Articles about Internet

ASLR-security-busting JavaScript hack demo'd by university boffins

Researchers in Europe have developed a way to exploit a common computer processor feature to bypass a crucial security defense provided by modern operating systems. By abusing the way today's CPUs manage system memory, an attacker can discover where software components, such as libraries and RAM-mapped files, are located in …
Shaun Nichols, 14 Feb 2017
IK Multimedia AmpliTube on GarageBand

Apple: Don't panic, but your Mac can be pwned via GarageBand .bands

Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac. The GarageBand 10.1.6 update is being pushed out to all Macs running OS X Yosemite and later. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who …
Shaun Nichols, 14 Feb 2017

Bruce Schneier: The US government is coming for YOUR code, techies

OSLS The Open Source Leadership Summit began on Tuesday amid roads closed by a landslide: held in The Resort at Squaw Creek near Lake Tahoe, California, it was not easily accessible to attendees traveling Highway 80 from the San Francisco Bay Area. During his opening keynote, Jim Zemlin, executive director of the Linux Foundation, …
Thomas Claburn, 14 Feb 2017
Robots, image via Shutterstock

Battle of the botnets: My zombie horde's bigger than yours

DDoS attacks more than doubled in the last quarter of 2016 compared to the same period the year before. Although the infamous Mirai IoT botnets accounted for many of the most severe attacks, the biggest single assault came from a different zombie network, according to a new study by Akamai out Tuesday. Attacks greater than …
John Leyden, 14 Feb 2017

Roses are red, violets are blue, fake-news-detecting AI is fake news, too

Analysis The viral spread of fake news and “alternative facts” has rocked Western politics. Oxford Dictionaries chose “post-truth” as its word of 2016, and when a society is scolded by a dictionary wielding a hyphenated word, you know you've collectively screwed up. “The concept of post-truth has been in existence for the past decade, …
Katyanna Quach, 14 Feb 2017
The Jetsons Food Machine

University DDoS'd by its own seafood-curious malware-infected vending machines

A US university saw its network traffic slow to a crawl thanks to an IoT malware infection that hit, among other things, its vending machines. The unnamed university had its story told by Verizon Enterprise in a sneak preview [PDF] of its 2017 Data Breach Digest report. The story, as told by an also unnamed senior IT staffer …
Shaun Nichols, 13 Feb 2017
Shouting match

WTF is up with the W3C, DRM and security bods threatened – we explain

Analysis A lengthy battle over the inclusion of digital rights management as a Web standard is coming to a head, with a set of new guidelines planned for early March. Those guidelines will include the latest attempt at compromise between pragmatists and idealists over how to allow control of content online without undermining the …
Kieren McCarthy, 13 Feb 2017
bomb

Brave VMs to destroy themselves, any malware they find on HP's new laptop

HP has announced plans to integrate Bromium's virtualization technology into a laptop as a defence against malware. The soon-to-be-launched EliteBook x360 1030 G2 will feature virtualization-based security built in to the hardware in the form of a feature called Sure Click, which will go on general availability in Spring. The …
John Leyden, 13 Feb 2017
spies_648

Russia and China bombard Blighty with 188 cyberattacks in 3 months

Britain has been hit by 188 "high-level attacks" in the last three months. Some of these attempts include Russian state-sponsored hackers trying to steal defence and foreign policy secrets, according to the UK's newly appointed National Cyber Security Centre chief Ciaran Martin. Russian and Chinese attacks on defence and …
John Leyden, 13 Feb 2017
James Franco clutches puppy alongside Seth Rogen in a still from The Interview

Worldwide bank attack blitz linked to Sony Pictures hacking crew

Evidence has surfaced that hackers blamed for the infamous Sony Pictures hack and the notorious Bangladesh Central Bank account heist have launched a fresh wave of assaults. The so-called Lazarus hackers are currently targeting scores of banks and other organisations across 31 countries, Symantec warns. The attacks appeared …
John Leyden, 13 Feb 2017
A man buried in paperwork

Deafening silence as Smart Hosting support tickets keep piling up

Updated Customers of British cloud biz Smart Hosting are furious at the company's radio silence throughout its ongoing support tickets crises. The business has been left with "an incredibly high volume of support tickets" after merging with Krystal. Smart Hosting has been asking customers to keep non-urgent issues to themselves since …

The Mail vs Wikipedia: They're more alike than they'd ever admit

Analysis When you live in a glass house, is it wise to start a rock-throwing competition? Wikipedians this week added greatly to the amusement of the internet after around 40 contributors loftily declared that the Daily Mail was not a reliable source for citations. Much public hilarity ensued – for the reason that The Mail and …
Andrew Orlowski, 13 Feb 2017
Man looks suspiciously over his shoulder while working on laptop. Photo via Shutterstock

