Feeds
The Register Columnists

John Leyden

Contact Mail Follow Twitter RSS feed
heartbroken

'Heartbleed-based BYOD hack' pwns insurance giant Aviva's iPhones

Mobile device management systems at insurance giant Aviva UK were last month hit by an attack – purportedly based on the Heartbleed exploit, although the firm denies this – that appeared to allow the perpetrator to royally screw with workers' iPhones. The insurance giant has played down the breach but El Reg's mole on the inside …
John Leyden, 23 Jun 2014
bug on keyboard

Infosec bods try Big Data in search for better anti-virus mousetrap

Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection. The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The …
John Leyden, 20 Jun 2014

World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds

Two weeks have passed since the feds knackered the systems doling out the GameOver ZeuS and CryptoLocker malware to PCs. G-men warned us the world had just a fortnight to clean up compromised Windows machines and defend them from the software nasties before their masters regrouped. That time has passed ... and not much has …
John Leyden, 19 Jun 2014
Uncle Sam recruiting poster

Blame WWI, not Bin Laden, for NSA's post-9/11 intel suck

You might think the dragnet surveillance tactics employed by the National Security Agency (NSA) detailed by inside man Edward Snowden were born in the aftermath of Osama Bin Laden's attacks on 11 September, 2001, which resulted in the deaths of nearly 3,000 people as well as the destruction of the twin towers of the World Trade …
John Leyden, 13 Jun 2014

Anonymous plans hacktivism against World Cup sponsors

Ragtag hacktivist collective Anonymous is threatening World Cup sponsors as its next hacking target. Hacker Che Commodore made the threat in solidarity with real-world protestors in Brazil who are enraged that funds are being funnelled into building white elephant stadiums for football's showpiece event rather than much needed …
John Leyden, 09 Jun 2014
chalk outline of  human body at crime scene

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers. An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a …
John Leyden, 05 Jun 2014

Patch NOW: Six new bugs found in OpenSSL – including spying hole

The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems. A DTLS invalid fragment bug (CVE-2014-0195, …
John Leyden, 05 Jun 2014
LIFE_SUPPORT_HEART_AND_LUNG_MACHINE

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
John Leyden, 04 Jun 2014
android malware mobile iphone

New software nasty encrypts Android PHONE files and demands a ransom

Miscreants have brewed the first file-encrypting strain of ransomware that infects Android smartphones. The malware, dubbed Android/Simplocker by ESET, scans the SD card in a handset for certain types of file, encrypts them, and demands a ransom to decrypt the data. The ransom message is written in Russian, with payment …
John Leyden, 04 Jun 2014

CONFIRMED: Sophos shifting threat response work to India

Sophos has confirmed it is moving the "majority of its [computer security] threat response work" to India. The Register got wind of the change from an anonymous tipster who told us SophosLabs is shifting away all of its frontline operations to India after it acquired Cyberoam there in February this year. In a statement, Sophos …
John Leyden, 04 Jun 2014
Remy from Ratatouille

Snooping, RAT-flinging, hack-happy crew targeting governments worldwide – researchers

The Middle East-based Molerats hacker crew are even more active than first suspected, according to a report by researchers who claim the team has launched attacks against an unnamed US financial institution and multiple European governments. FireEye said it had identified the expanded list of targets after putting the command- …
John Leyden, 03 Jun 2014

Feds hunt 30-year-old alleged to be lord of Gameover botnet

The FBI has released a wanted notice for 30-year-old Russian national Evgeniy Mikhailovich Bogachev, whom they allege to be the mastermind behind both the Gameover ZeuS and the even more infamous CryptoLocker ransomware. A US indictment has been unsealed against the suspect following an FBI-led takedown operation that disrupted …
John Leyden, 03 Jun 2014
Iranian flag flying

Hackers pose as hacks: Iranian crew uses Facebook to spy on US defence bods – report

An Iran-based hacking network used fake Facebook and other social media profiles to "befriend" and spy on US lawmakers and defence contractors in the US and Israel, among other targets, according to a new report. According to the study, the hackers attempted to get "friendly" with US lawmakers, defence contractors and "at least …
John Leyden, 30 May 2014
Bruce Schneier

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead

The TrueCrypt project abruptly imploded on Wednesday – leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on …
John Leyden, 29 May 2014

