Web Security »
The Communications Assistance for Law Enforcement Act in the United State allows law enforcement to wiretap internet communications, like VoIP (typically a warrant is needed for such wiretaps but there are so many “national security” loopholes nowadays, it is hard to tell). But the law only applies to internet service [...]Read More »
Google releases Chrome Office Viewer extension, will help you avoid those pesky virus-infected Office files
Google just released a new Chrome extension called the Chrome Office Viewer — it of course let’s you open and view Microsoft Office files (Word, Excel, and PowerPoint only) directly in your browser. It sounds like just another way to make things more convenient (and make Chrome OS sound more [...]Read More »
Search engines like Google and Bing index the web. The web contains thousands (millions?) of malware links, either malicious websites or malicious downloads. So it shouldn’t surprise anyone that malware links can be found when searching via a search engine. The people at major search engines, including Google and Bing, [...]Read More »
Apple may have fixed their password security hole, but you should probably enable two-step verification
Just in case you missed it, Apple made a pretty serious boo-boo on the security front yesterday. The security issue was that Apple’s iForgot password reset tool was made vulnerable to hackers — if they managed to manipulate the URL in the date of birth page, they could reset your [...]Read More »
Is Apple losing its touch? Major security hole allowed hackers to easily reset passwords to Apple accounts using iForgot
There was a time when Apple products were popularly recognized as being secure. Or at least more secure than the competition. For example, for the longest time Mac OS X was synonymous with “doesn’t get viruses” (which, of course, has never been true — malware makers just never targeted Macs [...]Read More »
Internet-wide scan reveals millions of devices are exploitable due to use of default passwords like “admin” or “root”
A researcher, who has chosen to remain anonymous, has performed an internet-wide scan to determine the security level of gadgets like printers, webcams, and set-top boxes all across the world.
The scan was done by using the researcher’s custom-written code to send out more than 4 trillion messages. To put [...]Read More »
After many famous companies admitting that they have been hacked, it is now the turn of Evernote, the market leader in note taking apps. In a post on the official blog, the developers revealed that they “discovered and blocked suspicious activity on the Evernote network that appears to have been [...]Read More »
So you thought you would be safer with Flash gone and HTML5 taking over? Generally speaking, you are probably right — but not in this particular situation. Computer science graduate Feross Aboukhadijeh has demonstrated a proof-of-concept that allows websites to download unlimited amounts of data to your computer… until your [...]Read More »
Nir Goldshlager runs a “Web Application Security Blog.” He’s also happened to find a variety of security holes and exploits on sites like Facebook, Twitter and PayPal. His latest discovery, however, was a glaring hole in Facebook’s OAuth system: Nir was able to find a flaw that gave him access [...]Read More »
Is the Chinese or Eastern Europeans? Maybe someone else? We don’t really know. All we know is there has been a recent string of hacks against multi-million and multi-billion dollar corporations in the past few months. Microsoft is now the latest victim.
According to a blog post, Microsoft “found a [...]Read More »
We have had a lot of hacking stories lately on dotTech simply due to a sudden spike in public cybercrime incidents. However, by and large the most recent incidents were either low-key (e.g. Twitter attack hacked) or aimed at the corporate sector rather than ordinary citizens (e.g. Apple hack). That, [...]Read More »
Is China innocent? New reports claim cyber attacks on Facebook, Twitter, and Apple came from Eastern Europe
After recent cyber attacks on high-profile companies like Facebook, Twitter and then Apple, everyone seemed to be pointing fingers at China. But now reports have surfaced claiming that the attacks on those companies originated from Eastern Europe.
An Eastern European gang, that is determined to sell company secrets like research [...]Read More »
In a statement released yestreday, Apple has disclosed that a number of their employees’ Macs have been compromised by malware through a vulnerability in the Java plug-in for browsers.
The website that was infected and considered responsible for hosing the malware has been identified as ‘iPhoneDevSDK’, an online forum for [...]Read More »
The Singapore Police Force has reported a sudden rise in the number of “cyber blackmail” cases being reported. The cases are also similar in that the primary target are men, and that they are tricked through social media networks.
There have been 50 cases in the last year alone that [...]Read More »
As with most companies nowadays, Burger King has an official Twitter account. (Yes, even dotTech has a Twitter account even though I don’t consider us a company per se.) It is not entirely clear who did it or how they did it, but today Burger King’s Twitter was hacked… and [...]Read More »
Most of us dislike having toolbars in our browsers because they are annoying; not only do they tend to hijack our homepages, but they use up a lot of screen real estate, making it more difficult to surf the web… especially if you have 12 toolbars installed in one browser. [...]Read More »
The same time the Wall Street Journal, New York Times and Twitter were attacked, there was a fourth company that also fell victim to a “sophisticated attack.”
