If you still believe your snaps will self-destruct, you might want to review Snapchat’s newest policy changes as the company can now potentially keep your photos forever and share them. Oh, and by using the app, you grant Snapchat the rights to your photos.Users who update their Snapchat app must tap “Accept” to signify agreeing with the app’s newly updated Privacy Policy and Terms of Service. “Scary stuff,” is what actor Kal Penn, the former White House Associate Director of Public Engagement, called Snapchat’s new privacy and legal policies. Kal Penn
Snapchat, which became popular because messages were supposed to go poof after 10 seconds, gave rise to other third-party apps meant to capture and keep the messages. If you recall “The Snappening” in Oct. 2014, the third party app Snapsaved was hacked and selfies that were supposed to self-destruct were instead leaked. But it couldn't be considered a “leak” if users agree to Snapchat’s newly revised privacy policy and terms of service that take the company on a radical shift away from the idea upon which it was founded.To read this article in full or to leave a comment, please click here
Anyone who values their privacy will be aware of Tor, the distributed “onion routing” network that makes it possible to avoid surveillance (though it is thought that even the sophistication of the Tor system may not be enough to avoid NSA scrutiny if they really want to get the login for your Ashley Madison account). While Tor is great for hiding your browsing until now, it hasn’t been able to anonymize instant messaging. That changed yesterday with the beta release of the open source Tor Messenger. Available for Windows, Linux, and OS X the Tor Messenger:To read this article in full or to leave a comment, please click here
Of 200 USB sticks distributed at public places in Chicago, Cleveland, San Francisco and Washington, D.C., earlier this year, 17 percent wound up plugged into computers – some of them by IT pros - where they could have done all sorts of damage had they been loaded with malware.Not only were they plugged in, the finders followed instructions on them to email a specified address and include what they did for a living, according to a study by the IT industry association CompTIA.MORE: Sorriest network companies of 2015To read this article in full or to leave a comment, please click here
Online tech retailer Newegg isn’t messing around with just Black Friday anymore. It’s calling all of next month Black November as it gears up for holiday sales in what’s looking to be another all-out battle for techies’ wallets.Newegg hasn’t released specific sale information yet, but has outlined plans to kick off deals on more than 900 products Nov. 1-3, gaming bargains Nov. 4-9, a Black Friday preview sale Nov. 10-26, big savings on Black Friday (Nov. 27) itself, and then of course some more deals on Cyber Monday. More and more, we’re seeing retailers describing their holiday sales plans, in a less than detailed manner, with promises of specifics on dates to come.To read this article in full or to leave a comment, please click here
If your computer was infected with the CoinVault or Bitcryptor ransomware programs you're in luck -- at least compared to other ransomware victims. Chances are high that you can now recover your encrypted files for free, if you still have them.Researchers from Kaspersky Lab and the Dutch Public Prosecution Service have obtained the last set of encryption keys from command-and-control servers that were used by CoinVault and Bitcryptor, two related ransomware threats.Those keys have been uploaded to Kaspersky's ransomware decryptor service that was originally set up in April with a set of around 750 keys recovered from servers hosted in the Netherlands.To read this article in full or to leave a comment, please click here
NASA says the Halloween flyby of a 1,300-foot-wide asteroid will offer professional and non-skilled sky watchers an up-close – by celestial criteria – look at a pretty large piece of space rubble.+More on Network World: How to protect Earth from asteroid destruction+The asteroid, 2015 TB145 will fly past Earth at a safe distance slightly farther than the moon's orbit on Oct. 31 at 10:01 a.m. PDT (1:01 p.m. EDT). According to the catalog of near-Earth objects (NEOs) kept by the Minor Planet Center, this is the closest currently known approach by an object this large until asteroid 1999 AN10, at about 2,600 feet in size, approaches at about 1 lunar distance (238,000 miles from Earth) in August 2027, NASA stated in a release.To read this article in full or to leave a comment, please click here
Enterprise IT has gone through many major shifts over the past several decades. The industry currently sits in the midst of another major transformation as more and more businesses are striving to become digital organizations. The building blocks of the digital era are technologies like cloud computing, mobility, virtualization, and software defined networking, which are significantly different than legacy technologies.But what about security? In addition to new IT tools and processes, businesses need to think about how to secure the digital enterprise. While the technologies listed above allow us to work and serve customers in ways we never could before, they also create new security vulnerabilities.To read this article in full or to leave a comment, please click here
The Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.Vulnerabilities that break the isolation layer between virtual machines are the most serious type for a hypervisor like Xen, whose main goal is to allow running multiple VMs on the same hardware in a secure manner.The Xen patches released Thursday fix a total of nine vulnerabilities, but the privilege escalation one identified as CVE-2015-7835 is the most serious one.It stems not from a traditional programming error, but from a logic flaw in how Xen implements memory virtualization for PV (paravirtualized) VMs. PV is a technique that enables virtualization on CPUs that don't support hardware-assisted virtualization.To read this article in full or to leave a comment, please click here
UK police have arrested a second teenager in their investigation of an attack on the website of telecommunications operator TalkTalk that may have exposed the personal data of millions of customers.The arrest of the 16-year-old boy in Feltham, England, on Thursday follows the arrest Monday afternoon of a 15-year-old boy in County Antrim, Northern Ireland.Both boys were arrested on suspicion of offenses under the Computer Misuse Act, and have been released on bail. Thursday's arrest followed a search of homes in Feltham and Liverpool, police said. No arrest was made at the address in Liverpool.To read this article in full or to leave a comment, please click here
Jun Feng, a defendant in a criminal case, has entered a guilty plea, removing pressure from a New York court to decide quickly whether Apple is required to aid investigators by bypassing his iPhone 5s passcode.Feng had been indicted on three counts related to the possession and distribution of methamphetamine. The U.S. Department of Justice had asked the U.S. District Court for the Eastern District of New York for an expedited decision so as to secure evidence in a trial scheduled to begin on Nov. 16.But on Thursday, DOJ informed the court that Feng has entered a guilty plea. "The government persists in the application pending before the Court, but in view of the guilty plea, no longer requests expedited treatment," U.S. Attorney Robert L. Capers wrote in a letter to Magistrate Judge James Orenstein.To read this article in full or to leave a comment, please click here
