John Leyden

Contact Mail Follow Twitter RSS feed

Teen whiz exposes WhatsApp profile pic privacy blunder bug

A privacy hole in WhatsApp allowed anyone to view someone else's profile photo – even if a user had configured the mobile messenger app to only show their pic to their contacts. The privacy slip-up, which came with the debut of WhatsApp’s newly-introduced web interface at web.whatsapp.com, was discovered by 17-year-old security …
John Leyden, 30 Jan 2015
Broken CD with wrench

UK official LOSES Mark Duggan shooting discs IN THE POST

Discs containing information from three sensitive police inquiries – two of which involved‪ highly controversial shootings in London, including that of Mark Duggan – ‬have gone missing after being sent through the post. Yeah, you read that right: sent through the post. The information covers probes into the role of the police in …
John Leyden, 30 Jan 2015
Grindr

Wham, bam... premium rate scam: Grindr users hit with fun-killing charges

Malicious ads from third parties have been piggy-backing on the gay dating app Grindr to run a premium rate number scam. Grindr blamed a third-party network for pushing the dodgy advert, which was withdrawn after representations from El Reg. We learned of the apparent scam after hearing from Tom, a UK-based Grindr user. "The …
John Leyden, 30 Jan 2015

What do China, FBI and UK have in common? All three want backdoors in Western technology

The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are …
John Leyden, 29 Jan 2015

Snowden reveals LEVITATION technique of Canada’s spies

Canada's very own intel agency has a program designed to track millions of downloads, according to the latest revelations from the Edward Snowden document leaks. The "Levitation" system gives analysts at the Communications Security Establishment (Canada's NSA) data on between 10-15 million uploads and downloads of files from …
John Leyden, 29 Jan 2015
padlock

IBM punts cryptotastic cloudy ID verification services

IBM is marketing cloud-based technology to help consumers better protect their personal data online. The technology – called Identity Mixer – uses a cryptographic algorithm to encrypt the certified identity attributes of a user, such as their date of birth, nationality, home address and credit card number in a way that allows …
John Leyden, 29 Jan 2015

I ain't afraid of no GHOST – securo-bods

The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security …
John Leyden, 28 Jan 2015

Anonymous: Snap on that Guy Fawkes mask, we're marching against child sex abuse

Hacktivist group Anonymous is calling for a day of protest against paedophiles who take advantage of their wealth and power to abuse children. Operation Death Eaters aims to rally people in preparation for a series of street protests, scheduled for Friday, 13 February. The campaign – which references disturbing cases in the UK …
John Leyden, 27 Jan 2015

Keylogger: Somebody STOP ME! Oh hang on, I just did

Developers of a range of commercial keyloggers have switched sides and begun marketing anti-keylogging technology. SpyShelter’s founder and lead developer, Janusz Siemienowicz, went from poacher to gamekeeper after discovering that none of the major security applications were able to detect and block against their own keyloggers …
John Leyden, 27 Jan 2015
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Facebook: Oi, Lizard Squad – we can take down our own site, ta

A technical cockup – rather than hostile hacker action – is apparently the reason Facebook, Instagram and other Web 2.0 sweethearts fell off the internet on Monday. Prankster hacking crew Lizard Squad was gloating over the downtime; Tinder also disappeared for a while during the outage of Facebook and its photo-sharing sister …
John Leyden, 27 Jan 2015

Snoopers' Charter amendments withdrawn – FOR NOW ...

