Feeds
The Register Columnists

John Leyden

Contact Mail Follow Twitter RSS feed
Dogecoin

Hackers force innocent mobes to join ALTCOIN MINING GANGS

Cybercrooks are turning smartphones into digital currency-mining bots using mobile malware. The cyber-menace, dubbed CoinKrypt by mobile security firm Lookout, is capable of hijacking the processor on smartphones to mine digital currency, enriching hackers in the process. CoinKrypt has been confined thus far to Spanish pirated …
John Leyden, 27 Mar 2014
The Blue Mosque in Istanbul

Rule of law: Turkish court nixes government Twitter ban ... for now

A court in Turkey's capital has ordered the lifting of the government ban on Twitter in the restless nation. The administrative court in Ankara overturned the week-long ban on Wednesday in response to complaints by journalists’ unions and the country's Bar Association, representing its lawyers, that blocking Twitter contravened …
John Leyden, 27 Mar 2014

When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal

DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites. More than a quarter of all botnets are located in either India, China and Iran. The study, by DDoS mitigation firm …
John Leyden, 27 Mar 2014
Russia

Did Russians frame Ukrainian hacktivists for alleged leak of 7 million credit, debit cards?

Self-styled Ukrainian hackers are bragging they dumped millions of stolen credit card numbers online – but the claims may simply be a political smear job amid tensions between Russia and the West. A group calling itself "Anonymous Ukraine" boasted this week that it is in possession of 800 million credit and debit card details. …
John Leyden, 27 Mar 2014
A shiny new cash point

Forget sledgehammers – crooks can CRACK ATMs with a TEXT

Mexican cybercrooks are targeting bank ATMs with malware that can be activated by a SMS message that forces compromised cash machines to spew out cash. The attack is a refinement on previous assaults using the Ploutus backdoor strain of malware that makes robbing cash machines even easier for local banditos, according to net …
John Leyden, 26 Mar 2014
Three  UK Passports

Passport PIN tech could have SAVED MH370 ID fraudsters

A man who developed PIN code protection for credit cards is looking to extend the technology to passports as a way of making stolen credentials more difficult to use. Kenneth Cecil of International Security, who came up with PIN code protection in US patent 6,340,116), will present a white paper on extending the technology to …
John Leyden, 26 Mar 2014
Microsoft Cybercrime Center

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime. Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are …
John Leyden, 25 Mar 2014
Google Glass

Hey, Glasshole: That cool app? It has turned you into a SPY DRONE

Security researchers have created prototype Google Glass spyware that is capable of snooping on everything the user is looking at without tipping off victims that anything is amiss. Mike Lady and Kim Paterson – graduate researchers at California Polytechnic San Luis Obispo – created an app that takes a picture every 10 seconds a …
John Leyden, 24 Mar 2014
Syrian iPhone ban

Microsoft charges the FBI $50 for a copy of your private data, claim 'Redmond hackers'

Hacktivists apparently loyal to Syrian President Bashar al-Assad have bragged they hacked into Microsoft's internal system that bills US cops and feds for access to citizens' private data. And the hackers have apparently spilled the beans on how much Redmond is paid for servicing those American wiretap requests. The documents …
John Leyden, 21 Mar 2014
Yahoo! buss

UK.gov! frets! over! Yahoo! exodus! to! RIPA-free! Dublin!

Yahoo! was reportedly called into the Home Office on Thursday where Teresa May expressed UK government security concerns about its plans to move its main base in Europe to Ireland. The internet giant has harboured privacy concerns for some time, according to The Guardian. These concerns can only have been exacerbated by recent …
John Leyden, 21 Mar 2014
Resident Evil zombie takeover

ZOMBIE iPAD PERIL? Cyberbadness slinger touts tool for iOS

A Swiss Army knife-like piece of malware has been ported to Apple's iOS from Windows and Linux, a security research team has claimed. We're told Zorenium is a low-profile, cross-platform, remote-controllable bot with advanced features including the ability to empty victims' online bank accounts, contribute to distributed denial- …
John Leyden, 21 Mar 2014
Targeted Spam

ICO decides against probe of Santander email spam scammers

Santander customers say they are continuing to be deluged with Trojans and other junk to email addresses exclusively used with the bank months after the problem first surfaced back in November. At least two Reg readers have put in complaints to the Information Commissioner's Office. But the data privacy watchdog told us that it …
John Leyden, 21 Mar 2014
chalk outline of  human body at crime scene

