Feeds

John Leyden

Contact Mail Follow Twitter RSS feed
Disney's Beagle Boys

Four caged in UK after cyber-heist swipes €7m in EU carbon credits

Four men were jailed in the UK this week following the theft of millions of pounds in carbon-emission credits. The gang was convicted for their part in an operation that stole half a million credits – valued at €7m (£5m) at the time – from the Czech Republic’s carbon-emission registry back in January 2011. European carbon- …
John Leyden, 26 Sep 2014
Now you've done it...

Hackers thrash Bash Shellshock bug: World races to cover hole

Sysadmins and users have been urged to patch the severe Shellshock vulnerability in Bash on Linux and Unix systems – as hackers ruthlessly exploit the flaw to compromise or crash computers. But as "millions" of servers, PCs and devices lay vulnerable or are being updated, it's emerged the fix is incomplete. The flaw affects the …
John Leyden, 25 Sep 2014

FBI: Your real SECURITY TERROR? An ANGRY INSIDE MAN

Disgruntled workers are causing more problems for their employers, the FBI warns. Employees, ex-workers or contractors with a grudge against their former paymasters are abusing cloud storage sites or remote access to enterprise networks to steal trade secrets, customer lists or other sensitive information. Insider threats have …
John Leyden, 25 Sep 2014

Latest Firefox and Thunderbird updates plug CRITICAL SSL vuln

Mozilla Firefox needs patching urgently following the discovery that the open source browser is vulnerable to SSL man-in-the-middle attacks. The critical bug arises because the Network Security Services (NSS) libraries parser built into the browser is capable of being tricked into accepting forged RSA certificate signatures. …
John Leyden, 25 Sep 2014

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large. It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers. The vulnerability is present in …
John Leyden, 24 Sep 2014
Canvas fingerprinting

Apple is too shallow, must go deeper to beat TouchID fingerprint hack, say securo-bods

News that Apple’s iPhone 6 can be spoofed with the same fake fingerprints that tricked its earlier version, the iPhone 5S, has sparked off a lively debate among security researchers. Lookout researcher Marc Rogers demonstrated that the TouchID fingerprint sensor of the latest iPhones could be made to work with a cloned …
John Leyden, 24 Sep 2014
Heatmiser PRS-TS WiFi RF Thermostat

Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI

Digital thermostats from Heatmiser are wide open to takeover thanks to default login credentials and myriad other security flaws. The UK-based manufacturer has promised to develop a fix. Pending the arrival of a patch, users are advised to disable the device's Wi-Fi capability. The security flaws were discovered by Andrew …
John Leyden, 24 Sep 2014
Detail from Chaos Computer Club video

Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack

Apple’s shiny new iPhone 6 can be spoofed with the same fake fingerprints that tricked its older sibling, the iPhone 5S. That's according to mobile security firm Lookout, which said it discovered that it is possible to create a fake fingerprint that's capable of fooling the TouchID fingerprint sensor of the latest iPhones (6 and …
John Leyden, 23 Sep 2014
Files

UK banks hook themselves up to real-time cop data feed

UK banks will receive real-time warnings about threats to their customers' accounts as well as the overall integrity of their banking systems from a new financial crime alert system. Financial Crime Alerts Service (FCAS), which is being rolled out by banking industry association BBA, is designed to allow financial crime …
John Leyden, 23 Sep 2014

Tripadvisor site coughs to card data breach for a potential 800k users

TripAdvisor has suffered a data breach at its Viator tour-booking and review website. An estimated 1.4 million Viator customers are potentially affected by the compromise, which the firm admits may have exposed payment card data. The compromise also potentially aired the email address, password and Viator "nickname" associated …
John Leyden, 23 Sep 2014
Call of Duty: Black Ops 2

BLAM, BLAM, BLAM... nooooo! Hacker crew Lizard Squad spits DDoS venom on Call of Duty

Hackers from the group Lizard Squad have reneged on their promise to quit earlier this month, apparently launching distributed denial-of-service (DDoS) attacks on major gaming industry websites. After an attack on the Playstation Network in August, Lizard Squad has added two uber-popular shoot-'em-up games from Activision …
John Leyden, 23 Sep 2014
iOS 8

Apple slaps a passcode lock on iOS 8 devices, but cops can still inhale your iCloud

Improved security features in iOS 8 prevent Apple from unlocking phones – even when requested to by law enforcement. But search warrant-holding cops can still get almost everything through iCloud backups, according to ElcomSoft. The consumer device manufacturer's attempts at upgrading iOS encryption to "defeat lawful search …
John Leyden, 23 Sep 2014
Targeted Spam

