Articles about Security

Symantec data centre security software has security holes

Security bod Stefan Viehböck has detailed holes in Symantec's data centre security platforms that the company plugged this week because they allowed hackers to gain privilege access to management servers. The patches fix holes in the management server for Symantec Critical System Protection (SCSP) 5.2.9 and its predecessor Data …
Darren Pauli, 23 Jan 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …
Brute force

Home Wi-Fi security's just as good as '90s PC security! Wait, what?

UK home Wi-Fi security is as bad as PC security was in the 1990s, according to a new study. Security software firm Avast found that more than half of all routers are poorly protected by default or common, easily hacked password/ID combinations. Easily hacked password combinations such as admin/admin or admin/password, or even …
John Leyden, 08 Dec 2014
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015

NTT Com Security to wed UK cyber specialist Nebulas, say sources

NTT Com Security is to acquire rapidly growing London-based Nebulas Solutions Group, according to well-placed industry tipsters. Talks between the pair progressed in recent weeks though details of any financial exchange were not available at the time of writing. Nebulas is unlikely to come cheap. Sources tell us specialist …
Paul Kunert, 27 Feb 2015
Houses of Parliament in night-time

MP resigns as security committee chair amid 'cash-for-access' claims

Former foreign secretary Sir Malcolm Rifkind is stepping down as chair of the UK Parliament’s influential security committee in the wake of "cash for access" allegations. In a statement, Rifkind said he intends to remain a member of the Intelligence and Security Committee but will step down as chairman. The ISC, which overseas …
John Leyden, 24 Feb 2015

Scouts take down database due to 'security vulnerabilities'

The Scouts Association has taken down its Compass database, which holds the records of nearly half-a-million young people and adult volunteers, after discovering a "potential security vulnerability," The Register can reveal. In a letter seen by El Reg and addressed to members this morning, the association said the decision was …
Kat Hall, 28 Jan 2015
Australian Prime Minister Tony Abbott

Australia to conduct national cyber-security review

Australia will conduct a national “cyber-security review”. Speaking today at the launch of the new Australian Cyber Security Centre in Canberra today, prime minister Tony Abbott put network security on par with physical security, said it is a guarantor of economic security and added “it is so important we keep one step ahead of …
Simon Sharwood, 27 Nov 2014
John Brennan protests TSA security by going starkers

Feds investigate Homeland Security background checker security breach

A contractor running background checks for the US Department of Homeland Security has suffered a potentially embarrassing security breach. The security snafu at USIS reportedly led to the theft of some DHS employees’ personal information. The recently discovered breach prompted DHS to suspend all work with USIS, pending the …
John Leyden, 05 Nov 2014
Bitcoins

Canuck Bitcoin exchange gives up after security SNAFU

Canadian Bitcoin exchange Cavirtex, said to be the country's largest, will shut its doors after its two factor authentication credentials were probably compromised. The breach, spotted last Sunday, affected two factor secrets and hashed passwords stored in an older database and did not match log in details to identification …
Darren Pauli, 19 Feb 2015
Random numbers

Security? Don't bother until it's needed says RFC

All-or-nothing approaches to security are part of what's making it so hard to achieve acceptable protection, a new RFC suggests. Written by Viktor Dukhovni of Two Sigma, RFC 7435 argues that the way current systems fail is a discouragement to good security. A binary failure – if two peers in a conversation don't have the same …

Herjavec Group swallows Brit security services minnow Sysec

Candadian managed security services biz Herjavec Group has crossed the pond to hoover up Brit minnow Sysec, a specialist boutique that ploughs its furrow in the same field. The buy forms part of Herjavec’s three-year $250m “expansion plan” - it is more than half way there but may need to make a few more buys to get there given …
Paul Kunert, 05 Feb 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
The European flag

EU parliament bans Outlook app over cloudy security: report

The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports. The Parliament's IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate …
Darren Pauli, 12 Feb 2015

