Feeds

Security > More stories

NSA Sentry Eagle placed spies in private companies

The National Security Agency (NSA) has since 2004 sent spies into private companies in a bid to compromise networks from within, according to documents leaked by Edward Snowden. Agents sent in by the NSA targeted global communications firms under a highly classified 'core secrets' program dubbed Sentry Eagle previously known …
Darren Pauli, 14 Oct 2014
A boat full of Fail

'Dropbox passwords' for sale are all EXPIRED: Bitcoin buyers beware

Yet another fraudster is struggling to relieve suckers of their Bitcoin after publicly posting what's purported to be a cache of no less than 7 meellion Dropbox login credentials. A guest poster on Pastebin posted three documents, all claiming to be a subset of "the massive hack of 7,000,000 accounts". The posts said there are " …
Darren Pauli, 14 Oct 2014

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
Internet of Things

Greedy datagrabs, crap security will KILL the Internet of Thingies

Opinion Is the Internet of Things a nightmare, a glorious utopia, or might it just never happen? Last week I was asked to offer a few thoughts in a panel discussion for over 200 PriceWaterhouseCoopers staff, ranging from hackers to business geeks. I’ve only touched on IoT briefly, when David Cameron at CeBIT announced he was throwing a …
Andrew Orlowski, 13 Oct 2014
Kindle Big Brother

Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen

IP Expo Law enforcement and intel agencies have no right to complain about the improved security of smartphones because they brought the problem on themselves, according to security guru Mikko Hyppönen. Policing and government officials on both sides of the Atlantic have been vociferous in their complaints about Apple and Google's …
John Leyden, 13 Oct 2014

Android's Cyanogenmod open to MitM attacks

More than 10 million users of the popular Cyanogen build of Android are exposed to man-in-the-middle (MitM) attacks thanks to reuse of vulnerable sample code. The zero day vulnerability makes it possible to target any browser used on the popular Android distribution. A security researcher who works for a top-tier vendor, but …
Darren Pauli, 13 Oct 2014

Heistmeisters crack cost of safecrackers with $150 widget

A pair of Melbourne security professionals have developed a $150 auto-dialer safe cracker that replicates a machine worth tens of thousands of dollars and sold only to military customers. The unit launches automatic brute force attacks against group two combination locks used in high-security environments like ATMs and gun safes …
Darren Pauli, 13 Oct 2014

FACEPALM! HP cert used to sign malware

HP accidentally signed some malware, according to Krebs on Security. Krebs reports that the certificate was “used to cryptographically sign software components that ship with many of its older products”, mostly for PC software, but that back in 2010 it was also used to sign some malware. HP will therefore revoke the certificate …
Simon Sharwood, 12 Oct 2014
Disney's Beagle Boys

Kmart apologizes to customers after month-long security breach

Discount store Kmart admitted some customers’ payment cards have likely been “compromised” as it became the latest mega retailer to fall victim to cyber-crims. The parent of the chain, Sears Holding Corp, said the IT team discovered late Thursday that its payment systems had been breached, and further investigations indicate …
Paul Kunert, 12 Oct 2014
Photo taken by Conny Liegl

To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow

If you've been worrying that NSA leaker Edward Snowden has been living a wretched existence in some horrible Moscow flat, shunned and alone, fear not. A new documentary on him claims that, on the contrary, he's happy and healthy – as is his live-in girlfriend. According to the film Citizenfour by documentarian Laura Poitras, …
Neil McAllister, 11 Oct 2014
Dairy Queen

Dairy Queen cuts the waffle, says bank cards creamed in 395 eateries

Dairy Queen has admitted to being hacked, six weeks after reports first surfaced that the US fast-food chain's tills were compromised. "We discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country …
Iain Thomson, 10 Oct 2014
Muscular man stripping off his shirt

Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped

Tens of thousands of stolen private SnapChat photos and vids are being plastered across the internet for perverts to download and ogle, it's claimed. SnapChat says it isn't to blame. When word spread on 4chan's notorious /b/ board that someone had allegedly swiped as many as 200,000 SnapChat files from strangers, it was feared …
Shaun Nichols, 10 Oct 2014

Selfmite on STEROIDS: Pumped-up SMS worm is BACK...

The SMS worm Selfmite is back: bigger, badder and now global. The worm, which first surfaced in June and affects Android smartphones and tablets, has spawned a new version. Selfmite-B infects many more users, uses several money-making techniques and is generally more dangerous and difficult to stop, warns mobile security firm …
John Leyden, 10 Oct 2014
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is …
John Leyden, 10 Oct 2014
emma watson

Facebook scammers punt fake 'sexy vid' of Emma Watson

Scammers are taking advantage of Emma Watson’s growing popularity by using the Harry Potter star as bait to spread malware on Facebook. The supposed “sexy videos” of the British actress – who has recently stood up against sexism in her new role as Goodwill Ambassador for Women – drop Trojans rather than the promised salacious …
John Leyden, 10 Oct 2014
BrickArms' Toy taliban figure

