The Register® — Biting the hand that feeds IT

Feeds
The Register Columnists

John Leyden

Contact Mail Follow Twitter RSS feed
The Register breaking news

Boffins use HOT maths MODELS to predict spam of the future

Australian computer boffins reckon game theory can be applied to build better spam filters. The new spam classifier, developed by Professor Sanjay Chawla, Fei Wang and Wei Liu of the University of Sydney, outsmarts would-be spammers by predicting the likely pattern of future spam runs by learning from past attacks. The two …
John Leyden, 23 Aug 2013
The Register breaking news

Hacktivists boast of English Defence League KO after website downed

Hacktivists linked to Anonymous have claimed responsibility for knocking shouty anti-Islam group the English Defence League's website offline. The EDL is a far-right street protest movement whose official stance is an objection to the "spread of Sharia law and Islamic extremism in the UK". Its numerous critics argue the league …
John Leyden, 22 Aug 2013
The Register breaking news

Bank man: System's down, let's have coffee. Oh SNAP, where's all the CASH?

Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems, according to a researcher. Avivah Litan, vice president at Gartner Research, reports that cyber criminals looking to attack financial institutions are getting more ambitious by …
John Leyden, 21 Aug 2013
The Register breaking news

'Hacked' estate agency Foxtons breaks glass, pulls password reset cord

Trendy UK estate agency Foxtons pushed the big red password reset button, as a precaution, after it appeared hackers lifted thousands of clients' usernames and passwords from its systems. Miscreants claimed to have leaked online user names, email addresses and passwords of nearly 10,000 Foxtons’ customers, Estate Agent Today …
John Leyden, 21 Aug 2013

Forget hackers - storms and snafus are bigger threat, say infosec bods

Cyber attacks caused fewer problems to communications networks than unrelated system failures and natural disasters, a study by an EU security agency has found. The European Union Agency for Network and Information Security (‪ENISA‬) reports that the average duration of cyber attacks was four hours ‪whilst o‬utages due to nature …
John Leyden, 21 Aug 2013
The Register breaking news

Second time's a charm! Microsoft tries again with Active Directory patch

Microsoft made a second attempt to cleanly patch an "important" security flaw in its Active Directory Federation Services technology on Monday - days after yanking the original update for causing stability problems. The original MS13-066 upgrade caused the active directory service to stop working entirely in some cases. The …
John Leyden, 20 Aug 2013
Fail whale

Bloke leaks '1000s' of Twitter login tokens, says he can hack ANY twit

A hacker calling himself the "Mauritania Attacker" claims he has compromised every Twitter user account on the planet - and leaked the OAuth tokens for thousands of Turkish tweeters. Meanwhile, a security researcher claims to have obtained similar details by creating a fake app that masqueraded as Twitter's own third-party …
John Leyden, 20 Aug 2013

Guardian lets UK spooks trash 'Snowden files' PCs to make them feel better

GCHQ spooks reportedly rocked up at The Guardian's London headquarters and oversaw the destruction of some computer hardware - because the machines may have stored copies of documents leaked by whistleblower Edward Snowden. The move came after the newspaper's editor-in-chief Alan Rusbridger refused to comply with demands to …
John Leyden, 20 Aug 2013
The Register breaking news

Password-keeper LastPass plugs up IE cache leak vuln

LastPass has patched a flaw that meant Windows versions of its password-management software were capable of leaking login credentials that had been auto-filled into fields by its password manager. The bug – which affected Internet Explorer users on Windows only – meant that an attacker who managed to obtain a memory dump of …
John Leyden, 20 Aug 2013
The Register breaking news

Probation officer gets TINY fine for spilling domestic violence victim's ADDRESS

A probation officer who disclosed a domestic abuse victim’s new address to her alleged abuser has been fined £150 and order to pay court costs after being prosecuted and given what has been described by Information Commissioner Christopher Graham as "a relatively minor penalty". Data privacy watchdogs at the Information …
John Leyden, 19 Aug 2013
The Register breaking news

