The Register Columnists

Dan Goodin

Contact Mail Follow RSS feed
The Register breaking news

Duqu targeted each victim with unique files and servers

The creators of the Duqu malware that penetrated industrial manufacturers in at least eight countries tailored each attack with exploit files, control servers, and booby-trapped Microsoft Word documents that were different for each victim, according to research published on Friday. What's more, two of the drivers the …
Dan Goodin, 11 Nov 2011
The Register breaking news

Feds win access to WikiLeakers Twitter account data

US Justice Department investigators have won a hard-fought campaign to access the Twitter records of three current and former WikiLeaks associates, rebuffing arguments that the document demand violated the constitutional right to free speech and a prohibition against unreasonable searches and seizures. In a 60-page opinion …
Dan Goodin, 11 Nov 2011
The Register breaking news

Death match between site and writer over Twitter account

A mobile products review site is locked in a fierce battle with one of its former writers over who is the rightful owner of a Twitter account with 17,000 followers that was set up before he ended his employment. PhoneDog sued Noah Kravitz in July in a complaint that claimed the password and followers for the Twitter account @ …
Dan Goodin, 10 Nov 2011
The Register breaking news

Apple kills code-signing bug that threatened iPhone users

Apple has patched a serious bug in iPhones and iPads that allowed attackers to embed secret payloads in iTunes App Store offerings that were never approved during the official submission process. Charlie Miller, who is principal research consultant at security firm Accuvant, was kicked out of the iOS developer program on …
Dan Goodin, 10 Nov 2011
The Register breaking news

City IT manager accused of brazenly stealing mayor's email

A former IT manager for the city of Hoboken, New Jersey, was arrested on Wednesday on charges he intercepted emails sent to and from its sitting mayor and other top city officials, and forwarded them to others. Patrick Ricciardi, 45, of Hoboken, used an automated script to access every email sent to or received by Mayor Dawn …
Dan Goodin, 10 Nov 2011
The Register breaking news

Feds shutter DNS malware scam that infected 4 million PCs

Federal authorities have shut down an international conspiracy that forced more than four million computers to connect to fraudulent webpages when users tried to visit Netflix, the US Internal Revenue Service, Apple's iTunes and other services. Prosecutors named seven Eastern European defendants who allegedly generated more …
Dan Goodin, 09 Nov 2011
The Register breaking news

Microsoft releases fix for Applocker bypass flaw

Microsoft has released a temporary fix for a flaw in its latest operating systems that allows untrusted users to bypass security measures preventing them from running unauthorized applications. AppLocker allows administrators to restrict the applications that can be run on computers running Windows 7 and Windows Server 2008. But …
Dan Goodin, 09 Nov 2011
The Register breaking news

Duqu spawned by 'well-funded team of competent coders'

The Duqu malware that targeted industrial manufacturers around the world contains so many advanced features that it could only have been developed by a team of highly skilled programmers who worked full time, security researchers say. The features include steganographic processes that encrypt stolen data and embed it into image …
Dan Goodin, 09 Nov 2011
The Register breaking news

US Supremes liken GPS tracking to 1984's Big Brother

If the Obama administration wins a crucial case testing when police may use GPS devices to track American's whereabouts, investigators would be free to attach them to all nine members of the nation's highest court without a warrant. That blunt assessment came not from one of the many critics blasting the controversial practice …
Dan Goodin, 08 Nov 2011
The Register breaking news

Advertiser settles charges for use of Adobe Flash cookies

An internet-based advertising network has agreed to settle Federal Trade Commission charges stemming from its use of Adobe Flash cookies to track internet users' browsing history, even when they took steps to evade monitoring. Boston-based ScanScout agreed to make it easier for web users to opt out of tracking, as part of a …
Dan Goodin, 08 Nov 2011
The Register breaking news

Apple expels serial hacker for publishing iPhone exploit

Charlie Miller, the serial hacker who has exposed more than a dozen critical vulnerabilities in Apple's Mac and mobile platforms, was kicked out of the company's iOS developer program after publishing an application that demonstrated a serious new bug in iPhones and iPads. Miller's InstaStock app, which was accepted into the …
Dan Goodin, 08 Nov 2011
The Register breaking news

DNS cache poisonings foist malware attacks on Brazilians

An attack on several Brazilian ISPs has exposed large numbers of their subscribers to malware attacks when they attempt to visit Hotmail, Gmail, and other trusted websites, security researchers have warned. The attacks work by poisoning the domain name system cache that the service providers use to translate domain names such …
Dan Goodin, 07 Nov 2011
The Register breaking news

