Endpoint Security

RSS

Endpoint security news, solutions, and analysis for IT professionals

Rooting Android phone bypasses Google Wallet security; just one of many remaining flaws

Posted February 15, 2012 - 6:57 pm

Google was quick to correct a flaw in Google Wallet that would let strangers delete your login, type in their own and take over accounts Wallet was supposed to guard. Data stores are still insecure, rooting the phone bypasses all Wallet security.
- Quick Read
- Like
- Tweet
Anonymous took down CIA.gov Friday, then didn't, then did, then did it again today

Posted February 13, 2012 - 12:47 pm

Anonymous first took credit for the DDOS attack that downed CIA.gov Friday, then said it was just reporting the outage, before discovering it had, actually, been behind the attack. CIA.gov is down again today, though it would be wise to wait to give credit this time.
- Quick Read
- 1 comment
- Like
- Tweet
Netflix pays $9M to settle user-data misuse charges; aims to misuse more data with Facebook

Posted February 12, 2012 - 11:24 am

Netflix has agreed to pay $9 million to settle a suit over its illegally long retention of customer rental records. It is now redoubling efforts to get law changed that keeps it from posting to Facebook lists of the things its customers are renting right now.
- Quick Read
- 1 comment
- Like
- Tweet
Online dating sites: Looking for love, finding violations of privacy

Posted February 10, 2012 - 4:47 pm

If any category of social networking site should have decent privacy it would be online dating sites. Who wants the world to know the details of what we look for in a mate (though Julian Assange's leaked out). Unfortunately, privacy isn't on the agenda at most dating sites.
- Quick Read
- 1 comment
- Like
- Tweet
Anonymous takes down CIA.gov

Posted February 10, 2012 - 4:01 pm

Members of Anonymous are claiming credit for a DDOS attack that took down CIA.gov about 3:10 p.m. ,Eastern time. Few other details are available, but it's likely the attack is related to the massive retaliatory strike Anonymous launched in the wake of the MegaUpload raids.
- Quick Read
- 1 comment
- Like
- Tweet
How to avoid being tagged as a terrorist: Don't pay cash for coffee

Posted February 10, 2012 - 2:35 pm

As part of an effort to get the American public involved in the search for terrorists, the FBI has distributed lists warning how a terrorist might behave in each of 25 different types of business. Some are good indicators; most are so generic anyone could be tapped as a terrorist.
- Quick Read
- 6 comments
- Like
- Tweet
Study: Movie studios can fix their own box-office losses to piracy without SOPA

Posted February 10, 2012 - 1:37 pm

Box office losses in U.S. are negligible and would be overseas if movie studios were quicker about shipping out copies of new movies. Like the music industry, movie execs wanted new laws that reduce the rights of others when they had the tools to fix the problem themselves.
- Quick Read
- 1 comment
- Like
- Tweet
Pickpocketing Google Wallet on Android phones

Posted February 10, 2012 - 10:42 am

Simple, non-tech hack opens Google Wallet giving full access to phone funds.
- Quick Read
- 2 comments
- Like
- Tweet
RIAA chief hits new heights of hypocrisy in pro-SOPA NYT op-ed

Posted February 9, 2012 - 12:43 pm

Confusing censorship of digital content with import of fake pharmaceuticals? Saying site owners wouldn't be responsible for policing copyrights even though they could lose their sites because of it? RIAA's CEO twists reality in sour-grapes parting shot at lost SOPA/PIPA fight.
- Quick Read
- Like
- Tweet
Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

Posted February 9, 2012 - 11:13 am

A report from viaForensics makes clear that Google Wallet, despite efforts by Google to tighten up security after a poor evaluation in December, still stores data in too many places and could make it available too easily to be a secure way to buy things using smartphones.
- Quick Read
- 3 comments
- Like
- Tweet
MegaUpload takedown didn't slow pirate downloads, just moved them offshore

Posted February 7, 2012 - 4:16 pm

Between 30 percent and 40 percent of all file-sharing traffic went through MegaUploads until it was shut down. Since then the number of files being downloaded has remained steady, but from different sites, many of which use data centers in the EU or Asia rather than the U.S.
- Quick Read
- 3 comments
- Like
- Tweet
Symantec may have tried to bribe hackers, but definitely betrayed its own customers

Posted February 7, 2012 - 1:02 pm

Anonymous is laughing it up at Symantec's reputed attempt to bribe hackers to not release source code. Symantec calls it extortion. That question is trivial compared to the reality that Symnantec broke trust with its customers and left them at risk for six years following the hack.
- Quick Read
- Like
- Tweet
Anonymous scores big in world-championship lurking, spying contest with FBI

