An anonymous reader writes: A new study by Google and the University of California, Berkeley, claims over 700,000 websites were breached between June 2014 and June 2015. The research shows that "miscreants" had routinely hijacked thousands of vulnerable web servers for "cheap hosting and traffic acquisition." The exact number of recorded "hijacking incidents" within the period was 760,935 but google has been said they were able to curb the amount of breaches through direct communication with webmasters. Google's Safe Browsing Alerts sends notifications to network admins when potentially dangerous URLs are detected on their networks. These have reportedly increased the likelihood of a "cleanup" by more than 50 percent and reduced "infection lengths" by at least 62 percent. According to The Next Web, WordPress topped the chart of platforms that experienced the most breaches (almost half of all attacks). English websites experienced the most attacks, with Chinese, German, Japanese and Russian language websites following closely behind.

An anonymous reader quotes a report from Washington Post: The U.S. Senate acted in a bipartisan fashion to pass a sweeping energy bill, touching on everything from cybersecurity for power plants to the future of the grid. The bill resulted from collaboration between Alaska Republican Sen. Lisa Murkowski and Washington Democratic Sen. Maria Cantwell. The bill, if it merges with House legislation and becomes law, would unleash billions in research and development on new energy technologies, including energy storage, hydrokinetic and marine energy and advancing the electric grid. Many of these initiatives have substantial aisle-crossing appeal, and some could, at least indirectly, help address the problem of climate change. The bill also reauthorizes the Land and Water Conservation Fund, and contains provisions promoting more research on the sequestering of carbon emissions from coal burning and hastening the approval of pipelines and liquefied natural gas exports. The bill, said Alliance to Save Energy president Kateri Callahan, "not only saves homeowners and businesses money and creates jobs, but it also has a huge environmental return by avoiding 1.5 billion tons of carbon emissions. Energy efficiency truly is a win-win-win for our country, making our economy more energy productive, protecting our environment and enhancing our energy security."

An anonymous reader cites an article on USA Today: The new chip-enabled cards flowing into the U.S. marketplace have already made a dent in fraud, with some of the biggest merchants seeing a dip of more than 18% in counterfeit transactions, according to Visa. Among the 25 merchants who were suffering the most instances of counterfeit fraud at the end of 2014, five that began processing credit and debit cards equipped with the new EMV technology saw those infractions fall 18.3% as of the final quarter of 2015, says Stephanie Ericksen, vice president of risk products at Visa. Meanwhile, five of those merchants who were not yet equipped to handle chip-enabled cards saw an increase in fraudulent transactions of 11.4%. "We're seeing EMV is having a positive impact on counterfeit fraud," Ericksen says. "Merchants who implement chip, their counterfeit fraud is going down, while those still finalizing plans, their counterfeit fraud is going up."Also from the report, "Visa on Tuesday also announced a software upgrade that will shave the amount of time spent on chip card transactions. With 'Quick Chip,' consumers can dip their chip cards into the terminal and withdraw it in two seconds or less, instead of waiting until their purchase is authorized. The consumer can 'put the card in the terminal and put it right back in your wallet and . . . move to get their coffee, or hamburger or start bagging their groceries,' Ericksen says. Ars Technica has more details.

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

Shaun Nichols, reporting for The Register: The UK's biggest broadband provider BT redirected its customers' outgoing emails to a single account for three hours on Tuesday. The telco said the flooded inbox was an internal account it uses for test purposes and not a random unlucky subscriber. While BT did not provide details on the reason for the disruption, it appears to be the result of testing or maintenance gone awry. "A small number of customers reported an issue sending emails earlier. Sorry about this, it's fixed now," BT said in a statement to El Reg. "The mailbox in the delivery failure notification was for internal/test use and appeared in error, sorry for any confusion that caused." The emails were going to an account which belonged to someone named Steve Webb. The Register reports that Steve Webb works for one of BT's contractors. For Webb, I fear, Tuesday wasn't a productive day.

schwit1 quotes a report from Politico: In a just-released court opinion, a federal court judge overseeing government surveillance programs said he was "extremely concerned" about a series of incidents in which the Federal Bureau of Investigation and National Security Agency deviated from court-approved limits on their snooping activities. Foreign Intelligence Surveillance Court Judge Thomas Hogan sharply criticized the two agencies over the episodes, referred to by intelligence gatherers as "compliance incidents." He also raised concerns that the government had taken years to bring the NSA-related issues to the court's attention and he said that delay might have run afoul of the government's duty of candor to the court. Yesterday, the Electronic Frontier Foundation (EFF) has filed a lawsuit against the Department of Justice to reveal whether or not they ever forced a company to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court.

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous sites, where malware and phishing exploits can be found. Apparently, one of those unsafe sites is none other than Google.com itself.

According to eWeek, "Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), 'Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).'"

An anonymous reader writes: According to Softpedia, "Security researchers from SurfWatch Labs have shut down a secret plan to hack and infect hundreds or possibly thousands of forums and websites hosted on the infrastructure of Invision Power Services, makers of the IP.Board forum platform." The man behind this plan was a hacker known as AlphaLeon, maker of the Thanatos malware-as-a-service platform. AlphaLeon hacked IP.Board's customer hosting platform, and was planning to place an exploit kit that would infect the visitors to these websites with his Thanatos trojan, in order to grow his botnet. Some of the companies using IP.Board-hosted forums include Evernote, the NHL, the Warner Music Group, and Bethesda Softworks (Elder Scrolls, Fallout, Wolfenstein, Doom games).

