Feeds
The Register Columnists

Dan Goodin

Contact Mail Follow RSS feed
The Register breaking news

Security mandates aim to shore up shattered SSL system

A consortium of companies has published a set of security practices they want all web authentication authorities to follow for their secure sockets layer certificates to be trusted by browsers and other software. The baseline requirements (PDF), published this week by the Certification Authority/Browser Forum, are designed to …
Dan Goodin, 17 Dec 2011
The Register breaking news

Adobe kills two actively exploited bugs in Reader

Adobe has released updates for its Reader and Acrobat applications that fix two vulnerabilities that attackers were exploiting to seize control of Windows-based machines. Version 9.4.7 of the programs fix two memory-corruption bugs that Adobe says are “being actively exploited in limited, targeted attacks in the wild” against …
Dan Goodin, 17 Dec 2011
The Register breaking news

Judge dismisses charges against accused Twitter stalker

A federal judge has dismissed a criminal case against a man charged with stalking a religious leader on Twitter on the grounds that the more than 8,000 messages he posted, some predicting her violent death, were protected by the US constitution. Thursday's ruling by US District Judge Roger W. Titus of Maryland was among the …
Dan Goodin, 16 Dec 2011
The Register breaking news

US spy drone hijacked with GPS spoof hack, report says

The US stealth drone broadcast last week on Iranian state television was captured by spoofing its GPS coordinates, a hack that tricked the bird into landing in Iranian territory instead of where it was programmed to touch down, The Christian Science Monitor reported. The 1700-word article cited an unnamed Iranian engineer who …
Dan Goodin, 15 Dec 2011
The Register breaking news

Visa probes reported security breach of card processor

Credit card issuer company Visa is investigating the possible breach of a payment processor in Europe that may have compromised more than 10,000 cards in Eastern Europe. In a statement issued on Thursday, according to IDG News, the issuer said: “Visa Europe has been informed of a potential data security breach at a European …
Dan Goodin, 15 Dec 2011
The Register breaking news

Feds charge eight former Siemens officials with bribery

US officials have charged more than a dozen former executives and contractors of Siemens of conspiring to spend $100 million in bribes to secure a $1 billion contract to produce national identity cards for Argentine citizens. A criminal indictment filed on Tuesday against eight former officials of the German industrial giant …
Dan Goodin, 15 Dec 2011
The Register breaking news

Newfangled graphics engine for browsers fosters data theft

Software developers at Google, Apple, Adobe, and elsewhere are grappling with the security risks posed by an emerging graphics technology, which in its current form could expose millions of web users' sensitive data to attackers. The technology, known as CSS shaders is designed to render a variety of distortion effects, such as …
Dan Goodin, 14 Dec 2011

SCADA vuln imperils critical infrastructure, feds warn

An electronic device used to control machinery in water plants and other industrial facilities contains serious weaknesses that allow attackers to take it over remotely, the US agency that safeguards the nation's critical infrastructure has warned. Some models of the Modicon Quantum PLC used in industrial control systems …
Dan Goodin, 14 Dec 2011
The Register breaking news

Espionage hack attack preys on chemical firms

More than two months after the discovery of an organized malware campaign targeting dozens of companies in the defense and chemical industries, the espionage hack attack shows no signs of letting up. According to a blog post published on Monday, the same group that targeted at least 38 companies between July and September is …
Dan Goodin, 12 Dec 2011
The Register breaking news

Malicious apps infiltrate Google's Android Market

Google security crews have tossed at least a dozen smartphone games out of the Android Market after discovering they contained secret code that caused owners to accrue expensive charges for text messages sent to premium numbers. The malicious apps, uploaded to the Google-hosted service by a developer named Logastrod, …
Dan Goodin, 12 Dec 2011
The Register breaking news

Windows Defender Offline: For PCs too hosed to go online

Microsoft has released a beta version of its Windows Defender antivirus tool that works even when computers are so badly infected that they are unable to fully access the internet. The program allows users to boot their sick machines from a CD, DVD or USB flash drive and use the most up-to-date definitions to fight the …
Dan Goodin, 09 Dec 2011
The Register breaking news

Four Romanians charged with hacking 150 Subway shops

Four Romanian nationals were charged with pocketing millions of dollars by hacking into the credit card processing systems of more than 200 businesses. The men remotely accessed point-of-sale systems of 150 Subway sandwich shops and 50 unnamed retailers and stealing credit card data for more than 80,000 customers, according to a …
Dan Goodin, 09 Dec 2011
The Register breaking news

