Entries in Security (9)


Skype Fixes Major Password Security Hole

Joanna Stern/ABC News(NEW YORK) -- It's not a good week for password security. Only a few days after Twitter reset a number of passwords because of a security breach, Skype also has had a password security problem.

Early Wednesday morning it was found that Skype's password reset tool had been compromised. Discovered by Russian hackers and first reported by the tech site Next Web, all that was needed to get into a Skype account was a Skype user name and the associated email address. The typical security roadblocks between getting into an account weren't in place; it didn't ask a user to confirm an email address with an email or answer a security question.

In response, Skype, which is now owned by Microsoft, first disabled the password reset feature Wednesday morning. But by 11 a.m. ET it had made updates to the tool. It now assures users that it is working properly. Skype claims only a small number of users were affected.

"This issue affected some users where multiple Skype accounts were registered to the same email address," Skype said in a statement on its website. "We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users, and we apologize for the inconvenience."

Something different happened with Twitter earlier in the week. After an unknown website or online service compromised some accounts, Twitter users received an email notification asking them to choose new passwords. Twitter admitted that it reset more passwords than it should have. "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused," the company said.

Why is this happening? "The systems themselves can be compromised in a few ways. For instance, internally they might be missing patches that are allowing criminals to access servers," Robert Siciliano, an online security expert with McAfee, told ABC News. "You might have all the doors, but the locks are broken. With Skype and Twitter this week, they might have the systems in place, but they don't have the latest, greatest security to combat the certain attacks."

In this case, Siciliano couldn't offer any concrete user action, since this is really on the companies themselves. "It is beyond your control. If their systems are not set up properly, it really is buyer beware. Never assume these services, especially the free ones, have bullet-proof security systems."

Copyright 2012 ABC News Radio


Internet Firm VeriSign Repeatedly Hacked In 2010

GABRIEL BOUYS/AFP/Getty Images(NEW YORK) -- The latest firm to reveal it was hit by computer hackers may come as a surprise, even to those who have warned that cyber threats are a growing concern.

VeriSign, the infrastructure services company behind some of the servers that provide the foundation for the Internet, has revealed it was repeatedly hacked in 2010.

“The disclosure did not happen as a result of VeriSign discovering the breach and taking responsible, proactive action to alert customers and address the situation,” PC World reports. “No, VeriSign buried the information in a quarterly Securities and Exchange Commission (SEC) filing as if it was just another mundane tidbit.”

It was not immediately clear what information was compromised in the attacks.

FBI director Robert Mueller said Thursday, "I do believe that the cyber threat will equal or surpass the threat from counterterrorism in the foreseeable future.”

Echoing Mueller's sentiment, House intelligence committee chair Rep. Mike Rogers (R-MI) also warned, “a cyber attack is on its way.”

“We will suffer a catastrophic cyber attack," Rogers said. "The clock is ticking and winding down."

Copyright 2012 ABC News Radio


Blackwater Renames Itself, Wants to Go Back to Iraq

Thinkstock/Comstock(ARLINGTON, Va.) -- The private security firm once known as Blackwater, which was forced out of Iraq after a shooting incident in which 17 civilians died, has changed its name for the second time in three years as it tries to win the right to do business in Iraq again.

CEO Ted Wright said that the newest name, Academi, was an attempt to demonstrate that the firm had become "a new company" since investors bought it one year ago from founder Erik Prince -- a company that potential clients would find nice and "boring."

Blackwater changed its name to Xe Services in early 2009, and also had a number of subsidiary and affiliate companies that did business under other names. Wright said that all branches would now operate under the new name. "We have simplified our legal structure so everything is under the Academi name, with the exception of joint ventures."

Under the name Academi, the company is working with a consulting firm to win a license to work in Iraq again. "The opportunity in Iraq is large," said Wright, "and after U.S. troops leave, commercial companies doing business in Iraq will also need our services."

The company's license to operate in Iraq was revoked after a Sept. 16, 2007 incident in which 17 civilians were killed by Blackwater contractors in Baghdad's Nisour Square. Blackwater guards opened fire while attempting to clear the path for a State Department convoy. Manslaughter charges against the contractors were ultimately dropped.

Asked whether Prince would have any relationship with the new company, Mr. Wright replied, "no, [Prince] has no involvement, ownership or control operationally. I've never met the man."

Prince, a former Navy SEAL, founded Blackwater in 1997 and built a multi-thousand-acre complex in Moyock, North Carolina. Blackwater won more than $2 billion in federal contracts and became the preeminent supplier of private security for State Dept. installations. Prince resigned from the company soon after it changed its name to Xe, and in 2010 moved to Abu Dhabi.

In November, Rep. Jan Schakowsky, D.-Ill., claimed that Prince was trying to intimidate her by threatening a defamation suit after she allegedly told a British paper he had moved abroad to avoid criminal consequences for Blackwater's actions.

Wright said that Academi's customers don't want to read about the company in the press, at least "in a negative fashion."

Wright said Academi planned to keep doing "the great job we've done," and stay away from negative press. "So in that sense, we'll be boring," said Wright.

Copyright 2011 ABC News Radio


Most Americans Feel Safer Flying Now than Before 9/11 Attacks

Medioimages/Photodisc/Thinkstock(TAMPA, Fla.) -- Airport safety wasn't that much of a concern before the terrorist attacks of Sept. 11, 2001, but the public's mindset has changed since then.

AAA South says an overwhelming majority of Americans -- 84 percent -- are worried that another 9/11-style attack involving planes could happen again.  Yet, because of the all the security measures instituted since then that have raised prices, delayed flights and frayed passengers' nerves, they somehow feel safer than a decade ago.

