www.PenandCamera.com: Writing Samples: 2014/2013 About | Archive | Photography| Writing | Updates
Writing Archive: 2014/2013

Writing Archives: 2014/2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003

Complete stories by date:

May 2014

Senators Slam Online Advertisers As 'Malvertising' Spikes
Complex ecosystem fails to arrest rise in malicious advertising, information security experts warn Congress. 
DarkReading (5/19/2014)

Gawker Attacker Turned FBI Informant, Pursued Other Hackers
Unsealed court documents reveal that "Eekdacat" hacked Gawker, but related charges were dropped after the hacker helped the FBI nab other hackers. 
DarkReading (5/16/2014)

Zeus 'Gameover' Trojan Expands Global Reach
Cybercrime clients configure juggernaut Gameover variant of banking Trojan to reach bank customers in new countries. 
DarkReading (May 15, 2014)

Microsoft Blocks Zero-Day Attacks Targeting IE, Office
Security updates patch bugs being exploited via in-the-wild attacks, except for Windows XP, which now becomes a sitting duck. 
DarkReading (5/14/2014)

NSA Reportedly Adds Backdoors To US-Made Routers
Secret "supply-chain interdiction" program intercepts networking equipment being shipped overseas and adds phone-home surveillance capabilities, says Guardian report. 
DarkReading (5/13/2014)

FBI Seeks License To Hack Bot-Infected PCs
Justice Department seeks search warrant changes to battle online crime syndicates, but critics cite impact on innocent bystanders and potential for abuse. 
DarkReading (5/12/2014)

Accidental Heartbleed Vulnerabilities Undercut Recovery Effort
Scans find 300,000 affected servers, but a surprising number of newly vulnerable servers have surfaced since Heartbleed warning was first sounded. 
DarkReading (5/9/2014)

Navy Nuclear Carrier Sysadmin Busted For Hacking Databases
Boredom cited as excuse for alleged hack campaign that may have compromised more than 30 government and private sites. 
DarkReading (May 8, 2014)

OAuth, OpenID Flaw: 7 Facts
Authentication-protocol implementation security flaws are not as serious as Heartbleed, but Facebook and other sites must be fixed, say security experts. 
DarkReading (May 8, 2014)

Sneaky Windows Folder Poisoning Attack Steals Access Rights
Windows challenge-response authentication protocol could be abused by PC hackers to easily access wider corporate networks. 
DarkReading (May 6, 2014)

Dress Like A Gnome: 6 Security Training Essentials
Offer home security clinics, make security messages fit for Twitter, and don't be afraid to dress up, say Infosecurity Europe presenters. 
DarkReading (May 5, 2014)

Privacy, Cybercrime Headline the Infosecurity Europe Conference
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills. 
DarkReading (May 2, 2014)

Snowden NSA Revelations Complicate European Privacy Law Reboot
As European legislators work to rewrite privacy laws, one security expert says a full fix requires Europe to offer local alternatives to Google, Microsoft, and other US online services. 
DarkReading (May 1, 2014)

April 2014

European Police Seek Cybercrime Triage
Many organized cybercrime gangs operate beyond European and US borders -- or jurisdiction -- thus making online crime eradication impossible. 
DarkReading (April 30, 2014)

AOL Subscriber Data Stolen: You've Got Pwned
Change passwords and security questions now, AOL warns subscribers. For everyone else, treat all emails from AOL addresses with suspicion. 
DarkReading (April 29, 2014)

SEC Requests Financial Firms' Security Details
SEC asks 50 businesses for copies of their security policies, procedures, and controls in an effort to help the industry bolster cybersecurity protection. 
DarkReading (April 28, 2014)

After Heartbleed, Tech Giants Fund Open Source Security
In the wake of the Heartbleed vulnerability, 12 tech giants -- including Facebook, Google, IBM, and Microsoft -- each pledge $100,000 annually to improve core open source technology such as OpenSSL. 
DarkReading (April 25, 2014)

FBI Informant Sabu Tied To Foreign Attacks
Report triggers questions about FBI's apparent use of a zero-day vulnerability, and whether campaign was designed to amass intelligence on foreign targets. 
DarkReading (April 24, 2014)

Android Heartbleed Alert: 150 Million Apps Still Vulnerable
Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X. 
DarkReading (April 23, 2014)

Michaels Data Breach Response: 7 Facts
Could the retailer have done more to spot the eight-month intrusion in the first place? 
DarkReading (April 22, 2014)

Heartbleed Attack Targeted Enterprise VPN
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication. 
DarkReading (April 21, 2014)

Heartbleed: A Password Manager Reality Check
Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers? 
DarkReading (April 18, 2014)

11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing. 
DarkReading (April 17, 2014)

Microsoft Delays Enterprise Windows 8.1 Support Doomsday
Responding to criticism, Microsoft gives businesses until August to adopt Windows 8.1 Update and continue receiving security updates. Consumers still face May 13 deadline. 
DarkReading (April 17, 2014)

White House Details Zero-Day Bug Policy
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement. 
DarkReading (April 15, 2014)

Akamai Withdraws Proposed Heartbleed Patch
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it. 
DarkReading (April 14, 2014)

March 2014

'Thingularity' Triggers Security Warnings
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure? 
DarkReading (March 28, 2014)

Android Apps Hide Crypto-Currency Mining Malware
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
(March 27, 2014)

Cybercrime Black Markets Grow Up
Cybercrime forums selling advanced attacks on demand are outpacing businesses' ability to defend themselves, new study from RAND finds. 
InformationWeek (March 26, 2014)

Outlook Users Face Zero-Day Attack
Simply previewing maliciously crafted RTF documents in Outlook triggers exploit of bug present in Windows and Mac versions of Word, Microsoft warns. 
InformationWeek (March 25, 2014)

Symantec Fires CEO In Surprise Move
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years. 
InformationWeek (March 21, 2014)

Will Target Face FTC Probe?
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story. 
InformationWeek (March 20, 2014)

Linux Takeover Artists Fling 35M Spam Messages Daily
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day. 
InformationWeek (March 19, 2014)

Attackers Hit Clearinghouse Selling Stolen Target Data
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers. 
InformationWeek (March 18, 2014)

DDoS Attacks Hit NATO, Ukrainian Media Outlets
As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine." 
InformationWeek (March 17, 2014)

Target Ignored Data Breach Alarms
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network. 
InformationWeek (March 14, 2014)

Samsung Galaxy Security Alert: Android Backdoor Discovered
Samsung's flavor of Android has a backdoor that can be remotely exploited by attackers, Android developers warn. 
InformationWeek (March 13, 2014)

Bitcoin, Meet Darwin: Crypto Currency's Future
First-movers rarely survive, but some experts see a real future for government-issued crypto currency. 
InformationWeek (March 12, 2014)

Experian ID Theft Exposed 200M Consumer Records
ID theft ring sold database with 200 million consumers' private data to 1,300 criminals. 
InformationWeek (March 11, 2014)

Mt. Gox Chief Stole 100,000 Bitcoins, Hackers Claim
Cryptocurrency aficionados' ire stoked by leaked accounts showing 100,000 bitcoins remain missing. 
InformationWeek (March 10, 2014)

Target CIO's Resignation: 7 Questions
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing. 
InformationWeek (March 6, 2014)

Apple iOS Vulnerable To Hidden Profile Attacks
Unpatched flaw in iOS enables malicious profile users to secretly control devices and intercept data. 
InformationWeek (March 6, 2014)

Bitcoin Heists Cause More Trouble
Attackers continue to pummel bitcoin "banks," exchanges, and crypto-currency users themselves via malware that steals virtual wallets. 
InformationWeek (March 5, 2014)

Malware-Lobbing Hackers Seize 300,000 Routers
Hackers launch scam and malware campaigns after compromising a variety of routers running firmware with known vulnerabilities. 
InformationWeek (March 4, 2014)

Mt. Gox Bitcoin Meltdown: What Went Wrong
Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.
InformationWeek (March 3, 2014)

February 2014

Fresh Target Breach Cards Hitting Black Market
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
InformationWeek (February 28, 2014)

IBM Software Vulnerabilities Spiked In 2013
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds. 
InformationWeek (February 27, 2014)

Apple Patches Mavericks SSL Flaw: Update Now
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS X. 
InformationWeek (February 26, 2014)

Apple SSL Vulnerability: 6 Facts
SSL vulnerability that's been patched in iOS -- but not yet for OS X -- lets attackers intercept email and FaceTime communications, plus push malicious software updates. 
InformationWeek (February 25, 2014)

Healthcare Devices: Security Researchers Sound Alarms
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say. 
InformationWeek (February 24, 2014)

WebView Exploit Affects Most Android Phones
Critical bug affects devices running Jelly Bean (4.2) and earlier Android OSs, including fully updated versions of Google Glass, says Metasploit. 
InformationWeek (February 19, 2014)

Bye, Bitcoin: Criminals Seek Other Crypto Currency
Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint their own virtual currency systems. 
InformationWeek (February 18, 2014)

Snowman Attack Campaign Targets IE10 Zero-Day Bug
Military personnel appear to be the targets of watering-hole attacks from a hacked VFW website. 
InformationWeek (February 14, 2014)

Target Breach: Phishing Attack Implicated
Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network. 
InformationWeek (February 13, 2014)

Bitcoin Exchanges Buckle Under DDoS Attacks
Mutant transaction attacks trigger trading halts at major exchanges. Also, new bitcoin-seeking Trojan targets Mac users. 
InformationWeek (February 12, 2014)

DDoS Attack Hits 400 Gbit/s, Breaks Record
A distributed denial-of-service NTP reflection attack was reportedly 33% bigger than last year's attack against Spamhaus. 
InformationWeek (February 11, 2014)

Florida Sting Nabs Alleged Bitcoin Money Launderers
Florida undercover agents posed as fraudsters seeking to convert cash -- supposedly from stolen credit cards -- into the anonymous, cryptographic currency. 
InformationWeek (February 10, 2014)

Data Breach Notifications: Time For Tough Love
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines. 
InformationWeek (February 7, 2014)

Target Breach: HVAC Contractor Systems Investigated
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network. 
InformationWeek (February 6, 2014)

Hotel Company Investigates Data Breach, Card Fraud
White Lodging, which manages 168 hotels under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach. 
InformationWeek (February 5, 2014)

British Spies Hit Anonymous With DDoS Attacks
British cyber agents attacked Anonymous chat rooms, leaked intelligence documents show. 
InformationWeek (February 5, 2014)

Google Sounds Chrome Browser Hijack Alarm
Chrome users also face subtle attacks, including Chrome extensions that inject unwanted advertisements. 
InformationWeek (February 4, 2014)

January 2014

Yahoo Mail Passwords: Act Now
Yahoo suffers hack attack, eyes third-party database and reused credentials as likely culprits, may enforce two-factor authentication to help users recover accounts. 
InformationWeek (January 31, 2014)

Target Hackers Tapped Vendor Credentials
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach. 
InformationWeek (January 30, 2014)

Angry Birds Site Toppled After Surveillance Report
Syrian Electronic Army ally allegedly defaces Rovio's Angry Birds website over reports that company shared user data with US and UK surveillance agencies. 
InformationWeek (January 29, 2014)

Feds Arrest Bitcoin Celebrity In Money Laundering Case
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace. 
InformationWeek (January 28, 2014)

Michaels Stores Investigates Data Breach
Arts-and-crafts retailer goes into damage-control mode after banks report fraud possibly tied to shoppers' credit cards. 
InformationWeek (January 27, 2014)

Target Breach: Why Smartcards Won’t Stop Hackers
"Chip and PIN" smartcard adoption in the United States is long overdue. But the security improvement wouldn't have stopped Target’s BlackPOS malware attackers. 
InformationWeek (January 24, 2014)

China Blames Massive Internet Blackout On Hackers
Evidence about the 45-minute outage points to botched censorship operation, not hackers, security experts say. 
InformationWeek (January 23, 2014)

Target Breach: 5 Unanswered Security Questions
Investigators have yet to explain how Target was hacked, whether BlackPOS malware infected its payment servers, and whether the same gang also struck other retailers. 
InformationWeek (January 22, 2014)

Target, Neiman Marcus Malware Creators Identified
Eastern European team developed memory-scraping Kaptoxa (BlackPOS) malware, sold it at least 40 times, says cyber-intelligence firm. 
InformationWeek (January 21, 2014)

Target Malware Origin Details Emerge
Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia. 
InformationWeek (January 17, 2014)

Microsoft Delays Windows XP Antivirus Doomsday
Security Essentials for XP gets 15-month extension, but some antivirus vendors promise updates through 2017 and beyond. 
InformationWeek (January 16, 2014)

Java 'Icefog' Malware Variant Infects US Businesses
APT attack campaign uses tough-to-detect Java backdoor to compromise US oil company and two other organizations. 
InformationWeek (January 15, 2014)

Target Breach: 8 Facts On Memory-Scraping Malware
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections? 
InformationWeek (January 14, 2014)

Neiman Marcus, Target Data Breaches: 8 Facts
A cyberattack campaign, likely coordinated, breached data from Target, Neiman Marcus, and at least three other retailers. 
InformationWeek (January 13, 2014)

Target Breach Widens: 70 Million Warned
Target discovers that personal information -- including names and contact information -- for 70 million customers was compromised in recent data breach. 
InformationWeek (January 11, 2014)

NSA Fallout: Why Foreign Firms Won’t Buy American Tech
Mounting evidence points to billions of dollars in lost US business thanks to the NSA's collect-everything mindset. 
InformationWeek (January 10, 2014)

9 Security Experts Boycott RSA Conference
InformationWeek, January 8, 2014
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA. 