British spooks seize tech from Snowden journo's boyfriend at airport

The Brazilian partner of Guardian journalist Glenn Greenwald – Edward Snowden's go-to reporter for the dissemination of sensitive papers about the NSA's dragnet surveillance programmes – has been released from custody. The 28-year-old was held for almost nine hours for questioning by Metropolitan Police officers when he passed …
John Leyden, 19 Aug 2013
The Register breaking news

Card-cloning crooks use 3D printers to make ever-better skimmers

Cybercrooks in Australia are using 3D printers and computer-aided design software to manufacture ATM skimming devices. New South Wales Police recently arrested and charged a Romanian national with fraud involving the use of an ATM skimmer made on a 3D printer to fleece Sydney residents, Australia-based iTnews reports. Police in …
John Leyden, 16 Aug 2013

NSA coughs to 1000s of unlawful acts of snooping on US soil since 2008

The NSA violated privacy laws thousands of times in the last five years by spying on US citizens, an internal audit by the super-snoopers has disclosed. The Washington Post reports that the intelligence agency also overstepped its legal remit since Congress gave it broad powers in 2008. Most of the violations involved …
John Leyden, 16 Aug 2013
The Register breaking news

Fiendish fake Flash plugin squirts grumble-flick ads into kiddies' websites

A fake Adobe Flash browser plugin that hijacks on-screen web adverts to tout hardcore smut is doing the rounds, we're told. The rogue add-on even slaps racy adults-only teasers on websites aimed at children, according to Jérôme Segura, a security researcher at antivirus firm Malwarebytes. The software nasty, named FlashPlayer11. …
John Leyden, 16 Aug 2013

Oh, those crazy Syrian hackers: Now Wash Post, CNN, Time vandalised

Syrian hacktivists claim they are the vandals responsible for scribbling over the websites of CNN, Time mag and The Washington Post yesterday. But these latest boasts by the Syrian Electronic Army (SEA) are somewhat misleading, according to computer security experts who say that the hacking crew actually ransacked Outbrain - a …
John Leyden, 16 Aug 2013
The Register breaking news

NORKS build TROLL ARMY to tear down S Korean surfers

North Korea has tasked 200 agents with the job of posting negative comments online, often using stolen online identities, in a bid to undermine the morale of their neighbours in the South. The brigade of NORK trolls is part of a brigade of 3,000 cyber warriors and hackers that make up the Reconnaissance General Bureau …
John Leyden, 16 Aug 2013

IBM snaps up banking security biz Trusteer, won't say what it paid

IBM has announced a deal to acquire transaction security firm Trusteer and open a new cybersecurity lab in Israel. Financial terms of the buyout, announced Thursday, were not disclosed. Big Blue said the deal would allow it to offer improved cloud-delivered software and services to defend against advanced security threats to its …
John Leyden, 15 Aug 2013
exchange_coffee

Microsoft pulls faulty Exchange 2013 patch HOURS after release

Microsoft has pulled a security update for Exchange 2013 after problems emerged with the latest patch to the email server software just hours after its release. The critical MS13-061 security update for Exchange Server 2013 broke the message index service, preventing Exchange 2013 email users from searching their mailboxes. …
John Leyden, 15 Aug 2013

Your encrypted files are 'exponentially easier' to crack, warn MIT boffins

Encryption systems may be a lot less secure than we thought, according to new research into the maths underpinning today's cryptography. Boffins in the US and Ireland have managed to poke holes in modern information theory, an area of mathematics used to prove the strength of cryptographic systems before they are trusted and …
John Leyden, 14 Aug 2013
Bond tries to decipher is tailor

UK.gov intros shiny CREST badge for cyber crime-scene cleanup squad

The UK has launched two cyber incident response schemes geared towards helping businesses cope better with the aftermath of malware outbreaks and other hacking attacks. The schemes were launched on Tuesday by the Communications Electronics Security Group (known as CESG), the information security arm of GCHQ, and the Centre for …
John Leyden, 14 Aug 2013

