Security

Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.

The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.

It’s an interconnected world out there, and while it might be more convenient if one company acted as the gatekeeper for the array of services you subscribe to, overall it would probably mean that the technology of the future would be boring and homogenized.

There are so many reasons to use a Linux-based operating system. Most often, people tell me that they switched because of a dissatisfaction with Microsoft's Windows. The second most common reason people tell me that they use Linux is for security -- a lack of malware. While operating systems such as Ubuntu, Fedora and Debian are rock solid, no operating system is impervious to viruses or trojans. The moment you feel 100 percent safe, you have effectively let your guard down.

Intel has announced a chip technology that the company said was designed to foil hackers who use fake emails to trick employees into revealing their usernames and passwords.

It could also give future corporate IT managers the option of eliminating long, ever-changing passwords and replacing them with short personal identification numbers, or fingerprints and other identifiers.

Intel Authenticate will be added to the company's line of sixth-generation processors and tested by some businesses before entering production, said Tom Garrison, an Intel vice president.

A relatively simple phishing attack could be used to compromise the widely used password manager LastPass, according to new research.

Notifications displayed by LastPass version 4.0 in a browser window can be spoofed, tricking people into divulging their login credentials and even snatching a one-time passcode, according to Sean Cassidy, who gave a presentation at the Shmoocon conference on Saturday.

Kaspersky has revealed how it tracked an exploit developer's debug signature over months to find and report to Microsoft a dangerous, then zero-day vulnerability in Silverlight that could have placed millions of users at risk of compromise.

The Russian security outfit reported (CVE-2016-0034) the bug late last year which was crushed in this week's Patch Tuesday update.

Citrix, a US software company specialising in virtualisation and cloud computing, has reportedly been compromised by a Russian hacker called w0rm.

w0rm is infamous for several attacks over the past five years on a number of high profile targets including the BBC, CNET, Adobe and Bank of America. The identity of the person or group behind w0rm is unknown.

Claims by the Netherlands Forensic Institute (NFI) that it has successfully decrypted emails stored on Blackberry smartphones have caused bafflement at the Canadian firm.

Documents seen by Dutch blog Crime News show the NFI claiming to have decrypted 275 out of 325 emails encrypted with PGP from a handset in their possession. The NFI reportedly used software from Israeli firm Cellebrite to crack the encryption.

The man selling biometric equipment at the Consumer Electronic Show in Las Vegas this week had never seen so much interest in his booth in nearly 30 years.

And he’s horrified. He always thought widespread acceptance of their fingerprint scanners would be for convenience, not surveillance, but he’s not so sure any more.

Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system.

And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen VPNs, and why a number of strange coding and engineering decisions were made that could have facilitated the decryption of secure traffic.