Feeds
The Register Columnists

John Leyden

Contact Mail Follow Twitter RSS feed

Yet another WordPress vuln: Image furtler plugin lets BADNESS in

Self-hosted installations of WordPress are at risk of attack following the disclosure of a vulnerability in a widely used plugin for the blogging software-cum-website CMS. The vulnerable TimThumb plugin is used by many blogs to easily resize images. However a zero-day vulnerability in the Webshot function of TimThumb (2.8.13 - …
John Leyden, 27 Jun 2014
Evil Android

Android SMS worm punts dodgy downloads... from your MATES

Internet ne'er-do-wells have put together a strain of Android malware that spreads like a email worm rather than acting like a conventional trojan. Selfmite spreads by automatically sending a text message to contacts in the infected phone’s address book. Theses SMS messages contain a URL that redirects to the malware: ‘Dear [ …
John Leyden, 27 Jun 2014
Puss considers how to respond to PayPal marketing overtures

Average chump in 'bank' phone scam is STUNG for £10,000 - study

UK consumers have lost more than £21m to "social engineering" scams where fraudsters impersonated bank employees and tech support since the beginning of the year, according to GetSafeOnline. A range of tactics including phishing emails, fraudulent phone calls asking for personal or financial information or phone calls from …
John Leyden, 26 Jun 2014
Google Glass

Freeze, Glasshole! Stop spying on me at the ATM

Google Glass wearers can snoop on passcodes and other sensitive information with only a passing glance, according to a proof-of-concept demo by security researchers. Researchers from the University of Massachusetts Lowell were able to use video streams from wearables like Google Glass and the Samsung smartwatch to capture four- …
John Leyden, 26 Jun 2014

Attackers fling Stuxnet-style RATs at critical control software in EUROPE

Security researchers have uncovered a series of Trojan-based attacks which have infiltrated several targets by infecting industrial control system software from the makers of SCADA and ICS systems. The majority of the victims are located in Europe, though at the time of writing at least one US firm's compromised gear appears to …
John Leyden, 26 Jun 2014

Cryptome pulled OFFLINE due to malware infection: Founder cries foul

Whistle-blowing site Cryptome has been left temporarily unavailable after its service provider NetSol stopped routing traffic towards the site following the discovery of a suspect and probably malicious PHP file. Cryptome's John Young criticised NetSol's decision on to pull the plug on the whistle-blowing site as an overreaction …
John Leyden, 25 Jun 2014
Nuance Dragon Dictate headset

Brit bank Barclays rolls out voice recog for telephone banking

UK high street bank Barclays is introducing voice recognition for users of its telephone banking service. The roll-out of the technology is designed to provide a more secure alternative to pass-codes and the answers to secrets questions as a means to authenticate consumers accessing telephone banking services. The retail bank …
John Leyden, 24 Jun 2014
Hips X-ray

F1 racing ace Michael Schumacher's medical records were pinched

Michael Schumacher's stolen "medical records" are being offered for sale.‬ The management team of the retired motor racing legend has confirmed the theft of files and warned that either the purchase or publication of the documents would provoke both a criminal complaint and a lawsuit. ‪Schumacher‬ left Grenoble Hospital last …
John Leyden, 24 Jun 2014
Syrian Electronic Army threat tweet

SEA hacks Reuters website widget DESPITE 2FA security

Hacktivists with the Syrian Electronic Army have hit news agency Reuters again. Surfers intending to catch up with the latest news were briefly redirected to a page run by the Syrian Electronic Army. The page (screenshot via HotforSecurity here) berated Western media reports about the conflict in Syria. The SEA has previous …
John Leyden, 24 Jun 2014

British Gas Twitter account hijacked by mystery phishermen

An official British Gas Twitter account was hacked over the weekend as part of a phishing scam designed to harvest Twitter login credentials. The account @BritishGasHelp, which is normally geared towards helping people with boiler breakdowns and other queries, was taken over to push a series of ostensibly jokey tweets. The …
John Leyden, 23 Jun 2014
heartbroken

'Heartbleed-based BYOD hack' pwns insurance giant Aviva's iPhones

Mobile device management systems at insurance giant Aviva UK were last month hit by an attack – purportedly based on the Heartbleed exploit, although the firm denies this – that appeared to allow the perpetrator to royally screw with workers' iPhones. The insurance giant has played down the breach but El Reg's mole on the inside …
John Leyden, 23 Jun 2014
bug on keyboard

Infosec bods try Big Data in search for better anti-virus mousetrap

Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection. The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The …
John Leyden, 20 Jun 2014