Chrome is the most secured browser - new study

Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox. The 102-page report, prepared by researchers from security firm …
Dan Goodin, 09 Dec 2011
The Register breaking news

Digital certificate authority suspends ops following breach

Websites belonging to a Netherlands-based issuer of digital certificates were unavailable following reports hackers penetrated their security and accessed databases that should have been off limits. Dutch telecommunications giant KPN issued a statement (translation here) that said it temporarily shut the website of it's Gemnet …
Dan Goodin, 08 Dec 2011
The Register breaking news

Man fights felony hacking charge for accessing wife's email

A Michigan appeals court is trying to decide whether the state's anti hacking law should be invoked against a man who broke into his wife's Gmail account to see if she was having an affair. Leon Walker, 34, faces a maximum of five years in prison for using a shared family computer to read his wife's personal email after she …
Dan Goodin, 07 Dec 2011
The Register breaking news

Military contractor warns of new Adobe Reader exploit

Attackers are exploiting a vulnerability in the latest versions of Adobe Reader and Acrobat applications to hijack computers running Microsoft Windows, Adobe warned on Tuesday. The vulnerability, which corrupts memory involved with the U3D, or Universal 3D, file format, was reported by members of Lockheed Martin's computer …
Dan Goodin, 06 Dec 2011
The Register breaking news

Facebook security hole exposes Zuckerberg's privates

A security hole on Facebook has been exposing private pictures of countless users, including the Social Network's founder and CEO Mark Zuckerberg. A photo pilfering exploit posted to a bodybuilding.com forum on Monday included step-by-step instructions for viewing pictures designated as private by the Facebook users who posted …
Dan Goodin, 06 Dec 2011
The Register breaking news

Navy training mine washes ashore on Miami Beach

A portion of Miami Beach was evacuated on Monday following the discovery of a red and white cylinder that turned out to be a training mine belonging to the US Navy. Police cordoned off the area surrounding the 6-foot by 2-foot mine, which a Miami Fire Rescue spokesman said appeared to be live but not as explosive as a regular …
Dan Goodin, 06 Dec 2011
The Register breaking news

It's ba-ack. Exploit revives slain browser history bug

A Google researcher has resurrected an attack that allows website operators to steal the browsing history of visitors almost a year after all major browser makers introduced changes to close the gaping privacy hole. Proof-of-concept code recently posted by Google security researcher Michal Zalewski works against the majority of …
Dan Goodin, 05 Dec 2011
The Register breaking news

Carrier IQ VP: App on millions of phones not a privacy risk

More than 48 hours after a software developer posted evidence Carrier IQ monitored the key taps on more than 141 million smartphones, a company official has come forward to rebut the disturbing allegations. And he's provided enough technical detail to convince The Register the diagnostics software doesn't represent a privacy …
Dan Goodin, 02 Dec 2011
The Register breaking news

Does your smartphone run Carrier IQ? Find out here

The roster of confirmed smartphone manufacturers and network providers using the controversial Carrier IQ tracking software has grown to include Apple, AT&T, Sprint, HTC, and Samsung. Verizon, Nokia, and Research in Motion, meanwhile, have denied reports saying they employ it. In a statement that was widely reported on Thursday …
Dan Goodin, 01 Dec 2011
The Register breaking news

US Senator demands answers from Carrier IQ

Senator and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of US wiretap laws. In a letter sent to Larry Lenhart, CEO and president of the Mountain View, California-based software maker, Franken …
Dan Goodin, 01 Dec 2011
The Register breaking news

Duqu attackers: master coders, Linux rookies

The Duqu malware that targeted industrial manufacturers around the world may have been spawned by a well-funded team of competent coders, but their command of Linux led to some highly amateur mistakes. According to a report published on Wednesday by researchers from Kaspersky Lab, the unknown attackers attempted a global …
Dan Goodin, 01 Dec 2011
The Register breaking news

Android glitch allows hackers to bug phone calls

Computer scientists have discovered a weakness in smartphones running Google's Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission. Handsets sold by HTC, Samsung, Motorola, and Google contain code that …
Dan Goodin, 30 Nov 2011
The Register breaking news

BUSTED! Secret app on millions of phones logs key taps

An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ …
Dan Goodin, 30 Nov 2011
The Register breaking news

Google researchers propose fix for ailing SSL system

Security researchers from Google have proposed an overhaul to improve the security of the Secure Sockets Layer encryption protocol that millions of websites use to protect communications against eavesdropping and counterfeiting. The changes are designed to fix a structural flaw that allows any one of the more than 600 bodies …
Dan Goodin, 29 Nov 2011
The Register breaking news

