Security en U.S. Plans to Officially Pin Blame for Sony Hack on North Korea <!--paging_filter--><h3><img src="/files/u69/sony_pictures.jpg" alt="Sony Pictures" title="Sony Pictures" width="228" height="152" style="float: right;" /></h3> <h3>Evidence points to North Korea as the culprit behind a cyber attack on U.S. soil</h3> <p>After investigating a major cyberattack against Sony Pictures Entertainment that resulted in the theft and subsequent leak of various data, it appears there's enough evidence to suggest that North Korea is the culprit, as was previously suspected. However, <strong>U.S. authorities have been debating whether or not to publicly accuse North Korea of the attack</strong>, fearing that doing so would play into the country's hands of seeking a confrontation. According to reports, the decision's been made.</p> <p>Another reason why authorities were hesitant to confront Kim Jong-un and his regime is because it could negatively affect ongoing diplomacy efforts to negotiate the return of Japanese citizens kidnapped several yars ago. Nevertheless, President Barack Obama is expected to address the hacking incident and call out North Korea during an end-of-year news conference scheduled for 1:30 PM EST today, <a href="" target="_blank"><em>Reuters</em> reports</a>.</p> <p>The cyberattack on Sony ranks as the biggest ever on U.S. soil. Attackers made off with a treasure trove of data, including social security numbers of actors and actresses, movie scripts, internal emails, and more. However, the attack turned particularly ugly when hackers made threats against cinemas and movie goers planning to attend "The Interview," a far-fetched comedy in which the CIA enlists a couple of dimwits to assassinate Kim Jong-un.</p> <p>Sony took the threat seriously, ultimately cancelling the movie's Christmas Day debut. It's unclear if the movie will release to theaters at a later date or if Sony has alternate plans for the film.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> hacking north korea Security sony the interview News Fri, 19 Dec 2014 16:59:49 +0000 Paul Lilly 29122 at Microsoft Issues Hotfix for Windows 10 Update Issue, 12 Percent of Users Rejoice <!--paging_filter--><h3><img src="/files/u69/windows_fix.jpg" alt="Windows Fix" title="Windows Fix" width="228" height="208" style="float: right;" />All is good again</h3> <p>Around one out of 10 Windows 10 users ran into trouble when trying to install a update intended to fix a problem that was causing Explorer.exe to frequently crash following an upgrade to Windows 10 Build 9879. The problem was further exacerbated by the fact that Microsoft said it didn't have a new build planned until early 2015. If you're one of the people who ran into trouble, here's a heads up that <strong>Microsoft has released a hotfix</strong> to address the issue.</p> <p><a href="" target="_blank">According to Microsoft</a>, the problem affected about 12 percent of PCs when installing the update. In those instances, the update would fail to install, and after doing some digging, Microsoft determined there were two underlying bugs that needed squashed.</p> <p>The first is that in Build 9879, Microsoft introduced some new System Compression code that systems with SSDs can take advantage of to reduce disk usage by the OS. However, the logic for low-space detection would get inverted in some instances, and Windows compresses automatically as a background operation.</p> <p>A second bug appeared on PCs that had system compression enabled. It would muck with how the file system tracks deletes, causing the installer to think the temp files failed to extract correctly.</p> <p>There was a workaround for the problem, though now the easiest solution is to apply the new hotfix that's now available through Windows Update, according to Microsoft's <a href="" target="_blank">Gabriel Aul</a>.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> hotfix microsoft operating system OS patch Security Software windows 10 News Tue, 16 Dec 2014 16:27:49 +0000 Paul Lilly 29098 at Former LulzSec Hacker Turned Informant Talks Life Without a PC <!--paging_filter--><h3><img src="/files/u69/lulzsec_1.jpg" alt="LulzSec" title="LulzSec" width="228" height="258" style="float: right;" />What life is like for an ex-hacker</h3> <p><strong>Hector Monsegur caused quite a bit of chaos during his stint as a LulzSec hacker</strong>, a group he co-founded. You may know him better as "Sabu," his online stage name when he was helping the hacking group with its agenda. That is, until the FBI tracked him down and gave him a proposition he couldn't (or wouldn't) refuse -- help them convict other LulzSec hackers or risk losing the two girls he was fostering. Monsegur accepted the FBI's proposition, and with that part of his life now behind him, <strong>he's ready to speak about his days as a hacker and informant</strong>.</p> <p><em>CNET </em>has the three part interview with Monsegur, who talks about growing up in poverty and how several immediate family members had spent time behind bars. Around that same time, a period he describes as feeling alone, his foray into computers began with an Apple computer from the 1990s. He would play games on it before his Aunt later bought him a Sony Vaio with Windows 95. Not long after he discovered the Hacker's Manifesto, which drew him into the world of hacking.