ICO raps UK Student Loans Co for leaking MEDICAL files and more

The Information Commissioner’s Office (ICO) has criticised Blighty's Student Loans Company for handing students' medical reports and other private files over to the wrong people. In various blunders, records including medical notes and a psychological assessment were accidentally leaked to an unnamed outside organisation, sent …
John Leyden, 28 May 2014

iDevice ransomware stalks OZ, demands payoff

Apple fans across Australia are finding their iPad and iPhones held for ransom by miscreants demanding $50 and more for unlock fee. The extortionate demands appeared in messages claiming the device had been "hacked by Oleg Pliss" – but it'd be highly unlikely that the cybercrooks behind the scam, which appears to be localised to …
John Leyden, 27 May 2014

PC-infecting chat demon quotes THE BIBLE to summon malware plague

A new Trojan that distributes itself through Facebook instant messaging and Yahoo! Messenger has claimed hundreds of victims. Computer systems have been infected by the software nasty in the UK, Germany, France, Denmark, Romania, the US and Canada during the past week or so, according to Romanian antivirus firm Bitdefender. …
John Leyden, 27 May 2014
PCS with a red X in front of them

Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
John Leyden, 27 May 2014
Targeted Spam

Authorities swoop on illicit Wolverhampton SPAM FARM

UK data privacy experts have raided an SMS spam farm blamed for spewing out more than 350,000 nuisance messages to mobiles. The Information Commissioner’s Office (ICO) seized hundreds of SIM cards on Thursday, after raiding a SIM farm in offices in Wolverhampton. Initial estimates suggest the impounded kit could have been used …
John Leyden, 27 May 2014
BMW Left-turn Assistant

DUDE, WHERE'S MY CAR? New leccy BMWs have flimsy password security – researcher

New BMW cars have security shortcomings that could allow thieves to pop open a victim's flash motor from a smartphone. Ken Munro, a partner at Pen Test Partners, uncovered security issues in the systems that pair the latest generation of beamers with owners' mobiles. By stringing together the flaws, a crook could open doors, …
John Leyden, 27 May 2014
hands waving dollar bills in the air

eBay says database leak dump offers are fake

Cybercrooks are offering to sell "stolen copies" of the leaked eBay database through an advert posted through Pastebin. However eBay says the sale is fake. "We have checked all published data and so far none are authentic eBay accounts," eBay's press office told El Reg. Security experts, although far from certain, seem inclined …
John Leyden, 22 May 2014
A hash

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Confusion reigns over whether or not the 145 million "encrypted" user account passwords swiped from eBay can be practically cracked by crooks. A day has passed since the online tat bazaar admitted its customer database was hacked back in February, and the method of encryption is still not known. We do know what wasn't encrypted …
John Leyden, 22 May 2014
Blasphemous Password

eBay slammed for daft post-hack password swap advice

eBay has been criticised for its advice to consumers on choosing a strong password in the wake of a megabreach that prompted it to tell millions of users to change their passwords. The online tat bazaar admitted on Wednesday that a database containing "eBay customers’ name, encrypted password, email address, physical address, …
John Leyden, 22 May 2014
PayPal

PayPal Manager bug left web stores open to cyber-burglars

eBay-owned PayPal has plugged a vulnerability that potentially allowed thieves to seize control of merchants' online stores and empty the shelves. The bug – discovered by security researcher Mark Litchfield of Securatary – affected PayPal Manager, which is used to manage PayFlow accounts by people selling stuff online. PayPal …
John Leyden, 21 May 2014

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

eBay‬ has told people to change their passwords for the online tat bazaar after its customer database was compromised. Names, dates of birth, phone numbers, physical addresses, email addresses, and "encrypted" passwords, were copied from servers by attackers, we're told. Credit card numbers and other financial records were not …
John Leyden, 21 May 2014
Github octodex

US giant NBC 'leaks' PRIVATE Amazon keys in Github Glenn gaffe

A London-based developer claims he was accidentally given the keys to US broadcaster NBC Universal’s websites – thanks to a username mix up on GitHub. Glenn Shoosmith was an early adopter of Github, and thus bagged the short-and-sweet user ID Glenn in July 2008. Repositories can be public and viewable by all, or private and …
John Leyden, 20 May 2014

AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool)

It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per cent …
John Leyden, 20 May 2014
Chip-and-PIN Tetris hack

