John Leyden

Contact Mail Follow Twitter RSS feed
Hilary Clinton by https://www.flickr.com/photos/jeepersmedia/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Hacker chancer looking for $500,000 after offering Clinton emails for auction

A hacker, claiming to be in possession of former US Secretary of State Hillary Clinton's secret emails, plans to auction them off, hoping to make at least $500,000 from the sale. The unnamed “computer specialist” told US-based entertainment publication RadarOnline that 32,000 emails from Clinton's private server are on offer …
John Leyden, 04 Sep 2015
Blackmail

Ashley Madison hack miscreants may have earned $6,400 from leak

Some blackmail attempts against victims of the ongoing Ashley Madison saga resulted in several – albeit modest – pay outs, according to new research. Extortionists seized on the data dump of the cheaters’ website database last month with demands to pay up, or risk having their friends and family told about their dalliances, as …
John Leyden, 03 Sep 2015

Malvertising attack menaces Match.com users with tainted love

Update Security researchers have uncovered a malvertising attack run over ad networks and aimed at users of dating site Match.com. The tainted ads are mainly targeting UK users, security firm Malwarebytes warns. Match.com's servers themselves have not been breached. The latest attack follows a similar assault against Match's sister …
John Leyden, 03 Sep 2015

IoT baby monitors STILL revealing live streams of sleeping kids

Internet-connected baby monitors are riddled with security flaws that could broadcast live footage of your sleeping children to the world and his dog, according to new research. Mark Stanislav, a security researcher at Rapid7, discovered numerous security weaknesses and design flaws after evaluating nine different devices from …
John Leyden, 03 Sep 2015
ISIS fighters

Turkey cites crypto software find in terror charges against TV crew

Possession of an encryption program used by jihadists is being cited of evidence against two Vice News journalists and a local fixer / translator arrested in Turkey, who now face terror-related charges. British journalist Jake Hanrahan, cameraman Philip Pendlebury and their local assistant were picked up last week in …
John Leyden, 02 Sep 2015
android_toys_648

Chinese mobe market suffers pre-pwned Android pandemic

Security researchers have discovered more examples of pre-installed malware on Android smartphones. G DATA found that more than two dozen phones from different manufacturers were already compromised straight out of the box. Kit from manufacturers including Huawei, Lenovo and Xiaomi have pre-installed espionage functions in …
John Leyden, 02 Sep 2015
man_from_uncle_648

Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …
John Leyden, 02 Sep 2015
VR

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not

Fears that malware is hiding in people's graphics chipsets may be overclocked, according to Intel Security. Earlier this year, researchers from the self-styled “Team JellyFish” released a proof-of-concept software nasty capable of exploiting GPUs to swipe passwords and other information typed in by a PC's user. The same …
John Leyden, 01 Sep 2015

Mashed together malware threatens Japanese online banking users

Customers of Japanese banks are on the front line of attacks based on a new and sophisticated banking trojan, mashed together from leaked bits of malware code. Shifu (named after the Japanese word for thief) is targeting 14 Japanese banks as well as electronic banking platforms used across Europe, according to security …
John Leyden, 01 Sep 2015

Ashley Madison: ‘Our site is full of women, and members are growing’

Embattled adultery website Ashley Madison has launched a rearguard action, claiming new sign-ups and more female members in the aftermath of July’s megahack. Self-styled “King of Infidelity” Noel Biderman quit as chief exec of Avid Life Media, the parent firm of Ashley Madison, on Friday. To recap, all hell has broken loose …
John Leyden, 01 Sep 2015
GHOST vulnerability

Drum roll, please .... Results are in for the collective noun for security vulns

We've closed the poll, and the results for our attempts to weed out candidates for a collective noun for security vulnerabilities are in. To recap: the recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, was required. We …
John Leyden, 28 Aug 2015

Spaniard claims WWII WAR HERO pigeon code crack. Explain please

A 22-year old Spaniard claims that he's cracked a previously unsolved WWII coded message. Others have claimed this before and there's nothing particularly solid to back up the latest effort, but let's have a look at it anyway. Dídac Sánchez claims that he had cracked the encryption scheme used in the last undeciphered message …
John Leyden, 28 Aug 2015
id4_white_house_648

Manchester skeptics annexed in hostile digital power grab

The Greater Manchester Skeptics Society (GMSS) has been obliged to start up a new group on Meetups.com, after someone with a very different agenda took over its profile on the social networking site. A glitch with the renewal of GMSS' Meetup Subscription allowed a non-committee member called "Sophie" (not her real name, we are …
John Leyden, 28 Aug 2015

Vote now: Who can solve a problem like Ashley Madison?

