Security

Through my tenure as a student at the University of Maryland from 2000 to 2004, my social security number also doubled as my student identification number. I'd use this number and a password whenever I logged into the college's online management system, Testudo, which I did for everything from course selection and monitoring grades to signing up for basketball tickets. (Go Terps! 2002 National Champs whooo!) I vaguely recall having the option to change my student ID number to something else, but neither I nor anyone I knew ever went to the trouble of doing so.

First, Apple revealed a critical bug in its implementation of  encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple’s desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked. Now one researcher has found evidence that the bug extends beyond Apple’s browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple’s software update mechanism.

Bluebox emerged from stealth mode today with a new offering that aims to address mobile app security demands. Instead of trying to solve the bring-your-own-device (BYOD) challenge, Bluebox is positioning itself to offer bring-your-own-apps (BYOA) technology for both Android and IOS devices.

Bluebox is backed by Andreessen Horowitz and Sun Microsystems co-founder Andy Bechtolsheim, and recently announced  an $18 million round of funding to fuel its efforts.

Belkin International issued a statement late on Feb. 18 that it has fixed vulnerabilities in its WeMo line of home-electronics control devices that were reported by security research firm IOActive.

Earlier on Feb. 18, IOActive issued a public advisory warning of vulnerabilities in Belkin's WeMo connected home devices. The WeMo product line includes Internet connected light and power switches that enable users to remotely control their devices via IOS and Android mobile apps.

Attackers can access a user's Google Drive files and record them through their webcam by tricking the user into clicking hidden links, a researcher found.

The click-jacking attack takes advantage of the Google Picker application interface, which allows users to preview files stored within Drive and via third-party applications.

 The sensitive personal information for more than 300,000 faculty, staff, and students at the University of Maryland were stolen in a "sophisticated" cyber attack on the school's recently bolstered security defenses, the school's president revealed late Wednesday.

Microsoft has issued a security advisory for a vulnerability in Internet Explorer 9 and 10 being exploited in the wild.

We wrote last week on the initial reports of exploits in the wild, as reported by security firm Fireeye. Fireeye and Symantec are both credited in the Microsoft advisory as having worked with Microsoft on the issue.

In the last year, Eastern European cyber criminals have stolen Brian Krebs' identity a half-dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent faecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.

"I can't imagine what my neighbours think of me," he said dryly.

Las Vegas Sands Corp. brought its worldwide websites back online on Monday after a hacking attack forced the company to shut its home pages and other online operations last week, a spokesman said.

The sites were "not the identical versions" of what they were before the company was hacked, spokesman Ron Reese said. He said select content was different on the new web pages, but he declined to say what else had changed.

Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that the system was sending Valve a list of all the domains that a system has visited whenever a protected game was played.