'Weev' attempts to overturn AT&T iPad 'hack' conviction

Lawyers for Andrew "Weev" Auernheimer went to court on Wednesday to appeal his conviction in a high-profile iPad data leak case. Auernheimer, a member of the grey-hat hacking collective Goatse Security, was jailed for three years and five months back in March 2013 after he was found guilty of leaking the private email addresses …
John Leyden, 20 Mar 2014

Microsoft frisked blogger's Hotmail inbox, IM chat to hunt Windows 8 leaker, court told

An ex-Microsoft worker faces criminal prosecution in the US over allegations he leaked work-in-progress Windows 8 software to a French blogger. Russian national Alex Kibkalo was arrested in Seattle, Washington, on Wednesday, charged with the theft of trade secrets, and held in custody without bail. Kibkalo, who worked for …
John Leyden, 20 Mar 2014

RIP Full Disclosure: Security world reacts to key mailing list's death

The legendary Full Disclosure mailing list, where security researchers posted details of exploits and software vulnerabilities, is shutting down. The service, which had been running for nearly 12 years since July 2002, has been suspended indefinitely after list admin John Cartwright was no longer prepared to put up with the …
John Leyden, 19 Mar 2014

Kent Police fined £100k for leaving interview vids of informants in old cop shop

Kent Police have been fined £100,000 after interview tapes and other confidential information were found abandoned at a former police station. The highly sensitive information, including records going back to the 1980s, was left in the basement of a former police station when it was vacated in July 2009. The cock-up was …
John Leyden, 19 Mar 2014
The NSA Unchained

NSA spies recorded an entire COUNTRY'S phone calls for a MONTH: Report

The NSA is recording all of the voice calls in one unnamed country and keeping those recordings for 30 days at a time as part of a previously undisclosed rolling wiretap programme, according to leaks recently published in WSJ. Millions of voice "cuts" are extracted for long time storage as part of a system called MYSTIC that's …
John Leyden, 19 Mar 2014

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Hackers using a Trojan seized control of over 25,000 Unix servers worldwide to create a potent spam and malware distribution platform. The attack, dubbed Operation Windigo1, was uncovered by security experts at anti-virus firm ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing, as well as …
John Leyden, 18 Mar 2014

Romanian 'ransomware victim' hangs self and 4-year-old son – report

Reports have claimed that a Romanian man who committed suicide recently had been the victim of so-called "police" ransomware which falsely informed him he needed to pay a fine for downloading porn or risk going to jail. Marcel Datcu, 36, from the village of Movila Miresii, hanged himself while holding his four-year-old son in …
John Leyden, 18 Mar 2014
Will Shackleton, UKCSC 2014 winner

Soon-to-be Facebook intern wins UK Cyber Security Challenge

A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defence skills. Will Shackleton, a University of Cambridge student who develops mobile apps in his spare time, beat over 3,000 entrants and 41 fellow finalists to win the …
John Leyden, 17 Mar 2014

Malaysia Airlines mystery: Click here for the TRUTH

Scammers are asking truth-seeking conspiracy theorists to ignore the inherent irony and give up some of their private data in order to find out the "truth" about the disappearance of Malaysia Airlines Flight MH370. Scams circulating on Facebook and Twitter purport to offer video reports of the plane being found, some of which …
John Leyden, 17 Mar 2014

Scam emails tell people they have cancer to trick them into installing a money-stealing Trojan

Sick fraudsters have put out a batch of malware-riddled hoax emails warning recipients that they may have cancer. The scam emails purport to come from the UK National Institute for Health and Care Excellence (Nice). The emails - which arrive with the header "important blood analysis result" - ask prospective victims to download …
John Leyden, 14 Mar 2014
Homer Simpson reading on a tablet

Target IGNORED hacker alarms as crooks took 40m credit cards – claim

Staff at US chain Target reportedly failed to stop the theft of 40 million credit card records despite an escalating series of alarms from the company's computer security systems. Bloomberg Businessweek claims that security technology from FireEye detected the malware-powered hack – but Target staff failed to act on the alerts, …
John Leyden, 14 Mar 2014

Noooo... WAIT. Google slaps on Chrome patches ahead of Pwn2Own hackfest

Google trowelled plaster over seven security cracks in Chrome on Tuesday, a day before the browser became one of the targets at the annual Pwn2Own hacking competition. The latest cross platform security update for Chrome fixed four "high" severity flaws and three lesser bugs. Three of the four high profile bugs were discovered …
John Leyden, 13 Mar 2014
Hacker mug 06.12.02

Ethical hacker backer hacked, warns of email ransack

The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the …
John Leyden, 13 Mar 2014

New fear: Worm that ransacked US military PCs was blueprint for spies' super-malware

