Adobe has said it is working to fix a “critical” security flaw in its Reader, Acrobat and Flash Player software.

It warned that the vulnerability potentially enables hackers to take control of affected computer systems, and that users running Windows, Macintosh or Linux operating systems might all be vulnerable.

The company released details of the glitch in its online security bulletin, in which it said: “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

It added: “There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

Graham Cluley, senior technology consultant at security software manufacturer Sophos, told the BBC: “It doesn’t really get any worse than a ‘zero-day’ vulnerability like this.”

He said that hackers might try to gain access to a person’s computer through a booby-trapped PDF document or Flash animation, possibly with the intention of gathering personal information or using the machine to send spam messages.

In recent years, PDFs have become a popular means of sharing documents whose contents are considered largely secure and unalterable.

While it worked to fix the problem, the company suggested upgrading to a pre-release version of the Adobe Flash Player, version 10.1, which it said “does not appear to be vulnerable”.

Mr Cluley said that keeping anti-virus software up to date would also help to avoid problems.

“There has been a long history of vulnerabilities being found in Adobe’s products,” he said.

“This is probably because they are everywhere and omnipresent.”

Adobe estimates that more than 95 per cent of computers worldwide have Flash Player installed.

A dispute in Australia between members of the public and photographers gathering data for Google’s Street View service has been referred to the country’s police, the country’s Attorney General (senior law officer) has said.

Robert McLelland told journalists ahead of a conference on internet security in the Australian city of Melbourne, that the Federal Police were looking into complaints from members of the public that concern a possible breach of the country’s telecommunications laws.

Google said it would co-operate with the Australian police investigation, and a spokeswoman told Reuters that the company had made an error: “This was a mistake. We are talking to the appropriate authorities to answer any questions they have,” she said.

The ‘Street View’ service has recently been criticised in several countries. The company has said it inadvertently picked up personal data from some unencrypted wi-fi services over several years.

Facebook has found itself in hot water with a second country in a matter of days, as a result of ‘objectionable’ material posted on the site about the Prophet Mohammed.

Authorities in Bangladesh have placed a block on the social networking site over the content, an official of the country’s telecoms regulators said on Sunday.

It is believed that the ban, which came into effect the previous day, would be temporary.

Bangladesh became the second Muslim country in a matter of days to take down Facebook, after a court in Pakistan earlier ruled a competition on the site to draw an image of the Prophet was offensive, and blocked access.

The Bangladeshi government acted following protests in the capital, Dhaka, against images on the site which, aside from the Prophet, also included likenesses of several of the country’s political leaders, including the Prime Minister and leader of the opposition.

A man was arrested and questioned by police in Dhaka on Saturday over the images.

But in a TV interview, professor of computer science at Bangladesh’s Shahjahal University of Science and Technology, Mohammed Zafar Iqbal, urged the immediate lifting of the ban, because of the possibility of counter-protests by Bangladeshi youths.

US search firm Google is phasing out the use of Microsoft’s Windows operating system, due to security concerns.

According to a report by The Telegraph, the company is now asking new employees to choose between Apple’s OS X system or an open-source Lynux platform.

Speaking to the Financial Times, a Google employee said: “We’re not doing anymore Windows. It’s a security effort.”

In January, news emerged that hackers had launched an attack on the Gmail accounts of several Chinese human rights activists. Security experts now believe the attackers managed to exploit a loophole in Microsoft’s Internet Explorer in order to gain access.

Officially the company has said it will not comment on operational matters.

By Richard Morris

News home

Google is expected to release details of its plans for a compromise with EU data protection bodies this week.

The American company has admitted it made a software coding mistake in 2006 and this led to its Street View photography cars collecting payload data from private, but unsecure WiFi networks.

The company has been facing pressure from various European Union bodies including authorities in France, Spain and Germany, to hand over the data it collected, but Google has so far resisted.

According to the Financial Times, Google’s lawyers have advised the company against this course of action.

Google is set to offer a compromise solution this week, although details have not been released.

A Google spokesperson said: “We are working through it and will have some answers for the data protection authorities during the course of the week.”

By Richard Morris

News home

The world’s largest search engines have been accused of not doing enough to protect the privacy of users.

According to a report by the Financial Times, technology firms Google, Microsoft and Yahoo have all come in for criticism and been accused of breaking EU data rules.

A group made up of representatives from the 27 member states is concerned about what is being done with data collected by search engines that relates to people’s online habits. The main issues concern the length of time data is being stored, how easily it can be traced back to individuals and the possibilities of it being misused.

The privacy group said in a statement: “A user’s search history contains a footprint of users’ interests and personal relations. This information can be misused in many ways.”

In a letter to the search firms, the group said all three continue to be in breach of EU data protection rules as a result of their methods of making users’ search data anonymous.

The group wants Google to reduce storage time from nine to six months. The FT said in response, Google had stressed it “was the first search engine to reduce the time it stores search logs, and the first to anonymise them”.

Although Yahoo and Microsoft have said they’re making moves to comply with the six month deadline, they have been criticised for failing to allow external inspectors to verify claims.

