Profile of Mathew J. Schwartz
News & Commentary Posts: 203
Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.
Articles by Mathew J. Schwartz
Cybercrime forums selling advanced attacks on demand are outpacing businesses' ability to defend themselves, new study from RAND finds.
Default usernames, weak passwords, and widespread Windows XP Embedded systems are cause for concern, SANS Institute researchers say.
First, the bad news: Windows XP doomsday, escalating ransomware, botnet-driven attacks, emerging SDN threats. The good news: Threat intelligence goes mainstream.
The FBI says a Harvard undergrad's decision to access Tor over the university's wireless network helped unmask an alleged sender of bomb threats.
NSA says it thwarted a nation state's BIOS-bricking malware plot, but info security and privacy experts say the agency is trying to snow the American public.
July data breach that affected up to 150,000 employees traces back to a string of managerial and technical failures, investigators conclude.
Leaked NSA documents indicate it uses Google's advertising cookies to track targets for offensive hacking.
Increased spending on salaries, training, and budgets puts IT in a "sweet spot for employment and investment," says latest Society for Information Management data.
Need a little extra time off? Ad campaign offers fake virus attack on your computer's screen.
Leaked document details agency's "implants," satellite intercepts, joint CIA eavesdropping operations, and embassy-based monitoring programs abroad.
Google sweetens Android with SELinux, plus anti-rootkit technology that makes life difficult for malware -- but also for Android modders.
N.Y.-based co-founder of anonymous digital currency service that allegedly laundered $6 billion also admits to marriage fraud, repeat child pornography charges.
WinXP is already an easy target for hackers, and it will get even simpler once Microsoft ends support for the 12-year-old OS in April.
Is the security payoff from using Twitter's two-factor authentication system worth the risk of losing account access?
Network Solutions blames blacklisted servers and DNS problems after going down for the third time in as many months on Sunday. Some customers say goodbye.
Microsoft hasn't released a repair for RT devices bricked by a boot configuration "blue screen of death," but unofficial fix appears to work.
Variations in how different smartphone accelerometers record data raise concerns that advertisers, intelligence agencies or others could use this information to identify individual devices.
Google says mobile malware threat is overblown, with problems seen in just 0.001% of Android app downloads.
Crowd-funded effort also promises erotica, bourbon, bitcoins and whiskey to the first person who can successfully bypass the iPhone 5s Touch ID fingerprint reader.
Android and iOS exploit expert Charlie Miller says businesses have more pressing security concerns than today's minuscule amount of mobile malware.
Apple will soon release the iPhone 5s, and hackers plan to test these 6 exploit techniques on the smartphone. Will the fingerprint scanner hold them off?
Will Apple's fingerprint-based authentication make your iPhone 5s more secure, or will it cause more trouble than it's worth?
Most mobile devices are stolen at public schools, followed by personal automobiles, and wind up as far away as Mongolia and other farflung places, says study.
A meme gained steam this week about child stalkers' ability to use GPS-tagged smartphones images posted on social networks. We break down the privacy facts.
Commonly blacklisted and whitelisted iOS and Android apps include DropBox, Netflix and Angry Birds. Why aren't more companies blacklisting mobile device apps?
To fight smartphone theft, public officials tell smartphone makers to add remote-deactivation, tracking and recovery features. But manufacturers may not do the job right.
Watch what you download: Study finds that 22% of the top Android apps in Google's official app store are adware.
Microsoft warns information security managers to validate access points or risk attackers exploiting weak crypto to steal network credentials, gain access.
Thumb-scan authentication for your smartphone might sound sexy, but bypasses remain all too easy.
Victims get hit with a bill of more than $3,000 -- and given just three days to pay -- for what's labeled as an annual subscription fee to an online adult video site.
Google has patched a vulnerability that attackers could exploit via QR codes to take full control of the wearable Google Glass devices.
FBI and Homeland Security temporarily slowed attacks by giving U.S. service providers info on Chinese hackers' command-and-control infrastructure.
