Internet Security

Facebook Twitter

Skype for iPhone makes stealing address books a snap. High performance access to file storage If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message.

Skype for iPhone makes stealing address books a snap

In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Exclusive: Google, CIA Invest in ‘Future’ of Web Monitoring. The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.

Exclusive: Google, CIA Invest in ‘Future’ of Web Monitoring

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”

Untitled. Mozilla addons site targeted in same attack that hit Google. High performance access to file storage The secure webpage hosting addons for Mozilla Firefox was targeted in the same attack that minted a fraudulent authentication credential for Google websites, the maker of the open-source browser said.

Mozilla addons site targeted in same attack that hit Google

"DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue," Johnathan Nightingale, Mozilla's director of Firefox development, wrote in a statement. Fraudulent Google credential found in the wild. High performance access to file storage Security researchers have discovered a counterfeit web certificate for Google.com circulating on the internet that gives attackers the encryption keys needed to impersonate Gmail and virtually every other digitally signed Google property.

Fraudulent Google credential found in the wild

The forged certificate was issued on July 10 to digitally sign Google pages protected by SSL, or secure sockets layer. It was issued by DigiNotar, a certificate authority located in the Netherlands. The forged certificate is valid for *.google.com, giving its unknown holders the means to mount transparent attacks on a wide range of Google users who access pages on networks controlled by the counterfeiters.