Tuesday, April 28, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

FBI director floats international framework on encrypted data access

Credit to Author: Michael Kan| Date: Thu, 23 Mar 2017 15:21:00 -0700

FBI director James Comey has suggested that an international agreement between governments could ease fears about IT products with government-mandated backdoors, but privacy advocates are doubtful.

Speaking on Thursday, Comey suggested that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.

“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said on Thursday.

Comey made his comments at the University of Texas at Austin, when trying to address a key concern facing U.S. tech firms in the encryption debate: the fear that providing government access to their products might dampen their business abroad.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Leaked iCloud credentials came from third parties, Apple says

Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 14:13:00 -0700

A group of hackers threatening to wipe data from Apple devices attached to millions of iCloud accounts didn’t obtain whatever log-in credentials they have through a breach of the company’s services, Apple said.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” an Apple representative said in an emailed statement. “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.”

A group calling itself the Turkish Crime Family claims to have login credentials for more than 750 million icloud.com, me.com and mac.com email addresses, and the group says more than 250 million of those credentials provide access to iCloud accounts that don’t have two-factor authentication turned on.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Google: Half of Android devices haven’t been patched in a year or more

Credit to Author: Gregg Keizer| Date: Thu, 23 Mar 2017 12:41:00 -0700

Google engineers yesterday acknowledged that half of all Android devices had not received a security update in the past year, even as they argued that the firm has made progress in streamlining the open-source operating system’s patching process.

“About half of devices in use at the end of 2016 had not received a platform security update in the previous year,” Adrian Ludwig and Mel Mille, members of the Android security team, said in a post to a company blog.

Although Google has issued monthly security updates for Android since 2015 — and deploys those patches to Nexis and Pixel devices as soon as they’re available — other device makers often take weeks or months to push updates to customers, or never do. Android’s update problem is not new — it’s been in stark contrast to other operating systems, notably iOS, macOS and Windows, since Android’s inception — and is baked into the relationship between Google and the hardware manufacturers who build and sell phones.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Newly leaked documents show low-level CIA Mac and iPhone hacks

Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 11:53:00 -0700

The CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.

One of the documents, dated Nov. 29, 2012, is a manual from the CIA’s Information Operations Center on the use of a technology codenamed Sonic Screwdriver. It is described as “a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”

Sonic Screwdriver allows the CIA to modify the firmware of an Apple Thunderbolt-to-Ethernet adapter so that it forces a Macbook to boot from an USB stick or DVD disc even when its boot options are password protected.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Senate votes to kill FCC's broadband privacy rules

Credit to Author: Grant Gross| Date: Thu, 23 Mar 2017 10:13:00 -0700

The U.S. Senate has voted to kill broadband provider privacy regulations prohibiting them from selling customers’ web-browsing histories and other data without their permission.

The Senate’s 50-48 vote Thursday on a resolution of disapproval would roll back Federal Communications Commission rules requiring broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details with third parties. The FCC approved the regulations just five months ago.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Snowden's ex-boss offers advice on stopping insider threats

Credit to Author: Michael Kan| Date: Thu, 23 Mar 2017 10:10:00 -0700

Steven Bay, a former defense contractor, knows a thing or two about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. National Security Agency.

Recalling the day he learned Snowden had been behind the NSA leaks back in June 2013, Bay said he received texts about the breaking news while in a leadership meeting at a church. The first text said “Sorry man, looks like your worst nightmare came true.”

Bay was crushed: “I went out into an empty room of the church and I just melted down crying.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Look before you leap: 4 hard truths about IoT

Credit to Author: Stephen Lawson| Date: Thu, 23 Mar 2017 05:21:00 -0700

Most technologies go through a stage when everything seems possible. Personal computers in the early 1980s, the internet in the late 1990s and mobile apps around the beginning of this decade were like that.

But so was the first unboxing of a Galaxy Note 7. In time, either suddenly or gradually, reality sets in.

The internet of things still looks promising, with vendors and analysts forecasting billions of connected devices that will solve all sorts of problems in homes and enterprises. But the seams are starting to show on this one, too. As promising as the technology is, it has some shortcomings. Here are a few.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

LastPass fixes serious password leak flaws

Credit to Author: Lucian Constantin| Date: Wed, 22 Mar 2017 14:21:00 -0700

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users’ passwords or execute malicious code on their computers.

The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service’s users for Google Chrome, Mozilla Firefox and Microsoft Edge.

According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user’s secure vault.

To read this article in full or to leave a comment, please click here

Read More