Articles about Security

Irritated man looks at office desktop screen in frustration. Photo by Shutterstock

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?

Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamai's chief security officer Andy Ellis has told The Register. Speaking in the aftermath of the large DDoS against security journalist Brian Krebs, Ellis elaborated a little on the makeup of the botnet which took down …
Gareth Corfield, 27 Sep 2016
fail_parking_meter_648

Ordinary punters will get squat from smart meters, reckons report

Smart meters will benefit suppliers nearly twice as much as consumers in terms of cost savings, according to an assessment by the late Department for Energy and Climate Change. The government's £11bn smart meter project will require energy suppliers to offer 53 million meters to homes and small businesses by 2020. Smart meters …
Kat Hall, 27 Sep 2016

Senator! calls! for! SEC! probe! to! be! inserted! into! Yahoo!

A US Senator is calling on the Securities and Exchange Commission to join the queue to administer a kicking to Yahoo!. Yahoo! has admitted hackers accessed about 500 million of its email accounts. The announcement came last week, but the actual hack happened back in 2014. Democrat Senator Mark Warner, who sits on the Senate’ …
John Oates, 27 Sep 2016

That's cold: This is how our boss told us our jobs are at risk, staffers claim

Shrinking Cisco Gold reseller Intrinsic Technology has put a bunch of staff across various departments at risk of redundancy amid an organisational restructure. Employees at the Merseyside-based company were last week ushered into one of three boardrooms where presentations were played simultaneously to sales, HR & support and …
Paul Kunert, 27 Sep 2016
road_narrows_648

Hyperconvergence: Where is the technology, and the CIO, going?

Hyperconvergenced computing offers some advantages for CIOs, but the advantages don’t exist in a vacuum. Companies have to predict what kind of environment their appliances will be running in, four or five years from now, and how they can prepare for it. Hyperconvergence is the convergence of storage and compute infrastructure …
Danny Bradbury, 27 Sep 2016
Image by hobbit http://www.shutterstock.com/gallery-1008401p1.html

152k cameras in 990Gbps record-breaking dual DDoS

The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the …
Team Register, 27 Sep 2016

Don't let banks fool you, the blockchain really does have other uses

Analysis It is a truth universally acknowledged that executives in the financial sector are capable of making the most exciting innovations boring, and in this respect their approach to the blockchain has been exemplary. During 2008's financial crash, a nine-page paper titled Bitcoin: A Peer-to-Peer Electronic Cash System [PDF] was …
Image: Majivecka and Slobodan Djajic / Shutterstock

Google tries to cross out XSS attacks by releasing its own test tool

Google has spent more than US$1.2 million (£920,400, A$1.6 million) in the last two years paying researchers for reporting cross-site scripting (XSS) attacks and has kicked off an effort to help crush the threat. XSS attacks are one of the most pervasive and enduring web application security threats because they allow …
Darren Pauli, 27 Sep 2016

It's open season for bug hunting – on Microsoft's Azure cloud

Ignite Microsoft's conviction that "fuzzing in the cloud will revolutionize security testing," voiced in a research paper six years ago, has taken form with the debut of Project Springfield: an Azure-based service for identifying software flaws by automatically subjecting the code to bad input. Introduced at the Ignite conference in …
Thomas Claburn, 27 Sep 2016
hand gun

Daesh-bag hacker gets 20 years for harvesting US military kill list

A student who hacked into corporate servers to build a kill list for medieval terror bastards Daesh has been sentenced to 20 years in prison after admitting his guilt. Ardit Ferizi, aka Th3Dir3ctorY, broke into the servers of an unnamed Illinois company and downloaded the personal information of tens of thousands of its …
Iain Thomson, 27 Sep 2016
Image by Lana839 http://www.shutterstock.com/gallery-2897530p1.html

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016
Facepalm, photo via Shutterstock

Fax machines' custom Linux allows dial-up hack

Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection. The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line. The firmware is …

Patch AGAIN: OpenSSL security fixes now need their own security fixes

Sysadmins and devs, fresh from a weekend spoiled by last week's OpenSSL emergency patch, have another emergency patch to install. One of last week's fixes, for CVE-2016-6307, created CVE-2016-6309, a dangling pointer security vulnerability. As the fresh advisory states: “The patch applied to address CVE-2016-6307 resulted in …
Team Register, 26 Sep 2016

