Microsoft was hacked in the same wave as Apple and Facebook

Microsoft has been hacked, in the same wave of attacks targeting Facebook and Apple. The company made the announcement in a blog post on its website.

You can sleep safe if you use Windows 8 or Windows Phone 8 though, as Microsoft says there's no evidence of any customer data being compromised. Funnily enough, the company says some of its computers in its Mac business unit were among those hacked.

Microsoft says it didn't make a statement immediately, as first it wanted to find out what exactly happened. Only a "small number" of computers were infected by malicious software "using techniques similar to those documented by other organisations."

Last week, Apple announced it had been hit by malware that attacked Java, and a few days earlier, Facebook said it too had been targeted. Just don't tell Jeff JarvisTwitter was also hacked last month, with 250,000 accounts affected.

Newspapers including The New York TimesWashington Post and Wall Street Journal have all accused China of cyber attacks, though the origins of the hack targeting Microsoft haven't been revealed. Google's Eric Schmidt has penned a book on the subject, calling China "the world's most active and enthusiastic filterer of information", as well as the "most sophisticated and prolific hacker of foreign companies."

Microsoft acknowledged these kind of attacks are par for the course in the modern tech landscape. It said in its blog post: "This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries… We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorised access to our networks."

[Source: CNET]

Twitter ratchets up phishing protection by adopting DMARC standard

Phishing emails often pose as being sent by major league sites rather than princes from far-flung countries, but Twitter's implemented a new measure to stamp out phonies that borrow its name. Costolo and Co. announced that, earlier this month, they began leveraging a tech called DMARC that establishes a way for email providers to authenticate senders and reject messages penned by impostors. While the DMARC specification does need support from e-mail services, outfits including AOL (which happens to be our parent company), Gmail, Hotmail / Outlook and Yahoo already make use of it. According to Twitter, it's now "extremely unlikely" that the majority of their users will receive emails masquerading as being sent from a Twitter.com address. We're sorry to disappoint, but it looks like you'll have to get your fix of foreign lottery notices from somewhere else.

[Source: Engadget]


Twitter Attacked and 250,000 Accounts Potentially Compromised

Twitter is sending out emails to 250,000 users of the service that may have had their accounts compromised this week to change their passwords.

If you’re a user of Twitter and receive an email similar to the one you see above – as I did earlier this evening – congratulations, your account may be one of the 250,000 that were potentially compromised this week. In a blog post on the company’s site this evening the situation was explained as clearly as it could be.

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

Twitter explained that it decided to be very public about this situation as it believes this was the work of a sophisticated group and that this isn’t the only attack that it has been orchestrated against companies as of late.

Should you be unfortunate enough to receive one of these emails, make sure to change your password immediately.

[Source: TechnoBuffalo]

Google proposes wearable password ring to stop hackers

Think your online accounts are safe? Google doesn't reckon so. In fact, it's come up with a whole new way to stop anyone hacking your profile: USB jewellery.

I'm not kidding. CNET reports Google is mulling over a finger ring that you plug into your PC to authenticate your identity, eliminating the need for a password. Intrigued? Read on.

Google reckons passwords are no longer safe, what with all the hacking going on nowadays. "We contend that security and usability problems are intractable," Google's Eric Grosse and Mayank Upadhyay write in an article due to be published later this month. "It's time to give up on elaborate password rules and look for something better."

And this'll most likely be hardware. Google already uses two-step verification -- whereby you're sent a unique code to enter along with your password -- but "not nearly enough" people use it, according to the two Googlers.

A ring, or some other piece of wearable tech, would plug into your PC, communicate its identity via a website, and let you access your accounts, with no entering passwords required. Which would be a blessing, considering how many passwords we're required to remember nowadays. And how tricky they're supposed to be, to ward off hackers.

So why a ring? Well the authors reckon it should be something that's always with you, so you can't forget it. "Some more appealing form factors might involve integration with smart phones or jewellery that users are more likely to carry anyway," they write. "We'd like your smart phone or smartcard-embedded finger ring to authorise a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity."

So there you go. A password ring could be a new way to give hackers the finger.

[Source: CNET]

Oracle patches Java exploits, toughens its default security levels

Oracle hasn't had a great start to 2013. It's barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well -- it makes the "high" setting the default and asks permission before it lauches any applet that wasn't officially signed. If you've been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves.

[Source: Engadget]

CES 2013: iSmartAlarm promises a sub-$100, iOS-based security system

Our sister site, Engadget, got a chance to try out the iSmartAlarm, which is a Wi-Fi camera set with LED lights that send an alert to your iPhone if it detects movement in your home. There's a number of options, including being able to see the movement, call 911 or just ignore it. You can also get a remote tag (the site boasts it will track children and pets), motion sensor and contact sensors for use in a window or door.

We've tested a number of home security systems that work with iOS, most recently the SwannSmart ADS-450 WiFi Network Camera. With a sub-$100 entry price -- the camera is $79, Engadget reports -- this system might be attractive to those looking for an iOS-based security system. iSmartAlarm is seeking funding through IndieGogo, however the page is not active yet.

[Source: TUAW]

Google services grind to a halt in China, political transition suspected as the culprit

As eagerly as Google has gone through routing acrobatics to minimize the Chinese government's ability to censor and spy on its its services, it's still at the mercy of the Great Firewall. The company might have just run head-first into the bricks as of Friday. As confirmed by some of our own staff, all of Google's services stopped working in China for at least the better part of a day despite the search firm verifying that everything was in good working order. Officials haven't confirmed that anything was afoot, but it's easy to raise the specter of possible censorship given local political maneuvering. The once-a-decade Communist Party Congress began on Thursday, and the establishment may have wanted to cut off a relatively unfiltered line of communication for dissidents during a transition of power. We're hearing that access may have ameliorated in at least parts of the country, which would be a pleasant surprise -- not that a sudden improvement in service will cheer up those who know they still face a backlog.

[Source: Engadget]

Microsoft's November security updates include critical Windows 8 and RT patches

Microsoft recently issued its "Security Bulletin Advance Notification" for this month, detailing which operating systems and software will be updated on November 13th. While many products are being addressed, including Office for Mac, newly released Windows 8 and RT are the most notable entries on the list. The first patches since they hit the market will fix "critical" issues which open them up to "remote code execution." Microsoft hasn't gone into specifics (obviously), but you can register for a webcast being held on the 14th (see source link) should you want enlightening. If you thought your fresh machine or slate was flawless, we're afraid to say it's just another member of the 'Patch Tuesday' club.

[Source: Engadget]