Articles about It Security

Screenshot from the movie Airplane!

In-flight movies via BYOD? Just what I always wan... argh no we’re all going to die!

Something for the Weekend, Sir? It’s sunny outside, which can mean only one thing: I am about to go on holiday to a place where it will be pissing down with rain and sleet for the next fortnight. My globetrotting exploits have been limited this year, so I’m looking forward to enjoying my first experience of in-flight entertainment via Wi-Fi to my own device …
Alistair Dabbs, 27 May 2016
Prince philip Thames barrier old control room photo Environment Agency

Landmark computer hacking archive deposited at TNMOC

An archive that tells the story of how the 1980s hack of Prince Philip’s mailbox led to UK anti-hacking legislation has been deposited at The National Museum of Computing (TNMOC). Robert Schifreen, the "white hat" at the centre of the 1980s controversy, compiled the archive, which details Schifreen’s two-year-long legal …
John Leyden, 18 May 2016
Taylor Swift

Inter-bank system SWIFT on security? User manual needs 'revamp’

Updated Inter-banking messaging systems SWIFT’s security guidelines are "outdated and incomplete". The criticism from security vendor Skyport Systems comes days after SWIFT revealed that a second bank had fallen victim to credential theft fraud, creating yet further concern already fuelled by February’s $81m Bangladesh reserve bank …
John Leyden, 16 May 2016
Cash register, photo via Shutterstock

Want a job in security? Lock down US military's supermarkets

The US Department of Defense is looking to form a security team to protect military commissaries from hackers. NextGov has spotted a posting from the Federal Business Opportunities site for an "incident response service" at military commissary shops. According to the job post [Word Doc], the response service contractors will …
Shaun Nichols, 08 Apr 2016
Large leaver switch on a board of push button switches

Lotto 'jackpot fix' code

The Multi-State Lottery's former IT security boss Eddie Tipton smuggled code onto lotto machines that allowed him to predict the numbers drawn on certain days of the month. That's according to investigators in Iowa this week. In July, Tipton was found guilty of fraud in the US state, and was sent down for ten years, for …
Chris Williams, 08 Apr 2016

OK, so the users want corporate apps on the move. Don't Panic

People want to be able to do their job from wherever they happen to be. It's understandable – if you don't need to be in an office chained to your desk then why not work somewhere more convenient? Let's look at five ways to make this achievable. Remote access to local apps At the most basic level you have the traditional …
Dave Cartwright, 30 Mar 2016
SAP Match Insights

Some old SAP systems have default kernel user accounts. Guess what happened next?

Security researchers were able to access default SAP accounts on enterprise systems worldwide by using default passwords. The security snafu meant that SAP systems worldwide were potentially vulnerable to data theft, business process disruption and fraud, specialist security outfit ERP-SEC warned. Joris van de Vis, researcher …
John Leyden, 29 Mar 2016
Water Treatment Centre pipe sluices off water. Photo by Joe Jungmann, released into the public domain

Water treatment plant hacked, chemical mix changed for tap supplies

Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water, we're told. The cyber-attack is documented in this month’s IT security breach report (available here, registration required) from Verizon Security Solutions. The utility in question is referred to using a …
John Leyden, 24 Mar 2016
wham_bang by Roy Lichtenstein

Cyberthreat: How to respond...and when

Spotting threats in cyberspace is like star gazing. There are lots of them out there, but telling them apart and working out which ones are about to go supernova takes experience and skill. You don’t want to pour the same resource into protecting yourself against every single perceived threat, because no budget can support …
Danny Bradbury, 23 Mar 2016

Feds raid 'extortionist' IT security biz Tiversa, CEO put on leave

The CEO of a controversial cybersecurity outfit has been put on leave following an FBI raid of its headquarters. Federal agents raided Tiversa's Pittsburgh office earlier this month looking for evidence in a long-running investigation of its business practices. Soon after the raid, CEO Robert Boback was placed on leave and …
Kieren McCarthy, 18 Mar 2016
Moments of perspiration

Cyberthreat: Learning to live with the risk

Cyberthreats are like the common cold or some other infectious virus; eventually you’re going to get sick. It’s a part of life. They’re always there, lurking just around the corner, waiting to make your life that little bit harder. At the same time, you can’t focus entirely on potential risks to your business at the expense of …
Danny Bradbury, 18 Mar 2016
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Is this Romanian man really 'GhostShell'? If so, he risks arrest

Members of the security community are nonplussed by claims that a Romanian hacker “GhostShell” has seemingly risked arrest by doxxing himself in a bid to get a job in information security. The man claiming to be a one-time Anonymous-affiliated hacktivist avoided identification and arrest for four years before apparently outing …
John Leyden, 15 Mar 2016