</p> <p>Thousands of illegal activities later, he was caught by the FBI and facing around a dozen counts of hacking and fraud. Using his foster girls as incentive, the FBI was able to get Monsegur to agree to be an informant, ultimately helping to thwart several hundred hacks against government sites. He also played a significant role in the arrests of fellow hackers, one of which is Jeremy Hammond, who's currently serving a 10-year sentence.</p> <p>Monsegur served seven months, in part because the FBI took the unusual role of outlining exactly how helpful he had been. He's even allowed to own a PC, though he doesn't have one these days because he's afraid of being framed.</p> <p>There's a lot more to the story, including his thoughts and theory on the recent Sony attack. When you have a free moment, check out the full interview by <a href="" target="_blank">going here</a>.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> anonymous fbi hacking hector monsegur lulzsec Security News Mon, 15 Dec 2014 16:52:00 +0000 Paul Lilly 29090 at Long Time Windows Trojan Trots Over to Linux <!--paging_filter--><h3><img src="/files/u69/computer_penguin.jpg" alt="Penguin Computing" title="Penguin Computing" width="228" height="171" style="float: right;" />Variants of the Turla Trojan for Windows has been found on Linux systems</h3> <p><strong>Security researchers have discovered at least two Linux-based variants of a Trojan that for years has been infecting Windows systems</strong>. Dubbed "Turla," the Trojan has been around for four years or more and has infected hundreds of Windows machines in use at government institutions, embassies, military facilities, educational institutions, and research and pharmaceutical companies.</p> <p>According to <a href="" target="_blank"><em>TechNewsWorld</em></a>, security outfit Kaspersky Lab discovered the two variants running on Linux. One is a C/C++ executable statically linked against multiple libraries and stripped of symbol information, presumably so it would difficult for researchers to reverse engineer. Details of the second variant haven't been released by Kaspersky.</p> <p>These are highly sophisticated malware samples that appear to have come from Russia. Some researchers believe they're government funded, which would make sense given the institutions they've been targeting.</p> <p>The Turla sampled described above is based on a proof-of-concept backdoor malware that has been around for several years. It provides remote access to systems without showing an open port at all times -- a trick it accomplishes by using a sniffer to capture packets.</p> <p>The Linux Turla can also hide itself without elevated priveleges as it runs arbitrary remote commands. That means it will still function as intended even if a regular user with limited privileges launches it.</p> <p>Image Credit: <a href="" target="_blank">Flickr (adam.hartling.ns)</a></p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> linux malware Security Software Trojan turla News Wed, 10 Dec 2014 18:41:03 +0000 Paul Lilly 29069 at Cyber Criminals Using Fake Browser Warning to Distribute Zeus Trojan <!--paging_filter--><h3 style="text-align: center;"><img src="" alt="Fake Browser Warning" title="Fake Browser Warning" width="620" height="284" /></h3> <h3>Cyber scoundrels have begun taking grammar seriously</h3> <p>Security researchers and cyber criminals are locked in a ceaseless game of cat and mouse, with the latter constantly trying to come up with new ways of delivering malware. However, this does not mean there is no <strong>room for an old workhorse like the notorious Zeus malware</strong>, a trojan virus that has been in circulation for over seven years now.</p> <p>Researchers at PhishLabs recently stumbled on a <a href="" target="_blank">fake browser warning</a> that is being used to distribute Zeus, which cyber scoundrels have been known to use to steal banking info. But the use of Zeus is not the only thing that caught the eye of the company’s researchers. They found the fake warning to be better written than what they are used to seeing.</p> <p>“Another observation that differentiates this malicious prompt from others is the language usage and spelling. Generally speaking, grammar and spelling are often indicators of fake or malicious requests that lead to malware but cyber criminals have caught on to this vulnerability and stepped up their game. Although it is not perfect, the warning observed in this case was much more accurate than what we usually see,”&nbsp; Paul Burbage, a threat analyst at PhishLabs, wrote in a recent blog post, warning that clicking on the “Download and Install” results in the user being redirected to a malicious site that downloads the malware.