CNET
News
Security & Privacy

Security & Privacy

Senators introduce amended cybersecurity measure

In a move to get cybersecurity legislation approved before the Senate recess, Senator Joseph Lieberman (I-Conn.) and four colleagues introduced a modified version of their proposed cybersecurity legislation that adds privacy protections for consumers and removes government mandated security standards.

Republicans had opposed the initial version of the Democrat-backed bill, introduced in February, because it called for the Department of Homeland Security (DHS) to assess power companies, utilities, and other firms that operate critical infrastructure for the country for security problems and create performance standards -- provisions that were considered too regulatory and restrictive on businesses by Republicans in the … Read more

California beefing up privacy-protection enforcement

The Attorney General's office of California today announced a new Privacy Enforcement and Protection Unit in the state's Department of Justice that will hold companies accountable for safeguarding consumer data.

The newly created unit will reside within the eCrime Unit established last year to prosecute identity theft, data intrusions and crimes involving the use of technology. The office will enforce privacy protections using existing state and federal laws that regulate how companies can collect, store, use and destroy personal data, as well as educate consumers on their rights and help industry develop best practices, said Travis LeBlanc, Special … Read more

Legal, regulatory risks keep firms from sharing cyber threat data

A U.S. policy report to be released today says Congress should preempt certain state and federal regulations in order to allow companies the freedom to share with the government information about cyber security threats and attacks without fear of breaking data breach and other laws.

More information sharing is needed between companies and government agencies in order to help fend off attacks from hacktivists, criminals, and nation-states that target computer networks in the United States, according to the Cyber Security Task Force: Public-Private Information Sharing report written by the Homeland Security Project at the non-profit Bipartisan Policy Center.

"… Read more

Experts take down Grum spam botnet, world's third largest

Computer-security experts took down the world's third-largest botnet, which they say was responsible for 18 percent of the world's spam.

Command-and-control servers in Panama and the Netherlands pumping out up to 18 billion spam messages a day for the Grum botnet were taken down Tuesday, but the botnet's architects set up new servers in Russia later in the day, according to a New York Times report. California-based security firm FireEye and U.K.-based spam-tracking service SpamHaus traced the spam back to servers in Russia and worked with local ISPs to shut down the servers, which ran … Read more

Senators call for probe of electric grid cybersecurity

Two U.S. senators are calling for a federal investigation of the power grid's potential cybersecurity vulnerabilities after a CNET article last month raised security concerns.

The request for a probe comes from Sens. Joseph Lieberman (I-CT), the chairman of the Senate Homeland Security Committee, and Susan Collins (R-ME), the panel's senior Republican, who warned that lapses "could undermine part of the security system protecting our grid."

They sent a letter yesterday to the Federal Energy Regulatory Commission asking for an "expeditious comprehensive investigation into these allegations," which deal with digital signatures the industry … Read more

Mahdi 'Messiah' malware targeted Israel, Iran PCs

A data-stealing Trojan capable of recording keystrokes, screenshots and audio and stealing text and image files has infected about 800 computers, mostly in Iran and Israel, over the last eight months, researchers said today.

The malware, dubbed "Mahdi" (also "Madi") because of references in the code to the word for the Islamic Messiah, included strings in Farsi and dates in the Persian calendar format in communications with a command-and-control server in at least one of the variants, and a server that was located in Iran for at least one campaign, according to a blog post from … Read more

The Great Privacy Debate takes place tomorrow in D.C.

If you're in Washington, D.C., this week, you should stop by the National Press Club for The Great Privacy Debate tomorrow over lunch starting at noon ET. I'll be moderating the event.

The debate topic couldn't be more timely: "Consumer privacy can be adequately protected without new legislation." It comes as Congress and other state and national legislatures are considering new laws in this area (we'll be starting promptly at noon so we can end in time for folks to attend a Senate hearing on facial recognition technology at 2:30 p.m. … Read more

3D printer helps pick locks in high-end security handcuffs

While 3D printing has shown much promise in helping to treat physical ailments and disabilities, there may be more nefarious applications in the near future.

The security of high-end handcuffs can be defeated by plastic keys cheaply produced with a laser cutter and 3D printer, a man who identified himself as "Ray" demonstrated last week at a Hackers on Planet Earth conference workshop, according to a Forbes report.

His 3D-printer-produced replica keys opened handcuffs produced by German manufacturer Bonowi and British maker Chubb, both of which try to restrict distribution of keys that open their locks to law-enforcement … Read more

Apple fights back at in-app freebie exploit

Apple is not too pleased with Russian hacker Alexey V. Borodin, and a hack he developed that allows iDevice owners to install in-app goods without paying for them.

According to The Next Web, Apple over the weekend blocked the IP addresses of the server Borodin used to facilitate the hack. In addition, the company issued a takedown request to his server's hosting provider. Apple even requested that the video Borodin posted showing his technique in action be removed from YouTube due to a copyright violation.

Borodin last week surfaced with an exploit that re-routes in-app purchase requests away from Apple or a developer's secured server … Read more

Skype privacy bug sends messages to other contacts

Skype users are taking to its support forums to warn that some instant messages from one contact are being sent to an unintended recipient on that user's contact list.

It appears the bug may have stemmed from a Skype upgrade last month, according to the support thread.

"SunnyLady78" kicked off the thread by noting how "surprised" and "shocked" she was to find that messages sent to one person ended up being read by another one of her contacts.

Sometimes when I open chat window with some contact, it lists all latest messages from … Read more