Security

Users of remote access tool GoToMyPC will need to reset their passwords as a security measure after an attack by hackers. Although creators Citrix describe it as a "very sophisticated" attack, it's simply another case of hackers targeting people who ... continue to re-use passwords on multiple sites. GoToMyPC is a tool that lets users remotely access their PC or Mac using another computer or mobile device. As with most such tools, the computer being remotely accessed must be switched on and connected to the Internet. The actual system that powers GoToMyPC, and its database of login ... (view more)

Belgian computers are most exposed to hacking according to a new study, with the US in 14th place. It's all because of millions of computers having open, unsecured connections to the Internet. Research firm Rapid7 looked at the full range of data ... connection services on the Internet beyond just the more familiar HTTP that most users use while browsing the web. These include FTP (file transfer protocol) SSH (secure shell for remote connections), and SMTP (simple mail transfer protocol), used for many email services. To carry out the research, the company embarked on the massive task of ... (view more)

Management at TeamViewer, a remote access computer tool, have confirmed that a "significant number" of users have fallen prey to hackers. However, the company insists that all evidence suggests that there is no flaw in the system, but is instead ... pointing fingers at its users. TeamViewer allows users to login to a remote computer (even their own) from anywhere with an Internet connection. Once connected, users can operate the computer just as if they had physical access to the machine. The security for the system works in two ways: first, users get a reference number that identifies ... (view more)

Two online accounts belonging to Facebook chief Mark Zuckerberg have been hacked. The incident, thought to have resulted from a LinkedIn data breach, is a high profile example of the dangers of poor password choices. The hackers, calling themselves ... OurMine Team, took control of Zuckerberg's Twitter account and posted a message informing him of the breach. They also claimed to have accessed his Pinterest account (which appears to be correct) and his Instagram account, which doesn't appear to be the case. Perhaps the one point of relief for Zuckerberg is that his Facebook account was not ... (view more)

A security firm says that laptops from five major PC manufacturers have inherent security flaws which make the systems open to attack the very first time they are used. The problem deals with the automatic update tools installed by the manufacturer. ... Duo Labs explored the pre-installed manufacturer software on laptops from Acer, Asus, Dell, HP and Lenovo. In total, they found 12 vulnerabilities which they described as being ridiculously simple to exploit. (Source: duo.com ) The software is what's officially known as Original Equipment Manufacturer (OEM) software, but commonly referred to ... (view more)

A series of massive but dated breaches of high-profile sites is yet another reminder of the dangers of poor password security. While the sites in question are taking preventative measures, experts warn that hackers could use the stolen details to ... access other sites. In the past few weeks, hackers have offered up massive hauls of stolen login details from four major sites. They include details of 360 million accounts from MySpace and 65 million accounts from Tumblr, both lists appearing to date from 2013. Questions Posed For Sites And Users This follows 164 million account details from ... (view more)

Google is working on an option to replace password logins on mobile devices with a "trust score" based on multiple factors. The idea is to combine all sorts of factors that aren't secure enough on their own. The idea is to balance the need for ... security with the hassle of remembering passwords by building on the concept of two-factor authentication. That's an existing philosophy that deals with the inherent weakness of using a single login factor such as a password. Two-factor authentication combines a password with another factor such as using a specific device or having ... (view more)

A major website used by hackers to exchange stolen data has itself been hacked. The breach has exposed hundreds of thousands of user accounts. The site called "Nulled" hosted discussion forums for users to exchange tips on how to hack into websites. ... It also included a section for buying and selling data such as stolen account information. Ironically, given the new development, the site had the slogan "Expect the unexpected." At the time of writing, the site was offline for "temporary unscheduled maintenance," with its database leaked onto other websites for ... (view more)

Two government agencies are investigating the way smartphone manufacturers and wireless carriers issue security updates for devices. They say they are particularly worried about older devices being left unpatched. It's a rare joint probe by both the ... Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). While the FCC usually handles issues relating to the Internet and smartphones, the FTC usually only gets involved in cases of misleading advertising or unfair contracts. That may suggest officials are exploring whether companies have overstated the security their ... (view more)

Stolen usernames and passwords from Yahoo, Google and Microsoft's webmail services are reportedly being traded by Russian criminals. They are said to be among a batch of 272.3 million accounts, though most are from a popular Russian service. The ... trade has been revealed by Hold Security in a discussion with Reuters. Hold's founder says his staff uncovered the batch when trawling an online forum used by hackers. The person who provided the information claimed he had a total of 1.17 billion records, but agreed to hand over a portion of them. It seems that while many criminals buy and ... (view more)