</p> <p>“Web users should be on the lookout for this kind of social engineering that capitalizes on fear and misleads users to believe the alert is showing up based on user-defined preferences. Zeus is a dangerous malware that continues to be distributed through sophisticated avenues. In the past, Zeus infections have led to exploitation of machines, making them part of a botnet, as well as bank account takeovers and fraud. Please stay tuned – we will post more information as our R.A.I.D. further investigates the threat.”</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> cyber criminals phishing Security social engineering Trojan Horse virus zeus News Mon, 08 Dec 2014 09:14:27 +0000 Pulkit Chandna 29049 at Bluetooth 4.2 Specification is Faster, Smarter, and More Secure <!--paging_filter--><h3><img src="/files/u69/bluetooth.jpg" alt="Bluetooth" title="Bluetooth" width="228" height="169" style="float: right;" />A better Bluetooth</h3> <p>As we approach an era that will be dominated by the Internet of Things (IoT), the <strong>Bluetooth Special Interest Group (SIG) announced the new Bluetooth 4.2 specification</strong> with several promising new features and updates. It comes a year after SIG certified Bluetooth 4.1, and with this latest update, Bluetooth sees improvements in several different areas, including a new direct Internet access feature.</p> <p>"Bluetooth 4.2 is all about continuing to make Bluetooth Smart the best solution to connect all the technology in your life – from personal sensors to your connected home. In addition to the improvements to the specification itself, a new profile known as IPSP enables IPv6 for Bluetooth, opening entirely new doors for device connectivity," <a href="" target="_blank">said Mark Powell</a>, executive director of the Bluetooth SIG. "Bluetooth Smart is the only technology that can scale with the market, provide developers the flexibility to innovate, and be the foundation for the IoT."</p> <p>It's also a faster spec -- by increasing the capacity of Bluetooth Smart packets, devices can transfer data up to 2.5 times faster than with previous versions, according to SIG. This will also result in fewer transmission errors and longer battery life for Bluetooth devices.</p> <p>Privacy is the other big feature upgrade in Bluetooth 4.2. New privacy features protect mobile users from being tracked through their Bluetooth gadget. That means if you enter a store with beacons, they won't be able to engage with and track your Bluetooth device unless you've enabled permission.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> bluetooth 4.2 internet of things iot Security wireless News Wed, 03 Dec 2014 17:42:47 +0000 Paul Lilly 29026 at Hackers Infiltrate Sony Pictures PCs, Threatens to Release "Secrets" <!--paging_filter--><h3><img src="/files/u69/hackedbygop.jpg" alt="Hacked By #GOP" title="Hacked By #GOP" width="228" height="171" style="float: right;" />Hacker group claims to be in possession of Sony's "secrets"</h3> <p>What secrets might Sony Pictures be hiding? We don't know the answer to that, but apparently a hacker group does, or at least is claiming that to be the case. <strong>Sony Pictures suffered a security breach by a hacker group called #GOP</strong>, which forced employees to shut down their systems and stay off the movie studio's network. The hackers say they're in possession of internal data, including the company's "secrets."</p> <p>The hacker group is threatening to release the stolen data to the public if its demands aren't met, though it's not clear outside Sony what exactly #GOP is demanding.</p> <p>"We've already warned you, and this is just a beginning. We continue till our request be met," read a message that appeared on affected computer screens.</p> <p>Sony isn't saying much on the matter. In a <a href="" target="_blank">statement to </a><em><a href="" target="_blank">The Hollywood Reporter</a>,</em> Sony Pictures Entertainment spokesperson Jean Guerin said the company is experiencing a "system disruption, which we are working diligently to resolve."</p> <p>It's been a rough week for Sony. News of the attack comes just a day after another hacker group (DerpTrolling) claimed it hacked into Sony's PlayStation Network and published the email addresses and passwords of gamers. Sony denied the claim, saying no breach occurred.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> hackers Security sony Sony Pictures News Tue, 25 Nov 2014 19:08:19 +0000 Paul Lilly 28989 at Symantec Discovers Super Stealthy ‘Regin’ Spyware <!--paging_filter--><h3><img src="" alt="Regin Malware" title="Regin Malware" width="228" height="165" style="float: right;" /></h3> <h3>‘One of the main cyberespionage tools used by a nation state’</h3> <p>Cyber security firm Symantec has discovered a new piece of malware that is said to be so advanced as to practically rule out the involvement of any entity other than a powerful nation state. Called ‘Regin’, this malware has been used to spy on everyone from governments to private individuals across the world since 2008, although not uninterruptedly as <strong>whoever is behind Regin abruptly withdrew the original version sometime in 2011, only to introduce a more sophisticated strain in 2013.