The  paper said Microsoft was not available for comment, while Yahoo declined.

By Richard Morris

News home

The search giant’s admission that it recorded private communications sent over unsecured wireless networks brought an immediate call from the German data protection commissioner, Peter Schaar, for a detailed investigation. 

He alleged in The Financial Times that “one of the largest companies in the world, the market leader on the internet, simply disobeyed normal rules in the development and usage of software.”

In the US, the Federal Trade Commission was believed to be close to announcing its own inquiry into the matter, according to people who spoke to agency officials. 

An inquiry could look at whether the collection of data breached rules on unauthorised access to computers and private communications, according to privacy campaigners. 

“This may be one of the most massive surveillance incidents by a private corporation that has ever occurred”, said Marc Rotenberg, leader of the Electronic Privacy Information Centre in Washington. 

A few days before this revelation, Google had reversed earlier assertions denying that it had monitored and collected data on individuals’ activity. 

It said the data was inadvertently culled as a fleet of camera-equipped Street View vehicles, which take pictures for the group’s imaging services, assembled a database of electronic WiFi addresses intended to enhance its maps and other location services. 

Google said the project leaders ignored that the vehicles were also taking in snippets of activity on the WiFi networks. 

“We didn’t want to collect this data in the first place and we would like to destroy it as soon as possible,” said Google’s spokesman Peter Barron. 

The data in question had never been available to outsiders, the company said. 

Ilse Aigner, the German minister for consumer protection, said the new revelation “is alarming and yet another proof that privacy protection is still alien to Google.” 

The UK Information Commissioner’s Office said that Google appeared to have breached the data protection act. 

But it added that after receiving assurances from Google that it would delete the data “as soon as reasonably possible”, the commissioner would not be taking further action against the company. 

The Google controversy follows a recent uproar over Facebook’s erosion of privacy settings. 

“Both Google and Facebook have given the privacy groups an unsolicited contribution,” said Jeff Chester of the Center for Digital Democracy. 

Many people have had their Facebook account broken into by criminals, according to a new report.

The document, in which users recount their experiences on social networks, is compiled by US consumers’ champion Consumer Reports, and bears the apt sub-title ‘What millions of online users don’t know can hurt them’.

The horror stories included one victim’s account of how her Facebook friends list was hijacked by a trickster who then used it to try to extort money from those listed.

One of the most obvious ways of a hacker gaining access to your account is to simply guess your password. While the minimum number of characters Facebook accepts for a password is six, it is far wiser to pick one which is at least two characters longer than this.

Including both upper and lower-case letters, numbers and symbols will also result in a password which is much stronger.

When you try to create any Facebook password, it will tell you how strong or weak it is. Words found in the dictionary are considered very weak. In fact, when you try to enter many common words, such as “season,” Facebook rejects them and displays the message: Password change not successful.You may not use a dictionary word as your password. Please choose a more secure password.

Six characters also happens to be the most common word length in the English language, so you might think that would give you plenty of scope for finding one which will be acceptable and – crucially for many users – easy to remember at the same time.

However, Facebook also finds many passwords which it rates as ‘weak’ still perfectly acceptable, which might lull some users into a false sense of security.

Researchers compiling the report were also surprised to find that Facebook had no issues with passwords comprising a short first name followed by one digit, such as joseph1 and susan1.

Of course, Facebook responds quickly to many perceived security threats, so many of the passwords at the centre of the problems may have been barred by the time you read this.

Nonetheless, ConsumerReports concluded: “The fact that it accepted them, contradicting its own warning about using dictionary words, is worrisome.

“If Facebook is to minimise account theft, it should tighten up such loose ends by rejecting all passwords that are too weak, including all common dictionary words.”

Before picking any password, you can get an idea of how secure it is by using the Microsoft password checker. It also publishes password-picking guidelines, in which it suggests using a minimum of no fewer than 14 characters! It’s no wonder many people are confused, and therefore, vulnerable.

The UK Government has made 1,166 requests for information about its citizens from Google in the last six months, the internet search giant has revealed.

It came third out of almost 100 countries where Google operates, placing it behind only Brazil and the United States, both of which made more than three times as many requests as the UK.

The figures were revealed as Google launched a new tool showing where it faces government pressure to censor its material and results, and details requests received to turn over personal information about its users.

Google released the data through its official blog, after its own approach to privacy was criticised. The data released covers the second half of 2009, and will be updated every six months.

An alliance between EBay and a major American group of retail companies has announced a joint assault on organised retail crime, and the selling-on of stolen goods online.

These scams are estimated to have cost the world’s retailers US$115billion in 2009, according to a report from the Centre for Retail Research and Checkpoint Systems.

Shoplifting by customers and store staff only accounts for a fraction of the total amount of losses, with the majority being blamed on large-scale theft carried out by organised gangs, according to Reuters.

Last year, an NRF survey suggested 92 per cent of all retailers had been affected by such crime, with nearly three-quarters saying that the problem had increased.