Security & Privacy

The German government on Thursday publicly denied a German newspaper report about an alleged "back door for the NSA."

The same newspaper has now acknowledged that the German authorities have rejected its initial reporting.

"The so-called Trusted Computing is a back door for the NSA," wrote Zeit's Patrick Beuth on Tuesday, according to a translated version, referring to recent reports pointing at the U.S. government's mass surveillance programs. "The operating system contains a back door in their view, cannot be closed. This back door is called Trusted Computing and could have the … Read more

Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher.

At least three US banks in recent months have been plundered by fraudulent wire transfers while hackers deployed "low powered" DDoS attacks to mask their theft, Avivah Litan, an analyst at research firm Gartner, told SCMagazine.com. She declined to name the institutions affected but said the attacks appeared unrelated to the wave of DDoS attacks last winter and spring that took down Web sites belonging to JP Morgan , Wells Fargo, Bank of America, Chase, … Read more

Tumblr has a new blogger within its sphere: The U.S. Intelligence Community.

That's right, the umbrella organization that oversees government intelligence agencies, like the National Security Agency, the CIA, and FBI, has started to blog. Director of National Intelligence James Clapper penned a post on Wednesday making the announcement.

"The goal of IC ON THE RECORD is to provide the public with direct access to factual information related to the lawful foreign surveillance activities carried out by the Intelligence Community," Clapper wrote. "In addition to comprehensive explanations of the authorities under which the Intelligence Community … Read more

Hackers have breached the system of one of the world's most popular online video games: League of Legends.

Riot Games, which developed League of Legends, announced Tuesday that some usernames, e-mail addresses, salted password hashes, first and last names, and even some salted credit card numbers have been accessed. The salted data is somewhat protected, but if users have easily guessable passwords, their information could be susceptible to theft, Riot Games warned.

The affected users are only those who live in North America. While the accessed credit card information is alarming, it pertains only to records from 2011 and … Read more

A Palestinian IT expert who claimed to have discovered a Facebook vulnerability said he took his bug report to Mark Zuckerberg's Facebook page after being ignored by the social network's security team.

The vulnerability allows anyone to post anything to anyone else's page, regardless of whether they are a Facebook friend of that person, Khalil Shreateh wrote in a blog post Saturday. Shreateh initially reported the vulnerability through Facebook's "white hat" security disclosure service, which offers a minimum bounty of $500 for legitimate bugs.

However, despite including a demonstration of the bug executed on … Read more

Would you pay $30 for a thousand bogus "likes" on Instagram? Apparently some buzz-seeking businesses would.

Reuters reports that hackers are selling rigged Instagram endorsements, and that to create these supposed indicators of a company's cool factor, they've rejiggered a virus originally designed to steal credit card numbers.

And get this: the endorsements sell for more than the credit card info.

Reuters cites security company RSA in reporting this new use for the Zeus virus -- malware that can be secretly slipped onto millions of computers to create a botnet, or army of "zombie" … Read more

China is determining whether it should investigate three major U.S. companies following Edward Snowden's National Security Agency leaks.

China's Ministry of Public Security is getting ready to investigate EMC, Oracle, and IBM, to determine whether their technologies are being used to spy on Chinese companies and the government, Shanghai Securities News, a China-based publication, reported on Friday, according to Reuters.

In the report, Shanghai Securities News quotes an anonymous official who said China relies heavily upon the companies' enterprise technologies, which potentially puts the country and its companies in the NSA's cross hairs. The source specifically … Read more

Google's Cloud Storage service now automatically encrypts all its customer data for free, the company said Thursday.

The encryption has "no visible performance impact," Google Cloud Storage's product manager, Dave Barth, wrote in a blog post. "If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," he said.

New files added to Cloud Storage will be encrypted as they're uploaded and before they're saved to a drive. Older files will be migrated "in the coming months," … Read more

Getting an e-mail from your employer with the subject line "Cyber Incident" usually isn't good news. Especially if you work for the U.S. Department of Energy and it's the second time this year.

The Energy Department on Wednesday notified workers that a hack in late July exposed personal information, such as the names and Social Security numbers of current and past employees, and that 14,000 people may have been affected.

According to the e-mail, obtained by the Wall Street Journal, the agency said "No classified data was targeted or compromised." The department … Read more