Security > More stories
Redmond slips out temporary emergency fix for IE 0-day
Stepping outside its normal Patch Tuesday cycle, Microsoft has rolled out an emergency fix to an Internet Explorer bug that was under active malware attack.
This advisory provides access to “Fix it For Me”, with a more detailed outline of the CVE-2013-3893 vulnerability here. All versions of IE 6 to 10 are affected.
As …
Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks
Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.
Hidden Lynx is a sophisticated hacking group based in China and …
Psst.. Know how to hack a mobe by radio wave? There's $70k+ in it for you
A second Mobile Pwn2Own hacking competition, in which experts discover and exploit security flaws in handhelds for prizes, will take place at the PacSec 2013 conference in Japan in November.
For many years, the original Pwn2Own contest has been held at the CanSecWest get-together in Vancouver every March. Like its older sibling …
NSA spooks tooled up with zero-day PC security exploits from the FRENCH
The NSA bought specialist computer hacking tools and research from French security outfit Vupen, according to documents unearthed using the Freedom of Information Act.
A contract shows the American spooks paid for a year's supply of zero-day vulnerability information and the software needed to exploit those flaws to attack …
Mid East undersea fibre telco hacked: US, UK spooks in spotlight
Belgian telco Belgacom - which operates vital undersea communications cables - says its internal network was compromised, possibly by foreign spooks.
Phone and data connections from international hot spots, such as Syria and Yemen, pass through submarine fibre lines handled by Belgacom International Carrier Services (BICS). …
Angry Brazilian whacks NASA to put a stop to ... er, the NSA
Multiple NASA websites were defaced last week by a Brazilian hacktivist who may have misread the sites' URLs, because he wasn't protesting about the US space agency giving joyrides to inhuman stowaways – he was protesting against NSA spying.
“BMPoC” hit kepler.arc.nasa.gov and 13 other sites with messages protesting against US …
Chap unrolls 'USB condom' to protect against viruses
A US-based chap has invented a gadget he's calling a USB condom.
The prophylactic dongle is advanced as protection for the largely hypothetical problem of malware injection from fake USB chargers.
Such polluted ports come in two varieties. The first got an airing at Black Hat, where researchers demonstrated a USB charger that …
Want to sit in Picard's chair while spying on THE WORLD? We can make it so – ex-NSA man
National Security Agency director Keith Alexander apparently sold the concept of surveillance to members of Congress using an operations centre styled on the bridge of the starship Enterprise from much-loved sci-fi series Star Trek.
According to "a former administration official" who spoke to Foreign Policy magazine, General …
Do you trust your waiter? Hacked bank-card reader TEXTS your info to crims
Video A Russian-speaking man casually shows on camera how he can download a punter's bank-card details and PIN from a hacked card reader.
In a video demonstrating a tampered sales terminal, a card is swiped through the handheld device and a PIN entered - just as any customer would in a restaurant or shop. Later, after a series of key- …
London Underground cleaners to refuse fingerprint clock-on
Cleaners working on the London Underground will resort to industrial action this week in protest against the introduction of a controversial biometric clocking-in system.
Starting at just after midnight on Thursday morning, "up to 300 cleaners" will join in the action by refusing to scan their fingerprints every time they clock …
South American with a dumb phone? Think Facebook can't get to you? THINK AGAIN
Digital security outfit Gemalto has extended its SIM-based Facebook client to include Facebook Messenger, so dumbphone users can chat directly to each other as well as update each other's walls.
Gemalto's LinqUp SIM app has already connected Facebook to basic handsets in Argentina, Colombia and Chile, enabling the cheapest of …
Microsoft reissues September patches after user complaints
Problems with Microsoft's last round of operating system and application patches have forced the company to reissue part of the update on Friday.
"Since the shipment of the September 2013 Security Bulletin Release, we have received reports of updates being offered for installation multiple times, or certain cases where updates …
It's about time: Java update includes tool for blocking drive-by exploits
Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java.
After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing …
Microsoft's swipe'n'swirl pic passwords LESS secure than PINs, warn researchers
Microsoft's promotion of visual passwords, based on tapping pictures and making gestures instead of conventional text passwords, might be a boon for usability. Yet security experts warn the technology is less secure than even a simple 4-digit PIN.
The increased power of brute force attacks, password hash database leaks and the …
Huawei CTO insists: 'We are not a threat to UK and US national security'
Exclusive A top Huawei exec has dismissed claims that his company poses a threat to British and US national security - despite Western government officials' fears over Huawei's alleged connections to the Chinese Communist Party.
Professor Sanqi Li - speaking in an exclusive interview with The Register at the multinational's R&D centre in …
'Who knew in 1984 that Steve Jobs would be Big Brother?'
Quotw This was the week when Linus Torvalds, chief Penguin of LinuxLand, unleashed not one, but two mighty rants on the interwebs. First, Torvalds said he resented recent attacks on the integrity of the kernel's security.
This is after a call was made for the use of Intel processor instruction RdRand for generating random numbers to …
French ministers told to use only secure comms post-PRISM
French newspaper L'Express has published a memo it says comes from Christophe Chantepy, chief of staff to French prime minister Jean-Marc Ayrault, and which recommends French cabinet ministers stop using smartphones for phone calls because they are not secure.
