cybersecurity

A group of senators today introduced a bipartisan cyber security bill that includes some new regulation requirements but does not give the president emergency authorities to interfere with the Internet as a previous version did.

The Cybersecurity Act of 2012 calls for the Department of Homeland Security (DHS) to assess risks and vulnerabilities of computer systems running at critical infrastructure sites such as power companies and electricity and water utilities and to work with the operators to develop security standards that they would be required to meet.

The DHS would determine which companies fit the definition of critical infrastructure as … Read more

President Obama plans to increase U.S. funding by 5 percent next year for research and development of a broad swath of technologies, according to his proposed fiscal 2013 budget, which was released today.

The president's budget (see below) has earmarked $140.8 billion for overall R&D, specifically focusing on those areas that will "directly contribute to the creation of transformational technologies that can create the businesses and jobs of the future."

To further research of clean energy, smart infrastructure, wireless communications, and cybersecurity, Obama plans to divide $13.1 billion among the National Science … Read more

Move over, Cameron Diaz, there's a new leader in the race to be the "world's most dangerous celebrity."

Former Victoria's Secret model and current host of "Project Runway," Heidi Klum is the Internet's "most dangerous celebrity," security firm McAfee announced today. According to McAfee, when people type Klum-related queries into a search engine, nearly 10 percent of the results are "malicious."

"Fans searching for 'Heidi Klum and downloads,' 'Heidi Klum and 'free' downloads,' 'Heidi Klum and screensavers,' 'Heidi Klum and hot pictures' and 'Heidi Klum and videos' … Read more

A new flavor of Android malware is disguising itself as a Google+ app in an attempt to capture instant messages, GPS, location, call logs, and other sensitive data.

Uncovered by the team at Trend Micro, the new malware known as ANDROIDOS_NICKISPY.C can also automatically answer and record phone calls. To capture data, the app loads at boot-up and runs certain services that can monitor messages, phone calls, and the user's location, thereby stealing e-mail and other content.

Detailing its findings in a blog Friday, Trend Micro said it discovered that the malicious app tries to trick people by installing itself under the name Google++.

But instead of providing access to Google's new social network, the app sends its stolen user data to a remote site where presumably cybercriminals can grab it. Unlike some malware in the past that masqueraded as legitimate apps through Google's Android Market, this particular one must be downloaded by an unsuspecting user from a malicious Web site and then manually installed.

And even if installed, the app can be uninstalled from an Android device by selecting Settings > Application > Manage applications, choosing Google++ and then clicking Uninstall, according to Trend Micro.

Trend Micro gives the app a low-risk rating, but it's still something that Android owners should be sure to avoid.

Android users concerned about security can learn how to better protect themselves through Trend Micro's online guide "5 Simple Steps to Secure Your Android-Based Smartphones."… Read more

The Pentagon today elaborated on its plans to defend privately-owned Internet servers owned by banks, transportation and utility companies, and other key firms from electronic attacks, a proposal that has raised privacy concerns in the past.

"Our assessment is that cyberattacks will be a significant component of any future conflict, whether it involves major nations, rogue states, or terrorist groups," William Lynn, the deputy secretary of defense, said during a speech at the National Defense University in Washington, D.C.

To illustrate the sophistication of such attacks, Lynn said a foreign government was behind a cyberattack in March … Read more

Software made by a Chinese company and used around the world by chemical, defense, and energy companies contains security holes that attackers could exploit to hack into critical systems.

In an advisory issued yesterday (PDF), the Department of Homeland Defense warned of two vulnerabilities in software made by Beijing-based Sunway ForceControl (Google Translate English version). The Chinese company makes SCADA (supervisory control and data acquisition) software, which is used in computer systems that control and monitor manufacturing plants and equipment used by different industries.

Discovered by security researcher Dillon Beresford of NSS Labs, the security holes could allow cybercriminals to … Read more

Google grabbed the news spotlight this week as it hosted its annual I/O developer conference in San Francisco, but nothing shone as bright as its Chrome browser and the Chrome-based laptop the company introduced.

The Chromebook, touted as an always-on and always-connected computing experience, will be offered by Samsung and Acer starting June 15. The Samsung Chromebook will go for $429 in the U.S. for the Wi-Fi only version and $499 for the 3G version. Acer's Wi-Fi only Chromebook will cost $349.

The devices will be sold in the U.S. by Amazon.com and Best Buy. … Read more

The White House today sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities.

This proposal seems designed to prod the legislative branch to enact by the end of the year some variety of cybersecurity legislation, which has been stalled by concerns about privacy, Internet "kill switches," and overreaching regulation. One proposal from Sen. Jay Rockefeller (D-W.V.), for instance, would have explicitly given the government the power to "order the disconnection&… Read more

The Obama administration said today that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.

At an event hosted by the U.S. Chamber of Commerce in Washington, D.C., administration officials downplayed privacy and civil liberties concerns about their proposal, which they said would be led by the private sector and not be required for Americans who use the Internet.

There's "no reliable way to verify identity online" at the moment, Commerce Secretary Gary Locke said, citing the rising … Read more