Feeds
The Register Columnists

Dan Goodin

Contact Mail Follow RSS feed
The Register breaking news

Flashback trojan targeting OS X shuns virtual machines

Underscoring the growing sophistication of Mac-based malware, a trojan preying on OS X users has adopted several stealth techniques since it was discovered last month. Updates to the Flashback trojan, which gets installed by disguising itself as an Adobe Flash update, now prevent the malware from running on Macs that use VMware …
Dan Goodin, 13 Oct 2011
The Register breaking news

Peer-to-peer update makes ZeuS botnets harder to take down

A new strain of the ZeuS crimeware toolkit comes with a peer-to-peer design that lets infected machines bypass centralized servers when receiving updates and marching orders from operators, a researcher said. The update to a custom-built ZeuS variant known as Murofet could make it harder for white-hat hackers and law- …
Dan Goodin, 13 Oct 2011
The Register breaking news

iOS update woes prompt gnashing of teeth for Apple fans

Updated Apple released the much-anticipated iOS 5 update for iPhones, iPads and iPod Touches on Wednesday, an update that was almost immediately met with error messages by throngs of users trying to download it from the company's servers. The errors, according to accounts on Apple support pages and this Cult of Mac report, carried …
Dan Goodin, 12 Oct 2011
The Register breaking news

Man charged in nude celebrity hacking case

A Florida man hacked into the email accounts of actresses Scarlett Johansson and Mila Kunis, and as many as 50 other celebrities and made off with nude photos, movie scripts, and other personal information, federal prosecutors said. Christopher Chaney, 35, of Jacksonville, Florida, obtained personal information about his …
Dan Goodin, 12 Oct 2011
The Register breaking news

Android app maker settles claims it exposed sensitive files

The maker of a peer-to-peer application for Android handsets has agreed to settle federal charges that it was likely to cause users to unwittingly expose sensitive files to other people using the app. Angel Leon, developer of FrostWire for Android, agreed to redesign the app after officials of the Federal Trade Commission …
Dan Goodin, 12 Oct 2011
The Register breaking news

Hundreds of websites share usernames sans permission

Home Depot, The Wall Street Journal, Photobucket, and hundreds of other websites share visitor's names, usernames, or other personal information with advertisers or other third parties, often without disclosing the practice in privacy policies, academic researchers said. Sixty-one percent of websites tested by researchers from …
Dan Goodin, 11 Oct 2011
The Register breaking news

Microsoft flags Firefox and Chrome for security failings

Microsoft has unveiled a website aimed at raising awareness of browser security by comparing the ability of Internet Explorer, Mozilla Firefox, and Google Chrome to withstand attacks from malware, phishing, and other types of threats. Your Browser Matters gives the latest versions of Firefox and Chrome a paltry 2 and 2.5 points …
Dan Goodin, 11 Oct 2011
The Register breaking news

Scientists break card that secures homes, offices, transit

Scientists have circumvented the encryption used to protect a smartcard that's widely used to restrict access in corporate and government buildings, and to process payments in public transit systems, a feat that makes it possible to clone perfect replicas of the digital keys and steal or modify their contents. The attack, …
Dan Goodin, 10 Oct 2011
The Register breaking news

Chaos feared after Unix time-zone database is nuked

The internet's authoritative source for time-zone data has been shut down after the volunteer programmer who maintained it was sued for copyright infringement by a maker of astrology software. David Olson, custodian of the Time Zone and Daylight Saving Time Database, said on Thursday he was retiring the FTP server he's long …
Dan Goodin, 07 Oct 2011
The Register breaking news

SpyEye banking trojan: now with SMS hijacking capability

The SpyEye banking trojan has acquired the ability to reroute one-time passwords sent to victims' cellphones, a measure that bypasses protections more and more financial institutions are adopting. According to a blog post published Wednesday by a researcher from security firm Trusteer, SpyEye was recently observed trying to …
Dan Goodin, 06 Oct 2011
The Register breaking news

Attack on Apache server exposes firewalls, routers and more

Maintainers of the open-source Apache webserver are warning that their HTTP daemon is vulnerable to exploits that expose internal servers to remote attackers who embed special commands in website addresses. The weakness in 1.3 and all 2.x versions of the Apache HTTP Server can be exploited only under certain conditions. For one …
Dan Goodin, 06 Oct 2011
The Register breaking news

