Security & Privacy

Windows users will get the usual round of security patches from Microsoft next Tuesday.

Among the seven fixes due to roll out March 12, four are rated critical, which means they address flaws that could let an attacker execute malware on a remote PC by steering a user to a malicious Web site or e-mail link.

The patch for Internet Explorer is designed to shore up all versions from IE6 to IE10 across all iterations of Windows from XP to Windows 8 and RT. The patch for Microsoft's Silverlight, a browser plug-in that can display online videos and other … Read more

It's no secret that the Chinese government is spying on its own citizens, and censoring what they see and access online. But for major players in the technology industry, such as Microsoft, a foothold in the lucrative Chinese market is worth bowing down to certain ethical considerations that would not ordinarily pass in the Western world.

One U.S. student has shown that, amid rumors that Skype is not as secure or as private as it is believed to be, the Chinese authorities are able to snoop and censor text-based conversations for active censorship and surveillance purposes. 

A … Read more

Apple marketing chief Phil Schiller has been a semi-regular Twitter user since 2008, though mostly tweets about things like music, movies and sports.

But that changed earlier today with a post linking to F-Secure Labs' latest quarterly Mobile Threat report, with a casual mention to "be safe out there."

The 29-page report's (PDF) key finding is that malware on Google's Android is getting worse, in part because of the platform's brisk growth and a new variant of malware that spread using SMS.

"Android malware has been strengthening its position in the mobile threat scene,&… Read more

Security researchers at MWR Labs have won a $100,000 prize at the Pwn2Own hacking competition in Vancouver.

The researchers showed off their hack yesterday as they took a fully patched version of the Google Chrome browser, hacked it, and then took control of Windows 7. According to the researchers, when a Chrome user visits a malicious Web page, it's possible for the page's creator to exploit a vulnerability that allows for code execution in the sandboxed renderer process. From there, the team exploited a kernel vulnerability in Windows 7 to gain elevated privileges and execute commands.

Here's what the researchers were able to achieve:… Read more

Just over a year after the European Justice Commissioner Viviane Reding lifted the lid on plans to reform the data protection and privacy laws in the region, Brussels is facing its greatest challenge yet by no other than its own member states.

The Commission may "water down" proposals after a group of EU member states said they were heavily opposed to a number of proposed measures, according to the Financial Times of London. These include measures that could see EU-based firms fined up to 2 percent of a company's global revenue for data breaches.

Due to an … Read more

Google today became the first Internet company to shed light on a highly secret -- and controversial -- warrantless electronic data-gathering technique used by the FBI.

The technique allows FBI officials to send a secret request to Web and telecommunications companies requesting "name, address, length of service," and other information about users as long as it's relevant to a national security investigation. No court approval is necessary, and disclosing the existence of the FBI's request is not permitted.

Because of that legal prohibition, Google was able to disclose only the numerical ranges of requests it receives … Read more

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

HANOVER, Germany--You're traveling and your coworker needs your key to get into your office. Why not just e-mail it?

That's the idea behind Fraunhofer Institute's Key2Share technology, which the German research lab is developing in partnership with Bosch and showing off here at the CeBIT show.

Key2Share uses smartphones equipped with near-field communications (NFC) short-range wireless networking abilities to unlock phones. But because approval to use the key becomes digital data, a person can e-mail that approval.

It could be useful for other situations, too, said Ahmad-Reza Sadeghi, a researcher involved with the project. For example, a … Read more

HANNOVER, Germany--In today's James Bond world, smartphones get you instant access to top-secret information. In the real world, security constraints mean mobile phones generally aren't nearly so clever or convenient.

BlackBerry and Secusmart hope to change that through a partnership that at least has won over the German federal government. It has authorized purchases of phones with the BlackBerry 10 operating system augmented with Secusmart's SD card-mounted security chips for classified communications, said Hans-Christoph Quelle, Secusmart managing director, speaking here at the CeBit technology show.

The approach uses a feature in BlackBerry 10 called Balance, which partitions … Read more