A mystery worm that burrowed into US military computers to steal secrets six years ago may have inspired the development of subsequent government-grade malware Red October, Turla, Flame and Gauss. Researchers at Kaspersky Lab reached this conclusion after finding similarities between Agent.btz – the worm that attacked in 2008 – …
John Leyden, 12 Mar 2014
Collapsed house

MUM's WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security …
John Leyden, 12 Mar 2014
BlackBerry Bold 9900

BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry – researcher

BlackBerry BB10 OS uses dated protocols that leave users at risk of cryptographic attacks, according to a security researcher. The latest version of the smartphone maker's operating system, BlackBerry 10, uses TLS 1.0, while competitors use TLS 1.2. The post on the CrackBerry forum contains a screenshot from the howsmyssl.com …
John Leyden, 12 Mar 2014
Password Assistant

Top UK e-commerce sites fail to protect 'password' password-havers from selves

Top UK e-commerce sites are not doing enough to safeguard users from their own password-related foibles, according to a new study. A review of password security at the top 100 e-commerce sites found two in three (66 per cent) accept notoriously weak passwords such as “123456” or “password”, putting users in danger. The first …
John Leyden, 11 Mar 2014
Virgin Media Digital Media Centre

Got a Netgear router from Virgin Media? Change your admin password NOW

A Wi-Fi security flaw leaves Virgin Media subscribers' wireless connections vulnerable to takeover by hackers. The vulnerability, identified by IT consultant Paul Moore, means Virgin Media Superhub router/modem combo devices leak users' passwords every time they reboot. The issue arises because the Netgear-manufactured device …
John Leyden, 10 Mar 2014
Homer Simpson reading on a tablet

Dammit internet... you promised naked videos of my Facebook friends

Hundreds of people have been tricked into installing Trojan malware after clicking on a new Facebook scam that falsely promises naked videos of their "friends". The scam – which relies on tricking users into installing a fake Flash player supposedly needed to view the racy footage – can multiply itself rapidly across multiple …
John Leyden, 10 Mar 2014
Wi-Fi 802.11n

Euro cops on free Wi-Fi not-so-hotspots: For pity's sake, don't use them for email

Using free Wi-Fi hotspots poses a data risk to users, the boss of European police agency Europol warns. Troels Oerting, head of Europol's cybercrime centre, told BBC Click that growing number of attacks are being carried out via public Wi-Fi and that people should send personal data only across trusted networks. "We have seen …
John Leyden, 10 Mar 2014
padlock

Microsoft to push out penultimate XP patch on March Patch Tuesday

Microsoft plans to push out five bulletins - two of which cover critical flaws - as part of the March edition of Patch Tuesday. One of the critical updates offers relief from a 0-day (unpatched but being exploited) vulnerability in Internet Explorer discovered about three weeks ago. Microsoft previously addressed the issue with …
John Leyden, 07 Mar 2014
balaclava_thief_burglar

British Pregnancy Advice Service fined £200k for Anon hack, data protection breaches

The British Pregnancy Advice Service (BPAS) has been fined £200,000 after a serious breach exposed thousands of people’s personal details to a malicious hacker. The hacker (a self-identified member of Anonymous) threatened to publish the names of people who sought advice on abortion, pregnancy and contraception. The miscreant …
John Leyden, 07 Mar 2014
A boat full of Fail

Phisherman's friend: Confused hacktivists deface FAKE BANK SITE

Anon hackers have been caught boasting about defacing a counterfeit Yorkshire Bank website. Hacktivist crew Anon Ghost earned coverage on underground security blogs for defacing “Yorkshire Bank, one of the largest United Kingdom bank (sic)”. However, the hackers actually hit "ybs-bank.com", a Malaysian imitation of the real …
John Leyden, 06 Mar 2014
chalk outline of  human body at crime scene

Botnet masters using Tor to hide control tools for ZOMBIE SLAVES

The Tor anonymisation network is being used to hide 900 botnet and cybercrime-related hidden services, according to Kaspersky Lab. Kaspersky security researchers report that the Tor network is playing host to the ChewBacca point-of-sale keylogger and the ZeuS banking malware control infrastructure, as well as the first Tor …
John Leyden, 06 Mar 2014

CIA snoops snooped on Senate to spy spy torture report – report

CIA officers allegedly hacked into the US Senate Intelligence Committee's computers to find out what the oversight committee had found out about its controversial detention and treatment of terror suspects.‬ The oversight committee had managed to get its hands on unapproved material, or so the CIA feared, the New York Times …
John Leyden, 05 Mar 2014
Printed key

