Iain Thomson

Contact Mail Follow Twitter RSS feed
stars

Neutron stars shower gold on universe in big bang, felt on Earth as 100-second grav wave

Barely two years after it came online, the Laser Interferometer Gravitational-Wave Observatory (LIGO) has scored a double success. Last week, the instrument earned its creators a Nobel Prize – and this week we're told it helped spot the first neutron star collision from both its gravitational wave and radiation emissions. At …
Iain Thomson, 16 Oct 2017

Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware. The flaw, CVE-2017-11292, was discovered by Kaspersky Labs, and affects all current versions of Flash for Windows, macOS, Linux and Chrome OS. A programming cockup in …
Iain Thomson, 16 Oct 2017
Cyber

US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in …
Iain Thomson, 13 Oct 2017

Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers. The dot-com is run by the Tampa Bay Times, and already has its work cut out for it given the state of American politics. …
Iain Thomson, 13 Oct 2017
Hyatt

Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Hyatt has provided the perfect excuse for folks trying to explain to bosses or spouses why a film they watched in their hotel room for just seven minutes appeared on their company or personal credit card. Its computer systems were earlier this year hacked by miscreants, who infected payment terminals with malware that siphoned …
Iain Thomson, 12 Oct 2017

Dear America, best not share that password with your pals. Lots of love, the US Supremes

A California bloke fighting a computer hacking conviction has lost his final appeal after the US Supreme Court declined to hear his case. The ramifications of this decision could affect everyone in America who has ever shared a password with their friends and family. We'll explain. In 2004, David Nosal was a high-level …
Iain Thomson, 11 Oct 2017
Outlook

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached. You read that right: if you can intercept a network connection transferring an encrypted email, …
Iain Thomson, 11 Oct 2017
wire

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Updated Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist. On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to …
Iain Thomson, 11 Oct 2017
laugh

Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLION

Updated Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million. In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement …
Iain Thomson, 10 Oct 2017
Leak

Et tu Accenture? Then fall S3er: Consultancy giant leaks private keys, emails and more online

Updated Yet another organization has been caught exposing sensitive data to the public internet: this time it is Accenture – consultants to the great and the good – with a misconfigured AWS S3 bucket leaking access keys and other private documents. On September 17, veteran cloud watchdog Chris Vickery at security shop Upguard found …
Iain Thomson, 10 Oct 2017

FBI iPhone hack lost forever, White House mobe compromised, SSH – and plenty more

Roundup Another week draws to a close so it's time to review the security news you may have missed in between the big hitters: the NSA contractor who leaked more exploits, Apple's encryption password blunder, and so on. This week we've seen bugs, hacking, and government silliness – take a look... Computerinsel PhotoLine full of bugs …
Iain Thomson, 6 Oct 2017

Blade Runner 2049 review: Scott's vision versus Villeneuve's skill

No spoilers Stepping into the cinema to watch Blade Runner 2049 was a nervous moment; after The Phantom Menace and Prometheus, was another studio about to take a steaming dump on a pivotal film of my youth? The omens were good. Director Denis Villeneuve gave us probably the best sci-fi film of last year in Arrival and his previous film, …
Iain Thomson, 6 Oct 2017
ThinkPad25

Lenovo spits out retro ThinkPads for iconic laptop's 25th birthday

After teasing techies for months, Lenovo has finally unveiled the ThinkPad 25: a laptop designed to mimic the look and feel of the legendary IBM ThinkPad but with all modern components. This 336.6 mm x 232.5 mm x 19.95 mm ThinkPad 25 has the seven-row keyboard beloved by ThinkPad devotees but which Lenovo dumped in 2011, the …
Iain Thomson, 5 Oct 2017

Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim

Russian government spies used Kaspersky Lab software to extract top-secret software exploits from an NSA staffer's home PC, anonymous sources have claimed. The clumsy snoop broke regulations by taking the classified code, documentation, and other materials home to work on using his personal computer, which was running …
Iain Thomson, 5 Oct 2017

