Google announced this week the beta release of Chrome, which “enables users to sync different accounts across multiple computers,” reports ReadWriteWeb. “This allows more than one person to sign into Chrome on a shared computer and have access to all their browser data. It also enables one person to have different Chrome profiles with different email addresses, e.g. work and personal, that can all be accessed from any computer by logging in.”
Chrome already syncs personal settings such as bookmarks, extensions and passwords to a user’s account, but the new beta “makes it possible to use multiple Chrome accounts on any copy of the browser.”
Google acknowledges this feature provides convenience at the cost of privacy.
The Google blog notes that it “isn’t intended to secure your data against other people using your computer,” since “all it takes is a couple of clicks to switch between users.”
Facebook has already paid out $40,000 to hackers for identifying flaws in its website, just three weeks after the social networker launched its “Bug Bounty” program that offers compensation for finding vulnerabilities in the site’s code.
“Schemes such as Facebook’s illustrate the push towards greater disclosure of security weaknesses and hacking incidents, as the technology industry strives to pool its resources to protect itself better,” reports The Financial Times. “The approach has won praise from digital advocacy groups such as the Electronic Frontier Foundation.”
“The program has also been great because it has made our site more secure — by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code,” explained Joe Sullivan, Facebook’s chief security officer.
Facebook joins others such as Google, Mozilla and HP that have programs in place to offer payments to outsiders who identify vulnerabilities.
McAfee researchers say they have uncovered the biggest hacker attack ever, involving 72 governments and organizations around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some dating back as far as 2006. Data compromised amounts to several petabytes of information.
The attack uses compromised remote access tools, or RATs, which allow system administrators to access systems from around the world and would allow an attacker to view and download confidential information. Some of those organizations and companies compromised still do not know it.
The attacker was not a hacker group but likely a “state actor” with very high skill levels (China is the “leading candidate”).
According to a blog post from Dmitri Alperovitch, McAfee’s VP Threat Research: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.”
Apple has joined Sony and Fox News in the growing list of companies experiencing recent security breaches.
In what appears to be a warning salvo, 27 user names and encrypted passwords from an Apple website were reportedly posted online over the weekend along with a warning of future attacks from hacker group Anonymous.
The hacker group posted a list of data supposedly taken from an Apple Business Intelligence website. Apple has not commented on this.
Anonymous hacker group, which linked to this leak in a Twitter post, threatens that Apple could be a target of its attacks.
Anonymous is running “antisec,” an operation that threatens government, law enforcement and corporations.
Bruce McConnell is a senior cybersecurity official with the Department of Homeland Security.
He recently discussed how companies have a new focus on protecting their communications networks and databases – and what role the government should play in the effort to combat the theft of intellectual property.
Department of Homeland Security helps companies protect themselves.
It is providing defense companies with the same security as military networks.
Legislation is being proposed to require cybersecurity planning for critical-infrastructure companies.