Beware PowerLocker Ransomware
Chatter on underground forums traces development of Blowfish-based shakedown malware that encrypts infected PCs. 
InformationWeek (January 7, 2014)

Yahoo Ads Hack Spreads Malware
Millions of users exposed to drive-by malware attacks that targeted Java bugs to install six types of malicious code. 
InformationWeek (January 6, 2014)

7 InfoSec Predictions For 2014: Good, Bad & Ugly
First, the bad news: Windows XP doomsday, escalating ransomware, botnet-driven attacks, emerging SDN threats. The good news: Threat intelligence goes mainstream. 
InformationWeek (January 3, 2014)

December 2013

9 Notorious Hackers Of 2013
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups. 
InformationWeek (December 27, 2013)

RSA Denies Trading Security For NSA Payout
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access. 
InformationWeek (December 23, 2013)

Target Breach: 10 Facts
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards. 
InformationWeek (December 21, 2013)

FBI Traces Harvard Bomb Hoax To Undergrad
The FBI says a Harvard undergrad's decision to access Tor over the university's wireless network helped unmask an alleged sender of bomb threats. 
InformationWeek (December 20, 2013)

7 Reasons Why Bitcoin Attacks Will Continue
Cryptographic currency's rising value makes it an appealing target for cybercrime gangs and crimeware toolkit developers. 
InformationWeek (December 19, 2013)

Target Confirms Hackers Stole 40 Million Credit Cards
Hackers' 19-day heist scoops up all ingredients required to make counterfeit cards. 
InformationWeek (December 19, 2013)

Bitcoin Hit By Gameover Malware, Chinese Crackdown
China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers. 
InformationWeek (December 18, 2013)

'ChewBacca' Malware Taps Tor Network
Malicious Trojan sporting a Star Wars theme uses Tor anonymizing network to disguise its command-and-control communications. 
InformationWeek (December 18, 2013)

Android AV Improves But Still Can't Nuke Malware
Google doesn't let Android antivirus app makers automatically quarantine and zap malware. Until then it's up to users to stay on their toes to prevent infection. 
InformationWeek (December 17, 2013)

Is Mob-Busting RICO Overkill For Combating Cybercrime?
The milestone conviction of 22-year-old David Camez for his participation in a Russian-run "carder" forum raises legitimate questions about the role of RICO in taking down cybercrime. 
InformationWeek (December 17, 2013)

Advanced Power Botnet: Firefox Users, Beware
Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities. 
InformationWeek (December 16, 2013)

NSA's Malware Heroics Questioned By Security Experts
NSA says it thwarted a nation state's BIOS-bricking malware plot, but info security and privacy experts say the agency is trying to snow the American public. 
InformationWeek (December 16, 2013)

Energy Department Breach Years In Making, Investigators Say
July data breach that affected up to 150,000 employees traces back to a string of managerial and technical failures, investigators conclude. 
InformationWeek (December 16, 2013)

Why Fed Cybersecurity Reboot Plan Fails To Convince
Does a presidential commission's hodgepodge analysis and suggestions for improving federal cybersecurity tells us anything we didn't already know? 
InformationWeek (December 13, 2013)

Zeus Banking Malware Gets 64-Bit Facelift
Crimeware toolkit developers follow the money, build new features into the notorious banking malware.
InformationWeek (December 12, 2013)

Cybercrime Milestone: Guilty Plea In RICO Case
Prosecutors use law designed to take down mobsters to fight online crime. 
InformationWeek (December 12, 2013)

Microsoft Patches Windows, Office, IE, SharePoint
Microsoft fixes include patch for in-the-wild Office 365 token-grabbing attack that enabled silent eavesdropping. 
InformationWeek (December 11, 2013)

NSA Tracks Targets With Google Cookies
Leaked NSA documents indicate it uses Google's advertising cookies to track targets for offensive hacking.
InformationWeek (December 11, 2013)

6 Tips To Secure Webcams, Stop Keyloggers
If the FBI can activate webcams silently and record keystrokes, so can attackers. Here's how to defend yourself. 
InformationWeek (December 10, 2013)

Microsoft Fails To Nuke ZeroAccess Botnet
Attacks may be down, but 62% of the malicious infrastructure, along with the P2P communications channel, is alive and well. 
InformationWeek (December 10, 2013)

DARPA Crowdsources Bug-Spotting Games
DARPA debuts five different puzzle games to test whether players can spot mathematical flaws in open-source code used by the Defense Department. 
InformationWeek (December 9, 2013)

China Slams Bitcoins: What's Next?
Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency? 
InformationWeek (December 07, 2013)

JPMorgan Chase Catches Heat On July Breach
The July breach may have exposed cardholders' personal information -- so why did the bank wait more than 2 months to notify state officials and affected customers? 
InformationWeek (December 06, 2013)

Juniper Mobile VPN Client Taps iOS Security Changes
Apple iOS 7 and Android via Samsung add per-app VPNs, which businesses can apply to better secure employees' mobile devices. 
InformationWeek (December 06, 2013)

NSA Fallout: Microsoft Rethinks Customer Data Controls
Fallout over NSA surveillance drives Microsoft to promise widespread security and privacy improvements. But do they go far enough? 
InformationWeek (December 05, 2013)

2 Million Stolen Passwords Recovered
The stash includes purloined Facebook, Google, Twitter, and Yahoo access credentials. Researchers promise to help people who were affected. 
InformationWeek (December 05, 2013)

Bitcoin Password Grab Disguised As DDoS Attack
Attacks against bitcoin users continue, as online forum Bitcointalk.org warns users their passwords might have been stolen in distributed denial of service hack. 
InformationWeek (December 04, 2013)

Hardware Hacker Demos Zombie Drone Hijacker
The SkyJack drone automatically seeks out and hijacks other nearby Parrot drones. Will this mean trouble for Amazon's planned drone delivery fleet? 
InformationWeek (December 04, 2013)

Do Antivirus Companies Whitelist NSA Malware?
Microsoft, Symantec, and McAfee fail to respond to a transparency plea from leading privacy and security experts. 
InformationWeek (December 04, 2013)

IT Jobs Outlook: Salary, Training Spending Rise
Increased spending on salaries, training, and budgets puts IT in a "sweet spot for employment and investment," says latest Society for Information Management data.
InformationWeek (December 03, 2013)

Windows XP Zero-Day Vulnerability Popular
Attackers use malicious PDF documents to exploit bug in Windows XP and Windows Server 2003 and take full control of vulnerable systems. 
(December 02, 2013)

Happy Hour 'Virus' Promises Respite From Work
Need a little extra time off? Ad campaign offers fake virus attack on your computer's screen. 
InformationWeek (December 02, 2013)

November 2013

Android Security: 8 Signs Hackers Own Your Smartphone
Security experts share tips on how to tell if attackers are in control of your Android smartphone.
InformationWeek (November 29, 2013)

NSA Surveillance Fallout Costs IT Industry Billions
Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying. 
InformationWeek (November 27, 2013)

Bitcoin Thefts Surge, DDoS Hackers Take Millions
Cryptographic currency's massive rise in value leads to a corresponding increase in online heists by criminals seeking easy paydays. 
InformationWeek (November 27, 2013)

Microsoft Office 365 Encrypted Email On Tap
Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail. 
InformationWeek (November 26, 2013)

Dataium Settles Browser History Sniffing Charges
The car buyer tracking firm was accused of using JavaScript to illegally identify websites visited by 181,000 named consumers, and selling harvested information. 
InformationWeek (November 26, 2013)

NSA Surveillance Infected 50,000 PCs With Malware
Leaked document details agency's "implants," satellite intercepts, joint CIA eavesdropping operations, and embassy-based monitoring programs abroad. 
InformationWeek (November 25, 2013)

LG Admits Smart TVs Spied On Users
LG admits it collected information on consumers' viewing habits, promises firmware update to honor opt-out requests. 
InformationWeek (November 22, 2013)

Google Settles With State AGs On Privacy
Google agrees to pay $17 million to 37 states to settle claims it circumvented cookie-blocking controls in Apple's Safari browser. 
InformationWeek (November 22, 2013)

'i2Ninja' Trojan Taps Anonymized Darknet
New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.
InformationWeek (November 21, 2013)

Close HealthCare.gov For Security Reasons, Experts Say
Testifying before the House technology committee, four security experts advise would-be HealthCare.gov users to steer clear of the site, pending security improvements.
InformationWeek (November 20, 2013)

Cupid Concedes January Hack, 42 Million Passwords Stolen
Separately, Github forces some users to reset weak passwords following a rapid attack launched via 40,000 IP addresses.
InformationWeek (November 20, 2013)

Mobile App Security: 5 Frequent Woes Persist
HP Fortify study finds five frequent problems that make mobile apps vulnerable, recommends simple-to-implement information security fixes.
InformationWeek (November 20, 2013)

iPhone Photo Leads To Cybercrime Arrest
The FBI uses an iPhone photo to nab six members of a cybercrime ring accused of stealing $45 million via ATMs. 
InformationWeek (November 19, 2013)

vBulletin.com Hacked, Customer Data Stolen
"Inj3ct0r Team" hackers claim they employed vBulletin zero-day bug to take down both vBulletin.com and MacRumors, offer to sell related exploit.
InformationWeek (November 18, 2013)

FBI Blames Federal Hacks On Anonymous Campaign
A British suspect is accused of attacking numerous government agencies, including the U.S. Army and NASA.
InformationWeek (November 18, 2013)

LinkedIn Lesson: Detail Security First, Feature Fest Second
Memo to businesses with an information security trust deficit: Prove how you're going to keep our data secure.
InformationWeek (November 15, 2013)

4 Lessons From MongoHQ Data Breach
Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers.
InformationWeek (November 15, 2013)

Microsoft May Encrypt All Server-To-Server Communications
Microsoft admits it doesn't encrypt all server-to-server communications, opening the way for the NSA and others to access the data flow.
InformationWeek (November 15, 2013)

Obamacare Website Suffers Few Hack Attacks
Affordable Care Act site has faced a relatively low volume of attacks, compared with other federal websites. 
InformationWeek (November 15, 2013)

MacRumors Hacker Promises Stolen Passwords Are Safe
Hacker grabbed 860,000 passwords for fun, but promises not to leak or use them to harm people.
InformationWeek (November 14, 2013)

Kelihos Botnet Thrives, Despite Takedowns
Fast flux infrastructure and Windows XP infections continue to keep the botnet alive.
InformationWeek (November 13, 2013)

Facebook Forces Some Users To Reset Passwords
Facebook is asking users whose passwords may have been exposed on others sites to change passwords to access the social website.
InformationWeek (November 13, 2013)

Criminals Exploit Microsoft Office Zero-Day Flaw
At least two sets of attackers have been using malicious Office documents to exploit the graphics processing vulnerability.
InformationWeek (November 08, 2013)

Hackers Threaten Destruction Of Obamacare Website
DDoS tool targets the federal Affordable Care Act website. But will it work?
InformationWeek (November 08, 2013)

ColdFusion Hacks Point To Unpatched Systems
Several highly publicized hacks have been traced to unpatched ColdFusion vulnerabilities, collectively leading to one million records being stolen.
InformationWeek (November 7, 2013)

PCI Council Strengthens Security Standard
Payment card industry's latest information security standard adds penetration testing, malware, authentication, physical security and other requirements.
InformationWeek (November 7, 2013)

Windows XP Security Apocalypse: Prepare To Be Pwned
Patching XP makes Microsoft no money. But millions of unpatched and easy-to-exploit systems equal cybercrime payday.
InformationWeek (November 7, 2013)

IT Budgets, Salaries To Grow In 2014
Almost two-thirds of CIOs said they plan to boost salaries -- for security personnel, developers, big-data specialists and more -- as part of overall 2014 IT budget increase.
InformationWeek (November 6, 2013)

Cisco Launches App-Centric Security Tools
Cisco's new networking products enforce application-centric security and access policies across physical and virtual environments to simplify IT security management.
InformationWeek (November 6, 2013)

Android KitKat Security Teardown: 4 Hits, 1 Miss
Google sweetens Android with SELinux, plus anti-rootkit technology that makes life difficult for malware -- but also for Android modders.
InformationWeek (November 5, 2013)

Malware Alert: Is 'BadBIOS' Rootkit Jumping Air Gaps?
Security researcher believes unusually advanced malware might be transmitting stolen data via ultrasonic sounds, but other experts remain skeptical.
InformationWeek (November 5, 2013)

Liberty Reserve Operator Pleads Guilty To Money Laundering
N.Y.-based co-founder of anonymous digital currency service that allegedly laundered $6 billion also admits to marriage fraud, repeat child pornography charges.
InformationWeek (November 4, 2013)

