Articles about security

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

The world's top PC-makers have started to ship fixes for the multiple flaws in Intel's CPUs, but plenty won't land until 2018. The flaws struck multiple flaws in Intel's Management Engine, Server Platform Services, and Trusted Execution Engine and make it possible to run code that operating systems – and therefore sysadmins …
Simon Sharwood, 23 Nov 2017
An angry woman steaming from the ears

You're such a goober, Uber: UK regulators blast hushed breach

Brit regulators, security agencies and MPs have slammed Uber for covering up the massive data breach of 57 million customer and driver records. The company – already in hot water in London for its failure to toe the regulatory lines required of a taxi firm – has been widely condemned for concealing the 2016 breach. The UK's …
Rebecca Hill, 22 Nov 2017
Cyber

Loake Shoes admits: We've fallen victim to cybercrims

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers. In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack". "Despite having stringent security measures in place, …
Andrew Silver, 22 Nov 2017

National Cyber Security Centre boss: For the love of $DEITY, use 2FA on your emails, peeps

The chief exec of the National Cyber Security Centre – a branch of the UK's spy nerve-centre GCHQ – has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web. Speaking at the Parliament and Internet …
Kat Hall, 21 Nov 2017
A Ransom Note

Bitcoin outfit 'Tether' reveals US$31m BitBuck BitHeist

Bitcoin outfit “Tether” has reported a US$31m BitBuck BitHeist. Tether offers the chance to “to store, send and receive digital tokens pegged to dollars, euros, and yen person-to-person, globally, instantly, and securely for a fraction of the cost of any alternative.” Those tokens are exchangeable 1:1 with the boring old pre- …
Simon Sharwood, 21 Nov 2017
Haswell E5-2600 series die

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts. The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, …
Thomas Claburn, 20 Nov 2017
vulture tv reporter

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation. Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described …
Shaun Nichols, 20 Nov 2017
Linus Torvalds flips the bird

Some 'security people are f*cking morons' says Linus Torvalds

Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously …
Simon Sharwood, 20 Nov 2017
closed

Shamed TLS/SSL cert authority StartCom to shut up shop

Controversial certificate authority StartCom is going out of business. Startcom board chairman Xiaosheng Tan told The Register the business will close its doors on January 1, 2018, at which point new certificates will no longer be issued. CRL and OCSP service will continue for two years from then, when StartCom's three key …
Andrew Silver, 17 Nov 2017
LLOYDS BANK BUILDING opposite royal courts of justice

Lloyds' Avios Reward credit cardholders report fraudulent activity

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted. Reports first emerged on air miles site Head for Points, where readers asked if the credit card had suffered a major data breach. One said: "About a week ago my wife's Lloyds Avios Amex card was …
Kat Hall, 17 Nov 2017

Anonymized location-tracking data proves anything but: Apps squeal on you like crazy

Anonymized location data won't necessarily preserve your anonymity. M. Keith Chen, associate professor of economics at UCLA's Anderson School of Management, and Ryne Rohla, a doctoral student at Washington State University, accomplished this minor miracle of data science by assuming that the GPS coordinates transmitted by …
Thomas Claburn, 17 Nov 2017

US govt to use software to finger immigrants as potential crims? That's really dumb – boffins

A group of 54 computer scientists and academic researchers on Thursday asked the US Department of Homeland Security to rethink its plan for employing software algorithms to determine whether immigrants to the country should be admitted or deported. To implement various White House executive orders to limit immigration through …
Thomas Claburn, 16 Nov 2017
ABC logo

Australian Broadcasting Corporation leaks passwords, video from AWS S3 bucket

The Australian Broadcasting Corporation (ABC) has joined the long list of organisations to leak sensitive data from a poorly secured public-facing Amazon Web Services S3 bucket. Security outfit Kromtech's chief communications officer Bob Diachenko on Thursday revealed today that the company “identified a trove of data that is …
Simon Sharwood, 16 Nov 2017

Amazon Key door-entry flaw: No easy fix to stop rogue couriers burgling your place unseen

Analysis Amazon has pushed out an emergency security update to its door-unlocking system called Key – which is used by couriers to let themselves into people's homes to drop off packages inside when folks are out. Delivery workers show up at a home, and use a smartphone to temporarily disable the lock on the front door so they can pop …
Kieren McCarthy, 16 Nov 2017
The Internet Archive in San Francisco

Inside Internet Archive: 10PB+ of storage in a church... oh, and a little fight to preserve truth

At the Internet Archive's headquarters in San Francisco, California, on Wednesday, technologists, educators, archivists, and others fact-oriented folks gathered to discuss how they and the like-minded can save news from the memory hole – a conceit conjured by George Orwell to describe a political mechanism for altering the truth …
Thomas Claburn, 16 Nov 2017
Walking Legs by Shutterstock

Q: Why are you running in the office? A: This is my password for El Reg

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users. Unlike the collaboration between American and Hong Kong researchers who want “who are you?” for ad-tracking, the National Institute of Technology, Karnataka boffins' …
Hackers

The four problems with the US government's latest rulebook on security bug disclosures

Analysis The United States government has published its new policy for publicly disclosing vulnerabilities and security holes. The new rulebook [PDF] – and the decision to make it public – comes following a tumultuous 12 months in which Uncle Sam's chief spy agency, the NSA, was devastated to discover part of its secret cache of …
Kieren McCarthy, 15 Nov 2017
OnePlus 2 backs

Heads up: OnePlus phones have a secret root backdoor and the password is 'angela'

Updated An apparent factory cockup has left OnePlus Android smartphones with an exposed diagnostics tool that can be potentially exploited to root the handsets. Security researcher Robert Baptiste suggested the EngineerMode APK was made by Qualcomm, and was intended to be used by factory staff to test phones for basic functionality …
Shaun Nichols, 14 Nov 2017

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2017