The Register Columnists

Team Register

Contact Mail Follow RSS feed

Miniature car maker drops massive malware

Popular die cast car manufacturer Maisto has been slinging the deadly Angler exploit kit which in turn installs the Cryptxxx ransomware on victim machines. The site appears to have been compromised through an outdated Joomla content management system in what is likely the pseudo-darkleech campaign reported by Sucuri. …
Team Register, 03 May 2016

All US spy requests OK'd

Every single request by US g-men to carry out electronic surveillance in 2015 was approved by America's secret intelligence court. The US Foreign Intelligence Surveillance Court, which is supposed to oversee and scrutinize spying operations, received 1,457 requests from the NSA and FBI to tap people's communications – and …
Team Register, 02 May 2016
management intelligence

QNB confirms breach

Qatar National Bank has confirmed a customer data leak. News of the leak of customer data first emerged last week, as The Register reported. After first being deleted from its original drop-site, the 500 MB zipfile was posted to Cryptome.org. The following day, the bank said it was investigating the leak. The bank has now …
Team Register, 01 May 2016
Curser icon over a news paper folded

Slack pulls leaked creds

Messaging system Slack has plugged last week's chatbot vulnerability. As disclosed last week by Detectify, Slack developers creating custom corporate chatbots were leaving login access tokens in source code uploaded to Github. Slack has sent a response to Detectify, here, in which it says it is permanently deactivating the …
Team Register, 01 May 2016

True security means better response to hacks, not bigger walls to block hackers

PROMO It's not a matter of whether your digital infrastructure will be attacked: it's a matter of when. How you prepare for the inevitable is therefore critical. Earl Matthews, HPE's vice-president of enterprise security solutions, says you've got three choices when planning your security strategy. You can prioritise blocking …
Team Register, 29 Apr 2016

Neural network on a stick

Californian firm Movidius has released a neural computing USB stick. The firm's Myriad chip powers the likes of Google's Project Tango development kit and version two helps DJI’s flagship Phantom 4 drones helping it to better avoid obstacles. Moviduis also released the Fathom deep learning software framework which complements …
Team Register, 29 Apr 2016

Dentist reps ship malware

The American Dental Association has sent infected USBs to dentists. The gaffe reported in forums and spotted by KrebsonSecurity affected what is thought to be a small number of USB sticks sent out to help dentists track billing and insurance claims. The malware type is not revealed but the Association says antivirus should …
Team Register, 29 Apr 2016

Facebook gov slurp rise

The number of requests from governments for Facebook user records increased 13 per cent from the first half of 2015 to the second half of the year, we're told. According to the social network's latest transparency report, cops and g-men asked for people's account data 46,763 times in the six months to December 31. " …
Team Register, 29 Apr 2016

Mozilla slings Firefox patches at flaw found by GCHQ's infosec arm

In version 46 of its popular Firefox web browser, Mozilla has patched 10 vulnerabilities, some rated either critical or high severity, that permitted remote code execution. One of the patched high-severity flaws was burned reported by the Communications-Electronics Security Group (CESG), the information security limb of the UK …
Team Register, 28 Apr 2016
Daisywheel with Courier font

ASUS router vulns patched

Unauthenticated users can rip unsalted passwords from Asus routers. Critically the pwning of the high-end consumer routers requires users to enable anonymous access to FTP servers. Users can thanks to insecure default configuration access all sensitive parts of the system without the possibility of restrictions being …
Team Register, 28 Apr 2016
Building Dounreay Fast Reactor copyright Dounrea Site Restoration Ltd and Nuclear Decommissioning Authority

German nuke plant viruses

Malware managed to get into PCs at a German nuclear power station – but the software nasties weren't able to touch the systems running the reactors, we're told. Machines operating the power plant are air-gapped from the office computers, which is just as well because the latter systems, retrofitted in 2008, caught viruses …
Team Register, 27 Apr 2016
Man in woodworking workshop wearing headphones raises sign that reads "I'm not listening". Photo by Shutterstock

Speaking in Tech: Analysts suddenly realise OpenStack exists

Podcast speaking_in_tech Greg Knieriemen podcast enterprise Another week in tech, and another banter-packed episode of The Reg's one-and-only podcast. Join your your hosts, Greg Knieriemen, Ed Saipetch and Sarah Vela for everything you need to know about tech and the business of IT. This week, the whole gang is together to talk …
Team Register, 27 Apr 2016
malware_security_648