Lawsuit accused Google's Disco "group texting" service of having "jammed" cellphones with torrents of unwanted texts.
Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.
Secure your Android smartphones and tablets using antivirus, encrypted communications, child locks, password managers and other tools featured in our roundup.
Facebook rewards U.K. researcher with $20,000 for discovering a mobile device confirmation bug that could be used to take control of any Facebook account.
Latest version of Android OS rebuffs most malware, says study, but carriers continue to drag their feet on providing upgrades and patches.
Android devices at risk over vulnerability in backup software that can be exploited to provide root access to LG smartphones.
PrivacyStar bills itself as first app with ability to block calls and texts, add Caller ID and report abusive callers directly to FTC.
Android Trojan "Odad.a" rivals Windows malware in the harm it can do to mobile device users, say experts.
Criminals can move dirty money using digital currency, MoneyPak vouchers, even gold. But it's getting tougher to disguise money trails.
Guantanamo Bay Naval Base authorities turn off Wi-Fi and social media after Anonymous threatened to shut them down.
While mobile network operators are creating a global database to track stolen smartphones, some police say that's not enough. New York's Attorney General wants more from smartphone makers.
FTC should crack down on wireless carriers and smartphone manufacturers that put their customers at risk by failing to update Android devices.
ACLU urges FTC to let consumers return carrier-supplied Android devices for full refund or exchange within two years if they don't get regular security updates.
Targeted, data-stealing attack launched via Tibetan activist's email account leads to Chinese server in Los Angeles, says Kaspersky Lab.
Mobile configuration files used by carriers could be repurposed to steal data and remotely control an iPhone or iPad, security firm warns.
FTC has filed 8 civil lawsuits against cell phone spammers, accusing them of promoting award scams.
House revives controversial cybersecurity information-sharing bill, but can CISPA 2.0 address lingering privacy concerns?
London Fire Brigade moves to allow people to summon rescuers via Twitter, parallels "text to 911" efforts in the United States.
Mobile networks, banks, energy companies and other critical infrastructure providers could be required to report all breaches to EU authorities.
More than 90% of mobile device browsers now in use failed safety checks, find Georgia Tech researchers.
Geotagged photo reveals location of murder suspect John McAfee, on the run from authorities in Belize.
War of words and hacked websites continues, even as the Palestinian territories receive upgraded state status from the United Nations.
DDoS attack traffic could overwhelm not just targeted websites, but also every intervening ISP, warns Arbor Networks.
Mobile app developers that don't post conspicuous online and in-app privacy policies will face $2,500 fine per download.
A Hadoop intelligence tool stands out as IBM updates its security portfolio to address security issues related to big data, analytics, cloud computing, mainframes, and mobile devices.
Iranian official says bank attack blame is a smoke screen for the U.S. to continue launching cyber attacks against Iran.
Blame carriers for slow or nonexistent patches, even as the number of new, malicious Android apps has increased 41 times since last year.
Legal experts say AT&T violates FCC rules with plan to restrict FaceTime use on its cellular network to premium-plan customers.
Legislation proposed by the German government would create a new type of copyright requiring any online or offline use of publishers' content to be compensated. Cue debate.
Appeals court rules law enforcement agencies don't need a warrant to "ping" and track prepaid cellphone locations.
Can Samsung, HTC, Motorola, and carriers be pressured to stop waiting months before patching known, exploitable vulnerabilities on their Android smartphones and tablets?
Android 4.1, code-named Jelly Bean, is first OS from Google to correctly randomize memory, making it tougher for attackers to get a foothold.
Draft NIST guidelines update cell phone and PDA security rules for the Android and iOS era.
Find And Call app, discovered in both the Apple App Store and Google Play, copied phone address book to a remote server controlled by spammers.
If true, it's the first time Android devices have been hijacked by malware, turned into botnet nodes, and made to churn out spam.
