John Leyden

Contact Mail Follow Twitter RSS feed

How a hack on Prince Philip's Prestel account led to UK computer law

This week marks the 30th anniversary of arrests in the infamous Prestel hack case. It led to arrests, breached the Royal Family's security and helped give birth to the UK's first computer crime law. What began as a hack against the Prestel Viewdata system – which opened up access to Prince Philip's mailbox – later led to the …
John Leyden, 26 Mar 2015
Iranian President Mahmoud Ahmadinejad receives news of the successful 'Omid' launch

Spookception: US spied on Israel spying on US-Iran nuke talks

Israel spied on the recent US-Iran nuclear talks, alleges America. And the US knows enough about it to say it publicly because the NSA is spying on Israel, along with everyone else. The Wall Street Journal reports that Israel handed over confidential information from the negotiations to friendly members of the US Congress in a …
John Leyden, 25 Mar 2015

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Flaws in a BT Home Hub set-up are being blamed for helping facilitate a VoIP scam. El Reg reader Keith Harbridge, an independent IT consultant, said his client, a firm of solicitors, is just one of number of companies stung by the scam, which occurred in early March. Independent security consultants at Pen Test Partners …
John Leyden, 25 Mar 2015
firing range - target in cross hairs

Apple is picking off iOS antivirus apps one by one: Who'll be spared?

Confusion reigns over whether or not Apple is really pulling all iOS antivirus apps from its online software store. One leading developer says yes, another says no, and Apple is keeping schtum. Security specialist Intego claims the Cupertino idiot-tax operation has yanked anti-malware tools from the iOS App Store, leaving just …
John Leyden, 24 Mar 2015

Dell denies 'insecure autoupdate app' flings open PC backdoor

Dell has denied building backdoors into its kit following a security researcher's discovery of an insecure update assistant app. Tom Forbes alleges that the Dell Service Tag Detector app* is so insecure that it creates a backdoor on machines it is installed upon. More specifically, Forbes alleges that the app caries a Remote …
John Leyden, 24 Mar 2015
All UK police forces use Tetra

More than 260 suspects charged in UK child abuse crackdown

Teachers, a retired magistrate, a doctor, and civil servants are among 264 suspected paedophiles charged as part of a major UK police operation targeting those accessing child abuse images online. Operation Notarise, which launched around a year ago, is the biggest UK inquiry into people allegedly sharing child abuse images …
John Leyden, 20 Mar 2015
Abbott and Costello dressed as policemen

NYPD cop in court for allegedly hacking into the FBI

A New York City Police Department auxiliary deputy inspector faces charges of hacking into a restricted NYPD computer and other law enforcement databases, including a system maintained by the FBI. Yehuda Katz, 45, of Brooklyn, New York, allegedly used the databases to obtain information about local traffic accident victims …
John Leyden, 20 Mar 2015

Rocket Kittens target defence and IT bods from Europe & Israel

A seemingly state-sponsored hacking crew has compromised systems in several organisations in Israel and Europe, according to new research by Trend Micro. The so-called Rocket Kitten group has targeted defence and IT industries, government entities and academic institutions. Victims include civilian and academic organisations in …
John Leyden, 20 Mar 2015

OpenSSL 'high' severity flaw just a puny DoS risk

OpenSSL patched a “high” severity flaw as part of a patch batch on Thursday that turned out to be nowhere near as scary as widely feared. Fortunately, fears the software update might address another Heartbleed have been confounded. The worst of the flaws – dubbed ClientHello (CVE-2015-0291) – is simply a DoS risk, as an advisory …
John Leyden, 19 Mar 2015
Bank vault

Banks defend integrity of passcode-less TouchID login

Royal Bank of Scotland and NatWest have played down claims by a security researcher that their new Touch ID banking login feature might be circumvented, arguing the hack would only be possible with jail-broken iPhones — the use of which is not recommended. Last month, RBS and NatWest became the first UK-based banks to offer …
John Leyden, 19 Mar 2015
2001: A Space Odyssey

GCHQ: Ensure biz security by STOPPING everyone from TALKING

GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft …
John Leyden, 19 Mar 2015
James Franco clutches puppy alongside Seth Rogen in a still from The Interview

NORK internet outage was payback for Sony hack – US politician

A North Korea network outage last December came in retaliation for the Sony hack, a US lawmaker claims. Michael McCaul of Texas – Republican chairman of the House Homeland Security Committee – linked disruption of North Korea's thin internet pipe to the earlier devastating attack against Sony Pictures Entertainment. “There were …
John Leyden, 18 Mar 2015

