Sony has admitted that account details, logins and online IDs for registered Sony PlayStation Network users, as many as 77 million people, have been compromised. The information was stolen sometime between April 17 and 19, according to a Sony blog post, as early as nine days before Sony notified its users of the breach. Even worse, the company says it can't be sure whether credit card information was stolen.
Iran claims to have discovered new malware it is calling the Stars worm attacking the nation's critical infrastructure. But, the lack of any sample of the new threat make many security experts skeptical.
(Writer's Comment: Starting today, Bugs and Fixes will be posted biweekly each month for your convenience. You'll still be able to read the Bugs and Fixes column in the monthly print issue of PCWorld.)
You may not want to think about your taxes until Tax Day on April 15, but online scammers are already plotting to separate you from your tax refund and your identity. Scams for the 2011 tax season include promises of tax credits for charitable donations to disaster relief in Japan, malware-laden Websites optimized for search engines, dangerous e-mail, and so-called 'likejacking' techniques found on the social network Facebook.
Online malicious activity was a major headache in 2010, and so far, 2011 is no different: We've seen scams and malware on Twitter, Facebook, and the Android Market, as well as a rise in politically motivated online attacks. But that's no surprise to security experts such as Graham Cluley, senior technology consultant for security firm Sophos. Cluley says that Sophos analyzes about 95,000 pieces of malware every day that is either brand-new or a variant of an older attack.
When it comes to browser security, Internet Explorer usually gets ridiculed and beaten up the most. And though Microsoft's IE8 was quickly unraveled at Pwn2Own, Apple's Safari 5 was hugely embarrassed by getting hacked in five seconds flat.
Thanks to Ars Technica and H-online.com, we now have intimate details of the Anonymous attack against security research company HBGary. There are no surprises in how the attacks where carried out, but we can draw many morals from the story, even if we've heard them time and time before.
The Android world is still reeling from the DroidDream invasion of the Android Market. Google has flipped the kill switch to wipe out apps associated with DroidDream, but the work of investigating how this Android Trojan infiltrated Google, and how to prevent similar attacks in the future is just beginning.
Courtesy of a software developer friend, I had a chance over the weekend to play with the Mac OS X 10.7 preview release. As with previous versions, I felt that Apple is spending a lot of time solving problems people don't have. You can now quickly revert to older versions of files, for example, but how many times have you wanted to do that?
Attention! Dear Depositor -- the FDIC (Federal Deposit Insurance Corporation) is not sending you an e-mail with a mysterious ZIP file attachment. If you receive such a message claiming to be from the FDIC, don't be fooled. The e-mail is a phishing attack, and the attachment is actually malware.
There have been a number of attacks recently against high-profile social networking accounts -- French President Sarkozy, teen pop star Selena Gomez, and even social network wunderkind and Facebook founder Mark Zuckerberg have all fallen prey. Web surfing and social networking are here to stay, so the trick is figuring out how to protect your computer and your personal information while you're online.
Facebook straddles a precarious line when it comes to information security and data privacy. As a social networking site, its very existence is based on the premise of freely sharing information -- status updates, photos, likes, location check-ins -- with others. However, that sharing has to be tempered as well to ensure personal privacy is not violated. This week, Facebook simultaneously introduced a new ad model that could infringe on user privacy, while also improving security for the site itself.
Facebook should overhaul its third-party developer program and require every app on the social network to go through an approval process, security firm Sophos says. The suggestion was part of Sophos' annual security threat report for 2011, published Wednesday. The report takes a look at threats from 2010, and offers advice on how to stay secure for the coming year. Sophos said in 2010 it analyzed 95,000 pieces of malware every day, almost double the amount the company tracked in 2009.
Your home address and phone number are now part of the information dump third-party developers can obtain through Facebook-powered Website logins and applications.
Most users are already aware of the risks presented by cookies, the small data files that browsers save on our computers to remember things like login details, or Website preferences.