<br /></strong></p> <p>“A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen,” Symantec said in a <a href="" target="_blank">blog post announcing its discovery of Regin</a>, which it suspects “took months, if not years” to develop. </p> <p>“Regin uses a modular approach, giving flexibility to the threat operators as they can load custom features tailored to individual targets when required. Some custom payloads are very advanced and exhibit a high degree of expertise in specialist sectors, further evidence of the level of resources available to Regin’s authors,” the company added. “There are dozens of Regin payloads. The threat’s standard capabilities include several Remote Access Trojan (RAT) features, such as capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.”</p> <p>According to the security company, a little over half of Regin’s victims are located in Russia and Saudi Arabia. Other countries on the list of countries worst affected by this highly stealthy piece of malware are Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.</p> <p>Its hard-to-detect nature is said to be ideal for multi-year espionage efforts, says the company, adding that mere detection isn’t enough as determining what it is up to is just as big a headache (if not bigger).</p> <p>“It has several ‘stealth’ features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.”</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> cyberespionage malware regin russia saudi arabia Security symantec News Mon, 24 Nov 2014 07:36:22 +0000 Pulkit Chandna 28979 at Best Search Engine: Google, Bing, and DuckDuckGo Compared! <!--paging_filter--><h3><img src="/files/u69/search_scuffle.jpg" alt="Search Scuffle" title="Search Scuffle" width="228" height="130" style="float: right;" />Which search engine is the best?</h3> <p>The web has grown from a single website in 1991 (<a href="" target="_blank">World Wide Web Project</a>) to <a href="" target="_blank">more than a billion unique host names</a> today. Around three quarters of those are inactive sites—parked domains and the such—but that still leaves over a quarter of a million sites. If you visited 10 different websites each day, it would take you roughly 70 years to get through them all, and that's only if no more sites are added. Yeah, fat chance of that happening!</p> <p>Now imagine having to crawl each website, catalog the content, and then memorize the URL of each one so that if someone asks where they can find information about Siamese cats or what to do if stung by a scorpion, you can rattle off a list of appropriate URLs. Even Rain Man would be intimidated with such an impossible task.</p> <p>Not to worry, there are better ways to the surf the web. Whenever we need to look up something online, we simply type our query into a search engine and wait for the results. On a high-speed connection, you can expect thousands and even millions of results in under a second—that's pretty miraculous, when you think about it.</p> <p>Google is the only search engine that's generally accepted as a verb, as in, "Hey Bob, did you ever get around to Googling the honey badger video I told you about?" However, it's not the only search engine in town. Microsoft's Bing and Gabriel Weinberg's DuckDuckGo are two of the more popular alternatives, and like Google, each wants to be your go-to search engine.</p> <p>Is one better than the other? That's a great question, so we set about tackling it by comparing the three competitors.<strong> </strong>We came up with several categories that are relevant to today's search queries, and then had each of the candidates show us their stuff. Hit the jump as we separate the contenders from the pretenders!</p> <h3>Accuracy</h3> <p>Determining accuracy is arguably the single most important aspect of evaluating a search engine, so we decided to jump right into the thick of things. Unfortunately, this is also the most challenging category, as it requires a fair amount of subjective analysis. With that in mind, we tried several different queries to see if any of the search engines stood out with more relevant results to what we had in mind.</p> <p>We started off easy by searching for the time in Ecuador. All three search engines came back with the correct time, though only Google gave us the result before we were finished typing, let alone had a chance to click the search button.</p> <p>This was followed by a search for Rowland High School, which is actually John A. Rowland High School, though we figured dropping the "John A." at the beginning shouldn't be problematic. And it wasn't. All three found the school in question, though DuckDuckGo opted to post a Wikipedia summary and an advertising link at the top of the results, whereas both Google and Bing plopped the school's homepage URL at the top. Bing did slightly better by also including a Facebook link on the first page -- Google made us go to the second page for it.</p> <p>We tried several other searches, including the copying and pasting of a line from a recent article on our website. All three sites found the correct article, though only Google highlighted the line in the summary underneath the URL. Bing and GoGoDuck both didn't include the line in the summary. Why does this matter? If you're looking up an article based on a quote that stands out for whatever reason, only Google's presentation lets you know that it's found the correct URL before clicking through.