Gibraltar kids win UK CyberCenturion blue team hacker comp

A team of Gibraltar school kids have taken out the British CyberCenturion hacking competition at Bletchley Park. The student team, dubbed G-Sec, beat nine others to claim flags for identifying and patching flaws in a simulated online internet-of-things business saving it from equally imaginary attackers. G-Sec is a diverse …
Team Register, 27 Apr 2016

Facebook 'login hole'

Infosec biz Bitdefender says Facebook has patched a bug it found that potentially allowed miscreants to log into websites as other people. A hacker could create a Facebook account using an email address belonging to a victim, then at the right moment change the address to one controlled by the hacker to verify the contact …
Team Register, 27 Apr 2016
Live news illustration with microphones and cameras

Singapore's IoT data dump

Singapore's internet of things will detect visits to the bathroom. The island state's new "Smart Nation" project will deploy sensors everywhere for yet undescribed applications that will assist law enforcement, citizen health, cleanliness, and various efficiency matrices. The toilet-monitoring effort will be focussed on the …
Team Register, 27 Apr 2016
Facebook VR, photo by Facebook

Facebook's own TLS cert used by crooks in double logon phish

Netcraft security man Paul Mutton says phishers are using Facebook's TLS certificate to create a 'remarkably convincing' scam that would go unnoticed by most users. The phish uses an iframe to serve a Facebook verification form, but that form isn't from The Social NetworkTM. Instead, the form comes from an external Hostgator …
Team Register, 26 Apr 2016

Security: Are you throwing good money after bad?

PROMO Organisations invest billions on security every year. Yet hardly a day passes on which The Reg's Security channel doesn't have a new breach on which to report. Clearly, plenty of security investments are not delivering a return! How to make sure your money keeps you out of our headlines? Earl Matthews, HPE's vice-president …
Team Register, 26 Apr 2016
Man in a suit drinking tea out doors reading from his tablet

Stiffer piracy spankings

UK.gov may support heavier penalties for mass copyright infringement. A consultation asked whether the penalties for serious online infringement should be brought in line with those for offline infringement, which carry a potential 10 year sentence. The exercise was notable for generating many robo responses from people who …
Team Register, 22 Apr 2016

Logging on to United's frequent flyer site might take longer than a flight

United Airlines has renovated the security on its frequent flyer scheme "MileagePlus" by requiring users to answer one of five security questions and enter a password when they log on. The airline sent emails to customers requesting they update their security from weak, short PINs to complex passwords. The new codes require …
Team Register, 21 Apr 2016

Speaking in Tech: Comparing Apples to BlackBerrys and Cooks to Chens

Podcast speaking_in_tech Greg Knieriemen podcast enterprise Hosted by Greg Knieriemen, Ed Saipetch and Sarah Vela. This week, Greg is out while Ed and Sarah talk about Theranos, BlackBerry, phone hacking and hand dryers. Our special guest this week is Irfan Ahmad, CTO and co-founder of CloudPhysics – and an alumnus of both Transmeta …
Team Register, 20 Apr 2016

Google found 760,935 compromised web sites in a year

Google and university researchers say the tech giant found some 760,935 compromised websites across the web during a year-long research effort. Google's Eric Kuan; Yuan Niu; Lucas Ballard; Kurt Thomas, and Elie Bursztein joined the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson in writing Remedying Web …
Team Register, 19 Apr 2016

Hacking Team hole still unpatched, exploit pop doc claims

The hacker who claims responsibility for the flaying of Italian spyware-for-States firm Hacking Team says the vulnerability they used is yet to be patched and has detailed the process by which they claimed to have gained access to the huge trove of data and documents later dumped online. The details are contained in a post …
Team Register, 19 Apr 2016
Alarm clock

Could you deploy a new version of your business – EVERY WEEK?

PROMO ING Bank can deploy a new version of its systems ever week, agility that's a result of investments it's made in storage infrastructure from NetApp and plenty of hard work developing a DevOps culture. If you'd like to know how the bank does it, and how snapshotting and storage virtualisation has made it possible, sign up for …
Team Register, 18 Apr 2016

Who are you lot, anyway? The Register Profiler 2016

Survey Welcome to our annual reader profile survey, for which we would really appreciate your participation. The results of this survey enable us to understand your interests and preferences so we can bring you more of the content you want in the form you want it. We also use the information when talking to advertisers and sponsors …
Team Register, 18 Apr 2016

Russia sends exploit kit author to the GULAG for seven years

The author of the infamous "Blackhole" exploit kit has been sentenced to seven years in a Russian penal colony, local media report. Dmitry Fedotov, 29, also known as Paunch, was sentenced 12 April along with six other hackers who received between five-and-a-half and eight years for fraud offences, TASS news reported. Fedotov …
Team Register, 15 Apr 2016