The House of Lords rejected controversial last-minute amendments to the Counter-Terrorism and Security Bill in a debate on Monday. The amendments – which critics slammed as akin to those previously proposed, and which were rejected in the Communications Data Bill – were stapled onto the bill in a last minute move last Thursday …
John Leyden, 27 Jan 2015
A Wren reenactor at Bletchley

Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks

Feature Israel's intelligence agency, Unit 8200, has been a production line for hi-tech startups since the 1980s, a success British politicians are now seeking to emulate. Yet replicating that success in Blighty may be difficult because of cultural and environmental differences that may prove difficult to overcome. Cabinet Office …
John Leyden, 26 Jan 2015
Malaysia Airlines Boeing 777 9M-MRO

Lizard Squad threatens Malaysia Airlines with data dump: We DID TOO hack your site

Infamous hacktivists Lizard Squad are threatening to dump data they supposedly snatched during the process of defacing the website of Malaysia Airlines. Surfers visiting Malaysia Airlines (www.malaysiaairlines.com) website on Monday were confronted by a bragging message from Lizard Squad rather than flight timetables. The …
John Leyden, 26 Jan 2015

Hoaxer posing as GCHQ boss prank-calls PM Cameron

A hoax caller claiming to be GCHQ's chief spy was put through to UK Prime Minister David Cameron’s phone on Sunday. The caller pretended to be Robert Hannigan, director of the government's signal intelligence agency, but he apparently didn't fool the prime minister and the call was quickly terminated. A few days ago, Hannigan's …
John Leyden, 26 Jan 2015
Ransom note saying "Pay Up" in blackmail type

Panicked teen hanged himself after receiving ransomware scam email

An autistic 17-year-old college student has hanged himself after receiving a ransomware scam. Joseph Edwards was alarmed after receiving an email that falsely claimed he'd been spotted browsing illegal websites and needed to pay £100 (payable in Ukash electronic money) or face being prosecuted. The email pushing the well-known …
John Leyden, 23 Jan 2015

Nice SECURITY, 'Lizard Squad'. Your DDoS-for-hire service LEAKS

A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users' login credentials. The LizardStresser DDoS-on-demand service – a booter service powered by hacked home routers – is hopelessly insecure. Details of more than 14,000 prospective users - whose passwords and usernames were …
John Leyden, 19 Jan 2015
North Korean leader Kim Jong-un

Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*

+Comment For those still wondering why US President Barack Obama and the FBI have so confidently blamed North Korea for the Sony Pictures hack, it's apparently because the NSA compromised the secretive country's computer network years before – giving American intelligence a front-row seat for subsequent shenanigans. The New York Times …
John Leyden, 19 Jan 2015
Purported iPhone on the cover of a 2006 issue of the French publication, 20 Minutes

IT cock-up – not jihadi DDoS – fingered for French web media blackout

Several prominent ‪French news websites‬ fell off the web on Friday for several hours in what's looking like a technical failure rather than a denial-of-service attack. It was, at first, assumed Islamist miscreants had attacked the sites, lashing out in anger at press coverage of the C‪harlie Hebdo‬ killings. Le Parisien ( …
John Leyden, 17 Jan 2015
Night scene of bank station in central london

Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Poor communication between boards and front-line management as well as a growing reliance on legal remedies mean UK companies are still falling short when it comes to cyber-security. A KPMG survey of FTSE 350 firms found that 61 per cent of board members reckoned they had a decent understanding of their company’s key information …
John Leyden, 16 Jan 2015
Canada Day celebration

Go Canada: Now ILLEGAL to auto-update software without 'consent'

Installing computer programs without consent became a civil offence punishable by fines in Canada this week. Under the new regulations that form part of Canada's anti-spam legislation, it is now illegal for a website to automatically install software on a visitor's computer or for an app on your phone to be updated without first …
John Leyden, 16 Jan 2015
The future of air war

US and UK declare red-team CYBER WAR – on EACH OTHER

The US and the UK are planning a series of joint war games involving cyber-warriors from either side attacking each other in a bid to expose security weaknesses before they are abused by criminal hackers or hostile governments. The exercises, which will initially test the security defences and procedures at banks on Wall Street …
John Leyden, 16 Jan 2015
Angry woman on mobile

