John Leyden

Contact Mail Follow Twitter RSS feed

Israeli gov & boffins targeted by pr0ntastic malware from Gaza

Hackers from Gaza and Egypt appear to have teamed up in order to attack Israeli government, research, infrastructure and military networks. Security researchers at Trend Micro have traced ongoing malware-based attacks against Israeli organisations back to Gaza. Trend have uncovered two separate, but interconnected campaigns. …
John Leyden, 16 Feb 2015
Angry woman on mobile

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws

A newly discovered security flaw in WhatsApp allows anyone to track a user’s status, regardless of their privacy settings, a student claims. The same bug also lifts the kimono on profile picture and privacy settings - in default settings only - and status messages regardless of privacy settings. Maikel Zweerink, a Dutch …
John Leyden, 16 Feb 2015
Violin

Violin-fiddling boffins learn that 'F-HOLES' are secret to Stradivarius' SUPERIOR sound

Scientists have identified the design features that boost the acoustic power of violins. Italian workshops of master violin-making families (such as Stradivari) produced increasingly powerful instruments in the renaissance and baroque musical eras during the 17th and 18th centuries, the so-called Cremonese era. Advances in the …
John Leyden, 15 Feb 2015
Xbox Live

Microsoft: Oh, go on, Xbox Live user. Show us your spammer

The hugely annoying nuisance that has plagued email for decades has found its way into gaming, most recently spreading to affect their mobile and instant messaging experiences. Spammers are affecting online gaming, with Xbox users in particular reporting an increase in spam reaching them from multiple gamertags. In response …
John Leyden, 13 Feb 2015
Warwick Hospital accident and emergency

KUSHINIKIZA! Google Translate SAVES BABY in Irish roadside birth

Quick-thinking Irish paramedics turned to Google Translate to communicate with a pregnant woman who spoke Swahili, allowing her to safely give birth. The Cork ambulance drivers were transporting a pregnant Congolese woman to a maternity hospital last week when she went into labour. Gerry McCann and Shane Mulcahy were forced to …
John Leyden, 13 Feb 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction already …
John Leyden, 13 Feb 2015
Taxi Driver

Uber: Sorry we're really awesome and all that (oh yeah, and for leaking your personal info)

Taxi cab app maker Uber left its list of customers' lost belongings wide open to the internet – exposing phone numbers and other personal info in the process. The privacy snafu, revealed and corrected this week, marks the latest controversy for the San Francisco-headquartered upstart. Vice reports the internal Uber document was …
John Leyden, 13 Feb 2015
Clog dancers. image via shutterstock http://www.shutterstock.com/pic-138156878/

Dutch government websites KO'd by 10-hour DDoS

The Netherlands government’s websites were taken offline for around 10 hours on Wednesday following a DDoS attack. The motive for the sustained packet-flinging assault – directed against the Dutch government website's hosting provider, Prolocation – remains unclear. A brief statement (Google translation here) by the Dutch …
John Leyden, 12 Feb 2015
Petrol behind bars in Willowra

Anonymous HACKED GAS STATIONS - and could cause FUEL SHORTAGES

Hackers – possibly affiliated with Anonymous – have already attacked at least one internet-connected gas (petrol) station pump monitoring system. Evidence of malfeasance, uncovered by Trend Micro, comes three weeks after research about automated tank gauge vulnerabilities from Rapid7, the firm behind Metasploit. Automated tank …
John Leyden, 11 Feb 2015
His master's voice

Never mind, Samsung, GOOGLE will EAVESDROP as you browse on Chrome

Those uneasy about Samsung's "smart" television terms and conditions are going to have a nervous wobble about a project along the same lines underway at Google’s Chocolate Factory. The realisation that anything spoken near your Smart TV might be recorded and transmitted to a third party is bad enough, but how about the …
John Leyden, 11 Feb 2015

Facebook: Hey guys, come share all your securo-blunders with us!

Facebook is teaming up with other big names on the interwebs to create a security information sharing portal, dubbed ThreatExchange*, which went live on Wednesday. ThreatExchange is billed as a platform that enables security professionals to “share threat information more easily, learn from each other's discoveries, and make …
John Leyden, 11 Feb 2015
android tongue

Silent but violent: Foul Google Play flaw lets hackers emit smelly apps

A couple of related vulnerabilities on the Google Play Store have left Android users vulnerable to malware-slingers. Security watchers warn that an X-Frame-Options flaw – when combined with a recent Android WebView (Jelly Bean) bug – creates a means for hackers to silently install any app from the Google Play store. Tod …
John Leyden, 11 Feb 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
Sad Anonymous