Mushy spam law's IDEAL for toothless watchdog: Spamhaus slams CAN-SPAM

Antispam organisation Spamhaus has reacted phlegmatically to a recent survey that one in 10 of the world’s largest online retailers are still violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. Richard Cox, CIO of The Spamhaus Project, suggested the Online Trust Alliance (OTA)'s …
John Leyden, 22 Sep 2014
Microsoft CEO Satya Nadella

Blood-crazed Microsoft axes Trustworthy Computing Group

Microsoft is closing its Trustworthy Computing Group as part of the loss of 2,100 jobs in a restructuring plan unveiled on Thursday. The Trustworthy Computing Group is to be disbanded, with responsibilities for security and privacy programs folded into its Cloud & Enterprise Division, and its Legal & Corporate Affairs group. …
John Leyden, 19 Sep 2014
FBI badge and gun

TOR users become FBI's No.1 hacking target after legal power grab

The FBI wants greater authority to hack overseas computers, according to a law professor. A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet. The …
John Leyden, 19 Sep 2014

Russian botnet suspects cuffed over romantic MMS spyware allegs

Russian cops have arrested two mobile botnet cybercrime suspects as part of an ongoing investigation that's reckoned to be the first of its kind in Russia. The unnamed duo, aged 25 and 24 and both resident in Arkhangelsk (a city in the north of European Russia) were arrested as part of an investigation into attempts to defraud …
John Leyden, 19 Sep 2014
Spam image

Ten years on, TEN PER CENT of retailers aren't obeying CAN-SPAM

One in 10 of the world’s largest online retailers are sill violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. The finding comes from an audit by the Online Trust Alliance (OTA), a non-profit with the mission to enhance online trust. They also found that 70 per cent of 200 online …
John Leyden, 18 Sep 2014
Alistair Darling and Alex Salmond debate Scottish independence

Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM

Web users have been warned to be wary of fake results messages about the Scottish Independence referendum. The warning from UK.gov-backed Get Safe Online comes hours after the polling booths opened north in the border in a history-making vote that will determine Scotland's fate. Unlike a political election, there will not be …
John Leyden, 18 Sep 2014
australian credit cards fraud contactless

Forget bonking, have ONE OFF THE WRIST with Barclaycard's bPay

Barclaycard is trying to push consumers towards a cashless society with its contactless payment wristband, bPay. The technology is positioned as a competitor to Google Wallet and PayPal and the Apple Pay. These NFC-based smartphone technologies are debuting in the US, whereas bPay will be available much sooner in the UK. …
John Leyden, 18 Sep 2014
ISIS Islamists in Iraq

Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks

The Snowden leaks have not changed the way jihadi terorrists communicate, according to a new study. A report by Flashpoint Partners concludes that jihadi/terrorist groups, their recruits and affiliates are making greater use of secure communications tools. Yet the report ascribes this to the development of new encrypted …
John Leyden, 18 Sep 2014
Adobe security

Critical Adobe Reader and Acrobat patches FINALLY make it out

Adobe belatedly pushed out critical updates for its frequently-attacked Reader and Acrobat PDF software packages on Tuesday. Mac and Windows users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09. Adobe Reader X (10.1.11) users who can't upgrade are being offered a patched version of the earlier …
John Leyden, 17 Sep 2014
Crime in Russia

UK.gov lobs another fistful of change at SME infosec nightmares

Business secretary Vince Cable has announced a £4m fund to help small businesses fight cyber crime. This has not gone down well with the infosec world. Security experts have said a bigger slice of the UK's £860m cyber security budget ought to be allocated to tackling security problems at the SME level to have any realistic …
John Leyden, 17 Sep 2014
lava

Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland

Early Earth may have been less like the hellish realm of molten magma previously suspected but also distinct from the sort of environment found in modern-day Iceland, according to research by geologists. The Earth had already formed oceans, continents and an active crustal plates by the time it was 500 million years old, …
John Leyden, 16 Sep 2014
Flag of Israel; credit James Emery

Israeli spies rebel over mass-snooping on innocent Palestinians

Israeli politicians and a former military intelligence commander have hit back at reservists who criticized Israel for spying on ordinary Palestinians. Last week, 43 Israeli military intelligence reservists signed a letter refusing to serve in the occupied Palestinian territories over fears snoops were planning to blackmail …
John Leyden, 16 Sep 2014
Flytrap

Yawn, Wikileaks, we already knew about FinFisher. But these software binaries...