Poll Avid Life Media – the owner of hookup site Ashley Madison – has weeks-old openings for a data analyst and a senior system administrator. The opportunities (noticed by Vulture-eyed Reg staffers) got us thinking about who in the wide world of tech is capable of righting the hacker-raided Tinder-for-cheaters site, which has …
John Leyden, 27 Aug 2015
Hacked US CENTCOM Twitter account

Fugitive UK hacker turned ISIS recruiter killed in Syria

Junaid Hussain, the UK fugitive hacker turned ISIS recruiter, has reportedly been killed in a US drone strike in Syria. The former member of hacking group TeaMp0isoN (nickname TriCk) was jailed in 2012 for hacking into the email account of an aide to Tony Blair and subsequently posting contact details and personal information …
John Leyden, 27 Aug 2015
Eve in the Garden of Eden talking to a rather angry God on Snapchat

Ins0mnia bug means malicious iOS apps WILL NEVER DIE

A newly discovered vulnerability allows an iOS application to continue to run for an unlimited amount of time, even if an application gets terminated by a user. The flaw – dubbed Ins0mnia – potentially allows any iOS application to bypass Apple background restrictions, security researchers at FireEye warn. FireEye notified …
John Leyden, 27 Aug 2015
cherax_snowden_648

'Edward Snowden' discovered hiding in Indonesian river by boffins

‪A German biologist has decided to name a new species of crayfish he helped describe in honour of international whistleblower Edward Snowden.‬ The Cherax snowden hails from the freshwater tributary creeks of West Papua, Indonesia. Parallels between the crustacean and the former NSA contractor are tricky to discern. The only …
John Leyden, 26 Aug 2015
keyhole_peeping_648

Ashley Madison hacked potential competitor, leaked emails suggest

Ashley Madison ran a hack attack against a potential competitor three years ago, according to leaked emails. Hackers from the self-styled Impact Team leaked the email archive of Avid Life Media president and CEO Noel Biderman last week, days after separately releasing user database files and other material from the adultery- …
John Leyden, 26 Aug 2015

Aviva phone hacker jailed for 18 months over revenge attack

A senior techie has been jailed for 18 month after he was convicted of hacking into hundreds of phones at insurance firm Aviva, an act of sabotage designed to extract revenge against a firm that supplied security services to the insurance giant. Richard Neale, 40, pleaded guilty to a hack against Aviva designed to cause …
John Leyden, 26 Aug 2015
shutterstock_mobile_theft_648

Britain’s device-theft capital is now … lovely Leicestershire

Leicestershire – slap-bang in the middle of rural England – has leapfrogged London as the UK’s electronic device-theft capital, according to a comparison of police force stats. A series of FoI (Freedom of Information) requests by ViaSat showed 51 per cent of thefts in Leicestershire were of electronic devices, compared with 27 …
John Leyden, 26 Aug 2015
Facepalming statue

Android in user-chosen lockscreen patterns are grimly predictable SHOCKER

People choose predictable Android lock screen patterns just like they pick predictable passwords. Research by Marte Løge, a recent graduate from the Norwegian University of Science and Technology, confirmed that the problems people have in setting up secure passwords and PINs are replicated in the field of Android lockscreen …
John Leyden, 26 Aug 2015
Smilin' Marv

Mobile device screens recorded using the Certifi-gate vulnerability

Vulnerable plug-ins have been installed on hundreds of thousands of Android devices, allowing screens to be recorded, according to data from the scanning tool which discovered that the so-called Certifi-gate vulnerability is already being exploited in the wild. The Certifi-gate vulnerability was disclosed by security …
John Leyden, 25 Aug 2015

SMEs in the firing line as fake invoice scams skyrocket

UK small businesses need to be on heightened alert for fake invoices, following an alarming increase in this type of scam in the first six months of 2015. Action Fraud has received reports from 749 businesses reporting falling victim to this sort of con between January and June 2015 alone. This compares with 603 victims in the …
John Leyden, 25 Aug 2015

Směrť Špionam! BAN Windows 10, it SPIES too much, exclaim Russians

Russian lawyers have filed a complaint calling for an outright ban – or at least tight restrictions – over the sale of Windows 10 in Russia. The complaint to the Russian Prosecutor General’s Office argues that Windows 10 collects user information in a way that violates Russian laws. Moscow-based Bubnov and Partners contended …
John Leyden, 24 Aug 2015