New design flaw found in crypto's TLS: Pretend to be a victim online

Security researchers have developed a new man-in-the-middle attack against the cryptographic protocol TLS – a protocol that is used to encrypt online banking and shopping, and other sensitive connections, to thwart eavesdroppers. The so-called Triple Handshake attack can, in certain conditions, outwit vital checks carried out to …
John Leyden, 05 Mar 2014

Cyber battle apparently under way in Russia-Ukraine conflict

Ukraine's mobile phone infrastructure is under attack: with equipment installed in Russian-controlled Crimea interfering with the phones of members of parliament, a senior Ukrainian government official alleges. The head of Ukraine's SBU security service told a press conference on Tuesday that the attack has been running for at …
John Leyden, 04 Mar 2014
counterintelligence_foriegn_spies

Security researchers uncover three-year-old 'RUSSIAN SPYware'

Security researchers have discovered a complex and sophisticated piece of data-stealing malware they suggest may well be the work of state-sponsored hackers in Russia. The Uroburos rootkit, named after a mythical serpent or dragon that ate its own tail – and a sequence of characters concealed deep within the malware’s code ( …
John Leyden, 04 Mar 2014
Angry woman on mobile

Anti-snoop Blackphone hits shelves in June: NOW we'll see how much you value privacy

The launch of the privacy-focused Blackphone attracted plenty of attention at Mobile World Congress last week, but security experts are already warning privacy-conscious potential users not to get too carried away. The technology has limitations and even its developers acknowledge it is not "NSA-proof". Blackphone is scheduled …
John Leyden, 03 Mar 2014

German freemail firms defend AdBlock-nobbling campaign

German freemail sites deny attempting to "trick" Firefox and Chrome users into disabling AdBlock, the popular ad blocking browser add-on. Last week security blogger Michael Büker accused web.de and gmx.net of using what he claimed were "deceptive techniques" in order to hoodwink Firefox and Chrome users into removing AdBlock and …
John Leyden, 03 Mar 2014
FBI badge and gun

UK man Lauri Love accused of hacking US Federal Reserve

The US government have laid more hacking charges against a Brit alleged to have hacked into the US Federal Reserve. Lauri Love, 28, of Stradishall, Suffolk, is charged with one count of computer hacking and a further charge of aggravated identify theft over an alleged attack on Federal Reserve computer systems between October …
John Leyden, 28 Feb 2014

Two in five Brits cough up for CryptoLocker ransomware's demands

Around two in five people who fall victim to CryptoLocker have agreed to pay a ransom of around £300 to recover their files, according to a survey of victims. Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they …
John Leyden, 28 Feb 2014
Zxx font example

Well done on the privacy lawsuit. Now NSA will keep your phone records INDEFINITELY

The US government is considering extending the controversial collections of US citizens' phone records for an even longer period in order to avoid tossing potential evidence in lawsuits designed to curtail the surveillance programme. Lawsuits geared to stopping the indiscriminate, untargeted collection of phone call records mean …
John Leyden, 27 Feb 2014

Energy firms' security so POOR, insurers REFUSE to take their cash

Underwriters are reportedly refusing to insure energy firms because poor security controls are leaving them wide open to attacks by hackers and malware infestations. Lloyd's of London told the BBC they had seen a surge in requests for insurance from energy sector firms but poor test scores from security risk assessors means that …
John Leyden, 27 Feb 2014

YouTube to take down THAT anti-Muslim vid ... over COPYRIGHT issues

Google has been ordered to remove an inflammatory anti-Muslim film from YouTube. Clips from the low-budget Innocence of Muslims flick will be purged after an actress who appeared in the film obtained a court order. Cindy Lee Garcia says she was duped into participating in the movie, The Verge reports. After receiving death …
John Leyden, 27 Feb 2014

Microsoft hardens EMET security tool: OK, it's not invulnerable, but it's free

Microsoft has beefed up its Enhanced Mitigation Experience Toolkit (EMET), adding features designed to block more exploits. The release of the technical review (beta) version of the tool, EMET 5.0, follows the discovery of new attacks against earlier versions of the technology. EMET 5.0 beta comes with a feature called Attack …
John Leyden, 26 Feb 2014

Like WhatsApp? Meet 'desktop' version... and his BANK ACCOUNT RAIDING Trojan pal

Scammers have slung together a scam designed to trick users into running malware disguised as a "desktop version" of the ultra-popular WhatsApp mobile messaging app. Links promoted through a run of spam emails that began appearing last week actually lead to a banking Trojan rather than a PC version of the mobile-only app, Trend …
John Leyden, 26 Feb 2014

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014