EU, Google, Facebook, Twitter, Microsoft: We'll fight terrorists... with WORKSHOPS

The EU, and several of the world's biggest and most powerful tech companies, made little progress in finding ways to combat terrorists' use of online media, following a meeting and dinner on Wednesday night. EU government ministers met Google, Facebook, Twitter, and Microsoft representatives. Although terrorist groups (most …
Jennifer Baker, 10 Oct 2014

Put down that shotgun: Wi-Fi's the way to beat Zombies

When the zombie apocalypse strikes, your saviour will be 802.11x, not Rick Grimes, hacker Tim Fowler says. While holed-up in an apartment block, survivors could locate nearby smart phones detected by their wireless mesh network of CreepyDOL sensors fortuitously purchased before the outbreak. The sensors would reveal MAC address …
Darren Pauli, 10 Oct 2014

Crims zapped mobes, slabs we collared for evidence, wail cops

You know that nifty remote wipe function that takes all the photos off your phone when it gets lost? Turns out criminals know about it too, and they're using it to wipe phones taken by police as evidence. The BBC has heard from a few UK forces that report some of the mobes and tablets they've taken in as evidence have been …
Shaun Nichols, 10 Oct 2014
via http://www.flickr.com/photos/nez/469824940/sizes/z/in/photostream/ licensed under creative commons attribution by andrew http://creativecommons.org/licenses/by-sa/2.0/

AWS 'won' Xen-mess-inspired cloud reboot says Rightscale

The Xen bug that forced AWS, Rackspace and SoftLayer, among others, to reboot many of their servers appears to have gone off without a hitch, although Amazon customers report less downtime than other cloud users. So says cloud groomer Rightscale, which asked 449 folks how the cloud reboot went for them. Here's the headline …
Simon Sharwood, 10 Oct 2014

Malware analysts tell crooks to shape up and write decent code

Blackhats beware: reverse engineers are laughing at your buggy advanced persistent threat (APT) malware. You've done pretty well though: your custom payloads were effective at breaking into enterprises and the damage it did was quite devastating. But many were being found and added to anti-malware signatures all too quickly. …
Darren Pauli, 10 Oct 2014
Hacker image

'A motivated, funded, skilled hacker will always get in' – Schneier

IP Expo Hacking attacks are more or less inevitable, so organisations need to move on from the protection and detection of attacks towards managing their response to breaches so as to minimise harm, according to security guru Bruce Schneier. Prevention and detection are necessary, but not sufficient, he said. Improving response means …
John Leyden, 9 Oct 2014
Spam image

You can ring my #bellogate. EMAIL STORM hits 29,000 hapless UCL students

Sysadmins at the University College London (UCL) are battling an email storm after spam messages were sent to nearly 29,000 people on an all-student mailing list. The uni's IT director Mike Cope apologised for the blunder, which happened overnight. UCL students woke up to find spam messages clogging up their university email …
Team Register, 9 Oct 2014
European Union Flag

Security policy and EU data protection: Don't waste a good crisis

Register now to watch our webcast with tips on formulating a security policy in light of upcoming EU data protection regulation. Watch this live event on 6 November at 11:00 GMT - if you can't make it, just sign up and we will email you when the recording is available. Handy synopsis for you Websense research finds that 40 per …
Miatta Momoh, 9 Oct 2014

Pen-testers outline golden rules to make hacks more €xpen$ive

Podcast Not one administrator to rule them all, but a few: that's the advice offered by seasoned penetration testers Aaron Beuhring and Kyle Salous to enterprises wanting to be less attractive to hackers. In a presentation at the MIRCon 2014 conference in Washington the duo listed a series of low cost changes to access controls, …
Darren Pauli, 9 Oct 2014
Brute force

'Bill Gates swallowing bike on a beach' is ideal password say boffins

A quartet of researchers from Carnegie Mellon University's Computer Science Department have explained a method they feel makes it possible to memorise several complex passwords. As their ArXiv paper, Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords explains, passwords are important but most people …

Sir Tim Berners-Lee defends decision not to bake security into www

IP Expo Sir Tim Berners-Lee has defended his decision not to build in security at the onset of the world wide web. It’s easy to be wise in hindsight, but Sir Tim explained that at the point he invented the world wide web 25 years ago, he wanted to create a platform that developers would find familiar and easy to use. Baking in security …
John Leyden, 8 Oct 2014

Chatting to Al Qaeda? Try not to do that – Ex spy chief defends post-Snowden NSA

You have nothing to fear from the NSA: that is unless you're from outside the United States, or you arouse the agency's suspicion by chatting to Al Qaeda. "Try not to do that," was the advice given. The warnings come from former NSA chief General Keith Alexander, who told delegates at a security conference that the National …
Darren Pauli, 8 Oct 2014

Revealed: Malware that forces weak ATMs to spit out 'ALL THE CASH'