Third time lucky: ICANN beats off .africa ban

Internet overseer ICANN will push ahead with a new ".africa" top-level domain, despite having twice been ordered not to because of serious questions over how it handled the case. Earlier this month, a Los Angeles court refused [PDF] a preliminary injunction against ICANN that would prevent it from adding .africa to the …
Kieren McCarthy, 13 Feb 2017
cloud

Cisco sacrifices iron, pushes gateway protection into cloud

Cisco's decided that the network perimeter is the wrong place for a Web gateway, so it's floating one into the cloud. Switchzilla, bowing to the inevitable decomposition of products into software, is pouring scorn on hardware gateways as inadequate and insecure as part of the pitch for its new "Umbrella" product. As a cloud- …

Oz consumer watchdog: 'up to' speeds shouldn't be in broadband ads

Australia's consumer watchdog is trying to ensure advertising offers comprehensible and accurate broadband performance information. The Australian Competition and Consumer Commission (ACCC) wants to regulate ads that spruik speeds “up to 100 Mbps” because consumers almost never experience the headline speeds advertised. …
bsides

Ex-FBI man spills on why hackers are winning the security game

BSidesSF Comfortable illusions about how security is working are crippling the ability of government and industry to fight the threat, a former member of the FBI’s netsec team has told the BSides San Francisco 2017 security conference. Society is operating under the illusion that governments and corporations are taking rational choices …
Iain Thomson, 12 Feb 2017
CSIRO's PAF being hoisted into position at Parkes

Interview: AARNet's Peter Elford on Australia's national research infrastructure

Australia is re-crafting the roadmap that guides its national research infrastructure, a task that covers everything from the network to the nation's high performance computing systems. The roadmap from the Office of the Chief Scientist was offered for public comment late last year. Guided by the hand of chief scientist Alan …

Lovely. Now someone's ported IoT-menacing Mirai to Windows boxes

The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems. The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS …
John Leyden, 10 Feb 2017

Verisign probed by US Dept of Justice over $135m .web auction

The US Department of Justice is digging into the highly unusual auction of internet extension .web last year, the company that purchased it has admitted. Speaking on Verisign's quarterly earnings conference call on Thursday, CEO Jim Bidzos told investors that on January 18 the registry had received a civil investigative demand …
Kieren McCarthy, 10 Feb 2017
Prison

Crims in £160m broadband scam facing 44 years of porridge

Four men, who conned Barclays Bank and Belgian banking group KBC out of £160m in a super fast broadband scam, have today been sentenced to a collective 44 years in the clink. The individuals presented bogus broadband contracts to the banks, which were tricked into issuing huge loans to H20 Networks through Total Asset Finance …
Kat Hall, 10 Feb 2017
Chromebook Pro

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Hands-on It's been nearly six years since Google announced the launch of its own operating system, Chrome OS, and the CR‑48 Chromebook running it. Since then, Chromebooks have carved out a solid chunk of market share for the operating system. Around 50 per cent of US schoolchildren use Chromebooks in the classroom and Chrome OS is now …
Iain Thomson, 10 Feb 2017
Venus Longwave IR camera

NASA bakes Venus-proof electronics

NASA boffins have found a way to make electronics that can survive on the surface of Venus, at least for a few weeks Venus is a hell-planet. It's about 460°C (860°F) on the surface. Atmospheric pressure is about 9.3 Megapascals, 93 times Earth's air pressure. Some clouds are rich in sulphur dioxide, which can produce rain of …
Simon Sharwood, 10 Feb 2017
Ajit Pai

Senator wants a piece of Pai: FCC boss blasted for ripping up schools, libraries internet report

US FCC Chairman Ajit Pai is facing criticism for his decision to axe a study on improving internet connections at public schools and libraries. Senator Bill Nelson (D-FL) said in a letter to Pai on Wednesday that the decision to rescind the "E‑Rate Modernization Report" was "deeply disturbing." "Your unilateral decision last …
Shaun Nichols, 09 Feb 2017

Trump cybersecurity order morphs into 2,200-plus-word extravaganza

The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza. Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others. The new …
Kieren McCarthy, 09 Feb 2017
Hadoop

Clusters f**ked: Insecure Hadoop file systems wiped by miscreants

Administrators of Hadoop Distributed File System (HDFS) clusters have evidently not heeded warnings that surfaced last month about securing software with insecure default settings. Attacks on Hadoop clusters have wiped the data of at least 165 installations, according to GDI Foundation security researchers Victor Gevers, Niall …
Thomas Claburn, 09 Feb 2017
Cloud moving at a snail's pace

Comcast lied and now it must STFU: Its cable broadband is not 'the fastest' in the US