Tuesday's iPhone event more than Apple.com can bear

Apple may be an unstoppable force in the eyes of its competitors, fans and pretty much everyone else, but no one more so than the webmasters running Apple.com. A couple of hours into the company's "Lets talk iPhone" event Tuesday, trying to access Apple's homepage, online store, and most other sections of its website was like a …
Dan Goodin, 04 Oct 2011
The Register breaking news

Thailand PM's Twitter account breached

The Twitter account belonging to Thailand Prime Minister Yingluck Shinawatra has been suspended after someone took control of it and used it to send messages critical of her administration. A government official said that investigators believe a Thai citizen broke into Yingluck's email account and used it to access her Twitter …
Dan Goodin, 04 Oct 2011
The Register breaking news

Check your machines for malware, Linux developers told

Following a series of embarrassing intrusions that hit the servers used to maintain and distribute the Linux operating system, project elders have advised all developers to check their Linux machines for signs of compromise. Emails sent Friday by Linux kernel lead developers Greg Kroah-Hartman and H Peter Anvin arrived as …
Dan Goodin, 04 Oct 2011
The Register breaking news

Bank of America website disrupted for 4th day in a row

Bank of America's website continued to suffer sporadic outages on Monday, marking the fourth day that some customers have been unable to use its online services to check balances and pay bills. "We're sorry, but some of our pages are temporarily unavailable," a note posted to the homepage for the biggest US bank read. "Thanks …
Dan Goodin, 03 Oct 2011
The Register breaking news

Adobe: crashing 100 million machines not an option

The vast majority of time Adobe spends patching zero-day vulnerabilities in its ubiquitous Reader and Flash Player applications is devoted to making sure the fixes won't cause catastrophic crashes on end-user machines, the company's security chief said. “The last thing we want to do is ship a release that blue screens hundreds …
Dan Goodin, 03 Oct 2011
The Register breaking news

Pandemonium as Microsoft AV nukes Chrome browser

Users of Google's Chrome browser are in an uproar after antivirus software from Microsoft classified it as virulent piece of malware that should be deleted immediately. On Friday, a faulty signature update for both Microsoft Security Essentials and Microsoft Forefront incorrectly detected the Chrome executable file for Windows …
Dan Goodin, 30 Sep 2011
The Register breaking news

Qualys endorses alternative to crappy SSL system

San Francisco-based security firm Qualys is throwing its support behind an experimental project designed to improve the security and privacy of website authentication by reducing reliance on certificate authorities that issue secure sockets layer credentials. The Convergence project was devised by Moxie Marlinspike, a security …
Dan Goodin, 30 Sep 2011
The Register breaking news

Man who blasted five million text spams gets wrist slap

Federal authorities have issued a token wrist slap to a California man for sending at least 5 million text-message spams and harvesting the personal information of recipients against their wishes. Phil Flora of Huntington Beach, California, agreed to pay $32,000 to settle charges brought in February by the Federal Trade …
Dan Goodin, 29 Sep 2011
The Register breaking news

Firefox devs mull dumping Java to stop BEAST attacks

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. The move, which would prevent Firefox from working with scores of popular websites and …
Dan Goodin, 29 Sep 2011
The Register breaking news

Diebold e-voting hack allows remote tampering

Computer scientists have demonstrated a hack that uses off-the-shelf hardware to tamper with electronic voting machines that millions of Americans will use to cast ballots in the 2012 presidential elections. The attack on the Diebold AccuVote TS electronic voting machine, which is now marketed by Election Systems & Software, …
Dan Goodin, 28 Sep 2011
The Register breaking news

US lawmakers call for FTC probe of supercookies

Two US lawmakers have called on the Federal Trade Commission to investigate the use of “supercookies” that secretly log web visitors' browsing histories across multiple sites, even when the users delete browser cookies to elude tracking. In a letter sent Tuesday to FTC Chairman Jon Leibowitz, the co-chairs of the Congressional …
Dan Goodin, 28 Sep 2011
The Register breaking news

Microsoft delivers fatal blow to yet another botnet

Microsoft said it delivered a fatal legal blow to Kelihos, a botnet that stole sensitive personal information stored on computers it infected, and was capable of delivering almost 4 billion spam messages per day. The takedown was achieved in part by obtaining a secret court order shutting down 21 internet addresses, including …
Dan Goodin, 27 Sep 2011
The Register breaking news

