Stories by Jeremy Kirk

Google+

US federal agencies halt background checks by contractor after cyberattack

Two U.S. federal agencies have halted background checks with a contractor that said Wednesday its networks had been breached in a cyberattack suspected to have been coordinated by an unnamed country.

OpenSSL, critical encryption component, gets nine software fixes

Nine software fixes were released Wednesday for OpenSSL, a critical encryption component for exchanging data on the web, although none of the problems are as severe as the "Heartbleed" issue found in April.

Symantec patches privilege escalation flaws in Endpoint Protection

Symantec has released a patch for privilege escalation flaws in its Endpoint Protection product, and the company which found the issues released the exploit code on Tuesday.

PayPal's two-factor authentication is easily beaten, researcher says

A security feature offered by PayPal to help prevent accounts from being taken over by hackers can be easily circumvented, an Australian security researcher has found.

Is your Dropcam live feed being watched by someone else?

Dropcam, the popular video monitoring camera, bills itself as "super simple security." But a pair of researchers plan to show at the Defcon hacking conference later this week how having a Dropcam could get a lot more complicated.

Mozilla warns of leaky developer network database

Mozilla's website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday.

Microsoft security tool EMET 5.0 puts a leash on plugins

The latest release of a Microsoft security tool that's designed to stop exploits lets administrators control when third-party plugins are launched, a long favored route for attackers.

No patch yet for zero day in Symantec Endpoint Protection software driver

A zero-day flaw in a software driver in Symantec's widely used Endpoint Protection product may be tricky to fix.

iPhone gets first free app for encrypting voice calls

An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.

Zero-day flaws found in Symantec's Endpoint Protection

Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.

Using Instagram on public Wi-Fi poses risk of an account hijack, researcher says

A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.

Until the Tails privacy tool is patched, here's how to stay safe

Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.

New guide aims to remove the drama of reporting software flaws

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

'Canvas fingerprinting' tracking is sneaky but easy to halt

A method for tracking users across the Internet called "canvas fingerprinting" is simple to stop, but average Internet users may not know how to do it.

Firm says vulnerability in Tails contained in I2P component

A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.