The Register Columnists

Robert Lemos

Contact Mail Follow RSS feed
mozilla foundation

Insecure plug-ins pose danger to Firefox users

A security weakness in the update mechanism for third-party add-ons to the Firefox browser could give an attacker the ability to exploit unsecured downloads and install malicious code on the victim's computer, a security researcher warned on Wednesday. The vulnerability affects any third-party add-ons that use an unsecured …
Robert Lemos, 01 Jun 2007
arrow pointing up

Peer-to-peer networks co-opted for DOS attacks

A flaw in the design of a popular peer-to-peer network software has given attackers the ability to create massive denial-of-service attacks that can easily overwhelm corporate websites, a security firm warned last week. Over the past three months, more than 40 companies have endured attacks emanating from hundreds of thousands …
Robert Lemos, 30 May 2007
The Register breaking news

'Data storm' blamed for nuclear plant shutdown

The US House of Representative's Committee on Homeland Security called this week for the Nuclear Regulatory Commission (NRC) to further investigate the cause of excessive network traffic that shut down an Alabama nuclear plant. During the incident, which happened last August at Unit 3 of the Browns Ferry nuclear power plant, …
Robert Lemos, 21 May 2007
triangular warning sign featuring exclamation mark

Experts scramble to quash IPv6 flaw

A flawed feature that could amplify denial-of-service attacks on next-generation networks has vendors and engineers rushing to eliminate the potential security issue. This week, experts sent two drafts to the Internet Engineering Task Force (IETF) - the technical standards-setting body for the internet - proposing different …
Robert Lemos, 11 May 2007
The Register breaking news

A Mac gets whacked, a second survives

Shane Macaulay strode into the conference hall at the CanSecWest conference on Friday afternoon, balancing a MacBook Pro on his palm and making a beeline for the table displaying two more of the silver laptops. The well-known security researcher had just spent the morning testing an exploit designed to take advantage of a …
Robert Lemos, 23 Apr 2007
channel

Attackers improve on JavaScript trickery

CanSecWest As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders' attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday. Attackers have adopted the same …
Robert Lemos, 20 Apr 2007
The Register breaking news

Developers' secure-coding skill put to the test

A coalition of security companies and organisations announced a plan this week to create assessment tests that would certify programmers' knowledge of secure-coding practices. The groups, led by the SANS Institute, aim to create a set of four tests covering major programming languages that could give companies a tool to measure …
Robert Lemos, 29 Mar 2007
The Register breaking news

Account pretexters plague Xbox Live

When Kevin Finisterre got his virtual guns handed to him in an online game of Halo 2 last Thursday, he called his opponents on their none-too-subtle hacks that skewed the game in their favour and turned the battle into a rout. His opponents - who rarely died while racking up nearly 100 kills on Finisterre's team - didn't take …
Robert Lemos, 23 Mar 2007
channel

Anti-spyware bill could mean tougher fines

On Thursday, the anti-spyware bill - which has twice passed the U.S. House of Representatives only to be rejected by the Senate - got its third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection. The bill, whose full title is the "Securely Protect Yourself Against Cyber Trespass Act," would prohibit …
Robert Lemos, 18 Mar 2007
homeless man with sign

Stormy weather for malware defenses

When the Storm Worm swept through the internet in mid-January, the program's writers took a brute force approach to evading anti-virus defenses: They created a massive number of slightly different copies of the program and released them all at the same time. On 18 January, the day the misnamed program - a Trojan horse, not a …
Robert Lemos, 07 Mar 2007

Maynor reveals missing Apple flaw

Security researcher David Maynor got some measure of vindication at the Black Hat DC Conference this year. Six months after he and his colleague Jon Ellch claimed that Mac OS X wireless drivers were vulnerable to attack, Maynor on Wednesday revealed the code he used to exploit a native flaw in the platform as well as emails …
Robert Lemos, 02 Mar 2007
arrow pointing up

Imperfect Storm aids spammers

For 24 hours in mid-January, stock-fraud investigation site StockPatrol disappeared from the internet, overwhelmed by a massive flood of web requests coming from thousands of sources. The attack came after the site wrote a handful of reports investigating and condemning the practice of pump-and-dump stock spam campaigns. No …
Robert Lemos, 19 Feb 2007
The Register breaking news