Proof-of-concept malware can be used to launch malicious applications, with no warning or rebooting required, computer scientists show.
Flame's use of spoofed Microsoft security certificates will likely be mimicked by sophisticated malware writers to craft widespread attacks, experts say.
Flame malware could use Bluetooth to exfiltrate data, record phone conversations, or learn the social network of a target.
British regulators crack down on Latvian company behind the RuFraud malware scheme that placed 27 fake versions of Android apps, including Angry Birds Space, on Google Play.
British police train their own forensic specialists to test suspects' mobile devices in the station, saving the time and expense of using specialized forensics labs.
FBI issues warning to people traveling abroad that free Wi-Fi systems can pose a threat. Learn how to keep systems locked down and safe while traveling.
Internet Explorer will be only Web browser to have access to core system functionality in Windows RT on ARM-based systems, rivals warn.
Almost two-thirds of CISOs say their companies' senior execs have increased attention to information security; 60% of advanced security groups call security a regular boardroom topic, IBM study reports.
Cybersecurity information-sharing bill moves to the Senate, but civil liberty groups vow to continue fighting it tooth and nail.
Smartphones extend the network perimeter like never before, but also give potential attackers new entry routes. Consider these get-tough strategies.
Malware grabs rootkit exploit code to obtain temporary access privileges, poses a "serious threat," says researcher.
When it comes to combating APTs, the odds are against your organization's security team, say security experts such as Bruce Schneier. This type of risk deserves special scrutiny.
Security expert says Google Bouncer malware checks are a step in the right direction, but not a complete solution. Meanwhile, Google excised more fake apps from the Android Market.
"Polymorphic" malware, tweaked frequently, sends SMS texts to premium-rate numbers until smartphone owner's account balance is depleted.
FBI confirms legitimacy of 16-minute call, posted by hacktivists, that discussed sentencing and future arrests of LulzSec and Anonymous participants.
Apperhand SDK drops a search icon onto the Android desktop
and tracks your device's ID, but so does any adware. Here's what you need to know.
Mobile provider O2 said it has patched problem that shared phone numbers with websites. But users of the Orange network in Spain report similar issues.
In the wake of Megaupload, security experts warn businesses that rely on cyberlockers to include service loss in their disaster and continuity planning.
It took 10 months for hackers to crack iOS 5.0.1. Workplaces that allow bring your own device need to act immediately to avoid potential security risks.
Two controversial anti-piracy bills, SOPA in the House and PIPA in the Senate, face mounting criticism for going too far to block pirated content.
After several days of credit card breaches and payback hack attempts, Anonymous chimes in, purportedly releasing access credentials and URLs for Israeli industrial control systems.
Starting midnight Thursday, ICANN will take applications for new generic top-level domains such as .shoe and .plumber, but some industry groups are voicing fraud and security concerns.
Microchip embedded in a power supply or other peripheral could help recover forgotten laptop or smartphone passwords.
The carrier has disabled Carrier IQ's software and reportedly instructed all of its hardware partners to no longer build the software into Sprint handsets.
Smartphone monitor company details in a report every data point that it can collect, and says it shared no data with law enforcement agencies.
Fraudulent game apps send and receive expensive premium-rate SMS messages, racking up charges for unsuspecting users.
Let smartphone users opt into how their devices and related data get tracked, preferably from handsets. Otherwise, carriers and manufacturers will continue to look like they have something to hide.
Independent studies find CIQ's smartphone monitoring software captures only the info it needs for diagnostics work.
U.S. and European officials also demand answers about who's using Carrier IQ's smartphone monitoring software and exactly which types of information they're tracking.
A tale of data collection, cease and desist, wiretap allegations, privacy questions, and potential redemption.
Some Android phones are more vulnerable to attacks than others, due to pre-installed add-on tools and skins, security researchers say.
Network diagnostic software vendor issues apology to researcher who discovered its application secretly monitoring smartphone users.
Two-person development shop created software for secure text and voice communications on Android smartphones.