Is almost nine months long enough to fix a serious security vulnerability that hackers could use to steal passwords and plant malware undetected on computers and smartphones?
You would certainly like to think so, wouldn't you?
Privacy-first search aggregator DuckDuckDuckGo has grown a whopping 600 percent since NSA whistleblower Edward Snowden began revealing the extent of the US spying apparatus.
The search engine uses sites including Wikipedia, Yandex, Yahoo!, Bing and Yummly and offers users bare-bones search results without the personalisation and tracking wizardry which powers Google.
Chief executive officer Gabriel Weinberg told CNBC it crunches some three billion searches a year.
The Electronic Frontier Foundation (EFF) has spotted the US Navy publicly soliciting people to sell security vulnerabilities to well-known software, so that the US government can build backdoors into the software.
On a page posted to government agency contracting website FedBizOpps, which was deleted shortly after being highlighted by the EFF, the US Navy said the US government needs "to have access to vulnerability intelligence, exploit reports and operational exploit binaries affecting widely used and relied upon commercial software".
About the only thing rising as fast as online mischief is the stock of firms trying to thwart it.
Companies from FireEye Inc. to Palo Alto Networks Inc. have taken off in 2015, extending the gain in a four-year-old index tracking network security firms past 200 percent. An exchange-traded fund tied to the shares just surpassed $1 billion in market value, having doubled in size since the start of April.
As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps, a security researcher said.
Nine privacy groups plan to withdraw from U.S. government-hosted negotiations to develop voluntary facial-recognition privacy standards because the groups feel the process won’t lead to adequate privacy protections.
Industry representatives at the talks have been pushing to limit consumer control over the facial recognition data collected, the groups said in a letter to be released Tuesday.
L33tdawg: Saumil Shah's stegosploit in the wild!
A stealthy modular version of the Stegoloader banking trojan is spreading through malicious PNG files, according to researchers at Dell SecureWorks' Counter Threat Unit (CTU).
The CTU researchers reported uncovering the variant in a threat advisory, warning that the malware has an advanced modular architecture capable of dodging many traditional security tools.
British outfit Intelligent Environments says it in discussions with online banks to sell what it says is the first authentication scheme to replace passwords with emojis.
The company claims emojis have 480 more permutations than four digit passcode equivalents, a statistic we've struggled to verify independently.
Intelligent Environments' managing director David Webber says the concept is likely not able to be patented but is probably the first of its kind. "We've had input from lots of millennials when we developed the technology," Webber says.
Last month's MacKeeper vulnerability is now being exploited in the wild to hijack Apple machines, according to BAE security researcher Sergei Shevchenko.
The hacker says criminals are using social engineering to trick users into installing malware capable of exfiltrating data using a then zero-day vulnerability in the notorious software which has been downloaded more than 20 million times.
Shevchenko says it took only days after the vulnerability and proof-of-concept disclosure for malware to begin targeting users who had installed MacKeeper.
A union representing U.S. government workers says it believes detailed personal information on millions of current and former federal employees that was stolen by hackers was not encrypted.
The American Federation of Government Employees (AFGE) said the attack on the Office of Personnel Management (OPM) resulted in the theft of all personnel data for every federal employee.