WikiLeaks is making the controversial FinFisher commercial spyware tool available for download as part of the latest in a series of leaks that have put the operations of the controversial business under the microscope. FinFisher, which was part of UK-based Gamma Group International until late 2013 before relocating to Germany, …
John Leyden, 15 Sep 2014
Chat from the #opaustralia IRC channel

Freenode IRC users told to change passwords after securo-breach

A security breach at popular, free and open source software-focused IRC network Freenode means users need to change their passwords. Freenode's IRC server was compromised and passwords were likely sniffed by unidentified hackers, prompting a warning to users that they should reset their passwords as a precaution. The security …
John Leyden, 15 Sep 2014
Doom printer hack

Infosec geniuses hack a Canon PRINTER and install DOOM

Security researchers have demonstrated a hack that allowed them to get into the web interface of a Canon Pixma printer before modifying its firmware to run the classic 90s computer game Doom. The proof-of-concept demo by security researchers at Context Information Security, which involved remotely accessing the web interface on …
John Leyden, 15 Sep 2014
ipod u2 edition

Not pro Bono: Apple's audio junk mail made spammers' lives easier

Apple's decision to push a new album by Irish boy band U2 into the iCloud libraries of millions isn't just egregious. It arguably plays into the hands of scammers. Without warning, the iPhone maker emitted Songs of Innocence with all the haste of a critical security update after the group's appearance at its Apple Watch and …
John Leyden, 13 Sep 2014

CryptoLocker-style ransomware booms 700 PER CENT this year

CryptoLocker-style ransomware is eight times more common now than in January, going a long way towards overtaking fake police warning ransomware scams, according to Symantec. The disruption of the GameOver Zeus banking trojan botnet back in late May took away one of the main distribution methods for CryptoLocker itself. …
John Leyden, 12 Sep 2014

UK.gov's flagship infosec program ISN'T DELIVERING - but all's still well, say auditors

The UK's National Cyber Security Programme is not yet delivering on its much-vaunted economic benefits but is still a worthwhile exercise, according to a report by government auditors. An update by the National Audit Office for Parliament's Public Accounts Committee on the government’s National Cyber Security Programme said that …
John Leyden, 12 Sep 2014
chalk outline of  human body at crime scene

What kind of mugs do you take us for? Malicious sites in spam scams target UK

Spam destined for recipients in the UK is almost three times more likely to contain a malicious URL than unsolicited email sent to the United States. Unsolicited email in Germany and France is significantly less likely than mail sent to the US to contain malicious URLs. This means that, on average, an unsolicited email sitting …
John Leyden, 12 Sep 2014
Clay in ZipLoc bag masquerading as an iPad 2

5 Nigerian gangs dominate Craigslist buyer scams

Just five Nigerian criminal gangs are behind a widespread type of fraud targeting sellers on Craigslist. The Lads from Lagos are going to considerable lengths of investing time and money in order to make their scams more plausible, according to a study by George Mason University researchers Damon McCoy and Jackie Jones. The …
John Leyden, 11 Sep 2014
Angry woman on mobile

This flashlight app requires: Your contacts list, identity, access to your camera...

A global survey of more than 1,200 mobile apps has discovered that the vast majority (85 per cent) fail to provide basic privacy information. The global survey faulted apps for accessing large amounts of personal information without adequately explaining how they were collecting, using and disclosing personal information. Almost …
John Leyden, 11 Sep 2014
Brute force

Leak of '5 MEELLLION Gmail passwords' creates security flap

Plain-text passwords and account names linked to five million Gmail accounts have been leaked onto several Russian forums. Security experts had already confirmed the data seemed legit, albeit approximately three years old, before Google put up its blog post on the subject. The leak, to a variety of forums, not all of which are …
John Leyden, 11 Sep 2014
Printed key

2016: Robo-butlers, flying cars, and Google's internet Terminators hunting SHA-1 SSL certs

Google Chrome will flag up websites with SHA-1 SSL certificates as insecure – and that's a huge policy change which ought to kick businesses into action, says an expert in digital certificates. Only 15 per cent of sites use SHA-256 certificates, the replacement for SHA-1, according to stats from SSL Pulse. This means plenty of …
John Leyden, 10 Sep 2014
NFC applications

Payment security bods: Nice pay-by-bonk (hint: NO ONE uses it) on iPhone 6, Apple

Apple's confirmation that the iPhone 6 will enable contactless payments via NFC has received a broadly positive reaction from security firms and payment-processing vendors. Apple said it wouldn't access any payment data, so the transaction would take place between a user, bank and retailer. ‪This privacy, along with ease of use …
John Leyden, 10 Sep 2014

Phishing miscreants THWART securo-sleuths with AES-256 crypto

Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites. Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES-256 encryption in dodgy …
John Leyden, 09 Sep 2014
Flytrap

Use home networking kit? DDoS bot is BACK... and it has EVOLVED

A router-to-router bot first detected two years ago has evolved - and now has the capability to reconfigure the firewalls of its victims. The Lightaidra malware captured by security researcher TimelessP (@TimelessP) is an IRC-based mass router scanner/exploiter that's rare because it spreads through consumer network devices …
John Leyden, 09 Sep 2014
iOS 8