Google touts Babel Fish-esque in-ear real-time translators. And the usual computer stuff

Google today showed off some new Android phones, a laptop, two Home assistants, and a genuine surprise: a set of earbuds that attempt to emulate Douglas Adams’ legendary Babel Fish – a real-time language translator. During the hardware unveiling, an event dubbed Made by Google, in San Francisco a few hours ago, CEO Sundar …
Iain Thomson, 5 Oct 2017

Nothing matters any more... Now hapless Equifax bags $7.5m IT contract with US taxmen

Shortly after we all learned of a massive security breach at Equifax in which the personal information of 143 million 145.5 million Americans and sundry Brits and Canadians was plundered by hackers, the US Internal Revenue Service awarded Equifax a no-bid contract – to provide identity verification services for the tax authority …
Iain Thomson, 3 Oct 2017
mayer

Oath-my-God: THREE! BILLION! Yahoo! accounts! hacked! in! 2013! – not! 'just!' 1bn!

With Equifax testifying in US Congress today about its own massive security failings, someone at Yahoo! presumably thought now would be a good time to bury bad news – but some things are too large to hide. In a filing on Tuesday to America's financial watchdogs, Yahoo!, now owned by Verizon under the Oath brand, admitted the …
Iain Thomson, 3 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

Microsoft has explained how a cascading series of cockups left some of its Northern European Azure customers without access to services for nearly seven hours. On September 29, the sounds of "Sacré bleu!" "Scheisse!" and "What are the bastards up to now?" were, we're guessing, heard from Redmond's Euro clients after key …
Iain Thomson, 3 Oct 2017

Patch your Android, peeps, it has up to 14 nasty flaws to flog

Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege …
Iain Thomson, 3 Oct 2017
Putin

HPE coughed up source code for Pentagon's IT defenses to ... Russia

Updated Hewlett Packard Enterprise handed over the source code for its ArcSight security platform to Russian investigators in exchange for being allowed to sell kit in the former Soviet Union. That's kinda awkward because the Pentagon is one of ArcSight's most high-profile customers. The US military uses the software, which is …
Iain Thomson, 2 Oct 2017

Dnsmasq and the seven flaws: Patch these nasty remote-control holes

Google security engineers have spotted not one, not two, but seven serious flaws in Dnsmasq, a fairly widely used DNS forwarder and DHCP server. This open-source program is present in a lot of home routers and certain Internet of Things gadgets, and included in desktop Linux distributions such as Ubuntu and Debian. According …
Iain Thomson, 2 Oct 2017
BFR

Musk: Come ride my Big F**king Rocket to Mars

Elon Musk thinks he can get humans onto Mars within the next seven years. On Friday, he told the International Astronautical Congress (IAC) in Adelaide, Australia, how he intends to do it. Key to Musk's plans is the BFR (aka a Big Fucking Rocket), a 106-metre (348-foot) tall beast slightly shorter than the Saturn V, and 9 …
Iain Thomson, 29 Sep 2017
Total Recall

US yanks staff from Cuban embassy over sonic death ray fears

The US State Department on Friday announced that it is pulling all non-essential staff and their families out of its embassy in Cuba following reports of a secret weapon being deployed against employees there. In a communiqué, the department said that the embassy would be reduced to an emergency skeleton staff until future …
Iain Thomson, 29 Sep 2017

Ex-sperm-inate! Sam the sex-droid 'heavily soiled' in randy nerd rampage

NSFW In a public showing of Samantha, a sex doll with built-in computing power to make her more realistic, the love droid apparently suffered a terrible fate. The robot was displayed at the ARS Electronica Festival in Linz, Austria and proved a little too popular, it is claimed. The robot was mobbed by attendees who broke two of …
Iain Thomson, 29 Sep 2017

Biting the hand that feeds IT © 1998–2017