Mac security update leaves users open to ugly Flashback

Apple has updated the malware protection built into its Mac operating system to flag a recently discovered trojan that hijacks users' machines by masquerading as a benign document. Malware disguised as an Adobe Flash installer, meanwhile, remained unchecked. The file quarantine, which Apple snuck into a prerelease version of …
Dan Goodin, 27 Sep 2011
The Register breaking news

World takes notice as SSL-chewing BEAST is unleashed

With the decrypting of a protected PayPal browser cookie at a security conference Friday, it became official: the internet's foundation of trust has suffered yet another serious fracture that will require the attention of the industry's best minds. Within hours of the demonstration by researchers Juliano Rizzo and Thai Duong, …
Dan Goodin, 27 Sep 2011
The Register breaking news

MySQL.com breach leaves visitors exposed to malware

Hackers recently compromised the website hosting the open-source MySQL database management system and caused it to infect the PCs of visitors who used unpatched browsers and plug-ins, security researchers said. MySQL.com was infected with mwjs159, website malware that often spreads when compromised machines are used to access …
Dan Goodin, 26 Sep 2011
The Register breaking news

Experts suggest SSL changes to keep BEAST at bay

With just a few hours until researchers unveiled an attack they say decrypts sensitive web traffic protected by the ubiquitous secure sockets layer protocol, cryptographers described a simple way website operators can insulate themselves against the exploit. The recommendations published Friday by two-factor authentication …
Dan Goodin, 23 Sep 2011
The Register breaking news

Xbox Live patrols hit by ugly SWAT attacks

Hackers trying to cheat the Xbox Live game network have stooped to a new low: sending hoax emergency distress calls to police with the goal of drawing an armed response to the homes of Microsoft employees. According to The Sammamish Patch news service, Eric Neustadter, operations manager for Xbox Live, was the latest Xbox …
Dan Goodin, 23 Sep 2011
The Register breaking news

Three more charged in Anonymous hack spree probe

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew. Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands …
Dan Goodin, 22 Sep 2011
The Register breaking news

Finance software bug causes $217m in investor losses

A developer of financial software has agreed to pay $2.5 million to settle charges stemming from his concealment of a bug that caused about $217 million in investment losses. Barr M. Rosenberg, 68, of Sea Ranch, California, developed the quantitative investment modeling software and put it into production in 2007 to help …
Dan Goodin, 22 Sep 2011
The Register breaking news

Microsoft turns to FBI in hunt for Rustock ringleader

Microsoft lawyers have sealed their victory over the operators of what was once the world's biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet. The seizure was completed earlier this month when a federal judge in Washington state …
Dan Goodin, 22 Sep 2011
The Register breaking news

Hackers of Japanese military contractor fluent in Chinese

Software used to breach the security of a Japanese maker of sensitive weapons systems contained simplified Chinese characters, making it difficult for those who don't speak the language to carry out the hack, Japan's biggest daily newspaper reported. A computer screen used by attackers to remotely control infected computers …
Dan Goodin, 22 Sep 2011
The Register breaking news

Adobe rushes out emergency fix for critical bug in Flash

Adobe Systems has issued an emergency update for its ubiquitous Flash Player that fixes a critical security vulnerability that attackers are actively exploiting to hack end user machines. Code exploiting the universal XSS, or cross-site scripting, bug “is being exploited in the wild in active targeted attacks designed to trick …
Dan Goodin, 21 Sep 2011
The Register breaking news

Google preps Chrome fix to slay SSL-attacking BEAST

Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol. The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, proof-of …
Dan Goodin, 21 Sep 2011
The Register breaking news

Prosecutor calls poker site 'global Ponzi scheme'

Directors of one of the internet's biggest gambling sites have been accused of running a massive Ponzi scheme that bilked players out of about $330 million. In court documents filed Tuesday, federal prosecutors accused those operating Full Tilt Poker of withdrawing more than $443 million from players' bank accounts and …
Dan Goodin, 20 Sep 2011
The Register breaking news

Android bug lets attackers install malware without warning

It's been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there's no indication when they will be purged from the Google-spawned operating system that's the world's most popular smartphone platform. The first flaw allows apps to be installed without prompting users for …
Dan Goodin, 20 Sep 2011
The Register breaking news

Skype for iPhone makes stealing address books a snap

If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message. In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat …
Dan Goodin, 20 Sep 2011
The Register breaking news

Hackers break SSL encryption used by millions of sites

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the …
Dan Goodin, 19 Sep 2011
The Register breaking news

