Osama Bedier, Vice President of Google Wallet and Payments, wrote a blog post late Friday night, saying:

First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.

And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.

Google’s update seems to come in response to an incident where TheSmartphoneChamp.com exposed a major vulnerability:

Hackers have found a small piece of code attached to the IP address of the camera will bypass the need for a password. Once the discovery was made, addresses of hundreds of cameras were posted online for voyeurs to peek in on.

TRENDnet responded to the discovery right away with this press release:

A recent product hack revealed a vulnerability present in several TRENDnet SecurView IP cameras.

TRENDnet’s security team understands that video from some TRENDnet IP SecurView cameras may be accessed online in real time. Upon awareness of the issue, TRENDnet initiated immediate actions to quantify the scope of the issue, initiate corrective actions, and publish updated firmware which resolves the issue.

Only select cameras purchased between April of 2010 and the present may be affected and require a firmware update. Eighteen camera models have been identified. A list of the identified products is available on TRENDnet’s homepage: http://www.trendnet.com

A firmware upgrade was made available and instructions for installing it.

Another great feature of the blocking technology is its ability to allow users to share content via social network sharing buttons while simultaneously blocking trackers. This is an option most other blockers don’t offer. You can even keep tabs on how many tracking attempts the blocker has avoided via a handy counter.

The tool is available for free download on the Abine site. Check out their guided tour of the product:

With this update, Chrome will begin loading your most frequented pages even before you finish typing the URL in the omnibox (the URL bar within Chrome that also serves as a Google search). Chrome will prerender the page in the background, which will allow it to load faster – “even instantly as soon as you hit Enter,” according to a blog post.

The security updates involving further protections from malicious downloads. “In addition to checking a list of known bad files, Chrome also does checks on executable files (like “.exe” and “.msi” files). If the executable doesn’t match a whitelist, Chrome checks with Google for more information, such as whether the website you’re accessing hosts a high number of malicious downloads”

They also announced intentions to update Chrome OS to improve Chromebook functionality:

In the near future, we will also begin rolling out updates to Chrome OS to further simplify the Chromebook experience. With a new image editor, Chromebook users will be able to quickly view, edit and share photos on the web. Users will also see an improved Verizon 3G activation portal, which includes the ability to set up a recurring purchase of mobile data.

Today, Google also unveiled their Screenwise initiative. The program works only in Chrome and allows Google to monitor your web activity so Google can generate info on how people browse. Participation in the program is optional, and Google is now taking email applications. You won’t be letting Google spy on you for nothing – they are offering up to $25 in Amazon gift cards to willing participants.

• Almost 60 percent of fake accounts claim to be bisexual, 10 times more than real users
• Fake accounts have six times more friends than real users, 726 versus 130
• Fake accounts use photo tags over 100 times more than real users, 136 tags per four photos versus one tag per four photos
• Fake accounts almost always (97 percent) claim to be female, as opposed to 40 percent for real users

Barracuda Labs also shares the following infographic:

“Likes, News Feeds and Apps have helped lead Facebook to its social network dominance and now attackers are harnessing those same features to efficiently scale their efforts,” said Dr. Paul Judge, chief research officer at Barracuda Networks. “These fake profiles and apps give attackers a long-lived path to continuously present malicious links to innocent users.

“Also, researchers have shown how friending malicious accounts can lead to account takeover using Facebook’s trusted friend account recovery,” he added. “We have analyzed thousands of fake accounts to determine features and patterns that distinguish them from real users, and created a feature-based heuristic engine to distinguish real users from fake profiles.”

Now, the security of the Oscar voting is being called in question due to the Academy’s decision to go digital in 2013.

The Academy is sourcing the job of developing an electronic voting platform to Everyone Counts, purveyors of “secure, transparent, and universally accessible election systems.” Everyone Counts is based in California and has provided online election solutions in places like New South Wales, Honolulu, and Denver.

PwC’s role in the Oscar voting will reportedly remain unchanged. They’ve been in charge of the ballots for 78 years and in that time have counted over 450,000 individual ballots. This year, 5,783 nomination ballots were sent to Academy members and final ballots were mailed out on Wednesday.

