Lucian ConstantinReporter, IDG News Service, IDG News Service

Lucian Constantin writes about information security, privacy and data protection.

Lavaboom builds encrypted webmail service to resist snooping

The service, inspired by the now-defunct Lavabit, has started accepting registrations for its upcoming beta testing period.

PCWorld News

VMware promises Heartbleed patches for affected products by the weekend

The company has identified over two dozen affected product versions so far and is releasing updates

TrueCrypt source code audit finds no critical flaws or intentional backdoors

pcworld.com

Some vulnerabilities were identified but are likely accidental, security auditors from iSEC Partners said

AT&T hacker Weev released from prison after appeals court overturns conviction

A federal appeals court has ruled that the venue for Auernheimer's prosecution wasn't appropriate

heartbleed bug

Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say

TLS clients are also vulnerable to Heartbleed memory leaking attacks, including server-side applications that fetch user-supplied URLs

heartbleed bug

Website operators will have a hard time dealing with the Heartbleed vulnerability

Patching the vulnerable OpenSSL software is just the first step, security experts say

Security update for BlackBerry 10 OS fixes remote code execution vulnerability

The vulnerability can be exploited via Wi-Fi when developer mode is active or via a computer USB connection, the manufacturer said

Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest

Adobe Systems addressed two remote code execution flaws, including one demonstrated at the Pwn2Own hacking competition last month.

Cybercriminals use sophisticated PowerShell-based malware

Two separate threats that use malicious Windows PowerShell scripts were identified in the past few weeks by malware researchers.

Yahoo email anti-spoofing policy breaks mailing lists

Yahoo moved to a more aggressive DMARC policy that creates email delivery issues on mailing lists for yahoo.com users, email experts said

PCWorld News

Low adoption rate of HSTS website security mechanism is worrying, EFF says

The advocacy group cites insufficient awareness among developers and lack of support across all browsers as the likely reasons

Drive-by hack discovered in top video-sharing site

Attackers exploited the vulnerability to hijack 22,000 browsers and launch a large-scale DDoS attack, researchers from Incapsula said. But which site?

Malware virus

Microsoft to start blocking annoying adware by default

The company revised the policies for classifying, detecting and handling adware programs in its security software

Users face serious threat as hackers take aim at routers, embedded devices

Attacks are likely to continue and manufacturers are largely unprepared to respond, security researchers say

PCWorld News

Researchers publicly disclose vulnerabilities in Oracle Java Cloud Service

The flaws could allow attackers to break into Java applications hosted on the service, researchers from Security Explorations said