Can a spam filter work even without reading the content of your messages?WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.That encryption means that no one -- not even WhatsApp -- can read the content of your messages, except for the recipient.More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?To read this article in full or to leave a comment, please click here
Can a spam filter work even without reading the content of your messages?WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.That encryption means that no one -- not even WhatsApp -- can read the content of your messages, except for the recipient.More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?To read this article in full or to leave a comment, please click here
Have you ever ignored a security alert on your PC? You’re not the only one.The warnings are designed to save us from malware infections and hacking risks, but often times we’ll neglect them. It could be because we’re too busy or we’ve seen them too many times, and we've become conditioned to dismiss them -- even the most serious ones, according to Anthony Vance, a professor at Brigham Young University.Vance has been studying the problem and he’s found that introducing certain small, but noticeable changes, can make the alerts more useful and harder to ignore. "Our security UI (user interface) needs to be designed to be compatible with the way our brains work," he said at the USENIX Enigma 2017 conference on Tuesday. "Not against it."To read this article in full or to leave a comment, please click here
Have you ever ignored a security alert on your PC? You’re not the only one.The warnings are designed to save us from malware infections and hacking risks, but often times we’ll neglect them. It could be because we’re too busy or we’ve seen them too many times, and we've become conditioned to dismiss them -- even the most serious ones, according to Anthony Vance, a professor at Brigham Young University.Vance has been studying the problem and he’s found that introducing certain small, but noticeable changes, can make the alerts more useful and harder to ignore. "Our security UI (user interface) needs to be designed to be compatible with the way our brains work," he said at the USENIX Enigma 2017 conference on Tuesday. "Not against it."To read this article in full or to leave a comment, please click here
Forgot your password? Well, Facebook wants to help you recover your internet account.The company is releasing an open source protocol that will let third-party sites recover user accounts through Facebook.Typically, when people forget their password to a site, they’re forced to answer a security question or send a password reset request to their email. But these methods of account recovery can be vulnerable to hacking, said Facebook security engineer Brad Hill.He recalled a time when he was granted permission to break into an online bank account. To do so, he took advantage of the password reset questions.“It asked me what my favorite color was, and it let me guess as many times as I wanted,” he said Monday, during a presentation at the USENIX Enigma 2017 security conference.To read this article in full or to leave a comment, please click here
Forgot your password? Well, Facebook wants to help you recover your internet account.The company is releasing an open source protocol that will let third-party sites recover user accounts through Facebook.Typically, when people forget their password to a site, they’re forced to answer a security question or send a password reset request to their email. But these methods of account recovery can be vulnerable to hacking, said Facebook security engineer Brad Hill.He recalled a time when he was granted permission to break into an online bank account. To do so, he took advantage of the password reset questions.“It asked me what my favorite color was, and it let me guess as many times as I wanted,” he said Monday, during a presentation at the USENIX Enigma 2017 security conference.To read this article in full or to leave a comment, please click here
Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that’s been accused of doing more harm than good.U.S. law enforcement has allegedly confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next. “All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,” wrote one user on HackForums.net.To read this article in full or to leave a comment, please click here
Amateur hackers are alarmed with the apparent demise of LeakedSource, a controversial breach notification site that’s been accused of doing more harm than good.U.S. law enforcement has allegedly confiscated its servers, and now some hackers are wondering if customers of LeakedSource might be next. “All the people who used PayPal, credit card, etc. to buy membership, the FBI now have your email, payment details and lookup history,” wrote one user on HackForums.net.To read this article in full or to leave a comment, please click here
Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here
Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here
Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company’s voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn’t the case with Nuance’s solution, the company claims. “To determine if it’s you or not, we are looking at over 100 different characteristics of your voice,” said Brett Beranek, Nuance’s director of product strategy.The problem with passwords
The need to move beyond passwords hasn’t been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords. To read this article in full or to leave a comment, please click here
Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.The company’s voice biometric product is among the technologies that promise to replace traditional -- and often vulnerable -- password authentication systems, which can be easy to hack. That isn’t the case with Nuance’s solution, the company claims. “To determine if it’s you or not, we are looking at over 100 different characteristics of your voice,” said Brett Beranek, Nuance’s director of product strategy.The problem with passwords
