Security

A US senator wants the Securities and Exchange Commission to investigate Yahoo's handling of a major data breach. Mark Warner says the company left the public, and specifically investors, in the dark. Last week the company announced that it was hit ... in late 2014 by an attack that it believed to have been backed by a foreign government. Around 500 million accounts were affected and the stolen data included names, email address, dates of birth, phone numbers and passwords. The good news is that the passwords were encrypted. The bad news is that the data also included security questions and ... (view more)

A hack of nearly 800,000 accounts on an adult entertainment site could be among the most embarrassing ever. The breach at "Brazzers" may expose some of the very personal tastes of the site's users. The stolen data doesn't come from the main Brazzers ... site, which sells access to videos the company has made itself. Instead, it comes from the site's discussion forum, where users can discuss the scenes on the site and talk about what they'd like to see in future videos. Passwords Stored Without Encryption The data is said to include 790,724 email addresses (not including ... (view more)

A 2012 hacking incident has turned out to be far worse than initially believed. It turns out that the theft of more than 60 million account details also included passwords. Online storage company Dropbox admitted to the breach at the time, but only ... said a list of email addresses of customers had been stolen. It either didn't know or didn't say that passwords were also compromised. The incident was particularly embarrassing at the time, as the hack proved simple thanks to a Dropbox employee's poor lack of judgement. The employee's LinkedIn password had been stolen as part of a ... (view more)

Users of the Opera browser's sync tools have been warned to change their passwords for every website. The organization behind Opera says the warning is with "an abundance of caution." The warning only covers people who use Opera's system for ... synchronizing bookmarks, passwords and other information so that they can access the feature on any computer. This covers around 1.7 million people among the 350 million who use the browser. Writing on a company blog, Opera's Tarquin Wilton-Jones said an attack on the system had been detected and, although quickly blocked, was ... (view more)

Google says a set of security flaws on Android devices may not be as serious as initially feared. It says 90 percent of devices should be largely immune from what's been dubbed the "Quadrooter" exploit. A security research company found the problem ... in software which works with processors manufactured by Qualcomm, which are used in an estimated 900 million Android devices. The bugs affect the communication between different actions (known as processes) running on the phone at the same time. The name of the exploit (Quadrooter) comes from the fact that there are four ... (view more)

Users of Android smartphones and tablets will soon get an instant warning when somebody attempts to log in to their Google account. The notification comes as an on-screen message, rather than by email. The new feature is designed to enhance ... two-factor authentication. That's an optional feature which means that if somebody tries to sign in to a Google account on another device, they will have to wait for a security code to be sent via email, text message or through a dedicated app so that they can continue to login to the account. If no code or the improper code is entered, then the ... (view more)

Are smart devices a security risk? Security firm Rapid 7 seems to think so. According to the researchers, a range of Internet-connected light bulbs had at least nine security flaws. While the potential consequences are hardly life or death, it could ... be a blow to the concept of smart devices in the home. Osram's Lightify range of light bulbs lets users control lighting via a smartphone or tablet app. The idea is partly to allow more precise controls, such as dimming a bulb or even changing its color, and partly to allow users to remotely access the lights. For example, if a home owner is ... (view more)

Is there fair play amongst ransomware scammers? A particularly lazy variant of "ransomware" is making its rounds, though researchers say that paying up will never pay off. For the most part, ransomware usually involves a nasty malware program ... encrypting files on a PC, followed by a promise of a decryption key - but only if the victim pays a ransom. It would make sense that if people stopped believing this would happen, they would stop handing over the cash. Files Deleted Rather Than Encrypted Now security company Talos has spotted a variant where there's absolutely no prospect ... (view more)

Researchers say they've found a way of severely limiting the damage ransomware causes. Meanwhile California legislators are mulling over new laws specifically aimed at the tactic. Ransomware involves attackers remotely installing malicious software ... that encrypts files and makes them inaccessible without an unlock key. In many cases, this means victims can't access the data and may be unable to use the computer at all. The attackers then demand a fee to provide the unlock key. The tactic has led to controversy over whether victims should pay the fee , something critics say merely encourages ... (view more)

A newly-publicized take on a long-running scam involves on-screen messages that falsely appear to be from a user's Internet service provider. It's a trick with a variety of ways to profit from the customer. For many years, scammers have been calling ... people on the telephone claiming to work for Microsoft or other computer companies, saying the person receiving the call has a virus. The scammer will then usually try to get the victim to pay for bogus tech support services. While most people realize it's a scam, the idea is to call enough people so that even a small percentage of ... (view more)