Articles about Scanners

Drone jammer

Airbus doesn't just make aircraft – now it designs drone killers

Vid A new joint venture between aircraft manufacturer Airbus and California startup Dedrone is selling a security system that can spot drones miles away and knock them out of the sky. The system uses a network of cameras, radars, microphones, and directional scanners developed by Dedrone that can detect and target a standard …
Iain Thomson, 27 Jul 2016

The Great Brain Scan Scandal: It isn’t just boffins who should be ashamed

Special Report If the fMRI brain-scanning fad is well and truly over, then many fashionable intellectual ideas look like collateral damage, too. What might generously be called the “British intelligentsia” – our chattering classes – fell particularly hard for the promise that “new discoveries in brain science” had revealed a new …
Andrew Orlowski, 07 Jul 2016

Avast woos AVG shareholders with $1.3bn buyout offer

Avast is offering to buy anti-virus rival AVG for $1.3bn. AVG shareholders are being offered $25.00 per share in cash, a 33 per cent mark-up on the closing share price on Wednesday. AVG, Avast and rival Avira are the three main players in the market for freebie anti-virus scanners for Windows. All make their money by offering …
John Leyden, 07 Jul 2016

Cracking Android's full-disk encryption is easy on millions of phones – with a little patience

Android's full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected – and there's working code to prove it. Essentially, if someone seizes your Qualcomm Snapdragon-powered phone, they can potentially decrypt its file system's contents with a friendly Python script without knowing …
Iain Thomson, 01 Jul 2016
Vuture Velo cycling jersey

Magnetic, heat scanners to catch Tour de France electric motor cheats

Extra technology is being wheeled out for this year's Tour de France to scan bikes for hidden electric engines. In the past few years, there have been several cases of cyclists concealing small battery-powered motors in the tubes of their velocipedes to give a bit of extra speed during competitions. To protect the integrity …
Iain Thomson, 27 Jun 2016

Oooooklahoma! Where the cops can stop and empty your bank cards – on just a hunch

Police in Oklahoma are deploying an electronic scanner that can drain currency from prepaid credit cards seized at the roadside using civil asset forfeiture laws. The Electronic Recovery and Access to Data (ERAD) handheld scanner was developed at the request of the Department of Homeland Security for use by US border guards. …
Iain Thomson, 08 Jun 2016

Infosec freeloaders not welcome as malware silo VirusTotal gets tough

Security firms that use the Google-owned VirusTotal malware database but don't contribute to the silo are going to find themselves out on a limb. For the past 12 years, researchers have been feeding samples of software nasties into VirusTotal, allowing antivirus engines to check they can detect malicious code. But the site has …
Iain Thomson, 09 May 2016

Pair publishes python framework for rapid router wrecking

Polish hacker Marcin Bury and developer Mariusz Kupidura have published a capable Python-based router exploitation framework to help hackers better own bit-moving boxen. Bury says the "RouterSploit" tool is similar to the popular Metasploit framework, and sports exploit modules to help hackers own certain routers. The hacker …
Darren Pauli, 26 Apr 2016
SuperTim's bacon bounty sarnie

MIT launches campus lunch bug bounty

The Massachusetts Institute of Technology has joined the growing number of large organisations and agencies to offer a bug bounty. The program is in an experimental phase and is open to current MIT students and affiliates, and includes a limited number of domains. Those submitting severe bugs will have money dropped into MIT …
Darren Pauli, 26 Apr 2016

URL shorteners reveal your trip to strip club, dash to disease clinic – research

Cornell Tech researchers Vitaly Shmatikov and Martin Georgiev claim web URL shorteners are built on predictable syntax that can be searched and identified in a potential breach of privacy. The academics studied URL shorteners – including those created by Google, Bit.ly and Microsoft – finding that attackers could find private …
Darren Pauli, 15 Apr 2016

Google reveals own security regime policy trusts no network, anywhere, ever

Google sees little distinction between board rooms and bars, cubicles and coffee shops; all are untrusted under its perimeter-less security model detailed in a paper published this week. The "BeyondCorp model" under development for more than five years is a zero-trust network model where the user is king and log in location …
Darren Pauli, 06 Apr 2016

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

Pics X-ray equipment, farm machinery, electricity generators. Security cameras, desktops with browsers logged into Facebook, stock inventory software. Sales registers, home alarm equipment ... the list goes on. All this and more on VNC Roulette: a website that popped up this week to remind us of the kinds of sensitive systems …
Chris Williams, 25 Mar 2016