October 2013

MongoHQ To Customers: Change Database Passwords
Following security breach, MongoDB hosting firm advises customers to change database passwords as it locks down systems and bolsters security defenses.
InformationWeek (October 30, 2013)

Windows XP Malware: 6X As Bad As Windows 8
WinXP is already an easy target for hackers, and it will get even simpler once Microsoft ends support for the 12-year-old OS in April.
InformationWeek (October 30, 2013)

Google Captcha Dumps Distorted Text Images
Tired of reading those wavy words? Changes to Google's reCaptcha system -- which doubles as quality control for its book and newspaper scanning projects -- prioritize bot-busting puzzles based on numbers.
InformationWeek (October 29, 2013)

Syrian Hackers Attack Obama's Website
Pro-Syrian regime hackers gain ability to redirect Twitter and Facebook short links because staff failed to use Google two-factor authentication.
InformationWeek (October 29, 2013)

Twitter Two-Factor Lockout: One User's Horror Story
Is the security payoff from using Twitter's two-factor authentication system worth the risk of losing account access?
InformationWeek (October 29, 2013)

Dutch Banking Malware Gang Busted: Bitcoin's Role
Dutch police arrest four men on charges of using TorRAT banking malware to steal an estimated $1.4 million from consumers. They allegedly laundered the funds using the cryptographic currency known as Bitcoins.
InformationWeek (October 28, 2013)

Project Sonar: Security Testers Of A New Kind
Crowdsourced Project Sonar aims to put C-level execs and their companies' security vendors on their toes.
InformationWeek (October 28, 2013)

Chinese Antivirus Firm NQ Called 'Massive Fraud'
Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.
InformationWeek (October 25, 2013)

Experian Breach Fallout: ID Theft Nightmares Continue
Data brokers amassing gigantic data stores of people's valuable personal information are too big to not fail. Why are consumers getting stuck with the mess?
InformationWeek (October 25, 2013)

Browser Fingerprinting: 9 Facts
Tracking technology that can identify individual identities and devices is improving faster than consumers might realize, warn privacy researchers.
InformationWeek (October 24, 2013)

LinkedIn Intro Service Triggers Security, Privacy Fears
LinkedIn wants to scans your emails to add more information about the sender, raising the hackles of security and privacy advocates.
InformationWeek (October 24, 2013)

Network Solutions Outage: Third Time Not Charming
Network Solutions blames blacklisted servers and DNS problems after going down for the third time in as many months on Sunday. Some customers say goodbye.
InformationWeek (October 23, 2013)

Google Project Shield Promises DDoS Attack Prevention
Project Shield service is designed to keep static websites for human rights, election and news groups online, but it might presage a commercial Google DDoS defense service.
InformationWeek (October 22, 2013)

Dept. Of Energy Breach: Bigger Than We Realized
DOE says July data breach affected more than double the number of people in initial estimates. CIO tasks an independent investigator to probe breach and agency's technology infrastructure.
InformationWeek (October 22, 2013)

Experian Sold Data To Vietnamese ID Theft Ring
Fake private investigation firm tricked data broker into divulging numerous Americans' names, social security numbers, birthdates and bank account numbers.
InformationWeek (October 21, 2013)

Microsoft Suspends Windows RT 8.1 Update
Microsoft hasn't released a repair for RT devices bricked by a boot configuration "blue screen of death," but unofficial fix appears to work.
InformationWeek (October 21, 2013)

Huawei Proposes Independent Cybersecurity Testing Labs
Independent bodies would be funded by vendors, customers and government agencies, and validate products' performance, security and overall trustworthiness.
InformationWeek (October 18, 2013)

Forget Captcha, Try Inkblots
Researchers propose using an inkblot-matching scheme, dubbed Gotcha, to defeat dictionary-based hacks of the Captcha system.
InformationWeek (October 17, 2013)

Oracle Issues Massive Security Patch For Java, Databases
Oracle's quarterly update includes 127 security patches, including fixes for remotely exploitable Java flaws.
InformationWeek (October 16, 2013)

NSA Harvests Personal Contact Lists, Too
Surveillance agency's bid to connect the dots leads to its annually harvesting 250 million global webmail and IM account contact and buddy lists.
InformationWeek (October 15, 2013)

Anonymous Targets Alleged Rapists In Maryville, Mo.
Hacktivists launch "#OpMaryville," charge that justice wasn't served and rape case should be reopened.
InformationWeek (October 15, 2013)

D-Link Router Vulnerable To Authentication Bypass
Multiple D-Link, Planex and Virgin Mobile routers have a firmware vulnerability that attackers could exploit to directly access and alter the devices.
InformationWeek (October 14, 2013)

Do Smartphone Sensors Present Security Risk?
Variations in how different smartphone accelerometers record data raise concerns that advertisers, intelligence agencies or others could use this information to identify individual devices.
InformationWeek (October 14, 2013)

NSA Hack Attacks: Good Value For Money?
Leaked operations manual reveals NSA attack techniques that are not significantly better than common cybercrime capabilities, despite their high cost to government.
InformationWeek (October 11, 2013)

GoDaddy Cancels Lavabit's Crypto Key
Lavabit owner fights court order demanding he turn over the keys to his encrypted email service to aid the FBI's Snowden investigation.
InformationWeek (October 11, 2013)

Advertisers Evade 'Do Not Track' With Supercookies
Many popular sites use JavaScript and Flash font probes to track users and their browsing habits across multiple devices, researchers say.
InformationWeek (October 10, 2013)

NSA Lawsuit Proceeding, Despite Government Shutdown
Privacy groups successfully argued that if federal furloughs haven't stopped NSA's call-tracking programs, then related lawsuits shouldn't be delayed.
InformationWeek (October 10, 2013)

Microsoft Patches Two Internet Explorer Bugs
Microsoft and Adobe this week release a slew of fixes, including patches for zero-day vulnerabilities and remote code execution flaws.
InformationWeek (October 09, 2013)

LulzSec Hackers Evade Irish Jail Time
In Ireland's first-ever successful computer crime prosecution, two hackers with ties to LulzSec and Anonymous get probation and fines -- but so far no extradition to face charges in the U.S.
InformationWeek (October 09, 2013)

Google: Don't Fear Android Malware
Google says mobile malware threat is overblown, with problems seen in just 0.001% of Android app downloads.
InformationWeek (October 08, 2013)

Cybercrime Costs Skyrocket
U.S. businesses now face average annual costs of $11.6 million to combat cybercrime, says study.
InformationWeek (October 08, 2013)

NSA Battles Tor: 9 Facts
National Security Agency has had limited success in cracking Tor communications. Here's what we have learned about the anonymizing network.
InformationWeek (October 08, 2013)

5 Obamacare Health Site Security Warnings
Early shakedowns of the health insurance exchange websites show they are vulnerable to cross-site request forgery, clickjacking and cookie attacks, among other risks.
InformationWeek (October 07, 2013)

Lavabit Owner Fined For Resisting FBI Demands
Unsealed court documents reveal new details in encrypted email service provider's role in protecting identity of whistleblower Edward Snowden.
(October 04, 2013)

Operation Payback: Feds Charge 13 On Anonymous Attacks
Men accused of launching DDoS attacks against MPAA, RIAA, Visa, MasterCard and other organizations perceived to be hostile to piracy sites and WikiLeaks.
InformationWeek (October 04, 2013)

Adobe Customer Security Compromised: 7 Facts
Could stolen ColdFusion and Acrobat source code spawn a new generation of zero-day attacks?
InformationWeek (October 04, 2013)

Stratfor Hacker: FBI Entrapment Shaped My Case
Hacker Jeremy Hammond asks for leniency before sentencing, citing the role of FBI informant Sabu in his case. How far can the FBI go with suspected computer criminals?
InformationWeek (October 04, 2013)

NSA Discloses Cellphone Location Tracking Tests
National Security Agency director tells Congress that the 2010 mass surveillance pilot program has been discontinued -- at least for the moment.
InformationWeek (October 03, 2013)

Google Wiretapping Lawsuits Can Proceed, Judges Say
Lawsuits allege that Google's automated scans of Gmail content for advertising purposes and its Street View Wi-Fi data collection violate wiretap laws.
InformationWeek (October 02, 2013)

Online Health Exchanges: How Secure?
Is the data hub created by Obamacare a hacker's dream?
InformationWeek (October 02, 2013)

John McAfee Wants To Shield You From NSA
Eccentric antivirus company founder pitches $100 gadget meant to help you evade all forms of electronic surveillance.
InformationWeek (October 01, 2013)

WordPress Site Hacks Continue
70% of WordPress sites are running outdated software and are vulnerable to hackers launching DDoS attacks. Recent examples hit MIT, NEA and Penn State servers.
InformationWeek (October 01, 2013)

September 2013

Project Sonar Crowdsources A Better Bug Killer
Scans of the entire Internet for known vulnerabilities turn up terabytes of data, but the next steps won’t be easy.
InformationWeek (September 30, 2013)

Android Facebook App Users: Patch Now
Facebook has fixed a bug in its Android app that left photos vulnerable to interception.
InformationWeek (September 20, 2013)

iPhone Fingerprint Hack Contest Dangles $18,000
Crowd-funded effort also promises erotica, bourbon, bitcoins and whiskey to the first person who can successfully bypass the iPhone 5s Touch ID fingerprint reader.
InformationWeek (September 20, 2013)

Apple Hacker: Mobile Malware Threat Overrated
Android and iOS exploit expert Charlie Miller says businesses have more pressing security concerns than today's minuscule amount of mobile malware.
InformationWeek (September 20, 2013)

Google's Plan To Kill Cookies
Google proposes anonymous identifier for advertising, or AdID, to replace cookies used by third-party marketers. Google would benefit -- but would consumers?
InformationWeek (September 20, 2013)

Shylock Malware Resurges, Targets Top U.S. Banks
Major U.S. financial firms are being targeted by tough-to-detect malware that can steal money while customers access their online accounts.
InformationWeek (September 19, 2013)

Chinese "Hidden Lynx" Hackers Launch Widespread APT Attacks
Symantec says advanced persistent attack operators are tied to hundreds of cyber break-ins, including Operation Aurora against Google.
InformationWeek (September 18, 2013)

Microsoft: Beware IE Zero-Day Attacks
Microsoft offers temporary fix for security flaw in most versions of Internet Explorer, but doesn't yet have a patch to stop attackers from remotely executing code.
InformationWeek (September 18, 2013)

HP Portal Crowdsources Security Threat Intelligence
Along with threat intelligence sharing portal, HP reveals next-generation firewall, a self-healing BIOS, and revamped DDoS detection and mitigation services.
InformationWeek (September 17, 2013)

NSA Contracted With Zero-Day Vendor Vupen
NSA likely used French exploit service to keep tabs on the competition and run "deniable cyber ops," says cyber-weapon critic.
InformationWeek (September 17, 2013)

Dropbox Responds To Security Flap
After questions from a security researcher, Dropbox says that it opens links in uploaded documents in conjunction with the preview feature. Dropbox also is trying to address DDoS concerns.
InformationWeek (September 16, 2013)

FBI Admits To Tor Server Takeover
Bureau was accused of using malware to infect visitors to Freedom Hosting sites, to identify Irishman accused of running the world's largest child porn ring.
InformationWeek (September 16, 2013)

Apple Hackers Rate iPhone 5s Security
Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off?
InformationWeek (September 13, 2013)

Mobile Bug Bounty: $300K For New Exploits
Mobile Pwn2Own contest's prize money may be too far below the zero-day vulnerability market rate to net meaningful submissions.
InformationWeek (September 13, 2013)

Microsoft Nukes Buggy Office 2013) Update
Second batch of faulty software from Microsoft in two months reinforces recommendation to patch in staggered fashion.
InformationWeek (September 12, 2013)

NSA Fallout: Encrypt Everything, Enterprises Advised
The NSA may have cracked crypto and added product backdoors, but businesses must focus on internal security practices as well.
InformationWeek (September 12, 2013)

NSA Vs. Your Smartphone: 5 Facts
No, the NSA can't magically hack all iPhones and smartphones, but just like malware developers, it has more than a few tricks up its sleeve for retrieving data stored on mobile devices.
InformationWeek (September 11, 2013)

iPhone 5s Fingerprint Scanner: 9 Security Facts
Will Apple's fingerprint-based authentication make your iPhone 5s more secure, or will it cause more trouble than it's worth?
InformationWeek (September 11, 2013)

Cisco Launches Security Services Division
New consulting, product implementation and support, and managed services division reflects industry push to provide broader information security services to customers.
InformationWeek (September 10, 2013)

NSA Fallout: Google Speeds Data Encryption Plans
Google's initiative to encrypt data in its internal data centers will slow -- but not prevent -- sophisticated government hackers from surreptitiously monitoring traffic.
InformationWeek (September 10, 2013)

NSA Crypto Revelations: 7 Issues To Watch
After latest NSA leaks, security and crypto experts sound off on repercussions, unanswered questions and ramifications for U.S tech vendors selling abroad.
InformationWeek (September 09, 2013)

