Posted by & filed under Security News.

After an last's month announcement, Yahoo advises developers that they are implement that the changes in the API setting will be implemented on February 27. Yahoo Mail connections would be getting default HTTPS encryption, enabling HTTPS access to Yahoo Contacts and Profile APIs.

After the said date access to Yahoo Contact and Profile API”s will be limited to SSL Connections.

Tumblr, which is also owned by Yahoo, has also announced this week that SSL encryption will be available to prevent hackers snooping on their activity. However, Tumblr's SSL won’t be activated by default, users will have to go to their Account Settings and turn it on.

The tumblr staff were quoted as posting:

“Any reason I shouldn’t do this?” Nope, not really. It doesn’t change anything about the dashboard, it just encrypts your connection to it. We’ve been using it for weeks and haven’t even noticed. So, yeah, turn it on and forget about it. Easy.”

Posted by & filed under Security News.

The US may be in hot water with France following reports that the NSA snooped on a large number of French citizens.

A report published Monday by French paper Le Monde revealed the spying activities on the part of the National Security Agency, based on documents leaked by former NSA contractor Edward Snowden. From December 10, 2012, to January 8, 2013, the NSA made 70.3 million recordings of phone calls conducted by French citizens. The recordings, which also gathered SMS messages, were apparently triggered automatically based on certain key words.

Read the rest of the story at CNET

Posted by & filed under Security News.

U.S. authorities have charged three foreign nationals with creating and distributing a virus that allowed thieves to steal tens of millions of dollars from victims” bank accounts.

The three are accused of creating the Trojan virus Gozi, which infected more than 1 million computers worldwide and 40,000 in the United States, including computers belonging to NASA, according to court documents unsealed today by U.S. Attorney Preet Bharara in Manhattan. Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating “one of the most financially destructive computer viruses in history.”

The malware installed itself on computers after users clicked on an apparently benign PDF file embedded in an e-mail, allowing the cybercriminals to siphon user names, passwords, and other security information used to hijack online bank accounts, prosecutors alleged.

“Banking Trojans are to cybercriminals what safe-cracking or acetylene torches are to traditional bank burglars — but far more effective and less detectable,” FBI Assistant Director-in-Charge George Venizelos said in a statement. “The investigation put an end to the Gozi virus.”

Kuzmin, a Russian national who was arrested in 2010, pleaded guilty to bank fraud charges in 2011 and agreed to cooperate with federal prosecutors. Kuzmin began conceiving Gozi in 2005 to steal bank account information and hired co-conspirators to write the virus” source code, prosecutors said today.

Read the rest of the story at ZDNET

Posted by & filed under Security News.

A group of hackers claims to have stolen thousands of personal records by breaching the servers of more than 50 universities around the world, including Harvard, Stanford, Cornell, and Princeton.

A group calling itself GhostShell posted to text-sharing site Pastebin more than 120,000 records from the breached servers, including thousands of names, usernames, passwords, addresses, and phone numbers of students and faculty. While most hacker activity is motivated by a desire to steal identities or pranksterism, GhostShell said the goal of its data dump was to focus public attention on the state of higher education

Some of the data appears to have been already publicly available, but some records included sensitive information such as birth dates and employee payroll information. However, GhostShell said in its statement that it sought to limit the amount of information it released.

“We tried to keep the leaked information to a minimum, so just around 120,000+ accounts and records are here, leaving in their servers hundreds of thousands more,” the message said, adding a warning to school regarding the security of their networks. “When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored.”

Read the rest of the story at CNET

Posted by & filed under Security News.

Iranian authorities explained that their decision to block access to Google services, including Gmail, was due to an anti-Islam movie which caused protests throughout the globe.

The film in question, Innocence of Muslims, which appears to have been created to trigger riots in Arab countries, has finally put the search giant in a position where Iran wanted. The matter is that Iran had been looking for a reason to ban Google for a while, but couldn’t find a good one until YouTube refused to remove the anti-Islam movie. Now the local authorities can claim they are saving their citizens from the evil Google.

Abdolsamad Khoramabadi, an Iranian official responsible for censorship in the web and computer crimes, announced that both Google and Gmail will be censored throughout Iran until further notice. However, there was no indication whether the filtering would be temporary or permanent. Actually, the country is going to pull itself out of the web and run the nation as a huge Intranet of state controlled data. Of course, such giants as Google and its mail service would have no place in this scheme anyway.

At the moment, Iranians don’t really care about the anti-Islam film, but aren’t happy that they’ve lost their Gmail accounts. They understand that this move is just a beginning of their cunning Internet plan.

Ali Hakim-Javadi, deputy communications and technology minister, told during the interview that all governmental agencies and offices have already been connected to the national data network (Intranet). In the meantime, the country is worried about another outside hacker attack, especially if Iran gets involved in a war with Israel or the United States.