Yahoo, Microsoft's Bing display toxic ads

Search engines from Microsoft and Yahoo! Have once again been caught displaying ads that direct users to malicious content, some that infects them with malware that's hard to detect and get rid of, researchers said. Queries such as “FireFox Download,” “Download Skype,” and “Download Adobe Player” typed into the sites returned …
Dan Goodin, 16 Sep 2011
The Register breaking news

How gizmo maker's hack outflanked copyright trolls

When the master encryption key locking down millions of Blu-ray players and set-top boxes was mysteriously leaked last year, Hollywood moguls worried their precious high-definition movies would face a new flurry of piracy. Instead, it spawned the Chumby NeTV, a tiny, Wi-Fi-connected box that sits between a television and a set- …
Dan Goodin, 16 Sep 2011
The Register breaking news

After hack nightmare, Sony bars lawsuits with new TOS

After getting the pants sued off it for security breaches that exposed personal information connected to more than 100 million online accounts, Sony is requiring subscribers to waive their right to wage class-action lawsuits for almost any reason. Sony dropped the bombshell in an updated terms of service and user agreement (PDF …
Dan Goodin, 16 Sep 2011
The Register breaking news

Windows 8 to ship with built-in malware protection

Microsoft's next version of Windows will ship with "tons of security features," including one that automatically scans boot drives for malware and a revamped version of the Windows Defender antivirus program, company executives said. At the company's BUILD conference in Anaheim, California on Tuesday, Corporate Vice President …
Dan Goodin, 14 Sep 2011
The Register breaking news

Malware burrows deep into computer BIOS to escape AV

Researchers have discovered one of the first pieces of malware ever used in the wild that modifies the software on the motherboard of infected computers to ensure the infection can't be easily eradicated. Known as Trojan.Mebromi, the rootkit reflashes the BIOS of computers it attacks to add malicious instructions that are …
Dan Goodin, 14 Sep 2011
The Register breaking news

Android banking trojan intercepts security texts

Developers of the SpyEye banking trojan have started bundling it with malware for phones running Google's Android operating system to intercept text messages many financial institutions use to prevent fraud, researchers said. The trojan known as Spitmo is SpyEye's first in-the-wild malware to target Android, Ayelet Heyman, a …
Dan Goodin, 14 Sep 2011
The Register breaking news

Bittorrent.com's software download hacked to serve malware

Attackers hijacked two popular Bittorrent websites and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The hacks on bittorrent.com and utorrent.com replaced the sites' standard software downloads with a piece of fake antivirus software known as Security …
Dan Goodin, 13 Sep 2011
The Register breaking news

State-sponsored spies collaborate with crimeware gang

Hackers sponsored by the Chinese government and other nations are collaborating with profit-driven malware gangs to infiltrate corporate networks storing government secrets and other sensitive data, researchers say. In many ways, the relationship between state-sponsored actors and organized crime groups that target online bank …
Dan Goodin, 13 Sep 2011
The Register breaking news

GlobalSign says 'isolated' webserver was hacked

Web authentication authority GlobalSign, which voluntarily suspended operations last week while it investigated claims its security was breached, said it has uncovered evidence that one of its servers has been compromised. "The breached web server has always been isolated from all other infrastructure and is used only to serve …
Dan Goodin, 12 Sep 2011
The Register breaking news

Man sentenced to 14 years for mass credit card theft

An Indiana man was sentenced to 14 years in prison for selling counterfeit payment cards that caused more than $3 million in losses. Tony Perez III, 21, received the sentence on Friday, five months after pleading guilty to one count each of wire fraud and aggravated identity theft. He was also ordered to forfeit more than $2.8 …
Dan Goodin, 09 Sep 2011
The Register breaking news

Apple finally purges Mac OS of disgraced DigiNotar certs

Apple has finally purged the imprimatur of disgraced web authentication authority DigiNotar from its Mac operating system. In an update released Friday, Apple removed multiple DigiNotar root certificates from the Lion and Snow Leopard versions of Mac OS X. The move came nine days after the discovery that the Netherlands-based …
Dan Goodin, 09 Sep 2011
The Register breaking news

Firesheep addon updated to exploit Google info leak

Researchers have released a Firefox extension that demonstrates the risks of using Google search services on Wi-Fi hotspots and other unsecured networks: With just a few clicks, attackers can view large chunks of your intimate browsing history, including websites you've already visited. The proof-of-concept addon is an …
Dan Goodin, 09 Sep 2011