The current mail system has yet to produce a single security breach, according to PwC. Here’s how the ballots currently make their way to the Oscars:

Once the votes have been submitted and tabulated, PwC prepares two briefcases with a complete set of envelopes bearing the Oscar winners’ names. As a precautionary measure, both briefcases are then transported to the ceremony via separate, secret routes with each of the PwC balloting leaders. As a second preventive measure, the PwC balloting leaders also memorize every winner. During the live telecast, Oltmanns and Rosas remain backstage and hand each envelope to award presenters before they walk onstage.

Changing to online voting presumably wouldn’t change any of that, but it would change the way PwC receives the votes. And of course, with any sort of online voting, the first concern is security. And some analysts are concerned that the Academy Awards are opening themselves up to a slew of tampering problems.

Best Actor Ashton Kutcher, anyone?

The worry is that people who wish to mess with the awards could use a variety of cyber attacks – DDoS, malware, etc. These could be used somehow to influence the outcome while possibly remaining undetected.

“Everybody would like there to be secure internet voting, but some very smart people have looked at the problem and can’t figure out how to do it,” David Dill, a professor of computer science at Stanford University told the Guardian. “The problem arises as soon as you decouple the voter from the recorded vote. If someone casts a ballot for best actor A and the vote is recorded for best actor B, the voter has no way of knowing the ballot has been altered, and the auditor won’t be able to see it either.”

This is a general concern, but apparently some security experts are concerned with Everyone Counts specifically.

One security expert said he was unimpressed by the Everyone Counts software. A 2007 report concluded that the system created by Everyone Counts for a local council election in the UK had a “number of serious flaws.” Security experts tried to penetrate its defenses, successfully exposing the problems.

Of course, Everyone Counts is not the only organization to experience difficulties with online elections. The company’s CEO Lori Steele told the Guardian that no system is perfect but computers are more reliable than paper ballot, the latter of which is easier to forge.

“We are honored to have earned the trust of the Academy of Motion Picture Arts and Sciences in bringing online voting to the Oscars starting next year,” said Steele. “Our company was founded to set a new standard of security, accessibility, and transparency in elections. We’re proud to be working with the Academy, an organization that also represents the highest standards in its field.”

Since the changes won’t go into effect until 2013, the Academy plans to spend next year running everything through a series of rigorous tests.

Though the aging Academy population might object to all the newfangled internets and stuff, it’s hard to argue that online voting wouldn’t make things more efficient. But security is always a concern with thing sort of thing.

On the other hand, maybe hackers could finally use this opportunity to make the Academy give Tarantino a Best Picture Oscar one of these days.

I’ve reached out to Everyone Counts for comments, but haven’t heard back.

Mutating viruses are nothing new, they are used to infect machines in a way that can’t be stopped by traditional anti-virus software. The problem comes in with a new report from Softwin, the Romania based anti-virus software company that makes BitDefender, that says they have found multiple instances of computers being infected by worms that have previously been infected by a virus. They consider it a new “Frankenstein piece of malware” that has the potential to cause a lot of damage.

For those who perhaps don’t know a lot of viruses and worms, a worm is usually an executable file while a virus infects executables. The inevitable problem arises when a virus infects the executable that a worm resides in.

Fortunately, the researchers at BitDefender have no evidence at this point that the new super virus is any worse than a traditional virus. The concern is that worms are better at moving through systems, so a virus attached to a worm will have an easier time moving through a system.

The research team found 40,000 instances of the mutated malware out of a sample of 10 million files. One example was a virus designed to create back doors for hackers infected a worm that steals passwords. Their combination resulted in a mutation that could steal passwords while simultaneously creating a backdoor for the hacker to access the stolen information.

PhysOrg brings up an interesting point in that a virus’ main goal is to cause destruction. So in theory, a virus should destroy whatever it infects including the worm. The researchers never addressed this, but there’s a possibility that the virus could destroy the worm before it does any damage.

