Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Arrest of Chinese Hackers Not a First for U.S.

October 13, 2015

The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government, a move described as “an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.” While this a welcome and encouraging development, this is not the first time Beijing has arrested Chinese hackers in response to pressure from the U.S. government.

Ex-Ashley Madison CTO Threatens Libel Suit

September 9, 2015

109 Comments

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.

OPM (Mis)Spends $133M on Credit Monitoring

September 2, 2015

71 Comments

The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.

FBI: $1.2B Lost to Business Email Scams

August 27, 2015

26 Comments

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

AshleyMadison: $500K Bounty for Hackers

August 24, 2015

62 Comments

AshleyMadison.com, an online cheating service whose motto is “Life is Short, Have an Affair,” is offering a $500,000 reward for information leading to the arrest and prosecution of the individual or group of people responsible for leaking the highly personal information on the company’s more than 30 million users.

Windows 10 Shares Your Wi-Fi With Contacts

July 29, 2015

250 Comments

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends!

Experian Hit With Class Action Over ID Theft Service

July 21, 2015

47 Comments

Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California. The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves.

A Month Without Adobe Flash Player

June 23, 2015

63 Comments

I’ve spent the better part of the last month running a little experiment to see how much I would miss Adobe’s buggy and insecure Flash Player software if I removed it from my systems altogether. Turns out, not so much.

Critical Flaws in Apple, Samsung Devices

June 17, 2015

51 Comments

Normally, I don’t cover vulnerabilities about which the user can do little or nothing to prevent, but two newly detailed flaws affecting hundreds of millions of Android, iOS and Apple products probably deserve special exceptions.

Catching Up on the OPM Breach

June 15, 2015

73 Comments

I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S. Office of Personnel Management (OPM). Turns out, the easiest way for a reporter to make sure everything hits the fan from a cybersecurity perspective is to take a two week vacation to the other end of the world. What follows is a timeline that helped me get my head on straight about the events the preceded this breach, followed by some analysis and links to other perspectives on the matter.