Nigerian Scam Keylogger Tactics Exposed
Hacker shares look into PrivateRecovery service, which offers would-be scammers customized keyloggers disguised as screen savers.
InformationWeek (September 09, 2013)

FBI Warns Of Syrian Electronic Army Hacking Threat
Recent string of high-profile website and Twitter takedowns leads some security professionals to question whether hackers are getting help from Iran.
InformationWeek (September 06, 2013)

Researcher Pokes Holes In Java 7 Security
Programmer questions Java 7 security model, details hacks that allow faked app locations and server redirects.
InformationWeek (September 05, 2013)

Chicago Leads In Smartphone Thefts
Most mobile devices are stolen at public schools, followed by personal automobiles, and wind up as far away as Mongolia and other farflung places, says study.
InformationWeek (September 05, 2013)

Can You Hack A Heartbeat?
Nymi biometric wristband promises to let you unlock everything from cars to hotel rooms without a PIN or password. It authenticates you using heart rhythms.
InformationWeek (September 04, 2013)

Google Preps Fix For iOS Authenticator Wipe
Apple yanks Google Authenticator from App Store after updated two-factor authentication app deletes all related security tokens on devices.
InformationWeek (September 04, 2013)

30-Second HTTPS Crypto Cracking Tool Released
BREACH testing tool reveals sites susceptible to attack that recovers plaintext information from encrypted traffic.
InformationWeek (September 03, 2013)

Energy Department Updates Breach Count, Says 53,000 Affected
DOE offers employees a free year of identity theft monitoring services after hackers steal personal info, including social security numbers.
InformationWeek (September 03, 2013)

August 2013

Custom Chrome Browser Promises More Privacy, No Tracking
Hidden Reflex launches Chromium-based browser tweaked to block advertisers' tracking networks while speeding up page-load times.
InformationWeek (August 31, 2013)

Energy Dept. Hack Details Emerge
Exclusive: Unpatched ColdFusion server containing employee information was hacked; agency claims lack of budget to put proper fixes in place.
InformationWeek (August 30, 2013)

Malicious Chrome Extension Poses As Facebook Video
As malware attacks targeting browser extensions become more common, security researchers advise users to be more careful about installing extensions and to regularly review permissions.
InformationWeek (August 30, 2013)

Kelihos Botnet Taps Spam Blocklists To Hone Attacks
Malware taps legitimate anti-spam services from the likes of SpamHaus and Sophos before turning PC into control proxy or spam relay.
InformationWeek (August 30, 2013)

Lessons Learned From N.Y. Times Hack Attack
How could the Times have recovered faster after the Syrian Electronic Army attacked its DNS registry? Here are six considerations to help protect your business from similar harm.
InformationWeek (August 29, 2013)

Java Malicious App Alert System Tricked
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix.
InformationWeek (August 29, 2013)

Feds Charge Wall Street Traders With Code Theft
Three men accused of stealing Flow Traders' proprietary high-frequency trading information and algorithms.
InformationWeek (August 28, 2013)

NY Times Caught In Syrian Hacker Attack
Hacks amount to "warning shots," threatening more widespread cyberattacks should the U.S. and allies launch military campaign against Syria, warns security expert.
InformationWeek (August 28, 2013)

Anonymous Hacker Claims FBI Directed LulzSec Hacks
Admitted hacker Jeremy Hammond alleges FBI used informer Sabu to persuade LulzSec and Anonymous to hack into foreign governments' networks.
InformationWeek (August 27, 2013)

Department Of Energy Cyberattack: 5 Takeaways
Exclusive: Outdated, unpatched system blamed for DOE breach, but agency said to be getting its cybersecurity house in order.
InformationWeek (August 27, 2013)

Hackers Target Java 6 With Security Exploits
Security experts spot code that attacks vulnerability in Java 6, urge users to upgrade to Java 7 immediately.
InformationWeek (August 26, 2013)

Hack My Google Glass: Security's Next Big Worry?
Wearable computing devices must strike a difficult balance between security and convenience. A recent episode involving Google Glass and malicious QR codes raises questions.
InformationWeek (August 26, 2013)

NSA Paid Tech Companies Millions For Prism
Leaked documents show taxpayer cost of involving Google, Microsoft and other tech companies in Prism digital dragnet.
InformationWeek (August 23, 2013)

Nasdaq Outage Explored: 7 Facts
Security experts dismiss reports that DDoS attack compromised systems in New York City and crashed Nasdaq exchange. But squirrels have not been ruled out.
InformationWeek (August 23, 2013)

Russia May Block Tor
In effort to combat child porn, Russian security forces consider installing filters preventing access to Tor networks. But experts say blocking the anonymizing service could be difficult.
InformationWeek (August 22, 2013)

FBI: Anonymous Not Same Since LulzSec Crackdown
Bureau says that after "dismantlement of the largest players" in LulzSec, domestic hacktivism remains a shadow of its former self.
InformationWeek (August 22, 2013)

Natural Disasters Cause More Downtime Than Hackers
Study of 79 Internet and telephony outages in 18 European countries found that storms -- especially snowstorms -- caused significantly longer outages than cyberattacks.
InformationWeek (August 22, 2013)

Hacker Leaks 15,000 Twitter Access Credentials, Promises More
Twitter users should revoke and reassign access for all third-party Twitter apps to mitigate vulnerability, security expert urges.
InformationWeek (August 21, 2013)

Microsoft Windows Defender Stumbles In Malware Tests
Microsoft's free anti-virus software came in last among 23 programs at catching known malware in an AV program shootout, says independent testing firm.
InformationWeek (August 21, 2013)

Facebook Declines Bug Bounty, But Crowdsourced Effort Pays
Security researchers, unhappy with Facebook's decision to withhold reward, come up with the cash on their own.
InformationWeek (August 20, 2013)

Facebook Slaps Researcher Who Hacked Zuckerberg's Wall
No bug bounty for you, says social network, after rebuffed researcher demonstrates massive security flaw by posting to Facebook founder's own wall.
InformationWeek (August 19, 2013)

Google's Four Minute Blackout Examined
Google hasn't explained Friday's four-minute blackout of all Google services, but experts say a hack attack is not the likely cause.
InformationWeek (August 19, 2013)

3 Signs You're Phishing Bait
Beware, introverts and overconfident people. Phishers love to fool you, email security researchers say.
InformationWeek (August 14, 2013)

Facebook Stalking Fears: 6 Geotagging Facts
A meme gained steam this week about child stalkers' ability to use GPS-tagged smartphones images posted on social networks. We break down the privacy facts.
InformationWeek (August 14, 2013)

The Trouble With Smartphone Kill Switches
To fight smartphone theft, public officials tell smartphone makers to add remote-deactivation, tracking and recovery features. But manufacturers may not do the job right.
InformationWeek (August 14, 2013)

10 Apps Blocked By Enterprises
Commonly blacklisted and whitelisted iOS and Android apps include DropBox, Netflix and Angry Birds. Why aren't more companies blacklisting mobile device apps?
InformationWeek (August 13, 2013)

Android Malware Being Delivered Via Ad Networks
Attackers are using mobile ad network software installed on smartphones to push malicious JavaScript and take control of devices.
InformationWeek (August 13, 2013)

NSA: We Touch Only 1.6% Of Internet Traffic
Intelligence agency releases new details about the scope and scale of its digital dragnet.
InformationWeek (August 12, 2013)

Cyber Criminals Find New Online Currency Service
Since the Justice Department shut down digital currency service Liberty Reserve, a new cyber underground payment standard has emerged.
InformationWeek (August 12, 2013)

Google Play: Beware Android Adware Infestation
Watch what you download: Study finds that 22% of the top Android apps in Google's official app store are adware.
InformationWeek (August 09, 2013)

Lavabit, Silent Circle Shut Down: Crypto In Spotlight
Two encrypted email services shut the doors; gag order clouds details of apparent U.S. government interest related to Snowden case.
InformationWeek (August 09, 2013)

Chrome Security Shocker Creates Password Anxiety
Google responds to criticism of stored password handling; security experts say Chrome security team is missing the forest for the trees.
InformationWeek (August 08, 2013)

30-Second HTTPS Traffic Attack: No Fix
Researchers who discovered BREACH vulnerability promise a tool to see if your site is at risk -- but say there's no easy fix.
InformationWeek (August 08, 2013)

DEA, NSA Teamwork: 6 Privacy Worries
Government agents investigating criminal cases reportedly are tapping into NSA-furnished intelligence. Legal experts cry foul.
InformationWeek (August 08, 2013)

Twitter Overhauls Two Factor Authentication System
Take two: Twitter drops SMS for private keys stored on Android or iPhone smartphones, adds previously missing recovery capability.
InformationWeek (August 07, 2013)

Windows Phone 8 Crypto Weakness Equals Wi-Fi Risk
Microsoft warns information security managers to validate access points or risk attackers exploiting weak crypto to steal network credentials, gain access.
InformationWeek (August 06, 2013)

Android Trojan Banking App Targets Master Key Vulnerability
Sluggish Android updates put users at risk. Could rising public awareness of the flaw lead carriers and device makers to patch more quickly?
InformationWeek (August 06, 2013)

Android One-Click Google Apps Access Cracked
Hackers could intercept Android users' unique authentication token and gain unauthorized access to Google Apps, Gmail, Drive and other services.
InformationWeek (August 05, 2013)

HTTPS Hackable In 30 Seconds: DHS Alert
Department of Homeland Security urges all website operators to review whether they're vulnerable to new crypto attack. No easy fix exists.
InformationWeek (August 05, 2013)

Tor Anonymity Cracked; FBI Porn Investigation Role Questioned
Some security experts ask whether an FBI sting operation exploited a vulnerability in Firefox to disable the anonymity offered by the Tor network.
InformationWeek (August 05, 2013)

Apple iOS Fingerprint Scanner Has Security Limits
Thumb-scan authentication for your smartphone might sound sexy, but bypasses remain all too easy.
InformationWeek (August 01, 2013)

July 2013

Syrian Electronic Army Hacks White House Media Team
Hackers fail to take over White House website, and then got their Twitter accounts suspended for boasting about subsequent Thomson Reuters takeover.
InformationWeek (July 30, 2013)

How To Hack A Porsche Research Muffled

Court halts disclosure of research into exploitable vulnerabilities in late-'90s immobilizer technology still being used to secure cars made by Audi, Volkswagen and others.
InformationWeek (July 30, 2013)

Intelligence Agencies Banned Lenovo PCs After Chinese Acquisition
U.S. feared use of PCs built by Lenovo posed security threat long before spying concerns over Huaweii and ZTE surfaced.
InformationWeek (July 29, 2013)

Scam Android Apps Plague Google Play
Victims get hit with a bill of more than $3,000 -- and given just three days to pay -- for what's labeled as an annual subscription fee to an online adult video site.
InformationWeek (July 29, 2013)

Can The NSA Really Track Turned-Off Cellphones?
It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.
InformationWeek (July 25, 2013)

Network Solutions Knocked Down Again
MySQL problems to blame for customers' website editing and permission change problems, says hosting provider, but users suspect more nefarious cause.
InformationWeek (July 24, 2013)

Royal Baby Malware Attacks
Hackers capitalize on mania for royal baby and upcoming zombie game; fake versions of real Android apps created via Master Key vulnerability found in China.
InformationWeek (July 24, 2013)

How NSA Data Demands On Microsoft Shape Your Security
Microsoft is legally prevented from saying too much about charges it collaborated with the NSA. Product security gets caught in this complex situation.
InformationWeek (July 24, 2013)

Russian Trojan With Twist Targets Financial Details
Malware, designed to not infect Russian or Ukrainian PCs, is already for sale on cybercrime underground, says RSA.
InformationWeek (July 23, 2013)

Syrian Electronic Army Returns, Smacks Down Tango
Pro-Assad hacktivists steal Tango chat app's user details and deletes related article from Daily Dot media site despite its knowledge of imminent attack.
InformationWeek (July 23, 2013)

What Cisco Gains From Sourcefire
$2.7 billion acquisition deal brings intrusion expertise; Sourcefire promises Snort intrusion detection and prevention system will remain free and open source.
InformationWeek (July 23, 2013)

Network Solutions Recovers After DDoS Attack
Customers still report ongoing outages in wake of last week's attacks.
InformationWeek (July 22, 2013)

Apple Developer Forum Hack Explained
Turkish security researcher said his bug report wasn't malicious, disputes Apple's claim that attack compromised information on iOS and Mac OS X developers.
InformationWeek (July 22, 2013)

Huawei Spies For China, Former NSA Director Says
Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.
InformationWeek (July 19, 2013)

Java Dregs Create Unappetizing Enterprise Security Problem
Why is Java still such a security weakspot? Java updates don't nuke all older versions, leaving plenty of well-known vulnerabilities for online attackers to exploit.
InformationWeek (July 18, 2013)

Anonymous To FEMA: Shall We Play A Game?
Offended by FEMA's portrayal of fictional hacktivists as anti-American and easily defeated, Anonymous strikes back with data dump.
InformationWeek (July 18, 2013)

Google Play Has Apps Abusing Master Key Vulnerability
Two apps currently available for download in Google Play abuse the critical master key vulnerability that affects almost all Android devices. Is Google reviewing apps for the flaw?
InformationWeek (July 17, 2013)