Jammin', we know you hate jammin' too: Marriott U-turns on guest Wi-Fi ban

Marriott has lifted a ban on personal Wi-Fi hotspots in its hotels. Citing concerns about rogue wireless hotspots, Marriott disrupted guests' Wi-Fi networks by flooding the aether with disassociation packets. The move – which meant that guests and conference delegates were obliged to use the (expensive) Marriott-supplied Wi-Fi …
John Leyden, 15 Jan 2015
Don Draper is sad

Spammers set their sights on WhatsApp – that's that ruined then

Mobile spam is spreading from SMS channels towards mobile messaging apps such as WhatsApp, according to mobile security provider and specialist AdaptiveMobile. The company believes spammers have switched tactics over recent months in order to bypass existing mobile spam filters. App spam is particularly prevalent in mature …
John Leyden, 15 Jan 2015
North Korean leader Kim Jong-un

Kim Jong-Un shoot-em-up Glorious Leader! yanked

Game developer Money Horse Games has blamed vandals – supposedly inspired by the recent breach against Sony Pictures – for hacking into development servers used for a game featuring Kim Jong-Un and irreparably trashing its data. Glorious Leader!, a shoot-em-up, was due to feature North Korea's leader squaring off against the US …
John Leyden, 15 Jan 2015
IEEE 1905.1 home

It's 2015 and home routers still leave their config web servers wide open

Broadband routers from ADB Pirelli – used by Movistar in Spain and an ISP in Argentina – are vulnerable to at least two nasty security weaknesses, it's claimed. The ADB Pirelli ADSL2/2+ Wireless Routers can be trivially controlled remotely from across the internet, allowing someone to surreptitiously monitor or disrupt home …
John Leyden, 15 Jan 2015
anonymity

It's hacker jihad: Islamist skiddies square up to Anonymous

An online spat is developing between Islamist and pro-Western hacktivists. Sections of infamous hacker collective Anonymous launched #OpCharlieHebdo last week in responses to terrorist attacks that killed 17 in Paris, including 10 cartoonists and journalists and two police constables in and around the offices of French satirical …
John Leyden, 14 Jan 2015
blackmail

DANGER: Is that 'hot babe' on Skype a sextortionist?

North Yorkshire police have issued a general warning after three men in the York area fell victim to sextortionists. Someone posing as a woman called Cathy Wong befriended each of the victims on Facebook before asking them to Skype her. During the online chat session, she enticed each of them into performing an indecent act, …
John Leyden, 14 Jan 2015

'80s hacker turned journo, IT crime ace Steve Gold logs off

Obit Steve Gold, a former hacker who became a respected information security journalist, has died following complications from heart surgery. Tributes to Gold from the tight-knit UK security and publishing communities have been pouring in following his death, aged 58. Gold unwittingly became famous in the mid '80s when he …
John Leyden, 13 Jan 2015

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers

Miscreants have forged a strain of malware which is capable of bypassing authentication on Microsoft Active Directory (AD) systems. Hackers can use arbitrary passwords to authenticate as any corporate user, Dell SecureWorks warns. The malware, dubbed Skeleton Key, is deployed as an in-memory patch on a victim’s AD domain …
John Leyden, 13 Jan 2015
Boeing's CST-100 space capsule

Big Yellow brings in Boeing bods to bolster Big data bid

Symantec is acquiring 65 security engineers from Boeing as a part of a deal to beef up its expertise in Big Data, prior to a split between its security and storage divisions later this year. As part of the deal Big Yellow is also licensing technology from Boeing's Narus security division, which develops network-monitoring …
John Leyden, 13 Jan 2015
Android 4.1 Jelly Bean

I don't think you're ready for this Jelly: Google pulls support for Android WebView

Google has decided to end support for older versions of Android WebView, the default web browser on 'droid devices. This will apply to users running 4.3 or earlier versions of its Android smartphone OS. It has decided instead to invite securobods to fix the problem, saying it "welcome(d) patches with the report for …
John Leyden, 12 Jan 2015
Games for Windows Marketplace

