The Register Columnists

Dan Goodin

Contact Mail Follow RSS feed
The Register breaking news

Duqu targeted each victim with unique files and servers

The creators of the Duqu malware that penetrated industrial manufacturers in at least eight countries tailored each attack with exploit files, control servers, and booby-trapped Microsoft Word documents that were different for each victim, according to research published on Friday. What's more, two of the drivers the …
Dan Goodin, 11 Nov 2011
The Register breaking news

Feds win access to WikiLeakers Twitter account data

US Justice Department investigators have won a hard-fought campaign to access the Twitter records of three current and former WikiLeaks associates, rebuffing arguments that the document demand violated the constitutional right to free speech and a prohibition against unreasonable searches and seizures. In a 60-page opinion …
Dan Goodin, 11 Nov 2011
The Register breaking news

Death match between site and writer over Twitter account

A mobile products review site is locked in a fierce battle with one of its former writers over who is the rightful owner of a Twitter account with 17,000 followers that was set up before he ended his employment. PhoneDog sued Noah Kravitz in July in a complaint that claimed the password and followers for the Twitter account @ …
Dan Goodin, 10 Nov 2011
The Register breaking news

Apple kills code-signing bug that threatened iPhone users

Apple has patched a serious bug in iPhones and iPads that allowed attackers to embed secret payloads in iTunes App Store offerings that were never approved during the official submission process. Charlie Miller, who is principal research consultant at security firm Accuvant, was kicked out of the iOS developer program on …
Dan Goodin, 10 Nov 2011
The Register breaking news

City IT manager accused of brazenly stealing mayor's email

A former IT manager for the city of Hoboken, New Jersey, was arrested on Wednesday on charges he intercepted emails sent to and from its sitting mayor and other top city officials, and forwarded them to others. Patrick Ricciardi, 45, of Hoboken, used an automated script to access every email sent to or received by Mayor Dawn …
Dan Goodin, 10 Nov 2011
The Register breaking news

Feds shutter DNS malware scam that infected 4 million PCs

Federal authorities have shut down an international conspiracy that forced more than four million computers to connect to fraudulent webpages when users tried to visit Netflix, the US Internal Revenue Service, Apple's iTunes and other services. Prosecutors named seven Eastern European defendants who allegedly generated more …
Dan Goodin, 09 Nov 2011
The Register breaking news

Microsoft releases fix for Applocker bypass flaw

Microsoft has released a temporary fix for a flaw in its latest operating systems that allows untrusted users to bypass security measures preventing them from running unauthorized applications. AppLocker allows administrators to restrict the applications that can be run on computers running Windows 7 and Windows Server 2008. But …
Dan Goodin, 09 Nov 2011
The Register breaking news

Duqu spawned by 'well-funded team of competent coders'

The Duqu malware that targeted industrial manufacturers around the world contains so many advanced features that it could only have been developed by a team of highly skilled programmers who worked full time, security researchers say. The features include steganographic processes that encrypt stolen data and embed it into image …
Dan Goodin, 09 Nov 2011
The Register breaking news

US Supremes liken GPS tracking to 1984's Big Brother

If the Obama administration wins a crucial case testing when police may use GPS devices to track American's whereabouts, investigators would be free to attach them to all nine members of the nation's highest court without a warrant. That blunt assessment came not from one of the many critics blasting the controversial practice …
Dan Goodin, 08 Nov 2011
The Register breaking news

Advertiser settles charges for use of Adobe Flash cookies

An internet-based advertising network has agreed to settle Federal Trade Commission charges stemming from its use of Adobe Flash cookies to track internet users' browsing history, even when they took steps to evade monitoring. Boston-based ScanScout agreed to make it easier for web users to opt out of tracking, as part of a …
Dan Goodin, 08 Nov 2011
The Register breaking news

Apple expels serial hacker for publishing iPhone exploit

Charlie Miller, the serial hacker who has exposed more than a dozen critical vulnerabilities in Apple's Mac and mobile platforms, was kicked out of the company's iOS developer program after publishing an application that demonstrated a serious new bug in iPhones and iPads. Miller's InstaStock app, which was accepted into the …
Dan Goodin, 08 Nov 2011
The Register breaking news

DNS cache poisonings foist malware attacks on Brazilians

An attack on several Brazilian ISPs has exposed large numbers of their subscribers to malware attacks when they attempt to visit Hotmail, Gmail, and other trusted websites, security researchers have warned. The attacks work by poisoning the domain name system cache that the service providers use to translate domain names such …
Dan Goodin, 07 Nov 2011
The Register breaking news