Craft bazaar Etsy's security plan is candy to get devs talking

Kiwicon podcast Etsy's security chieftain Rich Smith has told the hacker faithful to secure their organisations by buttering-up devs with beer and candy. Speaking at the KiwiCon event in Wellington, New Zealand, the guardian of the popular hipster bazaar and co-founder of Iceland consultancy Syndis offered tips from running the fast-spaced …
Darren Pauli, 12 Dec 2014
Drawing of brain

Europe's cyber security agency wants pick your infosec BRAINS

Do you work in the ICT sector? If so, Europe’s top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders’ Group”. Self-declared experts who work in the ICT sector for fixed and mobile electronic communications …
Jennifer Baker, 07 Nov 2014
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
hands waving dollar bills in the air

Hewlett Foundation lays out MEELLIONS on security

The Hewlett Foundation has found US$45m in its other jacket, and has anointed three lucky US universities to spend on security research. MIT, Stanford and UC Berkeley will share the simoleons, in a program MIT says is designed to generate a “robust marketplace of ideas”, whatever that is. On a more pragmatic basis, the …
iPhone forensics beaten image

Security holes in iOS? We've heard of them, says Apple (as it fixes vanishing ringtones)

Apple has released an update for iOS that addresses some rather annoying performance bugs, but leaves major security holes open. The company said the iOS 8.1.2 over-the-air update will address performance issues with the Apple mobile platform, including a flaw which had caused ringtones to disappear from handhelds. "This …
Shaun Nichols, 10 Dec 2014
Uber - living the dream

Taxi app Uber plugs 'privacy-threatening' web security flaw

Updated A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication credentials …
John Leyden, 10 Dec 2014
Our artist's impression of how BA handles lost baggage complaints

iPAD-FONDLING fanboi sparks SECURITY ALERT at Sydney airport

An iPad-obsessed bloke reportedly triggered an irritating security alert at Sydney Airport in Australia earlier today. The passenger apparently skipped the screening process and instead used an exit at the airport's Terminal 3, which is used for domestic flights, because his head was buried deep in his fondleslab. It would seem …
Kelly Fiveash, 27 Sep 2014

Microsoft updates Outlook app security, but haters still gunna hate

Microsoft has upgraded the security controls of its mobile Outlook app to allow credentials to be kept on its servers rather than Amazon's. Security upgrades detailed in a Redmond blog include PIN lock enforcement and faster remote wiping of application data, some of which will be deployed in coming months, along with …
Darren Pauli, 19 Feb 2015
Daniel Craig in Casino Royale

Sly peers attempt to thrust hated Snoopers' Charter into counter-terror and security bill

Britain's ISPs have attacked sneaky, proposed amendments to the Counter-Terrorism and Security Bill that were tabled by four peers in Parliament this week – as they mounted an attempt to resurrect the Snoopers' Charter. Home Secretary Theresa May's draft Communications Data Bill was rejected by politicos in 2012, however, the …
Kelly Fiveash, 24 Jan 2015
cloud

Alca-Lu security stuff goes virtual

Yet more of Alcatel-Lucent's portfolio has escaped its hardware prison to be virtualised: this time, it's the vendor's security solutions. Alca-Lu's Motive Security Guardian (MSG) – based on technology that came with Kindsight Security Labs, which it acquired in April 2013 – is to be turned into a virtualised service, the …
Australian Prime Minister Tony Abbott

Australian government's 'cyber-security' review delayed

One day after Australia's prime minister Tony Abbott promised a more hard-line approach to national security, the government has delayed a cyber-security review. Over the weekend, the PM's YouTube channel carried a statement (video at the end of this story) in which he complained that Australia's treatment of immigrants-turned- …

Cert-slurping security firms chop super-fishy features

Security companies Lavasoft and AdTrustMedia, have been found using the SSL slurping certificate - or something very similar - made infamous by the Lenovo-Superfish debacle. Lavasoft used the certificate in its web inspection software Ad-Aware Web Companion and the Alpha testing version of AdBlocker. The software was restricted …
Darren Pauli, 24 Feb 2015
Angry-looking cat. Pic by  Guyon Morée from Beverwijk, Netherlands. licensed under the Creative Commons Attribution 2.0 Generic license

Google boffins PROVE security warnings don't ... LOOK! A funny cat!

