Iain Thomson

Contact Mail Follow Twitter RSS feed
Logo of fake terror organisation 'The Mandarin' from Iron Man 3

Shock! Hackers for medieval caliphate are terrible coders

DerbyCon An analysis of the hacking groups allying themselves to Daesh/ISIS has shown that about 18 months ago the religious fanatics stopped trying to develop their own secure communications and hacking tools and instead turned to the criminal underground to find software that actually works. Kyle Wilhoit, a senior security researcher …
Iain Thomson, 25 Sep 2017

Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

DerbyCon Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday. More and more infosec software makers now include legal language in their T&Cs insisting that their products cannot be tested for usefulness if …
Iain Thomson, 22 Sep 2017
casino_security_648

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

DerbyCon A sprinkle of code and an understanding of the Windows digital certificate process is all that's needed for a miscreant to sneak malware past Microsoft's application whitelist within a corporate environment. In a keynote address at the DerbyCon hacking conference in Kentucky, USA, on Friday, Matt Graeber, a security researcher …
Iain Thomson, 22 Sep 2017

IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack

An IT contractor is facing a possible decade behind bars in America for planting a ticking "destructive" time bomb in US military systems. After a three-day trial this week, Mittesh Das, 48, of Atlanta, Georgia, was found guilty by a jury in North Carolina of knowingly transmitting malicious code with the intent of causing …
Iain Thomson, 22 Sep 2017
Judge with gun

Slain: Unions' US OPM mega-hack lawsuit against Uncle Sam

A lawsuit brought against the hacker-ransacked Office of Personnel Management on behalf of US federal employees has been killed. On Wednesday, Judge Amy Berman Jackson ruled in a District of Columbia court that the case, brought by the American Federation of Government Employees and the National Treasury Employees Union, could …
Iain Thomson, 21 Sep 2017
Image: Seinfield. Credit: NBC.

Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message. When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set …
Iain Thomson, 21 Sep 2017
password

AI slurps, learns millions of passwords to work out which ones you may use next

Eggheads have produced a machine-learning system that has studied millions of passwords used by folks online to work out other passphases people are likely to use. These AI-guessed passwords could be used with today's tools to crack more hashed passwords, and log into more strangers' accounts on systems, than ever before. …
Iain Thomson, 20 Sep 2017
Johnny English

Inept bloke who tried to sell military sat secrets to Russia gets 5 years

A contractor who tried to sell trade secrets on military communication satellites to the Russians has been sent down for five years. Incredibly, it could have been longer after prosecutors alleged that he was also planning to kill his wife. On Monday, California District Judge George Wu threw Gregory Allen Justice, 50, behind …
Iain Thomson, 19 Sep 2017
bucket

Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

Updated Media monster Viacom has been caught with its security trousers down. Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company's IT systems. The data store, found by Chris Vickery, director of Cyber Risk Research at security shop …
Iain Thomson, 19 Sep 2017
prison

Sexploitation gang thrown in clink for 171 years after 'hunting' kids online and luring them in front of webcams

Four men have joined their two accomplices behind bars for tricking young girls into performing sex acts online so they could film them. The six were charged in Michigan, USA, with 28 counts [PDF] of producing and viewing child abuse images, engaging in a child exploitation enterprise, conspiracy to access with intent to view …
Iain Thomson, 19 Sep 2017
HI-SEAS

NASA Earthonauts emerge from eight-month isolation in simulated Mars visit

Video Six would-be Mars colonists have emerged from eight months of isolation on top of a Hawaiian volcano as part of preparations for an eventual manned mission to the Red Planet. The six members of the fifth Hawai'i Space Exploration Analog and Simulation (HI-SEAS) experiment were sealed in a solar-powered geodesic dome with …
Iain Thomson, 18 Sep 2017
Stanislav Petrov

RIP Stanislav Petrov: Russian colonel who saved world from all-out nuclear war

Obit Stanislav Petrov, one of the unsung heroes of the Cold War without whose guts and intelligence you wouldn't be reading this, has died at the age of 77, his son has confirmed. Petrov was a former Lieutenant Colonel in the Soviet Air Defence Forces and was duty commander for the USSR rocket forces on September 26, 1983. His job …
Iain Thomson, 18 Sep 2017
Horse

Senators call for '9/11-style' commission on computer voting security

Two US senators on Friday introduced legislation to set up the National Commission on the Cybersecurity of the United States Election Systems, to examine the possibility that people tried to hack the 2016 election. The commission would examine the evidence to see if the Russians, or someone else, actively tried to hack the …
Iain Thomson, 15 Sep 2017

