Feeds

Security > More stories

Game pirates 'donate' compute power to Bitcoin miners

Hundreds of video game pirates have generously, if inadvertently, donated their compute resources to virus writers by downloading Bitcoin miner-infected torrent listings. Dozens of game torrent files identified by Microsoft threat researchers as malicious have been downloaded thousands of times and were continuing to be seeded ( …
Darren Pauli, 23 Sep 2014

Dyslexic, dyspraxic? No probs, says GCHQ

The British Government Communications Headquarters (GCHQ) says it employs 120 dyslexic and dyspraxic staff for code breaking and counter-espionage. Chairman of the dyslexic and dyspraxic committee, known just as Matt, said the neuro-diverse staff had "spiky skills" where they may excel in analytical areas at expense of others …
Darren Pauli, 23 Sep 2014
Targeted Spam

Mushy spam law's IDEAL for toothless watchdog: Spamhaus slams CAN-SPAM

Antispam organisation Spamhaus has reacted phlegmatically to a recent survey that one in 10 of the world’s largest online retailers are still violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. Richard Cox, CIO of The Spamhaus Project, suggested the Online Trust Alliance (OTA)'s …
John Leyden, 22 Sep 2014

Exercise-tracking app not QUITE fit for purpose

Popular fitness app MyFitnessPal, used by 65 million people, has fixed a vulnerability that exposed personal information including date of birth records. The profiles allowed users to fill out their private location data including country, state, and city but not street-level addresses for the purposes of linking neighbours. …
Darren Pauli, 22 Sep 2014

Who.is does the Harlem Shake

Websites across the internet are doing the Harlem Shake after online comedians began exploiting cross site scripting (XSS) flaws that make pages dance and speakers blare. The flaws exist in the DNS text record – not the protocol – due to a lack of sanitation, and allowed internet scamps to turn boring websites like Who.is into a …
Darren Pauli, 22 Sep 2014
Trajectory-cutting to preserve anonymity

Your location info is too revealing: data boffins

A group of researchers partly supported by SAP has taken a look at one of the big problems with so-called “anonymised” data: the way spatial correlations in mobile data can be used to re-identify individuals in large data sets. Location data is the big problem, the Singapore-led group says: even if the resolution of a phone's …

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014
padlock

CloudFlare ditches private SSL keys for better security

CloudFlare has announced the outcome of what it says is two years' work – switching on Keyless SSL – which lets customers encrypt their web traffic via the company's services without having to hand over their private SSL keys. In this blog post announcing the service, cofounder and CEO Matthew Prince explains that “the only way …
Files

New UK.gov DATA SLURPING diplomat to push US telcos to share more subscriber info

The British government has appointed a senior diplomat who will act as a go-between on overseas data access jurisdiction issues, to push communication providers - particularly those based in the US - to share more information with UK spooks. The new post, created by Prime Minister David Cameron, comes after Whitehall pushed what …
Kelly Fiveash, 21 Sep 2014
By Luke Ford  http://www.lukeford.net/Images/photos4/071209/214.htm  Licensed under Creative Commons Attribution-Share Alike 2.5 Generic http://creativecommons.org/licenses/by-sa/2.5/deed.en

'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*

A new round of what appear to be private, naked photos of female celebrities including US television reality star Kim Kardashian have apparently been leaked online. The latest stash of pics, which seemed to include two naked selfies taken by Kardashian with a Blackberry handset, were easily accessible on Twitter late on Saturday …
Team Register, 21 Sep 2014

Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln

eBay bans the use of cross-site scripting on the online tat bazaar because it can open up the site's users to nasty phishing vulnerabilities. And yet, according to the BBC, some auction listings have been exposed to the exploit since February this year. Some users hunting for old iPhones could have been caught up in the security …
Team Register, 21 Sep 2014

Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring

Analysis The internet was in a tizzy this week following the disappearance of what's assumed to be a warrant canary in Apple's latest report on governments demanding users' private data. The mere presence of the canary paragraph is supposed to signal that no information has been extracted. Thus, if it vanishes, it's assumed records have …
Iain Thomson, 20 Sep 2014
Microsoft CEO Satya Nadella

Blood-crazed Microsoft axes Trustworthy Computing Group

Microsoft is closing its Trustworthy Computing Group as part of the loss of 2,100 jobs in a restructuring plan unveiled on Thursday. The Trustworthy Computing Group is to be disbanded, with responsibilities for security and privacy programs folded into its Cloud & Enterprise Division, and its Legal & Corporate Affairs group. …
John Leyden, 19 Sep 2014
FBI badge and gun

TOR users become FBI's No.1 hacking target after legal power grab

The FBI wants greater authority to hack overseas computers, according to a law professor. A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet. The …
John Leyden, 19 Sep 2014

Russian botnet suspects cuffed over romantic MMS spyware allegs

Russian cops have arrested two mobile botnet cybercrime suspects as part of an ongoing investigation that's reckoned to be the first of its kind in Russia. The unnamed duo, aged 25 and 24 and both resident in Arkhangelsk (a city in the north of European Russia) were arrested as part of an investigation into attempts to defraud …
John Leyden, 19 Sep 2014

