By far the biggest revelation of 2013 was that of the U.S. government's overreaching National Security Agency (NSA) and its PRISM surveillance program. Former NSA contractor Edward Snowden blew the whistle on the government's ability to spy on various forms of communication by leaking several documents to the press, and since doing so, new information keeps coming out. One of the most recent reports claims the NSA routinely intercepts computer deliveries in order to exploit vulnerabilities to aid with spying.
Security vendor F-Secure is ringing in the holiday season with a limited time Internet Security PC Lifetime Edition offer. Up through January 31, 2014, you can snag an F-Secure Internet Security PC Lifetime Edition license for $80, which remains valid for the life of your PC or 7 years, whichever comes first. Even better, F-Secure has an exclusive offer for Maximum PC readers -- two licenses for the price of one!
It's surprisingly cheap to purchase stolen credit card details and full blown identities
Your identity is worth around the cost of two movie tickets, or a pair of tickets and a bucket of popcorn, depending on where you live. That's according to a menu of items available in the underground market, a place where you can purchase someone's Visa or MasterCard details, including CCV code, for a mere $4. Fancy yourself an American Express gent? That runs $7, versus $8 for stolen Discover Card details.
If you've been around the PC block a time or two, then you've probably heard of System Mechanic, an all-in-one system tune-up utility that comes with a bunch of different tools to keep your computer running at tip-top shape. A single-year license runs $50, though for the next 24 hours, developer Iolo is offering new users a free 6-month license. Think of it as an extended trial, if you will.
A newly discovered security hole in Office could allow remote code execution
Microsoft has discovered a vulnerability in the graphics component of its Windows, Office, and Lync software that could allow hackers to execute malicious code from a remote location. The software giant said it is aware of targeted attacks that attempt to exploit the vulnerability in Office and has suggested a series of workarounds until it can issue a permanent patch. In the meantime, Microsoft has made available a piece of "Fix it" software to automatically apply the workaround procedures in affected products.
Adobe suffered a major security breach last month that compromised at least 38 million user accounts. In the wake of that attack, however, the top 100 passwords used by milliions of Adobe account holders have come to light, and it doesn't look pretty. If you're in a scolding mood, you could say that many Adobe users compromised themselves by using lazy passwords that are easy to guess.
Tech savvy users know that it's not necessary to pay for antivirus protection. The question is, how reliable is Microsoft's own Security Essentials software? In our own tests, Security Essentials has performed fairly well in terms of protection, though its slow scan speed and limited feature-set don't put it at the front of the pack when compared with other free (and paid) AV solutions. What's confusing, however, is Microsoft's own opinion on the matter.
If you're in the business of offering free antivirus protection, beware of hackers mucking up your website. The Palestinian hacker group known as KDSM Team recently targeted several well known companies, including AVG and Avira, makers of popular free (and paid) security solutions, and defaced their homepages (sort of). Whatsapp, a cross-platform messaging app for mobile devices, was also tagged.
Professional networking site LinkedIn recently found itself the recipient of a class action lawsuit alleging that the company has been hacking into its users' email accounts and downloading their contacts, which it would then use to send out marketing materials. Furthermore, the lawsuit alleges that LinkedIn essentially impersonates its users. Blake Lawit, Senior Director of Litigation at LinkedIn, denied the accusations in a blog post.
IE flaw could allow hackers to wreak havoc remotely
Be advised that if you're running Internet Explorer version 8 or 9, you could be a sitting duck for a remote code execution attack. Microsoft is aware of the zero day flaw and has issued an emergency Band-Aid as a temporary fix as it continues to investigate the issue. Applying Microsoft's "CVE-2013-3893 MSHTML Shim Workaround" prevents attackers from being able to exploit the security flaw until a permanent fix is rolled out.