Router glitch causes widespread net outages

Internet services throughout North America and Europe saw widespread outages and slowdowns on Monday after backbone provider Level 3 Communications suffered a global failure, network providers said. Time Warner Cable in the US, Research in Motion services for BlackBerry subscribers, and UK ISPs Eclipse Internet, Easynet, and …
Dan Goodin, 07 Nov 2011
The Register breaking news

SSL authority stops issuing certificates following breach

Yet another web authentication authority has stopped issuing secure sockets layer certificates after discovering a security breach that allowed hackers to store attack tools on one of its servers. Netherlands-based KPN Corporate Market said it was taking the action while it investigated the compromise, which may have taken …
Dan Goodin, 04 Nov 2011
The Register breaking news

CIA 'Open Source Center' monitors Facebook, Twitter

The CIA has opened the kimono on its Virginia-based Open Source Center, where a team known as the "vengeful librarians" pore over Facebook, Twitter, internet chat rooms, and any other overseas forum that anyone can access and contribute to openly, the Associated Press reports. With hundreds of analysts, the team is charged with …
Dan Goodin, 04 Nov 2011
The Register breaking news

Microsoft releases temporary fix for critical Windows bug

Microsoft has issued a temporary fix for a critical Windows vulnerability that has already been exploited to install highly sophisticated malware that targeted manufacturers of industrial systems. In an advisory issued late Thursday, Microsoft said the previously unknown flaw in the Win32k TrueType font-parsing engine affected …
Dan Goodin, 04 Nov 2011
The Register breaking news

US, Europe throw their very first joint cyber-war party

The European Union and the US on Thursday conducted their first ever cyber security exercises designed to coordinate responses to attacks on critical infrastructure. Security experts from the US and 27 EU member states were involved in the drill, which simulated crises affecting national security. In the first scenario, a …
Dan Goodin, 04 Nov 2011
The Register breaking news

Web credential authority rebuked for 'poor' security

Microsoft, Google, and Mozilla will banish yet another web authentication authority from their software after learning that it issued secure sockets layer certificates that could be used to attack people visiting Malaysian government websites. Digicert Malaysia, an intermediate certificate authority that was certified by parent …
Dan Goodin, 03 Nov 2011
The Register breaking news

Apple requires Mac App Store candidates to be sandboxed

Developers submitting applications to Apple's Mac App Store will soon be required to add an extra layer of security for their wares to be accepted. Beginning in March, all apps submitted must implement sandboxing, a protection that tightly restricts the way applications can interact with other parts of the operating system. By …
Dan Goodin, 03 Nov 2011
The Register breaking news

Want to avoid all private-data breaches, ever? Here's how

Interview As information and privacy commissioner of Ontario, Ann Cavoukian's jurisdiction is limited to the Canadian province. But that doesn't mean the effects of her post don't extend into territories across the globe. “What I always say is privacy transcends jurisdiction,” she says. “It knows no boundaries. So if I'm going to protect …
Dan Goodin, 03 Nov 2011
The Register breaking news

Notorious eBay hacker gets 3-year suspended sentence

Vladuz, the Romanian hacker who repeatedly accessed off-limits parts of eBay's website and then publicly taunted company officials over the security lapses, has been handed a suspended three-year sentence, according to news reports. The Bucharest appeal court issued the sentence on Wednesday to 23-year-old Vlad Duiculescu, AFP …
Dan Goodin, 03 Nov 2011
The Register breaking news

Accused Hollywood hacker does about face, pleads not guilty

A Florida man has pleaded not guilty to charges he broke into the email accounts of actresses Scarlett Johansson and Mila Kunis, and as many as 50 other celebrities, and made off with nude photos and personal information. Christopher Chaney, 35, of Jacksonville, Florida, denied the allegations contained in a 26-count indictment …
Dan Goodin, 02 Nov 2011
The Register breaking news

Thousands of WordPress sites commandeered by Black Hole

Mass attacks that exploit a known vulnerability in the WordPress publishing platform have continued to bear fruit for hackers, with thousands of websites claimed in the past few weeks, a researcher said. The security bug, in a widely used image resizing utility known as TimThumb, allows attackers to seize control of WordPress …
Dan Goodin, 02 Nov 2011
The Register breaking news

Army of 'socialbots' steal gigabytes of Facebook user data

Updated A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks, researchers said in an academic report to be presented next month. The 102 “socialbots” included a name and picture of a fictitious Facebook user and used …
Dan Goodin, 01 Nov 2011
The Register breaking news