Google Apple grapple brings crypto cop block to Android

Google is set to build default encryption into its new Android fondleslabs in a bid to foil police forensics (and maybe to copy or catch up with Apple). The security enhancement, reported by the Washington Post, follows Apple's release of iOS 8, which introduced broader encryption, and will ensure Google-powered devices will be …
Darren Pauli, 19 Sep 2014
padlock

Samsung unlocks Knox at zero bucks

Samsung has dropped the cost of its mobile device management (MDM) suite Knox to $0. You don't get all of Knox for that price, as $0 what you'll pay for a new “Express” version of the service offering basic MDM features like a cloud management portal and the ability to create a password-protected partition in which employer- …
Simon Sharwood, 19 Sep 2014

Google bloke Beer buzzes iOS 8, OS X in bug-busting bonanza bash

Apple has crushed a tonne of bugs across its products including 53 vuln fixes in iOS 8 and a heap of others in OS X Mavericks, the majority reported by Google researcher Ian Beer. Cupertino shut down iOS code execution bugs with root or kernel privileges some of which could be executed through a web browser, and closed off the …
Darren Pauli, 19 Sep 2014
Orange Credit Card

Home Depot: 56 million bank cards pwned by malware in our tills

Home Depot today admitted 56 million bank cards are at risk after they were used in malware-infected tills. The DIY giant on Thursday revealed that a software nasty infiltrated its PC-powered registers between April and September in the US and Canada. Cards swiped through the compromised machines could be accessed by the malware …
Shaun Nichols, 18 Sep 2014
Snowden image

Snowden's NSA leaks have galvanised the storage world

Anyone following the fortunes of the world’s biggest technology companies will have noticed a trend: every one of them has gone potty for privacy. This is not out of some sudden moral urge but because their futures depend on proving that they are good at protecting people’s personal data. The Edward Snowden leaks, in particular …
Tom Brewster, 18 Sep 2014
Alistair Darling and Alex Salmond debate Scottish independence

Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM

Web users have been warned to be wary of fake results messages about the Scottish Independence referendum. The warning from UK.gov-backed Get Safe Online comes hours after the polling booths opened north in the border in a history-making vote that will determine Scotland's fate. Unlike a political election, there will not be …
John Leyden, 18 Sep 2014

China hacked US Army transport orgs TWENTY TIMES in ONE YEAR

Sophisticated Beijing-backed hackers raided civilian organisations responsible for the movements of US troops and equipment 20 times in one year of which only two were detected by the responsible agency, an audit report has found. Contractors underneath the US Transportation Command (TRANSCOM) agency were hacked a total of 50 …
Darren Pauli, 18 Sep 2014
ISIS Islamists in Iraq

Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks

The Snowden leaks have not changed the way jihadi terorrists communicate, according to a new study. A report by Flashpoint Partners concludes that jihadi/terrorist groups, their recruits and affiliates are making greater use of secure communications tools. Yet the report ascribes this to the development of new encrypted …
John Leyden, 18 Sep 2014

Comprehensive guide to obliterating web apps published

The global security community has completed an 18-month effort to produce a guide it is hoped will boost the standard of web application testing and address new and dangerous technologies. Version 4 of the Open Web App Security Project's (OWASP's) Testing Guide [pdf] was produced by more than 60 security bods from around the …
Darren Pauli, 18 Sep 2014

Apple's Cook: We have never allowed g-men access to Apple servers

Apple has made some amendments to its privacy policy, and has used the occasion to run an open letter from CEO Tim Cook explaining the changes. Taking a swipe at Google and others, Cook tells the world that since Apple's income is products, not profiles, “we don’t build a profile based on your email content or web browsing …
NSA parody T-shirt

Spies would need SUPER POWERS to tap undersea cables

The Register has found itself subject to a certain amount of criticism for this author's scepticism regarding whether the NSA has been snooping on optical fibre cables by cutting them. Glenn Greenwald's recent “NSA cut New Zealand's cables” story is illustrative of credibility problems that surround the ongoing Edward Snowden …
cookies_eyes_privacy evercookies flash cookies

Boffins plot global (browser) cookie crumb trail

Privacy laws covering the use of personally-identifiable information are, on a global scale, creating a dizzying patchwork of cookie-cutter cookie-serving companies created to sniff our Web browsing. That's one conclusion of research led by Marjan Falahrastegar at Queen Mary University, London. The group, which included …
BitTorrent Chat/Bleep

BitTorrent's peer-to-peer chat app Bleep goes live as public alpha

Bleep, the BitTorrent peer-to-peer chat client, is now out in the wild in the form of a public Alpha version. First released to registered pre-alpha users in July, Bleep was then in Windows versions only. Now it's gone to release, the organisation has added Android and Mac versions. As BitTorrent explains here, Bleep lets users …
Adobe security