Fatally flawed RC4 should just die, shout angry securobods

Security researchers have banged another nail into the coffin of the ageing RC4 encryption algorithm. The latest password recovery attacks against RC4 in TLS by Christina Garman of Johns Hopkins University, Prof. Kenny Paterson and research student Thyla van der Merwe (both of Royal Holloway, University of London) show that …
John Leyden, 18 Mar 2015
jack russells racing with knitted 'jockeys' on their backs

Betting exchange WBX closes, Betfair romps on

Betting exchange WBX is pulling down the shutters on its operation, citing increased regulatory compliance costs and competition from market leader Betfair in its decision to close. WBX suspended betting and closed its exchange on Monday. No further bets can be staked, but unsettled bets on longer-term markets will be honoured …
John Leyden, 17 Mar 2015

One BEEEEEELLION sensitive records went AWOL in 2014

At least one billion records of personally identifiable information (PII) were leaked in 2014, according to IBM X-Force. The total number of records compromised in 2014 was more than 25 per cent higher than in 2013, when 800 million records were leaked. Three in four (74.5 per cent) of these incidents took place in the United …
John Leyden, 16 Mar 2015
Bounty hunters

Bounty! hunter! discovers! holes! in! Yahoo! Stores! security!

Security researcher Mark Litchfield is $24,000 the richer after discovering three vulnerabilities involving Yahoo! Stores and hosted websites. The three vulnerabilities were fixed by Yahoo! after Litchfield alerted the internet giant through its bug bounty programme. The first and most serious of the vulnerabilities opened up …
John Leyden, 16 Mar 2015
Logging onto Windows 10 with a mobile for 2-factor authentication

Yahoo! wheels! out! password! on-demand! service! for! simpletons!

Yahoo! is trialling a service that removes the need to remember your passwords, providing users aren't so absent-minded they don't also lose or mislay their mobile phones. The on-demand password service allows registered users to get a short password sent to their phone. On-demand passwords is an opt-in service, initially only …
John Leyden, 16 Mar 2015

OpenDNS snags network monitoring service BGPmon

Cloud security firm OpenDNS is buying network and routing monitoring services outfit BGPmon. Financial terms of the deal, announced on Thursday, were not disclosed. BGPmon offers services based on the Border Gateway Protocol (BGP), a core network protocol used by every major network and ISP, which maps preferred paths for …
John Leyden, 13 Mar 2015

UK call centre linked to ‘millions’ of nuisance robo-calls raided by ICO

UK data privacy watchdogs raided Thursday a call centre allegedly linked to millions of nuisance calls. Officers from the ICO (Information Commissioner's Office) and Trading Standards conducted the operation against a business in the Brighton area suspected of using automatic dialling technology to make four to six million …
John Leyden, 12 Mar 2015
GCHQ is following you on Twitter, Faceboo, email...

Bulk interception is NOT mass surveillance, says parliamentary committee

Parliament's intelligence committee report into security and privacy has concluded GCHQ's bulk interception of net traffic is not mass surveillance, and so permissible. However, it also called for new umbrella laws to regulate the actives of spy agencies and provide greater transparency. The Intelligence and Security Committee …
John Leyden, 12 Mar 2015
Hillary Clinton

Clinton defence of personal email server fails to placate critics

Analysis Hillary Clinton's admission that she was perhaps unwise to make exclusive use of a personal email account while serving as US Secretary of State has failed to placate critics, some of whom are trying to use the affair to derail her expected challenge for the White House next year. Clinton has issued a minimal mea-culpa stating …
John Leyden, 12 Mar 2015
bug on keyboard

Panda antivirus labels itself as malware, then borks EVERYTHING

Panda users had a bad hair day on Wednesday, after the Spanish security software firm released an update that classified components of its own technology as malign. As a result, enterprise PCs running the antivirus software tied themselves in something of a knot, leaving some systems either unstable or unable to access the …
John Leyden, 11 Mar 2015
Cartoon of fist clutching dollars smashing out of smartphone

PayPal pays $60m for Israeli predictive security start-up

PayPal has confirmed a $60m acquisition of security intelligence firm CyActive. The online payments firm, soon to be spun off from eBay, accompanied the announcement of the deal with plans to open a research hub in Israel. CyActive, founded by ex IDF intelligence unit cyberspies in 2013, specialises in trying to predict the …
John Leyden, 11 Mar 2015
ISIS leader Shakir Wahiyib with Facebook thumbs-up

Faux ‪pro-IS Facebook‬ shot down within hours of launch

A pro-Islamic State social network was pulled offline hours after its launch. The network, 5elafabook, was supposedly set up in the wake of a ramp-up in efforts by Twitter to quickly shut down accounts promoting violent jihad. Facebook has likewise applied the ban-hammer on accounts spouting pro-Caliphate propaganda. 5elafabook …
John Leyden, 11 Mar 2015
US Military hacking team