Boomerang rebound: Site shut amid credit card securo-fears

Video game rental company Boomerang Rentals has pulled down the shutters on its websites amidst unconfirmed concerns that it have may have suffered a security breach that spilled customers' credit card details. Boomerang's homepage has been "down for maintenance" since Sunday. The move followed multiple customers reporting …
John Leyden, 12 Jan 2015
Pwned

Had a data breach? Well, SPEAK UP, big biz – Obama

The White House is lobbying Congress to pass a breach disclosure law, forcing firms to admit security breaches within 30 days in cases where customer data has leaked. The legislative push comes in the wake of high-profile breaches at retailers including Target and Home Depot, highlighting a lack of uniform breach disclosure …
John Leyden, 12 Jan 2015

Anonymous vows to avenge Charlie Hebdo massacre by blitzing jihadist sites

Some members of Anonymous have vowed to avenge the Charlie Hebdo killings in Paris by taking down jihadist websites. A video uploaded to the web by the group's Belgian wing also promises to scrub social networks of accounts promoting violent jihad. A statement announcing Op Charlie Hebdo, addressed to “enemies of freedom of …
John Leyden, 09 Jan 2015

Microsoft patch batch pre-alerts now for paying customers ONLY

Microsoft is facing fierce criticism over its decision to make pre-notification of upcoming patches available only to paid subscribers. The Advance Notification Service (ANS) formerly made information on upcoming software patches available to the public but from now on the information will be restricted to “premier” customers …
John Leyden, 09 Jan 2015
Silhouette of spy discerning password from code uses a command on graphic user interface

MI5 boss: We NEED to break securo-tech, get 'assistance' from data-slurp firms

MI5's recently appointed boss has placed the ability to intercept communications at the centre of the security agency's counter-terrorism efforts. Andrew Parker's most detailed justification of the controversial surveillance programmes by GCHQ and the NSA, came in a pre-planned speech (transcript here) to the Royal United …
John Leyden, 09 Jan 2015
President Putin on horseback

Ukraine PM: Hacktivists? C'mon! Russian spies attacked Gov.DE

A pro-Russian group has claimed responsibility for attacks that floored German government websites on Wednesday, although Ukraine's PM is pointing the figure at Russia itself. ‪Hacktivists from CyberBerkut‬1 blockaded the websites of the Bundestag and Chancellor Merkel's office, demanding Berlin end support for the Ukrainian …
John Leyden, 08 Jan 2015

Sony boss: Nork megahack won't hurt our bottom line

Sony’s chief exec Kazuo Hirai has predicted no major financial impact on the entertainment conglomerate after the recent cyber-attack on its Sony Pictures movie studio division. "We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas, Reuters reports. "However …
John Leyden, 08 Jan 2015
Pretty woman looks miffed. Copyright: Danil Nevsky via Shutterstock http://www.shutterstock.com/pic.mhtml?id=149618984&src=id

Aw, don't be iDict! Apple kills brute force iCloud cracker

Apple has applied a security update that breaks a recently distributed iCloud hacking tool that took advantage of the flaw that led to the mass hack of nudie pics belonging to celebs including Jennifer Lawrence and Kate Upton. iDict was purportedly created to force Cupertino into belatedly fixing a wide open security flaw most …
John Leyden, 07 Jan 2015

Burglars' delight no more: Immobilise UK secures property list

Security flaws that left millions of records on the Immobilise UK National Property Register website wide open to snooping have been identified and removed. Security consultant Paul Moore uncovered flaws that meant it was possible to access other members' records. The Immobilise site allows consumers to add details of valuables …
John Leyden, 07 Jan 2015
Two Playmobil figurines hassled by airport security