Samsung smart fridge leaves Gmail logins open to attack

Update Security researchers have discovered a potential way to steal users’ Gmail credentials from a Samsung smart fridge. Pen Test Partners discovered the MiTM (man-in-the-middle) vulnerability that facilitated the exploit during an IoT hacking challenge at the recent DEF CON hacking conference. The hack was pulled off against the …
John Leyden, 24 Aug 2015

Dating gets even more dangerous after PlentyOfFish suffers tainted ads

Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads. Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network (as.360yield.com). This malvertising serves up content from booby-trapped sites. The Nuclear Exploit Kit hosted on …
John Leyden, 21 Aug 2015

Second Ashley Madison dump prompts more inside-job speculation

The second data dump from Ashley Madison has prompted renewed speculation that the whole hack was an inside job. The Impact Team hackers behind the breach of the infidelity website followed up on the release of a user database of Tuesday with the release of a second data dump, supposedly containing the Avid Life Media CEO's …
John Leyden, 21 Aug 2015
china_future_648

China using cyberspies in border disputes with India and neighbours

Cyberspies have been snooping on Bangladesh, India, Nepal and Pakistan, seeking information on border disputes as well as general diplomatic intelligence. The ongoing APT-style cyber-attack against India and neighbouring nations has been going on since 2011 and is likely to be the work of China, according to net security firm …
John Leyden, 21 Aug 2015

Collective noun search for security vulns moves into beta testing

The recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, is required. In its early days the infosec industry borrowed heavily from the lexicon of biology to talk about problems affecting systems: viruses, worms, bugs etc. …
John Leyden, 21 Aug 2015
bond_phone_shock_648

PINs easily pinched with iPhone-attached thermal imaging kit

A device which can be attached to smartphones is capable of stealing customers' PINs using thermal imaging, UK security consultancy Sec-Tec warns. Thermal imaging equipment – once the sole preserve of only the best-equipped attacker – is now available as a readily available iPhone accessory costing less than £200. The kit …
John Leyden, 21 Aug 2015

Ashley Madison wide open to UK privacy lawsuits, claim lawyers

The Ashley Madison hack could cost the company millions and millions of pounds in compensation and settlements in the UK alone, according to lawyers Pinsent Masons. Around 9.7GB of customer data from the website for people who seemingly can't be trusted, and a sister site, were released by hackers on Tuesday night following …
John Leyden, 21 Aug 2015
Small screen multitasking

Yet another Android app security bug: This time 'everything is affected'

Yet another potentially serious security flaw has been revealed in Android. This time the problem involves the mobile operating system's ability to run more than one app at once – as opposed to its handling of multimedia messages, which was the crux of a cyber* of vulnerabilities last month. The latest security blunder opens …
John Leyden, 20 Aug 2015

Ashley Madison keeps calm, carries on after hackers expose lives of millions of its users

Infidelity website Ashley Madison has pledged to continue operations after hackers leaked its customer database online. The Impact Team, which claimed responsibility for the hack on Ashley Madison and sister site Established Men, have made good on their threat to publish compromising information on millions of people. Around …
John Leyden, 19 Aug 2015

Hackers exploiting wide-open Portmap to amp up DDoS attacks

Security watchers have warned about a new class of DDoS amplification attack threat which only exists because too many users are failing to follow basic safeguards. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years, the …
John Leyden, 19 Aug 2015
Bletchley Park

Colossus veteran flies a drone over Bletchley Park

An operator of Colossus, the world’s first electronic computer, returned to her wartime workplace to fly a drone this week. Joanna Chorley, 89, returned to Block H at Bletchley Park to operate the drone quadcopter. The drone’s on-board camera provided an aerial view of the home of Colossus and the rest of Bletchley Park. …
John Leyden, 19 Aug 2015
John Cleese with mother

Mumsnet founder 'swatted by misogynist griefers'

Update Mumsnet founder Justine Roberts and another user were both targeted in swatting attacks at the apex of a series of hack attacks that may have led to the compromise of user logins at the high-profile, UK-based parenting site. Swatting involves making an emergency call to the police claiming that a crime is taking place at the …
John Leyden, 19 Aug 2015
Indian mobile use

Want branchless banking? Live in the developing world? Oops

Branchless banking apps targeted at customers in the developing world are rife with vulnerabilities, according to security researchers. A study by computer scientists from the University of Florida focused on seven of the more high-profile apps, uncovering flaws that created a heightened risk of fraud as well as “unfair” terms …
John Leyden, 19 Aug 2015
Internet email sign. Pic: @mattw1lson, Twitter