Microsoft Patch Tuesday: The '90s called. It wants its 'Ping of Death' back

Microsoft has pushed out eight advisories as part of the August edition of its regular Patch Tuesday update cycle. With just three critical patches, the most interesting thing about this week's batch is the return of the "Ping of Death" in the form of a stability bug in the Windows IPv6 stack. The critical updates offer new …
John Leyden, 14 Aug 2013
Zombies, credit: Wikimedia from Night of The Living Dead

Zombie PCs are for crimelord chumps: Fear clusters, says infosec ace

It may be possible for a "single dedicated attacker" to run an internet "carpet-bombing" attack by applying Big Data and distributed computing technologies, security researcher Alejandro Caceres warns. The traditional botnet, or network of hijacked computers, has been used for distributed computing problems, such as Bitcoin …
John Leyden, 14 Aug 2013
The Register breaking news

Does Gmail's tarted-up tab makeover bust anti-spam laws?

Anti-spam experts are openly wondering whether Google's redesigned web mail service Gmail violates US laws against bulk unsolicited messages. The CAN-SPAM Act (passed in 2003) makes the mass distribution of commercial electronic mail legal as long as the messages are properly formatted, include correct contact information and …
John Leyden, 14 Aug 2013
The Bacon Kevin Bacon

Bacon 'n' egg on his face: Hollywood heartthrob pwned by Twitter phishers

Miscreants broke into the Twitter profile of prominent advertising bloke Footloose star Kevin Bacon to scam his fans. The 300,000-plus followers of the actor - who these days is just as well known for the “six degrees of Kevin Bacon” trivia game as his starring roles in films such as Apollo 13 - were spammed with web links …
John Leyden, 13 Aug 2013

Beware the ad-punting crapware-laden Firefox, warn infosec bods

Internet users looking for a US Green Card are at risk of being conned by a fake advert into installing an adware-laden version of Firefox, security researchers have warned. The ruse was spotted over the weekend after it began appearing in online ads peddling supposed US Green Card lotteries. Regardless of what make or version …
John Leyden, 13 Aug 2013
heart.germany

NSA-proof email encryption? Cobblers, sniff German hackers

German hackers have poured scorn on Deutsche Telekom's plan to offer "secure email", describing it as little more than a marketing gimmick. Deutsche Telekom and partner United Internet are rolling out SSL-encrypted connections between users’ computers and the companies' mail servers as part of the “Email made in Germany” offer …
John Leyden, 13 Aug 2013
The NSA Unchained

The secure mail dilemma: If it's useable, it's probably insecure

The sudden closure of two secure email services may cause many privacy-conscious people to begin looking for alternatives. However, security experts warn that any service provider may be put under pressure to comply with authorities, and this might kill off secure mail as we know it. Lavabit's Levison: No more palaver, I'm …
John Leyden, 12 Aug 2013
GTA IV

Notorious Mexican drug kingpin nabbed thanks to drones and spyware

An alleged leader of Mexico's infamous Los Zetas gang was captured last month using a combination of commercial computer spyware, GPS mobile tracking and aerial drones, according to Mexican reports. Miguel Treviño Morales – also known as “Z-40” – was captured by the North American country's marines on 15 July. The US Drug …
John Leyden, 12 Aug 2013
anonymousCARTOON

Second LulzSec Sony website hacker starts a year in the cooler

A LulzSec hacker has been sentenced to a year in a US jail for hacking Sony Pictures and dumping personal information of 138,000 movie fans online. Raynaldo Rivera, 21, of Tempe, Arizona, will spend 366 days behind bars, followed by 13 months of house arrest and 1,000 hours of community service for his involvement in the …
John Leyden, 09 Aug 2013
The Register breaking news

US taxmen told to hush up shadowy drug squad unit laundering NSA intel

A manual for America's taxmen detailing US drug squads' access to NSA intelligence has emerged - and revealed that the controversial supply of information has been an open secret in government for years. Reuters reports that the handbook, which was issued to IRS tax collectors between 2005 and 2006, instructs officials to omit …
John Leyden, 08 Aug 2013
Licensed under creative commons (Kafa4Prez) http://creativecommons.org/licenses/by-sa/2.0/deed.en

