Internet Security | featured news

Yahoo has been the victim of a security breach that yielded hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call."

Yahoo Inc. said Thursday it is investigating reports of a security breach that may have exposed nearly half a million users' email addresses and passwords... The little-known group was quoted as saying that they had stolen the passwords using an SQL injection -- the name given to a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites.

LinkedIn confirmed Wednesday afternoon via its blog that user passwords had been compromised and eHarmony said the same thing.

When Mark Zuckerberg wrote about creating a hacker-friendly company in the letter attached to Facebook’s IPO filing last year, he meant it–in more ways that one. Facebook has paid out more than $300,000 to hackers that reveal bugs in the site and help to fix them, according to Ryan McGeehan, the head of Facebook’s security response team. In a post to questions-and-answers site Quora earlier this month, McGeehan wrote that the company’s bug bounty program, which typically pays hackers around $1,000 for each vulnerability they disclose to Facebook’s security team, has paid out rewards to 131 researchers in 27 countries since it launched in July of last year, and has even hired one of those hackers as a summer intern.

A massive, data-slurping cyberweapon is circulating in the Middle East, according to a Russian Internet security firm. Moscow-based Kaspersky Lab ZAO said the "Flame" virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.

In a letter posted on the Zappos Web site, the company's chief executive said a "criminal" might have obtained customers' names, addresses, phone numbers and partial credit card information.

Internet Explorer takes the crown when it comes to protection from socially engineering malware.

As implantable medical devices such as pacemakers and insulin pumps have become more common, one innovative feature has been the addition of the ability to control the devices wirelessly via the internet. This approach has enabled doctors to improve the well-being of their patients through additional data monitoring and control without the need for additional surgery. But it’s also opened the door for security threats.

Younger Internet users between the ages of 18 and 29 are more reckless with giving out their online passwords compared to older Web surfers, a new study suggests.

Web security guru discloses his second Safari privacy problem in as many months.