Security

Microsoft has confirmed it automatically uploads Windows 10 disk encryption keys to its servers. The company says it was a deliberate decision based on weighing up the worst case scenarios. The encryption key in question is not related to logging ... into and running Windows itself. Instead its an encryption of the entire hard drive of the device running Windows 10. This means that if somebody physically steals your computer, they can't make any sense of the data, even if it's been copied to another device (using a disk image backup, for example). Encryption Key Would Help Computer Thieves ... (view more)

Google is testing a login method that doesn't require a password. The problem is that the method doesn't necessarily add any convenience and isn't as secure as it could be. Reports of the new method have come from a user at the discussion site ... Reddit, who was invited to test the new system. As part of the test, the user must have a smartphone registered. (Source: reddit.com ) The user posted screenshots which show the normal login screen but only asking for an email address (the Google equivalent of a user name) and not for a password. Code Sent To Mobile Screen The screenshots ... (view more)

A newly-identified piece of malware has achieved arguably the ultimate goal of cybercriminals. "Nemesis" is able to infect a Windows computer before the operating system is loaded. The malware is a particularly nasty form of a rootkit . That's ... software which is able to inappropriately access some of the core components of a computer (both hardware and software), often disguising its actions. A rootkit is a serious problem because it's often completely undetectable, which means that it can easily override antivirus software to carry out malicious tasks. In this case, the Nemesis ... (view more)

Toy manufacturer VTech has been the victim of a hack that exposed details of five million customers. The compromised data included some details, albeit limited, of the children who use the products. As its name suggests, VTech's product range ... includes many electronic toys that have increased in sophistication over the years. These include several tablet computers which don't allow web access, but do let children share messages with friends and family and download child-friendly apps through a system known as the "Learning Lodge." No Financial Data Compromised The company has ... (view more)

Dell has confirmed it shipped computers with a major built-in security flaw. The unintentional move could expose users to a significant risk of hackers accessing their personal data. The issue at hand deals with an exploit in the secure sockets ... layer (SSL). Specifically, Dell has inadvertently shipped PCs and laptops with both a trusted root certificate and key, when only the trusted certificate should have been allowed. The idea behind the mishap was to help identify Dell computers when they were connected to Dell's online support service. In this case, the computer's model number could be ... (view more)

Facebook is to warn users when it believes a government is trying to hack their account. The company is giving few details about how it will detect such attempts, or which governments may be involved. The warnings will appear when Facebook has ... reason to believe an "account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state." According to Facebook, the message is not meant as an indication that Facebook's own servers or systems have been compromised - whether by a government or anyone else. Early Warning System Instead, Facebook will ... (view more)

Google is to tone down security warnings for users of the Chrome browser. It believes the move won't increase user risk and may instead encourage websites to improve security. The change involves the way secure websites appear in the address bar in ... Chrome. At the moment, a website in Chrome will appear with one of four icons to the left of the address to indicate whether or not it is secure: A plain white 'blank page' icon indicates an ordinary http site, meaning there's no encryption of data passing back and forth between the website and the user's computer. A green ... (view more)

Some media outlets have accused Microsoft of building creepy keylogger spyware into Windows 10. That's a somewhat overblown interpretation, but some users may want to take the option to turn off the relevant setting. Traditionally references to " ... keyloggers " are about unauthorized programs installed on computers, often without the owner's knowledge and often through trickery. Such programs are designed to track everything the user types, then relay the data over the Internet to criminals who then look for passwords, credit card numbers, and bank account information. In this ... (view more)

Mozilla has blocked Adobe Flash from running by default in the Firefox browser, citing security concerns. Meanwhile, Facebook's security chief has called for Adobe Flash to be killed off permanently. Adobe Flash is widely used for both videos and ... animations, including ones which play automatically on a website. The technology has fallen from favor over the years, however, thanks to problems with both performance and security. It's a popular target for malware creators as it is so widely used by users, regardless of their operating system or browser. A big part of the decline came when ... (view more)

Plans to draw up guidelines for how firms use facial recognition technology have fallen apart after civil liberties groups withdrew from talks. They say businesses aren't making a serious offer at an acceptable compromise. Businesses and consumer ... groups have been taking part in facial recognition guideline talks since early last year. They've been organized by the National Telecommunications and Information Administration (NTIA), a government agency. The idea behind the talks was to avoid the need to draw up and implement legislation, something that could be politically tricky. The ... (view more)