Latest Android encrypted by default, adds “smart” device locking

The latest version of the Android operating system, Lollipop, adds encryption by default, along with a variety of easy-to-use ways to lock and unlock the phone and a more secure foundation to help protect devices against current threats.

In a blog post published on Tuesday, Google described the features, which will begin shipping with the Lollipop operating system in new Android devices in the coming weeks. While some of the capabilities, such as encryption, are already included in the current Android OS, the new version will turn them on by default.

Many of the security features were born of Android’s open-source foundations and the fact that other researchers and companies can create and test new security features for the operating system, Adrian Ludwig, lead security engineer for Android at Google, said during a briefing on the security features.

Read 11 remaining paragraphs | Comments

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it [...] The post Serious Linux/UNIX FTP...

Read the full post at

White House unclassified network hacked, apparently by Russians

The unclassified network of the Executive Office of the President—the administrative network of the White House—was breached by attackers thought to be working for the Russian government, according to multiple reports. The Washington Post reported that an investigation is ongoing, and White House officials are not saying what data, if any, was stolen from the computers on the network. “We are still assessing the activity of concern,” an unnamed White House official told the Post.

According to the Post’s anonymous sources, the breach was discovered in early October after a friendly foreign government alerted US officials. The network’s virtual private network access was shut down, and some staff members were told to change passwords. "We took immediate measures to evaluate and mitigate the activity,” the Post’s source at the White House said. “Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”

This isn’t the first time attackers, apparently sponsored by a foreign state, have targeted the White House’s network. In 2008 and 2012, Chinese hackers penetrated the White House’s network. On the first occasion, the attackers gained access to the White House’s e-mail server; in 2012, a phishing attack against White House staffers gave attackers access to the network, though officials said no sensitive data was exposed.

Read 1 remaining paragraphs | Comments