The revised SSL warning interface introduced in Chrome 37, designed to teach users more secure behaviours, was only a partial success – according to the Chrome security team's own analysis. Confusing security warnings serve only to make users more insecure and normalise risky behaviours, according to Google. To try and beat that …

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014

Privacy alert: Outlook for iOS does security STUPIDLY, says dev

Big Blue boffin Rene Winkelmeyer has taken aim at Microsoft's iOS Outlook app, launched overnight, claiming it stores credentials in the cloud potentially even after delete requests, and does not observe known good security practices. The spray against the House That Bill Built followed an examination into the way the app …
Darren Pauli, 30 Jan 2015
Edward Snowden

Edward Snowden: best ... security ... educator ... EVER!

A good deal of folk aware of NSA leaker Edward Snowden have improved the security of their online activity after learning of his exploits, a large survey has found. Researchers from think tank The Centre for International Governance Innovation collected responses from 23,376 users between October and November and found 60 …
Darren Pauli, 28 Nov 2014
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014
Angry woman on mobile

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws

A newly discovered security flaw in WhatsApp allows anyone to track a user’s status, regardless of their privacy settings, a student claims. The same bug also lifts the kimono on profile picture and privacy settings - in default settings only - and status messages regardless of privacy settings. Maikel Zweerink, a Dutch …
John Leyden, 16 Feb 2015

Juniper whips out knife, slices off security products

Months after Juniper Networks confirmed the prioritisation of revenue-generating projects, the firm has quietly dumped several security products, causing upset to some of its nearest and dearest in the channel. Following a “disappointing” set of calendar Q3 financials, Juniper’s then CEO, Shaygan Kheradpir, said it was cutting …
Paul Kunert, 01 Dec 2014
closed_sign shut down under collapsed liquidation

Akamai warns: SMB security remains major risk

Security offerings for small businesses need to look more like those offered to enterprises, according to Akamai global security senior director Fran Trentley. Speaking to The Register while in Sydney for the Gartner Security & Risk Management Summit, Trentley said SMBs are increasingly seen as attack targets, and that poses a …
padlock

Boffins propose security shim for Android

An international group of researchers believes Android needs more extensible security, and is offering up a framework they hope either Google or mobe-makers will take for a spin. The project is described in this paper slated for the Usenix Security Symposium on Friday in San Diego. The researchers from Germany's Technische …
Night scene of bank station in central london

Lazy FTSE 350 firms think lawyers can fight off cyber-security worries

Poor communication between boards and front-line management as well as a growing reliance on legal remedies mean UK companies are still falling short when it comes to cyber-security. A KPMG survey of FTSE 350 firms found that 61 per cent of board members reckoned they had a decent understanding of their company’s key information …
John Leyden, 16 Jan 2015

NIST wants better SCADA security

America's National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems. The Reconfigurable Industrial Control Systems Cybersecurity Testbed is only in its earliest stages. According to this RFI, the …
Department of Homeland Security

Top senator blasts US Homeland Security for leaving cyber-drawbridge down

A member of the US Senate's Homeland Security Committee has slammed the Department of Homeland Security over America's cyber-defenses: Tom Coburn (R-OK) said the agency is failing to protect the nation's IT infrastructure despite at least $700m in funding. "The nature of cybersecurity threats – and the ability of adversaries to …
Iain Thomson, 08 Jan 2015

