(Photo: 24fix.co.uk)

Do you prefer your porn with a side of malware? According to one British researcher, users who visit popular porn sites like PornHub and xHamster have a 42 percent chance of contracting digital STDs (a.k.a. malware) on their computers. Naturally, online porn purveyors sites did not take kindly to the study, which they say overinflated the risk.

PornHub called it "grossly exaggerate(d)," and xHamster said that while it has suffered from malware issues in the past, it's worked hard to find reliable advertising partners that don't infect your computer.

Just remember, folks: your computer can contract a digital STD even from browser-on-infected-ad contact.

Malware selfie. (Photo: Hahsgram)

Perhaps Binging it too often has some unintended and harmful side effects. According to a new study from a German security firm, the Microsoft-owned search engine is five times more likely to link you to a malware-infected page than Google.

In a high-tech humblebrag, AV-Test Institute reported that its initial suspicions that Google and Bing do a poor job of protecting their users from delivering Trojan-laden websites were correct. But Google isn’t really a winner here: it’s just that it did a less shitty job of indexing infected websites compared to Bing.

For 18 months, the lab surveyed the harmfulness of 40 million websites from seven search engines. More than half of the results came from Bing and Google, with the other portion being pulled from search sites popular in other countries, like China’s Baidu and Russia’s Yandex.

PC Magazine writes that Yandex was the least safe. You've been warned, Russia's one Betabeat reader.

The 5,000 pieces of malware the study found are concentrated in Yandex results—which had 3,330 malicious links out of the 13 million the AV-Test looked at. Bing had a little under half that, with 1,285 malicious results out of 10 million pages. Google returned a mere 272 malicious results in 10 million while Bleko had even fewer: 203 out of around three million.

Guess we'll go back to using Lycos.

(Photo: Deviant Art)

Devices like security cameras, traffic light systems, and high tech temperature controls can all be connected to the web, but they aren’t indexed by Google, which makes them difficult to find without deep computer expertise. Now SHODAN, a search engine that crawls the web for devices like routers, webcams and servers, is helping to expose some of the security flaws inherent to these devices.

Called the "Google for hackers" by ZDNet, SHODAN provides a powerful search platform for those looking for security holes in web-connected devices. According to CNN:

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

Many of these devices are ill-equipped to handle hackers: since they're rarely indexed, there hasn't been a need to set up typical security controls. Many can even be accessed via default passwords like "1234."

A researcher at the cybersecurity conference DEFCON recently demonstrated just how easy it is to access the devices found on SHODAN. Writes CNN:

Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.

He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city's entire traffic control system was connected to the Internet and could be put into "test mode" with a single command entry.

We smell a Michael Bay-style infrastructure hacking movie on the horizon.

(Screenshot: AT&T)

Employing obscenity in passwords--either for the personal amusement or just to feel alive for once in your sorry life--is a longstanding tradition hearkening back to the AOL dialup days of yore when "b00b!es" was your password of choice. But cellular overlord AT&T has no use for either your filthy mind or adorable nostalgia: as Twitter security engineer Randy Janinda recently noticed, the company has banned passwords that contain "obscene language."

Cellular News notes that setting up the expectation that all passwords are "polite" could actually pose a security threat, letting hackers know that a huge chunk of possible passwords aren't allowed on AT&T. Plus, passwords are supposed to be encrypted both ways: how would AT&T even know your password has bad language in it?

Perhaps the company simply got sick of everyone making their passwords "Fu*ky0U@t&T!"

Good job, geniuses.

Well, this is just a charming development. According to The Verge, there's an exploit making the rounds that's practically an idiot-proof way for anyone who's got your email and birthdate to hack your iCloud account.

Basically, your mom could pull this off, if she's the nosy type.

The Verge reports:

We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page.

The site didn't link to the tutorial, but staffers tested it and it worked.

The good news is, Apple just introduced two-step verification. The bad news is, some people are apparently being told that it could take three whole days to set it up. That means their best option for protecting their accounts is to just change their date of birth.

o_o (Photo: Twitter blog)

In light of the recent hacks of big brand Twitter accounts like Burger King and Jeep, Twitter has finally announced two-factor authentication. Haha JK, they just published a condescending blog post blaming their security vulnerabilities on your shitty passwords.

