security

British security staff used bogus copies of the LinkedIn and Slashdot websites to install spyware on tech firm networks, according to leaked documents. They were able to pull off the hacker-like attacks with the help of the National Security Agency. ... The claims come from what appears to be a secret presentation from Government Communications Headquarters (GCHQ), the British equivalent to the National Security Agency (NSA). It seems the documents were made available to the NSA and then leaked by former contractor Edward Snowden. (Source: spiegel.de ) Secretive Agency Targets Telecommunications ... (view more)

Microsoft will be issuing Patch Tuesday fixes for several "critical" security problems today. Unfortunately, the firm says the list of fixes doesn't include a patch for a recently reported zero-day flaw affecting Windows and the Microsoft Office ... software suite. The November 2013 Patch Tuesday lineup includes a total of eight bulletins, three of which are marked "critical" -- Microsoft's highest security rating. These flaws involve serious security issues affecting some of Microsoft's most popular products, including the Windows operating system and Internet Explorer, the firm's web browser. ... (view more)

If you've got the skills, it can certainly pay to be a security researcher. One expert recently earned more than $100,000 after discovering a major security flaw in Microsoft's Windows 8.1 operating system. The award is part of Microsoft's "bug ... bounty" program, which the Redmond, Washington-based firm unveiled earlier this year. Google and Mozilla also employ similar programs , which allow major tech firms to save money by effectively outsourcing their security tasks to independent experts. "Mitigation Bypass Bounty" Includes $100,000 Prize The $100,000 award is part of Microsoft's ... (view more)

Experts are growing increasingly concerned about a still-unpatched security flaw in Microsoft's popular web browser, Internet Explorer. According to recent reports, the vulnerability -- which first emerged in mid-September -- has been exploited on ... several occasions. Microsoft has called the vulnerability CVE-2013-3989. The firm first announced the flaw back on September 17 shortly after Microsoft became aware of its use in a number of attacks. In the days that followed Microsoft released a temporary "Fix It" tool that Internet Explorer users could manually download and install on their ... (view more)

Apple's new fingerprint security system for the iPhone 5S was supposed to make it harder for hackers to access a user's personal information. However, it appears hackers in Germany have already found a way to dupe the system. Germany's Chaos ... Computer Club (CCC) hacking group recently unveiled a strategy for beating the iPhone 5S' fingerprint authentication. The trick: using a customized print out of a victim's fingerprint. Victim Fingerprint, Common Home Tools All That's Required Here's how the trick works: first, a hacker must acquire a high-quality photograph of a victim's fingerprint. Next ... (view more)

Microsoft has issued an emergency software fix for a critical flaw in its Internet Explorer web browser. According to reports, hackers have already exploited the vulnerability. Microsoft released the "Fix It" software in an attempt to prevent what ... it calls "targeted attacks" on a vulnerability in its Internet Explorer browser. Microsoft is calling this a "zero day" vulnerability, meaning software developers were unaware of the issue before it was exploited by hackers. Hackers Launch Remote Code Execution Attacks Reports indicate that hackers have used the flaw to carry out remote code ... (view more)

A new security report reveals that most 'hacktivists' (or politically-motivated hackers) aren't looking to inflict long-term damage on their victims through cyberattacks. Instead, their primary goal is to draw attention to their own cause. But ... that's not necessarily a good thing -- in fact, experts say it makes devising a foolproof security strategy extremely difficult. "What we have seen with hacktivists is that attacking a website tends to be more about generating media coverage about their cause than it is about which site they targeted or what the impact was," says Michael Smith, incident ... (view more)

For most Internet users, passwords are just a part of life. We enter them to access our desktops, laptops, tablets, smartphones, email programs, and cloud storage accounts. But managing all of those passwords can be a major hassle. That's why many ... firms are devising systems that allow us to ditch the traditional password. Recently, Canadian firm Bionym showed off the Nymi , which uses an individual's unique heart rate to skip the typical login process. Now, one of Google's most prominent security executives says traditional "passwords are dead." Google Exec: "Game is Over" for ... (view more)

Another monthly Patch Tuesday security update has arrived and this time Microsoft is providing fixes for 'critical' flaws in its Internet Explorer web browser and its Outlook email manager. In total, Microsoft's Patch Tuesday offering includes 13 ... bulletins, four of which have been marked critical -- Microsoft's highest security rating. Many security experts are pointing to the critical bulletin affecting Outlook as the most important security issue this month. Code Execution Flaw Affects Outlook Wolfgang Kandek, chief technology officer at IT security firm Qualys, says it's imperative that ... (view more)

A seller of Internet-based home security cameras and baby monitors has settled with the Federal Trade Commission (FTC) after private video content was accessed by hackers. TRENDnet sells a range of "SecurView" cameras that allow customers to monitor ... activity in their homes through the Internet. Suggested uses include monitoring a baby or checking a home's security while away on vacation. The company repeatedly used the word "secure" when marketing its products. Unfortunately, the security had three major shortcomings. First, there was a design flaw that allowed hackers to bypass a login ... (view more)