The Register Columnists

SecurityFocus

Contact Mail Follow RSS feed
plaster_75

Apple patches critical iTunes bug

In all the hoopla surrounding Apple's announcement of its revamped line of iPods on Wednesday, many users might have missed the company's update to iTunes, which includes a fix for a serious security flaw. The update, which brings the consumer technology company's iTunes music software to version 7.4, adds the ability to turn …
SecurityFocus, 07 Sep 2007

Monster warns victims and pledges better defense

Monster Worldwide, the owner of employment search site Monster.com, last week began notifying the estimated 1.3 million users affected by a breach that leaked résumé information and pledged to beef up network monitoring and defenses to prevent such a leak from happening again. As reported by SecurityFocus, a malicious Trojan- …
SecurityFocus, 03 Sep 2007
Firefox

Mozilla confirms own URL handling bug

The Mozilla Foundation acknowledged over the weekend that its own Firefox browser allows links that can send malicious code to external programs, a security issue that the group had previously argued should be fixed by the browser maker. In early July, three researchers found a way to execute code in Firefox - and potentially …
SecurityFocus, 25 Jul 2007
channel

Start-up seeks to spin a safer web

File-sharing software that installs adware, websites that attempt to compromise a visitor's computer, and free downloads that install a host of other unwanted software - the web has become a confusing and sometimes dangerous place for the average home user. A group of graduates from the Massachusetts Institute of Technology ( …
SecurityFocus, 13 Feb 2006
arrow pointing up

Apple's in the eye of flaw finders

At the recent ShmooCon hacking conference, one security researcher found out the hard way that such venues can be hostile, when an unknown hacker took control of the researcher's computer, disabling the firewall and starting up a file server. While such compromises have become common in the Windows world, this time the computer …
SecurityFocus, 08 Feb 2006
graph up

Good worms back on the agenda

ARLINGTON, Virginia - A researcher has reopened the subject of beneficial worms, arguing that the capabilities of self-spreading code could perform better penetration testing inside networks, turning vulnerable systems into distributed scanners. The worms, dubbed nematodes after the parasitic worm used to kill pests in gardens …
SecurityFocus, 30 Jan 2006
channel

Researchers say rootkits are headed for BIOS

Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory, researchers said on Wednesday at the Black Hat Federal conference. A collection of functions for power management, known as the Advanced Configuration and Power …
SecurityFocus, 27 Jan 2006
homeless man with sign

Bot herder pleads guilty to 'zombie' sales

A 20-year-old California man has pleaded guilty to federal charges that he sold access to networks of compromised PCs and made money from illicitly installed adware, prosecutors announced on Monday. Jeanson James Ancheta of Downey, California, entered a plea of guilty to four of the original 17 charges in the case, according to …
SecurityFocus, 24 Jan 2006
channel

Data security moves front and center in 2005

High-profile leaks of financial data left more than 50 million accounts containing credit card information and, in some cases, confidential details at risk in 2005. Phishing attacks, targeted Trojan horses and web-based exploits compromised millions of PCs last year to create centrally controlled networks known as bot nets. …
SecurityFocus, 03 Jan 2006
graph up

Microsoft launches anti-virus public beta

Microsoft has released a free beta of its upcoming anti-virus application. According to Microsoft, the new anti-virus application known as Windows OneCare Live consumer beta is "like taking your PC in for a tune up at the service station". The release is part of the forthcoming Windows OneCare set of deliverables, and yesterday …
SecurityFocus, 01 Dec 2005
fingers pointing at man

Bavarian police have spooky Sober moment

Bavarian police issued a press release that warned of new Sober.worm virus variants, just one day before three new variants appeared. In a bizarre set of circumstances, Bavarian Police have issued a press release (translated version) that not only warns of new Sober.worm virus variants, but also includes the email text that …
SecurityFocus, 16 Nov 2005
fingers pointing at man

Sony BMG faces digital-rights seige

The criticism of music giant Sony BMG Music Entertainment and its surreptitious copy protection software went up an octave this week as attorneys and law firms readied nearly a half dozen legal complaints against the company on behalf of consumers. Ten days after two security researchers took Sony BMG to task for its invasive …
SecurityFocus, 11 Nov 2005
hands waving dollar bills in the air

Busy signal at 911?