</p> <p>Switching our attention to breaking news, it was pretty much a wash between all three, even with only just minimal information. On the same day that a man armed with a small knife tried breaking into the White House, we performed a simple search for "White House" and all three came back with relevant news links for the breaking story.</p> <p><img src="/files/u69/duckduckgo_whitehouse.jpg" alt="DuckDuckGo White House" title="DuckDuckGo White House" width="620" height="525" /></p> <p><strong>Winner: Draw</strong></p> <p><strong>&nbsp;</strong></p> <hr /> <p><strong><br /></strong></p> <p>&nbsp;</p> <h3>Image and Video Search</h3> <p>Evaluating image and video search results is a little easier than analyzing general accuracy—either a search engine finds the media you're looking for or it doesn't. We took off the gloves and starting with a search for "Shizzle vs Razer." It's an old video this editor posted of his cat taking swipes at an electric razer. It's also an obscure video, but one that we know exists, and only <a href=";oid=%2BPaulLilly" target="_blank">Google dug it up</a>. Clicking on Google's Videos tab also brought up a bunch of other videos with either "Shizzle" or "Shaver" in the title—DuckDuckGo and Bing found none whatsoever.</p> <p>Image searches were a little more evenly matched between the three. Whether we were searching for computer parts like the GTX 980 or new wallpaper by looking up the Celtics dancers, all three came back with current and relevant images. Interestingly, only Google sprinkled in a heavy dose of performance graphs when looking up the GTX 980.</p> <p>Google and Bing separate themselves from DuckDuckGo because they offer some advanced options for looking up media. Both allow you to filter image results by license, time it was posted, size, and other criteria. However, Google eeks out a victory for its "search by image" tool. See that camera icon placed at the right of the search field? You can click it to look up sites that are using an image—just plug in the image's URL or upload the actual image. This can be handy in tracking down the image's owner to request permission to use it, or to look up your own photos to see if anyone's infringing on your copyright.</p> <p><img src="/files/u69/google_images.jpg" alt="Google Images" title="Google Images" width="620" height="525" /></p> <p><strong>Winner: Google</strong></p> <h3>Layout and Features</h3> <p>Once again, DuckDuckGo is the lame duck of the bunch. The search engine's primary draw is privacy, and while there are some settings you can tweak, its overall layout and feature set isn't as robust as either Google or Bing, making this category a two-combatant fight.</p> <p>Google's layout is straightforward; when searching for something, you can fine-tune your results into web, shopping, images, news, videos, maps, books, flights, and apps. Bing offers a similar set of options, though not quite as many. Microsoft's search engine also falls short in the shopping category—Bing no longer has a dedicated shopping tab. Instead, product results are integrated into search, though you typically have to look up a specific model to have any luck. Google, on the other hand, makes it easy to look up an item and then sort by price.</p> <p>Google also wins when it comes to looking up flight information. Both Google and Bing make it easy to search for flights, but when you click on the calendar to look at dates, only Google shows you the different prices for each day of the month. This eliminates the guessing the game of picking out a date and hoping that it returns a cheaper result than the last one you looked at.</p> <p>One feature in Bing's favor—and it's a potentially big one—is Bing Rewards. It's mostly gift cards that you can earn simply by using Bing as your go-to search engine, such as $5 at Amazon or Applebees. Yes, Bing is essentially bribing you, but we're okay with that.</p> <p>If earning gift cards is important to you, Bing is the only way to go. Otherwise, Google is the victor here.</p> <p><img src="/files/u69/google_flights.jpg" alt="Google Flights" title="Google Flights" width="620" height="525" /></p> <p><strong>Winner: Google</strong></p> <h3> <hr /></h3> <h3>Privacy and Security</h3> <p>A big reason (and maybe the only reason) you might be familiar with DuckDuckGo is because it prioritizes privacy over all else. Google is big on integrating your online identity with its services, including search, and knows what you've searched for, when you searched for something, and other personal details. You'd do well to familiarize yourself with <a href="" target="_blank">Google's privacy policy</a>.</p> <p>Bing is a little better when it comes to privacy, but you're still not anonymous—Bing holds onto IP addresses for six months and retains cookies and other cross-session identifiers for 18 months, according to the company's <a href="" target="_blank">privacy statement</a>. Microsoft also has sections explaining how it uses your personal information and reasons why it shares that info.