Hackers demo prototype security scanner that thinks like a human

Nullcon Bangalore hacker Rahul Sasi has built the beginnings of what he hopes will become a vulnerability scanner that thinks like a human. The ambitious project (PDF) is the work of Sasi and his team of six at security startup CloudSek, and is now going open source in hopes the security masses will help build the human-like …
Darren Pauli, 17 Mar 2016

Auto vulnerability scanners turn up mostly false positives

Nullcon Automated vulnerability scanners turn up mostly false positives, but even the wild goose chase that results can be cheaper for businesses than manual processes, according to NCC Group security engineer Clint Gibler. At the Nullcon security conference in Goa, India, Gibler said he pointed an unnamed automated scanner at 100 of …
Darren Pauli, 14 Mar 2016

Obama puts down his encrypted phone long enough to tell us: Knock it off with the encryption

SXSW Amid the row between Apple and the FBI over the unlocking of a mass murderer's iPhone, President Barack Obama has told the tech world to suck it up and do what the Feds want. Speaking today at hipster-circle-jerk SXSW in Austin, Texas, the United States' Commander in Chief said phones and computers cannot be unbreakable "black …
Chris Williams, 11 Mar 2016
Doctors run to save patient. Photo by Shutterstock

CVE bug system has bugs – quick, use this alternative, say hackers

Frustrated security professionals acting on behalf of equally irritated researchers unable to gain Common Vulnerabilities and Exposures (CVE) numbers for their bugs have started an alternative numbering system to help triage what they describe as a huge backlog of ignored software flaws. Several prominent researchers are now …
Darren Pauli, 09 Mar 2016
Microsoft Build conference

We tested the latest pre-flight build of Windows 10 Mobile. It's buggy but promising

Review Microsoft admitted defeat in the phone wars last summer, but a mobile cut still remains strategic to the company – albeit more for tablets and "detachables" rather than phones, where full-fat Windows 10 is too bulky. You've heard the euphemism "collateral damage." Windows phone owners today are "collateral users" – they just …
Andrew Orlowski, 09 Mar 2016

Actual pirates hack shipping biz servers to pinpoint vessels carrying precious booty

Clever pirates have hacked into a shipping company to determine the location of valuable cargo before hijacking vessels in targeted attacks. The criminals popped the unnamed company's in-house content management system, using that access to determine which containers have the most valuable cargo. This made its hijacks faster …
Darren Pauli, 04 Mar 2016

Hardcoded god-mode code found in RSA 2016 badge-scanning app

RSA 2016 The official RSA phone app exhibitors use to scan delegate badges contains a hardcoded password allowing the vendors to access the full features of the device, says Bluebox Security's Andrew Blaich. Vendors at the San Francisco mega-conference expo hall were handed Android Samsung Galaxy S4 phones locked into kiosk mode and …
Darren Pauli, 03 Mar 2016
Archer cracks the ISIS mainframe's password

Hackers rely on weak passwords when brute-forcing PoS terminals

New research takes a fresh perspective on the passwords hackers use while scanning the web rather than the weak login credentials users often pick. Security analysts Rapid7’s results come from a year’s worth of opportunistic credential-scanning data collected from Heisenberg, the MetaSploit firm’s public-facing network of …
John Leyden, 02 Mar 2016

Hitchhacker's Guide to RSA clones conference badge with a towel

RSA 2016 Security analyst Jerry Gamblin has turned a hotel towel into a pass for RSA's San Francisco conference. Gamblin says hotel towels often include RFID chips for inventory control and that hitchhackers can use a Proxmark to easily copy and paste the unique identification number stored in their RSA entry pass' NFC chip and embed …
Darren Pauli, 02 Mar 2016

Patient monitors altered, drug dispensary popped in colossal hospital hack

Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger. In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings …
Darren Pauli, 25 Feb 2016

US government's $6bn super firewall doesn't even monitor web traffic

The US government's firewall, named Einstein, is not as smart as its name would suggest. A report [PDF] by the General Accounting Office (GAO) into the National Cybersecurity Protection System (NCPS) has concluded that it is only "partially meeting its stated system objectives." Which is a polite way of saying it sucks. Among …
Kieren McCarthy, 01 Feb 2016

