This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company. Over the last 15 years, I’ve reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were “reverse published” in the newspaper, including... 

Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned. On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist... 

Hackers hijacked the Web site of micro-blogging community Twitter.com early Friday, briefly redirecting users to a Web page for a group calling itself the “Iranian Cyber Army.” The attackers apparently were able to redirect Twitter users by stealing the credentials needed to administer the domain name system (DNS) records for Twitter.com. DNS servers act as a kind of phone book for Internet traffic, translating human-friendly Web... 

Internet service providers in Russia and Ukraine are home to some of the highest concentrations of customers whose machines are infected with the Conficker worm, new data suggests. The report comes from the Shadowserver Foundation, a nonprofit that tracks global botnet infections. Shadowserver tracks networks and nations most impacted by Conficker, a computer worm that has infected more than 7 million Microsoft Windows PCs since it first surfaced... 

Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers. The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said... 

If you use Facebook and care about your privacy, take a moment to read this blog entry. Facebook has made some major changes that may allow a great deal more people to see your personal photos and videos, date of birth, family relationships, and other sensitive information. While logged in to Facebook, click the “Settings” link and you should see a box that looks like the one pictured below. You may see that Facebook has reset your... 

More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. Experts say those incidents came to light in large part due to a proliferation of state data breach notification laws, yet current federal proposals to preempt those state measures would allow paper-based breaches to go …  Read More →

Microsoft released six software updates on Tuesday to fix at least a dozen security vulnerabilities in Windows, Internet Explorer, Windows Server and Microsoft Office. More than half of the flaws earned a “critical” rating, meaning criminals could exploit them to break into vulnerable systems without any help from users. Separately, Adobe Systems Inc. issued critical security updates to its Flash Player and AIR Web-browser plugins.... 

 Read More →

Networking equipment maker Cisco Systems Inc this week bestowed a generous honor on the Security Fix author. In its 2009 annual security report released Tuesday, Cisco names Yours Truly as a “cybercrime hero,” citing an ongoing investigative series detailing the plight of small businesses that have lost hundreds of thousands of dollars at the hands of malicious software. The mention comes in a section announcing Cisco’s first-ever... 

An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart. According... 

Scam e-mail artists have launched a massive campaign to trick webmasters into giving up the credentials needed to administer their Web sites, targeting site owners at more than 90 online hosting providers. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute their malicious software. The spam e-mails arrive addressed to users…  Read More →

Apple this week pushed an update for Leopard and Snow Leopard systems that plugs a large number of security holes in Apple’s version of Java, a package installed by default on those Mac OS X systems that enables a number of multimedia Web applications. The new Java version fixes at least 14 vulnerabilities in the version designed for OS X 10.6 systems; the package put together for 10.5 Macs corrects …  Read More →

Scammers and spammers soon will have a tougher time masking links to their malicious Web sites using bit.ly, one of the more popular link-shortening services out there: The company said this week it is teaming with three security firms to warn users when a shortened link looks like it leads to badness. Criminals increasingly are abusing URL-shortening services to disguise the true destination of both phishing Web sites and those that host malicious... 

Pay-per-click revenue in the online advertising business may be diminishing for traditional media publishers, but thieves increasingly are earning five- to seven-digit returns when victims click on a booby-trapped link or attachment sent via e-mail. The latest victim to learn this was Nigel Parkinson, president of D.C.-based Parkinson Construction, a firm with an estimated $20 million in annual revenue that has worked on some of Washington’s...