Chip and SKIM: How dodgy crypto can leave shoppers open to fraud

UK academics today describe how criminals can forge chip-and-PIN card transactions and spend other people's money for free. The team of University of Cambridge experts say their technique exploits a cryptographic weakness in some devices implementing the EMV (aka chip'n'PIN) standard. And they're confident they've found a …
John Leyden, 19 May 2014

LifeLock snaps shut Wallet mobile app over credit card leak fears

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS). In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution - not in response to …
John Leyden, 19 May 2014
Addonics NASU2 NAS adaptor

Do you use NAS drives? For work? One just LEAKED secret cash-machine blueprints

Some personal desktop storage devices are leaking top corporate secrets to the internet – in one case, the designs for a hole-in-the-wall cash machine. That's according to intelligence biz Digital Shadows, which tries to work out how proprietary and personal information accidentally escapes network boundaries. We're told one …
John Leyden, 13 May 2014
Dixons Logik Smart TV

Hey, does your Smart TV have a mic? Enjoy your surveillance, bro

NSA whistleblower Edward Snowden told lawyers he met during his sojourn in Hong Kong to put their cell phones in his fridge to thwart any eavesdroppers. But new research suggests he should have been worried about nearby TVs, too. Smart tellies with built-in microphones and storage can be turned into bugging devices by malware …
John Leyden, 10 May 2014

Point DNS blitzed by mystery DDoS assault

Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours. The size of the attack and techniques used - much less who might be behind the attack - remains unclear. Several Reg readers got in touch to notify us about the issue and the company confirmed the attack online …
John Leyden, 09 May 2014
Qualcomm Atheros hybrid home network

Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

The infamous Heartbleed bug doesn't affect home routers in practice, according to new analysis by security researchers at TripWire. The infosec vendor nevertheless warned that "critical security flaws" are "endemic" to small office/home office (SOHO) routers. TripWire came to this conclusion after revisiting earlier research on …
John Leyden, 09 May 2014
German ransomware

Oh aye, a mobe grumble-flick player? No – it's a 'droid ransomware nasty

Ransomware scumbags have widened their net with a new software nasty that infects Android smartphones and tablets. The Koler-A ransomware trojan is delivered automatically to peeps browsing malicious pornographic sites; it poses as a media player offering access to premium content. Koler-A requires the user to enable side- …
John Leyden, 09 May 2014
Printed key

Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL

Standards stewards on the Internet Engineering Task Force (IETF) are planning to drop RSA key exchanges from TLS 1.3, the next revision of SSL. The technical body is instead eying up algorithms that use short-lived encryption keys, aka ephemeral keys, that can sidestep surveillance dragnets by the likes of the NSA. Specifically …
John Leyden, 08 May 2014
The Italian Job, 1969

Traffic light vulns leave doors wide open to Italian Job-style hacks

Hackers may be able to create traffic chaos, just like Michael Caine's loveable rogue in classic Brit film The Italian Job, thanks to an alarming series of flaws discovered in traffic control systems. Cesar Cerrudo, CTO at embedded security experts IOActive Labs, discovered that traffic control systems in cities around the world …
John Leyden, 08 May 2014

Securo-borg FireEye coughs $70m to buy 'flight-recorder-for-networks' tech

Security vendor FireEye has bought network forensics firm nPulse Technologies in a $70m deal. FireEye is stumping up $60m in cash and $10m in stock to get its hands on nPulse, a privately held startup that boasts it offers the industry's fastest full packet capture and indexing technology. nPulse’s forensics will be integrated …
John Leyden, 07 May 2014
Anna Chapman, one-time Russian spy turned model

Look out, sysadmins - HOT FOREIGN SPIES are targeting you

MI5 has warned that foreign spy agencies are targeting IT workers within big organisations as a means of gaining privileged access to sensitive data. The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks, the FT (via the Daily Mail) reports …
John Leyden, 07 May 2014

Don't let hackers know Mandiant founder checks his email on an iPad. Oh.