</p> <p>DuckDuckGo is different. It doesn't collect or share personal information, it doesn't know who you are, and there is no way for the search engine to tie your searches together, according to its <a href="" target="_blank">privacy page</a>. DuckDuckGo doesn't store your IP and no cookies are used by default. All this privacy comes at the expense of certain features—Google's integration with your social profile is quite good—but in terms of staying anonymous, DuckDuckGo is clearly ahead of the other two.</p> <p><img src="/files/u69/duckduckgo_privacy_0.jpg" alt="DuckDuckGo Privacy" title="DuckDuckGo Privacy" width="620" height="525" /></p> <p><strong>Winner: DuckDuckGo</strong></p> <h3>Easter Eggs</h3> <p>There's no denying that Google has a sense of humor and likes to have fun. The company demonstrates this time and time again, whether through its creative doodles (including interactive ones) or by dropping Easter eggs from time to time. Have you ever tried searching for "<a href=";oq=do+a+barrel+roll" target="_blank">do a barrel roll</a>" on Google? How about "<a href=";oq=askew" target="_blank">askew</a>"? Whether it's searching through Google's <a href="" target="_blank">hacker interface</a> or seeing what search results <a href=";ion=1&amp;espv=2&amp;ie=UTF-8#q=google+in+1998" target="_blank">looked like in 1998</a>, there are plenty of tricks and fun stuff to discover in Google.</p> <p><img src="/files/u69/google_barrel_roll.jpg" alt="Google Barrel Roll" title="Google Barrel Roll" width="620" height="525" /></p> <p><strong>Winner: Google</strong></p> <h3>And the Winner Is...</h3> <p>If you're keeping score at home, then you already know that Google takes this contest by winning three of the five categories and notching a tie in another. By that token, Google has the best search engine of the bunch, and while it's the one we use most often, we're willing to concede there are valid arguments in favor of the other two.</p> <p>For privacy advocates, DuckDuckGo is a solid search engine that lets you surf the web without leaving behind a bunch of bread crumbs for Uncle Sam or anyone else to follow. Your ISP still knows what you're up to, but at least the sites you visit are being kept at arm's length.</p> <p>If you like earning free stuff, Bing is the best option for its rewards program. It's also a very good all-around search engine with accurate and fast results, it's just not as good as Google in the grand scheme of things.</p> best Bing duckduckgo feature Google Privacy search engine Security News Features Mon, 17 Nov 2014 22:46:14 +0000 Paul Lilly 28585 at Bitdefender Offers Free Adware Removal Tool for Windows PCs <!--paging_filter--><h3><img src="/files/u69/bitdefender_adware_removal_tool.jpg" alt="Bitdefender Adware Removal Tool" title="Bitdefender Adware Removal Tool" width="228" height="177" style="float: right;" />Free tool promises to bust a cap in uninvited browser add-ons and other adware</h3> <p>We've praised Bitdefender's Internet Security software on more than one occasion, as it typically performs well in our annual antivirus roundups. The company also offers a <a href="" target="_blank">free antivirus solution</a> for those who don't need a full fledged security suite, and adding to its pro bono portfolio, <strong>Bitdefender just launched a free tool to scan for and rid your system of various kinds of adware</strong>.</p> <p>The new tool is supposed to eliminate annoying apps, adaware, toolbars, and other unwanted browser add-ons, acting as supplementary protection to whichever antivirus solution you're running. It's a nice idea, given that so many installers try to sneak adware onto PCs these days.</p> <p>Do you really need it? That depends on your surfing habits, among other things. Citing a study published by Virus Bulletin, Bitdefender says one in three ad networks may serve malvertising. The research also revealed that almost 7 percent of advertising landing pages were misleading by doling out malware or tricking users with fraud, spam, and phishing tactics.</p> <p>"We decided to use our expertise to create our own adware removal tool, and to offer full-range protection against the whole series of adware-related threats," Bitdefender Senior Product Manager Jonas Selkala <a href="" target="_blank">said</a>. "The tool is backed-up by our #1 awarded anti-malware technologies. It helps users reclaim their computers, by keeping the apps they like, and getting rid of the numerous programs that bug them."</p> <p>The tool scans for things like Adware.SwiftBrowse and Adware.BrowseFox, to name just two. If it finds anything, it will ask your permission before deleting the offending program(s). It also looks for keylogger software and other cruft.</p> <p>We gave the tool a test run and it didn't find anything (no surprise -- we ran it on a somewhat mission critical system). And while it did hit us with an offer for 6 months of Bitdefender Internet Security, we like that it didn't generate misleading findings as a scare tactic into upgrading. As far as we can tell, there's nothing dubious here, just a free program that does what it says (how refreshing is that?).