-term lackadaisical security. According to employees familiar with the situation, the company was warned as early as 2008 that security would be a problem, and that the company was excruciatingly slow to respond to threats, and often took no action agains perceived attacks or dangers.

more

Former NBA star arrested for $14,000 theft through Apple EasyPay

09/20, 2:41pm

Rex Chapman accused of faking payment, facing 14 felony charges

Former Phoenix Suns professional basketball player Rex Chapman was arrested on Friday, and accused of shoplifting $14,000 in Apple merchandise using Apple's EasyPay self-checkout system. Apple store employees reported the player, after recognizing him "based on his previous celebrity status as an NBA basketball player," according to Scottsdale, AZ police.

more

Monkey Parking fires up service in southern CA, meets resistance

09/20, 11:14am

Service shut down in San Francisco, attempts rebirth in other locales

Parking spot resale service Monkey Parking has quietly relaunched in Santa Monica and Beverly Hills, California. While not currently illegal in the cities, city attorneys have taken note of the launch, met with representatives from the service, and are claiming that they will take steps rapidly to stop the service from operating.

more

Electronista Sponsor

Electronista Newsletter

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    Sponsor

    Recent Reviews

    Adesso Compagno X Bluetooth keyboard

    The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fro ...

    Polk Audio 4 Shot headset

    Sound quality and design are two of the biggest areas of focus for manufacturers when coming up with a new gaming headset. Depending o ...

    Patriot Supersonic Phoenix USB 3.0 drive

    USB thumb drives aren't the end all solutions for data transfer and traveling needs. Sometimes people want something with a little mor ...

    Sponsor

    toggle

    Most Commented

     
    toggle

    Popular News