Security

On Wednesday, developers of an alternative version of Google's Android mobile operating system published a startling claim: Samsung's S3, Note 2, and seven other models of Galaxy smartphones contained a backdoor that provides remote access to virtually all data stored on the devices. The code that allows access, which controls the phones' baseband or modem processors, made it possible to remotely read, write, or even modify users' files.

For the second time since Aug. 2013, online retailer NoMoreRack.com has hired a computer forensics team after being notified by Discover about a potential breach of customer card data, KrebsOnSecurity has learned.

Over the past several weeks, a number of banks have shared information with this reporter indicating that they are seeing fraud on cards that were all recently used by nomorerack.com customers. Turns out, nomorerack.com has heard this as well, and for the second time in the last seven months has called in outside investigators to check for signs of a digital break-in.

The NSA doesn’t just hack foreign computers. It also piggybacks on the work of professional for-profit hackers, taking over entire networks of already-hacked machines and using them for their own purposes.

That’s one of the surprising details to emerge from the latest Edward Snowden leaks.

Thanks to last month’s big Facebook acquisition, WhatsApp has been attracting a lot of attention lately. While that should only help grow its already impressively large 450-million-person-strong user base, that extra attention also means that more people are placing the app under a critical light. Today we learn of a potential security vulnerability in how WhatsApp saves logs of your conversations; what exactly is the problem here, and is it one you need to be concerned about?

Abusers are leveraging a feature in the popular WordPress open-source content management system to launch distributed denial-of-service (DDoS) attacks, according to multiple sources.

Todd Redfoot, chief information security officer at GoDaddy, told eWEEK that he started to see an uptick in WordPress attacks in late February.

Developers working on Replicant OS, a free and open-source spin of Google's Android operating system, have claimed to uncover a backdoor into the device's file-system for several Samsung Galaxy mobile devices using the stock Android image.

Replicant developers found a back-door to be present in "most proprietary Android systems running on the affected Samsung Galaxy devices, including the ones that are shipped with the devices."

Security researchers have developed a password storage system that uses inexpensive hardware to prevent the cracking of passwords—even the most common and weak ones such as "123456," "password," and "letmein."

With just less than a month until support for Windows XP ends, the security community has warned that hackers are hoarding exploits to let loose on unsuspecting firms once support ends.

After 8 April Microsoft will not release any more updates for the platform. This means that for hackers any holes in the platform they exploit will not be patched, presenting a potential gold mine.

Cisco's security chief discusses security in the Internet of things era as software-defined networking is set to take hold.

As the Internet opens ups to connect more things and networking models move from physical devices to a virtualized software-defined networking (SDN) model, security needs to be top of mind. That's the message that Chris Young, senior vice president for Cisco's security business unit, is driving both within Cisco and to the market as a whole.

Privacy in social media can be a falsehood. The whole concept of sites like Twitter and Facebook is to share. Sure, you can limit what you share, and with whom you share, but once the information hits the servers, you have lost control. Hell, there is the possibility of accidentally sharing something by simply not understanding the settings. Some argue that the settings on some sites are intentionally confusing.