An anonymous reader writes: TechCrunch reports the Electronic Frontier Foundation has filed a lawsuit against the Department of Justice to reveal documents that "show whether DOJ has ever forced a company like Google or Apple to provide technical surveillance assistance in the Foreign Intelligence Surveillance Court, a federal court that issues secret surveillance warrants in national security cases and has been criticized for rubber-stamping NSA overreach." The EFF has been rejected in its attempt to gain access to the documents under the Freedom of Information Act. "Even setting aside the existence of technical assistance orders, there's no question that other, significant FISC opinions remain hidden from the public," EFF senior staff attorney Mark Rumold said in a statement regarding the lawsuit. "The government's narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress' intent. Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law." The full lawsuit can be read here.

An anonymous reader quotes a report from BuzzFeed: A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources. Amy Hess, the agency's executive assistant director for science and technology told a panel of the House Energy and Commerce Committee that encrypted communications continue to pose a challenge to the American law enforcement, and to the safety of the American public. But when asked by lawmakers to provide a practical solution beyond the FBI's talking points, she said that the cooperation of technology companies would be necessary. According to the New York Times, "The FBI defended its hiring of a third-party company to break into an iPhone used by a gunman in last year's San Bernardino, Calif., mass shooting, telling some lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information." They are stressing the importance of cooperation with tech companies and "third parties" to help fight terrorism, claiming they do not have the capabilities and resources available to crack encrypted devices. Congress is currently debating potential legislation on encryption.

An anonymous reader writes: The new hip thing to do if you're a developer of a messaging app is to encrypt everyone's messages -- everyone's doing it! WhatsApp announced earlier this month all messages being sent through the service will now be end-to-end encrypted. Today, Viber has announcd it is doing something similar. All messages being sent through the latest version of the app will be end-to-end encrypted. To confirm messages are being encrypted, a padlock icon will appear in the chat UI. The latest version of the app is already available in the iOS App Store and Android Google Play Store. Viber is one of the largest messaging platforms with over 700 million users. Hidden chats can also be found in the new update. Users can hide select chats with people and access/display them with a PIN or Touch ID.

Reader Trailrunner7 writes: As part of the enhancements to Android security, Google scans more than 6 billion installed applications per day on users' devices. The company also scans more than 400 million devices each day, it announced on Tuesday. Google last year also began releasing monthly security updates for devices running modern versions of Android, which includes devices on version 4.4.4 (KitKat) and later. "70.8% of all active Android devices are on a version that we support with patches," the Android report says. However, that still leaves hundreds of millions of Android devices without regular updates. There were roughly 1.4 billion Android devices active in September, according to Google, so that would leave about 420 million Android devices without patches. In the Android ecosystem, carriers are also responsible for pushing security patches to users, so while Google pushes security updates each month, not all carriers and device manufacturers release them to all users regularly.In its report, Google also says that fewer than 0.15% of devices, that only get apps from Google Play, had potentially harmful apps installed on them.

Dustin Volz, reporting for Reuters: Apple has been asked by Chinese authorities within the last two years to hand over its source code but refused to do so, the company's top lawyer told U.S. lawmakers at a hearing on Tuesday. Apple general counsel Bruce Sewell made the statement in response to a line of attack from law enforcement officials who have attempted to portray Apple as complicit in handing over information to Chinese authorities for business reasons while refusing to cooperate with U.S. requests for access to private data in criminal investigations. Apple and the FBI returned to Washington to testify before lawmakers about their heated disagreement over law enforcement access to encrypted devices, highlighted in the case of a locked iPhone linked to a gunman in last December's Islamist militant-inspired shootings in San Bernardino, California. Earlier in the hearing before a House Energy and Commerce subcommittee, Captain Charles Cohen, commander in the Indiana State Police, repeated the suggestion that Apple has quietly cooperated with Beijing. But when pressed by Representative Anna Eshoo, a California Democrat, for the source of that claim, Cohen only cited news reports. "That takes my breath away," a visibly frustrated Eshoo said. "That is a huge allegation."In some other Apple news, the Cupertino-based company complied with 80% of U.S. law enforcement requests in the second half of 2015, its just released transparency report shows. U.S. law enforcement asked Apple for information 4,000 times, covering 16,112 devices in the second half of 2015.

An anonymous reader writes: Scientists have developed a new system that can identify people using their brain waves or 'brainprint' with 100% accuracy, an advance that may be useful in high-security applications. Researchers at Binghamton University in U.S. recorded the brain activity of 50 people wearing an electroencephalogram (EEG) headset while they looked at a series of 500 images designed specifically to elicit unique responses from person to person -- e.g., a slice of pizza, a boat, or the word "conundrum." They found that participants' brains reacted differently to each image, enough that a computer system was able to identify each volunteer's 'brainprint' with 100% accuracy. "When you take hundreds of these images, where every person is going to feel differently about each individual one, then you can be really accurate in identifying which person it was who looked at them just by their brain activity," said Assistant Professor Sarah Laszlo. One thing the paper doesn't talk about is the effect of time on the accuracy of the system. People may perceive different things when looking at the same picture a year later, for instance.