House vote sets up Senate cybersecurity showdown
The House's solid bipartisan vote for a cybersecurity bill sends a message to the Senate: Now it's your turn to act.
Ignoring a White House veto threat, the House approved the Cyber Intelligence Sharing and Protection Act, which would encourage companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.
The vote Thursday was 248-168, with 42 Democrats joining 206 Republicans in backing the measure. Read more...
Microsoft blasts Google over iPhone browser tracking, pushes IE9 while it’s at it
With Google acknowledging that it utilised features in its services to bypass Apple’s built-in security measures in its Safari mobile browser to track users, Microsoft has taken the opportunity to join the debate, condemning the search giant and using it as a platform to tout the security of its own browser, Internet Explorer 9.
Remarking that Google’s tracking practices are “not new”, Microsoft’s blog post entitled ‘Browse Without Being Browsed’ accuses the company of circumventing the privacy protections in Apple’s mobile browser “in a deliberate, and ultimately, successful fashion.”
Microsoft then proceeds to list how its Internet Explorer 9 browser has some of the “strongest privacy protection in the industry,” highlighting its Tracking Protection feature and how it puts users in control of their actions online.
“Not Google. Not advertisers. Just you,” Microsoft declares. Read more...
Adobe launches sandboxed Flash Player for Firefox, hopes for fewer exploits
Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.
"The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach," said Peleus Uhley, platform security strategist at Adobe, in a blog post on Monday. "Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities."
In secure software development, sandboxing refers to the practice of isolating a process from the operating system in order to minimize the fallout of a potential exploit. This type of technology has gained popularity in recent years, primarily because of its use in Google Chrome, a browser that has never experienced a successful remote code execution attack so far. Read more...
The Patriot Act and your data: Should you ask cloud providers about protection?
Worries have been steadily growing among European IT leaders that the USA Patriot Act would give the U.S. government unfettered access to their data if stored on the cloud servers of American providers -- so much so that Obama administration officials last week held a press conference to quell international concern over the protection of data stored on U.S. soil.
Patriot Act Games
The unease over the reach of Patriot Act provision -- which expands the discovery mechanisms law enforcement can use to access third-party data -- has been amped up by the sales and marketing efforts of some European cloud providers, seeking to set apart their services as a way to keep corporate data out of the hands of the American government. The most blatant examples are two Swiss companies touting their cloud options as "a safe haven from the reaches of the U.S. Patriot Act," but it's become a popular topic at negotiating tables across the continent.
"I don't see how you have a pitch meeting with one of these European cloud providers and not have subject of the Patriot Act concerns come up," says Alex Lakatos, a partner and cross-border litigation expert in the Washington, D.C. office of Mayer Brown.
Anxiety was heightened last year when a Microsoft UK managing director admitted that he could not guarantee that data stored on the company's servers, even those outside the U.S., would not be seized by the U.S. government.
"Some of it certainly is companies trying to take advantage of the Patriot Act to market against U.S. competitors," Lakatos says. "Some of it is just the general concern Europeans have about the Patriot Act." While the 9/11-inspired legislation has been misused in a variety of ways, says Lakatos, some of those perceptions don't necessarily mesh with reality. Read more...
Chrome is the most secured browser – new study
Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox.
The 102-page report, prepared by researchers from security firm Accuvant, started with the premise that buffer overflow bugs and other security vulnerabilities were inevitable in any complex piece of software. Rather than relying on metrics such as the number of flaws fixed or the amount of time it took to release updates, the authors examined the practical effect protections included by default in each browser had on a wide class of exploits.
Their conclusion: Chrome is the most secured browser, followed closely by Microsoft IE. Mozilla's open-source Firefox came in third, largely because of its omission of a security sandbox that shields vital parts of the Windows operating system from functions that parse JavaScript, images and other web content. Read more...
Mobile phones are great for phishers, researchers find
Computer users seem to be getting better at spotting fake websites that are trying to steal their passwords, but when it comes to mobile phones, the deck is most definitely stacked against them.
Researchers at the University of California, Berkeley, recently took a look at 100 mobile applications, written for Android and the iPhone, and then thought up 15 techniques that scammers could use to write malicious programs that steal the victim's user name and password on websites such as Facebook or Twitter.
Their research underscores a thorny issue that promises to demand more attention as users increasingly reach to their mobile phones when they want to go online. Read more...
Feds prep for e-gov shutdown
If the federal government is shut down by a budget impasse Friday night at midnight, the IRS will continue to accept tax returns filed electronically and it will still process refunds, but paper-based returns won't be processed.
Other U.S. government Web sites that offer electronic services unrelated to national security and the protection of life and property likely won't be updated -- and it's possible that some could go offline. Read more...