World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds

Two weeks have passed since the feds knackered the systems doling out the GameOver ZeuS and CryptoLocker malware to PCs. G-men warned us the world had just a fortnight to clean up compromised Windows machines and defend them from the software nasties before their masters regrouped. That time has passed ... and not much has …
John Leyden, 19 Jun 2014
Uncle Sam recruiting poster

Blame WWI, not Bin Laden, for NSA's post-9/11 intel suck

You might think the dragnet surveillance tactics employed by the National Security Agency (NSA) detailed by inside man Edward Snowden were born in the aftermath of Osama Bin Laden's attacks on 11 September, 2001, which resulted in the deaths of nearly 3,000 people as well as the destruction of the twin towers of the World Trade …
John Leyden, 13 Jun 2014

Anonymous plans hacktivism against World Cup sponsors

Ragtag hacktivist collective Anonymous is threatening World Cup sponsors as its next hacking target. Hacker Che Commodore made the threat in solidarity with real-world protestors in Brazil who are enraged that funds are being funnelled into building white elephant stadiums for football's showpiece event rather than much needed …
John Leyden, 09 Jun 2014
chalk outline of  human body at crime scene

Security bods mop blood, sigh: NEW CryptoLocker zombies? We don't see their kind

Infections from the infamous CryptoLocker ransomware have fallen off sharply since a takedown operation earlier this week, according to security researchers. An FBI-led takedown operation disrupted the internet infrastructure powering the Gameover ZeuS botnet and the even more infamous CryptoLocker ransomware. Gameover ZeuS is a …
John Leyden, 05 Jun 2014

Patch NOW: Six new bugs found in OpenSSL – including spying hole

The OpenSSL team has pushed out fixes for six security vulnerabilities in the widely used crypto library. These holes include a flaw that enables man-in-the-middle (MITM) eavesdropping on encrypted connections, and another that allows miscreants to drop malware on at-risk systems. A DTLS invalid fragment bug (CVE-2014-0195, …
John Leyden, 05 Jun 2014
LIFE_SUPPORT_HEART_AND_LUNG_MACHINE

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Two programmers hope to resurrect development of disk-encryption tool TrueCrypt after its original developers quit the project. The official TrueCrypt.org website abruptly shut up shop last week ostensibly because its secretive maintainers felt they could no longer keep the software secure. They blamed the Microsoft's …
John Leyden, 04 Jun 2014
android malware mobile iphone

New software nasty encrypts Android PHONE files and demands a ransom

Miscreants have brewed the first file-encrypting strain of ransomware that infects Android smartphones. The malware, dubbed Android/Simplocker by ESET, scans the SD card in a handset for certain types of file, encrypts them, and demands a ransom to decrypt the data. The ransom message is written in Russian, with payment …
John Leyden, 04 Jun 2014

CONFIRMED: Sophos shifting threat response work to India

Sophos has confirmed it is moving the "majority of its [computer security] threat response work" to India. The Register got wind of the change from an anonymous tipster who told us SophosLabs is shifting away all of its frontline operations to India after it acquired Cyberoam there in February this year. In a statement, Sophos …
John Leyden, 04 Jun 2014
Remy from Ratatouille

Snooping, RAT-flinging, hack-happy crew targeting governments worldwide – researchers

The Middle East-based Molerats hacker crew are even more active than first suspected, according to a report by researchers who claim the team has launched attacks against an unnamed US financial institution and multiple European governments. FireEye said it had identified the expanded list of targets after putting the command- …
John Leyden, 03 Jun 2014

Feds hunt 30-year-old alleged to be lord of Gameover botnet

The FBI has released a wanted notice for 30-year-old Russian national Evgeniy Mikhailovich Bogachev, whom they allege to be the mastermind behind both the Gameover ZeuS and the even more infamous CryptoLocker ransomware. A US indictment has been unsealed against the suspect following an FBI-led takedown operation that disrupted …
John Leyden, 03 Jun 2014
Iranian flag flying

Hackers pose as hacks: Iranian crew uses Facebook to spy on US defence bods – report

An Iran-based hacking network used fake Facebook and other social media profiles to "befriend" and spy on US lawmakers and defence contractors in the US and Israel, among other targets, according to a new report. According to the study, the hackers attempted to get "friendly" with US lawmakers, defence contractors and "at least …
John Leyden, 30 May 2014
Bruce Schneier

TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead

The TrueCrypt project abruptly imploded on Wednesday – leaving folks in the infosec world scratching heads and scrambling to recommend alternatives. In the past hour, crypto-guru Bruce Schneier has told us he's switched back to Symantec's PGPDisk to encrypt his data. "I have no idea what's going on with TrueCrypt," he added on …
John Leyden, 29 May 2014