Polite, helpful? Stop it at once in the name of security

In this article I'm going to talk about the second most important aspect of being an IT manager or engineer. “The second?” I hear you cry. Yes, the second, because the most important aspect is terribly dull and doesn't take 800 words to describe: safety. (And if you think I'm mad, ask yourself whether you'd break down the door …
Dave Cartwright, 14 Mar 2016

DDoS protection biz Incapsula knackers its customers' websites

Glitches at distributed denial-of-service mitigation biz Incapsula left the websites it defends offline twice on Thursday. Incapsula blamed "connectivity issues" for the global PITSTOP, aka the worldwide degradation of its services. "A rare case triggered an issue on the Incapsula service and caused two system-wide errors at …
John Leyden, 10 Mar 2016

You’re invited to Security SOS Week

Promo Registration is open for Security SOS Week, a short series of live webinars each featuring Sophos expert IT security practitioners. The events range from protecting your business against social engineering to embracing the Internet of Things without letting crooks into your network. You can find out more and sign-up at Security …
David Gordon, 08 Mar 2016

French parliament votes to jail tech execs who refuse to decrypt data

The French parliament has voted in favor of punishing companies that refuse to decrypt data for government investigators – by threatening businesses with big fines and possible jail terms for staff. This comes amid the FBI's high-profile battle with Apple in the US to unlock a dead killer's encrypted iPhone. French deputies …
Iain Thomson, 04 Mar 2016

North Dorset Council hit by ransomware, flips the bird at miscreants

North Dorset District Council in England's southwest is working with police to identify the source of a ransomware infection in this week. It is the latest outbreak of file-scrambling malware in what IT security experts believe to be a growing problem for local authorities in the UK. According to an email seen by The …
Kat Hall, 04 Mar 2016
(c) Rama, Cc-by-sa-2.0-fr

Q&A: Bruce Schneier on joining IBM, IoT woes, and Apple v the FBI

RSA 2016 Security guru Bruce Schneier is a regular at shows like RSA and his talks are usually standing-room-only affairs. Schneier has written some of the definitive texts for modern cryptography teaching and his current book, Data and Goliath, examines the perils and solutions to government and corporate surveillance of internet …
Iain Thomson, 04 Mar 2016
Chi Onwurah MP

How will Ofcom reduce our reliance on BT if it won't break them up?

Opinion The publication of Ofcom’s 2005 Strategic Review of Telecoms was preceded by many long evenings of intense debates within Ofcom and with BT and other stakeholders. The review took 18 months and resulted in the UK having the most competitive broadband market in the world. It’s worth remembering why that happened – because Ofcom …
Chi Onwurah, 26 Feb 2016

Ah, that new 'baby' mainframe smell: IBM shows off z13s

IBM’s new entry-level mainframe, the z13s, makes its debut next month and the company’s press blurb makes for instructive reading, not least because it has very little to say about the actual spec. Instead, there is much enthusiasm about the security features and services assembled for the z Systems server family. The server …
Drew Cullen, 16 Feb 2016
White Hat for Hackers by Zeevveez, Flickr under CC2.0

School network manager wins £10,000 in NCC Group Cyber 10K challenge

The second edition of a business-development focused cyber security challenge, the Cyber 10K, has concluded – with the worthy winner receiving £10,000 to further develop an innovative security dashboard tool. The challenge was run by the information assurance firm NCC Group supported by a judging panel including your …
John Leyden, 11 Feb 2016
Bitcoin

Bitcoin's governance bungles stain the blockchain's reputation

Civilisation is an agreement. We agree to pay our tax, obey the laws, and generally avoid berserking around the joint. Where these agreements breaks down you get riots that scale into civil wars, then collapse. That’s less of an issue so long as the problem is over there - so that when a culture soils the sheets you don’t have …
Mark Pesce, 11 Feb 2016
IRS

Crims unleashed IRS-stabbing malware in bid to rob 464,000 people

Crooks generated the keys necessary to file tax returns for 101,000 people in the US – allowing the crims to potentially siphon off their victims' rebates. All American citizens, and tax residents in the US, must submit their annual tax forms by April 18 for this year. Surprisingly, you can do this online using the IRS's e- …
Iain Thomson, 10 Feb 2016
recruitment_hired

Azlan crowns Tomlin

Notorious self-licker Rob Tomlin has got even more reason to be pleased with himself after bagging the top job at Azlan UK, the enterprise distribution arm of Tech Data. The remit handed to Azlan’s former biz development director is to make more of IT security, the emerging software defined infrastructure space, and cloud …
Paul Kunert, 02 Feb 2016
Car network architecture

