Iain Thomson

Contact Mail Follow Twitter RSS feed
chips

FREE zero-day for every reader: AT&T's DirecTV kit has a root hole – and no one wants to patch it

AT&T's DirecTV wireless kit has an embarrassing vulnerability in its firmware that can be trivially exploited by miscreants and malware to install hidden backdoors on the home network equipment, according to a security researcher. Ricky Lawshae – a DEF CON veteran and infosec guru at Trend Micro's Digital Vaccine Labs – was an …
Iain Thomson, 13 Dec 2017
starbucks

Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges

Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers' computers for mystery miscreants. A sharp-eyed quaffer in a branch of the frothy-coffee-flavored-milk franchise noticed that when he signed on to the cafe's free Wi-Fi service something was amiss. …
Iain Thomson, 12 Dec 2017

Archive of 1.4 BEEELLION credentials in clear text found in dark web archive

A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ. The 41-gigabyte file was discovered on December 5 and had been updated at the end of last month, indicating the data is both current and being used by third parties. The …
Iain Thomson, 12 Dec 2017
meteorite

Forget Bruce Willis, Earth's atmosphere is our best defense against meteorites

Researchers have discovered why most meteorites disintegrate before they reach Earth - and it's all to do with atmospheric pressure. Previously it was thought that compression of air particles is what causes meteorites to wear away as they make their way down to our planet's surface, but many, like the 2013 Chelyabinsk …
Iain Thomson, 11 Dec 2017
reused

SpaceX to try reusing both rocket and spacecraft for historic ISS mission

In a first for the company, SpaceX is planning to launch a supply mission to the International Space Station using both a pre-flown first stage rocket and a Dragon capsule that has already been in orbit. The mission, which will carry 4,800 lbs of food, water, and science experiments to the astronauts in low-Earth orbit, was …
Iain Thomson, 8 Dec 2017
fire

Los Angeles police tell drivers not to trust navigation apps as wildfires engulf area

As wildfires continue to rage around Los Angeles, the local police have asked drivers to be somewhat skeptical about navigation apps. So far, over 200,000 people have been ordered to evacuate their homes as the fires are spreading fast, helped by dry conditions and 80mph winds. With over 116,000 acres currently engulfed in …
Iain Thomson, 7 Dec 2017

Data-slurping keyboard app makes Mongo mistake with user data

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you’re giving up with some apps. On Tuesday security shop Kromtech released details on a MongoDB database it found unsecured online containing 577GB of data collected by predictive keyboard app AI. …
Iain Thomson, 5 Dec 2017
closed sign

International team takes down virus-spewing Andromeda botnet

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, …
Iain Thomson, 5 Dec 2017

Prison hacker who tried to free friend now likely to join him inside

A Michigan man who hacked into his local prison's computing system to gain early release for a friend is facing his own time inside after getting caught. Konrads Voits, 27, pled guilty to hacking charges after installing malware on the Washtenaw County government computer system in an attempt to get a friend released early …
Iain Thomson, 4 Dec 2017

US credit repair biz damages own security: 111GB of personal info exposed in S3 blunder

The National Credit Federation, a US credit repair biz, left 111GB of thousands of folks' highly sensitive personal details exposed to the public internet, according to security researchers. In yet another AWS S3 configuration cockup, Americans' names, addresses, dates of birth, photos of driver licenses and social security …
Iain Thomson, 2 Dec 2017
baratov

Canadian! fella! admits! hacking! Gmail! inboxes! amid! Yahoo! megahack!

A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts. Karim Baratov, 23, appeared in a federal district court in San Francisco on Tuesday after striking a plea deal with US prosecutors. He was …
Iain Thomson, 29 Nov 2017
Soyuz

Russian rocket snafu may have just violently dismantled 19 satellites

Updated A Russian weather satellite and 18 micro-satellites are right now thought to be at the bottom of the Atlantic ocean after a Soyuz rocket carrying the birds malfunctioned shortly after launch. The launch of the Soyuz 2-b rocket – the latest addition to Russia's venerable line of boosters – took place at the new Vostochny …
Iain Thomson, 28 Nov 2017
army

US intelligence blabs classified Linux VM to world via leaky S3 silo

Updated A classified toolkit for potentially accessing US military intelligence networks was left exposed to the public internet, for anyone to find, according to security researchers today. A Linux-based virtual machine designed to safely receive and handle secret material, and connect to protected Pentagon computers, was discovered …
Iain Thomson, 28 Nov 2017
china hacker

Chinese IT security bods accused of siphoning US GPS, biz blueprints

Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege. Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and …
Iain Thomson, 28 Nov 2017

iPhone X Face ID fooled again by 'evil twin' mask

Video Security researchers have once again claimed a simple mask can hoodwink Apple's Face ID authentication system, which graces the tech giant's $1,000 iPhone X. Earlier this month, bods at Bkav, based in Vietnam, demonstrated it was possible to bypass the face-recognizing login mechanism using a $150 3D-printed mask, effectively …
Iain Thomson, 28 Nov 2017

That $10,000 Facebook bug: Photos shafted, addicts screwed by polls

A security researcher found a way to delete any picture on Facebook, irrespective of whether it's public or private, by cunning use of polls. Pouya Daribi was digging around in the software used by Facebook users to set up quick opinion polls on their profile pages. When creating these informal surveys, the social media …
Iain Thomson, 27 Nov 2017
army

Massive US military social media spying archive left wide open in AWS S3 buckets

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. The archives were found by UpGuard's veteran security-breach …
Iain Thomson, 17 Nov 2017
Hacker

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on …
Iain Thomson, 16 Nov 2017
Rage

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it. Last week, netizens using Parity's multi-signature wallets – which each require more than one person …
Iain Thomson, 16 Nov 2017

How about that time Russian military used a video game pic as proof of US aiding ISIS?

Earlier this week, the official Facebook and Twitter accounts of the Russian Ministry of Defense said it had "irrefutable evidence" the US was aiding ISIS in Syria – and revealed four grainy photos apparently backing up its claims. The images, apparently taken last week, were captioned as showing the American forces letting …
Iain Thomson, 16 Nov 2017

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data. The remote access trojan (RAT), dubbed Fallchill, is the work of a North Korean hacking group called Hidden Cobra, which some at US-CERT believe was responsible for the WannaCry …
Iain Thomson, 15 Nov 2017
lab rat

Uncle Sam to strap body sensors to hackers in nuke lab security study

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws. The study is running this month and next at what's described as a high-security nuclear science …
Iain Thomson, 15 Nov 2017

What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants. The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people's PCs and handhelds – way more than …
Iain Thomson, 15 Nov 2017
Freedom

Think the US is alone? 18 countries had their elections hacked last year

While America explores quite how much its election was interfered with by outsiders, the news isn't good for the rest of us, according to independent watchdog Freedom House. In its annual Freedom of the Net [PDF] report on the state of the internet and democracy, the group surveyed 65 nation states comprising 87 per cent of …
Iain Thomson, 14 Nov 2017
mask

Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'

Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone. Bkav Corporation, an tech security biz with offices in the US and Singapore, specializes in bypassing facial-recognition systems, and set out to do the same …
Iain Thomson, 13 Nov 2017

Biting the hand that feeds IT © 1998–2017