ICO raps UK Student Loans Co for leaking MEDICAL files and more

The Information Commissioner’s Office (ICO) has criticised Blighty's Student Loans Company for handing students' medical reports and other private files over to the wrong people. In various blunders, records including medical notes and a psychological assessment were accidentally leaked to an unnamed outside organisation, sent …
John Leyden, 28 May 2014

iDevice ransomware stalks OZ, demands payoff

Apple fans across Australia are finding their iPad and iPhones held for ransom by miscreants demanding $50 and more for unlock fee. The extortionate demands appeared in messages claiming the device had been "hacked by Oleg Pliss" – but it'd be highly unlikely that the cybercrooks behind the scam, which appears to be localised to …
John Leyden, 27 May 2014

PC-infecting chat demon quotes THE BIBLE to summon malware plague

A new Trojan that distributes itself through Facebook instant messaging and Yahoo! Messenger has claimed hundreds of victims. Computer systems have been infected by the software nasty in the UK, Germany, France, Denmark, Romania, the US and Canada during the past week or so, according to Romanian antivirus firm Bitdefender. …
John Leyden, 27 May 2014
PCS with a red X in front of them

Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
John Leyden, 27 May 2014
Targeted Spam

Authorities swoop on illicit Wolverhampton SPAM FARM

UK data privacy experts have raided an SMS spam farm blamed for spewing out more than 350,000 nuisance messages to mobiles. The Information Commissioner’s Office (ICO) seized hundreds of SIM cards on Thursday, after raiding a SIM farm in offices in Wolverhampton. Initial estimates suggest the impounded kit could have been used …
John Leyden, 27 May 2014
BMW Left-turn Assistant

DUDE, WHERE'S MY CAR? New leccy BMWs have flimsy password security – researcher

New BMW cars have security shortcomings that could allow thieves to pop open a victim's flash motor from a smartphone. Ken Munro, a partner at Pen Test Partners, uncovered security issues in the systems that pair the latest generation of beamers with owners' mobiles. By stringing together the flaws, a crook could open doors, …
John Leyden, 27 May 2014
hands waving dollar bills in the air

eBay says database leak dump offers are fake

Cybercrooks are offering to sell "stolen copies" of the leaked eBay database through an advert posted through Pastebin. However eBay says the sale is fake. "We have checked all published data and so far none are authentic eBay accounts," eBay's press office told El Reg. Security experts, although far from certain, seem inclined …
John Leyden, 22 May 2014
A hash

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Confusion reigns over whether or not the 145 million "encrypted" user account passwords swiped from eBay can be practically cracked by crooks. A day has passed since the online tat bazaar admitted its customer database was hacked back in February, and the method of encryption is still not known. We do know what wasn't encrypted …
John Leyden, 22 May 2014
Blasphemous Password

eBay slammed for daft post-hack password swap advice

eBay has been criticised for its advice to consumers on choosing a strong password in the wake of a megabreach that prompted it to tell millions of users to change their passwords. The online tat bazaar admitted on Wednesday that a database containing "eBay customers’ name, encrypted password, email address, physical address, …
John Leyden, 22 May 2014
PayPal

PayPal Manager bug left web stores open to cyber-burglars

eBay-owned PayPal has plugged a vulnerability that potentially allowed thieves to seize control of merchants' online stores and empty the shelves. The bug – discovered by security researcher Mark Litchfield of Securatary – affected PayPal Manager, which is used to manage PayFlow accounts by people selling stuff online. PayPal …
John Leyden, 21 May 2014

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

eBay‬ has told people to change their passwords for the online tat bazaar after its customer database was compromised. Names, dates of birth, phone numbers, physical addresses, email addresses, and "encrypted" passwords, were copied from servers by attackers, we're told. Credit card numbers and other financial records were not …
John Leyden, 21 May 2014
Github octodex

US giant NBC 'leaks' PRIVATE Amazon keys in Github Glenn gaffe

A London-based developer claims he was accidentally given the keys to US broadcaster NBC Universal’s websites – thanks to a username mix up on GitHub. Glenn Shoosmith was an early adopter of Github, and thus bagged the short-and-sweet user ID Glenn in July 2008. Repositories can be public and viewable by all, or private and …
John Leyden, 20 May 2014

AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool)

It's the bug that keeps on bleeding. Thousands of websites are still vulnerable to Heartbleed more than a month after a patch for the password-leaking OpenSSL bug was released, we're told. Researchers at AVG’s Virus Labs said they scanned Alexa's league table of the top 800,000 sites in the world, and found 12,043 (1.5 per cent …
John Leyden, 20 May 2014
Chip-and-PIN Tetris hack

Chip and SKIM: How dodgy crypto can leave shoppers open to fraud

UK academics today describe how criminals can forge chip-and-PIN card transactions and spend other people's money for free. The team of University of Cambridge experts say their technique exploits a cryptographic weakness in some devices implementing the EMV (aka chip'n'PIN) standard. And they're confident they've found a …
John Leyden, 19 May 2014