Tumblr iPhone Vulnerability: Change Passwords Now
Passwords are transmitted in plaintext by Tumblr's iPhone and iPad apps, leaving them vulnerable to being intercepted.
InformationWeek (July 17, 2013)

Google Glass Gets Patch To Avoid Hacks
Google has patched a vulnerability that attackers could exploit via QR codes to take full control of the wearable Google Glass devices.
InformationWeek (July 17, 2013)

Anonymous Not Behind Attacks, South Korea Says
June's online attacks against South Korean government agencies and private businesses trace back to hackers operating from North Korea, not Anonymous, officials say.
InformationWeek (July 16, 2013)

Android Users Can Patch Critical Flaw
ReKey app can be used to patch vulnerability that affects 99% of all Android smartphones and tablets, but requires rooting devices first.
InformationWeek (July 16, 2013)

Chrome Users More Likely To Ignore Security Warnings
Security messages affect user behavior -- as long as they're well-designed, according to study of Chrome and Firefox users.
InformationWeek (July 15, 2013)

Jay-Z App, Amazon Extension Slammed On Privacy
Android app offers free album for users' account, login info; meanwhile, Amazon 1Button extension for Chrome reports user activity to Amazon.
InformationWeek (July 15, 2013)

Microsoft Helped NSA Siphon Hotmail, Skype User Data
Microsoft says it takes your privacy seriously, but legal compliance with court-ordered NSA surveillance programs -- including Prism -- is mandatory.
InformationWeek (July 12, 2013)

Feds Shared Chinese Hacker Data With Service Providers
FBI and Homeland Security temporarily slowed attacks by giving U.S. service providers info on Chinese hackers' command-and-control infrastructure.
InformationWeek (July 12, 2013)

Overcome The Microsoft Mindset: Patch Faster
Why can't vendors patch every critical bug like it was the Pwn2Own competition?
InformationWeek (July 12, 2013)

Bug Bounty Programs Beat Internal Researchers
Want to chase down vulnerabilities faster? Paying external security researchers delivers great bang for the buck, study says.
InformationWeek (July 11, 2013)

NSA Fallout: No Feds At Def Con
It's not us, it's you, Def Con founder tells NSA, CIA and FBI, saying attendees need "time to think" about recently revealed mass-surveillance programs.
InformationWeek (July 11, 2013)

Hackers Tap Windows Bug Revealed By Google Researcher
Windows bug details disclosed by Google researcher Tavis Ormandy in May were quickly used by online attackers, Microsoft says.
InformationWeek (July 10, 2013)

Hack 99% Of Android Devices: Big Vulnerability
Critical vulnerability that affects almost all Android devices now in operation could allow attackers to use exploit code to easily infect devices with a Trojanized version of a legitimate app.
InformationWeek (July 10, 2013)

South Korean Bank Hackers Target U.S. Military Secrets
Wiper malware APT gang has been traced to four-year military espionage campaign.
InformationWeek (July 09, 2013)

'Zombie Apocalypse' Broadcast Hoax Explained
Homeland Security details vulnerabilities in emergency alert equipment that have been exploited to create hoax broadcasts.
InformationWeek (July 09, 2013)

Google Settles Text Spam Suit For $6 Million
Lawsuit accused Google's Disco "group texting" service of having "jammed" cellphones with torrents of unwanted texts.
InformationWeek (July 08, 2013)

Encrypted IM Tool Vulnerable To Eavesdropping
Bugs in instant messaging encryption tool Cryptocat left users' group chats vulnerable to eavesdropping for over a year, says security researcher.
InformationWeek (July 08, 2013)

Child Privacy Online: FTC Updates COPPA Rules
Children's Online Privacy Protection Act of 1998 expands to regulate behavioral tracking, plus geolocation data, photos, videos and audio recordings made by kids under 13.
InformationWeek (July 05, 2013)

Android Phone Numbers Leaked By Facebook App
Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.
InformationWeek (July 03, 2013)

Skype Bug Enables Android Lock Screen Bypass
Up to half a billion Android devices that have Skype installed are vulnerable to having their lock screen bypassed and being "attack-dialed."
InformationWeek (July 02, 2013)

Feds Arrest Alleged Romney Tax Return Hacker
"Dr Evil" demanded $1 million in Bitcoins to prevent release of Mitt Romney's tax returns during the 2012 election season.
InformationWeek (July 02, 2013)

9 Android Apps To Improve Security, Privacy
Secure your Android smartphones and tablets using antivirus, encrypted communications, child locks, password managers and other tools featured in our roundup.
InformationWeek (July 02, 2013)

Snowden's Real Job: Government Hacker
NSA whistleblower's bland job title -- infrastructure analyst -- disguised actual responsibilities: Finding new ways to hack into foreign networks and telecommunications systems.
InformationWeek (July 01, 2013)

June 2013

How To Hack Facebook In 60 Seconds
Facebook rewards U.K. researcher with $20,000 for discovering a mobile device confirmation bug that could be used to take control of any Facebook account.
InformationWeek (June 28, 2013)

IE, Chrome Browser Attack Exploits Windows PCs
Microsoft says the social-engineering vulnerability, which uses "pop-under" browser notifications and a fake Captcha, isn't a Windows bug.
InformationWeek (June 28, 2013)

Sextortion Warning: Masking Tape Time For Webcams
"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.
InformationWeek (June 28, 2013)

Older Android Devices At Risk As Carriers Delay Upgrades
Latest version of Android OS rebuffs most malware, says study, but carriers continue to drag their feet on providing upgrades and patches.
InformationWeek (June 27, 2013)

This Email Will Self-Destruct: AT&T Seeks Patent
Demand for self-deleting messages is on the rise, as demonstrated by Snapchat's $800 million valuation and AT&T's related patent filing.
InformationWeek (June 27, 2013)

Software Flaw Threatens LG Android Smartphones
Android devices at risk over vulnerability in backup software that can be exploited to provide root access to LG smartphones.
InformationWeek (June 26, 2013)

Phishing Attackers Diversify, Target Facebook Credentials
FBI warns of surge in spear-phishing attacks, says criminals seek more than bank credentials.
InformationWeek (June 26, 2013)

Cybercriminals Expand DDOS Extortion Demands
Free toolkits and outsourced cybercrime services make DDoS attacks popular with Anonymous, criminals, unscrupulous business competitors and anyone with a grudge.
InformationWeek (June 26, 2013)

Senate Bill Seeks Greater NSA Surveillance Oversight
Proposed legislation would require greater monitoring and privacy controls for NSA surveillance programs designed to gather foreign intelligence.
InformationWeek (June 25, 2013)

Anonymous Attacks North Korea, Denies Targeting South
Groups claiming to represent Anonymous launch separate DDoS attacks and defacements against both North and South Korean websites.
InformationWeek (June 25, 2013)

NSA Leaker Snowden On The Run
U.S. files charges against former National Security Agency contractor Edward Snowden, who is seeking asylum in Ecuador. To date, Hong Kong and Moscow have declined to detain him.
InformationWeek (June 24, 2013)

'Aaron's Law' Seeks Hacking Legislation Reform
Following Aaron Swartz's suicide, revamp of Computer Fraud and Abuse Act would restrict federal prosecutions from prosecuting minor "acceptable use" violations.
InformationWeek (June 24, 2013)

Want NSA Attention? Use Encrypted Communications
Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route.
InformationWeek (June 21, 2013)

WikiLeaks Offers Snowden Flight To Iceland
WikiLeaks donations fund charter plane to bring NSA whistleblower Snowden to Iceland in asylum attempt.
InformationWeek (June 21, 2013)

Android App Offers Caller ID, Call Blocking
PrivacyStar bills itself as first app with ability to block calls and texts, add Caller ID and report abusive callers directly to FTC.
InformationWeek (June 20, 2013)

Firefox Advances Do Not Track Technology
Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
InformationWeek (June 20, 2013)

NSA Tests IT Access Control Restrictions
Could two-person access requirements and better automation prevent future leaks?
InformationWeek (June 19, 2013)

What Prism Knows: 8 Metadata Facts
Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.
InformationWeek (June 19, 2013)

FBI Driver's License Photo Searches Raise Privacy Questions
Facial-recognition software advances allow law enforcement and government agencies to match images of unknown suspects with government-issued ID photos.
InformationWeek (June 18, 2013)

CrowdStrike Falcon Traces Attacks Back To Hackers
Startup that encourages playing offense on security launches cloud-based service to help businesses identify adversaries, mitigate attacks and pursue responses.
InformationWeek (June 18, 2013)

Apple, Facebook, Microsoft Detail Surveillance Requests
Newly published information details the total number of government surveillance requests received; Google abstains, citing "a step back for users."
InformationWeek (June 17, 2013)

Thumb Drive Security: Snowden 1, NSA 0
Thumb drives helped NSA whistle-blower Edward Snowden transport top-secret data from the agency. If the NSA can't keep a lid on thumb drives, can you?
InformationWeek (June 14, 2013)

Bug Data Buys Businesses Intel From U.S. Government
Thousands of businesses are reportedly exchanging information with the government on zero-day vulnerabilities and online threats in return for classified intelligence.
InformationWeek (June 14, 2013)

LulzSec Hacker Ryan Cleary To Be Released
Release comes despite being convicted of possessing child porn images and serving only a portion of his sentence, leading hackers to suggest he's working with authorities.
InformationWeek (June 13, 2013)

Snowden Says U.S. Hacking Chinese Civilians Since 2009
NSA whistle-blower says U.S. spies on people using computers at Hong Kong's Chinese University, as well as government officials and businesses in mainland China.
InformationWeek (June 13, 2013)

7 Tips To Avoid NSA Digital Dragnet
These apps will keep your cell phone calls under wraps -- if the NSA hasn't already found a way to break them.
InformationWeek (June 12, 2013)

NSA Prism Whistleblower Snowden Deserves A Medal
Without Snowden's leaks, we wouldn't be pursuing rational, democratic debates on the government's post-Sept. 11 balance between security and civil liberties.
InformationWeek (June 12, 2013)

NSA Prism: Patriot Act Author Questions Scope
White House says NSA's surveillance programs implement FISA and the Patriot Act -- but Patriot Act author is not so sure. Meanwhile, privacy groups turn up the heat.
InformationWeek (June 11, 2013)

9 Facts About NSA Prism Whistleblower
Here's what we know about Edward J. Snowden, the NSA contractor last seen in Hong Kong -- and why the Bradley Manning case could affect Snowden's fate.
InformationWeek (June 11, 2013)

NSA Prism Relies Heavily On IT Contractors
NSA whistleblower Snowden likely enjoyed access to Prism program details as a contracted NSA IT administrator. Systems administrators remain an important link in your security chain.
InformationWeek (June 11, 2013)

U.S.-Chinese Summit: 4 Information Security Takeaways
What did the summit accomplish with regard to cyber spying and cyber attacks -- and what's left undone?
InformationWeek (June 11, 2013)

NSA Prism: Inside The Modern Surveillance State
The government's approach seems to be: "Collect first, ask questions later."
InformationWeek (June 10, 2013)

Android Trojan Looks, Acts Like Windows Malware
Android Trojan "Odad.a" rivals Windows malware in the harm it can do to mobile device users, say experts.
InformationWeek (June 07, 2013)

NSA PRISM Creates Stir, But Appears Legal
Massive information-sharing program involves Google, Facebook and other technology heavyweights, top secret document details. But NSA looks to have acted inside the law.
InformationWeek (June 07, 2013)

China To America: You Hack Us, Too
Difference is China doesn't point fingers, says head of China's computer emergency response team, even though it has "mountains" of evidence that U.S. snoops.
InformationWeek (June 06, 2013)

Police Bust $200 Million Data Theft Ring
U.S., British and Vietnamese authorities accuse men of selling 1.1 million stolen credit cards via Gmail and Facebook accounts.
InformationWeek (June 06, 2013)

Microsoft, FBI Trumpet Citadel Botnet Takedowns
Joint operation is first in which law enforcement and private sector use civil seizure warrant to disrupt massive malware attack.
InformationWeek (June 06, 2013)

Zeus Bank Malware Surges On Facebook
Old threat makes a comeback, targeting Facebook users' bank credentials and more.
InformationWeek (June 05, 2013)

Mistakes Approach Malice As Data Breach Cause
Malicious attacks are the leading cause of data breaches, but employee and contractor errors are a growing reason, study finds.
InformationWeek (June 05, 2013)

Anonymous Targets Turkish Government Websites
Hacktivists launch #OpTurkey DDoS campaign to support protests against government of Turkish prime minister Tayyip Erdogan.
InformationWeek (June 04, 2013)

Liberty Reserve Fallout: How Will Cybercrime Move Money?
Criminals can move dirty money using digital currency, MoneyPak vouchers, even gold. But it's getting tougher to disguise money trails.
InformationWeek (June 04, 2013)

LinkedIn, Evernote Add Two-Factor Authentication
Will LinkedIn and Evernote improve upon Apple and Twitter two-factor security systems, which have been widely criticized?
InformationWeek (June 04, 2013)