Critical Windows zero-day bug exploited by Duqu

The Duqu malware used to steal sensitive data from manufacturers of industrial systems exploits at least one previously unknown vulnerability in the kernel of Microsoft Windows, Hungarian researchers said. The zero-day vulnerability was triggered by a booby-trapped Word document that was recently discovered by researchers from …
Dan Goodin, 01 Nov 2011
The Register breaking news

Researchers propose simple fix to thwart e-voting attack

Researchers have devised a simple procedure that can be added to many electronic voting machine routines to reduce the success of insider attacks that attempt to alter results. The approach, laid out in a short research paper (PDF), augments the effectiveness of end-to-end verifiable election systems, such as the Scantegrity …
Dan Goodin, 01 Nov 2011
The Register breaking news

Illicit Bitcoin miners steal resources from infected Macs

Security researchers have identified malware that hijacks the resources of infected Macs to illegally mint the digital currency known as Bitcoin. The DevilRobber.A trojan has been circulating on The Pirate Bay and other BitTorrent trackers, where it's bundled with the Mac OS X image-editing application Graphic Converter, …
Dan Goodin, 31 Oct 2011
The Register breaking news

Dozens of chemical firms hit in espionage hack attack

Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said. At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 …
Dan Goodin, 31 Oct 2011
The Register breaking news

Hackers commandeer US government satellites

Hackers interfered with two US government satellites on four separate occasions in 2007 and 2008, according to a report scheduled to be released next month by a congressional commission. In June 2008 and again in October of the same year, a Terra AM-1 earth observation satellite operated by NASA experienced interference at the …
Dan Goodin, 28 Oct 2011
The Register breaking news

(At least) 4 web authentication authorities breached since June

At least four web authentication authorities have reported being compromised in as many months, according to research from the Electronic Frontier Foundation that renews serious questions about a technology millions of websites rely on to remain secure. EFF Technology Projects Director Peter Eckersley compiled the data by …
Dan Goodin, 27 Oct 2011
The Register breaking news

Insulin pump hack delivers fatal dosage over the air

In a hack fitting of a James Bond movie, a security researcher has devised an attack that hijacks nearby insulin pumps, enabling him to surreptitiously deliver fatal doses to diabetic patients who rely on them. The attack on wireless insulin pumps made by medical devices giant Medtronic was demonstrated Tuesday at the Hacker …
Dan Goodin, 27 Oct 2011
The Register breaking news

US gov requests for Google user data grow 29%

The US government has once again outdone its peers in requesting that Google turn over user data for use in criminal investigations, with almost 6,000 demands in the first half of 2011, a 29 per cent increase from the previous six months. The 5,950 requests that US law enforcement agencies filed with YouTube and Google sought …
Dan Goodin, 26 Oct 2011
The Register breaking news

Uncrackable quantum crypto undermined by new attack

Hopes of building an uncrackable cryptographic system using quantum mechanics have been called into question, after scientists devised a way to cheat a test used to detect secret keys that have been intercepted. By blinding detectors with laser beams, the scientists were able to defeat what's known as the Bell test. In theory, …
Dan Goodin, 25 Oct 2011
The Register breaking news

Japan's Parliament, defense contractor, pierced by hackers

Sensitive data belonging to 480 lawmakers and their staff may have been exposed for more than a month, after computers in Japan's Parliament were infected by malware, it was widely reported on Tuesday. The data-stealing trojan compromised computers used by three members of the Lower House, and possibly a server, The New York …
Dan Goodin, 25 Oct 2011
The Register breaking news

Android upgraded to be more resistant to hack attacks

The newest version of Google's Android mobile operating system has been upgraded to make it harder for hackers to hijack handsets by exploiting code errors in the underlying code. Android 4.0, aka Ice Cream Sandwich, has added a mitigation known as ASLR, or address space layout randomization. It works by routinely changing the …
Dan Goodin, 25 Oct 2011
The Register breaking news

Tool lets low-end PC crash much more powerful webserver

Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations. A German group known as The Hacker's Choice released the tool on Monday, in part to bring attention to what they said were a series of long-running …
Dan Goodin, 24 Oct 2011
The Register breaking news

WikiLeaks on verge of financial collapse, founder says

WikiLeaks will temporarily stop publishing so members can address a cash shortage that could cause the whistleblower site to financially collapse by the end of the year, founder Julian Assange said on Monday. The dire financial picture comes 10 months after PayPal, MasterCard, Visa, and other payment services significantly …
Dan Goodin, 24 Oct 2011
The Register breaking news