Video Thieves are sneaking malware dubbed Tyupkin into ATMs to force them to cough millions of dollars, we're told. The crims don't need to use stolen or cloned cards. Instead, fraudsters infect the ATM's on-board PC, and later type a special combination of digits on the PIN keypad to drain the machine of banknotes – that's according …
John Leyden, 8 Oct 2014
australian credit cards fraud contactless

Credit card thieves setting up safe seller certifications

Breakpoint In the world of carding, you get what you pay for: stolen cards are cheaper on riskier public trading forums and more pricey on closed more reliable markets, according to recent analysis. Since 2007, Michigan State University associate professor Thomas Holt, University of North Carolina assistant professor Olga Smirnova and Yi- …
Darren Pauli, 8 Oct 2014

Mandiant to probe gaps in rusty unpatchable utility systems

Mandiant has launched a managed gap assessment for industrial control systems (ICS) it says will help administrators deal with temperamental systems. It was a "light touch" for legacy or leviathan systems that could fall over in the event of tinkering or patching. Mandiant SCADA bod Dan Scali said the system was geared to …
Darren Pauli, 8 Oct 2014

What's happened since Beijing's hacker unit was exposed? Nothing

Chinese hacker unit PLA 61398 is hacking US companies harder than ever after bilateral talks between Beijing and Washington were interrupted by Snowden leaks, according to Mandiant boss Kevin Mandia. The hack squad, also known as APT1, was subject to a high profile exposure by the company in February last year. Its state- …
Darren Pauli, 8 Oct 2014

Adobe spies on reading habits over unencrypted web because your 'privacy is important'

Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe – to thwart piracy. And the company insisted the secret snooping is covered in its terms and conditions. Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then …
Iain Thomson, 8 Oct 2014

Aussie builds contactless card cloner app, shops at Woolies with fake card

Money hacker Peter Fillmore has created an Android app that can clone some of Australia's most popular contactless credit cards. In attacks that slipped beneath banks' and credit card providers' radars, the Aussie boffin probed the protocols behind Visa and Mastercard payment cards and proved the viability of an attack by …
Darren Pauli, 7 Oct 2014

Adobe spies on readers: 'EVERY page you turn, EVERY book you own' leaked back to base

Updated Adobe's Digital Editions 4 ebook reader software collects detailed information about the reading habits of its users – and sends it back to the company in a format that's easy for others to slurp. An investigation by Nate Hoffelder of The Digital Reader blog showed that ADE 4 was collecting telemetry on which pages of ebooks …
Iain Thomson, 7 Oct 2014

Britain’s snooping powers are 'too weak', says NCA chief

Keith Bristow, head of of the National Crime Agency (the UK’s FBI), is arguing Britain’s snooping powers are “too weak”. In an interview with The Guardian, the NCA’s director general said police need new powers to monitor data about emails and phone calls. He admits many don't see the police case for comms data snooping while …
John Leyden, 7 Oct 2014

Monster banking Trojan botnet claims 500,000 victims

Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date. The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More …
John Leyden, 7 Oct 2014

FireEye, Singtel pull on SOCs in Sydney and Singapore

Telco and security giants SingTel and FireEye have injected $US50 million to establish two security operations centres (SOCs) in Sydney and Singapore as part of a new deal between the two companies to offer managed security services. The SOCs will run out of SingTel's network operation centre (NOCs) to leverage the telcos' …
Darren Pauli, 7 Oct 2014
2001: A Space Odyssey

Windows 10's 'built-in keylogger'? Ha ha, says Microsoft – no, it just monitors your typing

Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says. The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some sites …
Brute force

Holey? COWL! Boffins build boxes to hold sketchy JavaScript libs

Researchers have developed what they say is a new web privacy system for Google Chrome and Mozilla Firefox: we're told it blocks dodgy JavaScript code from funneling sensitive information to crooks. The Confinement with Origin Web Labels (COWL) system tries to protect websites that rely on JavaScript libraries written by third …
Iain Thomson, 7 Oct 2014

Bugzilla code critters blab your security sinners, warns Mozilla

The Mozilla Foundation has warned of a number of recently discovered vulnerabilities in its Bugzilla bug-tracking tool that could give attackers access to sensitive information about software projects. One particularly serious flaw allows attackers to bypass email verification phase when creating new Bugzilla accounts, meaning …
Marissa Mayer working from home?

Yahoo servers? SHELLSHOCKED? by Bash?

Updated Yahoo! said "a handful" of its servers fell to hackers who may have been trying to exploit the Shellshock vulnerability in Bash. The miscreants took control of the web servers to build a botnet out of them, it is claimed. "As soon as we became aware of the issue, we began patching our systems and have been closely monitoring …
Iain Thomson, 6 Oct 2014
Mobile phone stolen by pickpocket

AT&T fires insider for slurping customers' social security numbers, driver licenses and more

AT&T has warned subscribers that a rogue staffer rifled through the telco's customer database without authorization. The telecoms giant said one of its workers pulled up sensitive information – including social security numbers – and was duly fired for breaking the corp's privacy rules. According to a letter [PDF] to customers …
Shaun Nichols, 6 Oct 2014