The secret life of apps
Credit to Author: Marvin the Robot| Date: Wed, 15 Mar 2017 10:00:27 +0000
Modern Android users have, on average, 66 apps installed on their devices. Most of these apps start working without users launching them.
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Security
Microsoft stays security bulletins' termination
Credit to Author: Gregg Keizer| Date: Tue, 14 Mar 2017 13:17:00 -0700
Microsoft today postponed the retirement of the security bulletins that for nearly two decades have described in detail the month’s slate of vulnerabilities and accompanying patches.
The bulletins’ last stand was originally scheduled for January, with a replacement process ready to step in Feb. 14. Rather than a set of bulletins, Microsoft was to provide a searchable database of support documents dubbed the “Security Updates Guide” or SUG.
But just hours before February’s security updates were to be released, Microsoft announced that it was postponing the entire collection to March 14, citing “a last-minute issue” that might impact some customers. The Redmond, Wash. company never spelled out exactly what led it to decide on the unprecedented delay.
To read this article in full or to leave a comment, please click here
DOJ: No, we won't say how much the FBI paid to hack terrorist's iPhone
Credit to Author: Gregg Keizer| Date: Tue, 14 Mar 2017 11:31:00 -0700
The U.S. Department of Justice yesterday argued that it should not have to reveal the maker of a tool used last year to crack an alleged terrorist’s iPhone or disclose how much it paid for the hacking job, court documents showed.
That tool was used last year by the FBI to access a password-protected iPhone 5C previously owned by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., in December 2015. The two died in a shootout with police later that day. Authorities quickly labeled them terrorists.
In March 2016, after weeks of wrangling with Apple, which balked at a court order compelling it to assist the FBI in unlocking the iPhone, the agency announced it had found a way to access the device without Apple’s help. Although the FBI acknowledged it had paid an outside group to crack the iPhone, it refused to identify the firm or how much it paid.
To read this article in full or to leave a comment, please click here
The March 2017 Security Update Review
Credit to Author: Dustin Childs (Zero Day Initiative Communications)| Date: Tue, 14 Mar 2017 19:30:56 +0000
Just a day before Pwn2Own kicks off its 10th anniversary, join us in looking at the security updates released by Google, Adobe, VMWare, Firefox, and Microsoft for the month of March 2017. It’s shaping up to be the largest Patch Tuesday in history, which is fitting to coincide with the largest Pwn2Own ever. tl:dr –…
Hackers use dangerous Petya ransomware in targeted attacks
Credit to Author: Lucian Constantin| Date: Tue, 14 Mar 2017 11:19:00 -0700
In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators’ knowledge.
A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.
The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.
To read this article in full or to leave a comment, please click here
The NSA's foreign surveillance: 5 things to know
Credit to Author: Grant Gross| Date: Tue, 14 Mar 2017 09:27:00 -0700
A contentious piece of U.S. law giving the National Security Agency broad authority to spy on people overseas expires at the end of the year. Expect heated debate about the scope of U.S. surveillance law leading up to Dec. 31.
One major issue to watch involves the way the surveillance treats communications from U.S. residents. Critics say U.S. emails, texts, and chat logs — potentially millions of them — are caught up in surveillance authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA).
U.S. residents who communicate with foreign targets of the NSA surveillance have their data swept up in what the NSA calls “incidental” collection. The FBI can then search those communications, but it’s unclear how often that happens.
To read this article in full or to leave a comment, please click here
Convicted CIA Leaker John Kiriakou’s Got Some Opinions About WikiLeaks and Trump
Credit to Author: Emma Grey Ellis| Date: Tue, 14 Mar 2017 14:00:47 +0000
How does the Vault 7 leak look to a famous CIA whistleblower? It’s complicated. The post Convicted CIA Leaker John Kiriakou’s Got Some Opinions About WikiLeaks and Trump appeared first on WIRED.
Read MoreIt's time to turn on HTTPS: The benefits are well worth the effort
Credit to Author: Lucian Constantin| Date: Tue, 14 Mar 2017 05:30:00 -0700
After Edward Snowden revealed that online communications were being collected en masse by some of the world’s most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we’ve passed the tipping point.
The number of websites supporting HTTPS — HTTP over encrypted SSL/TLS connections — has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website does not yet support the technology it’s time to make the move.
Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it’s a jump of over 10 percentage points since a year ago.
To read this article in full or to leave a comment, please click here