The AAA survey finds that 77 percent of respondents believe airport security is much improved since the 9/11 attacks.

Flight bookings dropped significantly immediately after 9/11 but have since climbed back, in large part to Americans having greater confidence in airport security and less fears of terrorism.

Copyright 2011 ABC News Radio


FAA Losing $30 million Per Day until Congress Passes Funding

Comstock/Thinkstock(WASHINGTON) -- On Monday, 4,000 Federal Aviation Administration employees were told not to report for work, and as a result, the government lost $30 million in airline tax revenue and $2.5 billion worth of airport construction projects were left abandoned.

For the first time in history, the Federal Aviation Administration (FAA) has been shut down because Congress adjourned Friday without passing a bill to continue its funding.

The shutdown does not affect TSA security screeners, air traffic controllers or flight safety inspectors in any way. “I want to make this very clear. The traveling public’s travel will not be compromised,” said Secretary of Transportation Ray LaHood. “[Air traffic] controllers went to work all over America this week. People are flying safely all over America.”

In a conference call with reporters Monday, LaHood said Congress' inability to keep the FAA up and running "is exactly why the American people are fed up with Washington.”

“We cannot afford to wait,” LaHood said. “Congress needs to get its act together, come back to Washington and get to work this week to pass an FAA reauthorization bill.”

In the meantime, projects such as plans to improve airport efficiency, inspections at five airports to approve runways for larger planes and engineering initiatives to design quieter approaches in and out of airports have all been halted, said FAA Administrator Randy Babbitt.

"This is going to slow down our ability to expand to keep up with growing demand,” Babbitt said. “We just simply want to have Congress do its job and let us get back to running the safest and best aviation system in the world.”

LaHood said there is “no excuse” for Congress failing to at least pass a “clean” funding bill, like it has 20 times since the last long-term authorization bill expired in 2007.

Senate Majority Leader Dick Durbin proposed such a “clean” bill Friday afternoon, but was met with objections from Sen. Orin Hatch, R-Utah, who said the Senate should pass the House’s version of FAA reauthorization instead, which passed the lower chamber in April.

The House bill includes two sticking points for Senate Democrats. First, it cuts subsidies for rural airports and second, it rolls back a new law making it easier for airline employees to unionize.

Copyright 2011 ABC News Radio


FBI Data Center Raid Disrupts Instapaper

Instapaper Logo by Instapaper

(NEW YORK) -- Instapaper, a service that stores web pages for offline viewing, recently experienced a significant reduction in performance. While performance issues frequently plague small Internet companies, Instapaper’s troubles may have been analogue, not digital.

This afternoon founder and developer Marco Arment reported on his blog that Instapaper servers were seized by the FBI during a raid on his web host’s data center. Mr. Arment cites a New York Times report that the FBI were involved with a raid on a data center in Virginia leased by DigitalOne, a Switzerland-based web hosting company, on the morning of June 21st. A press release issued by the FBI appears to confirm that the raid took place.

ABC News has reached out to Mr. Arment for a comment. According to Mr. Arment’s blog post and subsequently confirmed by the New York Times, Instapaper’s involvement was only incidental. The FBI seized over two dozen servers as a part of larger investigation of the LulzSecurity hacker group.

According to the FBI, “warrants obtained from the U.S. District Court for the Western District of Washington and elsewhere throughout the United States led to the seizure of 22 computers and servers in the United States that were involved in facilitating and operating a scareware scheme.”

Instapaper has been able to rebound from the raid. However, recent cyber-attacks allegedly lead by groups such as Anonymous and LulzSecurity have increased public awareness of Internet security. Tuesday’s FBI raid may have a similar effect on the legal status of web data.


Dan Patterson

Copyright 2011 ABC News Radio


Sony PlayStation Network Further Delayed

Jupiterimages/Brand X Pictures(TOKYO) -- PlayStation network users will have to wait a little longer. Sony is holding off on restoring the service so that it can conduct additional testing to make sure that personal data is safe.

Last month, Sony admitted that the PlayStation network had been hacked, and the accounts of more 100 million customers compromised.

No word on how much longer the network would be down.

Copyright 2011 ABC News Radio


Sony Apologizes for PlayStation Security Breach

Stockbyte/Thinkstock(NEW YORK) -- Sony executives are apologizing for last week's PlayStation security breach. Over the weekend, they admitted that they still don't know who's to blame. Personal data of 77 million people was compromised. In an effort to make it up to their customers, Sony will be offering 30 days of free service.

The PlayStation breach is just the latest hack attack on a company's customer data, but online customers are still entering more private info than ever. Experts say that means there's little incentive for companies to improve their computer security.

Copyright 2011 ABC News Radio


Airlines to Test Self-Tagging for Baggage, Could Save Them Money

Photo Courtesy - Getty Images(WASHINGTON) -- American Airlines and Air Canada are reportedly in talks with the Transportation Security Administration to begin having passengers print their own baggage tags and attach them to their luggage.  The initiative would be tested at Boston's Logan Airport.  USA Today says Delta is in talks to conduct tests at another airport.  Passengers tag their own bags on many airlines in other countries, but in the U.S. it must be done by airline employees.

Officials say it would not compromise security because it would not change the way passengers or bags are screened. 

In addition to saving passengers time, it could save the airlines money.  It takes one step out of the process by which airline employees get you from the entrance of one airport to the exit of another.  That kind of streamlining means fewer airline agents would be needed overall.  USA Today says the airline industry employed 564,000 people in August, down 8.4 percent from August 2005.

Copyright 2010 ABC News Radio

ABC News Radio