Tag: SECURITY

Two-factor authentication is a good way to add a strong, additional layer of security to your online accounts. While it's certainly important to use with something like your Google account (which recently added support), a password manager like LastPass is an even better place to batten down the hatches this way. LastPass users who have a premium account should definitely check out Sesame, a ...

WhisperCore is a new app for Android that lets you encrypt your system disk and/or SD card. It's free for personal use, and pricing for commercial use varies according to the size of deployment. WhisperCore uses 256 bit AES encryption, a popular choice in the encryption space, also seen in tools such as TrueCrypt and Linux Unified Key Setup. Once you install the app, you set a passphrase ...

Facebook updated its official app for Android devices last night, bringing significant image-posting improvements, bug fixes, and a promise of "improved security using SSL." Changes for the app's handling of images include users now being able to upload photos to their friends' walls and also to groups. Photos are now supposed to always maintain their correct orientation when uploaded, but ...

Strong, carefully-crafted passwords are imperative nowadays. Google seems to agree, and the company has announced that it is now requiring all Apps for Domains passwords to be a minimum of 8 characters -- two more than the previous limit. How much difference can two measly characters make? Plenty. A quick test with a few different combinations over at How Secure is My Password bumped the ...

Those of you who don't want your Twitter account 'jacked like so many unsuspecting Firesheep victims, take heed! Twitter has added an "always use HTTPS" option to its settings page for added security while you tweet, @mention, and DM. There's really no reason not to enable permanent HTTPS, so click the drop down by your avatar, choose settings, and then head all the way to the bottom of ...

Don't get us wrong -- Adobe has gotten better about responding to security risks over the past year or so -- but news of a new, critical Flash zero-day exploit going unfixed for a week has us hearing the sad trombone noise all over again. The flaw lies in both the Flash Player and authplay.dll, which ships with Windows versions of Reader. Flash is affected on all operating systems, however. ...

Apple's in-app purchasing mechanism has suffered a small, but important change in iOS 4.3. Whereas before you could make as many in-app purchases as you pleased without having to enter your iTunes password for 15 minutes after last entering that password (for example, when purchasing an app or game), from now on entering the password will be required for each and every in-app purchase. This will ...

One day after IE8 and Safari fell prey to eager hackers during Pwn2Own's first day this year, the iPhone 4 and the BlackBerry browser have been exploited as well. The former was pwned by veteran Pwn2Own winner Charlie Miller, who developed an exploit that enabled him to run arbitrary code on the iPhone after visiting a specially-formatted Web page. Once he was 'in' the iPhone, he was able to ...

No, despite what you may have heard on Facebook and Twitter, Charlie Sheen is not yet dead. With the eye-catching title of "RIP! Charlie Sheen found Dead at his House," a massive clickjacking hoax is doing the rounds on Facebook and Twitter. Clicking the link will take you to a fake YouTube page -- and if you click anywhere on the page, the hoax will infect your Facebook profile and begin ...

Apple has updated Safari today, bringing the browser to version 5.0.4 for Windows and Mac. Although, as hinted at by the version number, this isn't a major release that adds new features and functionality, it's a highly recommended update because of the sheer number of security vulnerabilities that it fixes: 62. These vulnerabilities are detailed in a dedicated Apple knowledge base article. While ...

Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row. Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He used three vulnerabilities to bypass ASLR and DEP, but also escape Protected Mode. That's ...

It's been widely reported that the world's millions of smartphones are the next juicy target for malware creators, and we're beginning to see the shift. Trojanized apps recently infiltrated the Android Market and now Trend Micro is reporting that a Zeus trojan variant has begun infecting BlackBerry devices. The trojan installs silently and then notifies its administrators that the compromised ...

When we first reported on applications in the official Android Market being infected with a Trojan backdoor, 21 malicious apps were found. After the dust had settled, the total was closer to 60 -- and Google has now announced what it is doing to undo the damage and prevent future outbreaks in the Market. For starters, Google is remotely wiping the rogue applications from users' devices and ...

We've all heard it before; you need to select a lengthy password, one that's hard to guess. Not a dictionary word. And it has to have some capital letters in it too, and some digits, and a symbol or two won't hurt either. That's a handy set of rules to keep in mind, but How Secure is My Password helps us understand why they're important. It's basically like a full-screen version of one of ...

DDoS attacks aren't entirely uncommon nowadays, but the scale of the attack against WordPress.com is truly staggering. CEO Matt Mullenweg told TechCrunch that the attack has affected all three of the company's data centers -- which are located in Chicago, Dallas, and San Antonio. The sites were being blasted by tens of millions of packets (and multiple Gigabits) per second. Mullenweg says the ...