Mozilla warns Firefox fans its SHA-1 ban could bork their security

Mozilla has warned Firefox users they may be cut off from more of the web than expected – now that the browser rejects new HTTPS certificates that use the weak SHA-1 algorithm. If you use Firefox with some antivirus products, or on a network fitted with a box that inspects traffic for malicious stuff, and visit a site that …
Iain Thomson, 07 Jan 2016
Facepalm by https://www.flickr.com/photos/the-magic-tuba-pixie/ cc 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Trend Micro: Internet scum grab Let's Encrypt certs to shield malware

Updated It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers. The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS using a Let's Encrypt-issued cert …

Sophos grabs ATP-thwarter tech firm SurfRight for $32m

Sophos has paid $31.8m in cash to snap up advanced threat prevention firm SurfRight, with the deal allowing traditionally conservative Sophos to integrate SurfRight’s signature-less endpoint threat detection and response tech into its line of endpoint security products and services. The UK-based company claims the two sets of …
John Leyden, 15 Dec 2015

CloudFlare intros HTTP/2, so we can ‘spend holiday time with our family’

CloudFlare is introducing HTTP/2 support for all of its users, to be available on all SSL/TLS connections – while still supporting SPDY – so netizens can spend more time with their families instead of waiting for pages to load this Christmas. Talking to The Register on Tuesday night, CloudFlare CEO Matthew Prince explained the …

Anti-adblocker firm PageFair's users hit by fake Flash update

Ad-blocker blocker PageFair has announced that it was hacked over Halloween, exposing those visiting sites running its free analytics service (allowing those sites to see how many of their visitors were using ad-blockers, perhaps to prevent being served malware by a third-party) to an executable masquerading as an Adobe Flash …

By 2019, vendors will have sucked out your ID along with your cash 5 billion times

Research house Juniper has stared into its crystal ball and discovered that the number of biometrically authenticated payment transactions will reach nearly five billion by 2019, up from a mere 130 million currently. Apple Pay and Samsung are the only providers that currently use fingerprint scanners for authentication, with …
Kat Hall, 27 Oct 2015

Thousands of 'directly hackable' hospital devices exposed online

Derbycon Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a "very large" unnamed US healthcare organization exposing more than 68,000 …
Darren Pauli, 29 Sep 2015
No junk mail. Pic: gajman, Flickr

The last post: Building your own mail server, Part 3

FEATURE The story so far: Over the last two weeks, I've explained how you can set up a mail server to provide you with POP3 and IMAP services, for your own email, with some basic filtering of inbound connections, and the ability to connect to it and send emails from just about anywhere. This week, it's time to add more serious mail …
Nigel Whitfield, 26 Sep 2015

Boffins build magnetic field cloak 'wormhole', could help MRI scanners

Alvaro Sanchez, (left), with Carles Navau, and Jordi Prat-Camps (right). Scientists have created what is being dubbed a 'wormhole' that can split a magnetic field and lead to better MRI scanning. The wormhole allows a magnetic field to be transported across space but it is not the kind of cosmic tunnel popularised by …
Darren Pauli, 04 Sep 2015
Apple iPhone 6

Sacré bleu! Apple, Nokia, Samsung et al end their three-year sulk over 'home taping' tax

Three years after stomping out, big tech manufacturers have returned to talk to the French government about private copying levies. In France, an official working group, La Commission de la Copie Privée, sets the rules on which products will have copying levies slapped on them. Manufacturers and importers also had seats at the …
Jennifer Baker, 03 Sep 2015
man_from_uncle_648

Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …
John Leyden, 02 Sep 2015

Boffins laugh at Play Store bonehead security with instant app checker

An armada of university researchers have devised a novel method of detecting malicious applications on Android app, and by way of demonstration have dug up 127,429 shady software offerings, including some bearing exploits for a whopping 20 zero days. The scheme dubbed MassVet is the brainchild of eight researchers: Kai Chen; …
Darren Pauli, 31 Aug 2015
Rat

Cisco's RAT-catchers spot sysadmin-targeted phish

File this under “it was bound to happen one day”: Cisco has spotted a targeted phishing attack based on a popular sysadmin automation tool. If someone in the “IT crowd” bunker falls for the phishing attack, Cisco's Talos Group says the payload exploits AutoIT, a scripting admin environment for Windows. Talos explains what's …
Mobile Fusion 2