Oracle Promises Enterprise Java Security Tweaks
Critics say Oracle hasn't done enough to address ongoing security and code quality problems in the Java browser plug-in.
InformationWeek (June 03, 2013)

May 2013

HootSuite Fights Social Media Account Takeovers
HootSuite Security Services audits social assets, monitors for unusual Twitter account activity and offers crisis plans in the event of account takeovers.
InformationWeek (May 30, 2013)

Anonymous Hacker Jeremy Hammond Pleads Guilty
Hammond faces up to 10 years in prison and $2.5 million restitution for Stratfor, law enforcement hacks committed under the banners of Anonymous, AntiSec and LulzSec.
InformationWeek (May 29, 2013)

Liberty Reserve Laundered $6 Billion, Say Feds
Executives at money-transfer business Liberty Reserve charged with running "bank of choice for the criminal underworld."
InformationWeek (May 28, 2013)

PC Lockdowns Eyed As IP Theft Tool
Controversial proposal says businesses should be allowed to lock down PCs they suspect contain stolen information. Privacy expert warns of fraud risk.
InformationWeek (May 28, 2013)

Chinese Hackers Stole U.S. Military Secrets
"Cyber exploitation" campaign obtained information relating to 29 weapon systems and 21 areas of cutting-edge research.
InformationWeek (May 28, 2013)

Twitter's Two-Factor Authentication: 5 Reasons To Avoid
Two-step verification system has no provision for backup access or lost phones, doesn't address public username problem.
InformationWeek (May 28, 2013)

Google Researcher Reveals Zero-Day Windows Bug
Bug hunter criticizes Microsoft's "great hostility" to outside security researchers, releases proof-of-concept exploit for unpatched zero-day Windows vulnerability,
InformationWeek (May 24, 2013)

Strike Back If China Steals IP, Companies Told
Bipartisan report argues that businesses should be allowed to retrieve stolen intellectual property from attackers' networks.
InformationWeek (May 23, 2013)

Twitter Two-Factor Security Combats Takeovers
Authentication measure comes in wake of Syrian Electronic Army account hacks, further security steps coming.
InformationWeek (May 23, 2013)

Dropbox Adopts Single Sign-On Technology
Dropbox says any off-the-shelf or homegrown identity management system that's compatible with the Security Assertion Markup Language (SAML) standard can be configured to automatically sign users into its service.
InformationWeek (May 22, 2013)

FBI Arrests NYPD Detective On Hacking Charges
Detective accused of hiring hackers to obtain webmail access credentials for 30 targets, accessing federal crime-information database without authorization.
InformationWeek (May 22, 2013)

Google Aurora Hack Was Chinese Counterespionage Operation
Attackers were after U.S. government surveillance requests for undercover Chinese operatives, say former government officials.
InformationWeek (May 21, 2013)

Anonymous Threatens Gitmo, U.S. Locks Down Wi-Fi
Guantanamo Bay Naval Base authorities turn off Wi-Fi and social media after Anonymous threatened to shut them down.
InformationWeek (May 21, 2013)

APT Attacks Trace To India, Researcher Says
Multi-year hacking campaign targeted mining companies, legal firms, Pakistan, Angolan dissidents and others in Pakistan, the U.S., Iran, China and Germany.
InformationWeek (May 21, 2013)

Yahoo Japan Data Breach: 22M Accounts Exposed
Yahoo breach could have compromised 10% of all Yahoo user credentials. Meanwhile, Syrian Electronic Army targets The Financial Times.
InformationWeek (May 20, 2013)

How Password Strength Meters Can Improve Security
Color-coded password-strength meters nudge users to improve the strength of their important passwords, but have little effect on unimportant ones, researchers say.
InformationWeek (May 20, 2013)

Who Is Syrian Electronic Army: 9 Facts
Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
InformationWeek (May 17, 2013)

Smartphone Theft: What Is Best Defense?
While mobile network operators are creating a global database to track stolen smartphones, some police say that's not enough. New York's Attorney General wants more from smartphone makers.
InformationWeek (May 17, 2013)

LulzSec Hackers Sentenced In London
Group's 50-day hacking spree compromised websites run by Sony, CIA, Arizona State Police, Westboro Baptist Church and more.
InformationWeek (May 16, 2013)

DHS Eyes Sharing Zero-Day Intelligence With Businesses
DHS proposal would give private businesses access to the government's stockpile of zero-day secrets for a fee. But some say the program may actually fuel the bug vulnerability marketplace.
InformationWeek (May 16, 2013)

LulzSec Hacker 'Pirates' Face Sentencing
Four members of Anonymous spinoff faced sentencing Wednesday for leaking data and launching distributed denial of service attacks against Sony, the Pentagon and other major sites.
InformationWeek (May 15, 2013)

FBI Briefs Bank Executives On DDoS Attack Campaign
FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites.
InformationWeek (May 14, 2013)

Apple iPhone Decryption Backlog Stymies Police
Apple's waiting list to bypass security controls on latest-generation iPhone and iPad devices means months-long delays for law enforcement investigators.
InformationWeek (May 14, 2013)

Microsoft Tech Support Scams: Why They Thrive
Readers detail "frozen DNS Trojan" cold calls and "repairs" that lead to $882 in unauthorized wire transfers.
InformationWeek (May 13, 2013)

Huawei CEO Dismisses Security, Spying Concerns
Company founder denies that Huawei employees would ever be forced to spy for China.
InformationWeek (May 10, 2013)

Washington State Courts Reveal Security Breach
State officials don't know when attackers accessed up to 160,000 Social Security and 1 million driver's license numbers stored in unencrypted format.
InformationWeek (May 10, 2013)

McAfee, AV's King Of Crazy, Resurfaces
Antivirus pioneer and former fugitive from justice in Belize John McAfee shares more about his code-slinging and drug-smuggling past.
InformationWeek (May 09, 2013)

How Syrian Electronic Army Unpeeled The Onion
Satire site The Onion details multi-pronged Twitter account takeover strategies used by hacktivists.
InformationWeek (May 09, 2013)

Nginx Patches Critical Web Server Software Vulnerability
Meanwhile, hackers behind Cdorked malware that targets Apache servers now have extended it to infect open-source Nginx and Lighttpd server software.
InformationWeek (May 08, 2013)

Syria Back Online After Internet Blackout
All Internet traffic from the war-torn country -- via overland and submarine connections -- went offline Tuesday.
InformationWeek (May 08, 2013)

Anonymous OpUSA Hackathon: Mostly Bluster
DHS predicts Tuesday's hackathon will involve little more than nuisance exploits. Meanwhile, Syrian Electronic Army hacks Twitter feeds of satire site The Onion.
InformationWeek (May 07, 2013)

Sweet Password Security Strategy: Honeywords
To improve detection of database breaches, businesses should store multiple fake passwords and monitor attempts to use them, according to researchers at security firm RSA.
InformationWeek (May 07, 2013)

China Tied To 3-Year Hack Of Defense Contractor
U.S. defense contractor QinetiQ ignored persistent attack warning signs, lost terabytes of secret information, say investigators.
InformationWeek (May 02, 2013)

Twitter To News Outlets: More Takeovers Ahead
Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more?
InformationWeek (May 02, 2013)

FBI Seeks Real-Time Facebook, Google Wiretaps
Government proposal would expand wiretap laws to cover not just service providers, but also the likes of Facebook and Google, backed by escalating fines for noncompliance.
InformationWeek (May 01, 2013)

U.S. Labor Dept. Website Hacked, Serves Malware
Attack bears strong similarities to previous campaigns executed by Chinese APT attack group "DeepPanda," reports security expert.
InformationWeek (May 01, 2013)

April 2013

Darkleech Apache Attacks Intensify
Security researchers discover hard-to-detect, memory-resident Linux malware compromising Apache servers and redirecting browsers to other infected sites.
InformationWeek (April 30, 2013)

D-Link Camera Security Flaw: Upgrade Now
16 vulnerable D-Link IP camera models have password issue that provides a back door, so attackers could intercept live video feed. Get the firmware update.
InformationWeek (April 30, 2013)

Spamhaus DDoS Suspect Arrested
Cyberbunker leader traveled Spain in a van, accessed Wi-Fi hotspots to launch DDoS attacks against anti-spam opponents, Dutch authorities allege.
InformationWeek (April 29, 2013)

Syrian Hacktivists Hit Guardian Twitter Feeds
Pro-Assad hacktivist group takes over 11 Twitter feeds belonging to British news group, decries "lies and slander about Syria."
InformationWeek (April 29, 2013)

Email Without A Warrant? Senators Not Sold
Update to 1986 Electronic Communications Privacy Act would require police to demonstrate probable cause before accessing someone's email or stored cloud data.
InformationWeek (April 26, 2013)

Twitter Two-Factor Authentication: Too Little, Too Late?
Two-factor authentication is a good step. But for securing many sites, Twitter included, it's not enough.
InformationWeek (April 26, 2013)

Anonymous Australia Disavows Self-Proclaimed LulzSec Leader
Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.
InformationWeek (April 26, 2013)

California Proposes 'Do Not Track' Honesty Checker
After DNT standards development stalls, legislators and advertisers seek new path forward on browser privacy.
InformationWeek (April 25, 2013)

AP Twitter Hack: Lessons Learned
The bad news: beefing up password info won't save businesses from Twitter account takeover attacks.
InformationWeek (April 25, 2013)

Java Flaw Targeted By Crimeware Toolkit: Patch Now
Don't wait on this update, Java 7 users. Exploit uses bug, patched by Oracle last week, to execute arbitrary code.
InformationWeek (April 24, 2013)

Twitter Preps Two Factor Authentication After AP Hoax
Security move follows a rash of high-profile account takeovers, including a hoax tweet from the Associated Press' account about White House explosions.
InformationWeek (April 24, 2013)

Cyber Strikes Like Nuclear Bombs, Says Chinese General
Chinese official calls for better Internet security, denies reports that China-affiliated attackers are targeting Western competitors.
InformationWeek (April 23, 2013)

Twitter Battles Syrian Hackers
Hacking group Syrian Electronic Army seizes CBS Twitter accounts and publishes links to websites that infect visitors with malware.
InformationWeek (April 23, 2013)

Chinese Hackers Seek Drone Secrets
"Comment Crew" gang that fanned fears of Chinese hacking launches malware that combs for drone technology information.
InformationWeek (April 22, 2013)

Oracle Bug Hunter Spots Java 7 Server Flaw
Server Java Runtime Environment vulnerability can be used to escape sandbox and execute code, says Polish security expert.
InformationWeek (April 22, 2013)

Android Smartphone Sellers Should Patch, Refund Or Perish
FTC should crack down on wireless carriers and smartphone manufacturers that put their customers at risk by failing to update Android devices.
InformationWeek (April 22, 2013)

Oracle Delays Java 8 To Improve Java 7 Security
Oracle's Java platform lead architect argues that security resources should continue to be devoted to securing Java 7.
InformationWeek (April 18, 2013)

Java 7 Malicious App Warning System Draws Criticism
Java runtime environment fails to verify that digital certificates used to sign "trusted" applications haven't been revoked.
InformationWeek (April 18, 2013)

Malware Attackers Exploit Boston Marathon Bombing
Now, 40% of all spam on the Internet name-drops the tragedy to trick users into executing malicious files or visiting sites that launch drive-by attacks.
InformationWeek (April 18, 2013)

ACLU Seeks Carrier Smackdown Over Android Updates
ACLU urges FTC to let consumers return carrier-supplied Android devices for full refund or exchange within two years if they don't get regular security updates.
InformationWeek (April 17, 2013)

DDoS Attack Bandwidth Jumps 718%
Distributed denial-of-service study finds increase in attack quantity and severity, while most attacks continue to originate from China.
InformationWeek (April 17, 2013)

Oracle Preps Massive Java Bug Fix
Java updates set to fix 42 bugs -- 39 of them exploitable vulnerabilities -- and Java 7 gets interface changes to flag suspect Java apps.
InformationWeek (April 16, 2013)

Anonymous Takes Down North Korean Websites
Hacktivists knock five North Korean websites offline on the 101st anniversary of North Korea's founding.
InformationWeek (April 16, 2013)

Wireless Camera Flaws Allow Remote Exploitation
Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.
InformationWeek (April 16, 2013)

CISPA 2.0: House Intelligence Committee Fumbles Privacy Again
Cybersecurity bill's backers portray threat intelligence sharing as a panacea, but yet again ignore the potential privacy and security downsides.
InformationWeek (April 16, 2013)

WordPress Hackers Exploit Username 'Admin'
Thousands of WordPress sites with accounts that use the common default username 'admin' have been hacked. One theory: the creation of a large WordPress botnet.
InformationWeek (April 15, 2013)

FAA Dismisses Android App Airplane Takeover
Demonstrated training software exploits don't work against the flight management systems installed in planes, say airline regulators and avionics manufacturers.
InformationWeek (April 12, 2013)

Anonymous-Linked Hacker Claims North Korea Win
Botmaster "The Jester," whose DDoS attacks have targeted Westboro Baptist Church, PayPal and Mastercard, calls "tango down" on Pyongyang's new, third Internet connection.
InformationWeek (April 12, 2013)

