Security news, analysis, research, how-to, opinion, and video.

What's new with Java

There are three latest versions of Java. Tweaking Java to disable SSL 3.0. Securing Java. Explaining the security messages when running Java applets. Expiring old versions of Java.

facebook privacy

ssl secure browser lock

Google to kill off SSL 3.0 in Chrome 40

To protect against POODLE attacks and other vulnerabilities in SSL 3.0, Google will remove support for the aging protocol in version 40 of its Chrome browser, due in about two months.

google privacy

Google's RAPPOR aims to preserve privacy while snaring software stats

Google is applying a surveying technique from the 1960s to a project that aims to collect data about users' computers without compromising privacy.

Vulnerabilities in command-line tools prompt wget and tnftp patches

The critical Shellshock vulnerabilities found last month in the Bash Unix shell motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.

patch bandage band-aid first-aid ouch cure remedy

Drupal warns unpatched users: Assume your site was hacked

Drupal users who didn't immediately apply a security patch released on Oct. 15 should consider their sites compromised.

Internet Explorer logo

Microsoft releases stopgap POODLE protection for Internet Explorer

Microsoft gave Windows customers an easier way to block attacks against Internet Explorer meant to steal browser session cookies and impersonate victims.

zuckerberg china

China says Facebook not banned, but must follow the rules

China may be blocking access to Facebook, but that doesn't mean the social media network can't one day enter the country, as long as it follows the rules, a top government official said on Thursday.

2014 spending ss 10a

IT spending reality check: 2014's mixed message

Tech budgets and hiring are down from earlier optimistic projections, but IT's confidence is holding steady.

Hacking stealing password data.

Now cybercriminals can automate rogue credit card charges

A Web-based app called the Voxis Platform is being billed on underground forums as a tool for cashing out money from stolen credit cards by automating fraudulent purchases.

malware keyboard

Attack campaign infects industrial control systems with BlackEnergy malware

Since 2011, companies that operate industrial control systems have been targeted by a group of attackers with a backdoor program called BlackEnergy.


Verizon bans domestic surveillance and net neutrality articles from tech news site

Know where you won't hear about Verizon injecting a privacy-decimating 'perma-cookie' in consumers' HTTP connections so advertisers can track Verizon customers across the web? SugarString, Verizon's tech news site, where writers are...

black swan

Insider Threats – the myth of the black swan

Most companies think of insider threats as ‘black swan’ events – highly visible, but extremely rare and hard-to-predict. If a threat is such a rare event, after taking some precautions, should companies really care and act upon the...


Hackers go after unclassified White House network

Hackers targeted an unclassified White House network but did not damage any systems, a White House official said Tuesday.

virtual encryption 175562932

Gigamon says it can analyze attacker SSL traffic without affecting performance

Gigamon says it has developed a capability to deeply analyze all SSL/TLS traffic.

Hacked, unlocked, unsafe.

California reports huge jump in data breaches

The number of personal records compromised by data breaches in California surged to 18.5 million in 2013, up more than six-fold from the year before.

Security vendor coalition cleans 43K malware infections used for cyberespionage

A coalition of security vendors has disrupted the activities of a sophisticated group of attackers tied to China that, over the past six years, infiltrated the computers of many Fortune 500 companies, journalists, environmental...


Tracking and the law

As courts continue to rule on what is and is not acceptable when it comes to tracking, a lot of what we do with our smartphones could become illegal.


Russia fingered in long-running spying campaign

Russia is likely behind a long-running computer spying campaign, although the stealthy attacks leave fewer clues than other state-sponsored attacks.

Samsung Find My Mobile remote control service

Zero-day in Samsung ‘Find My Mobile’ service allows attacker to remotely lock phone

NIST warned that if an attacker exploits the zero-day vulnerability in Samsung's ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.

Load More