Critical Adobe Reader and Acrobat patches FINALLY make it out

Adobe belatedly pushed out critical updates for its frequently-attacked Reader and Acrobat PDF software packages on Tuesday. Mac and Windows users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09. Adobe Reader X (10.1.11) users who can't upgrade are being offered a patched version of the earlier …
John Leyden, 17 Sep 2014
Crime in Russia

UK.gov lobs another fistful of change at SME infosec nightmares

Business secretary Vince Cable has announced a £4m fund to help small businesses fight cyber crime. This has not gone down well with the infosec world. Security experts have said a bigger slice of the UK's £860m cyber security budget ought to be allocated to tackling security problems at the SME level to have any realistic …
John Leyden, 17 Sep 2014

Citadel Trojan phishes its way into petrochem firm's webmail

Trusteer researchers are saying that the victims of the latest round of Citadel trojan infections includes one of the largest petrochemical companies in the world. The attacks, like so many others, targeted critical infrastructure organisations using phishing campaigns to steal network credentials. Researcher Dana Tamir said …
Darren Pauli, 17 Sep 2014
australian credit cards fraud contactless

Credit card cutting flaw could have killed EVERY AD on Twitter

Twitter has patched a flaw in its service that allowed unauthorised users to delete every credit card from all accounts, potentially relieving the company of its advertising revenue, security researcher Ahmed Aboul-Ela says. The attacks worked through a direct object reference vulnerability and involved the manipulation of …
Darren Pauli, 17 Sep 2014

Cisco sprinkles Sourcefire goodies on ASA firewalls

Cisco has taken the next step in wrapping the technology it acquired along with Sourcefire, by putting its Adaptive Security Appliance (ASA) next-gen firewalls and the FirePOWER technology into the blender and giving it a good spin. The idea is to run up a combination of firewall, application control, intrusion prevention and …

Amazon REINTRODUCES Kindle swindle vulnerability

Amazon has reintroduced and again fixed a flaw into its Kindle management page that allows attackers to commandeer accounts by booby trapping pirated books, researcher Benjamin Mussler says. The flaw was first discovered and fixed last October, when Amazon closed off the ability for bad guys to inject nasty script into eBook …
Darren Pauli, 17 Sep 2014

Got your NUDE SELFIES in the cloud? Two-factor auth's your best bet for securing them

Bill Gates in 2004 predicted the death of the password over time. “They just don’t meet the challenge for anything you really want to secure,” Gates said. Ten years on, passwords haven’t gone anywhere and as the recent nude-celeb-pics-on-iCloud proved, the medium is still not up to muster yet is in widespread use in scenarios …
Stuart Burns, 16 Sep 2014

Rejoice, Blighty! UK is the TOP of the WHOLE WORLD ... for PHISHING

British punters are being served three times as many phishing links to trojans and exploit kits than the US, and five times more than the Germans, according to a ProofPoint study. The security researchers say that while the English were being served more malicious links, Germans were hit with the greatest amount of unsolicited …
Darren Pauli, 16 Sep 2014
Flag of Israel; credit James Emery

Israeli spies rebel over mass-snooping on innocent Palestinians

Israeli politicians and a former military intelligence commander have hit back at reservists who criticized Israel for spying on ordinary Palestinians. Last week, 43 Israeli military intelligence reservists signed a letter refusing to serve in the occupied Palestinian territories over fears snoops were planning to blackmail …
John Leyden, 16 Sep 2014

Attackers tapping on SNMP door to see if it's open

Google's DNS IP address is being spoofed by an attacker, apparently in an attempt to DDoS hosts vulnerable to a flaw in the SNMP protocol. The SANS Internet Storm Center noticed the traffic trend emerging on September 15, and in this post discusses what's going on. The attack is trying to take over SNMP hosts that have left …

THREE QUARTERS of Android mobes open to web page spy bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites. The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and below and was disclosed without fanfare on 1 September, but had since gathered dust, …
Darren Pauli, 16 Sep 2014
eyeofSauron

'Speargun' program is fantasy, says cable operator

The washup from yesterday's Dotcom-Snowden-Greenwald saga rolls on, with Southern Cross Cable Network angrily denying that New Zealand's spooks, the NSA, or anybody else for that matter has worked a tap into its cables. The company's response came in response to Glenn Greenwald's accusation that New Zealand's Government …

Hackers-for-hire raided 300 banks, corporates for TWELVE YEARS

A band of hackers for hire have raided some 300 banks, corporations and governments undetected for 12 years, possibly the longest campaign of its kind. The German hackers registered 800 front businesses in the UK to target and fully compromise organisations in Germany, Switzerland, and Austria at the request of customers. Elite …
Darren Pauli, 16 Sep 2014
The actor playing a young Julian Assange in the telemovie Underground

I saved Bitcoin and the PERFECT DRAFT OF HISTORY, says Assange

Julian Assange has alleged that Bitcoin “founder” Satoshi Nakamoto asked WikiLeaks not to use the cryptocurrency as a means of raising funds, for fear of attracting unwanted attention. The allegation surfaced in a Reddit Ask Me Anything (AMA) session Assange conducted to promote a new book. In that session he offers this extract …
Simon Sharwood, 16 Sep 2014