Anonymous loose cannon admits DDoSing social services and housing websites

A middle-aged Briton has admitted running a series of debilitating denial of service attacks against social services, social housing and crime prevention websites. Ian Sullivan, 51, of Bootle, Merseyside, also admitted responsibility for a series of Distributed Denial of Service (DDoS) attacks against private sector firms, …
John Leyden, 10 Feb 2015

ACHTUNG! Scary Linux system backdoor turns boxes into DDoS droids

Cybercrooks have cooked up a backdoor for Linux-powered systems that boasts multiple malicious functions. The Swiss Army Knife-style malware – dubbed Xnote.1 by Russian anti-virus company Doctor Web – can be used as a platform to mount distributed denial-of-service attacks and other evil activities. To spread the software nasty …
John Leyden, 10 Feb 2015

Keyless vehicle theft suspects cuffed after key Met Police, er, 'lockdown'

Police have arrested 16 suspects on suspicion of car theft during the first week of an operation targeting keyless vehicle theft. Operation Endeavour was launched by the Metropolitan Police in response to a rise in theft of motor vehicles. Organised criminals increasingly stealing keyless vehicles using a device which bypasses …
John Leyden, 10 Feb 2015

Start stockpiling tinned beans and ammo: This malware will end civilisation

Media hype is affecting vendors’ patching strategies to the detriment of internet security, vulnerability management firm Secunia warns. The high-profile Heartbleed OpenSSL vulnerability triggered the mass patching of 600 products by more than 100 vendors within just 40 days. A further OpenSSL vulnerability from June 2014 led to …
John Leyden, 06 Feb 2015
Wifi grumpy cat

Japan's death threat hacker collared ... BY A CAT

A Japanese hacker who hijacked computers using malware before issuing death threats through the compromised machines has been jailed for eight years. Yusuke Katayama, 32, threatened to blow up planes and attack a kindergarten attended by the grandchildren of Japan's Emperor Akihito before he was finally nabbed in February 2013 …
John Leyden, 05 Feb 2015

Forget Norks, Russian hackers are in Sony Pictures' servers – claim

There's a new twist in the already tangled tale of the Sony Pictures mega-hack: it's now claimed Russians possibly broke into the company's computers. Miscreants in the Putin-led nation comprehensively compromised the Hollywood studio's servers, and were responsible for most of the damage against its systems, reckons Jeffrey …
John Leyden, 04 Feb 2015

Sage Pay anti-POODLE upgrade REDUCED security - briefly

Online payment service Sage Pay has been fingered for temporarily reducing its security while revamping its site security. Security consultant Paul Moore noticed that the Sage Pay website was briefly running a weak cipher last week. The issue was quickly corrected after Moore went public with his concerns on Tuesday. He …
John Leyden, 04 Feb 2015
Troll in cross hairs

Wanted: Brit Facebook and Twitter trolls for counter-jihad psyops

A new British Army unit will embrace web-enabled psyops and cyber-warfare to fight against the message of groups such as ISIS in cyberspace. The 77th Brigade is due to launch in April with 1,500 personnel, including regular soldiers, sailors and airmen as well as part-time reservists. Desirable skills for would-be recruits …
John Leyden, 04 Feb 2015
Privacy image

Germany's BND muscles in on metadata mass surveillance

Germany's external spy agency saves tens of millions of phone records every day, according to leaked files that expose its NSA-style mass surveillance programme for the first time. The Bundesnachrichtendienst, or BND, Germany's foreign intelligence agency, collects metadata on 220 million calls every day, with at least some of …
John Leyden, 04 Feb 2015

Zimmermann slams Cameron’s ‘absurd’ plans for crypto ban

Crypto pioneer Phil Zimmermann has labelled UK Prime Minister David Cameron’s anti-encryption plans as "absurd". Zimmermann, creator of the PGP email privacy package, countered Cameron's argument that encryption is creating a means for terrorists and child abusers to communicate in private, arguing instead that intelligence …
John Leyden, 03 Feb 2015
Mouse man

DARPA: We KNOW WHO YOU ARE... by the WAY you MOVE your MOUSE

The US's mad-tech military boffin unit is developing a form of biometric measurement based on how user handles a mouse. Behaviour-based biometrics, for example how a computer user handles their mouse or crafts an email, would add to the existing repertoire of authentication techniques. Existing authentication techniques include …
John Leyden, 03 Feb 2015
Pinky and the Brain

New claim: D-Link router exposes unprotected config controls to web – DNS hijackers, ahoy!