Your smartphone can be a 3D scanner, say boffins

Video Microsoft Research and Oxford University are showing off a chunk of software that turns smartphones into 3D scanners – running fast enough that if it's released, it'll be handy for 3D printing enthusiasts. To be published in IEEE Transactions on Visualization and Computer Graphics, the six-degrees-of-freedom (6DoF) scanning …
Terminator

Prognosticator, for one, welcomes our new robot work colleagues

On a scale of one to ten on The Reg’s own fear-o-meter, concerns about a future in which humans are mere canon fodder - or even worse - sources of nutrients for robots overlords rank pretty highly, but there’s nothing to be scared about people. It’ll all be fine. How do we know this? The folks at Forrester Research say so and …
Paul Kunert, 25 Aug 2015
Container-ship

Coho Data containering in the dock – now with added Google, Splunk

Coho Data storage arrays will be able to run Docker containers directly on the storage nodes and use Google’s Kubernetes interface for configuring and deploying microservices. Startup Coho Data says its customers can now run new data-centric services and apps directly adjacent to stored data or, putting it another way, “allow …
Chris Mellor, 24 Aug 2015
Android icon desktop toys

HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT

Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder. "Any …
Darren Pauli, 10 Aug 2015
You seen him? Hasidim

How to quietly slurp sensitive data wirelessly from an air-gapped PC

Israeli academics have demonstrated how feature-phones can use GSM radio frequencies to wirelessly siphon data from infected "air-gapped" computers. Air-gapped computers are those kept physically isolated from other networks as a safeguard against hacking. The work by researchers at the Ben-Gurion University of the Negev (BGU …
John Leyden, 29 Jul 2015

'Plague Scanner' controls multiple AV engines, for $0.00

Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis. "Plague Scanner" is a free on-premise anti-virus framework - a class of tool that drives multiple anti-virus scanners at once - and is the only free alternative to …
Darren Pauli, 27 Jul 2015

Universal Pictures finds pirated Jurassic World on own localhost, fires off a DMCA takedown

Universal Pictures France appears to have tracked down one source of pirated copies of dino-flick Jurassic World: the loopback address of one of its own boxen. In a Digital Millennium Copyright Act (DMCA) notice obtained by Chilling Effects, an entity called TMG on behalf of Universal's French limb demanded that Google remove …
Simon Sharwood, 23 Jul 2015
Microsoft Surface 3 Windows 8.1 tablet

Microsoft to Windows 10 consumers: You'll get updates LIKE IT or NOT

Microsoft's licensing on the upcoming Windows 10 OS means that most users will find their systems updating on command from Redmond without any option to stop this. The Licensing Agreement for Windows 10, as found in the latest release candidate build 10240 of Windows 10 Professional, stated: The software periodically checks …
Tim Anderson, 16 Jul 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015
Dragon

NOD32 AV remote root wormable hack turns corporate fleets to meat

Google Project Zero bod Tavis Ormandy has disclosed a "trivial" means of remotely hack the ESET NOD32 antivirus platform. Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight. The remote-root exploit is potentially wormable and, he said, of practical value to criminals. "Any …
Darren Pauli, 25 Jun 2015

BOFH: Step into my office. Now take a deep breath

Episode 7 "Oh this takes me back to the early days of ST225s!" the Boss burbles. I am getting a personally tailored lesson in being careful what I wish for. On one hand, the PFY and myself wanted a new Boss who at least knew which end of a keyboard he could shove up his arse when he asked for the ability to type Norwegian potato …
Simon Travaglia, 05 Jun 2015
Cessna

Forget black helicopters, FBI flying surveillance Cessnas over US cities. Warrant? What's that?

The FBI has confirmed it is using shell companies to fly surveillance aircraft with cellphone scanners and video cameras over US cities on a daily basis – and without the need for warrants. The aircraft were spotted over Baltimore last month monitoring the protests and riots in that city. An AP investigation has confirmed that …
Iain Thomson, 02 Jun 2015

56 MEEELLION credentials exposed by apps say infosec boffins

Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook. The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth …
Darren Pauli, 01 Jun 2015

Automation eases the pain of software patching

The three biggest challenges for IT managers are security, reliability and performance. Ideally, an organisation’s software will excel at all three but in practice we know that isn’t true. Even the best-laid software development plans let bugs through which can cause problems in all these areas. So patching the organisation’s …
Robin Birtstone, 11 May 2015