security

Recently, the General Services Administration sent an e-mail alert to users of its System for Award Management (SAM), reporting that a security vulnerability exposed the users' names, taxpayer identification numbers (TINs), marketing partner information numbers, and bank account information to "[r]egistered SAM users with entity administrator rights and delegated entity registration rights."

The notice warned that "[r]egistrants using their Social Security Numbers instead of a TIN for purposes of doing business with the federal government may be at greater risk for potential identity theft." Also provided was a link to a page on the agency's site … Read more

Apple has fixed the security issue involving its Apple ID password-reset page, a vulnerability that had made it possible for hackers with a user's e-mail address and birth date to reset the user's password.

Apple said yesterday that it was aware of the issue and was preparing a fix. Meanwhile, the company had taken the "iForgot" reset page offline for maintenance. Now the page is back up, and Apple has confirmed the fix with CNET.

The security exploit made use of a special URL that got around the need to answer a security question. Apple had … Read more

A new exploit lets anyone who knows your birthday and e-mail address reset your Apple ID password, according to a new report.

The exploit, described by The Verge though not posted publicly, makes use of a special URL that gets around the need for a security question, a security measure Apple put in place on all Apple ID accounts last April.

The reported exploit does not work on accounts with two-step verification enabled, which Apple introduced yesterday, and does away with the security question in favor of sending a four-digit PIN code to a cell phone that needs to be … Read more

An unusual bipartisan revolt has erupted against law enforcement plans to fly more drones equipped with high-tech gear that can be used to conduct surveillance of Americans.

A combination of concerns about privacy, air traffic safety, facial recognition, cell phone tracking -- and even the possibility that in the future drones could be armed -- have suddenly placed police on the defensive.

A public outcry in Seattle last month prompted the mayor to ground the police department's nascent drone program. Oregon held a hearing this week on curbing drones, following one in Idaho last week. And on Tuesday, Rep. … Read more

A bipartisan group of lawmakers has introduced a new bill, known as the Geolocation Privacy and Surveillance Act, to force law enforcement to obtain a warrant to track suspects with GPS devices.

The bill, which was introduced to Congress yesterday, is sponsored by Reps. Jason Chaffetz (R-Utah) and Jim Sensenbrenner (R-Wis.), as well as Sen. Ron Wyden (D-Ore.) and House judiciary committee ranking member Rep. John Conyers (D-Mich.). If passed, it would provide a "legal framework" that provides clear guidelines on when and how GPS devices can be accessed and used.

"New technologies are making it increasingly … Read more

You've got the quality locks, you've seen the how-to-lock videos, and you're very careful about where to leave your bicycle. But is that enough?

Not according to the backers of BikeSpike, a GPS tracking device being promoted on Kickstarter.

If a thief makes off with your ride, the BikeSpike will show its map location on your mobile device or home computer. Police can be given access to the data to help recovery. … Read more

Apple took a big step in helping Apple ID users in securing their accounts this week with offering two-step verification.

Two-step verification (or authentication as it's commonly referred to) adds an additional barrier of security between would-be hackers and your account. The extra barrier comes in the form of a four-digit code, which will be sent to a device of your choosing via the Find My iPhone app or SMS, after you've entered your password.

Step one: To add the extra layer of security to your account you'll need to visit the Apple ID settings page on … Read more

Apple today added an extra layer of security to its Apple ID system that can harden the password people use to log in to various Apple services.

Users with an Apple ID can now sign up for two-step verification of their password, a system that sends a four-digit passcode by text message to a user's phone, and must be used on top of a regular password. In practice, this could keep an account from being compromised by an attacker, unless that person had access to the mobile device too.

The move comes a little less than a year after … Read more

At first glance, it is not immediately apparent what Secure Temple does. The app is created without interface in mind. It lacks clear directions, has multiple unmarked menus, and doesn't even describe what the function of the app is supposed to be (unless you read the description in the App Store). That alone is enough to frustrate and chase away most users. However, behind the obtuse design and stark menus there is a tool that can be extremely useful for anyone that creates and stores large volumes of passwords, secret keys and other number strings on their iPhone or … Read more