Data Security

Google research reveals security questions’s vulnerability to attack

Google research reveals security questions’s vulnerability to attack

Google has just published research which puts the nail in the coffin of security question-based password protection. We like to think that security questions are reliable because the answers are easy to remember, but research shows this isn't the case. Not only are the answers to security questions often forgotten, but they are susceptible to attacks by simply guessing answers. These reasons contribute to the evolution of two-step authentication and SMS-based verification codes for quicker, more reliable password retrieval and authentication.

Continue Reading

Researchers design new Tor client resistant to NSA attacks

Researchers design new Tor client resistant to NSA attacks

Internet anonymity has become difficult to procure as the NSA is doing everything in its power to keep tabs on Internet activity. One way that people have been protecting their anonymity is by using the anonymizing network, Tor. It was popularly used to access dark web sites like Silk Road, but it can also be used for good. For example, people in certain countries without free speech protections could be jailed or worse for disparaging online claims against the government; Tor provides a way to prevent those users' web activity from being tracked. As it turns out, Tor isn't as safe from the prying eyes of big government surveillance as we once thought.

Continue Reading

CareFirst health insurer hacked: up to 1.1m customers affected

CareFirst health insurer hacked: up to 1.1m customers affected

Recently we reported that the number of health care providers that have suffered some sort of breach sit at the 90-percent mark (over the last two years), and though some have taken steps to protect their networks, many are still vulnerable. Today it was announced that the health insurer CareFirst had been breached, making it the third in the United States to suffer such an attack (or, at least, to disclose as much). The attack took place in June of last year, and is said to have been sophisticated, affecting up to 1.1 million of the insurer’s customers. The company is based in Maryland but services the Washington DC region.

Continue Reading

High schooler hits entire school district with week-long cyberattack

High schooler hits entire school district with week-long cyberattack

Teenagers regularly make poor decisions when it comes to technology, and too many of them in recent times involve swatting pranks. This latest episode of poor teenage judgement comes in the form of an alleged cyberattack, however, and now that high school student is facing a possible felony charge, according to KTVB. The unnamed 17-year-old is said to have instituted a DDoS attack against the West Ada school district in Idaho — it’s the largest school district in the state, and for one miserable week students and faculty across dozens of schools suffered because of it.

Continue Reading

Penn State says it was hit with pair of “sophisticated” cyber attacks

Penn State says it was hit with pair of “sophisticated” cyber attacks

Penn State has revealed that it was hit with two major cyber attacks, one of which it determined originated from China. The announcement was made today, with the university saying that it first became aware of the threats on November 21, 2014 after being alerted by the FBI. According to the statement, the FBI alerted the university of a cyber attack taking place on its College of Engineering network. The university is saying that “advanced persistent threat actors” conducted the two cyber attacks, with “at least” one being based in China. The oldest discovered date of intrusion was September of 2012.

Continue Reading

United Airlines is offering 1 million miles in bug bounties

United Airlines is offering 1 million miles in bug bounties

Bug bounty programs are a great way for white-hat security researchers--hackers-- to earn extra cash. The best programs incentivize finding security flaws with cold, hard cash. On the other end of the spectrum, some companies only offer swag in return for finding flaws. A new set of bounties from United Airlines falls squarely in the middle. The company is offering airline miles in return for hunting security flaws. These miles aren't a measly upgrade from economy; you could earn some real travel time for uncovering a serious system flaw.

Continue Reading

Appeals court rules NSA surveillance program illegal

Appeals court rules NSA surveillance program illegal

In March, the ACLU filed a lawsuit against the NSA, claiming their surveillance program was overreaching and illegal. Today, a Federal Court of Appeals has agreed with that assertion, finding the NSA’s practice of data collection “exceeds the scope of what Congress has authorized”. This decision comes well after Edward Snowden began leaking documentation highlighting just how deep and intrusive the NSA’s domestic surveillance program is. In the ruling, Circuit Judge Gerald Lynch wrote “such an expansive concept of 'relevance' is unprecedented and unwarranted”.

Continue Reading

Free Android apps found tracking personal data

Free Android apps found tracking personal data

The Google Play store is a veritable frontier for apps of varying degrees of quality, while Apple tends to rule its App Store with an iron fist, only allowing thoroughly vetted apps to make an appearance. Only apps that are visibly malicious are barred entry to the Google Play store, leaving room for apps that aren't completely honest with their intentions. Perhaps it's time that Google follow Apple's lead and tighten up on the reins a bit, especially considering that a security team found thousands of free Android apps that are sharing user data by connecting with advertising and tracking sites--all unbeknownst to users.

Continue Reading

Google’s Password Alert already patched but still vulnerable

Google’s Password Alert already patched but still vulnerable

Earlier this week, Google released a Chrome extension designed to protect against phishing attacks, particularly the kind that directs users to a page designed to look like one of Google's own login pages. When on one of these fake Google logins, the Password Alert extension was designed to identify that it was a phishing attempt and alert the user that they were about to enter their credentials on a Web page that isn't part of Google. The problem is that the extension itself was vulnerable, and remains that way despite a patch.

Continue Reading

Slack says they’ve had no government requests for data

Slack says they’ve had no government requests for data

News of government requests for data is oftentimes troubling to read. Companies who transmit data typically fall under the watchful gaze of officials who may want to know what some citizens are up to, where those companies get legal requests for all kinds of data, including who we may have spoken with. Slack, the enterprise-focussed chat service, says they’ve not had a single government request for data of any kind. For such a widely used conversation platform, that’s hard to believe.

Continue Reading

1 2 3 4 5 Next