Cable employee admits replacing Superbowl feed with porn

NSFW An Arizona man has admitted he was the one who interrupted the 2009 Superbowl broadcast to thousands of cable subscribers and replaced it with footage from an X-rated porno flick, according to published news reports. Frank Tanori Gonzalez pleaded guilty to two counts of computer tampering in a plea agreement that called for him …
Dan Goodin, 21 Oct 2011
The Register breaking news

World's stealthiest rootkit gets a makeover

One of the world's more advanced pieces of malware has just gotten a makeover that could make it even more resistant to takedown efforts, security researchers said. An analysis of recent updates to the TDL4 rootkit, which is also known as TDSS and Alureon, shows that components including its kernel-mode driver and user-mode …
Dan Goodin, 21 Oct 2011
The Register breaking news

Skype lets hackers track your BitTorrent downloads

Scientists have devised a stealthy and low-cost way to track the internet protocol addresses of tens of thousands of Skype users, and link the information to their online activities such as the sharing of specific files over BitTorrent. The method, which is laid out in a recently published academic paper, works even when Skype …
Dan Goodin, 21 Oct 2011
The Register breaking news

Bug in Flash Player allowed Mac webcam spying

Updated Engineers on Thursday patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission. To be attacked, visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live …
Dan Goodin, 20 Oct 2011
The Register breaking news

Google adds default end-to-end encryption to search

Google is rolling out default end-to-end encryption to people who use the site to seek for images, news and general webpages, a change that will better protect search queries and results from eavesdroppers. The SSL, or secure sockets layer, service will be offered by default to users who are signed into their Google accounts, …
Dan Goodin, 19 Oct 2011
The Register breaking news

Oracle updates Java to stop SSL-chewing BEAST

Firefox developers said Tuesday that they have no plans to keep the browser from working with the Java software framework now that Oracle has released a patch that prevents it from being used to decrypt sensitive web traffic. In a blog post published in late September and updated on Tuesday, Mozilla recommends that Firefox …
Dan Goodin, 19 Oct 2011
The Register breaking news

Stuxnet-derived malware found infecting SCADA makers

Organizations involved in the making of systems that control oil pipelines and other critical infrastructure have been infected with malware directly derived from the Stuxnet worm that targeted Iran's nuclear program, security researchers said. Parts of newly discovered malware are almost identical to Stuxnet, and were written …
Dan Goodin, 18 Oct 2011
The Register breaking news

Hacktivists pose growing threat to industrial computing

Members of the Anonymous hacking collective are increasingly interested in attacking industrial control systems used to automate machinery used by factories, power stations, water treatment plants, and other facilities critical to national security, the Department of Homeland Security warned last month. In a memorandum (PDF) …
Dan Goodin, 18 Oct 2011
The Register breaking news

US military debated hacking Libyan air defenses

The Obama administration intensely debated whether to hack the computer networks that run Libya's air-defense system in the days leading up to the US-led strikes against Qaddafi forces, The New York Times reports. Administration officials and some military officers ultimately rejected the idea, citing the precedent it might set …
Dan Goodin, 17 Oct 2011
The Register breaking news

Judge OKs warrantless tracking of suspect's cellphone

Investigators seeking the location history of an armed robbery suspect's cellphone aren't required to obtain a search warrant before compelling the carrier to turn over the information, a federal judge has ruled. The decision, issued by US District Judge Royce C. Lamberth of the District of Columbia, said the Stored …
Dan Goodin, 15 Oct 2011
The Register breaking news

Mass ASP.NET attack causes websites to turn on visitors

An infection that causes poorly configured websites to silently bombard visitors with malware attacks has hit almost 614,000 webpages, Google searches show. The mass infection, which redirects users to a site exploiting old versions of Oracle's Java, Adobe's Flash player and various browsers, was first disclosed by researchers …
Dan Goodin, 14 Oct 2011
The Register breaking news

Facebook accused of violating US wiretap law

A Mississippi woman has accused Facebook of violating federal wiretap statutes by tracking her internet browsing history even when she wasn't logged onto the social networking site. In a lawsuit filed on Wednesday in federal court in the northern district of Mississippi, Brooke Rutledge of Lafayette County, Mississippi, also …
Dan Goodin, 14 Oct 2011
The Register breaking news

IRS audits Google for funneling profits to Ireland

The US Internal Revenue Service is auditing strategies that Google uses to cut its tax bill by about $1 billion a year by funneling profit into subsidiaries located in territories with low or non-existent rates, according to a published report citing unnamed officials. The agency is “bringing more than typical scrutiny” to …
Dan Goodin, 13 Oct 2011