The CCleaner hack shows that even utilities can be used to hack unsuspecting targets. Software vendors need to verify that the software they distribute is secure, experts say, scrutinizing it from acquisition through routine updates.
Retailers rely on point-of-sale readers to process purchases and protect customer data. Due to lax security within the devices and at stores, they make for tantalizing hacking targets.
While a passed House bill doesn’t directly address autonomous-vehicle hacking dangers, some experts maintain that broad regulatory language is better for rapidly developing technology.
Traditional passwords, often easily cracked or guessed, aren’t likely to lose much ground to multifactor or biometric authentication any day soon, experts say. Here’s why.
After an engineer enters an office building using an easily guessable default code programmed into an Airbnb-integrated smart lock, the RemoteLock 6i, the manufacturer pushes out updates.
While riding my motorcycle to DefCon and Black Hat, I visualized the security industry’s high-water mark—that place, Hunter S. Thompson wrote, “where the wave finally broke and rolled back.”
The first Enigma Interviews event will focus on the challenges Facebook and others face in protecting average users alongside high-profile hacking targets.
After President Trump fires James Comey, a leading U.S. backer of encryption backdoor mandates, officials in Europe and Australia renew arguments for the “technically infeasible.”
Addressing EVM vulnerabilities uncovered at DefCon—and plugging related holes across disparate election systems—would require years of concentrated work, experts say.
At DefCon, hackers discuss flaws—and real dangers—in dozens of biomedical devices, from pacemakers and insulin pumps to glucose monitors and digital intravenous drips.
During a fireside chat in Las Vegas, Reps. Will Hurd of Texas and Jim Langevin of Rhode Island plead for proactive hacker-lawmaker collaboration and voice concerns about election security.
Unaffiliated, limited-edition conference badges are utilitarian status symbols among the hacker community. They also are effective (and safe) tools for learning how to hack connected devices.
Privacy advocates in Congress oppose reauthorization of FISA’s Section 702 without major reform. The implication: Existing surveillance programs won’t survive without new privacy protections.
The NotPetya attack highlights that today’s critical security vulnerabilities are tied to far more than one outdated operating system, experts say. They stem from systemic issues well beyond the OS.
A lawsuit against the Trump administration highlights a presidential mandate to keep records of all official communications—something consumer encrypted-messaging apps aren’t designed to do.
The release of computer vulnerability exploits collected and stockpiled by U.S. intelligence agencies highlights internal security and cultural structures that aren’t likely to change. Here’s why.
Organizations don’t necessarily need to pay for zero-days, experts say. First, they need to set up vulnerability disclosure channels and establish reasonable response times.
As the controversy-laden ride-sharing service unrolls new privacy controls for users, Uber's technological turns still seem slightly speedier than its customers’ perceptions, if not the law.
As ride-sharing giant Uber contends that it’s been tracking devices’ unique identifiers on legitimate grounds, security experts outline how they can be used to both protect and expose.
Even the most secure, stable, and well-positioned open-source messaging apps need a smart user interface to catch on. Look no further than Demonsaw’s demise—and Signal’s success.
The requirement of apps such as Signal and WhatsApp that both senders and recipients use them makes it easier to confirm cryptographic exchanges. It also slows adoption.
The “biggest cyberthreat” of the year isn’t just a problem for big businesses. Eager to pluck the lowest-hanging fruit, cybercriminals are increasingly targeting small organizations and consumers.
Machine learning, enabled by finely tuned algorithms and a plethora of data, "artificial intelligence" is quickly growing in influence among security professionals, cybercrime rings, and data-probing government agencies. Here’s how.
At hacking contests like Pwn2Own, individual hackers can shine. Participating companies, meanwhile, can find and recruit badly needed talent, as they build hacker-friendly reputations.
Revision proposals for the international agreement to control weapons exports aim to address language that could have severe consequences for security researchers.
Precisely because biometrics are harder to steal and spoof than passwords, they have the capacity—for better or worse—to be used in more powerful ways. Here are the key risk factors.
As the new president establishes his cabinet, and issues (and holds back on) security-focused executive orders, questions abound about his cybersecurity intentions—and how he might follow through on them.
Delegated Recovery, debuted alongside GitHub, unlocks linked accounts without texted log-in codes, secret questions, or emailed links. Its special sauce? Tokens sent over an encrypted connection.
After a presidential election marked by hacks and leaks and claims of “bleak” urban streets, those of the nation’s capital were filled—quite literally—with anger and worry. And hope.
What was once an obscure app offering protection for which most people couldn’t contemplate a use is being rapidly adopted by tech titans and rebels alike. Here’s why.