Stop the music! Booby-trapped song carjacked vehicles – security prof

Usenix Enigma The modern car's operating system is such a mess that researchers were once able to get complete control of a vehicle by playing a song laced with malicious code. Malware encoded in the track was executed after the file was loaded from a CD and processed by a buggy parser. "A car is a big distributed system with wheels …
Iain Thomson, 26 Jan 2016
Avi Rubin

Terrible infections, bad practices, unclean kit – welcome to hospital IT

Usenix Enigma When it comes to IT security, the medical world is by far the most inept at data security. So say top researchers at the first Usenix Enigma security conference, held this week in San Francisco. "As a tester who has worked in many industries, healthcare is the absolute worst in terms of security," Avi Rubin, technical director …
Iain Thomson, 25 Jan 2016

Airbus, Boeing aero parts maker loses $54m in cyber-stick-up

An Austrian engineering firm is counting the cost of poor IT security after admitting €50m ($54m) has gone missing from its accounts following a "cyber fraud." FACC Operations makes airplane parts for giants like Airbus and Boeing, and is majority owned by a Chinese holding company. It insists its intellectual property, …
Iain Thomson, 22 Jan 2016

Trustwave failed to spot casino hackers right under its nose – lawsuit

IT security biz Trustwave is being sued by a Las Vegas casino operator for allegedly bungling a hacking investigation. Trustwave denies any wrongdoing. The outcome of the lawsuit could have staggering consequences for infosec outfits hired to analyze and cleanup computer network intrusions, in terms of potential liabilities …
Chris Williams, 16 Jan 2016

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
Team Register, 14 Jan 2016

Join The Register at Enigma, USENIX’s new security conference

Promo "It's time for the security community to take a step back and get a fresh perspective on threat assessment and attacks.” So say the organisers of Enigma, a new conference designed for IT security professionals in industry and research. That works for The Register, which is covering the three-day conference held in San …
David Gordon, 12 Jan 2016

Data centre outfit Interxion admits to contact detail security breach

A security breach at European data centre firm Interxion has exposed the contact details of thousands of its customers, although no financial information is thought to be involved. Neither credit card details nor customer services were affected by last month’s security snafu, and only Interxion’s CRM system was affected, as …
John Leyden, 11 Jan 2016

Hacked OPM won't cough up documents on mega-breach – claim

The US Office of Personnel Management (OPM) – which handles sensitive files on millions of government workers and was thoroughly ransacked by hackers – is withholding thousands of documents from Congress, which is probing the cyber-attack. This is according to members of the House Committee on Oversight, who took OPM to task …
Shaun Nichols, 08 Jan 2016

IT security is a safe job? Tell that to Norse staff laid off this week

Exclusive One of the more promising security startups of recent years has laid off a sizable chunk of its staff, citing business pressures. Norse – which you may remember from its FreeBSD fault finding or its global cyber-attack map – is one of a growing number of firms that uses a worldwide network of sensors and server racks to track …
Iain Thomson, 05 Jan 2016

Researcher criticises 'weak' crypto in Internet of Things alarm system

Security shortcomings in an internet-connected burglar alarm system from UK firm Texecom leave it open to hack attacks, an engineer turned security researcher warns. Luca Lo Castro said he had come across shortcomings in the encryption of communication after buying Texecom’s Premier Elite Control Panel and ComIP module and …
John Leyden, 31 Dec 2015

Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods

Adobe has issued new versions of Flash to patch a load of security flaws – one of which is being exploited in the wild. Curiously, that particular vulnerability (CVE-2015-8651) was reported to the Photoshop giant by Kai Wang and Hunter Gao of Huawei's IT security department. Could the Chinese tech goliath have caught …
Chris Williams, 28 Dec 2015

Feds widen probe into lottery IT boss who rooted game for profit

Federal investigators in the US are widening a probe into fraud by the former IT security director of the Multi-State Lottery Association (MSLA). In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA's random-number generating computer that allowed him to predict the digits for future winning tickets …
Iain Thomson, 24 Dec 2015
Bernie Sanders

Sanders presidential campaign accuses Democrats of dirty data tricks

A hacking row is splitting the Democratic Party's presidential campaign after an incident with the party's database provider. Presidential hopeful Bernie Sanders has been cut off from access to the vital voter targeting database after one of his campaign staffers improperly entered the servers of the database's host provider …
Iain Thomson, 19 Dec 2015
Bitcoin

Bitcoin inventor Satoshi 'outed' as Aussie, then raided by cops – but NOT over BTC

The home of a bloke fingered by WiReD and tech blog Gizmodo as a possible inventor of Bitcoin has been raided by the Australian Federal Police – just hours after their articles were published. The Register was happy to watch the house publication of deluded entrepreneurs and Giz slug it out over whose evidence is best and who …
money_987_648

IT salary not enough? Want to make £10,000 a DAY?

