The Register Columnists

Robert Lemos

Contact Mail Follow RSS feed
The Register breaking news

US issues revised e-voting standards

The National Institute of Standards and Technology (NIST) delivered an update on Monday to the United States' electronic voting standards, adding more requirements to test systems for accuracy and reliability and additional rules to make paper audit trails easier to review. The draft revision, known as the Voluntary Voting …
Robert Lemos, 03 Jun 2009
The Register breaking news

Cyber attack could bring US military response

The United States' top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response. During a press briefing on Thursday, US Air Force General Kevin Chilton, who heads the US Strategic Command, said that top Pentagon advisors would not rule out …
Robert Lemos, 13 May 2009
The Register breaking news

Better metrics needed for security, says expert

BOSTON — The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security's cyber group told attendees at the SOURCE Boston conference on Thursday. Amit Yoran, CEO of security …
Robert Lemos, 16 Mar 2009
The Register breaking news

US spy agency gains support for cyber security role

The United States' top intelligence official argued last week that the National Security Agency should become the nation's cyber defender, adding his voice to the growing murmur of support for the agency's future role in cyberspace. In comments before the US House of Representatives' intelligence committee on Wednesday, the …
Robert Lemos, 03 Mar 2009
The Register breaking news

Kaminsky calls for DNSSEC deployment

ARLINGTON, VA. -- Dan Kaminsky's second act has begun: Pushing the adoption of the DNSSEC security standard for the domain-name system. So many security frameworks — from password resets via e-mail to SSL certificates — rely on DNS in some way that the protocol has to be secured for Internet security to work, Kaminsky told …
Robert Lemos, 21 Feb 2009
chart

Researchers find more flaws in wireless security

Wireless networks that use a popular form of security known as Wi-Fi Protected Access (WPA) are vulnerable to an attack that could compromise certain communications in less than 15 minutes, two researchers plan to tell attendees next week at the PacSec 2008 conference in Tokyo. Martin Beck and Erik Tews - two graduate students …
Robert Lemos, 08 Nov 2008
The Register breaking news

US kicks off secure hash competition

Dozens of amateur and professional cryptographers signed up last week for the United States' first open competition to create a secure algorithm for generating hashes - the digital fingerprints widely used in a variety of security functions. The contest, run by the National Institute of Standards and Technology (NIST), seeks to …
Robert Lemos, 04 Nov 2008
The Register breaking news

Feds charge 11 in TJX ID fraud case

Federal prosecutors announced on Tuesday that they had indicted eleven people in the largest case of identity theft and hacking ever prosecuted by the US Department of Justice. The eleven suspects, including three US citizens, allegedly took part in stealing more than 40 million credit and debit card accounts from nine major …
Robert Lemos, 06 Aug 2008

Vendors form alliance to fix DNS poisoning flaw

An alliance of software makers and network-hardware vendors announced on Tuesday that they had banded together to fix a fundamental flaw in the design of the internet's address system. The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a …
Robert Lemos, 09 Jul 2008
The Register breaking news

Legal experts wary of MySpace hacking charges

On October 16, 2006, 13-year-old Megan Meier fled from her family's computer, distraught over the cutting comments of her supposed "friends" on MySpace. Twenty minutes later, the troubled teen was dead; she had hung herself in her closet. The story, widely reported, garnered the girl's family widespread sympathy on the Internet …
Robert Lemos, 17 May 2008
plaster_75

MS patch system poses 'significant risk', say researchers

A group of four computer scientists urged Microsoft to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program. The technique, which the researchers refer to as automatic patch-based exploit generation (APEG), …
Robert Lemos, 25 Apr 2008
The Register breaking news

Lawmakers voice concerns over cybersecurity plan

Members of the House of Representatives sought details on Thursday of a $30bn plan to secure federal government systems and upgrade network defenses to ward off attacks from foreign nations and online criminals. Known as the Cyber Initiative, the Bush Administration project would dramatically reduce the number of …
Robert Lemos, 04 Mar 2008
Warning: biohazard

Malware hitches a ride on digital devices

It's time to add digital picture frames to the group of consumer products that could carry computer viruses and Trojan horse programs. In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious …
Robert Lemos, 11 Jan 2008
The Register breaking news