Security SEE-SAW: $3 MEEELLION needed to fight a $100k hack

It costs a whopping $3.1m to defend against a $100,000 advanced attack, a security duo claims. The imbalance - well-known to security pros - was illustrated in research presented by Microsoft security strategist Paul McKitrick and founder of security startup ICEBRG William Peteroy (@wepiv) at the Kiwicon hacker fest in …
Darren Pauli, 18 Dec 2014

Security hawker gives the bird to mid-east hack group

A team of attackers tagged by Kaspersky as the first "advanced Arab hackers" has passed around malware targeting Middle East governments, the military and others. So far 100 malware samples attributed to the group have been tagged, the hacker branding consultancy claims. Kaspersky Labs researchers revealed the attacks at the …
Darren Pauli, 18 Feb 2015
padlock

EU flings €1m at open source security audit wheeze

EU institutions have finally got the memo about it being a good idea to pinpoint and fix security vulnerabilities. Next year the European Parliament has allocated up to €1m for a project to audit free software programs in use at the European Commission (EC) and the EU Parliament in order to find and repair potential weaknesses …
Jennifer Baker, 23 Dec 2014

Amazon flicks switch on CloudFront security features

Amazon has beefed up security on its CloudFront services, adding Perfect Forward Secrecy, OCSP stapling and session tickets to its SSL support. The company describes the new AWS features in full in this blog post. Session tickets are designed to improve performance, particularly in the case of an interrupted session between …

Moscow, Beijing poised to sign deal on joint cyber security ops

Moscow and Beijing will next month sign a deal to commence joint information security projects and operations, and to increase cooperation in the space, according to a popular Russian newspaper with ties to President Vladimir Putin. Kommersant owned by Russia's richest man and President Putin ally Alisher Usmanov reported ( …
Darren Pauli, 24 Oct 2014

Sage Pay anti-POODLE upgrade REDUCED security - briefly

Online payment service Sage Pay has been fingered for temporarily reducing its security while revamping its site security. Security consultant Paul Moore noticed that the Sage Pay website was briefly running a weak cipher last week. The issue was quickly corrected after Moore went public with his concerns on Tuesday. He …
John Leyden, 04 Feb 2015

Facebook security chap finds 10 Superfish sub-species

Facebook security researcher Matt Richard says The Social NetworkTM has found at least ten more outfits using the library that gave the Superfish bloat/ad/malware its nasty certificate-evading powers. Richard, a “threats researcher” on Facebook's security team, writes that in 2012 Facebook “... started a project with researchers …
Simon Sharwood, 23 Feb 2015
Photo of Kim Jong-un using an archaic computer

SURPRISE: Norks' Linux distro has security vulns

Well, that didn't take long: mere days after North Korea's Red Star OS leaked to the west in the form of an ISO, security researchers have started exposing its vulnerabilities. According to this post at Seclists, the udev rules in version 3.0 of the US and the rc.sysint script in version 2.0 are both world-writable. Both of …

GCHQ grants security clearance to Samsung's Knox mobe security

The official containerisation solution for security on Samsung phones and tablets has passed muster with GCHQ. It’s now deemed safe enough for UK government employees to get a Galaxy Note 3, Galaxy S3 S4 or Galaxy S5 all of which run the Korean firm's KNOX software. This is only to the OFFICIAL (PDF) level of security. This is …
Simon Rockman, 16 May 2014

Security's revamped index of pain readies for release

The great unwashed has been afforded an opportunity to comment on a new scheme for classifying the severity of infosec vulnerabilities issued by the National Institute of Standards and Technology. The Common Vulnerability Scoring System (CVSS) is a pain-assessment index that offers a one-to-ten scale to describe vulnerabilities …
Darren Pauli, 12 Jan 2015

Do your execs take mobile security seriously?

Reader Poll One of the findings emerging from our latest poll is that many of you are highlighting a lack of exec awareness and air cover when it comes to mobile security. This in turn appears to translate to a lack of funding to put the systems in place to cope with new devices, BYOD and so on. Is this something you are experiencing? If …
Dale Vile, 11 Jul 2014