Airplane Takeover Demonstrated Via Android App
Software hack allows security researcher to take control of aircraft navigation and other systems; avionics manufacturers emphasize that the presentation exploited training software.
(April 11, 2013)

How South Korea Traced Hacker To Pyongyang
Apparent mistake exposed the March bank hacker's IP address, which investigators traced to a North Korean address.
InformationWeek (April 11, 2013)

North Korea Behind Bank Malware, South Korea Says
Evidence ties North Korean cyber-espionage unit to two waves of attacks on banks and broadcasters, South Korean officials say.
InformationWeek (April 10, 2013)

LulzSec Hackers Plead Guilty To CIA, Sony Attacks
Three men admit in London courtroom they launched distributed denial of service attacks and defacements that targeted a variety of websites.
InformationWeek (April 10, 2013)

South Korea Charges Alleged Hackers
South Korean government accuses two men of working with North Korean hackers to steal personal data relating to 140 million South Koreans.
InformationWeek (April 09, 2013)

Microsoft Windows 8 Security Software Lacks Teeth
Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.
InformationWeek (April 09, 2013)

California Weighs Tough Rules For Data Brokers
Right To Know Act would allow state residents to see full reports from any website, mobile app or data broker who collects personal data about them.
InformationWeek (April 08, 2013)

Anonymous Claims 100,000 Israel Site Disruptions
But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.
InformationWeek (April 08, 2013)

Alleged Carberp Botnet Ringleader Busted
Joint Ukrainian and Russian operation busts alleged Carberp boss and about 20 developers of malware-driven botnet that stole millions of dollars.
InformationWeek (April 05, 2013)

Anonymous Seizes North Korean Twitter, Flickr Feeds
Breach follows joint DDoS attack with botmaster The Jester in retaliation for North Korea's declaration of war against South Korea.
InformationWeek (April 05, 2013)

Laws Can't Save Banks From DDoS Attacks
A threat information-sharing bill wouldn't do much to help banks defend themselves against distributed denial of services (DDoS) attacks.
InformationWeek (April 05, 2013)

Banks Hit Downtime Milestone In DDoS Attacks
Top 15 U.S. banks have experienced double the downtime from same period last year. Lawmakers demand passage of a cyber threat intelligence sharing bill.
InformationWeek (April 04, 2013)

Exposed Website Reboots, Reveals Celeb Credit Reports
Personal data on U.S. Secret Service director, Anderson Cooper, George Clooney and other public figures released by Exposed website, famous for leaking data on Michelle Obama.
InformationWeek (April 04, 2013)

Robocall Killers Seek End Of Nuisance Calls
FTC contest winners have new ideas on to how to identify and block illegal spam calls to landlines and cellphones.
InformationWeek (April 03, 2013)

Darkleech Attacks Hit 20,000 Websites
Malicious Apache modules, installed after root-level server compromises, are serving hard-to-detect real-time malware attacks against Windows users.
InformationWeek (April 03, 2013)

Google Play Hit By One Click Billing Fraud
More than 200 Android apps have been designed to trick people into parting with up to $1,000 for adult content, warns Symantec.
InformationWeek (April 02, 2013)

Anonymous Hits North Korea Via DDoS
Hacktivists disrupt government and airline websites after North Korean government threatens to restart nuclear reactor, invade South Korea.
InformationWeek (April 02, 2013)

March 2013

Spamhaus DDoS Attacks: What Business Should Learn
What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans.
InformationWeek (March 29, 2013)

DDoS Attack Doesn't Spell Internet Doom: 7 Facts
Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts.
InformationWeek (March 28, 2013)

DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
InformationWeek (March 28, 2013)

Tougher Computer Crime Penalties Sought By U.S. Legislators
Draft version of Computer Fraud and Abuse Act includes amendments largely recycled from 2011 DOJ proposals -- and running counter to leading legal experts' demands to narrow anti-hacking laws, critics say.
InformationWeek (March 27, 2013)

Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions
Muslim hacktivists continue third wave of takedowns, submit invoice protesting "Innocence of Muslims" video that mocks founder of Islam.
InformationWeek (March 27, 2013)

Malware Developers Hijack Chromium Framework
Google Chromium project responds by switching to another download site and promising to put new techniques in place to block automated downloads.
InformationWeek (March 26, 2013)

Android Malware Infects Activists' Phones
Targeted, data-stealing attack launched via Tibetan activist's email account leads to Chinese server in Los Angeles, says Kaspersky Lab.
InformationWeek (March 26, 2013)

How South Korean Bank Malware Spread
Attackers used stolen usernames and passwords for legitimate AhnLab Patch Manager accounts, set wiper software for staggered deletes to maximize damage.
InformationWeek (March 25, 2013)

Apple Patches Password Reset Vulnerability
Bug wouldn't have been blocked by Apple's new two-factor iTunes authentication due to system's three-day waiting period.
InformationWeek (March 25, 2013)

Unpatched Remote Access Tools: Your Gift To Attackers
Three-year old "TeamSpy" espionage campaign should be a wake-up call. Lock down your remote-access tools, or else.
InformationWeek (March 25, 2013)

Who Owns Application Security, Patching In Your Business?
Too many organizations lack a formal security plan, leaving applications vulnerable to exploits, warns SANS Institute.
InformationWeek (March 22, 2013)

South Korea Changes Story On Bank Hacks
South Korean officials now say there's no evidence that the attack against banks and television stations was launched from a Chinese IP address.
InformationWeek (March 22, 2013)

Hackers Eavesdrop Using Legitimate Remote Control Software
For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe.
InformationWeek (March 22, 2013)

South Korea Bank Hacks: 7 Key Facts
Data-wiping attacks on Windows and Linux computers may have just focused on random targets to cause chaos, security researchers say.
InformationWeek (March 21, 2013)

Cisco Password Fumble: Hardware Security At Risk
Password implementation error results in easy-to-crack Type 4 passwords in latest versions of IOS and IOS XE operating systems that run Cisco's switches and routers.
InformationWeek (March 20, 2013)

South Korean Banks Lose Data In Malware Attack
Computer networks at banks and television stations in South Korea froze after targeted malware deleted data from numerous PCs. Was North Korea involved?
InformationWeek (March 20, 2013)

Beware Smartphone Lurkers: Cloud Storage File Remnants
Security investigators recovered Box, Dropbox and SugarSync files and unique file IDs, via forensic dump of iPhone and Android smartphone memory.
InformationWeek (March 20, 2013)

Anonymous DDoS Attack Report Bogus, Spamhaus Says
Anti-spam service says Russian malware gang launched attack, claims Anonymous accusation was the work of a man listed in its spammer directory.
InformationWeek (March 19, 2013)

HTTPS Security Encryption Flaws Found
Security researchers find weaknesses that could be exploited to crack some types of encrypted Web communications.
InformationWeek (March 19, 2013)

Anonymous Investigators Probe Reuters Reporter, Sabu
Feds indict Reuters social media editor for allegedly helping hacktivist group Anonymous -- and LulzSec leader Sabu -- deface the Los Angeles Times website.
InformationWeek (March 18, 2013)

Celeb Data Breach Traced To Credit Reporting Site
Tiger Woods and Mitt Romney are latest to see personal financial details published; credit agencies confirm hackers took data from AnnualCreditReport.com.
InformationWeek (March 14, 2013)

Microsoft Patches For USB Key Vulnerability
Driver bug would allow anyone with physical access to compromise a PC by using exploit code loaded onto a USB storage device.
InformationWeek (March 13, 2013)

iPhone, iPad Configuration Files Security Hole Shown
Mobile configuration files used by carriers could be repurposed to steal data and remotely control an iPhone or iPad, security firm warns.
InformationWeek (March 13, 2013)

Hackers Appear To Target Michelle Obama, FBI Director
Michelle Obama is among several public figures whose personal information appeared to be published via a website with a Soviet Union registration; some watchers see signs of hoax.
InformationWeek (March 12, 2013)

China Hack Attacks: Play Offense Or Defense?
The Chinese government has been blamed for launching cyber-espionage APT attacks against U.S. businesses. In this debate, two security experts examine how business should respond.
InformationWeek (March 12, 2013)

Google Preps $7 Million "Wi-Spy" Case Settlement
Google reportedly will settle with 30 states over its controversial Street View Wi-Fi hotspot sniffing program that was undertaken by a "rogue engineer."
InformationWeek (March 12, 2013)

Apple Ups Security For App Store
Apple begins using secure Web pages -- HTTPS -- for all App Store communications, to protect against password theft and other potential problems.
InformationWeek (March 11, 2013)

9 Must-Know Java Security Facts
More than half of all Java users are still using Java 6, which Oracle officially retired last month. Is it time for a consumer recall?
InformationWeek (March 09, 2013)

Pwn2Own Prizes Exceed $500K For Exploits
Only Google Chrome OS withstands attack in annual hacking contest as Flash, Java and every major browser are exploited.
InformationWeek (March 08, 2013)

Cell Phone Spam Doesn't Pay, FTC Says
FTC has filed 8 civil lawsuits against cell phone spammers, accusing them of promoting award scams.
InformationWeek (March 08, 2013)

Password Police Cite Evernote Mistakes
Evernote used the wrong security method to store passwords, cryptography experts say. Unfortunately, it's a common error.
InformationWeek (March 08, 2013)

Java, Browsers, Windows Security Defeated At Pwn2Own
How secure are the latest versions of Chrome, Firefox and IE10? All were successfully exploited on the first day of the annual Pwn2Own contest.
InformationWeek (March 07, 2013)

Bank Attackers Restart Operation Ababil DDoS Disruptions
Some customers report difficulty accessing banking sites, but officials said DDoS defenses and service provider blocks may be partly to blame.
InformationWeek (March 06, 2013)

EU Fines Microsoft $732 Million In Browser Brawl
Microsoft stopped offering browser-choice screen to European Windows consumers, in violation of 2009 agreement with antitrust regulators.
InformationWeek (March 06, 2013)

Java Emergency Patch Slaps McRAT Infections
Oracle patches two more zero-day bugs in Java 6 and Java 7. But security researcher spots new vulnerabilities in Java 7.
InformationWeek (March 05, 2013)

Evernote: We're Adding Two-Factor Authentication
After data breach and wide password reset, Evernote accelerates plans to offer additional security to users.
InformationWeek (March 05, 2013)

Kim Dotcom Plans Mega IPO
MegaUpload founder, still sought for extradition by the U.S. government, hires CFO to help float his new cloud storage service.
InformationWeek (March 04, 2013)

Evernote Breach: 7 Security Lessons
Both cloud service providers and users should heed the security takeaways from Evernote's breach and response.
InformationWeek (March 04, 2013)

Kill Passwords: Hassle-Free Substitute Wanted
Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe.
InformationWeek (March 04, 2013)

Anonymous Launches Operation Wall Street, Targets CEOs
Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives.
InformationWeek (March 01, 2013)

Zero Day Java Vulnerability Allows McRat Trojan Infections
Security experts urge users of latest versions of Java 6 and 7 to disable Java in their browsers until Oracle releases a patch.
InformationWeek (March 01, 2013)

Security Tools Show Many Dots, Few Patterns
Today's security software wastes valuable time by delivering data dumps, rather than focusing on trends. But you can create your own visualizations.
InformationWeek (March 01, 2013)

February 2013

China Targets U.S. In Hacking Blame Game
Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S.
InformationWeek (February 28, 2013)

MiniDuke Espionage Malware Uses Twitter To Infect PCs
Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files.
InformationWeek (February 28, 2013)

Anonymous: 10 Things We've Learned In 2013
The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings.
InformationWeek (February 28, 2013)

Flash Patch, Take Three: Adobe Issues New Fix
With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month.
InformationWeek (February 27, 2013)

HP Launches Big Data Security Products, Threat Research
HP takes steps to bolster threat-intelligence gathering capabilities, better compete on big data security with the likes of IBM, EMC, SAP and startups.
InformationWeek (February 26, 2013)

2 More Java Zero-Day Vulnerabilities Emerge
While Oracle investigates reports that two bugs in Java 7 could allow attackers to remotely bypass the sandbox and compromise a system, security experts reiterate: If you don't need Java, turn it off.
InformationWeek (February 26, 2013)

Microsoft Hacked: Joins Apple, Facebook, Twitter
Microsoft's OS X users compromised by watering-hole attack launched from a third-party iOS development site.
InformationWeek (February 25, 2013)

IT Security Understaffing Worries CISOs
More than two-thirds of execs say current staffing levels pose risks to company safety, according to new study.
InformationWeek (February 25, 2013)

Don't Blame China For Security Hacks, Blame Yourself
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
InformationWeek (February 25, 2013)

Twitter, Tumblr, Pinterest Users Hit In Zendesk Breach
Zendesk, which runs a help desk service and hosts customer service portals, alerts users that hackers accessed email addresses and personal data.
InformationWeek (February 22, 2013)

NBC Websites Hacked To Serve Citadel Financial Malware
RedKit exploit kit launched drive-by malware attacks from NBC websites, targeted vulnerabilities in Java and Adobe Reader.
InformationWeek (February 22, 2013)

Google: We've Stopped Most Gmail Account Hijacking
Google cites 99.7% decrease in Gmail account hijackings since 2011 peak, thanks to risk analysis defenses.
InformationWeek (February 21, 2013)