Security pros work to undo teacher's conviction

Researchers led by the head of a Florida anti-spyware firm aim to recreate what caused a Connecticut school's classroom computer to start displaying pornographic pop-ups in October 2004, an incident that recently led to four felony convictions for the substitute teacher involved. This was a Windows 98 SE machine with IE 5 and …
Robert Lemos, 04 Feb 2007

Vista raises the bar for flaw finders

Microsoft launched its latest operating system - Windows Vista - on Monday, a move that will make finding easily exploitable vulnerabilities a lot harder, according to security researchers. In a launch event in New York City, the software giant took the wraps off both Windows Vista and its Office 2007 productivity suite. Long …
Robert Lemos, 31 Jan 2007
The Register breaking news

Fraud linked to TJX data heist spreads

Banks and retailers in the United States and Canada have begun to report an increasing amount of illicit transactions thought to be linked to the server breach announced last week by the TJX Companies, the commercial giant that owns retail chains in the US, Canada, and Europe. More than 60 of the 205 banks in Massachusetts have …
Robert Lemos, 29 Jan 2007
hands waving dollar bills in the air

Bug brokers offering higher bounties

Adriel Desautels aims to be the go-to guy for researchers that want to sell information regarding serious security vulnerabilities. The co-founder of security group Secure Network Operations Software (SNOSoft), Desautels has claimed to have brokered a number of deals between researchers and private firms - as well as the odd …
Robert Lemos, 25 Jan 2007
fingers pointing at man

Vulnerability tallies surged in 2006

Flaws in Web applications boosted the bug counts for 2006 by more than a third over the previous year, according to data obtained by SecurityFocus from the four major vulnerability databases. On Monday, the Computer Emergency Response Team (CERT) Coordination Center released its final tally of the number of flaws the …
Robert Lemos, 21 Jan 2007
The Register breaking news

Spammers get bullish on stocks

A week before Christmas, Diamant Art seemingly got a holiday bonus: On 18 December, the small Canadian maker of plastic food wrap saw its sub-penny stock price triple from 0.08 cents to a peak of 0.25 cents while trading in shares of the firm skyrocketed. Yet, the price boost was not driven by good news issued by the company …
Robert Lemos, 15 Jan 2007
The Register breaking news

Stock scammer gets coal for the holidays

The US Securities and Exchange Commission put a suspected Russian brokerage-account thief's money on ice last week, after he allegedly used illicit access to people's online portfolios to drive up stock prices. The SEC charged Grand Logistic SA, a Belize corporation located in Estonia, and its owner Evgeny Gashichev of Russia, …
Robert Lemos, 28 Dec 2006
globalisation

PHP security under scrutiny

A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based web applications. A search of the database, maintained by the National Institute of Standards and Technology (NIST), found that web applications written in …
Robert Lemos, 21 Dec 2006
channel

Social sites' insecurity increasingly worrisome

Personal web spaces on MySpace, videos on YouTube, and blogs - community sites hosting user-created content - have become increasingly popular. While the web has always been about publishing digital information, the stunning popularity of hubs for content created by the audience has attracted more people to the world of quick- …
Robert Lemos, 05 Dec 2006
channel

Bot spreads through anti-virus, Windows flaws

University security experts warned administrators on Monday that a bot program has started to spread by exploiting five patched Microsoft vulnerabilities and a six-month-old flaw in Symantec's anti-virus software. The bot program, identified as W32.Spybot.ACYR by Symantec, has compromised a small number of systems at various …
Robert Lemos, 29 Nov 2006
The Register breaking news

Second life plagued by 'grey goo' attack

For about two hours, the virtual landscape of Second Life filled with golden rings and the distinctive two-tone ding of Sega's popular Sonic the Hedgehog games. The rings' listed creator was the fictional "Dr Robotnik," a character from the Sonic games. However, the deluge of rings was not some form of cross promotion, but a …
Robert Lemos, 24 Nov 2006
channel

Malware goes to the movies

Online attackers have started to experiment with embedding malicious code or links to such code in different video formats. On Tuesday, anti-virus firm McAfee warned Windows users that the company had discovered a worm, dubbed W32/Realor, actively infecting Real Media files. The infected video files do not contain an exploit …
Robert Lemos, 16 Nov 2006
The Register breaking news

E-voting worries focus on failures, not fraud

Major electronic voting machine problems occurred in at least six US states during the country's midterm elections, underscoring that system failure, not fraud, is the biggest issue facing future races, voting-rights activists and technologists said this week. Machine problems delayed voting in many precincts in Colorado, …
Robert Lemos, 12 Nov 2006