Any excuse to use a pic of Queen Bey. (Photo: Shallow Nation)

If you think malware is the biggest threat to Internet security, perhaps you should think back to the last time you actually used a good, strong password. Two Google researchers recently submitted a paper to the IEEE Security & Privacy Magazine that argues that weak passwords are actually a bigger threat to online security than any of that malware embedded in those crappy porn sites you frequent.

Google's proposed solution to the Great Password Scare of 2012-2013? Literally put a ring on it.

Wired reports that Google thinks the next iteration of the password could be a simple ring with a smartcard embedded into it that automatically logs a user into Google when slid into a USB reader. (Hear that? That's the sound of thousands of fashion-forward wannabe cofounders launching jewelry startups based on this concept.)

“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” wrote Google's VP of security Eric Grosse and engineer Mayank Upadhyay in the paper.

Of course, this does solve the "I can't remember my password problem," but it presents a new one altogether: Where the f*ck did I put my password ring??? I swear I just saw it!

(Photo: Free Code Source)

Today in brilliant ideas: Verizon's security blog tells the story of an employee at an unnamed company who decided to outsource his job to China so that he could "watch cat videos" all day.

When the company noticed that someone from China was using the VPN of the employee (named "Bob") to login, they called their telecommunications company, Verizon, to investigate. Verizon initially thought it was some type of malware, but it turned out that the company just had an amazingly lazy genius on their hands.

"Bob" had hired a Chinese software company to do his job for him for just 1/5th of his six-figure salary, FedExing them his VPN so that they could login from China. This freed him up to spend his days as follows:

9:00 a.m. – Arrive and surf Reddit for a couple of hours. Watch cat videos

11:30 a.m. – Take lunch

1:00 p.m. – Ebay time.

2:00 – ish p.m Facebook updates – LinkedIn

4:30 p.m. – End of day update e-mail to management.

5:00 p.m. – Go home

Apparently the Chinese firm was so good at "Bob's" job that he won numerous awards for being a good employee. He also took other jobs at other firms and outsourced those, ensuring himself hundreds of thousands of dollars a year.

Now is probably a good time to admit that this post was written by a worker in India who has taken over for Jessica so she can watch Pretty Little Liars reruns.

(h/t The Register)

(Photo: Emsi Soft)

Did you receive an email this holiday season from a kind-hearted woman who just wanted to celebrate Christmas by sending random strangers pictures of herself in skin-bearing bikinis? Free noodz from an anonymous hottie seemed too good to be true! And indeed, it was.

Sophos' Naked Security reports that malware is currently circulating via screensavers of bikini shots landing in the inboxes of hapless Internet folks.

According to Naked Security, a malicious Trojan horse is embedded within an executable screensaver file sent by a woman who claims to have attached those bikini pics she promised you. If you open it expecting to see a sexy screensaver, all you'll get is a computer full of malware.

If a lady didn't actually promise you pics of herself in a bikini, probably don't open the email. Plus, if you're that starved for naked lady pics, might we suggest you explore the Internet outside of your work inbox?

This guy: prooooobably not a CIA assassin. (Photo: LinkedIn)

Sure, being a James Bond-level spy is a glamorous job, one that most people would love to humblebrag about online. But if you're a secret agent working in international espionage, you might not want to let people know about that on LinkedIn.

Flemish daily newspaper De Standaard reports that a simple search for "State Security" on LinkedIn pulls up a crop of spies who have copped to their "secret" jobs on the social network. This is essentially the Belgian equivalent of listing your position as "Top Secret Spy at the CIA" on LinkedIn.

Sophos's NakedSecurity independently verified that some of the culprits have active LinkedIn profiles. Take Pascale, who lists her job as a senior strategic analyst at OCAM, Belgium's Coordinating Body for Threat Analysis. Oh, and previously she worked for Belgian Defence!

According to NakedSecurity, a slew of people also list their employer as the Central Intelligence Agency, though the dude claiming to be an assassin who's posing with a Ben Franklin impersonator in his picture is probably just fucking with us.

Having an active social network footprint online can be dangerous for people with ties to intelligence agencies as "those members might become the targets of sophisticated phishing attacks by adversaries who use the publicly available information on LinkedIn and other social networks to learn more about the individuals and to construct a social graph of their professional and personal contacts," writes NakedSecurity.

Also, it makes you look silly.

It's unclear whether having a social media presence--particularly for low-level, not secret jobs--is against CIA policy in the U.S, though the Belgian security agency certainly wasn't happy about the news. We've reached out to the CIA and will update when we hear back.