NSA-resistant email service Lavaboom goes BOOM! (we think)

Snowden-inspired crypto-email service Lavaboom has apparently gone titsup, according to several net sources. Rumours that the German encrypted mail service was no more surfaced through an ex contractor Piotr on the blog of rival ProtonMail, before getting picked up and discussed on Reddit. Attempts by El Reg to reach the firm …
John Leyden, 18 Aug 2015

Trend publishes analysis of yet another Android media handling bug

More details have emerged about yet another Android vulnerability, that, like other recent flaws, revolves around how the Google-backed mobile operating system handles media files. The Android Mediaserver vulnerability might be exploited to perform attacks involving arbitrary code execution, security researchers at Trend Micro …
John Leyden, 18 Aug 2015

Row rumbles on over figures in Oracle CSO’s anti-security rant

Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there. Davidson's 3,000+ word diatribe against bug bounties, security researchers or customers hunting vulnerabilities in …
John Leyden, 18 Aug 2015
android logo

Botched Google Stagefright fix won't be resolved until September

According to security company Rapid7, Google needs to rethink how it patches Android in the wake of initial botched attempts to resolve the Stagefright vulnerability. The criticism comes as Google itself confirmed users of its Nexus devices – who are the first to get security fixes – won't be fully protected until September. …
John Leyden, 17 Aug 2015
hacker

Hacking Team mulled stopping Ethiopia sales – because of idiot g-men

Hacking Team failed to take effective action to investigate or stop reported abuses of its technology by the Ethiopian government against dissidents, according to Human Rights Watch. A review of internal company emails leaked as part of a highly-publicised breach against the controversial spyware-for-government firm in July …
John Leyden, 17 Aug 2015

Kaspersky Lab denies tricking AV rivals into nuking harmless files

Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …
John Leyden, 14 Aug 2015
Marc Benioff of Salesforce. Pic: Techcrunch

Salesforce plugs silly website XSS hole, hopes nobody spotted it

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm. Cloud app and security firm Elastica said the issue affected a Salesforce sub-domain – admin.salesforce.com …
John Leyden, 14 Aug 2015
John Lewis gifts for teenagers

Skills crisis? Not for long: More and more UK kids gain STEM quals

More youngsters are taking A-Level exams in science and technology subjects this years than their peers five years ago, with an increase in tech subjects seen as an encouraging sign that the so-called skills shortage may become less acute in coming years. A-Level results released on Thursday revealed a 29.1 percentage point …
John Leyden, 14 Aug 2015
iot_internet_of_things

NSA: Here’s $300,000, people. Go build us a safer Internet of Things

The NSA is funding development of an architecture for a "safer" Internet of Things (IoT), in the hope of incorporating better security at a product's design phase. The controversial US intelligence agency is bestowing a $299,000, one-year grant to the University of Alabama in Huntsville (UAH) for a project that aims to build a …
John Leyden, 13 Aug 2015
London Overground and a Southeastern train near Bermondsey. Pic: Matt Buck

Apple's AirDrop abused by 'cyber-flashing' London train perv

Perverts have latched onto Apple's AirDrop as a means of pushing unsavoury content at unsuspecting commuters. Lorraine Crighton-Smith, 34, received two unsolicited pictures of a unknown man's penis on her iPhone via AirDrop as she was travelling to work on a train in south London. Crighton-Smith, who told the BBC she felt " …
John Leyden, 13 Aug 2015

Misconfigured Big Data apps are leaking data like sieves

More than a petabyte of data lies exposed online because of weak default settings and other configuration problems involving enterprise technologies. Swiss security firm BinaryEdge found that numerous instances of Redis cache and store archives can be accessed without authentication. Data on more than 39,000 MongoDB NoSQL …
John Leyden, 13 Aug 2015
virus_1_648

It's not just antivirus downloads that have export control screening

Export control screening for individuals hoping to purchase everyday consumer technologies extends beyond just antivirus software downloads, according to several sources contacted by The Register. Those who share the name of someone on a blacklist have to go through secondary screening (a bureaucratic process generally …
John Leyden, 13 Aug 2015
facebook_shock_648

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go

Hackers and other miscreants are able to access names, telephone numbers, images and location data in bulk from Facebook, using only a cellphone number. The loophole was revealed by software engineer Reza Moaiandin. Moaiandin, technical director at UK-based tech firm Salt.agency, exploited a little-known privacy setting in a …
John Leyden, 12 Aug 2015