The flaw — which involves a small but measurable number of cases — has to do with the way the system generates random numbers, which are used to make it practically impossible for an attacker to unscramble digital messages. While it can affect the transactions of individual Internet users, there is nothing an individual can…

Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the worlds foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month. via Hacking stunt: Stealing smartphone crypto keys using…

New Mac-based security threats jumped in 2011, but still remain far below that of Windows PCs, according to a posting by F-Secure Labs. A total of 58 unique variants were detected from April through December, according to the Labs Threat Research team. Nearly half, 29, were Trojan-downloaders, which F-Secure defines as a type of Trojan…

Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly…

On Saturday, hackers who say they are members of the collective known as Anonymous claimed responsibility for crashing the Web site of the group, Stratfor Global Intelligence Service, and pilfering its client list, e-mails and credit card information in an operation they say is intended to steal $1 million for donations to charity. The hackers…

REMnux: A Linux Distribution for Reverse-Engineering Malware REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser. http://zeltser.com/remnux/ Torrents – Virtual Machine ISO – Live CD

Microsoft today said it will silently upgrade Internet Explorer IE starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer. The move is an acknowledgement by Microsoft that Googles model — its Chrome browser has updated in the background without user involvement since it debuted more…

When Adobe last week issued an advisory about a dangerous zero-day attack based on an unpatched Adobe Reader vulnerability that was being exploited in the wild to try and seize control of both PCs and Macs, it credited Lockheed Martin for sounding the alarm about it. It’s not the first time Lockheed Martin has been…

The first sign of trouble was a mysterious signal emanating from deep within the U.S. military’s classified computer network. Like a human spy, a piece of covert software in the supposedly secure system was “beaconing” — trying to send coded messages back to its creator. An elite team working in a windowless room at the…

U.S. cybersecurity analysts believe that as few as 12 different Chinese groups could be responsible for the majority of cyberattacks on the United States. Experts suggest that this ’select’ set of hacking groups may be backed, or directed by the Chinese government itself. via Most China-based hacking carried out by ’select few’ | ZDNet.