A software update on Monday night left Louisville residents unable to call 911 for help. For 2 hours the 32 phone lines were jammed, with dispatchers unable to disconnect the calls they had taken previously. The error was related to the enhanced 911 system, designed to show dispatchers the addresses and telephone numbers of …
SecurityFocus, 11 Nov 2005
channel

World of Warcraft hackers using Sony BMG rootkit

Want to cheat in your online game and not get caught? Just buy a Sony BMG copy protected CD. World of Warcraft hackers have confirmed that the hiding capabilities of Sony BMG's content protection software can make tools made for cheating in the online world impossible to detect. The software - deemed a "rootkit" by many …
SecurityFocus, 04 Nov 2005
chart

Hidden DRM code's legitimacy questioned

The latest headache for security professionals has become a secret weapon in the battle between copyright owners and their customers. This week, two research groups independently and separately reported that music giant Sony BMG has used software hiding techniques more commonly found in rootkits to prevent removal of the …
SecurityFocus, 03 Nov 2005
channel

Crypto gurus hash out future

Encryption experts met in Gaithersburg, Maryland, this week to discuss retiring the SHA-1 hashing algorithm and creating a stronger version of the cryptographic workhorse. Over the past eighteen months, significant breaks of the Secure Hash Algorithm, SHA-1, have left confidence in the crypto algorithm essentially shattered. …
SecurityFocus, 03 Nov 2005
arrow pointing up

Web defacer sentenced, facing deportation

Rafael Nuñez-Aponte will soon be going home to Caracas after spending seven months in a U.S. jail for compromising a computer belonging to the Department of Defense, but only if the National Aeronautics and Space Administration decides not to pursue charges against him. Last week, a U.S. district court sentenced the Venezuelan …
SecurityFocus, 27 Oct 2005
The Register breaking news

DirecTV hacker sentenced to seven years

A Canadian man was sentenced to seven years in a US prison this week after admitting he led a sophisticated satellite TV piracy ring that produced and sold thousands of hacked smart cards in the US and Canada. Martin Mullen, 50, was also ordered to pay DirecTV and its smart card provider NDS Ltd. $24m in restitution. Mullen …
SecurityFocus, 11 Dec 2004
The Register breaking news

Defences lacking at social network sites

Services like LiveJournal and Tribe are poised to be the next big thing on the Web in 2004, but their security and privacy practices are more like 1997, writes Annalee Newitz. Brad Fitzpatrick is president of LiveJournal.com, a social discovery Web site where over 1.5 million users post diary entries they want to share with …
SecurityFocus, 02 Jan 2004
The Register breaking news

Verisign's SiteFinder finds privacy hullabaloo

Privacy advocates have joined the chorus of critics of Verisign's "SiteFinder," which on Monday began directing mistyped dot-com and dot-net e-mail and Web addresses to a pay-for-play search site operated by the company, writes SecurityFocus' Deborah Ratcliff. On Wednesday, Boston-based Internet security and privacy consultant …
SecurityFocus, 19 Sep 2003
The Register breaking news

Jailbird appeals in bug disclosure case

Bret McDanel already served his 16 months in federal prison for violating the Federal Computer Fraud and Abuse Act. Now he wants to clear his record, writes Deborah Radcliff of SecurityFocus. McDanel was wrongly convicted under the federal computer fraud statute, criminal code 18 U.S.C. 1030, claims a 62-page appeal filed on …
SecurityFocus, 08 Aug 2003
The Register breaking news

The Hackers Who Broke Windows

The Last Stage of Delirium, the hacking group that laid open nearly every version of the Windows operating system last week, could use a little sleep, writes Deborah Radcliff of SecurityFocus. Since going public with the RPC buffer overflow bug that some are describing as the worst Windows security hole in history, the group has …
SecurityFocus, 25 Jul 2003
The Register breaking news

Congress aims SODA at DoJ snooping

The U.S. government's most secret class of Internet spying, telephone wiretaps and physical searches would become slightly less secret under legislation proposed this week reflecting lawmakers' growing unease with the Justice Department's use of expanded surveillance powers. The Surveillance Oversight and Disclosure Act (SODA) …
SecurityFocus, 16 Jun 2003