LifeLock snaps shut Wallet mobile app over credit card leak fears

LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS). In a statement Todd Davis, chairman and chief exec of LifeLock, said it was suspending the app as a precaution - not in response to …
John Leyden, 19 May 2014
Addonics NASU2 NAS adaptor

Do you use NAS drives? For work? One just LEAKED secret cash-machine blueprints

Some personal desktop storage devices are leaking top corporate secrets to the internet – in one case, the designs for a hole-in-the-wall cash machine. That's according to intelligence biz Digital Shadows, which tries to work out how proprietary and personal information accidentally escapes network boundaries. We're told one …
John Leyden, 13 May 2014
Dixons Logik Smart TV

Hey, does your Smart TV have a mic? Enjoy your surveillance, bro

NSA whistleblower Edward Snowden told lawyers he met during his sojourn in Hong Kong to put their cell phones in his fridge to thwart any eavesdroppers. But new research suggests he should have been worried about nearby TVs, too. Smart tellies with built-in microphones and storage can be turned into bugging devices by malware …
John Leyden, 10 May 2014

Point DNS blitzed by mystery DDoS assault

Domain hosts Point DNS has been hammered with a high intensity DDoS attack on Friday, knocking servers out for hours. The size of the attack and techniques used - much less who might be behind the attack - remains unclear. Several Reg readers got in touch to notify us about the issue and the company confirmed the attack online …
John Leyden, 09 May 2014
Qualcomm Atheros hybrid home network

Don't fret over SOHO routers and Heartbleed. But yeah, there's LOADS to fear on home kit

The infamous Heartbleed bug doesn't affect home routers in practice, according to new analysis by security researchers at TripWire. The infosec vendor nevertheless warned that "critical security flaws" are "endemic" to small office/home office (SOHO) routers. TripWire came to this conclusion after revisiting earlier research on …
John Leyden, 09 May 2014
German ransomware

Oh aye, a mobe grumble-flick player? No – it's a 'droid ransomware nasty

Ransomware scumbags have widened their net with a new software nasty that infects Android smartphones and tablets. The Koler-A ransomware trojan is delivered automatically to peeps browsing malicious pornographic sites; it poses as a media player offering access to premium content. Koler-A requires the user to enable side- …
John Leyden, 09 May 2014
Printed key

Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL

Standards stewards on the Internet Engineering Task Force (IETF) are planning to drop RSA key exchanges from TLS 1.3, the next revision of SSL. The technical body is instead eying up algorithms that use short-lived encryption keys, aka ephemeral keys, that can sidestep surveillance dragnets by the likes of the NSA. Specifically …
John Leyden, 08 May 2014
The Italian Job, 1969

Traffic light vulns leave doors wide open to Italian Job-style hacks

Hackers may be able to create traffic chaos, just like Michael Caine's loveable rogue in classic Brit film The Italian Job, thanks to an alarming series of flaws discovered in traffic control systems. Cesar Cerrudo, CTO at embedded security experts IOActive Labs, discovered that traffic control systems in cities around the world …
John Leyden, 08 May 2014

Securo-borg FireEye coughs $70m to buy 'flight-recorder-for-networks' tech

Security vendor FireEye has bought network forensics firm nPulse Technologies in a $70m deal. FireEye is stumping up $60m in cash and $10m in stock to get its hands on nPulse, a privately held startup that boasts it offers the industry's fastest full packet capture and indexing technology. nPulse’s forensics will be integrated …
John Leyden, 07 May 2014
Anna Chapman, one-time Russian spy turned model

Look out, sysadmins - HOT FOREIGN SPIES are targeting you

MI5 has warned that foreign spy agencies are targeting IT workers within big organisations as a means of gaining privileged access to sensitive data. The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks, the FT (via the Daily Mail) reports …
John Leyden, 07 May 2014

Don't let hackers know Mandiant founder checks his email on an iPad. Oh.

Mandiant boss Kevin Mandia says he has cut back on email and only uses an iPad to check his inbox as he fends off counterattacks from hackers. In 2013, the company published a landmark report on the so-called APT1 espionage crew: the detailed dossier claimed Shanghai-based People's Liberation Army Unit 61398 had hacked and …
John Leyden, 06 May 2014

Hacktivists hijack BNP Twitter account, crayon over leader Griffin's too

Hacktivists from Anonymous took over the Twitter feeds of the extreme British National Party and its controversial chairman Nick Griffin over the weekend. The hack against @NickGriffinMEP's profile, which boasts 29,000 followers, was apparently mere mischief rather than a desire to make a point against a politician notorious for …
John Leyden, 06 May 2014