Lying Comcast will no longer be able to advertise its cable internet service as the "fastest" following a decision from the US National Advertising Review Board. The ads watchdog issued a "recommendation" that the alternate-fact-spreading cable giant stop telling Americans that its cable and Wi‑Fi internet services offer the …
Shaun Nichols, 09 Feb 2017
malware_security_648

Life after antivirus: Reinventing endpoint security

Promo Security professionals still talk about “antivirus defences,” but in the space of a handful of years what is meant by this term has undergone a dramatic shift. On the surface, things look much as they have always done. Businesses still run what used to be called “AV protection,” reinvented some time ago as the all-purpose “ …
John E Dunn, 09 Feb 2017
Parliament photo by Shutterstock

That's cute. AI and IoT need 'ethics regulation', mumbles Lib Dem baron

A Liberal Democrat peer has suggested that the Internet of Things needs government regulation in the UK. Speaking in Parliament yesterday, Baron Timothy Clement-Jones said that artificial intelligence, as well as IoT, needs "huge consideration" of its "ethics". "It may be that we need to construct a purpose-built regulator …
Gareth Corfield, 09 Feb 2017

XSS marks the spot: Steam vuln dangles potential phishing line

Security researchers have discovered a significant security vulnerability in Steam, Valve's digital distribution platform for PC gaming. The bug, which has since been patched, allowed users to add malicious code to their profile, bypassing Steam's security measures. The trick, discovered by security researcher cra0kalo, could …
John Leyden, 08 Feb 2017
i_am_the_law

Guilty! Four blokes conned banks in £160m fibre broadband scam

Four men in the UK have been found guilty of swindling Barclays Bank and Belgian banking group KBC out of £160m in a super-fast broadband scam. Total Asset Finance Ltd (TAF), which went into administration in 2011, had been working with H2O Networks to roll out fibre optic cables across Blighty. H2O supplied fibre-optic …
Kat Hall, 08 Feb 2017
Old people

Feds snooping on your email without a warrant? US lawmakers are on a war path to stop that

On Monday, the US House of Representatives – normally a body that can't agree on anything – voted unanimously to pass the Email Privacy Act (HR 387). The new legislation amends the 1986 Electronic Communications Privacy Act (ECPA), which states that Americans' emails that are unread or stored for more than 180 days can be …
Iain Thomson, 07 Feb 2017

Laptop-light GoCardless says customers' personal data may have been lifted

London-based payment processing firm GoCardless is warning customers that their personal information might have been exposed following the theft of 19 laptops from its offices last month. The "password protected" (not encrypted) laptops contained a file with customer personal data including email address, passport number, date …
John Leyden, 07 Feb 2017
Ashlee Vance, Elon Musk: How the Billionaire CEO of SpaceX and Tesla is shaping our Future

Elon Musk joins anti-Trump legal brief

Updated Entrepreneur Elon Musk has joined the Big Tech battle against Donald Trump's immigration ban by signing up his companies to the amicus brief filed against it. On Monday, 97 tech companies including Apple, Microsoft, Google and Facebook filed in a San Francisco court against the ban, calling the crackdown illegal and arguing …
Kieren McCarthy, 07 Feb 2017

Streetmap loses appeal against Google Maps dominance judgement

Streetmap has lost its application to appeal against last year’s High Court judgement that Google did nothing wrong by promoting its own Maps product above Streetmap’s. “The bully boys won the day,” said Streetmap, immediately after the judgement was delivered. “This is a sad day for the internet.” Lord Justice Lloyd Jones, …
Gareth Corfield, 07 Feb 2017

Darkode VXer handed three years' probation

A malware writer and one time FireEye intern hauled in during massive global raids of cybercrime forum Darkode has been handed three years' probation, ducking a possible 16-month sentence. US District Judge Arthur Schwab ordered Morgan Culbertson, 22, to perform 300 hours of community service. The sentence took into account …
Darren Pauli, 07 Feb 2017
printer

Hacker: I made 160,000 printers spew out ASCII art around the world

Printers around the world have been hacked and instructed to churn out pages and even sales receipts of alarming ASCII art. The messages, which began spewing from internet-connected printers on Thursday, read: "Hacked. Stackoverflowin/stack the almighty, hacker god has returned to his throne, as the greatest memegod. Your …
Iain Thomson, 06 Feb 2017

Parents have no idea when kidz txt m8s 'KMS' or '99'

Most adults have no idea what their kids mean when they use text terms such as "KMS", "99" or emoji faces with cross eyes, according to an unsurprising piece of research by BT. The survey of 4,500 adults was conducted by BT to raise awareness of Safer Internet Day. "Popular online slang and emojis used by children to …
Kat Hall, 06 Feb 2017
Man counts pounds and pence. Photo by Shutterstock

Three drops £250m on UK Broadband

After being smote by regulators in its attempt to buy O2 for £10.25bn, Three has snapped up UK Broadband for a cool £250m instead. UK Broadband provides broadband access to 15,000 customers in the UK and under the deal will become a wholly owned subsidiary of Three UK. Dave Dyson, chief exec of Three UK, said: “UK Broadband …
Kat Hall, 06 Feb 2017
Mark Shuttleworth photo by Canonical

Ubuntu Linux daddy Mark Shuttleworth: Carrots for Unity 8?