</p> <p>The free tool works with Windows XP on up -- you can grab it <a href="" target="_blank">here</a>.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> adware bitdefender Security Software toolbars News Thu, 13 Nov 2014 15:57:53 +0000 Paul Lilly 28901 at Microsoft's Patch Tuesday Update Squashes 19-Year-Old Windows Bug <!--paging_filter--><h3><img src="/files/u69/windows_95_setup.jpg" alt="Windows 95 Setup" title="Windows 95 Setup" width="228" height="152" style="float: right;" />A critical bug went unaddressed since Windows 95</h3> <p>The second Tuesday of every month is known as Patch Tuesday for Windows users, and if you didn't install yesterday's batch of security updates, there's a good reason why you might want to put it on your short-term list of things to do. <strong>One of the patches in yesterday's Tuesday roundup addresses a critical bug in Windows that went unnoticed for 19 years</strong> and is present in every version of the OS from Windows 95 on up.</p> <p>A security researcher for IBM discovered the bug, which an attacker use can use for drive-by attacks to remotely run code and take over a victim's PC. The vulnerability also allows a remote attacker to sidestep the Enhanced Protected Mode (EPM) sandbox in Internet Explorer 11, as well as the Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free, <a href="" target="_blank">the researcher says</a>.</p> <p>The bug affects Windows Server platforms as well. It's been compared to Heartbleed in potential severity, and though it doesn't appear it's been exploited in the wild, nor does a proof-of-concept exist, now that it's been made public, there could be attacks on unpatched systems.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> microsoft ms14-064 Patch Tuesday Security vulnerability Windows News Wed, 12 Nov 2014 16:51:40 +0000 Paul Lilly 28894 at United States Postal Office Falls Prey to Data Theft, Fingers Point at China <!--paging_filter--><h3><img src="/files/u69/usps_truck.jpg" alt="USPS Truck" title="USPS Truck" width="228" height="140" style="float: right;" />Hacker attack compromised data of over 800,000 postal workers</h3> <p>There are multiple reports that the <strong>United Stated Postal Service suffered a security breach into its computer networks, resulting in the possible theft of data</strong> affecting as many as 800,000 employees and retirees. Personal data such as Social Security numbers may have been stolen in the breach, and though officials aren't saying who they think is responsible, the general consensus is that China is behind the attacks.</p> <p>"It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity," Postmaster General Patrick Donahoe <a href="" target="_blank">said in a statement</a>, according to <em>The Washington Post</em>. "The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data."</p> <p>Other personal information obtained in the breach include names, dates of birth, addresses, dates of employment, and more. Fortunately, no credit card information from post offices or online purchases at USPS's website appear to be part of the data theft.</p> <p>China has long held firm in its stance that it doesn't engage in cybertheft, pointing out that such a thing runs afoul of Chinese law. However, China has been linked to numerous hacking incidents, including a recent intrusion into computer systems of the Office of Personnel Management, as well as into systems of USIS, a government contractor that conducts security clearance checks.</p> <p>Unlike recent attacks on Target and Home Depot, which are believed to have originated from Eastern European criminal groups, there are no signs of credit card fraud or identity theft. That begs the question of why bother infiltrating the USPS, <em>The New York Times</em> <a href="" target="_blank">reports</a>.</p> <p>Image Credit: <a href="" target="_blank">Flickr (David Guo)</a></p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> china hacking post office Security usps News Mon, 10 Nov 2014 21:17:13 +0000 Paul Lilly 28876 at Security Firm AVG Sees Rash of Suitors Emerge <!--paging_filter--><h3><img src="/files/u69/avg_laptop.jpg" alt="AVG Laptop" title="AVG Laptop" width="228" height="149" style="float: right;" />Software security makers are suddenly hot acquisition targets</h3> <p>One of the names that always comes up when discussing free antivirus software is AVG Technologies. The company also offers a line of paid products for those who want more robust protection and features, and after 13 years in the business, has built up a market capitalization of around $930 million. AVG's also made itself attractive to suitors -- <strong>it's being reported that potential buyers have approached AVG</strong> amid a wave of deals for security software makers.</p> <p>Citing "people familiar with the matter," <em>The Wall Street Journal</em> <a href="" target="_blank">reports</a> that multiple private equity firms and at least one technology company have all approached AVG about a takeover. These are all unsolicited bids, and though nothing is imminent, if a deal does take place, it's likely to happen in the coming months.