Security

Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.

The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11.jar" that contains two Windows-based executables called "up1.exe" and "up2.exe." When installed the programs open a back door … Read more

You do realize that those nice people in Transport Security Administration uniforms have been examining your naked body, don't you?

You do realize that scanning machines arrived so swiftly in U.S. airports that there wasn't time to write software to preserve what remains of your modesty -- as you hold your hands up in surrender, just so that you can fly to Seattle?

Ah, you didn't.

Well, I bring news of a cover-up.

No, not that sort of cover-up. The TSA has decided that it's had enough of staring at your denuded selves -- perhaps … Read more

Hardly a day goes by that some high-profile person -- along with countless people of lower profile -- has an account hacked. Weak password, stolen password, non-existent password -- whatever the cause, breaking into our digital lives is easy and getting easier.

That's why Google says passwords are no longer the best solution for sensitive accounts. "We contend that security and usability problems are intractable," write Google's Eric Grosse and Mayank Upadhyay, in an article to be published later this month in IEEE Security & Privacy. "It's time to give up on elaborate password … Read more

Proposed legislation in the European Union would force tech companies that have access to user data -- such as Facebook, Google, and Microsoft -- to report any security breaches to local cybersecurity agencies, the Financial Times reported today.

This is the European Commission's effort to make private companies accountable for privacy and security problems, European Commission Vice President Neelie Kroes told the Financial Times.

If passed, the measure would require each of the EU's 27 member states to set up local cybersecurity agencies to implement security standards on online networks. Social networks, e-commerce companies, and large online platforms … Read more

Learning a lesson from the Stuxnet attack, Iran has beefed up its cyber forces and poses a greater threat to the United States.

At least, that was the word of warning from U.S. Air Force General William Shelton yesterday, according to Reuters. Speaking with reporters, Shelton said that the Iranian government has increased its cyber efforts since and as a result of being hit by Stuxnet.

In 2010, the infamous computer worm was unleashed in Iran and other countries. Designed to seize control of power grids and other industrial control systems, Stuxnet infected computers at Iran's Natanz nuclear … Read more

Microsoft isn't too happy with the results of a recent test that found fault with its antivirus software.

For the second time in a row, the company's Security Essentials failed to win certification from AV-Test, a German-based testing lab that evaluates the efficacy of antivirus products. Out of 25 programs tested, only three failed to gain AV-Test's thumb's up for certification.

Microsoft's Forefront Endpoint Protection, which is geared toward corporate customers, also failed to gain certification.

Microsoft responded to the test via a blog posted yesterday, challenging its findings.

"Our review showed that 0.… Read more

Lately Java has been getting a bit of bad press, thanks to several consecutive security holes that have been exploited by malware developers. One notable occurrence was the Flashback malware threat that affected a number of OS X users, which (though due in part to Apple's negligence about Java upkeep) was rooted in the Java runtime. More recently, Java 7 has seen a new zero-day vulnerability that has been circulating in exploit kits.

In response to these threats, many in the tech community have recommended that people uninstall Java altogether. However, this can be impractical for some, as many … Read more

Updated Thursday, January 17, 2012, at 4:50 p.m. PDT with comment from AV-Test.org.

For the second time in a row, Microsoft Security Essentials has failed to be certified as effective by AV-Test.org, an independent testing lab based in Germany.

The lab publishes test results every two months, and the test from November and December 2012 looked at 25 consumer antivirus security programs. Three failed certification: PC Tools Internet Security 2012, AhnLab Internet Security 8.0, and Microsoft Security Essentials 4.1.

This was the second test in a row in which MSE failed to earn certification. … Read more

Sometimes, there is truth in advertising. Today's case-in-point: Abine's DeleteMe Mobile, which, as the name suggests, vigorously petitions Internet data brokers to remove personally identifying information from their databases.

Previously only available as a Web service, the app debuts on iOS with an Android version in the works. As CNET reported last year, DeleteMe is a partially human-powered service where Abine employees take on the onerous duty of contacting data brokers on your behalf. That's an important step because many of them have been known to add your data again, just months after removing it, according to … Read more