D-Link router DSL-2740R, and possible more like it, are allegedly vulnerable to DNS hijacking – which hackers can exploit to lure victims to dodgy websites and servers. According to Bulgarian security researcher Todor Donev, the flaw lies in certain builds of ZyXEL's ZynOS firmware, which is used in network hardware from TP-Link …
John Leyden, 02 Feb 2015
Adobe Flash installer

Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking. The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems. An upcoming update to squash the critical bug makes it three patches …
John Leyden, 02 Feb 2015
Close-up of a woman's lips, slightly pixelated as if on a CRT TV. http://www.sxc.hu/photo/20984  Pic via SXC - no restrictions

Fake hottie hackers flung info-slurping malware at Syrian opposition – FireEye

Cyberspies used social engineering trickery to steal Syrian opposition’s strategies and battle plans, according to security researchers. Hackers employed a familiar tactic: ensnaring victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed onto Skype chats, the “women” would …
John Leyden, 02 Feb 2015

Teen whiz exposes WhatsApp profile pic privacy blunder bug

A privacy hole in WhatsApp allowed anyone to view someone else's profile photo – even if a user had configured the mobile messenger app to only show their pic to their contacts. The privacy slip-up, which came with the debut of WhatsApp’s newly-introduced web interface at web.whatsapp.com, was discovered by 17-year-old security …
John Leyden, 30 Jan 2015
Broken CD with wrench

UK official LOSES Mark Duggan shooting discs IN THE POST

Discs containing information from three sensitive police inquiries – two of which involved‪ highly controversial shootings in London, including that of Mark Duggan – ‬have gone missing after being sent through the post. Yeah, you read that right: sent through the post. The information covers probes into the role of the police in …
John Leyden, 30 Jan 2015
Grindr

Wham, bam... premium rate scam: Grindr users hit with fun-killing charges

Malicious ads from third parties have been piggy-backing on the gay dating app Grindr to run a premium rate number scam. Grindr blamed a third-party network for pushing the dodgy advert, which was withdrawn after representations from El Reg. We learned of the apparent scam after hearing from Tom, a UK-based Grindr user. "The …
John Leyden, 30 Jan 2015

What do China, FBI and UK have in common? All three want backdoors in Western technology

The Chinese government wants backdoors added to all technology imported into the Middle Kingdom as well as all its source code handed over. Suppliers of hardware and software must also submit to invasive audits, the New York Times reports. The new requirements, detailed in a 22-page document approved late last year, are …
John Leyden, 29 Jan 2015

Snowden reveals LEVITATION technique of Canada’s spies

Canada's very own intel agency has a program designed to track millions of downloads, according to the latest revelations from the Edward Snowden document leaks. The "Levitation" system gives analysts at the Communications Security Establishment (Canada's NSA) data on between 10-15 million uploads and downloads of files from …
John Leyden, 29 Jan 2015
padlock

IBM punts cryptotastic cloudy ID verification services

IBM is marketing cloud-based technology to help consumers better protect their personal data online. The technology – called Identity Mixer – uses a cryptographic algorithm to encrypt the certified identity attributes of a user, such as their date of birth, nationality, home address and credit card number in a way that allows …
John Leyden, 29 Jan 2015

I ain't afraid of no GHOST – securo-bods

The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security …
John Leyden, 28 Jan 2015

Anonymous: Snap on that Guy Fawkes mask, we're marching against child sex abuse

Hacktivist group Anonymous is calling for a day of protest against paedophiles who take advantage of their wealth and power to abuse children. Operation Death Eaters aims to rally people in preparation for a series of street protests, scheduled for Friday, 13 February. The campaign – which references disturbing cases in the UK …
John Leyden, 27 Jan 2015

Keylogger: Somebody STOP ME! Oh hang on, I just did

Developers of a range of commercial keyloggers have switched sides and begun marketing anti-keylogging technology. SpyShelter’s founder and lead developer, Janusz Siemienowicz, went from poacher to gamekeeper after discovering that none of the major security applications were able to detect and block against their own keyloggers …
John Leyden, 27 Jan 2015
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Facebook: Oi, Lizard Squad – we can take down our own site, ta

A technical cockup – rather than hostile hacker action – is apparently the reason Facebook, Instagram and other Web 2.0 sweethearts fell off the internet on Monday. Prankster hacking crew Lizard Squad was gloating over the downtime; Tinder also disappeared for a while during the outage of Facebook and its photo-sharing sister …
John Leyden, 27 Jan 2015

Snoopers' Charter amendments withdrawn – FOR NOW ...