The need to move beyond passwords hasn’t been more urgent, given that hackers are routinely finding ways to steal them. Last year, Yahoo, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords. To read this article in full or to leave a comment, please click here
Sometimes it's not easy being a cyber criminal. In addition to law enforcement and private security companies, cyber thieves have to battle fraudsters out to beat them at their own game, but a web site offers to help.Ripper.cc has been maintaining a database of known “rippers” or scammers since June last year and security firm Digital Shadows, which has been investigating it, says it may help online black markets flourish.Fraud is a nagging problem in the cyber criminal world, according to Digital Shadows. Although some hackers believe in honor amongst thieves, others are peddling bogus goods, such as stolen credit card numbers or user credentials that turn out to be fake.To read this article in full or to leave a comment, please click here
Sometimes it's not easy being a cyber criminal. In addition to law enforcement and private security companies, cyber thieves have to battle fraudsters out to beat them at their own game, but a web site offers to help.Ripper.cc has been maintaining a database of known “rippers” or scammers since June last year and security firm Digital Shadows, which has been investigating it, says it may help online black markets flourish.Fraud is a nagging problem in the cyber criminal world, according to Digital Shadows. Although some hackers believe in honor amongst thieves, others are peddling bogus goods, such as stolen credit card numbers or user credentials that turn out to be fake.To read this article in full or to leave a comment, please click here
Verizon’s planned acquisition of Yahoo will take longer than expected and won’t close until this year’s second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there’s still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo’s reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here
Verizon’s planned acquisition of Yahoo will take longer than expected and won’t close until this year’s second quarter, the internet company said on Monday.The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.Although Yahoo continues to work to close the acquisition, there’s still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.Verizon has suggested that the data breaches, and the resulting blow to Yahoo’s reputation, might cause it to halt or renegotiate the deal.To read this article in full or to leave a comment, please click here
China is going after unauthorized internet connections, including tools known as VPNs (virtual private networks) that can bypass China’s efforts to control the web.The crackdown is part of 14-month campaign from China’s Ministry of Industry and Information Technology that's meant to clean up the country’s internet service provider marketUnless authorized, internet service providers are forbidden from operating any “cross-border” channel business, including VPNs, the ministry said in a Sunday notice. The announcement is a bit of rarity. The country has usually withheld from openly campaigning against VPN use, even as government censors have intermittently tried to squelch access to them in the past. To read this article in full or to leave a comment, please click here
China is going after unauthorized internet connections, including tools known as VPNs (virtual private networks) that can bypass China’s efforts to control the web.The crackdown is part of 14-month campaign from China’s Ministry of Industry and Information Technology that's meant to clean up the country’s internet service provider marketUnless authorized, internet service providers are forbidden from operating any “cross-border” channel business, including VPNs, the ministry said in a Sunday notice. The announcement is a bit of rarity. The country has usually withheld from openly campaigning against VPN use, even as government censors have intermittently tried to squelch access to them in the past. To read this article in full or to leave a comment, please click here
The developer behind Lavabit, an email service that noted leaker Edward Snowden used, is releasing source code for an open-source end-to-end encrypted email standard that promises surveillance-proof messaging.
The code for the Dark Internet Mail Environment (DIME) standard will become available on Github, along with an associated mail server program, said its developer Ladar Levison on Friday.
DIME will work across different service providers and perhaps crucially will be "flexible enough to allow users to continue using their email without a Ph.D. in cryptology," said Levison.
To coincide with its launch, Levison is also reviving Lavabit. The encrypted email service shut down in 2013 when federal agents investigating Snowden demanded access to email messages of his 410,000 customers, including their private encryption keys.To read this article in full or to leave a comment, please click here
The developer behind Lavabit, an email service that noted leaker Edward Snowden used, is releasing source code for an open-source end-to-end encrypted email standard that promises surveillance-proof messaging.
The code for the Dark Internet Mail Environment (DIME) standard will become available on Github, along with an associated mail server program, said its developer Ladar Levison on Friday.
DIME will work across different service providers and perhaps crucially will be "flexible enough to allow users to continue using their email without a Ph.D. in cryptology," said Levison.
To coincide with its launch, Levison is also reviving Lavabit. The encrypted email service shut down in 2013 when federal agents investigating Snowden demanded access to email messages of his 410,000 customers, including their private encryption keys.To read this article in full or to leave a comment, please click here
Michael Kan