'Hand of Thief' banking Trojan reaches for Linux – for only $2K

Cybercrooks have created a banking Trojan that targets Linux users, which is been touted for sale on underground cybercrime forums for just $2,000 a pop. The "Hand of Thief" malware is a rare example of malicious code written especially to target the open-source operating system. The digital nasty includes form-grabbers for HTTP …
John Leyden, 08 Aug 2013
The Register breaking news

Child abuse ransomware tweaked to tout bogus antivirus saviours

Cybercrooks have found another application for ransomware, the horrible software that locks up a PC until money is handed over: it's now being used to push fake antivirus onto victims. Reveton - a widespread piece of ransomware that infects machines, falsely accuses marks of downloading images of child abuse and demands a fine …
John Leyden, 08 Aug 2013
The Register breaking news

HP plugs password-leaking printer flaw

Security flaws in a range of HP printers create a way for hackers to lift administrator's passwords and other potentially sensitive information from vulnerable devices, infosec experts have warned. HP has released patches for the affected LaserJet Pro printers to defend against the vulnerability (CVE-2013-4807), which was …
John Leyden, 08 Aug 2013
The Register breaking news

Blogs with 'weakest of the weak' passwords hijacked for bot army

Cybercrooks are running a wide-ranging password-guessing attack against some of the most widely used blogging and content management systems on the net. The so-called Fort Disco cracking campaign began in late May this year and is still ongoing, DDoS mitigation firm Arbor Networks warns. Arbor has identified six command-and- …
John Leyden, 08 Aug 2013
The Register breaking news

Malicious snoopware targeting India found at tiny Midwest ISP

Security researchers have uncovered what appears to be a malware-based attack targeting Indian military or government entities and designed to steal information. The malware linked to the attack "contains specific artifacts that [link it] to a commercial Pakistani entity," according to security intelligence firm ThreatConnect. …
John Leyden, 07 Aug 2013
The Register breaking news

Suspected brains behind bank-account-draining Gozi extradited to US

Latvia will extradite an alleged pusher of the online bank account raiding Trojan Gozi to the US - despite opposition from the Baltic republic's foreign minister. Deniss Calovskis, 27, and two other alleged co-conspirators (Russian national Nikita Kuzmin and Mihai Ionut Paunescu, a 28-year-old Romanian) were accused of …
John Leyden, 07 Aug 2013
The Register breaking news

Hacktivists torch C4's Jon Snow's web diary, reveal 'nuke strike' on Syria

Syrian hacktivists have chalked up more media-luvvie victims after hacking into and defacing blogs run by British broadcaster Channel 4. The Syrian Electronic Army, which backs the regime of President Bashar al-Assad, took over an online diary maintained on behalf of veteran newscaster Jon Snow before posting a fictitious story …
John Leyden, 07 Aug 2013

Stop! Yammer time: Microsoft blats biz babble account hijacking bug

Microsoft has fixed a potentially nasty set of authentication vulnerabilities involving Yammer, the "Facebook for business" enterprise collaboration and social networking platform. The flaws - discovered by Ateeq Khan, a security researcher in the Vulnerability Laboratory Research Team - would have allowed hackers to bypass the …
John Leyden, 06 Aug 2013
The Register breaking news

Did a bunch of bankers fax a stranger's sensitive privates to YOU?

The Bank of Scotland has been hit by a £75,000 fine over a snafu that led to it repeatedly faxing customers’ account details to the wrong people. Sensitive information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details. The information was …
John Leyden, 06 Aug 2013
The Register breaking news

REVEALED: Cyberthug tool that BREAKS HSBC's anti-Trojan tech

Cybercrooks on an underground forum have developed a technique to bypass anti-Trojan technology from Trusteer used by financial institutions worldwide – including HSBC and Paypal – to protect depositors from cybersnoopers. Trusteer has downplayed the vulnerability and said it's in the process of rolling out beefed-up protection …
John Leyden, 06 Aug 2013
The Register breaking news

