By now you have probably heard about the enormous security flaw that was recently discovered that, experts say, left thousands of applications and devices vulnerable to remote attacks and control. It is a flaw that has been around since 2009, and has the potential to affect any server that is running any post-2008 version of the Gnu C open source library called glibc. It is the function getaddrinfo() within the glibc library that has the flaw, and it is so widely distributed that it is impossible to estimate just how many applications and hardware installs are running the flawed versions (of which there are at least 7 main version and dozens of incremental update versions).
You know that old adage, that something is only as strong as its weakest link? Well, private Facebook groups are only as private as the admins keep them. Which means that all it takes is for one admin to accidentally (or intentionally) make the group public for a period of time, during which people who aren’t members of the closed Facebook group can see both the members, and what they posted. So how safe is it to rely on the private, closed status of a Facebook group? Not very, it turns out.
Evidence in the form of leaked email demonstrates that Ashley Madison execs knew that their security was weak. A Federal court ruling last week says that the Federal Trade Commission (FTC) can go after companies whose Internet security is weak. Hrrm…
A new report released by Internet security firm Symantec highlights the security risks of personal and wearable tracking devices such as the FitBit, and even self-tracking apps such as Runkeeper, Runtastic, and MapMyRun. In our efforts to track and quantify our every move (what Symantec calls the “Quantified Self” movement), we are generating an unbelievable amount of data, including location data, that can be used to profile us, track our location, and even to steal our identity.
A lightbulb as a port of entry for a hacker to steal your wifi password? Yes! Specifically the LIFX smart lightbulbs, but it could be any smart bulb, or for that matter any other “smart” thing connected to that Internet of things.
Email Privacy Tester is exactly what it says – a way to test your email program for privacy and security leaks. And it’s free!
Apple has released a critical security update for iPhone and iPad iOS 7 and iOS 6. This urgent update is to fix the critical security vulnerability that exposes your data (including usernames, passwords, and other account credentials at nearly any website or service) to a “Man in the Middle” (MitM) attack.
It’s time to worry about your phone number reputation and mobile identity. The company that provides two-factor authentication for the users of sites such as Google and Facebook has been quietly amassing the phone numbers of those users, and is now assigning a phone number reputation, which it calls a PhoneID Score – or your Mobile Identity – to all of those phone numbers being used for two-factor authentication and, it seems, any other phone numbers the data for which they have access.
Experts think that it is entirely possible that the Russians and the Chinese have already accessed the most confidential information that Edward Snowden has on his laptops.
The Facebook security check warning says “Warning: Please Slow Down. It looks like you’re using this feature in a way it wasn’t meant to be used. Please slow down, or you could be blocked from using it.” This is what some people are seeing when they try to send, or reply to, a message within the Facebook messaging feature. The only problem is, people who rarely send messages at all are seeing it.
Do you know the name John McAfee? Well, if you have a PC with McAfee virus protection, then you just might. John McAfee is a computer programmer and the founder of the McAfee security software that just about anyone with a PC has already installed on their computers. McAfee is one of the first people ever to develop both an anti-virus software, and a virus scanner.
Many of us take free wifi at coffee shops for granted. Many, if not most – or even all – coffee shops now offer free wifi, and lots of people don’t give it a second thought before connecting to and using the free wifi. Some people even make a point of going to a coffee shop and using their wifi rather than using their own home wifi, particulary if they are going to do something of questionable legality. But even if you are not planning on doing anything illegal, certain actions on your part while logged onto the coffee shop’s wireless Internet could cause that coffee shop to have their Internet services suspended! Betcha never thought of that before, did you?
Three researchers in Germany at the University of Ulm have discovered a massive security hole in Android – so big, in fact, that it affects at least 97%, and as many as 99%, of all Android users. The researchers, Bastian Könings, Jens Nickels, and Florian Schaub, have discovered that the security flaw allows anyone who is sniffing around your connection on an unsecured wireless network to acquire your Google authorization credentials from a specific token (the authToken), giving them access to your contacts, your calendar and, well – really any application that authenticates you by using your Google authorization credentials contained within that authToken.
If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco). Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.
If you have ever had an account – even just to leave comments to articles and posts – on Gizmodo, Lifehacker, Gawker, Jezebel, io9, Kotaku, Deadspin, Fleshbot or Jalopnik, then you are in for a nasty surprise. Odds are good that your account has been compromised, and your user name and password posted on the Internet, as the result of security breach of Gawker Media’s servers that happened over the weekend. Gawker media does get points for alerting all of their users as soon as they discovered the breach (about 10 minutes ago as of the time of this posting on 6:20 p.m. PST on Monday, December 13th, 2010).