In the wake of stunted recounts in three closely contested states, security researchers argue that to ward off hacker manipulation of elections, municipalities must maintain and audit paper ballots.
With nothing more than a boarding pass bar code, someone could steal your airline miles, access your personal data, stalk you, and even cancel or register your flight to himself, a security researcher demonstrates.
Following revelations of two of the biggest user account breaches ever, ex-Yahoo engineers are advocating ditching all of its services, including Mail, Flickr, and Tumblr.
Money mules perform a critical task for online thieves by agreeing to transfer money through their legitimate bank accounts. Here’s how to tell if you’ve been money muling—and what to do about it.
Sans regulation or consistent guidelines, experts say it’s in the best interest of software vendors and security researchers to coordinate on disclosures and patch releases.
The ways private companies and government agencies use information created by and attached to all forms of digital communication are far-reaching and, in some cases, vital.
First Amendment protections haven’t stopped attempts to regulate organized protests and other civic action. But effective community organization doesn’t have to sacrifice privacy.
Will Trump be able to fill key positions? Will he heed warnings about Russia? Will he look to force tech companies to create encryption backdoors? Here’s what several experts tell us.
Regardless of whether the Mirai botnet disrupts the U.S. election, IOT device exploits will continue to contribute to a less stable Internet until stronger security protocols are implemented, security experts say.
Questions regarding the veracity and transparency of evidence lie at the center of the debate over whether to trust government accusations of culpability for cyberattacks and computer hacking.
Email is the most important communication means for garnering campaign awareness, funds, and participation. Here’s how campaign data scientists and marketers are using it to entice you.
From publicity and hacker humiliation to machine-learning algorithms and taxonomy, we outline the factors leading to names such as Melissa, Stuxnet, Nimda, and Code Red.
A Veracode-sponsored study of “the relationship between bug bounties and internal efforts to secure software” concludes that using bug bounties alone would be a highly expensive endeavor.
The assumption that all map search results for businesses are accurate, legitimate, and locked down “is wrong,” says hacker Bryan Seely. Here’s how fake listings can put you and businesses at risk.
Creating and remembering a plethora of strong, unique passwords can be a challenge, even for security experts. Here’s why they say password managers’ “benefits outweigh the risks.”
Properly protected vote databases are tough to hack, security experts say. But in places lacking up-to-date software, proper IT training, or a paper trail, hackers have an advantage.
Hidden trackers and malicious ads can respectively threaten your privacy and security while on the Web. To augment your browser settings, experts recommend installing these extensions.
More and more of your data is getting distributed through the browser. To prevent it from getting compromised, experts recommend taking these five simple steps.
Web ads are notoriously dangerous, and many see them as pollutants. JavaScript creator Brendan Eich is presenting his new browser as a viable solution for publishers, marketers, and consumers alike.
We’ve come a long way since 1991. Follow the major moves, from the launch of Berners-Lee’s security-light WorldWideWeb to Google’s disabling of plug-ins like Flash for Chrome.
With “flexibility and freedom” comes “multifaceted” threats to consumer safety. Here’s how browser developers ranging from Google to Mozilla are approaching today’s challenges.
While its top prize of $200,000 is a far cry from what hackers can earn for unpatched bugs on the black market, the security community is largely applauding the tech titan’s move.
From a plea for an “NIH for cyber” to a plan for “software supply chain transparency,” Black Hat and DefCon insiders say it’s time for the U.S. government to ensure software safety.
Like other types of programs, antivirus software sometimes is vulnerable itself. And unlike others, it can hook into the core of your computer. Here’s why experts say you should still use it.
Are you trading your privacy and physical safety to play the wildly popular new smartphone game? Who else might be at risk? Here’s a rundown of things to beware of before (and after) downloading it.
White and black hats alike are successfully prying their way into Internet-connected devices ranging from cattle tags to tea kettles. We ask two experts about the long-term implications.
It’s a quixotic journey at best, PR guru Jonathan Hirshon says. Nevertheless, it’s one he’s successfully navigated for years to “educate people” about privacy, if nothing else. Here’s how.
Pressing for privacy awareness and abuse prevention, Joseph Atick—like Oppenheimer, the father of the atomic bomb—says there is danger in the technology he helped create.
The “notoriously inaccurate” tech has spread from government databases to popular apps. And although it’s improving (and spreading) constantly, it’s not ready for prime time, privacy advocates say.
Eliminating your online presence is nearly impossible, but you can regulate where and how your personal information is used. Here’s how the experts advise doing it.
