Security

Microsoft said Thursday it plans eventually to patch a vulnerability in Internet Explorer 8 that it's known about for seven months, but it didn't say when.

A security research group within Hewlett-Packard called the Zero Day Initiative (ZDI) released details of the flaw on Wednesday after giving Microsoft months to address it. The group withholds details of vulnerabilities to prevent tipping off hackers but eventually publicizes its findings even if a flaw isn't fixed.

Do you really know how your various friends, relations, acquaintances, and hangers-on plan to use your Internet connection when they drop by and ask for "the Wi-Fi password"? Unlikely—and yet anything that they do illegally through your home network can bring cops to your door with search warrants, asking tough questions about child pornography.

Cisco has continued the expansion of its security portfolio with the acquisition of malware analysis outfit ThreatGRID.

The acquisition target was founded in 2012, one of the then-burgeoning number of companies that pushed malware analysis, threat intelligence, and security analytics into the cloud (supplemented by an on-premise appliance).

eBay is asking all users to change their passwords because of a cyberattack.

It says that the attack compromised passwords and other nonfinancial data. Cyberattackers reportedly used employee credentials to gain unauthorized access to eBay's corporate network and a database that contained customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth.

The introduction of the home router was a great advancement in security for many owners. Before routers, most PC users relied only on a software firewall or, more often than not, ran no firewall at all. Routers with built-in firewalls have generally been a very good thing.

Not one but two well-known hack researchers have now posted evidence of working jailbreaks for iOS 7.1.1, which until now had closed the existing loopholes used by other techniques such as evasi0n. While interest in and use of jailbreaks has waned as Apple has gotten better at closing vulnerabilities, enthusiasts and die-hard customizers continue to want the ability to use unofficial apps or tweak settings in the latest iOS releases.

A U.S. criminal indictment against Chinese Army personnel over alleged hacking describes how stolen intellectual property was funneled to Chinese companies, an unresolved question for analysts.

In the first legal action of its kind, federal prosecutors charged five members of Chinese Army signals intelligence Unit 61398 with stealing nuclear, solar power and steel trade secrets from six U.S. organizations over eight years. China denies the accusations.

Andy Malone, head of Microsoft's Enterprise Security, claims that the TOR (The Onion Router) network does not provide the anonymity that its many users think it does.

Speaking at Microsoft's TechEd North America event earlier this week, the founder of the Cyber Crime Security Forum said that hackers and government agencies can now compromise the security of the TOR network.  

Anonymously spilling personal gossip and corporate secrets online is all fun and games–until someone gets a subpoena.

Startups like Secret and Whisper have defined a buzzy new category of social media, attracting millions of users and tens of millions of dollars in venture capital investments with the promise of allowing anyone to communicate with anonymity. But when it comes to actually revealing corporate and government secrets–a “whistleblowing” function that the two services either implicitly or explicitly condone–users should read the fine print.

Back on May 8, popular URL-shortening service Bitly admitted that its systems were compromised. As it turns out, Bitly has now disclosed that the problem is just the latest example of an insider compromise.

"We audited the security history for our hosted source code repository that contains the credentials for access to the offsite database backup storage and discovered an unauthorized access on an employee's account," Rob Platzer, CTO of Bitly, wrote in a blog post.