</p> <p>Security software is sexy right now, and AVG is a recognizable brand with quite a few assets. Indeed, AVG has been increasing its brand value through acquisitions of its own. It's an ongoing strategy, with AVG recently announcing plans to acquire mobile security outfit Location Labs as well as Normal Safeground, <em>WSJ</em> says.</p> <p>The play for security software is likely to intensify as cyber attacks increase in frequency and sophistication. And with AVG, it's a relatively affordable option, considering that Intel paid nearly $7.7 billion to <a href="" target="_blank">acquire McAfee</a>.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> antivirus AVG Security Software News Fri, 07 Nov 2014 16:05:11 +0000 Paul Lilly 28859 at Patriot's Supersonic Bolt XT Flash Drive Line is Super Secure <!--paging_filter--><h3><img src="/files/u69/patriot_supersonic_bolt_xt_connector.jpg" alt="Patriot Supersonic Bolt XT" title="Patriot Supersonic Bolt XT" width="228" height="162" style="float: right;" />Rugged and secure storage</h3> <p>Security's become a sensitive subject ever since former NSA contractor Edward Snowden blew the whistle on the U.S. government's spying shenanigans, and if you don't fancy wearing a tinfoil hat, you might be interested in Patriot Memory's latest storage device. To begin with, <strong>Patriot's new Supersonic Bolt XT flash drive family boasts built-in FIPS 197 compliant hardware-based 256-bit AES data encryption</strong>.</p> <p>Should the drive fall into the wrong hands, it's been trained to swallow a virtual poison pill after multiple failed attempts to guess the password -- 10 consecutive failed attempts, to be exact, after which point it locks down and reformats itself. Of course, that can work against you if you have trouble remembering passwords, but hey, we suppose that's price of privacy these days.</p> <p>The Supersonic Bolt XT also offers a bit of physical protection for your data by way of a ruggedized, rubber housing. We doubt you could run one of these over with a tank and expect it to work, but for "common day drops and bumps," it should be just fine, Patriot says. It's also water resistant.</p> <p><img src="/files/u69/patriot_supersonic_bolt_xt.jpg" alt="Patriot Supersonic Bolt XT" title="Patriot Supersonic Bolt XT" width="620" height="290" /></p> <p>In terms of performance, these are USB 3.0 drives, though not the fastest around. Patriot rates the drives at up to 150MB/s read and up to 30MB/s write performance.</p> <p>The Supersonic Bolt XT is available now in <a href=";catid=92&amp;prodgroupid=298&amp;id=8308&amp;type=23" target="_blank">16GB</a> ($50), <a href=";catid=92&amp;prodgroupid=298&amp;id=8309&amp;type=23" target="_blank">32GB</a> ($70), and <a href=";catid=92&amp;prodgroupid=298&amp;id=8310&amp;type=23" target="_blank">64GB</a> ($130) capacities.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> bolt encryption Flash Drive Hardware mobile Patriot Security storage USB 3.0 News Mon, 03 Nov 2014 14:18:07 +0000 Paul Lilly 28829 at Breakup Rumor: Symantec May Be Next Company to Split into Two <!--paging_filter--><h3><img src="/files/u69/symantec_0.jpg" alt="Symantec" title="Symantec" width="228" height="152" style="float: right;" />Breaking up is the trendy thing to do in tech</h3> <p>We don't know if it's something in the Starbucks lattes in Silicon Valley or what, but all of a sudden companies are either announcing breakups or exploring whether or not to spin-off a division. Auction site eBay recently announced that it plans to give Paypal a set of wings and let it fly solo, and then Hewlett-Packard decided that it too was ready for a split (between its PC and printer businesses). Now there's <strong>talk that Symantec is considering a breakup</strong> as well.</p> <p>According to a <a href="" target="_blank"><em>Bloomberg</em> report</a>, the Mountain View firm is in "advanced talks" to separate its security and data storage business into individual companies. While Symantec has no comment on the matter, an announcement could be just weeks away.</p> <p>Symantec is looking for a spark after seeing its revenue drop during its last fiscal year, and the projections for this year don't look any better. The disappointing numbers cost Symantec's former CEO Steve Bennett his job this part March, who was the second chief to be <a href="" target="_blank">shown the door</a> in the past two years. Last month, Symantec appointed Michael Brown as its interim CEO, and it's said that he's in favor of a breakup.</p> <p>Should a split occur, it could be just the first step of more changes to come. As separate entities, Symantec's security and data storage businesses could each become attractive acquisition opportunities for the right buyer.</p> <p>Image Credit: <a href="" target="_blank">Flickr (Kazuhisa OTSUBO)</a></p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> antivirus business Security split storage symantec News Wed, 08 Oct 2014 15:35:05 +0000 Paul Lilly 28683 at