Security & Privacy

If he was trying to scare the hell out of his listeners about the current state of cybersecurity, consider the newest warning from the nation's top intelligence official a mission accomplished.

In stark testimony delivered today to Congress, Director of National Intelligence James Clapper described a fast-eroding economic and national security landscape that's being rapidly penetrated by foreign agents infiltrating the nation's computer networks. This was the first time Clapper has included cyberattacks in his yearly congressional report on security threats facing the nation -- the Worldwide Threat Assessment of the U.S. Intelligence Community (PDF) -- … Read more

The long-running Google Street View privacy case was settled today, as the company reached an agreement with 37 states and the District of Columbia to stop unauthorized data collection and train its employees on privacy issues.

Google will also pay a $7 million fine to the states involved. The company will also launch a nationwide consumer education campaign, according to the settlement.

The settlement concerns Google's collection of data from unsecured wireless networks nationwide between 2008 and 2010 as part of its Street View mapping service. Google improperly collected and stored information from consumers including email and text messages, … Read more

The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.

The Chinese government today responded to a U.S. invitation to enter into a dialogue with the U.S. over acceptable behavior in cyberspace, Reuters reported.

At a daily news briefing, Foreign Ministry spokeswoman Hua Chuying said that "China is willing, on the basis of the principles of mutual respect and mutual trust, to have constructive dialogue and cooperation on this issue with the international community including the United States to maintain … Read more

Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.

iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.

The process would be similar to that of a typical malware infection.

An attacker might tempt users to visit a malicious Web site by promising something … Read more

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

The White House warned China today to end a campaign of cyberespionage against U.S. companies, saying in its toughest language yet on the issue that the hacking activity threatens to derail efforts to build stronger ties between the two countries.

U.S. companies are increasingly complaining that intellectual property is being stolen through attacks "emanating from China on an unprecedented scale," Tom Donilon, the president's national security adviser, said during a speech at the Asia Society in New York.

"The international community cannot afford to tolerate such activity from any country," Donilon said. "… Read more

Gawker's headline tells the story: Either Colin Powell's official Facebook page got hacked or the former U.S. Secretary of State has had a drastic change of heart about the president he served.

Powell's Facebook page was pulled down today after it wound up hosting a series of sometimes scatological references to George W. Bush, according to Gawker which saved some of the posts.

This is just the latest in a spate of high-profile hacks launched against personal and private accounts. Sometimes the object has been public embarrassment, other times an effort to insert malware. In mid-February, … Read more

AUSTIN, Texas -- Once again, Uncle Sam wants you. This time, the U.S. government is after your nerdy, data- and public policy-obsessed brains.

That was the message delivered by Acting Undersecretary of State for Arms Control and International Security Rose Gottemoeller to a small but actively curious group of techie and policy wonks at South by Southwest today.

In a session entitled, "Mobilizing Ingenuity to Strengthen Mobile Security," Gottemoeller and CNET reporter Daniel Terdiman discussed the U.S. government's interest in getting the public more involved in disarmament and the detection of weapons of mass destruction. … Read more

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more