Articles about Security

Stop asking people for their passwords, rights warriors yell at US Homeland Security

Civil and digital rights groups are leading a campaign to stop the US Department of Homeland Security's demanding access to foreigners' social media accounts when entering America. In an open letter to DHS secretary John Kelly, the group argues that by forcing travelers from some countries to give border patrol agents free …
Shaun Nichols, 18 Apr 2017

SWIFT on security: Fresh anti-bank-fraud defenses now live

Inter-bank data comms biz SWIFT says it has introduced mechanisms to better protect money transfers from tampering. We're told the fresh defenses will make it easier for banks to track movements of money. The payment controls are part of SWIFT's Customer Security Programme, a set of mandatory IT and physical security …
Shaun Nichols, 13 Apr 2017
Disgusted man holds his hand up to obscure his view. Pic via Shutterstock

Finally a reason not to bother with IPv6: Uh, security concerns...?

For all those sysadmins tired of having to make excuses for why they haven't moved to IPv6, worry no more: the new protocol brings with it the risk of network infiltration. That's according to NATO's Cooperative Cyber Defence Centre of Excellence, which has published a research paper [PDF] claiming it is possible to set up …
Kieren McCarthy, 10 Apr 2017

D'oh! Amber Rudd meant 'understand hashing', not 'hashtags'

It was the cringiest moment in an already gaffe-prone interview on The Andrew Marr Show last week. Speaking about preventing the upload of objectionable content, Home Secretary Amber Rudd said the government needs to get people who "understand the necessary hashtags" talking. That was of course in addition to Rudd's widely …
Kat Hall, 3 Apr 2017

Facebook, Google, etc: Yeah, yeah, we'll work on the nasty stuff about bombs – but we ain't doing no backdoors

Big Tech has told the UK government it will do more to remove extremist content from their networks, but has refused to offer concessions on encryption. Following a meeting between Britain's Home Secretary Amber Rudd and communication service providers, called in the aftermath of the murders in Westminster, senior executives …
Kieren McCarthy, 31 Mar 2017
Joey from the sitcom friends pokes his head around the door (invasively). Photo copyright NBC

Europe to push new laws to access encrypted apps data

Update The European Commission will in June push for access to data stored in the cloud by encrypted apps, according to EU Justice Commissioner Věra Jourová. Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline "three or four options" that range from voluntary …
Kieren McCarthy, 30 Mar 2017
a hostile drone

How to leak data from an air-gapped PC – using, er, a humble scanner

Cybercriminals managed to infect a PC in the design department of Contoso Ltd through a cleverly crafted spear-phishing campaign. Now they need a way to communicate with the compromised machine in secret. Unfortunately, they know Contoso's impenetrable network defenses will detect commands sent to their malware. To avoid …
Thomas Claburn, 30 Mar 2017

Bloke is paid to scour hashtags for threats, spots civil rights boss's tweets, gets fired, sues

A chap whose job was to investigate threats on social networks is suing the Oregon Department of Justice – for allegedly retaliating against him after his online sleuthing led him to the agency's own director of civil rights. In September 2015, James R Williams was working for the Oregon TITAN Fusion Center Unit, one of …
Thomas Claburn, 29 Mar 2017
Quick fix - worker running while carrying a wrench

It's ESXi time for critical VMware patches

VMware's reported three bugs that probably deserve your urgent attention. The three are lumped under bulletin VMSA-2017-0006, but there's four CVE's to consider. The first bug is a heap buffer overflow and uninitialized stack memory usage in SVGA that impacts VMware's ESXi, Workstation and Fusion products. “These issues may …
Simon Sharwood, 29 Mar 2017
passport

US Customs sued for information about border phone searches

US Customs and Homeland Security are being sued to get them to hand over the rules by which people have their electronic devices seized and searched at the border. The lawsuit [PDF], brought in Washington, DC, by the Knight First Amendment Institute at Columbia University, claims that the US government failed to respond to a …
Kieren McCarthy, 28 Mar 2017

Apple squashes cert-handling bug affecting macOS and iOS

Apple has resolved a certification validation vulnerability affecting both macOS and iOS users. The (CVE-2017-2485) vulnerability posed a remote code execution risk on affected systems, which created a potential mechanism for hackers to craft exploits that pushed malware on to otherwise patched iThings. The flaw – discovered …
John Leyden, 28 Mar 2017
Parliament in the clouds

UK digital minister Matt Hancock praises 'crucial role' of encryption

Digital minister Matt Hancock has praised the "crucial role" of encryption in today's society, just a day after Home Secretary Amber Rudd called for an encryption ban on applications such as WhatsApp. Hancock was relaying the story of radio inventor Guglielmo Marconi in a speech at the Institute of Directors. He said when …
Kat Hall, 27 Mar 2017

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it. The software is licensed under the OpenSSL License, which includes …
Thomas Claburn, 24 Mar 2017

Error prone, insecure, inevitable: Say hello to today's facial recog tech

Facial recognition technology represents a valuable, and likely inevitable, method of identification for cops and Feds. Unfortunately, it's largely unregulated, error prone, and insecure. During a hearing held by the US House Committee on Oversight and Government Reform on Wednesday, Chairman Jason Chaffetz (R-Utah) …
Thomas Claburn, 22 Mar 2017
Vint Cerf

Fix crap Internet of Things security, booms Internet daddy Cerf

Vint Cerf, one of the fathers of the internet, has weighed in on Internet of Things security, warning that a Mirai botnet-style incident could happen again unless vendors start taking responsibility for their goods. “The biggest worry I have is that people building [IoT] devices will grab a piece of open source software or …
Gareth Corfield, 21 Mar 2017
tsa_gloves_648

Confirmed: TSA bans gear bigger than phones from airplane cabins

People traveling by air to America from an undisclosed list of countries will no longer be allowed to carry devices larger than a mobile phone in carry-on baggage. Those traveling with such devices will be required to store them in checked baggage. The new travel rule was reportedly issued by the US Transportation Security …
Thomas Claburn, 20 Mar 2017

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against an ex-cop who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court in Philadelphia avoided addressing a lower court's rejection of the defendant's argument that being forced to …
Thomas Claburn, 20 Mar 2017
AI

An under-appreciated threat to your privacy: Security software

Interview The very software that is supposed to protect your security is an under-appreciated threat to privacy because of the massive amount of data many products secretly gather on customers, according to F-Secure's Jarno Niemelä. Niemelä also told told The Register that despite the dismissive claim in the recent WikiLeaks' release of …

Create a news alert about Security , or find more stories about Security .

Biting the hand that feeds IT © 1998–2017