Malls suspend plan to track shoppers' cellphones

Two shopping malls have dropped plans to track shopper's movements after a US senator voiced privacy concerns about the practice, which involves monitoring individuals' cellphone signals. The Footpath tracking system will no longer be used at the Promenade Temecula mall in southern California or the Short Pump Town Center mall …
Dan Goodin, 29 Nov 2011
The Register breaking news

Twitter crypto purchase leaves Egypt dissidents in lurch

A company that provided free cellphone encryption to dissidents in Egypt abruptly suspended its services on Monday so that Twitter could integrate some of its privacy enabling technology into the microblogging site. Twitter's acquisition of San Francisco-based Whisper Systems came on Monday, the same day Egyptian citizens …
Dan Goodin, 28 Nov 2011
The Register breaking news

Assange shocker: 'Of course I'm a goddamn journalist'

WikiLeaks founder Julian Assange is running out of patience with those who question his rightful membership with the fourth estate. Just hours after receiving Australia's Walkley Award for "recognition of long-term commitment and achievement in the Australian media," Assange appeared by Skype at the News World Summit in Hong …
Dan Goodin, 28 Nov 2011
The Register breaking news

Software maker sorry for trying to silence security researcher

A Silicon Valley software maker has withdrawn legal threats against an Android developer who claimed the company's diagnostic application amounted to a rootkit that posed a privacy threat to millions of handset owners. In a statement issued on Wednesday, Mountain View, California-based Carrier IQ apologized to Trevor Eckhart …
Dan Goodin, 24 Nov 2011
The Register breaking news

Browser plugin brings strong crypto to Google webmail

Software developers have released a JavaScript implementation of the OpenPGP encryption message format that allows users to encrypt and decrypt communications within web-based mail services. GPG4Browsers is currently available only as an extension for the Google Chrome browser for integration with Gmail. It works with all …
Dan Goodin, 23 Nov 2011
The Register breaking news

Apple one-day-only sale plans for Macs, iPads leaked to web

Apple plans to offer modest discounts on Macs, iPads, and iPods for one day only on Friday, according to the 9to5Mac website, which said a trusted tipster leaked the details of its day-after-Thanksgiving sales. iMacs, MacBook Airs and MacBook Pros will be marked down by $101, while iPads will be discounted by $41 to $61 …
Dan Goodin, 23 Nov 2011
The Register breaking news

FBI: No evidence of water system hack destroying pump

Federal officials said there's no evidence to support a report that hackers destroyed a pump used by an Illinois-based water utility after gaining unauthorized access to the computer system it used to operate its machinery. In an email sent on Tuesday afternoon to members of the Industrial Control Systems Joint Working Group, …
Dan Goodin, 23 Nov 2011
The Register breaking news

Google mail crypto tweak makes eavesdropping harder

Google engineers have enhanced the encryption offered in Gmail, Google Docs, and other services to protect users against retroactive attacks that allow hackers to decrypt communications months or years after they were sent. The feature, a type of key-establishment protocol known as forward secrecy, ensures that each online …
Dan Goodin, 22 Nov 2011
The Register breaking news

Tor launches DIY relays in Amazon cloud

The Tor Project is tapping Amazon's EC2 cloud service to make it easier for volunteers to donate bandwidth to the anonymity network. Developers with the project have released preconfigured Tor Cloud images that volunteers can use to quickly deploy bridges that allow users to access the service. The new system is designed to …
Dan Goodin, 22 Nov 2011
The Register breaking news

'Organized' hack targets AT&T wireless subscribers

Hackers used automatic scripts to target AT&T wireless subscribers in an unsuccessful attempt to steal information stored in their online accounts, company officials said. In an email sent to targeted subscribers, AT&T warned of an “organized attempt” to break into their accounts. The advisory was sent to less than 1 per cent …
Dan Goodin, 21 Nov 2011
The Register breaking news

Smart meters blamed for Wi-Fi, garage opener interference

Smart meters issued by an electric utility in Maine are interfering with a wide range of customers' electronic devices, including wireless routers, cordless phones, electric garage doors, and answering machines. The Central Maine Power Company has received complaints from more than 200 customers since the meters were installed …
Dan Goodin, 21 Nov 2011
The Register breaking news

Clegg orders fresh review of UK extradition treaty

Supporters of accused NASA hacker Gary McKinnon scored a small political victory after Deputy Prime Minister Nick Clegg ordered a fresh review of the lopsided extradition treaty between the US and the UK. Clegg broke ranks with the Government over a review issued last month that concluded the treaty wasn't biased. He has …
Dan Goodin, 19 Nov 2011
The Register breaking news

