Security & Privacy

Hardly a day goes by that some high-profile person -- along with countless people of lower profile -- has an account hacked. Weak password, stolen password, non-existent password -- whatever the cause, breaking into our digital lives is easy and getting easier.

That's why Google says passwords are no longer the best solution for sensitive accounts. "We contend that security and usability problems are intractable," write Google's Eric Grosse and Mayank Upadhyay, in an article to be published later this month in IEEE Security & Privacy. "It's time to give up on elaborate password … Read more

Proposed legislation in the European Union would force tech companies that have access to user data -- such as Facebook, Google, and Microsoft -- to report any security breaches to local cybersecurity agencies, the Financial Times reported today.

This is the European Commission's effort to make private companies accountable for privacy and security problems, European Commission Vice President Neelie Kroes told the Financial Times.

If passed, the measure would require each of the EU's 27 member states to set up local cybersecurity agencies to implement security standards on online networks. Social networks, e-commerce companies, and large online platforms … Read more

Learning a lesson from the Stuxnet attack, Iran has beefed up its cyber forces and poses a greater threat to the United States.

At least, that was the word of warning from U.S. Air Force General William Shelton yesterday, according to Reuters. Speaking with reporters, Shelton said that the Iranian government has increased its cyber efforts since and as a result of being hit by Stuxnet.

In 2010, the infamous computer worm was unleashed in Iran and other countries. Designed to seize control of power grids and other industrial control systems, Stuxnet infected computers at Iran's Natanz nuclear … Read more

A new draft bill published today aims to increase privacy for mobile app users.

Led by U.S. Rep. Hank Johnson (D-Ga.), the bill aims to legally require app developers to publicize how they gather information and also let users request deletion of their stored data.

To create the draft language for the bill, Johnson and his Web-based initiative, AppRights, held meetings with members of the Internet community, public-interest groups, app developers, and other industry stakeholders. Dubbed "The Application Privacy, Protection, and Security Act of 2013," or the APPS Act, the bill "addresses the public's growing … Read more

Anonymous has set its sights on Mexico's Department of Defense.

The group's Mexican legion has claimed responsibility for waging a distributed-denial-of-service attack on the government site, rendering it inoperable for several hours yesterday, according to the Associated Press.

During the attack, the group posted a statement on the media section of the government's Web site. The statement claimed that a "bad government" was running the country.

"Our struggle is for life, and our bad government offers death as the future," the statement read, according to Spanish language tech news site Web Adictos. "… Read more

Microsoft isn't too happy with the results of a recent test that found fault with its antivirus software.

For the second time in a row, the company's Security Essentials failed to win certification from AV-Test, a German-based testing lab that evaluates the efficacy of antivirus products. Out of 25 programs tested, only three failed to gain AV-Test's thumb's up for certification.

Microsoft's Forefront Endpoint Protection, which is geared toward corporate customers, also failed to gain certification.

Microsoft responded to the test via a blog posted yesterday, challenging its findings.

"Our review showed that 0.… Read more

Lately Java has been getting a bit of bad press, thanks to several consecutive security holes that have been exploited by malware developers. One notable occurrence was the Flashback malware threat that affected a number of OS X users, which (though due in part to Apple's negligence about Java upkeep) was rooted in the Java runtime. More recently, Java 7 has seen a new zero-day vulnerability that has been circulating in exploit kits.

In response to these threats, many in the tech community have recommended that people uninstall Java altogether. However, this can be impractical for some, as many … Read more

Updated Thursday, January 17, 2012, at 4:50 p.m. PDT with comment from AV-Test.org.

For the second time in a row, Microsoft Security Essentials has failed to be certified as effective by AV-Test.org, an independent testing lab based in Germany.

The lab publishes test results every two months, and the test from November and December 2012 looked at 25 consumer antivirus security programs. Three failed certification: PC Tools Internet Security 2012, AhnLab Internet Security 8.0, and Microsoft Security Essentials 4.1.

This was the second test in a row in which MSE failed to earn certification. … Read more

Anonymous may have convinced the Westboro Baptist Church to cancel its planned protest of the funeral of Aaron Swartz.

A day after the news came out that the 26-year-old online activist had committed suicide, the members of WBC stated their intention to picket his funeral, which took place yesterday.

A press release on the group's Web site and Twitter feed revealed the location of the funeral and said: "Cyber criminals are the latest face of this nation's and this world's raging at God and His Servants at WBC. When you raging rebels give these cyber criminals … Read more