China Denies U.S. Hacking Accusations: 6 Facts
Mandiant report says that an elite Chinese military hacking unit is responsible for launching APT attacks against U.S. businesses. Chinese government cries foul.
InformationWeek (February 21, 2013)

BK Hack Triggers Twitter Password Smackdown
"Operation Whopper" takeover of Burger King and Jeep Twitter accounts, and spoof hacks by MTV and BET, trigger Twitter's "friendly reminder" to use strong passwords.
InformationWeek (February 21, 2013)

Apple, Facebook Twitter Attacks: 6 Key Facts
FBI investigates how hackers compromised an iOS developer website to exploit Java plug-in vulnerabilities and breach major social networking and technology companies.
InformationWeek (February 20, 2013)

Oracle, Apple Issue Java Security Patches
Oracle updates Java 7 and issues the final-ever public update for Java 6, while Apple releases its own Java 6 update for OS X users.
InformationWeek (February 20, 2013)

Anonymous Takes On State Department, More Banks
Hacktivist group says it will release work email addresses for more than 170 U.S. State Department employees in fifth round of Operation Last Resort attacks.
InformationWeek (February 19, 2013)

Zombie Hackers Exploited Emergency Alert System Security Flaws
FCC has known about security gaps in networked alert systems equipment for more than 10 years. What if next hoax is serious?
InformationWeek (February 15, 2013)

FAA Promises Privacy Standards For Domestic Drones
As law enforcement and civilian use of unmanned aerial drones increases, surveillance fears mount.
InformationWeek (February 15, 2013)

CISPA Cybersecurity Bill, Reborn: 6 Key Facts
House revives controversial cybersecurity information-sharing bill, but can CISPA 2.0 address lingering privacy concerns?
InformationWeek (February 14, 2013)

Adobe Zero-Day Attack Bypasses Sandbox
Adobe fumbles on the security front by not enabling -- by default -- technology built into its PDF Reader and Acrobat that would have blocked the current attacks.
InformationWeek (February 14, 2013)

Xerox Targets Cloud Document Security Worries
Xerox, working with Cisco and McAfee, launches printers and apps designed to securely route documents to Dropbox, Google Apps and other cloud services.
InformationWeek (February 13, 2013)

Adobe Reader, Acrobat Under Attack
Cue the security fatigue: Zero-day attacks target Adobe Reader and Acrobat, Adobe pushes second Flash patch, Microsoft fixes 57 flaws.
InformationWeek (February 13, 2013)

Flickr Bug Revealed Private Photos To Public
Yahoo-owned Flickr's fix -- resetting permissions on all potentially affected images -- also broke some connections with third-party websites.
(February 12, 2013)

Zombie Alert Hoax: Emergency Broadcast System Hacked
Bodies of the dead are rising from their graves, warns CBS affiliate. News at 10.
InformationWeek (February 12, 2013)

When Security Experts Forget Passwords
What happens when you forget a crucial password? Here's what WhiteHat Security's CTO learned from his experience.
InformationWeek (February 11, 2013)

Adobe Issues Emergency Patch For Flash Player
As attackers actively target new bugs in Flash Player browser plug-in, Adobe issues Windows, Mac, Linux and Android patches.
InformationWeek (February 11, 2013)

Barracuda Issues Security Update, Apologizes To Customers
Security appliance manufacturer apologizes for leaving hardcoded, undocumented accounts in its products.
InformationWeek (February 07, 2013)

Microsoft, Symantec Torpedo Massive Botnet
Tech companies team up to take down Bamital botnet, which generated over $1 million annually via search engine click fraud.
InformationWeek (February 07, 2013)

6 Reasons Hackers Would Want Energy Department Data
In Department of Energy breach, what was driving attackers to steal employee data? Stuxnet revenge is one theory.
InformationWeek (February 06, 2013)

Fed Breach: Attackers Exploited Website Product Vulnerability
Federal Reserve confirms breach of database with banking executive contact information for use in a natural disaster.
InformationWeek (February 06, 2013)

Hacking, Privacy Laws: Time To Reboot
Recent cases highlight serious flaws in current privacy and cyber abuse legislation, allowing prosecutors to wield a hammer when a stick will do.
InformationWeek (February 06, 2013)

Anonymous Claims Wall Street Data Dump
Hacktivist group publishes 4,000 passwords as part of Operation Last Resort campaign seeking revenge for the treatment of Internet activist Aaron Swartz.
InformationWeek (February 06, 2013)

Department Of Energy Confirms Data Breach
Attackers targeted employees' personal data, rather than top secret energy or nuclear information, investigators say.
InformationWeek (February 05, 2013)

Twitter Pursues Two-Factor Authentication After Password Breach
Live attack compromised up to 250,000 accounts, leading Twitter to reset affected users' passwords.
InformationWeek (February 04, 2013)

Oracle Issues Emergency Java Security Update
Oracle's Java update addresses 50 bugs, including flaws that can be used to remotely compromise a desktop or server.
InformationWeek (February 04, 2013)

The Dreaded Captcha: Beginning Of The End?
Ticketmaster dumps reviled security technology that forces users to decipher distorted words. Will it spark a trend?
InformationWeek (February 01, 2013)

January 2013

NYT, WSJ Hacks Scrutinized By Security Community
China is again being blamed, but security experts criticize the lack of evidence, call on the media outlets to release full details of the attacks.
InformationWeek (February 01, 2013)

Mega Repeat: Search Engine Mimics Dotcom's MegaUpload
Crowdsourced MegaSearch site indexes all files on Mega, allowing users to share uploaded, encrypted content.
InformationWeek (January 31, 2013)

Did Chinese Hackers Hit NY Times?
Some evidence suggests Chinese involvement in recent attack onThe New York Times. Meanwhile, Symantec goes into damage-control mode over failure to block hackers.
InformationWeek (January 31, 2013)

Firefox Moves To Block Java, Silverlight, Adobe Reader
Mozilla's "click to play" move will block all plug-ins from executing without explicit user authorization.
InformationWeek (January 31, 2013)

Want Stronger Passwords? Try Bad Grammar
Beware passwords built using too many pronouns or verbs, Carnegie Mellon security researchers say. String together nouns instead.
InformationWeek (January 30, 2013)

FBI Busts Alleged Skype 'Sextortionist'
Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.
InformationWeek (January 30, 2013)

Bank DDoS Attackers Claim Victory Regarding Film
One copy of widely viewed film that attacks the founder of Islam has been excised from YouTube. But who removed it, and will all copies be pulled?
InformationWeek (January 29, 2013)

Unplug Universal Plug And Play: Security Warning
Tens of millions of devices with UPnP are remotely exploitable, warns Metasploit creator. New tool detects vulnerable devices, which include 6,900 different product versions spanning 1,500 vendors.
InformationWeek (January 29, 2013)

Java Security Work Remains, Bug Hunter Says
Proof-of-concept attack can be used to run arbitrary Java apps, despite Oracle's recent security fix.
InformationWeek (January 29, 2013)

HP Disputes Printer Security Vulnerabilities
Weaknesses in printer networking software could be used to bypass authentication, deny service and retrieve documents from any user, Spanish researcher says.
InformationWeek (January 29, 2013)

Anonymous Plays Games With U.S. Sites
Protesting over death of Internet activist Aaron Swartz, Anonymous defaces U.S. government websites to hide a free game of Asteroids.
InformationWeek (January 28, 2013)

Anonymous DDoS Attackers In Britain Sentenced
Two men receive jail time for botnet attacks on PayPal, MasterCard, Visa and the British ant-piracy lobby as part of Operation Payback.
InformationWeek (January 25, 2013)

Barracuda Security Equipment Contains Hardcoded Backdoors
Multiple appliances sold by Barracuda contain undocumented usernames and passwords, as well as SSH access functionality, which an attacker could use to gain shell-level access to devices.
InformationWeek (January 24, 2013)

China Accused Of Java, IE Zero Day Attacks
Human rights groups have been victims of "watering hole" attacks using recently discovered -- and patched -- flaws in Java and Internet Explorer, security researcher says.
InformationWeek (January 24, 2013)

Security Flaws Leave Networked Printers Open To Attack
Attackers can exploit HP JetDirect software, used by numerous printer manufacturers, to disable printers, evade physical security checks or recover printed documents.
InformationWeek (January 23, 2013)

'Mega' Insecure: Kim Dotcom Defends Rebooted Megaupload Security
Proof-of-concept attack against site's encryption leads to questions over its actual security and privacy protections.
InformationWeek (January 23, 2013)

Virut Malware Botnet Torpedoed By Security Researchers
Spamhaus group scuttles command and control systems for Russian botnet controlling an estimated 300,000 zombie PCs per day.
InformationWeek (January 22, 2013)

Java Hacker Uncovers Two Flaws In Latest Update
Expert Java bug hunter says Oracle's latest Java 7 update, released last week, has two sandbox-bypass bugs.
InformationWeek (January 22, 2013)

Uncertain State Of Cyber War
Just what does "cyber warfare" mean? We're still figuring out tactics and capabilities.
InformationWeek (January 21, 2013)

Operation Red October Attackers Wielded Spear Phishing
Advanced, malware-driven espionage network employed over 1,000 modules and tools customized for just hundreds of targets, finds Kaspersky analysis.
InformationWeek (January 18, 2013)

Java Security 'Fix' Is Disguised Malware Attack
Security researchers spot malware masquerading as a Java security update. Users urged to download Java updates directly from Oracle.
InformationWeek (January 18, 2013)

Java Security Warnings: Cut Through The Confusion
Recent warnings to deactivate Java are raising additional questions: What about JavaScript, EJB, JavaFX, Android and any other use of the programming language?
InformationWeek (January 18, 2013)

TV-Monitoring Patent Prompts Privacy Worries
Could a television soon monitor your every move and conversation?
IAPP (January 17, 2013)

OKCupid Blind Date App: Beware Privacy Flub
OKCupid.com smartphone app promised safe blind date arrangement, but API failed to hide sensitive information about users.
InformationWeek (January 17, 2013)

Hacking Law Critics Demand Change After Swartz Suicide
Proposed legislation seeks to end felony charges related to 'unauthorized access,' but legal experts say bigger fixes are needed.
InformationWeek (January 17, 2013)

McAfee's Escape From Belize Turns Movie
Tale of eccentric antivirus founder John McAfee's escape to Guatemala and Miami set to be adapted by the team behind Crazy, Stupid, Love.
InformationWeek (January 16, 2013)

Another Java Zero-Day Vulnerability Hits Black Market
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
InformationWeek (January 16, 2013)

10 Facts: Secure Java For Business Use
Businesses that rely on Java must now take additional steps to keep employees safe. Here's where to start.
InformationWeek (January 15, 2013)

Red October Espionage Network Rivals Flame
Newly discovered espionage malware infrastructure largely targets organizations in Eastern Europe and Asia.
InformationWeek (January 14, 2013)

Oracle Fixes Zero Day Java Flaws: Patch Now
Java 7 update, released Sunday, fixes bugs widely targeted by crimeware toolkits. Other critical bug updates coming later this week from Oracle and Microsoft.
InformationWeek (January 14, 2013)

Anonymous Says DDoS Attacks Like Free Speech
Hacktivist collective Anonymous petitions the White House to make DDoS attacks part of First Amendment protections. Shutdown attacks are akin to Occupy protests, group argues.
InformationWeek (January 11, 2013)

Java Under Attack Again, Disable Now
Java zero-day vulnerability is under attack by at least four active campaigns. Oracle has yet to respond. Here's what to do.
InformationWeek (January 11, 2013)

Bank Attacker Iran Ties Questioned By Security Pros
U.S. government officials continue to blame Iran for launching attacks against U.S. banks, but some information security experts see only circumstantial evidence.
InformationWeek (January 10, 2013)

Apple Targets App Store Bait And Switch Scammers
Apple will lock down app screenshots after approval to stem a spate of sellers hawking fake apps.
InformationWeek (January 10, 2013)

McAfee Takes Belize: Social Engineering Lesson
Eccentric antivirus firm founder John McAfee says he tricked people with spyware -- using free laptops. Social engineering attacks remain cheap, easy and effective.
InformationWeek (January 09, 2013)

Critical Ruby On Rails Issue Threatens 240,000 Websites
Bug allows attackers to execute arbitrary code on any version of Ruby published in the last six years.
InformationWeek (January 09, 2013)

U.S. Bank Hack Attack Techniques Identified
Security researchers detail how poorly secured, hosted servers helped launch botnet-based attacks; U.S. government continues to blame Iran.
InformationWeek (January 09, 2013)

Blackhole Botnet Creator Buys Up Zero Day Exploits
Crimeware toolkit is apparently so successful that creator been given $100,000 to shop for the latest vulnerabilities.
InformationWeek (January 09, 2013)

McAfee Strikes Back: Spyware Sting Targets Belize Government
Antivirus firm founder's story takes another bizarre twist, as he claims to have found connection between Hezbollah extremists and Belizean government officials.
InformationWeek (January 08, 2013)

Next writing archive: 2012

This page last updated: 25-May-2014

Mathew Schwartz