Cyber-whizs partake in mass eye-roll event over latest leaks: CIA spies 'spying on iPhones'

CIA brainiacs at least thought about, or experimented with, breaking the security of Apple's iPhones, iPads and OS X computers, it appears from leaked intelligence documents. The intel agency wanted to crack the encrypted firmware stored on targeted iThings, and spy on selected users via poisoned apps, Snowden newsletter The …
John Leyden, 11 Mar 2015
Apple Watch lineup

Hackers' delight? New Apple wrist-puter gives securobods the FEAR

Security pundits are already fretting over the security of the Apple Watch, just hours after the expensive gizmo was launched at a high profile US event. Ken Westin, security researcher at Tripwire, said that the security implications of the wearable device's Wi-Fi connection capabilities create a potential opportunity for …
John Leyden, 10 Mar 2015
WordPress

Pro-ISIS script kiddies deface Dublin Rape Crisis Centre site

The FBI has begun investigating the hack of a number of websites – including the site of Dublin Rape Crisis Centre – by pro-ISIS script kiddies. The Dublin Rape Crisis Centre in Ireland was defaced so that its home page featured the black ISIS flag and the message "Hacked by ISIS, we are everywhere." A Flash audio plug-in …
John Leyden, 10 Mar 2015
Files

Crap employers banned from enforcing backdoor crim records checks

Employers who force potential workers to request a criminal record check on themselves face prosecution after a change in UK law that comes into effect on Tuesday, 10 March. New regulations – to be enforced by data privacy watchdogs at the Information Commissioner's Office (ICO) – will outlaw so-called "back door" criminal …
John Leyden, 10 Mar 2015
Air traffic control at NATS

US air traffic control 'vulnerable to hackers' says watchdog

US air traffic control systems are potentially vulnerable to hackers, according to an audit by the American government. A report [46 pages, PDF] by the Government Accounting Office (GAO) faults the Federal Aviation Administration (FAA) for failing to meet compliance with the relevant government standards, specifically the …
John Leyden, 09 Mar 2015
DDoS image

Obsolete – and IP-baring – Anon tool linked to feminist blog DDoS

A feminist blog hit by a DDoS attack on International Women’s Day has used the attack to its advantage. Amber Gordon, founder of femsplain.com, said although the site is no stranger to Distributed Denial of Service assaults, Sunday's attack differed in being unusually intense. “I think it’s because it’s International Women’s …
John Leyden, 09 Mar 2015
Minority report precogs

Mind-reading DNS security analysis offers early warning for APT attacks

The application of predictive algorithms to DNS data may be able to spot malware sites before they serve up nasties. Security firm OpenDNS is applying ideas from natural language processing to automatically identify malicious domains using a prototype tool called NLPRank, as a blog post by the firm explains. Utilising natural …
John Leyden, 06 Mar 2015

Pentagon 'network intruder', dozens more cuffed in British cops' cyber 'strike week'

A "strike week" against suspected hackers by the UK's National Crime Agency has resulted in 57 arrests. Those arrested are suspected of being involved in a wide variety of cybercrimes such as fraud and virus writing. The suspects – arrested in 25 operations across the UK – face charges including network intrusion and data theft …
John Leyden, 06 Mar 2015
Headshot of Trojan horse

Fareit trojan pwns punters with devious DNS devilry

DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook The latest variants of Fareit are infecting systems via malicious DNS servers, Finnish security firm F-Secure warns. These servers push bogus Flash updates that actually come packed with malicious code, as a …
John Leyden, 06 Mar 2015
The fashion world’s most privileged urchin lounges in a luxury hotel in Paris, 1993. © Geoff Wilkinson/RexUSA

Mandarin Oriental coughs to credit card breach

Upmarket hotel chain Mandarin Oriental has admitted to a credit card breach. Investigative journalist Brian Krebs uncovered evidence of a breach before extracting an admission of the problem from the hotel group. The root cause of the security spill – as well as the number of credit cards exposed – remains unclear, pending the …
John Leyden, 06 Mar 2015

PATCH FREAK NOW: Cloud providers faulted for slow response

Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability. Skyhigh Networks found that 766 cloud services are still at risk 24 hours after FREAK was made public, based on an analysis of more than 10,000 different services. The average company is using 122 potentially vulnerable services. …
John Leyden, 05 Mar 2015

‪Obama criticises China's mandatory backdoor tech import rules

US prez Barack ‪Obama has criticised China's new tech rules‬, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue. As previously reported, proposed new regulations from the Chinese government would require technology firms to create backdoors and provide source code to the …
John Leyden, 05 Mar 2015
Flytrap

Outbreak! Fake Amazon voucher offer seeds mobile malware attack

Spoofed Amazon vouchers are being used to spearhead a campaign to contaminate Android mobiles with malware, messaging security firm AdaptiveMobile warns. The attack, dubbed "Gazon", sends messages to victims’ mobile phone contacts linking to supposed offers for (non-existent) Amazon vouchers fictitiously promising a gift of $200 …
John Leyden, 04 Mar 2015
Apple phone payement.