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official

Paris airport security went one step further than simply asking a security expert to power up her laptop - they requested she type in her password to decrypt her hard drive and log into the machine. Katie Moussouris, chief policy officer at HackerOne, and best known as the woman behind Microsoft's Bug Bounty Program, was en …
John Leyden, 06 Jan 2015
Angry old man

A Cambridge boffin told me YOU'RE A BIG, FAT LIAR

Cambridge University boffins have begun exploring an alternative to the traditional polygraph approach to detecting liars and cheats. Instead of calculating variations in a person's respiration, pulse and sweat production, the fib-detecting tech looks at the subject's body movements. As a first stage in investigating the …
John Leyden, 06 Jan 2015
Shaun of the dead zombies cricket bat movie still. Copyright Universal Pictures

Finnish bank takes cricket bat to wave after wave of DDoS varmints

Finnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve. OP was forced to restrict access to its services from outside the Nordic country as a result of the attack. The motive for the attack, much less the perpetrators' identity, remain unclear. …
John Leyden, 05 Jan 2015
BUS SPOTTERS SPOT BLUESTAR

Islamic script kiddies aim killer blow - at Bristol bus timetable website

Bristol residents looking for bus and train timetables were confronted by a message from Islamic militants following a defacement of the TravelWest website. A self-styled "Arab Security Team" called Darkshadow sprayed digital graffiti on Bristol-based travel information website www.travelwest.info. Local reports speculate that …
John Leyden, 02 Jan 2015
The Queen Mother by Phil Houghton

Sony-blasting Lizard Squad suspects quizzed by UK and Finnish cops

UK police have arrested a suspected member of the infamous Lizard Squad crew. The 22-year-old from Twickenham, south-west London, was arrested by police on Tuesday, and questioned about alleged fraud against PayPal as well as claims he is reportedly linked to Lizard Squad – a group of cyber-miscreants who made headlines …
John Leyden, 02 Jan 2015
B&W film still of man with electric drill.

'Lizard Squad' launches commercial DDoS tool

Debilitating Christmas attacks against Xbox Live and PlayStation gaming networks have been used by people claiming to be the hackers behind them as a promotional tool for a commercial cyberattack service. "Lizard Squad" is selling DDoS services at $6 a month, Venture Beat and others report, via a tool called LizardStresser. The …
John Leyden, 02 Jan 2015
James Franco and Seth Rogen in The Interview

Stale pizza, backup BlackBerrys, payroll panic: Sony Pictures mega-hack

Sony Pictures has revealed a behind-the-scenes look at how it handled its recent megabreach to select media outlets. Extensive accounts of the unfolding disaster by the New York Times, Wall Street Journal (here) and elsewhere reveal that Michael Lynton, the studio’s chief executive, communicated with other senior execs using …
John Leyden, 31 Dec 2014
The Office

Office MACROS PERIL! Age-old VBScript tactic is BACK in biz attack

The dangers of allowing Office macros have been underlined by a newly discovered attack against European and Israeli companies. Malicious Office macros were used as the launchpad of the so-called RocketKitten attacks presented at this year's Chaos Communication Congress hacking conference (stream here, relevant material starts …
John Leyden, 31 Dec 2014
Grumpy cat

NORKS? Pffft. Infosec bods BLAME disgruntled insiders for savage Sony hack

The FBI has reportedly mulled the possibility that disgruntled ex-employees or hacktivists, rather than North Korea, could have been behind the devastating hack of Sony Pictures. Infosec bods remain deeply sceptical of the official line that Norks breached the film studio's systems as a reprisal for Sony’s production of a …
John Leyden, 30 Dec 2014

German minister photo fingerprint 'theft' seemed far too EASY, wail securobods

Claims that fingerprints can be cloned from pictures are being taken seriously by security experts, who argue that any possible hack underlines the fragility of the biometric technique. Hacker Jan "Starbug" Krisller cloned the thumbprint of the German Defence Minister Ursula von der Leyen after photographing her hand at a press …
John Leyden, 30 Dec 2014