The House of Lords rejected controversial last-minute amendments to the Counter-Terrorism and Security Bill in a debate on Monday. The amendments – which critics slammed as akin to those previously proposed, and which were rejected in the Communications Data Bill – were stapled onto the bill in a last minute move last Thursday …
John Leyden, 27 Jan 2015
A Wren reenactor at Bletchley

Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks

Feature Israel's intelligence agency, Unit 8200, has been a production line for hi-tech startups since the 1980s, a success British politicians are now seeking to emulate. Yet replicating that success in Blighty may be difficult because of cultural and environmental differences that may prove difficult to overcome. Cabinet Office …
John Leyden, 26 Jan 2015
Malaysia Airlines Boeing 777 9M-MRO

Lizard Squad threatens Malaysia Airlines with data dump: We DID TOO hack your site

Infamous hacktivists Lizard Squad are threatening to dump data they supposedly snatched during the process of defacing the website of Malaysia Airlines. Surfers visiting Malaysia Airlines (www.malaysiaairlines.com) website on Monday were confronted by a bragging message from Lizard Squad rather than flight timetables. The …
John Leyden, 26 Jan 2015

Hoaxer posing as GCHQ boss prank-calls PM Cameron

A hoax caller claiming to be GCHQ's chief spy was put through to UK Prime Minister David Cameron’s phone on Sunday. The caller pretended to be Robert Hannigan, director of the government's signal intelligence agency, but he apparently didn't fool the prime minister and the call was quickly terminated. A few days ago, Hannigan's …
John Leyden, 26 Jan 2015
Ransom note saying "Pay Up" in blackmail type

Panicked teen hanged himself after receiving ransomware scam email

An autistic 17-year-old college student has hanged himself after receiving a ransomware scam. Joseph Edwards was alarmed after receiving an email that falsely claimed he'd been spotted browsing illegal websites and needed to pay £100 (payable in Ukash electronic money) or face being prosecuted. The email pushing the well-known …
John Leyden, 23 Jan 2015

Nice SECURITY, 'Lizard Squad'. Your DDoS-for-hire service LEAKS

A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users' login credentials. The LizardStresser DDoS-on-demand service – a booter service powered by hacked home routers – is hopelessly insecure. Details of more than 14,000 prospective users - whose passwords and usernames were …
John Leyden, 19 Jan 2015
North Korean leader Kim Jong-un

Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*

+Comment For those still wondering why US President Barack Obama and the FBI have so confidently blamed North Korea for the Sony Pictures hack, it's apparently because the NSA compromised the secretive country's computer network years before – giving American intelligence a front-row seat for subsequent shenanigans. The New York Times …
John Leyden, 19 Jan 2015
Purported iPhone on the cover of a 2006 issue of the French publication, 20 Minutes

IT cock-up – not jihadi DDoS – fingered for French web media blackout

Several prominent ‪French news websites‬ fell off the web on Friday for several hours in what's looking like a technical failure rather than a denial-of-service attack. It was, at first, assumed Islamist miscreants had attacked the sites, lashing out in anger at press coverage of the C‪harlie Hebdo‬ killings. Le Parisien ( …
John Leyden, 17 Jan 2015
Night scene of bank station in central london

Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Poor communication between boards and front-line management as well as a growing reliance on legal remedies mean UK companies are still falling short when it comes to cyber-security. A KPMG survey of FTSE 350 firms found that 61 per cent of board members reckoned they had a decent understanding of their company’s key information …
John Leyden, 16 Jan 2015
Canada Day celebration

Go Canada: Now ILLEGAL to auto-update software without 'consent'

Installing computer programs without consent became a civil offence punishable by fines in Canada this week. Under the new regulations that form part of Canada's anti-spam legislation, it is now illegal for a website to automatically install software on a visitor's computer or for an app on your phone to be updated without first …
John Leyden, 16 Jan 2015
The future of air war

US and UK declare red-team CYBER WAR – on EACH OTHER

The US and the UK are planning a series of joint war games involving cyber-warriors from either side attacking each other in a bid to expose security weaknesses before they are abused by criminal hackers or hostile governments. The exercises, which will initially test the security defences and procedures at banks on Wall Street …
John Leyden, 16 Jan 2015
Angry woman on mobile

Jammin', we know you hate jammin' too: Marriott U-turns on guest Wi-Fi ban

Marriott has lifted a ban on personal Wi-Fi hotspots in its hotels. Citing concerns about rogue wireless hotspots, Marriott disrupted guests' Wi-Fi networks by flooding the aether with disassociation packets. The move – which meant that guests and conference delegates were obliged to use the (expensive) Marriott-supplied Wi-Fi …
John Leyden, 15 Jan 2015
Don Draper is sad

Spammers set their sights on WhatsApp – that's that ruined then

Mobile spam is spreading from SMS channels towards mobile messaging apps such as WhatsApp, according to mobile security provider and specialist AdaptiveMobile. The company believes spammers have switched tactics over recent months in order to bypass existing mobile spam filters. App spam is particularly prevalent in mature …
John Leyden, 15 Jan 2015