Apple Pay a haven for 'rampant' credit card fraud, say experts

Apple and its banker pals may have inadvertently lowered the barrier to credit card fraud by adding pay-by-wave technology to iPhones, security experts fear. Payment cards can be added to Apple Pay by taking a photo of the card, and allowing a device to run optical character recognition over the image to fill out the long card …
John Leyden, 03 Mar 2015
Edward Snowden's asylum documents. Source: RT

Snowden 'ready to return to US', claims lawyer

NSA whistleblower Edward Snowden is ready to return home to the US, according to his Russian lawyer. However, the former sysadmin – who is central in the biggest single leak of classified intelligence – would only return on condition that he was promised a fair trial. “Snowden is ready to return to the States, but on the …
John Leyden, 03 Mar 2015
Photo of the White House at dusk

Hillary Clinton draws flak for using personal email at State Dept

Hillary Clinton allegedly used a private email account while presiding over the State Department, potentially violating US federal record-keeping laws in the process. The former US Secretary of State exclusively used a private email account instead of an official State Department facility, the New York Times reports. Staffers …
John Leyden, 03 Mar 2015

US court rubber-stamps dragnet metadata surveillance (again)

A US federal court has rubber stamped approval for the NSA to carry on with its controversial dragnet collection of Americans' phone records. The decision by the Foreign Intelligence Surveillance Court to green-light the NSA's mass surveillance of US phone call metadata until 1 June comes a year after President Barack Obama …
John Leyden, 02 Mar 2015
silent circle

Silent Circle revamps secure smartphone

MWC 2015 Silent Circle ‪has lifted the lid of the Blackphone‬ 2 smartphone and ‪Blackphone‬+ tablet. Blackphone 2 – due in the in the second half of 2015 – will add a faster 8-core processor, three times more RAM, a longer-lasting battery, and a larger Full HD display. Blackphone+ will also debut in the second half of this year, …
John Leyden, 02 Mar 2015
Pwned

ASML‬ plays down mystery hack attack

‪Semiconductor supplier ASML‬ has admitted that unnamed hackers broke into its systems. In a statement issued on Sunday, the Dutch firm played down the scope of the breach, stating that the compromise was brief and it hadn't found evidence that anything was taken. ASML Holding recently discovered unauthorised access to a …
John Leyden, 02 Mar 2015

Would you trust 'spyproof' mobes made in Putin's Russia?

A Russian firm is developing its own anti-surveillance enterprise smartphone prototype - the TaigaPhone. The secure handset from Taiga Systems will bundle security software from sister security firm InfoWatch Group onto a hardened version of Android. The smartphone is likely to be positioned against the Blackphone, which has …
John Leyden, 02 Mar 2015
Car-2-Car

The car in front has Kaspersky deep inside

Kaspersky Lab is taking anti-virus in a different direction by embedding it in SCADA-based industrial control systems, components of the Internet of Things, and yep, even cars. The Russian security software firm and SYSGO has teamed up to embed the new Kaspersky Security System platform within SYSGO's real-time operating system …
John Leyden, 02 Mar 2015
Roller shutter

Thousands of UK drivers' details leaked through hole in parking ticket website

Thousands of UK drivers have been caught up in a data breach at a UK parking firm. A database of parking ticket details held by PaymyPCN.net covering almost 10,000 motorists was mistakenly published online. A security flaw on the private parking firm's website allowed public access to names, addresses, photographs and emails. …
John Leyden, 27 Feb 2015

C’mon Lenovo. Superfish hooked, but Pokki Start Menu still roaming free

As Lenovo struggles to extricate itself from the controversy surrounding pre-installed Superfish scumware on its machines, a blast of cruft from the past may give the PC slinger's critics extra ammo this week. A Reg reader, who wishes to remain anonymous, reminds us that Lenovo is still shipping laptops with a potentially …
John Leyden, 25 Feb 2015

Don't be fooled! He's not from the IT crowd... he's a CYBERSPY – FireEye

Impersonating IT departments in spear-phishing attacks is becoming an increasingly popular tactic among hackers, particularly in cyber-espionage attacks. IT staff themed phishing emails comprised 78 per cent of observed phishing schemes picked up by FireEye in 2014, compared to just 44 per cent in 2013. The sixth annual FireEye …
John Leyden, 24 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Updated The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo. Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog. What is PrivDog? Let's allow the US Computer Emergency …
John Leyden, 24 Feb 2015