Just one cybercriminal group may be collecting the revenue from Cryptowall 3.0, a malicious program that infects computers, encrypts files and demands a ransom, according to a new study released on Thursday.The finding comes from the Cyber Threat Alliance (CTA), an industry group formed last year to study emerging threats, with members including Intel Security, Palo Alto Networks, Fortinet and Symantec. Cryptowall is among several families of "ransomware" that have posed a growing danger to businesses and consumers. If a computer is infected, its files are scrambled with strong encryption.To read this article in full or to leave a comment, please click here
Computer users don't spend enough time looking for phishing indicators, says a new study based on tracking eye movement and brain activity.Users fail "at detecting phishing attacks even when they are mentally engaged in the task and subconsciously processing real sites differently from fake sites," Nitesh Saxena, one of the University of Alabama at Birmingham scientists involved in the study, said in an article on the university's website. The scientists want to find a way to track subconscious detection of phishing and get users to recognize attacks consciously.To read this article in full or to leave a comment, please click here
Hackers are exploiting SQL injection flaws to infect MySQL database servers with a malware program that's used to launch distributed denial-of-service (DDoS) attacks.Security researchers from Symantec found MySQL servers in different countries infected with a malware program dubbed Chikdos that has variants for both Windows and Linux.This Trojan is not new and was first documented in 2013 by incident responders from the Polish Computer Emergency Response Team (CERT.PL). At that time the malware was being installed on servers after using brute-force dictionary attacks to guess SSH (Secure Shell) login credentials.However, the new attacks observed by Symantec abuse the user-defined function (UDF) capability of the MySQL database engine. UDF allows developers to extend the functionality of MySQL with compiled code.To read this article in full or to leave a comment, please click here
I've been following cybersecurity legislation for a number of years, including all the proceedings with the Cybersecurity Information Sharing Act (CISA). After much deliberation, I believe that CISA remains fundamentally flawed and needs a lot more work before it becomes the law of the land. To be clear, I understand and support the basic objective CISA seeks to promote. Real-time threat intelligence sharing and analysis could help public and private sector organizations proactively react to emerging cyber-threats, mitigating risk and/or minimizing the potential damages associated with devastating data breaches (i.e. Anthem, OMB, Sony Pictures, Target, etc.).To read this article in full or to leave a comment, please click here
Sharing cybersecurity data involving threats, probes, breaches, and information on attackers between companies and government agencies is a great idea. However, although shared data will strengthen the cybersecurity defenses, the Computer and Communications Industry Association (CCIA), backed by Amazon, Facebook, and Google, among others, and the Business Software Alliance (BSA), which is backed by Apple, Microsoft, and Oracle, are both against it.Smart companies are already doing something similar. At the RSA Security Conference three years ago (a century ago in cybersecurity time) Zion Bankcorp's data scientists explained how the bank went from reacting to law enforcement warnings of cyberthreats to becoming proactive, frequently reporting threats to law enforcement, who subsequently relayed official warnings to other organizations.To read this article in full or to leave a comment, please click here
Google wants Symantec to disclose all certificates issued by its SSL business going forward, after what Google considers a botched investigation into how Symantec employees issued SSL certificates for domain names that the company did not own.
The browser maker also wants the security firm to publish a detailed analysis of how the incident was investigated.
Through its acquisition of Verisign's authentication business unit in 2010, Symantec became one of the largest certificate authorities (CAs) in the world. Such organizations are trusted by browsers and operating systems to issue digital certificates to domain owners which are then used to encrypt online communications.To read this article in full or to leave a comment, please click here
A recent study examined how one financial institution's employees behaved on the corporate network over a six-month period."Some of that behavior included occasions when employees were able to access information that should have been off-limits," a National Science Foundation press release says of the study.The researchers found that the workers snooped where they shouldn't have.Insider threats
The insider threat is "one of the most serious risks in the cybersecurity world," the researchers think."Most countermeasures were developed for external attacks," says Jingguo Wang, an information systems and operations management professor at the University of Texas at Arlington, who was involved in the study.To read this article in full or to leave a comment, please click here
Fujitsu says it has developed software that uses biometric data directly as the basis for encryption and decryption of data, simplifying and strengthening security systems that rely on biometrics such as fingerprints, retina scans and palm vein scans.Current security systems that rely on encryption require the management of encryption keys, which are stored on secure smartcards or directly on PCs. Biometric scans can be used as a way of authenticating the user and providing access to those encryption keys in order to decrypt data.Fujitsu's system uses elements extracted from the biometric scan itself as a part of a procedure to encrypt the data, making the biometric scan an integral part of the encryption system and removing the need for encryption keys.To read this article in full or to leave a comment, please click here
Ben Edelman/Wikipedia
A warning pops up on computer screen about Sony BMG rootkit on music CD
Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview comedy about a planned assassination on North Korea’s leader. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management.To read this article in full or to leave a comment, please click here
Target on its backThe giant Japanese electronics company dazzled us with its Walkman and Discman in the late 70s/early 80s, as well as with its TVs, cameras and game consoles over the years. But things took a bad turn in 2005…(SEE ALSO: Sony BMG Rootkit Scandal: 10 Years Later)To read this article in full or to leave a comment, please click here