Mandiant boss Kevin Mandia says he has cut back on email and only uses an iPad to check his inbox as he fends off counterattacks from hackers. In 2013, the company published a landmark report on the so-called APT1 espionage crew: the detailed dossier claimed Shanghai-based People's Liberation Army Unit 61398 had hacked and …
John Leyden, 06 May 2014

Hacktivists hijack BNP Twitter account, crayon over leader Griffin's too

Hacktivists from Anonymous took over the Twitter feeds of the extreme British National Party and its controversial chairman Nick Griffin over the weekend. The hack against @NickGriffinMEP's profile, which boasts 29,000 followers, was apparently mere mischief rather than a desire to make a point against a politician notorious for …
John Leyden, 06 May 2014
bamboo_bikeC

HALF of London has outdated Wi-Fi security, says roving World of War, er, BIKER

Wireless security across London remains flaky despite the well-known risks, according to an infosec bod who has been riding his bike all around town identifying insecure wireless networks and highlighting shoddy user behaviours that could be exploited by rogue hackers. James Lyne, global head of security research at Sophos, went …
John Leyden, 05 May 2014
Windows XP boot screen

Hackers ZERO IN on ZOMBIE XP boxes: Get patching, Internet Explorer 8 users

A newly uncovered attack specifically targeting out-of-support Windows XP machines running Internet Explorer 8 is being used to hack potential victims in multiple industries across Europe and North America, according to security researchers. This is the first “in the wild” attack spotted against Windows XP after Microsoft pulled …
John Leyden, 02 May 2014
snowden SXSW

Security guru: You can't blame EDWARD SNOWDEN for making US clouds LOOK leaky

Accusations that the revelations from rogue National Security Agency sysadmin whistleblower Edward Snowden have damaged the US technology industry are misplaced, according to influential security guru Mikko Hypponen. Hypponen, chief research officer at security firm F-Secure, said that the disclosure that US tech was either " …
John Leyden, 30 Apr 2014
Bloodbath!

Interweb has staunched nearly all Heartbleed wounds, says crypto bod

The Heartbleed password-leaking vulnerability in OpenSSL has almost been eradicated from the web just weeks after its discovery, according to an encryption expert. Ivan Ristic, director of engineering at cloud security firm Qualys, estimates that 25 per cent of websites worldwide were vulnerable to the data-disclosing bug on 8 …
John Leyden, 30 Apr 2014

Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead, warns top cop

Europe's top cyber-cop has called for a shift in focus from the prosecution of online crims to the disruption of their activities. This comes as crooks increasingly make use of the darknet – private peer-to-peer networks such as Tor – to stay hidden and anonymous; cops find it difficult to work out suspects' true identities and …
John Leyden, 29 Apr 2014
Adobe Flash installer

Drink me: Adobe pours Flash Player bug squash

Adobe is pushing out a cross-platform security fix for a bug in its Flash Player that miscreants are already exploiting. Windows users running Adobe Flash Player 13.0.0.182 and earlier need to update it following the discovery of a zero-day attack. "Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild …
John Leyden, 28 Apr 2014

Press release scam pelts poor PRs with volley of UNTRUE invoices

Fraudsters are targeting PR agencies that make use of newswires though a sneaky false invoicing scam. Pressat, which distributes press releases from tech PR agencies and others, put out a warning about fraudulent attempts to trick its clients into paying out on the back of false invoices that typically demand €580. The latest …
John Leyden, 28 Apr 2014
Zombie cloud

Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln

Visitors to a video distribution website were unwittingly turned into participants in a hacker's DDoS battle against a third-party site earlier this month. DDoS mitigation firm Incapsula identified the video website as Sohu.TV, after the Chinese streaming site plugged a vuln that enabled the browser-based botnet attack to happen …
John Leyden, 25 Apr 2014
balaclava_thief_burglar

UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m

A gang has been jailed after secretly installing hardware in Barclays bank branches to control PCs and steal £1.2m. The sneaky crims hooked up a hidden KVM (keyboard, video and mouse) switch and a 3G mobile dongle to computers at two London branches. This allowed the thieves to connect to the switch over the internet, access the …
John Leyden, 25 Apr 2014
sabu

LulzSec's Sabu hacked foreign gov sites while under FBI control – NYT

Ex-LulzSec chief Sabu orchestrated attacks on government computers in Iran, Syria, Pakistan and Brazil while under the control of the FBI, according to a New York Times investigation. After he was apprehended and turned to became an FBI informant, Hector Xavier "Sabu" Monsegur encouraged fellow Anonymous hackers to hit foreign …
John Leyden, 24 Apr 2014