New year, new Linux – or, in the case of Ubuntu, two. As in years past, Canonical's distro gets two updates in 2017 – the spring and autumn releases numbered and named respectively 17.04, Zesty Zapus, and 17.10 – name TBD, actually. As ever there will be UI and experience fiddling – Zesty Zapus sees changes in windows …
Gavin Clarke, 06 Feb 2017
Earthworm

Slammer worm slithers back online to attack ancient SQL servers

One of the world's most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say. The in-memory worm exploits an ancient flaw in Microsoft SQL server and Desktop Engine triggering denial of service, and at the time of its …
Darren Pauli, 05 Feb 2017
Gunslinger, image via Shutterstock

Trump's new telecoms chief bins broadband subsidies for the poor

The Trump administration's propensity for bold and sudden action reached the United States Federal Communications Commission on Friday, as commissioner Mignon Clyburn and the Commission's chair Ajit Pai clashed over an end-of-week “news dump” that has profound policy implications. The FCC dropped a dozen announcements on …

Chrome 56 quietly added Bluetooth snitch API

+Comment When Google popped out Chrome 56 at the end of January it was keen to remind us it's making the web safer by flagging non-HTTPS sites. But Google made little effort to publicise another feature that's decidedly less friendly to privacy, because it lets websites connect to Bluetooth devices and harvest information from them …
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

New SMB bug: How to crash Windows system with a 'link of death'

US CERT on Thursday issued a security advisory warning that all currently supported versions of Windows are vulnerable to a memory corruption bug that can be exploited to crash computers from afar. "Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined …
Thomas Claburn, 04 Feb 2017
Comcast center in Philadelphia

Comcast staffers join walkout over Trump's immigration crackdown

Add Comcast to the ranks of companies whose workers have come out against President Trump's crackdown on Muslim immigrants. The cable giant on Thursday saw workers from multiple offices walking out to join protests over the President's travel restrictions on seven countries. Employees from Comcast offices in Philadelphia, …
Shaun Nichols, 03 Feb 2017

New US Net Neutrality law coming 'within three months' – advisor

Interview US Congress could be discussing net neutrality legislation within three months, replacing controversial FCC-created regulations, according to an academic with the ear of the administration. And new FCC chief Ajit Pai could well favour the kind of neutrality protection Americans enjoyed in 2005 and 2010, before Obama pushed the …
Andrew Orlowski, 03 Feb 2017

Don't let cloud slurp all your data. Chew it on the edge, says HPE

Public cloud will become unaffordable for players who reckon the best thing to do with industrial data is shovel it en masse into the white 'n' fluffy stuff, reckons HPE. Colin I'Anson, HPE's IoT evangelist, spoke to The Register at length earlier this week, mainly to extol the virtues of the firm's edge computing offering, …
Gareth Corfield, 03 Feb 2017

Chinese pirates are facing lifelong 'social credit' downgrade

Copyright infringement and use of counterfeit goods in China could downgrade a citizen's "social credit" with lifelong consequences as the country gears up to overhaul its IP laws and institutions. Following the evolution that the United States made in the late 19th century*, Chinese businesses are growing away from their …
Andrew Orlowski, 03 Feb 2017
John Launchbury

AI vuln-hunter bots have seen things you people wouldn't believe

Usenix Enigma 2017 Machine-learning systems are unearthing new classes of bugs in operating systems and apps, according to bods from America's Defense Advanced Research Projects Agency (DARPA). The exact nature of these new bug types remains under wraps, although we hear that at least one involves exploitable vulnerabilities in data queues. …
Iain Thomson, 03 Feb 2017
Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Popular hacker warkit Metasploit now hacks hardware and cars

Popular offensive hacking toolkit Metasploit now works on hardware, including cars, after a major update to the 13-year old platform. The free-or-paid modular hacking machine now sports plenty of CVE-specific exploitation components that security professionals have long-used for penetration tests and research. An update to …
Darren Pauli, 03 Feb 2017

Humble Pai: New FCC supremo promises long overdue transparency

The new chairman of the US Federal Communications Commission, Ajit Pai, has come good on a promise to modernize the regulator by getting rid of its most infuriating habit: secret orders. For reasons that have never been adequately explained, the FCC maintains an arcane procedure where its documents are kept secret until FCC …
Kieren McCarthy, 02 Feb 2017