Task force aims to improve US cybersecurity

A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve the United States' cybersecurity by the time the next president takes office, the Center for Strategic and International Studies (CSIS), and the task force's Congressional sponsors, announced on Tuesday. The bipartisan Commission on Cyber …
Robert Lemos, 02 Nov 2007
The Register breaking news

Universities warned of Storm Worm attacks

Colleges and universities have come under attack by Storm Worm botnets following attempts to detect infections through vulnerability scanning, a response centre for academic networks stated last week. The Research and Education Networking Information Sharing and Analysis Centre (REN-ISAC) sent out the warning last Thursday …
Robert Lemos, 17 Aug 2007
Mortar board

Teaching hacking helps students, professors say

When Sam Bowne visited the DEFCON hacking conference in 2006, he saw a lot of people having fun with a really interesting topic: computer security. As a professor of computer science at the City College of San Francisco, Bowne wanted to find a way to make computer security accessible to the average student. So, following his …
Robert Lemos, 07 Aug 2007

Will the iPhone be iPwned?

LAS VEGAS - The Apple Store at the Fashion Show Mall has a solid crowd for a Monday afternoon and it's easy to pinpoint the favourite. A dozen iPhone stations collect at the front of the store, and they are rarely lonely. A stylish 20-something couple laughs as the man snaps a picture of the woman and shows her the screen. A …
Robert Lemos, 03 Aug 2007
plaster_75

Firm finds danger in dangling pointers

In December 2005, technology consultant Inge Henriksen announced he had found a flaw in Microsoft's flagship web server platform, Internet Information Server (IIS) 5.1. Yet, because the vulnerability appeared impossible to exploit, Microsoft put off patching the issue. The programming problem represented a fairly common …
Robert Lemos, 26 Jul 2007
channel

MPack developer on automated infection kit

Interview In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious websites. A year later, the MPack kit has become an increasingly popular tool, allowing data thieves and bot masters to take control of victims' systems and steal …
Robert Lemos, 23 Jul 2007

Spammers dump images, switch to PDF files

Foiled by increasingly accurate corporate spam filters, spammers have dumped pictures for PDFs in their bulk emailings, according to the latest data from security firms. Image spam, which at the beginning of the year accounted for nearly 60 per cent of all junk email, has plummeted and now accounts for only about 15 per cent of …
Robert Lemos, 23 Jul 2007
channel

Fast flux foils botnet takedown

Network security analyst Lawrence Baldwin has helped take down his share of bot nets, but he worries that those days may largely be over. Traditional bot nets have used Internet relay chat (IRC) servers to control each of the compromised PCs, or bots, but the central IRC server is also a weakness, giving defenders a single …
Robert Lemos, 11 Jul 2007
globalisation

Lawmakers worry over government network breaches

Long an afterthought for U.S. lawmakers, cybersecurity has received renewed attention in some parts of Congress. Last Wednesday, a U.S. House of Representatives' subcommittee took the chief information officer of the Department of Homeland Security, Scott Charbo, to task for allowing 844 significant cybersecurity incidents in …
Robert Lemos, 29 Jun 2007
The Register breaking news

Amero case spawns effort to educate

A group of security professionals, legal experts, and educators who helped former Connecticut substitute teacher Julie Amero overturn a conviction on charges of exposing her students to pornographic pop-up ads has formed a permanent organisation that aims to educate the courts and legislators about technology, crime, and digital …
Robert Lemos, 20 Jun 2007
Handcuffs

Anti-hacking laws 'can hobble net security'

Jeremiah Grossman has long stopped looking for vulnerabilities in specific websites, and even if he suspects a site to have a critical flaw that could be compromised by an attacker, he's decided to keep quiet. The silence weighs heavily on the web security researcher. While ideally he would like to find flaws, and help …
Robert Lemos, 18 Jun 2007
Dollar

Zero-day sales not 'fair' - to researchers

Two years ago, Charles Miller found a remotely exploitable flaw in a common component of the Linux operating system, and as many enterprising vulnerability researchers are doing today, he decided to sell the information. Having recently left the National Security Agency, the security professional decided to try his hand at …
Robert Lemos, 03 Jun 2007