They recently earned five-star ratings in customer privacy protection. But the data Uber and Lyft collect is attractive to government agencies, insurance companies, and hackers alike.
From Infant Optics to Graco, companies behind several popular radio frequency monitors are either overpromising or underdelivering on security claims, Independent Security Evaluators finds.
Automated bug detectors often add another layer of security to app development. The social network’s software blocks its programmers from reusing code containing a known vulnerability.
Beware of the robocalls. With fraudulent calls (and consumer complaints about them) on the rise, the Federal Trade Commission is calling on tech companies to help block them.
How do Amazon, Apple, Google, and Microsoft manage the personal data their voice-driven personal assistants generate, access, and share? Here’s a rundown.
Craig Steven Wright, lacking proof, has backed away from his assertion that he’s bitcoin’s inventor. Here’s why any holder of the Internet currency should care who Satoshi really is.
HIPAA doesn’t apply to comments you post on Twitter or groups you join on Facebook. While mining such data can be valuable for preventive health efforts, privacy advocates are concerned.
As people and organizations pay larger sums to free their computers of the malware, The Parallax looks into what’s driving ransomware’s development—and where it’s spreading.
Finding the right summer fit for your coding-happy son or daughter can be challenging. Here’s a rundown of things to keep in mind, from what she’s interested in to she learns best.
Critical U.S. infrastructure systems are “extremely vulnerable,” experts say. But as a whole, their complexities—limitations, redundancies, differences—make them tough to even comprehend.
While companies set up programs for hackers to report vulnerabilities, independent marketplaces buy and sell hacks to popular software programs with no oversight or accountability.
Ask data brokers why your information is important to them, and they’ll tell you that it helps their partners provide you with more personalized services.
As... Read More...
The web binding you with data brokers and marketers is complex and confusing. Here's an illustration of how your personal information is collected, packaged, and sold.
Data brokers trade personal information with a wide range of sources for a wide range of purposes. Understanding how they work can help you retain (or regain) control of your data.
From your wireless carrier to your favorite retailer, hundreds of businesses could be following your movements. Here’s how and why—and what they could be doing with your location information.
Even at 30,000 feet, you’re not necessarily safe from hackers. Our pre-flight safety demonstration includes four steps you can take to protect yourself when using airline Wi-Fi.
Although businesses can get insured against losses from online attacks, it’s almost impossible for consumers to do the same. Here’s why—and what you can do instead.
In the 30 years since President Reagan signed the Computer Fraud and Abuse Act into law, it’s been the subject of heated controversy and undergone many alterations. What’s next?
Apple is citing the First Amendment in its programming dispute with the FBI over an iPhone used by a government employee accused of terrorism. Here’s why.
Add the Pentagon to the growing list of nontech organizations looking to improve their tech security by paying independent security researchers to hack them.
By deploying hundreds of Tor nodes, and mixing machine and human analysis, security company IntelliAgg is tracking and cataloging the Dark Web more accurately than ever.
A San Jose middle-school teacher angry at a newspaper’s characterization of her students’ potential recruits the Silicon Valley tech giant to help them succeed.
In its case against Apple, the federal agency claims that it’s trying to unlock just one phone. Far more is at stake, domestically and internationally, experts and activists say.
A hacker equipped with a $15 dongle and 15 lines of code can exploit the vulnerability to connect to, spy on, and control a computer using it, a Bastille security researcher says.
Apple is defying a court order to circumvent its mobile encryption. The use of a cheap remote-management app—including Apple’s own MDM—could have rendered the issue moot.
Google’s massively popular Android operating system powers billions of phones and tablets around the world, but it’s also far easier for hackers to infiltrate than Apple’s iPhones. Here’s why.
Tech issues may be too complex—and too lacking of simple populist messages—to argue about on stage. But the candidates have their opinions. Here’s an overview.
They’re designed to prevent unauthorized people from firing them, advocates such as the Obama administration say. But are they better (and safer) than safes and trigger locks?
They are questioning whether new privacy regulations specifically governing personal or commercial drone use are necessary and pushing instead to develop best practices.
How private your mobile communications are depends on which devices you use and which apps you’ve installed. These apps can help keep your private messages from going public.
Why are U.S. government representatives demanding legal access to coded phone calls and text messages? Federal cybersecurity contractor Jan Filsinger says they lack cyber savvy.
With customers worldwide who would be negatively impacted by weakened encryption, Silicon Valley has an obvious interest in uniting together against a very dumb idea.
Tech leaders, security experts, and privacy advocates say law enforcement officials’ proposed backdoors and forced decryption would be ineffective and dangerous. Here’s why.