Second water utility reportedly hit by hack attack

Images posted online suggest that hackers may have gained unauthorized access to computers controlling a second water treatment facility, a claim that raises additional concerns about of the security of the US's critical infrastructure. Five computer screenshots posted early Friday purport to show the user interface used to …
Dan Goodin, 18 Nov 2011
The Register breaking news

World's first Win 8 malware 'bootkit' to debut next week

A security researcher said that he has developed malware for Microsoft's forthcoming Windows 8 operating system that is able to load during boot-up when it's run on older PCs. Peter Kleissner said Stoned Lite – as the latest version of his bootkit is called – doesn't bypass defenses that will be available to people using Windows …
Dan Goodin, 18 Nov 2011
The Register breaking news

Water utility hackers destroy pump, expert says

Updated Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery, a computer security expert said. Joe Weiss, a managing partner for Applied Control Solutions, said the breach was most likely performed after the attackers hacked into the …
Dan Goodin, 17 Nov 2011
The Register breaking news

Crooks make it rain by seeding cloud with zombies

Malware operators are once again trying to generate profits from the cloud, this time by stealing the resources of infected computers and selling them to a new distributed-computing network, researchers from Kaspersky said. After infecting a computer, the malware downloads and installs the MetaTrader 5 Tester Agent, software …
Dan Goodin, 17 Nov 2011
The Register breaking news

Facebook vows 'consequences' for extreme porn scammers

Updated Facebook officials have tracked down the scammers responsible for deluging the social network with images depicting bestiality, self-mutilation and other depravity and is vowing to seek swift justice. As previously reported, Facebook has blamed the torrent of extreme smut on a "self-XSS vulnerability in the browser" that …
Dan Goodin, 16 Nov 2011
The Register breaking news

Windows 8 aims to make security updates less painful

The next version of Microsoft's Windows operating system will introduce changes that are designed to make automatic updates less disruptive by eliminating popup notifications and reducing the number of times machines must be restarted. In a blog post published on Monday, Microsoft Program Manager for the Windows Update Group …
Dan Goodin, 16 Nov 2011
The Register breaking news

'Devastating' protocol flaw could paralyze Bitcoin system

Computer scientists say they've identified a fundamental flaw in the Bitcoin electronic currency system that could eventually stunt its development unless developers change the way users are rewarded for their participation. With about 7.5 million Bitcoins in circulation, the highly decentralized system relies on public-key …
Dan Goodin, 15 Nov 2011
The Register breaking news

US anti-hacking law turns computer users into criminals

A commonly invoked anti-hacking law is so overbroad that it criminalizes conduct as innocuous as using a fake user name on Facebook or fibbing about your weight in a Match.com profile, one of the nation's most respected legal authorities has said. George Washington University Law School Professor Orin S. Kerr said he hopes the …
Dan Goodin, 15 Nov 2011
The Register breaking news

Hackers port iPhone 4S' Siri to rival devices

Hackers say they've reverse engineered the Siri personal assistant that debuted in last month's release of the iPhone 4S, a feat that allows them to make it work from virtually any device. To back up their claim, the hackers – from the mobile-application developer Applidium – released a collection of tools on Monday that they …
Dan Goodin, 15 Nov 2011
The Register breaking news

World's stealthiest rootkit pushes DNS hijacking trojan

One of the world's most advanced pieces of malware is being used to spread DNS Changer, a trojan at the heart of a massive click fraud scheme that has already hijacked 4 million PCs, security researchers said. Just a few days after federal prosecutors in the US shuttered the international conspiracy, researchers from Dell …
Dan Goodin, 14 Nov 2011
The Register breaking news

Certificate stolen from Malaysian gov used to sign malware

Researchers have discovered malware circulating in the wild that uses a private signing certificate belonging to the Malaysian government to bypass warnings many operating systems and security software display when end users attempt to run untrusted applications. The stolen certificate belongs to the Malaysian Agricultural …
Dan Goodin, 14 Nov 2011
The Register breaking news

Tour de France winner sentenced for hack of doping lab

Floyd Landis, the disgraced US cyclist who was stripped of his 2006 Tour de France victory for doping, was handed a suspended 12-month prison sentence for his part in a hack of an anti-doping lab computer. Arnie Baker, Landis's former trainer, also received a suspended 12-month term from the same French court in Nanterre, near …
Dan Goodin, 12 Nov 2011