Articles about security

brain

Smyte might brighten fraud plight: How machine-learning can be used to thwart crooks

Analysis Carousell, a mobile-friendly classified ads market, has to deal with fraud. Like other e-commerce sites, it has to deal with miscreants who use software scripts to register masses of new accounts. It also has to handle attempts to trick sellers into refunding overpayments on bad checks. Fraudsters will buy an item for $1,000 …
Thomas Claburn, 17 Aug 2017

US prosecutors demand data to unmask every visitor to anti-Trump protest website

Web hosting biz DreamHost is resisting a US government search warrant to turn over data about everyone who visited a website used to coordinate anti-Trump protests. The website, disruptj20.org, is hosted by DreamHost, and was used to organize inauguration protests on January 20, 2017, in Washington DC, according to court …
Thomas Claburn, 14 Aug 2017
instart logic screenshot

Revealed: The naughty tricks used by web ads to bypass blockers

Analysis Netizens may choose to block unwanted content – such as intrusive and misbehaving ads – but some advertising companies do not to accept that choice. Instart Logic describes itself as a content delivery service and much of that content happens to be advertising. The California-based biz is determined to help its clients present …
Thomas Claburn, 11 Aug 2017
Bitcoin, photo via Shutterstock

For fork's sake! Bitcoin Core braces for another cryptocurrency split

Bitcoin faces the possibility of yet another fork, a divergence anticipated by a code change proposal accepted by the developers of the Bitcoin Core client software. A week ago, Bitcoin split in two: legacy Bitcoin and Bitcoin Cash, an alternative cryptocurrency. Holders of existing Bitcoin saw a windfall, the option to …
Linux penguin canape... snacks. Photo by SHutterstock

Linux kernel hardeners Grsecurity sue open source's Bruce Perens

Updated In late June, noted open-source programmer Bruce Perens warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no- …
Headshot of Trojan horse

This typosquatting attack on npm went undetected for 2 weeks

A two-week-old campaign to steal developers' credentials using malicious code distributed through npm, the Node.js package management registry, has been halted with the removal of 39 malicious npm packages. Developers regularly add these bundles of JavaScript code to Node.js applications to implement common functions, so they …

FCC: We could tell you our cybersecurity plan… but we'd have to kill you

America's broadband watchdog, the FCC, has continued digging an ever-deeper hole over its claims it was subject to a distributed denial-of-service attack. The latest shovel of BS came in a letter [PDF] to US Congress in which the FCC's chief information officer David Bray said he could not tell Congressmen what the "additional …

In the red corner: Malware-breeding AI. And in the blue corner: The AI trying to stop it

Feature The magic AI wand has been waved over language translation, and voice and image recognition, and now: computer security. Antivirus makers want you to believe they are adding artificial intelligence to their products: software that has learned how to catch malware on a device. There are two potential problems with that. Either …

Brit voucher biz's signup page blabbed families' details via URL tweak

A UK web biz has been slammed for blocking people on Twitter just for reporting a security vulnerability that potentially leaked people's contact details. Kids Pass – a Cheshire-based outfit that offers more than 500,000 folks discount vouchers for family activities – was alerted over the weekend, via Twitter, that its code …
Rebecca Hill, 2 Aug 2017

No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech

After years of warnings about the parlous state of Internet of Sh!t security, the US Senate has finally introduced legislation on the matter. The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the …
Iain Thomson, 1 Aug 2017
Netflix Repulsive Grizzly logo

'App DDoS bombs' that slam into expensive APIs worry Netflix

Netflix has identified denial of service threat to microservices architectures that it's labelled “application DDoS”. Traditional DDoS attacks flood networks with bogus traffic so that infrastructure runs out of resources to serve legitimate users. Netflix characterises an application DDoS attack as one in which attackers “ …
Container image via Shutterstock

Malware? In my Docker container? It's more common than you think

Black Hat Docker containers are the perfect disguise for malware infections, warn researchers. Speaking at the 2017 Black Hat USA conference in Las Vegas, Aqua Security researchers Michael Cherny and Sagie Dulce said [PDF] the Docker API can be abused for remote code execution and security bypass. Popular with developers as a way to …
Shaun Nichols, 28 Jul 2017
Man with megaphone

This is the Dell security team. We have you surrounded. Come out with a purchase order

Security buyers: Dell's got you surrounded. Come out with a purchase order, buy security software, and we can bring this to a peaceful ending. That appears to be the plan for integrating RSA and Dell, based on interviews The Register has conducted with RSA execs at the company's Asian conference in Singapore. We wanted to …
Simon Sharwood, 28 Jul 2017
World globe showing Asia

Australia cyber minister wants Asia to define new global laws of digi-war

Dan Tehan, Australia's minister assisting the prime minister for Cyber Security, says south-east Asian nations are beginning to discuss a joint regional approach to best practise cyber-security, and perhaps even also a new set of rules of engagement for online conflict. Tehan yesterday delivered a keynote address to the RSA …
Simon Sharwood, 27 Jul 2017

Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone

Police in Germany will forego seeking decryption keys for secure messaging apps, like WhatsApp, and instead simply hack devices to snoop on suspects. Given the grumblings coming from Australia, the UK, and other Five Eyes states about encrypted messaging, we suspect these nations will follow suit – if they're not there already …
Shaun Nichols, 26 Jul 2017
burglar

A vendor that doesn’t think AI and ML will fix security? We found one!

Machine learning and artificial intelligence will improve security technologies and outcomes, but “won’t move the needle as much as people think”, according to RSA chief technology officer Zulfikar Ramzan. Speaking to The Register at the company’s Asian conference in Singapore today, Ramzan said that while AI and ML will …
Simon Sharwood, 26 Jul 2017
Image by infografick https://www.shutterstock.com/g/infografick

Crap gift card security helps crims spend your birthday pressie cash

Gift cards' lousy security makes it easy for crooks to spend marks' money, researchers said Tuesday night. During their presentation at the BSides conference in Las Vegas, William Caput and Sam Reinthaler used an $80 card reader and writer, and some tech savvy, to demonstrate just how easy it is for miscreants to get access to …
Iain Thomson, 26 Jul 2017
ISO7816 Tattoo

You don't call, you don't text: SIM-flinger Gemalto warns of 9% sales drop

Security software-maker Gemalto has once again issued a trading update, warning its second quarter revenue will fall 9 per cent to €742m (£663m) compared with the same period in 2016. The company said its profit from operations are in line with expectations at approximately €93m (£83m). However, due to a lacklustre SIM market …
Kat Hall, 24 Jul 2017

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2017