Darren Pauli

Contact Mail Follow Twitter RSS feed

BEEEELLIONth iPhone sold

Apple has announced it sold the billionth iPhone some time last week. CEO Tim Cook's canned announcement contains a telling sentence, to whit: “We never set out to make the most, but we’ve always set out to make the best products that make a difference.” El Reg's corp-speak pars-o-tronic reckons that's a coded message to …
Darren Pauli, 28 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

Updated A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which The Register has been told can completely compromise user accounts. Many millions of people can right now be compromised by merely visiting a malicious website using Firefox with LastPass's software installed, we understand. This …
Darren Pauli, 27 Jul 2016
Batman. Credit: DC Comics.

Cisco busts ransomware rodent targeting bitcoin, cryptocoin subreddits

The eager-but-pwned net menace behind the JigSaw ransomware has been found targeting Reddit users with multiple malware in a bid to snare victims. The VXer is thought to be behind three ransomware variants, including the well-known Jigsaw which sports iconography from the Saw film, each lurking behind websites that foist the …
Darren Pauli, 27 Jul 2016
Engineer aboard Das Boot U-96 responds to telegraphs

Cisco warns responders: Drop ego, assimilate with the IR playbook

Cisco wants incident responders to be more self-conscious. The Borg's seasoned computer security incident response team boffins Gavin Reid and Jeff Bollinger say a knock to the ego will help combat the Dunning-Kruger effect in which over-confidence and a steering away from the rule book can lead to dangerous oversights. The …
Darren Pauli, 27 Jul 2016

Microsoft stops to smell the roses, creates the Shazam of flowers

Botanists will be positively blooming thanks to Microsoft, which has worked with a team of scientists to create a system to help flower-fanciers identify species in a snap. The Smart Flower Recognition System will help botanists stalk flowers across the world using Microsoft's blossoming library of some 2.6 million floral …
Darren Pauli, 26 Jul 2016
Amazon.com's new drone

Amazon drone tests in UK

Amazon.com has announced it's struck a deal with the United Kingdom's Civil Aviation Authority (CAA) that will see it “explore three key innovations: beyond line of sight operations in rural and suburban areas, testing sensor performance to make sure the drones can identify and avoid obstacles, and flights where one person …
Darren Pauli, 26 Jul 2016

Microsoft offers admins free Win 10 upgrade lube

Microsoft has offered free lubricant to ease the insertion of Windows 10 across PC fleets. Redmond's preferred wheel-greaser is called the Upgrade Analytics tool will help admins evaluate system readiness for Windows 10 in a bid to ease driver drama and kernel panics. The ointment provides admins with a panel showing the …
Darren Pauli, 26 Jul 2016

Security firms team to take down rudimentary ransomware

Two new ransomware efforts have been destroyed by meddling white hats. "PowerWare" and "Bart" have been dismembered and laughed at by good-guy hackers who found flaws that allow user machines infected by current forms of the threats to decrypt their files for free. Palo Alto's Tyler Halfpop, Jacob Soo and Josh Grunzweig, …
Darren Pauli, 25 Jul 2016
The hit augmented reality smartphone app "Pokemon GO" shows a Pokemon encounter overlain on a real world trail in the forest in Santa Cruz, California. Photo by Matthew Corley for Shutterstock. EDITORIAL USE ONLY!.

I don't like Mondays, Pokemon, Twitter or Facebook – Sir Bob Geldof

RSA Asia Activist pop star Sir Bob Geldof hates Pokemon Go, Facebook and Twitter, has never bought anything online, and uses a Nokia 3100 which he says avoids the need for mobile security. Sir Geldof Sir Bob and his Nokia relic. The muso and Irish punk-now-pop icon took aim at the meaningless obsessions of the modern world during a …
Darren Pauli, 25 Jul 2016
Gil C http://www.shutterstock.com/gallery-762415p1.html

PHP flaws allowed God mode access to top smut site

A trio of hackers have gained remote code execution powers on servers used by adult entertainment outlet Pornhub, using a complex hack that revealed twin zero-day flaws in PHP. Google sofware intern and security boffin Ruslan Habalov (@evonide) detailed the Return Orientated Programming hack in detailed debriefing explaining …
Darren Pauli, 24 Jul 2016
Symantec director government affairs Brian Fletcher (left) with Microsoft assistant general counsel Cristin Goodwin. Image: Darren Pauli, The Register.