Bad timing: New HTML5 trickery lets hackers silently spy on browsers

New time-measuring features in HTML5 can be exploited by malicious websites to illicitly peek at pages open on a victim's browser, it is claimed. Security researchers at Context Information Security have figured out how to precisely observe the speed at which CSS and SVG graphics are drawn on screen to extract sensitive data …
John Leyden, 05 Aug 2013
The Register breaking news

Earn £8,000 a MONTH with bogus apps from Russian malware factories

Just 10 professionally run malware-making workshops in Russia are responsible for 30 per cent of the Trojans, spyware and other nasties infecting smartphones globally. That's according to a study by mobile security outfit Lookout. These underground crime labs churn out DIY kits ideal for scriptkiddies looking to make a fast buck …
John Leyden, 05 Aug 2013
The Register breaking news

Step into the BREACH: HTTPS encrypted web cracked in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic, say researchers. Secret data crucial to securing online banking and shopping can be lifted from an HTTPS channel in as little as 30 seconds, we're told. BREACH (short for Browser …
John Leyden, 02 Aug 2013

Snowden picks up 'Epic 0wnage' gong in Vegas... well, not literally

Security researcher Barnaby Jack, famous for his "jackpot" hack on ATMs, which forced them to spit out cash, has won a lifetime achievement award less than a week after his death. The honour was announced yesterday at the Pwnie awards, Infosec's equivalent to the Oscars. Jack, 35, died last Thursday just days before he was due …
John Leyden, 02 Aug 2013
The Register breaking news

Ubuntu puts forums back online, reveals autopsy of a brag hacker

Ubuntu Forums are back to normal following a serious hack attack that exposed the usernames, email addresses and hashed passwords of 1.8 million open source users. Parent firm Canonical restored the forums on Tuesday as well as publishing a detailed summary of what went wrong and the broad steps it has taken to beef up security …
John Leyden, 02 Aug 2013
The Register breaking news

MPs get secret squirrel dossier of 'lawyers, megabiz hiring hackers'

Blue-chip firms who allegedly hired private investigators to unlawfully hack systems for personal and sensitive information have been named in a secret list submitted to Parliament. That's the same sort of alleged skullduggery that ended up bringing down Rupert Murdoch’s best-selling Sunday tabloid News of the World. Law firms …
John Leyden, 01 Aug 2013

Edward Snowden skips into Russia as Putin grants him asylum

NSA whistleblower Edward Snowden has been granted temporary asylum in Russia. Russia's decision to grant the former CIA technician temporary political asylum has allowed the 30-year-old to leave the transit area of Moscow's Sheremetyevo airport - where he has been stuck in limbo for weeks following his flight from Hong Kong on …
John Leyden, 01 Aug 2013
The Register breaking news

Gmail, Outlook.com and e-voting 'pwned' on stage in crypto-dodge hack

Security researchers say they have developed an interesting trick to take over Gmail and Outlook.com email accounts - by shooting down victims' logout requests even over a supposedly encrypted connection. And their classic man-in-the-middle attack could be used to compromise electronic ballot boxes to rig elections, we're told …
John Leyden, 01 Aug 2013
Screengrab of a New York Times article about Syria, that appears to illustrate the story with a stil from a Game

Syrian Electronic Army no longer just Twitter feed jackers... and that's bad news

The Syrian Electronic Army is starting to pose a serious risk to enemies of the Assad regime in both Syria and further afield, according to security watchers. Reports that the SEA managed to take over three personal email accounts of White House employees remain unconfirmed. However, recent worrying attacks on VoIP apps Viber …
John Leyden, 01 Aug 2013
The Register breaking news

New NSA tool exposed: XKeyscore sees 'nearly EVERYTHING you do online'

The cover has been blown on an NSA program which collects data on “nearly everything a user does on the internet” even as the debate rages over the secretive US agency's mass surveillance of innocent people. The XKeyscore program covers emails, social media activity and browsing history and is accessible to NSA analysts with …
John Leyden, 31 Jul 2013