Google to kill Chrome autoplay madness

Google has promised to end the infuriating autoplay of videos in its Chrome browser – but with a heap of exceptions that may actually make the problem worse. Most internet users have suffered from having sound blaring out from one browser tab while looking at a different one. Although Google made it easier to find the …
Iain Thomson, 15 Sep 2017
malware

Another month, another malware outbreak in Google's Play Store

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system. The malware was dubbed ExpensiveWall by Check Point security researchers because it was found in the Lovely Wallpaper app. It carries a payload …
Iain Thomson, 15 Sep 2017
Elon Musk. Picture by Dan Taylor / Heisenberg Media, licensed under CC 2.0 https://creativecommons.org/licenses/by/2.0/

SpaceX releases Pythonesque video of rocket failures

Video Elon Musk is succeeding in his ambition to make space launches boringly reliable, but it still understands that people like to watch things blowing up. To that end, SpaceX has released a video entitled "How Not to Land an Orbital Rocket Booster," showing footage of all the times its rockets didn't quite make the grade. …
Iain Thomson, 14 Sep 2017
Shkreli

Facebook posts put Pharma Bro Martin Shkreli in prison as a danger to society

Martin Shkreli, the obnoxious smirking hedge fund manager nicknamed Pharma Bro, is going to jail after a series of Facebook posts convinced a judge that he's a menace to society. No, he wasn't extolling the joys of raising prices on AIDS drugs by 5,000 per cent, or talking about his conviction last month for multiple counts of …
Iain Thomson, 13 Sep 2017
dog

Pennsylvania cops deploy electronics sniffer dog to catch child abusers

Sniffer dogs have been used to detect drugs and explosives for years, but now Delaware police have a new type of K-9 – one trained to sniff out hard drives and electronic storage devices. The doggy detective, a two-year-old female Labrador retriever named Charlie, has been trained to detect the chemicals used in the …
Iain Thomson, 13 Sep 2017
stop

Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

Despite pending legislation to ban US federal government offices from using Kaspersky Lab security software, Homeland Security has issued a Binding Operational Directive demanding that the products be removed within 90 days. The directive gives government IT managers 30 days to identify which – if any – of their systems have …
Iain Thomson, 13 Sep 2017
tablet

Apple's adoption of Qi signals the end of the wireless charging wars

Apple's keynote may be good news for fans of its products, but it must have made grim listening for members of the Airfuel Alliance. For nearly a decade there has been a standards war going on in the wireless power field, initially between three competing technologies but latterly two groups – the Airfuel Alliance and the …
Iain Thomson, 12 Sep 2017
Justin Liverman

Crackas With Attitude troll gets five years in prison for harassment

A member of the short-lived Crackas With Attitude hacking troupe has received five years in prison, despite the fact that he hadn't actually hacked any accounts himself and had accepted a plea deal. Justin Liverman was sentenced to 60 months inside by Judge Gerald Bruce Lee in the Federal Court of the Eastern District of …
Iain Thomson, 11 Sep 2017
best buy

Red panic: Best Buy yanks Kaspersky antivirus from shelves

Updated US big box retailer Best Buy has pulled from its shelves Kaspersky Lab's PC security software amid fears of Kremlin spies using the antivirus tool to snoop on Americans. Despite there being no concrete evidence to indicate that the security software is a threat, the retail chain is ending its long relationship with Kaspersky, …
Iain Thomson, 08 Sep 2017
Soup Nazi

Scotiabank internet whizzkids screw up their HTTPS security certs

The team behind Scotiabank's Digital Banking Unit isn't impressing some customers, after forgetting to renew the security certificates for their own website. The DBU was set up last year to sell "world class digital solutions" to electronic banking customers around the world. But Jason Coulls, CTO of food safety testing …
Iain Thomson, 08 Sep 2017
window

Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure

A design flaw within the Windows kernel that could stop antivirus software from recognizing malware isn't going to be fixed, Microsoft has said. The issue, spotted this week by enSilo security researcher Omri Misgav, lies within the system call PsSetLoadImageNotifyRoutine, which has been part of Microsoft's operating system …
Iain Thomson, 08 Sep 2017
Rage

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Vid Global credit reporting agency Equifax admitted today it suffered a massive breach of security that could affect almost half of the US population. In a statement, the biz confessed that hackers managed to get access to some of its internal data in mid-May by exploiting a vulnerable website application. They remained on the …
Iain Thomson, 07 Sep 2017

Biting the hand that feeds IT © 1998–2017