TweakTown NewsRefine News by Category:
A free Google Chrome plugin that lets users view the email address of other LinkedIn profiles, even if they aren't connected, is in the legal cross hairs of LinkedIn.
The free Sell Hack extension provides a "hack in" button, and while it is being defended by its creators, LinkedIn and security experts aren't overly impressed with the feature.
"LinkedIn members who downloaded Sell Hack should uninstall it immediately and contact Sell Hack requesting that their data be deleted," said Krista Canfield, LinkedIn Senior Manager of Corporate Communications, in a statement to TNW. "We advise LinkedIn members to protect themselves and to use caution before downloading any third-party extension or app. Often times, as with the Sell Hack case, extensions can upload your private LinkedIn information without your explicit consent."
UPDATE: According to the Sell Hack Blog, the plugin no longer works with LinkedIn - and any collected information has been deleted by the company. A future update that doesn't violate the LinkedIn Terms of Service could be available later down the road.
The National Security Agency (NSA) had two encryption tools that were adopted by EMC-owned security firm RSA, allowing the federal government easier access to snoop on Web communications, academic researchers recently noted.
The researchers are largely made up from professors at the University of Wisconsin, University of Illinois and Johns Hopkins, as they found the "Extended Random" extension which is able to nullify the RSA Dual Elliptic Curve software faster.
"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," a researcher told Reuters.
The man behind a successful Microsoft computer scam was handed a four-month suspended sentence, in what was a rather clever scam. Mohammed Khalid Jamil, based in Luton, England, created a fake company and outsourced calling efforts to an Indian firm, which led to British citizens cold called from people posing as Microsoft reps.
Victims were targeted for around $60 up to $250, and scammers would be given remote access from victims - leading to poor PC security - and a "software fix," a Microsoft-provided software patch available for free, which would solve the problem.
Jamil needs to pay $8,300 in fines, along with $9,440 in compensation, then pay almost $24,000 in court restitution penalties.
The addition of smartphone kill-switches could help save up to $2.6 billion per year, with American consumers routinely purchasing dew devices related to theft and other crimes.
California Sen. Mark Leno (D-San Francisco), with support from San Francisco District Attorney George Gascon, currently have SB 962, which aims to make smartphone kill switches mandatory in California. The debate regarding these types of technologies has generated a great debate, with supporters and critics sounding off on both sides.
"I thought a high percentage would say yes, but it was a little surprising and maybe a bigger number than I would have guessed," Duckworth told PC World. "I view losing a credit card as a similar frame of reference. If it is stolen or lost, I can call the credit card company and get it canceled and they can issue a new one. There is safety there. My smartphone has tons of information and accounts in there, so the idea that I could call and say 'kill it' is a very reasonable thing."
Tesla vehicles have generated a large amount of interest and controversy across the United States, though is in the headlines for a rather unexpected reason: a potential cybersecurity issue with the Tesla S vehicle.
The iPhone app for Tesla vehicles, which allows owners to control door locks, braking system, sunroof and other car functions, uses only a one-factor authentication system.
"The point here (and subsequent attack vectors) is that Tesla needs to implement an authentication mechanism that is beyond 1-factor," said Nitesh Dhanjani, security researcher, in a statement. "Attackers shouldn't be able to use traditional and well known attack vectors like phishing to remotely locate and unlock a $100K+ car built-in 2014."
Launched today, the UK Computer Emergency Response Team (CERT-UK) will help the British government coordinate against sophisticated cyberattacks, and respond to any cybersecurity issues that target the country's infrastructure.
The CERT team stemmeed from a National Cyber Security Strategy meeting hosted in 2012, in which other nations discussed their programs - or intention to open a national cybersecurity team - and has grown from there.
"The cyber hacker needs to succeed only once, but those protecting us must be successful all the time; around the clock, day after day, week after week," said Francis Maude, Cabinet Officer Minister, when announcing the program. "And of course, nothing in the digital world ever stands still. It's forensic and painstaking work and it's absolutely relentless. I have a very high level of confidence that we can achieve this."
Less than one week after two banks hit Target and credit card security service company Trustwave with a class-action lawsuit, the banks have pulled the lawsuit.
It seems Trustwave was inaccurately noted as a Target IT security contractor, which doesn't appear true - interestingly, the class-action lawsuit aims to try and expand responsibility of the data breach away from just Target.
"Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave," said Robert McCullen, Trustwave CEO, in a public statement. "Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target.
Security researchers from ReVuln recently published a video demonstrating how cybercriminals can compromise certain Philips smart HDTVs, giving criminals the ability to remotely control the TV and conduct other actions.
"The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection," said Luigi Auriemma, ReVuln CEO and security researcher, in an interview with SCMagazine. "So basically you just connect directly to the TV via Wi-Fi, without restrictions. Miracast is enabled by default and the password cannot be changed."
When the TV owner browses the Web using their HDTV, criminals are able to view cookies and browsing history, researchers noted.
Criminals operating an alleged money laundering scheme have been busted, with 17 defendants involved in an operation to use ATM and debit card numbers - and PIN numbers - to withdraw money from victims' accounts.
The criminal operation occurred from May 2011 to September 2012, with criminals targeting debit card and PIN numbers stolen throughout Europe - stealing hundreds of thousands of dollars, according to the DoJ.
These charges are the result of the hard work of dedicated law enforcement personnel both here and abroad to address a transnational crime problem that can affect virtually anyone with a bank account and carries significant financial consequences," said Robert Holley, FBI Chicago Office Special Agent-In-Charge. "Cooperation with international law enforcement agencies was crucial to the investigation, and we are grateful for the assistance that led to these arrests."
Former president Jimmy Carter recently said he would give former NSA contractor Edward Snowden a pardon if he was convicted in the United States.
"If he was found guilty and sentenced to death, I would certainly consider pardon," Carter recently said in an interview, though admitted he doesn't have "the information President Obama has about what damage has been done to our security apparatus."
Carter has shown his displeasure regarding the NSA's snooping behavior in the past, even saying he mails letters via U.S. Postal Service if he wants to correspond with someone privately.