Intel, Lenovo officially gone to the dogs – with FIDO fingerprint logins

Lenovo, Intel and others are aiming to make online payments more secure by bringing the Fast Identity Online (FIDO) biometric authentication standard to PCs. The fingerprint scanning technology is implemented in Lenovo’s latest Yoga 910 laptop, which is one of those consumer 2-in-1 convertible gizmos with a fold-back screen …
Dan Robinson, 26 Sep 2016
Microsoft's Judson Althoff, Executive VP of Commercial Business, briefing the press at Ignite

Cloudy what now? Adobe and Microsoft cosy up with cloud partnership

Ignite Microsoft and Adobe announced a new cloud partnership at the Ignite event this week in Atlanta in a really unclear announcement. "Adobe will make Microsoft Azure its preferred cloud platform for the Adobe Marketing Cloud, Adobe Creative Cloud and Adobe Document Cloud," says the press release, though the press release does not …
Tim Anderson, 26 Sep 2016

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet. "Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email. …
Gareth Corfield, 26 Sep 2016
yak. pHOTO BY shUTTERSTOCK

Unimpressed with Ubuntu 16.10? Yakkety Yak... don't talk back

Before I dive into what's new in Ubuntu 16.10, called Yakkety Yak, let's just get this sentence out of the way: Ubuntu 16.10 will not feature Unity 8 or the new Mir display server. I believe that's the seventh time I've written that since Unity 8 was announced and here we are on the second beta for 16.10. Maybe that's why …
Destry_rides_again_DO_NOT_USE

Violin hunts for elusive key to regrowth

Analysis The elusive hunt for renewal and regrowth at Violin Memory has moved into a new phase – with a product launch holding up sales, sales leadership change, and the CEO focusing on finding funding for the future. Violin has cleverly managed to avoid falling off a cliff despite falling sales revenues and investor despair. It …
Chris Mellor, 26 Sep 2016
Cambridge bikes photo MK Jones via Shutterstock

Turing, Hauser, Sinclair – haunt computing's Cambridge A-team stamping ground

Geek's Guide to Britain King’s Parade in Cambridge looks like the last street on earth to have anything to do with computing. On one side is an absurdly ornate college gatehouse in yellow stone and King’s College Chapel, which combines the barn-like shape of a tiny chapel with the scale and detail of a cathedral. The other side is lined by tall …
SA Mathieson, 26 Sep 2016

Apple to crunch iOS 10 local backup password brute force hole

Apple is brewing a fix to patch an iOS password flaw that allows credentials to be stolen from backups. Elcomsoft researcher Oleg Afonin says the flaws mean cracking efforts against iOS 10 backups are 2500 times faster compared to similar efforts against iOS 9. If successful, the attack will grant access to device keychains. …
Darren Pauli, 26 Sep 2016
Value pack of two tins of Spam

Dev teaches bot to talk spammers' ears off

Brian Weinreich has been trolling spammers for two years using a bot that fires realistic and ridiculous replies to the pervasive online salespeople. The noted security developer created the bot as a means to waste the time of the blowflies of the internet after being affronted by a deluge of unsolicited sales pitches directed …
Darren Pauli, 26 Sep 2016
Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support. The information security site was last week hammered with a 620Gbps DDoS attack, widely rated one of the world's largest by volume of junk data. …
Darren Pauli, 26 Sep 2016

Australian Signals Directorate seeks offensive people

The antipodean spy agency the Australian Signals Directorate is seeking cleaning staff information security personnel for offensive and defensive operations. The Department of Defence agency is seeking warm bodies for "offensive cyber operators", penetration testing, vulnerability research, and development and support roles. …
Darren Pauli, 26 Sep 2016

Avaya explains its 'hyper-segmentation' approach to security

Interview It's way too easy to get past a firewall, map out an enterprise's network, and start tapping IP addresses looking for vulnerable machines – so why are we using Layer 3 addressing as the basis of the enterprise network? Avaya's new software-defined-networking-based architecture proposes to stop TCP/IP-based attack traffic at …
Paul Winchell and dummy

Turnbull's Transformers delete GitHub repo for federated ID project

What is going on at the Digital Transformation Office (DTO)? When The Register reported our concerns with the DTO's federated identity project, we asked the DTO's media office for responses and received none. The DTO isn't responding to the Australian Privacy Foundation's concerns with the project, the APF claims. It has, …

Australian border cops say they've cracked 'dark net' drug sales

Australian authorities say they can detect dark net transactions. We know this because the nation's Border Force (ABF), the black-shirt wearing guardians of Australia's frontiers, says as much in itstakedown notice of a “31-year-old man from Port Neill” in the State of South Australia. Said man fell foul of a joint ABF and …
Simon Sharwood, 25 Sep 2016
Lawyer up

And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!