Facebook, which is home to more than a billion users worldwide, was hit by a zero-day exploit that installed malware on [...]Read More »
I just wanted to give everyone a head-up that some scumbag is using dotTech’s email to spend spam emails.
If you receive an e-mail from “firstname.lastname@example.org” that is not characteristic of the emails we send (i.e. not an article or comment notification), then the email is probably spam. [...]Read More »
Hackers have managed to access one of the US Federal Reserve’s websites and steal a “limited amount of data,” according to a statement. The notice that was sent via the Fed’s Emergency Communication System, however, warned that email addresses, phone numbers and other contact information had been stolen and published.[...]Read More »
In the wake of (alleged) cyberwarfare by China, US president now has the power to order (preemptive) cyber attacks
According to a report by The New York Times, a secret White House legal review has granted the president of the United States the legal authority to order preemptive cyber attacks against a target (which can be a country), when there is credible evidence of a pending attack.
Officials [...]Read More »
An upcoming book co-authored by Google’s Eric Schmidt and Jared Cohen was previewed by The Wall Street Journal, and it looks like China’s reputation as of late isn’t going anywhere anytime soon.
The book is called The New Digital Age, and it says that China is the ”the [...]Read More »
No one’s really safe from hackers these days, with Twitter joining the New York Times as one of the recent victims of security breaches recently. Twitter announced in a blog post that it detected unusual access patterns during the week, which led them to discovering attempts to access user data. [...]Read More »
Some may call it obvious but just having antivirus software installed isn’t going to help you much if hit by zero-day attacks. The New York Times had antivirus from Symantec (Norton) installed on the devices connected to their network, but that didn’t stop Chinese hackers from retrieving usernames and passwords [...]Read More »
The traditional password is now considered by many to be a security flaw. A combination of characters that can be cracked or even guessed is probably not the best way to safeguard our online lives today, and services like LastPass or 1Password provide an alternative through their software-generated passwords. But [...]Read More »
You know that latest Java exploit that had the world up in arms, with Firefox and Apple blocking Java and U.S. Department of Homeland Security recommending people disable Java? Yeah, well, Oracle has issued updates to Java to address and plug the exploit.
According to update notes released by Oracle [...]Read More »
A critical vulnerability in the Ruby on Rails framework has been discovered to bring devastating effects to those affected. One of the developers that confirmed its existence, Ben Murphy, says that it “gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to [...]Read More »
It looks like Yahoo! has learned its lesson when it comes to security. After its mail service was recently hacked by an XSS exploit, the company has not only patched the problem but is also quietly rolling out an HTTPS option for its users.
HTTPS or Hypertext Transfer Protocol Secure [...]Read More »
Firefox is going to start forcing HTTPS usage for sensitive websites, to thwart man-in-the-middle attacks
After reading the title of this article, you must be thinking “sounds like what HTTPS Everywhere does”. No, not exactly.
You see there are some websites out there that use HTTP Strict Transport Security (HSTS), a protocol that forces browsers to default to HTTPS when connecting to the website in [...]Read More »
Fake e-mail from “Microsoft Windows 8 Team” claims to give you free Windows 8 but is actually a phishing attack
We have seen many e-mail scams, ranging from e-mails that try to steal your information to e-mails that try to infect your computer with malware. In particular one fake e-mail was particularly clever because it used the cover of a real Microsoft e-mail to infect your computer. Now there is [...]Read More »
Ever wonder what are the passwords people use the most? SplashData, a software company that makes password management programs and apps, has compiled its annual “Worst Passwords” list for 2012, which gives us some insights on what the most popular bad passwords used by people. The top three most used [...]Read More »
It seems like with the increasing level of access to technology on a global scale, there are increasing numbers of scam artists, hackers, pricks, punks, assholes, scumbags, etc. that try to find ways to make everyone’s digital life a bigger pain than it needs to be. There are [...]Read More »
Curious as to who you can thank for those glorious spam emails you receive? India, Italy, and United States, the top three countries when it comes to number of spam sent from July 2012 to September 2012.
According to the “Dirty Dozen” report by SophosLabs, a UK-based digital security firm, [...]Read More »
These are seven new malicious emails you should stay clear of — emails from YouTube, Google, Facebook, LinkedIn, British Airways, and DHL Express
dotTech has gotten into the habit of warning our readers about web security issues, namely malicious emails that make their rounds in the inboxes of people around the world — such as the fake Windows Update password stealing email and the fake email from Microsoft. The following are seven new [...]Read More »
Reports are emerging of an extension by the name of “Settings Protector” is installing itself in Google Chrome for some users. It isn’t entirely clear where this extension comes from, how it is being installed, what it does, or if it is Windows-only or affects other platforms too. However, because [...]Read More »