Ad: Manage updates with the Download App

Hacks

Twitter resets passwords of 'compromised' accounts

Is it a bird? Is it a plane? No, it's a password reset message from Twitter, and you should probably do what it says.

An unknown number of Twitter users have received a genuine e-mail from the company warning they should change their password as soon as possible. 

But a Twitter spokesperson told CNET that the e-mail was sent to a wider group of users than intended.

In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your … Read more

Facebook password-bypass flaw fixed

Facebook this weekend disabled a loophole that might have allowed some accounts to be accessed without a password.

The vulnerability, which was posted to Hacker News on Friday, could potentially have allowed an unauthorized user to access another person's Facebook account.

The flaw centered on e-mails sent out by the social network which contained links that, once clicked, would log a user straight into a Facebook account without the need for any secondary authentication, such as entering a password. The e-mails could be discovered through a simple Google search query, with 1.3 million accounts potentially open to the … Read more

Homeland Security chief: Banks 'under attack' by hackers

U.S. Homeland Security Secretary Janet Napolitano said today that hackers are "actively" attacking some of the country's largest financial institutions.

According to a report in The Hill, America's top security official issued the warning at a Washington Post event today, but didn't specify the nature of the attacks.

"Right now, financial institutions are actively under attack," The Hill quoted Napolitano as saying. "We know that. I'm not giving you any classified information... I will say this has involved some of our nation's largest institutions. We've also had our … Read more

Millions of SSNs lifted from South Carolina database

If you live in South Carolina, there's a very good chance that slipshod state government security has allowed an overseas computer criminal to acquire your Social Security number.

The South Carolina Department of Revenue acknowledged the massive electronic security breach today, saying an electronic intrusion led to 3.6 million Social Security numbers being stolen. The state's population is approximately 4.7 million.

"We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected," Gov. Nikki Haley said in a statement.

Anyone … Read more

Outages hit Google App Engine, Dropbox, Tumblr, and more

A mysterious rash of outages struck the Internet today, crippling major services for hours at a time. It isn't clear whether they're related.

Among those hit:

Google Apps Engine. Google said that at about 7:30 a.m., an unnamed component of App Engine "began experiencing slow performance and dropped connections." Users began seeing slow response times and had trouble connecting to services. At the moment, most App Engine users and services are being affected. "Google engineering teams are investigating a number of options for restoring service as quickly as possible, and we will provide … Read more

Sony's PlayStation 3 experiences its biggest hack yet

Hackers have found a way to break down one of the toughest defensive walls in Sony's PlayStation 3 software security, ensuring that those who use custom firmware can run homebrew software and pirated games forever.

A group calling itself "The Three Musketeers" on Monday released a secret set of LV0 codes that can decrypt the PlayStation 3's Level 0 (LV0) security layer used by the primary boot loader. This means that hackers should always have the ability to release custom firmware for the device any time Sony updates the console's software. Custom firmware gives PS3 owners the ability to run pirated games, homebrew software (such as retro game emulators), and even Linux. … Read more

Sony PSN hacking lawsuit dismissed by judge

A California district judge has dismissed a handful of charges that plaintiffs brought against Sony, including negligence, restitution, and unjust enrichment in its handling of a PlayStation Network data breach last year.

Several lawsuits were filed against Sony PlayStation Network in the wake of a major security breach of the personal data of more than 75 million customers in April 2011.

On Friday, Judge Anthony Battaglia of the U.S. District Court in Southern California ruled that one of those class action suits is invalid, according to Courthouse News.

When the attack happened in 2011, more than 75 million customer … Read more

Some Android apps could leak personal data, researchers find

Android applications are once again in the hotseat over possible security vulnerabilities.

Security researchers at the Leibniz University of Hanover in Germany recently released a study (PDF) examining the way in which legitimate Android applications in the Google Play marketplace respond to attacks on security protocols known as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). In eight percent of those cases, the researchers found that apps used the security protocols improperly, leaving sensitive data open to hackers with some know-how.

The security team, however, didn't suggest that anyone has yet deliberately exploited these vulnerabilities.

SSL and TLS … Read more

Apple parts ways with hacker famous for iPhone jailbreaking

Apple's experiment with employing a hacker famous for jailbreaking the iPhone has ended.

Nicholas Allegra, also known as Comex, was hired at Apple after gaining fame with the JailBreakMe, a Web site that simplified the process of removing Apple-installed protections from the phone -- a practice Apple opposes. When Apple hired him as an intern in August 2011, Allegra was a high-profile member of the jailbreaking community, regularly publicizing security vulnerabilities in Apple's iOS software.

However, Apple ended the 20-year-old Brown University student's employment last week, Allegra revealed today.

"So... no point in delaying. As of … Read more

U.K. blocks extradition of Gary McKinnon

Gary McKinnon, the British hacker who allegedly broke into NASA's computers, will not be extradited to the U.S., ending his 10-year fight against the process.

Home Secretary Theresa May blocked the extradition on human rights grounds, saying she has "carefully examined the medical evidence" and concluded that his extradition would "give a high risk that he would end his life," the BBC reports.

Whether McKinnon will now face trial for the crime in the U.K. will be determined by the the director of public prosecutions Keir Starmer.

Read more of " Gary McKinnon extradition blocked by UK government&… Read more