Security

Java flaw draws Web attacks, reports say

Security researchers have spotted a new vulnerability in the widely used Java software that could give attackers access to your computer.

The US-CERT group today issued an alert saying that Java 7 Update 10 and earlier versions of the software contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole.

This weak spot is already being attacked "in the wild" -- that is, it's a real-world threat … Read more

Private WiFi takes its VPN mobile

LAS VEGAS--Private WiFi has been making a name for itself as a subscription VPN service on desktops. At CES 2013, the company has unveiled mobile apps for iOS and Android.

Private WiFi wraps your data in 128-bit encryption as it runs in the background of your phone or tablet. Based on the open-source OpenVPN, the service will block attacks on public, unsecure networks such as man-in-the-middle attacks, rogue networks, honeypots, ARP spoofing, sniffing, and session sidejacking.

Private WiFi CEO Kent Lawson said that his app stands a better chance than the competition because Private WiFi is low-cost but avoids privacy … Read more

Adobe mends security holes in Flash, Reader, Acrobat

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," the company wrote in a security bulletin today. "Adobe recommends users update their product installations to the latest versions."

Adobe does not give any further detail on the security vulnerabilities but … Read more

Microsoft's next Patch Tuesday won't resolve IE zero-day flaw

Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.

Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.

On Monday, the company issued a temporary fix that prevents the flaw from being … Read more

Fake Turkish site certs create threat of bogus Google sites

Google and Microsoft revealed today that a certificate authority based in Turkey "mistakenly" issued security certificates last month, and that a recipient of one of the e-documents in turn created a bogus certificate that could let it impersonate various Google sites.

According to a blog post by Google engineer Adam Langley, Chrome detected and blocked an unauthorized security certificate for the domain "*.google.com" on December 24. After blocking the certificate, Langley said, Google investigated and determined the certificate came from an intermediate certificate authority that linked back to the Turkish certificate authority TurkTrust.

Fraudulent certificates … Read more

The top threats for 2013, as seen by McAfee

In the coming year, the world will see increases in mobile cyberattacks, ransomware, and "hacking for profit," as well as the decline of hacktivist groups such as Anonymous, according to McAfee Labs' 2013 Threat Predictions.

The security firm's research report, released today, predicts that cybercriminals and hacktivists are going to refine and "evolve" techniques and tools used not only to steal from our wallets, but also to take advantage of our personal data. Along with a likely rise in cyberattacks that take advantage of the explosion in mobile technology, McAfee warns of threats based on … Read more

Prevent Facebook from automatically importing photos

A few weeks ago, Facebook introduced the ability to sync photos taken on your iPhones, iPads, and Android phones to your Facebook account automatically. Jason Cipriani describes how to enable the feature in "Getting started with Facebook photo sync on Android, iPhone."

Your smartphone or tablet might prompt you to activate the service, which uploads via Wi-Fi or the cell network the most recent 20 photos taken with the device and all subsequent photos it takes. As Jason explains, the photos are stored in a private folder and aren't posted to your Facebook Timeline until you post … Read more

Four security trends defined 2012, will impact 2013

The Internet is slowly changing, and security experts say that today's security issues will continue to be major players in driving that change. Here are four trends that dominated headlines in 2012, and will continue to play a major role in 2013.

The Internet as governmental tool The collective realization by governments around the world that the Internet is an excellent network for conducting surveillance, monitoring, espionage, and war, says Finnish computer security firm F-Secure's Chief Technical Officer Mikko Hypponen, may not come to full fruition in 2013. But the foundation for that change is already underway.

"… Read more

50% off on Hotspot Shield Elite VPN

Public WiFi hotspots are great, but did you know that you are the prime target for hackers in public WiFi networks if you are not equipped with the right safety tools? With the cyber crime rates on the rise, it is better to take the extra precaution to keep your personal information safe from predators, who are looking to intercept your connection to steal your identity. Don't let this happen to you.

I've had my share of identity theft and I can tell you it's the most annoying thing you'll have to go through to clean … Read more