The researchers say that the combination of the two malware types was unintentional. The issue raised now is that hackers know it’s possible to combine the two. If it does occur, it could “pose a very serious threat to computers and networks the world over.”

For more examples of how this new super virus can destroy your computer, check out an expert analysis here.

That’s where Mykonos comes in, a security company that protects Web sites from attacks by wasting a hacker’s time instead of using an easily breakable wall.

“If you break in, I want to have fun with you,” David Koretz, CEO of Mykonos, told Technology Review. He says that the computer security industry is “too timid” and that the solution is making hackers’ lives “tedious and difficult.”

The software goes into action when it detects an intruder by offering false data and phony software vulnerabilities. This is intended to waste the hacker’s time and force them to give up out of desperation.

The company has received $4 million in funding this week from a number of Web and technology leaders.

The company’s software is primarily aimed at hackers who use automated tools that identify and exploit weaknesses in Web sites.

Koretz says that wasting a hacker’s time “changes the economics” of attacking Web sites. He said that the software makes hacking more like bank robbery, which is easily managed.

The software first makes sure that it isn’t attacking a legitimate user. It does this through the use of small snippets of code injected into Web pages that are sent out to a computer using the site. If the data snippet is altered, the software automatically notes the IP address of the potential hacker.

If the hacker is using a Web browser to probe the site, a small tracking file known as a “supercookie” is injected into it. If they aren’t using a browser, the hacker’s computer is fingerprinted. When the same computer returns, the software knows and reacts appropriately.

The software sets up the illusion that the hacker is making progress. “We can intercept their scans and inundate them with fake values,” Koretz said. “It takes much longer [for an attacker to scan a site], and the results are useless.”

He said that a scan might usually take five hours, but would take 30 with his software. The other tactic is to offer up a fake password and log in page. They are essentially hacking the hacker.

Some computer security experts are not convinced though. They’re concerned that annoying hackers would just lead them to come back more powerful than before, fueled by vengeance.

Koretz agrees that a revenge outcome is possible, but he hopes that most hackers will just ascribe the deception as bad luck and move on to another target.

He predicts his tactic will become more widespread once traditional anti-hacking methods are proved ineffective.

The men involved in this enterprise have been the subject of much investigation by Facebook’s security team, as well as by independent researcher Jan Droemer. But, it’s not like they are taking pains to hide. They post photos of their vacation trips to Monte Carlo, Spain and casinos in Germany. They check in on FourSquare.

“We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” said Ryan McGeehan, manager of investigations and incident response at Facebook.

The five men in this “gang” are:

* Anton Korotchenko AKA “KrotReal”
* Stanislav Avdeyko AKA “leDed”
* Svyatoslav E. Polichuck AKA “PsViat” and “PsycoMan”
* Roman P. Koturbach AKA “PoMuc”
* Alexander Koltysehv AKA “Floppy.”

Yes, they are Russian. And they operate openly in central St. Petersburg. Which explains why the FBI have not nabbed them. In the absence of cooperation with the police in Russia, Facebook decided to out these guys publicly.

“People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted,” Joe Sullivan, chief security officer at Facebook said. “People are fighting back.”

How Koobface works, and how you can protect yourself from it, was the topic of an excellent write-up on Sophos.

“Our ad campaign offers privacy and security tips: Use 2-step verification! Remember to lock your computer when you step away! Make sure your connection to a website is secure! It also explains some of the building blocks of the web like cookies and IP addresses,” says Alma Whitten, Director of Privacy, Product and Engineering at Google.

Here’s one of the videos:

“The campaign and Good to Know website build on our commitment to keeping people safe online. We’ve created resources like privacy videos, the Google Security Center, the Family Safety Center and Teach Parents Tech to help you develop strong privacy and security habits,” adds Whitten. “We design for privacy, building tools like Google Dashboard, Me on the Web, the Ads Preferences Manager and Google+ Circles—with more on the way.”

Google says it will be running ads online, in newspapers and magazines, and in subway stations in New York and Washington D.C.