Microsoft and pals re-write arms control pact to save infosec industry

Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document's terms are a threat tot he information security industry. The pitch is the result of brainstorming by the group to redefine …
Darren Pauli, 21 Jul 2016

Alleged skipper of pirate site KickAss Torrents keel-hauled in Poland

The world's favourite torrent website, KickAss Torrents, is down and out with Polish cops arresting its alleged operator Artem Vaulin. Kickass rose to prominence after the scuppering of The Pirate Bay and attracted more than 50 million unique visitors a month. That level of traffic made it the 69th most frequently-visited …
Darren Pauli, 21 Jul 2016
Image by KYTan http://www.shutterstock.com/gallery-1088876p1.html

Asian nations mull regional 'Europol' in fight against cybercrime

RSA APAC A closed-door meeting of cabinet ministers from more than a dozen countries met yesterday to mull the creation of a Europol-style organisation to crack down on cyber crime in the region and abroad, The Register has learned. The Asian organisation is conceptual only, but has support from countries including China, Malaysia, …
Darren Pauli, 21 Jul 2016
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Hacker shows Reg how one leaked home address can lead to ruin

Unrestcon It takes nothing more than a home address for hacker "Nixxer" to find enough information to ruin your life. Nixxer is one of Australia’s most skilled good-guy social engineers and at a recent event, and in subsequent chats with The Reg, demonstrated the potential damage rather than actually ruining a life. But the arsenal he …
Darren Pauli, 20 Jul 2016

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016
Data breach

World-Check terror suspect DB hits the web at just US$6750

The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web. The database is a commercial product offered by Thomson Reuters, which bills it as a useful tool for those fighting money laundering, "organized crime, sanctions, Countering the Financing of Terrorism …
Darren Pauli, 19 Jul 2016

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too

A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers. The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016- …
Darren Pauli, 18 Jul 2016
Mr Robot: Credit USA Network

World's worst exploit kit weaponises white hats' proof of concept code

The new wearer of the crown for World's Worst Exploit Kit is compromising users with exploit code for a dangerous new attack published by a white hat researcher. Neutrino is the new king of for-profit p0wnage packages, a market in which criminals create tools to compromise scores of users through the latest vulnerabilities. …
Darren Pauli, 18 Jul 2016
image byemo http://www.shutterstock.com/gallery-2659924p1.html

Security firm clarifies power-station 'SCADA' malware claim

Malware hyped as aimed at the heart of power plants is nothing of the sort according to security outfit Damballa, which has put its name to analysis claiming the "SFG" malware is run-of-the-mill code without sufficient smarts to target SCADA systems. The so-called SFG malware is the spawn of Furtim, and hit headlines as …
Darren Pauli, 18 Jul 2016
Image by 9 George http://www.shutterstock.com/gallery-607441p1.html

Extortion trojan watches until crims find you doing something dodgy

A newly-detected piece of malware dubbed "Delilah" has been fingered as probably the first such code created with the intention of extorting victims into stealing insider data. The "Delilah" malware was found on exclusive crime forums by Israeli intelligence outfit Diskin Advanced Technologies, who say the trojan relies on a …
Darren Pauli, 18 Jul 2016

ANZ Bank staffers drop slick incident response tool for Mandiant mobs

Security boffins at ANZ, one of Australia's largest banks, have offered their nightHawk incident response tools for organisations running free Mandiant tools. Mandiant's open source platform is fit for enterprises requiring incident response at scale, and can run off a laptop for many investigations. ANZ bank security …
Darren Pauli, 15 Jul 2016
Nexus 6P

Google's Nexii stand tall among Android's insecure swill

Nexus devices are, unsurprisingly, the most secure Androids, says security outfit Duo. The devices are regarded as Google's flagship Android device on account of its operating system running the stock Android open source project (AOSP). Android phones from other manufacturers nearly always add custom modifications and are …
Darren Pauli, 15 Jul 2016

Chinese hacker jailed for shipping aerospace secrets home

Chinese national Su Bin has been sentenced to 46 months jail after admitting his role in stealing information on the Lockheed F-22 and F-35 aircraft, along with Boeing's C-17 cargo plane. The aviation expert worked with two members of China's military to attack networks of Boeing and US and European defence contractors in …
Darren Pauli, 15 Jul 2016

Google's Android Pay hits Australia

Android Pay has launched in Australia, with ANZ Bank being the first of the Big Four able to use the phone-only facility. The technology allows mobile payments to be made directly from mobile phones in what payment security types say is a boon to anti-fraud initiatives. It is live for Australia's ANZ Bank, Macquarie, MyState …
Darren Pauli, 14 Jul 2016

Critical remote code execution holes reported in Drupal modules

Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites. The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the …
Darren Pauli, 14 Jul 2016