Greater dev access to iOS 8 will put us AT RISK from HACKERS

Increased developer access to iOS 8 could result in decreased security, a mobile security expert warns. Apple's expected iPhone 6 / iOS 8 announcement later on Tuesday is expected to include adding a number of new features to iOS 8 for developers. This will involve opening up more of the underlying architecture – increasing the …
John Leyden, 09 Sep 2014
Josh and some superheroes at Spiceworld 2013

CloudMask dons cape and sets foot on the mean streets of Blighty

Cloud-based security services firm CloudMask, whose technology offers to protect sensitive information in the cloud, even in the case of a network breach, launched in the UK on Tuesday. CloudMask's technology works on the premise that no one can be trusted with data - including cloud administrators, governments, employees, and …
John Leyden, 09 Sep 2014

Celeb nudie iCloud pervs hatched photo-slurping Flappy Bird plot

The hacker ring behind last week's celebrity nude self iCloud privacy flap also planned to use malware to obtain private photographs from compromised Android phones. The hackers swapped snaps on the /stol/ (short for “stolen”) forum on image board AnonIB, a spinoff of the notorious 4chan, including intimate snaps of Jennifer …
John Leyden, 08 Sep 2014

Dodgy Norton update borks UNDEAD XP systems

A dodgy Symantec update brought pain for those remaining Windows XP users who rely on Norton to defend their undead operating system free from viruses. In a statement, Symantec admitted the problem but downplayed its significance. This issue has now been resolved. The limited number of customers affected should run a Live …
John Leyden, 08 Sep 2014
Spying image

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Miscreants have ported five-year-old spyware XSLCmd to OS X. The Windows version of the malware has been around since 2009, and the Apple Mac edition of XSLCmd shares significant portions of the same code. It can open a reverse shell to its masters, automatically transfer your documents to a remote system, install executables, …
John Leyden, 05 Sep 2014
iCloud brute force

Apple promises iCloud security alerts, better 2FA after, er, NAKED Internet of Thingies flap

Apple plans to roll out new iCloud security alerts as well as extending its two-step authentication technology in the wake of this week's privacy flap over nude selfies of Jennifer Lawrence, Kate Upton and other celebs. Private pictures of disrobed (female) celebrities including Oscar winner Lawrence and swimwear model Upton …
John Leyden, 05 Sep 2014
IE8 patch

Back-to-school Patch Tuesday: Critical updates for Internet Explorer, Adobe Reader

Microsoft is planning a light edition of Patch Tuesday for September with just four bulletins, only one of which covers critical vulnerabilities. But an upcoming Adobe critical update for its Reader software around the same time means sysadmins are still likely to have their hands full next Tuesday. The sole critical update for …
John Leyden, 05 Sep 2014
Lego Monster Fighters Lord Vampyre

Go on, corporate drone, log in... We'd recognise your VEINS anywhere – Barclays

Barclays is ramping up its fight against online fraud with the roll-out of a biometric scanner that uses Hitachi’s Finger Vein Authentication Technology (VeinID). Unlike fingerprints, vein patterns are extremely difficult to spoof or replicate. Barclays Biometric Reader will allow customers secure access to their online banking …
John Leyden, 05 Sep 2014

Something smells PHISHY: It's the celeb nudie iCloud PERV trap...

Consumers are being warned to be on their guard against phishers' fake Apple emails and texts designed to exploit the publicity about this week's nude celeb picture flap. In addition to scam emails designed to trick gullible recipients into logging into phishing sites, Symantec warns of a likely upsurge in fraudulent text …
John Leyden, 04 Sep 2014
apple mac malware vxer

Mac security packages range from peachy to rancid – antivirus tests

Independent tests of Mac antivirus products have discovered that the effectiveness of these security packages runs from a risible 20 per cent to an unimpeachable 100 per cent. German security lab AV-TEST.org put 18 free and paid-for Mac OS X security products and services to the test, discovering widely differing performances in …
John Leyden, 04 Sep 2014

NATO nations 'will respond to a Cyber attack on one as though it were on all'

NATO is set to agree a new cyber defence policy that would mean any severe cyber attack on a NATO member could be considered tantamount to a traditional military attack and invoke the alliance's collective defence provisions. Article V is the collective defence clause of the NATO treaty by which an attack on one member is …
John Leyden, 03 Sep 2014
iPad Psycho image

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

Apple’s two-factor authentication doesn't actually protect iCloud backups or photo streams, contrary to what many iPhone and iPad fondlers might wish to believe. Scores of (mostly female) celebrities, including Oscar winner Jennifer Lawrence, had their iCloud hacked before miscreants siphoned off private nude snaps which …
John Leyden, 03 Sep 2014