Just two days after Yahoo! admitted hackers had raided its database of at least 500 million accounts, the Purple Palace is being dragged into court. Two Yahoo! users in San Diego, California, filed on Friday a class-action claim [PDF] against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive …
Iain Thomson, 24 Sep 2016
Office Space

Windows printer bug fixed

Microsoft has this week quietly admitted on its website that one of its security updates broke printing on pre-Windows 10 PCs. The MS16-098 patch, issued in August, fixes privilege escalation bugs in kernel-level drivers on Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2008 R2 Service …
Iain Thomson, 23 Sep 2016

IBM botched geo-block designed to save Australia's census

Australia's Bureau of Statistics has heavily criticised IBM for the security it applied to the nation's failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield. The Bureau also admits it could have done better in a submission (PDF) to a …
Simon Sharwood, 23 Sep 2016
Robert Croucher

UK copyright troll weeps, starts 20-week stretch in the cooler for beating up Uber driver

Updated The owner of a firm involved in sending speculative invoices to suspected downloaders is in trouble of his own after being convicted of a brutal assault on an Uber driver outside an exclusive London members-only club. Robert Croucher, MD of consultancy Hatton & Berkeley, wept in the dock after being found guilty of pushing …
Iain Thomson, 23 Sep 2016

Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs

A fresh update for Capcom's Street Fighter V for PCs includes a knock-out move: a secret rootkit that gives any installed application kernel-level privileges. This means any malicious software on the system can poke a dodgy driver installed by SFV to completely take over the Windows machine. Capcom claims it uses the driver to …
Chris Williams, 23 Sep 2016
Container image via Shutterstock

Red Hat relabels OpenShift Enterprise to Container Platform

Red Hat’s on-premises application serving software has been given a rename from OpenShift Enterprise to OpenShift Container Platform, at the same time adding a slew of enhancements to improve scalability and security. OpenShift started out as Red Hat’s platform as a service (PaaS) offering for application development centred …
Dan Robinson, 23 Sep 2016

London-based Yahoo! hacker gets 11 years for SQLi mischief

A 23-year-old man has been sentenced to two years in prison for his part in a cyber attack on Yahoo! in 2012. Nazariy Markuta, of Harlesden, London, was a member of the D33Ds Company network, which nicked over 450,000 customer email addresses and passwords from Yahoo! after an investigation by the UK's National Crime Agency ( …

Winners and losers: Here's who made the cut for mega TP2 framework

A public sector contracts fat cat and some household PC brands are among the suppliers that failed to directly win a place on a mega pan-government hardware and software framework contract, according to a preliminary list seen by The Register. The Technology Products (TP) 2 agreement, worth up to £4bn over four years, is due …
Paul Kunert, 23 Sep 2016

Plusnet outage leaves customers unable to stream Netflix. Horrors!

Ongoing technical problems at gaffe-prone Plusnet are leaving customers unable to stream videos or play games. According to the outfit's forum, the problems first began to appear yesterday. However, Plusnet also encountered packet loss problems earlier this month. One customer wrote to The Register to complain: "There is no …
Kat Hall, 23 Sep 2016

Cisco preps the P45s for 500 unlucky UK staffers

Cisco's UK staffers are beginning to feel the cold, sharp edge of the networking borg's axe, with up to 500 souls put at risk of redundancy across its entire local operation, multiple sources have confirmed to The Register. Switchzilla had said in August that a total of 5,500 global employees would be chopped this year, …
Kat Hall, 23 Sep 2016
Trophy. Image via Shutterstock

Think you’re a Tech Trailblazer but still warming up?