Cybersecurity experts are currently billing desperate companies £10,000 a day – yes, a DAY – according to recruiters Manpower. The company said on Tuesday that there is a "booming business and finance sector" in the UK looking for talent, noting that the high-profile hacks at Sony and TalkTalk have "created a surge in demand …
Kieren McCarthy, 08 Dec 2015

IT pros are a bunch of wedding and funeral-dodging sickos

Over 90 per cent of IT staffers have come into work while sick to ensure a project finishes on time, while two thirds have missed a funeral, wedding or similar event due to work-related crises. Given these numbers, one can only conclude that at least some of those missed funerals were for fellow IT workers who insisted on …
Joe Fay, 01 Dec 2015

Last call for the NCC Group Cyber 10K challenge

Competition The November 30 deadline for entering NCC Group’s Cyber 10K challenge is coming up fast – so get those entries in now. To recap, the Cyber 10K is designed to encourage students and recent grads to take up careers in IT security. NCC Group challenges entrants to put forward fresh and innovative ideas to help solve cyber security …
David Gordon, 26 Nov 2015
Shounting man in suit image via Shutterstock

All Cisco certs add cloud, IoT, 'business transformation'

Cisco has announced a major refresh of its certification programs, all of which will henceforth include material on cloud, the internet of things, cloud, “network programmability” and “business transformation”. Cloud and IoT are self-explanatory while “network programmability” is software-defined networking by another name. …
Simon Sharwood, 23 Nov 2015
spies_648

MPs to assess tech feasibility of requirements under draft surveillance laws

IPB The UK government published a draft Investigatory Powers Bill earlier this month in a bid to close gaps it has said exist in the surveillance powers available to the UK's intelligence and security services. The Science and Technology Committee said that it will carry out a "short inquiry into the technology aspects" of the …
OUT-LAW.COM, 18 Nov 2015

Conficker is back – and it's infecting police body cams

A US IT security company says it found copies of the Conficker malware infecting police body cameras. Florida-based iPower reports that body cameras it received from supplier Martel Electronics were loaded with 2009's baddest botware. Researchers Jarrett Pavao and Charles Auchinleck found that when plugged into a PC, the …
Shaun Nichols, 14 Nov 2015

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

IPB The encryption bothering parts of the UK's Investigatory Powers Bill have left IT security experts flabbergasted. Introducing the draft internet surveillance law in the House of Commons on Wednesday, Home Secretary Theresa May presented it as consolidating and updating existing investigatory powers. She spun it as a break from …
John Leyden, 05 Nov 2015
china_future_648

China, Germany moving closer to no-hack pact

China and Germany are moving towards a mutual no-hacking-for-economic-espionage pact, along the lines of agreements already signed between China and the the US and UK. German Chancellor Angela Merkel told reporters after talks with Chinese Premier Li Keqiang that Germany was seeking a deal “very quickly”. Germany, ahead of the …
John Leyden, 30 Oct 2015

UK finance sector: IT security testing 'becoming close to mandatory'

Regulators are nearly at the point of requiring major financial services companies to participate in a cyber security testing programme, according to the Bank of England. Minutes from a meeting of the Bank's court of directors on 16 September (10-page / 45KB PDF) provide detail of some of the efforts being taken to improve " …
OUT-LAW.COM, 30 Oct 2015

Government Gateway online hack claims 'nonsense', say multiple folk in the know

Claims the Government Gateway online identity portal has been "hacked" have been dismissed as "nonsense" by the man originally responsible for the project and by two government information security experts. Earlier this week the Financial Times (behind paywall) reported that “tens of thousands” of Britons’ identities were …
Kat Hall, 29 Oct 2015

Android Security: How's BlackBerry going to fix it?

Analysis “Android Security” sounds like an oxymoron, perhaps the biggest since “friendly fire”. So what’s BlackBerry, which has forged a reputation on enterprise security, thinking with the new Priv device? BlackBerry's handset division is promising to create a business-friendly secure 'droid, and it’s recently been explaining just how …
Andrew Orlowski, 26 Oct 2015
Rand Paul

CISA latest: Law urging tech giants to share your info with the Feds shows no sign of stopping

On Thursday morning the proposed Cybersecurity Information Sharing Act (CISA) moved a step closer to reality when the US Senate voted 83 to 14 to end debate on a package of amendments. The CISA legislation invites internet giants and other companies to quietly give people's private and personal information to the federal …
Iain Thomson, 22 Oct 2015