Privacy, Google Now, Scroogled, and the connected world

2013 saw the launch of Google Now, a service which aspires to alert you to information you care about at just the right time. Rather than mechanical reminders of events 15 minutes before start time, Google Now promises to take into account location, when you are likely to have to leave to arrive where you

…continue reading Privacy, Google Now, Scroogled, and the connected world

Adobe’s security calamity: 2.9 million customer account details accessed

Adobe has reported a major security breach. According to the FAQ:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration

…continue reading Adobe’s security calamity: 2.9 million customer account details accessed

Does anti-virus work? Does Android need it? Reflections on AVG’s security suite

I’m just back from AVG’s press event in New York, where new CEO Gary Kovacs (ex Mozilla) presented the latest product suite from the company.

Security is a huge topic but I confess to being something of a sceptic when it comes to PC security products. Problems include performance impact, unnecessary tinkering with the

…continue reading Does anti-virus work? Does Android need it? Reflections on AVG’s security suite

Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet

If you could describe the perfect document security system, it might go something like this. “I’d like to share this document with X, Y, and Z, but I’d like control over whether they can modify it, I’d like to forbid them to share it with anyone else, and I’d like to be able to destroy

…continue reading Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet

Ubuntu forum hack sets same-password users at risk

Canonical has announced a comprehensive security breach of its forums.

Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one

…continue reading Ubuntu forum hack sets same-password users at risk

What is mobile security? And do we need it?

I attended Mobile World Congress in Barcelona, where (among many other things) numerous security vendors were presenting their latest mobile products. I took the opportunity to quiz them. Why do smartphone users need to worry about security software, which many users were glad to leave behind with their PC? I observed that whereas I have

…continue reading What is mobile security? And do we need it?

Another reason to use tablets: desktop anti-virus does not work

The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.

Note the following:

Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products

…continue reading Another reason to use tablets: desktop anti-virus does not work

Got a Ruby on Rails application running? Patch it NOW

A security issue has been discovered in Ruby on Rails, a popular web application framework. It is a serious one:

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a

…continue reading Got a Ruby on Rails application running? Patch it NOW

Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer

A principal engineer at Nokia, Justin Angel, has written a piece showing how to hack apps on Windows 8, undermining their potential revenue for the app vendors. “This is an educational article written in the hope both developers and Microsoft can benefit from an open exchange of knowledge,” he says, adding that the article was

…continue reading Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer

Microsoft toughens logo requirements for Windows 8, forbids startup apps

Today I came across the certification requirements for Windows 8 desktop apps. This is the successor to the Windows 7 Logo program, and represents a set of best practices required for software to display the official Windows logo.

In practice, I am not sure how many buyers check that software is certified before buying, though

…continue reading Microsoft toughens logo requirements for Windows 8, forbids startup apps