We know some blazers take longer to warm up than others, so you’ll be pleased to know that the deadline for this year’s Tech Trailblazers Awards has been extended to October 6. These awards have been running for six years, recognising and rewarding real innovation in real world business tech. So you can use that extra time to …
Team Register, 23 Sep 2016
Pulling the plug

Pull the plug! PowerPoint may kill my conference audience

Something for the Weekend, Sir? The man on stage is baffled. It was his big moment, a chance to show off his company’s proficiency and expertise, but now he’s being made to look useless. Two huge screens on either side of the stage are supposed to be displaying his presentation. They remain resolutely blank. A 200-strong audience of paying conference …
Alistair Dabbs, 23 Sep 2016
shutterstock_213172012

Woo hoo, UK.gov has unveiled yet another tech creche – for infosec

Plans are afoot in Westminster to burn even more taxpayers' cash by launching a new cyber-security startup accelerator in Cheltenham. The accelerator will be the umpteenth vehicle for funnelling money to muppets since the coalition government came to power. Other accelerators have included a military technology free-money …
band_aid_patching_648

OpenSSL swats a dozen bugs, one notable nasty

A dozen flaws have been patched in OpenSSL, including one high severity hole that allows denial of service attacks. The OpenSSL Project pushed patches in versions 1.1.0a, 1.0.2i and 1.0.1u, with most of the flaws flagged as low severity risks. The nastiest vulnerability (CVE-2016-6304) results when attackers issue a massive …
Team Register, 23 Sep 2016
NSA

Report: NSA hushed up zero-day spyware tool losses for three years

Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know. Multiple sources told Reuters last night that the investigation into the data dump released by a group calling …
Iain Thomson, 23 Sep 2016

Sad reality: It's cheaper to get hacked than build strong IT defenses

Whenever mega-hacks like the Yahoo! fiasco hit the news, inevitably the question gets asked as to why the IT security systems weren't good enough. The answer could be that it's not in a company's financial interest to be secure. A study by the RAND Corporation, published in the Journal of Cybersecurity, looked at the frequency …
Iain Thomson, 23 Sep 2016

Safe browsing checks fail as 16,000 WordPress sites hacked this year

At least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid. The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on …
Darren Pauli, 23 Sep 2016
A man chasing a plane

Moron is late for flight, calls in bomb threat

A Canadian idiot has been sentenced to a year behind bars after he was found guilty of calling in a bomb threat because he was running late for his flight. Michael Howells, 37, pleaded guilty to two counts of criminal mischief and received 12 months in jail along with a fine of CA$3,844.88 (US$3,000, £2,200). Howells was …
Shaun Nichols, 23 Sep 2016

Malware figures out it's running on VMs and refuses to execute

Malware writers are looking for the absence of documents to figure out which PCs are potential victims and which are virtual machines being used by white hats. SentinelOne senior researcher Caleb Fenton found the novel technique while attempting to coax the malware into activating so it could be analysed. The worm he was …
Darren Pauli, 23 Sep 2016

US Homeland Security launches IoT willy-waving campaign

The US Department of Homeland Security has announced plans to make the internet-of-things just a bit more complicated – by trying to shove itself into the market with a new security framework. On Thursday, assistant secretary for cyber policy at the DHS Robert Silvers told the Security of Things Forum in Cambridge, …
Kieren McCarthy, 22 Sep 2016
A burning dumpster

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

Updated Hackers strongly believed to be state-sponsored swiped account records for 500 million or more Yahoo! webmail users. And who knew there were that many people using its email? The troubled online giant said on Thursday that the break-in occurred in late 2014, and that names, email addresses, telephone numbers, dates of birth, …
Iain Thomson, 22 Sep 2016
Tom Cruise plays with impressive looking giant touchscreen in still from the movie Minority report (based on book by Phillip K DIck))

Brit boffins get $800k for Los Angeles Twitter pre-crime tech

Researchers from the University of Cardiff have been awarded more than $800,000 by the US Department of Justice to develop a pre-crime detection system. Boffins from the University’s Social Data Science Lab, which brings together a range of scientists to study the methodological, theoretical, empirical and technical dimensions …
Speed

Going hyperconverged? Don't forget to burst into the cloud

Here’s a key benefit of that shiny new hyperconverged box you just bought: it’s supposed to speak the cloud’s language. After all, hyperconverged storage is sometimes viewed as a private cloud in a box, melding storage, networking and compute into a single package with the storage management happening under the hood. It …
Danny Bradbury, 22 Sep 2016

DDoS attacks: For the hell of it or targeted – how do you see them off?

Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative. DDoS attacks can be massive, in some cases …
Danny Bradbury, 22 Sep 2016