Router glitch causes widespread net outages

Internet services throughout North America and Europe saw widespread outages and slowdowns on Monday after backbone provider Level 3 Communications suffered a global failure, network providers said. Time Warner Cable in the US, Research in Motion services for BlackBerry subscribers, and UK ISPs Eclipse Internet, Easynet, and …
Dan Goodin, 07 Nov 2011
The Register breaking news

SSL authority stops issuing certificates following breach

Yet another web authentication authority has stopped issuing secure sockets layer certificates after discovering a security breach that allowed hackers to store attack tools on one of its servers. Netherlands-based KPN Corporate Market said it was taking the action while it investigated the compromise, which may have taken …
Dan Goodin, 04 Nov 2011
The Register breaking news

CIA 'Open Source Center' monitors Facebook, Twitter

The CIA has opened the kimono on its Virginia-based Open Source Center, where a team known as the "vengeful librarians" pore over Facebook, Twitter, internet chat rooms, and any other overseas forum that anyone can access and contribute to openly, the Associated Press reports. With hundreds of analysts, the team is charged with …
Dan Goodin, 04 Nov 2011
The Register breaking news

Microsoft releases temporary fix for critical Windows bug

Microsoft has issued a temporary fix for a critical Windows vulnerability that has already been exploited to install highly sophisticated malware that targeted manufacturers of industrial systems. In an advisory issued late Thursday, Microsoft said the previously unknown flaw in the Win32k TrueType font-parsing engine affected …
Dan Goodin, 04 Nov 2011
The Register breaking news

US, Europe throw their very first joint cyber-war party

The European Union and the US on Thursday conducted their first ever cyber security exercises designed to coordinate responses to attacks on critical infrastructure. Security experts from the US and 27 EU member states were involved in the drill, which simulated crises affecting national security. In the first scenario, a …
Dan Goodin, 04 Nov 2011
The Register breaking news

Web credential authority rebuked for 'poor' security

Microsoft, Google, and Mozilla will banish yet another web authentication authority from their software after learning that it issued secure sockets layer certificates that could be used to attack people visiting Malaysian government websites. Digicert Malaysia, an intermediate certificate authority that was certified by parent …
Dan Goodin, 03 Nov 2011
The Register breaking news

Apple requires Mac App Store candidates to be sandboxed

Developers submitting applications to Apple's Mac App Store will soon be required to add an extra layer of security for their wares to be accepted. Beginning in March, all apps submitted must implement sandboxing, a protection that tightly restricts the way applications can interact with other parts of the operating system. By …
Dan Goodin, 03 Nov 2011
The Register breaking news

Want to avoid all private-data breaches, ever? Here's how

Interview As information and privacy commissioner of Ontario, Ann Cavoukian's jurisdiction is limited to the Canadian province. But that doesn't mean the effects of her post don't extend into territories across the globe. “What I always say is privacy transcends jurisdiction,” she says. “It knows no boundaries. So if I'm going to protect …
Dan Goodin, 03 Nov 2011
The Register breaking news

Notorious eBay hacker gets 3-year suspended sentence

Vladuz, the Romanian hacker who repeatedly accessed off-limits parts of eBay's website and then publicly taunted company officials over the security lapses, has been handed a suspended three-year sentence, according to news reports. The Bucharest appeal court issued the sentence on Wednesday to 23-year-old Vlad Duiculescu, AFP …
Dan Goodin, 03 Nov 2011
The Register breaking news

Accused Hollywood hacker does about face, pleads not guilty

A Florida man has pleaded not guilty to charges he broke into the email accounts of actresses Scarlett Johansson and Mila Kunis, and as many as 50 other celebrities, and made off with nude photos and personal information. Christopher Chaney, 35, of Jacksonville, Florida, denied the allegations contained in a 26-count indictment …
Dan Goodin, 02 Nov 2011
The Register breaking news

Thousands of WordPress sites commandeered by Black Hole

Mass attacks that exploit a known vulnerability in the WordPress publishing platform have continued to bear fruit for hackers, with thousands of websites claimed in the past few weeks, a researcher said. The security bug, in a widely used image resizing utility known as TimThumb, allows attackers to seize control of WordPress …
Dan Goodin, 02 Nov 2011
The Register breaking news

Army of 'socialbots' steal gigabytes of Facebook user data

Updated A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks, researchers said in an academic report to be presented next month. The 102 “socialbots” included a name and picture of a fictitious Facebook user and used …
Dan Goodin, 01 Nov 2011
The Register breaking news

Critical Windows zero-day bug exploited by Duqu

The Duqu malware used to steal sensitive data from manufacturers of industrial systems exploits at least one previously unknown vulnerability in the kernel of Microsoft Windows, Hungarian researchers said. The zero-day vulnerability was triggered by a booby-trapped Word document that was recently discovered by researchers from …
Dan Goodin, 01 Nov 2011