Posted February 3, 2012 - 2:43 pm

FBI and Anonymous have become so involved that it's possible within a short time that neither will have time for anything but investigating the other. Cracking, recording and posting the audio from an FBI/Scotland Yard conference call is the best shot in the game by far.
- Quick Read
- Like
- Tweet
Kelihos botnet revives, waits for Microsoft Anti-Botnet Operation v. 3 to go back down

Posted February 2, 2012 - 2:27 pm

Despite so much bragging about its success it sometimes failed to mention the role of security specialist Kaspersky Labs, Microsoft's successful takedown of the Kelihos botnet may need a version 2 or 3 or even 4 to be successful, because the first solution was just too weak to hold.
- Quick Read
- Like
- Tweet
Reddit makes gross mistakes trying to write bill to replace abusive SOPA, PIPA

Posted February 1, 2012 - 10:14 am

Unlike most successful factions in American politics, on the heels of success in opposing the Internet-censoring SOPA and PIPA bills, members of Reddit are developing a solution they can propose to address the content piracy problem without SOPA's no-rights-for-pirates approach to enforcement.
- Quick Read
- 2 comments
- Like
- Tweet
Symantec record: Two major hacks, two major delays admitting fault, risk to customers

Posted January 26, 2012 - 2:16 pm

If your company were hacked in a way that could directly hurt customers, would you announce the worst-case scenario so they could prep while you develop a solution? Or dribble out the news slowly? Symantec dribbled, first with SSL tokens, then source code, leaving customers at risk.
- Quick Read
- Like
- Tweet
Google finds much more efficient way to sell the privacy of its most dedicated users

Posted January 25, 2012 - 4:12 pm

It's not true that it's not possible to opt out of Google's new policy of combining all customer data from almost all its services. It's possible, but not easy. The point is to build more realistic profiles for ad targeting and marketing; if Google let you opt out, how could it sell your soul?
- Quick Read
- 1 comment
- Like
- Tweet
SF college tries to estimate damage from 12 uninterrupted years of virus infection

Posted January 21, 2012 - 7:00 am

City College of San Francisco is trying to assess the potential damage from a keylogging, financial-data-stealing set of viruses that first infected the college's systems in 1999, scouring the network nightly and sending data to more than 700 IP addresses in 10 countrties.
- Quick Read
- Like
- Tweet
Beaming information onto the brain: Learning like Kung Fu Keanu in The Matrix

Posted January 20, 2012 - 5:32 pm

Scientists researching how information is imprinted on the brain found a way to decode functional MRI patterns and replay them onto the brain. Could it lead to learning by data dump the way Keanu learned Kung Fu in The Matrix? Only if our brains decide to cooperate. So: no.
- Quick Read
- Like
- Tweet
Settlements in phone hack scandal nets big pay day for aides, publicists, relatives

Posted January 19, 2012 - 5:47 pm

British actor Jude Law was the highest-profile of the stars who settled 35 of 60 phone hacking suits with News Corp. this week. Oft-hacked publicist Max Clifford got £1M, compared to £130,000 for law. Family of murdered teen got £2 million.
- Quick Read
- Like
- Tweet
The most frustrating job in corporate IT security

Posted January 19, 2012 - 3:14 pm

New studies show SharePoint continuing to grow as a tool to let end users share documents securely. Unfortunately, most of them seem to feel entitled to take those documents out of SharePoint security and even mail them to third parties, removing all security permanently.
- Quick Read
- Like
- Tweet
Massive SOPA/PIPA protest shift momentum in Senate, but not enough

Posted January 19, 2012 - 1:08 pm

The massive protest and letter-writing campaign organized by Reddit, Google, Wikipedia and a host of civil rights and Internet-openness advocates changed at least 13 senators' votes from 'yes' to 'no' on Internet-censoring PIPA, but majority is still 'yes' or 'undecided.'
- Quick Read
- Like
- Tweet
Corporates struggle to secure employee mobile devices

Posted January 19, 2012 - 9:45 am

The number of employee-owned mobile devices used on corporate networks continues its inexorable rise despite yawning and known gaps in security, a Check Point survey has found.
- Quick Read
- Like
- Tweet
Best evidence showing we need SOPA based on 'govt studies' that never existed

Posted January 18, 2012 - 5:21 pm

For more than 20 years the entertainment industry has been basing estimates of content-piracy losses on numbers used in speeches but never found in actual studies. Winnowing through the rhetoric, one analyst found movie-industry losses are more like $90 million (with an M, not a B)
- Quick Read
- Like
- Tweet
HTC phone update reportedly drops Carrier IQ software

Posted January 18, 2012 - 3:00 pm

Carrier IQ's performance monitoring software has been deleted from the latest firmware update for the HTC EVO 3D smartphone, at the behest of Sprint, according to a post at AndroidCentral. Many more could follow.
- Quick Read
- Like
- Tweet