The paper's report includes three images of the memo, one for each of …
Outlook.com adds IMAP, OAuth
Microsoft has added support for Internet message access protocol (IMAP) to Outlook.com, its web-based email service.
Announced first on Reddit and later in a blog post, there's little practical impact in the change, other than posisbly encouraging more developers and users to point their email clients at Outlook.com.
As …
Push mail outfit Good Tech wins CC cert
Good Technology is trumpeting a newly-inked EAL4+ Common Criteria certification awarded to the its Good For Enterprise MDM and data protection platform.
The company's local VP and GM Gavin Jones told Vulture South the certification relieves the need for the company to work through certifications on a country-by-country basis, at …
Flying in the US? Remember to leave your hand grenades at home
It will not come as explosive news to most sensible travellers, but US airline passengers have been warned to leave their grenades at home when getting on a flight.
The US Transportation Security Administration (TSA) has issued a stern warning to anyone thinking of bringing their favourite handheld bomb on holiday.
In a blog …
Hacker cracks Vodafone Germany, steals data of 2 million customers
A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers.
Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty …
'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
Crooks are using the NSA's notorious global web surveillance scandal in new ransomware: punters visiting booby-trapped websites are falsely accused of downloading illegal material, told their PCs are now locked from use, and ordered to hand over a cash "fine" to unlock their computers.
Cloud security firm Zscaler has spotted 20 …
IETF floats plan to PRISM-proof the Internet
The Internet Engineering Task Force (IETF) has posted “PRISM-Proof Security Considerations” aimed at making it much harder for governments to implement programs like the PRISM effort whistleblower Edward Snowden exposed as one of the tools in the NSA's spookery toolbag.
The proposal has just one author - Phillip Hallam-Baker of …
NORKS fingered for APT on South Korean think tanks
Security researchers have unearthed yet another highly targeted advanced persistent threat (APT) attack, this time launched by suspected North Korean attackers against a small group of South Korean think tanks.
The Kimsuky campaign, which can be traced back to April this year, was analysed by researchers at Kaspersy Lab in a …
BlackBerry goes all 'patch Tuesday' with multi vuln fixes
BlackBerry has issued four patches covering vulnerabilities in Flash, Webkit and libexif on its devices.
The Z10, Q10 and PlayBook all need patching for Adobe Flash vulnerabilities. If a user were led to a page containing crafted Flash content, an attacker could execute arbitrary code on an affected device. BSRT-2013-007 notes …
NIST denies it weakened its encryption standard to please the NSA
The US National Institute of Standards and Technology (NIST) has vehemently denied accusations that it deliberately weakened encryption standards to help the NSA's monitoring activities.
"We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place …
Microsoft delivers baker's dozen of patches on Tuesday
Updated Another month, another Patch Tuesday from Microsoft, but this month's bundle has come up one short from the 14 promised patches last week.
"We are committed to delivering high-quality security updates for our customers and extensively test each bulletin prior to release," Dustin Childs, group manager at Microsoft Trustworthy …
Brazilian TV show accuses NSA of spying on oil firm based on leaked docs
Brazilian President Dilma Rousseff has said that if leaked NSA documents showing the US spied on her country's state-run oil firm Petrobras are "confirmed", then it must have done so for “economic and strategic” reasons rather than for "national security".
The leaked "intelligence documents" appear to run counter to US claims it …
John McAfee tweets from BEYOND THE GRAVE: Drug binge death? Not me, mate
Antivirus software wild man John McAfee has joined Queen Elizabeth II, the Queen Mother, Fidel Castro, and poet Samuel Taylor Coleridge in receiving a premature obituary.
Internet rumours that surfaced on Tuesday falsely claimed the self-described “eccentric millionaire” and entrepreneur had died at the Palms Casino Resort in …
Torvalds shoots down call to yank 'backdoored' Intel RdRand in Linux crypto
Linux supremo Linus Torvalds has snubbed a petition calling for his open-source kernel to spurn the Intel processor instruction RdRand - used for generating random numbers and feared to be nobbled by US spooks to produce cryptographically weak values.
Torvalds branded Kyle Condon, the England-based bloke who created the petition …
Biz bods STILL don't patch hacker's delight Java and Flash
A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense.
Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of …
Brit and Danish boffins propose NSA-proof crypto for cloud computing
It's more likely that the NSA has devoted its efforts to key capture and side-channel attacks rather than brute-forcing its way through ciphertext en masse - but it's also true that our crypto maths won't last forever.
Which draws attention to projects like this one (PDF), which is looking at protection of multi-party …
Shop-a-suspect web security system: 'We've helped cops nab 100 suspects'
Earlier this year, The Register revealed how a massive security breach accidentally allowed access to thousands of images of people suspected of petty crimes. Now the private company behind that CCTV and image database is claiming its technology has led to the arrest of 100 suspects.
London's Metropolitan Police has spent the …
Pulse-taking ticker tech cuff to sniff out cash-snafflers
A Canadian security firm that developed a device which uses the rhythm of a person's heartbeat as a biometric identifier has said that the technology offers a secure alternative to conventional biometrics.
The Nymi wristband bracelet, manufactured by Bionym and due to become available next year, bundles a sensor that monitors …
Google scrambles to block backdoors
The ongoing revelations about NSA snoopery have prompted The Chocolate Factory to accelerate its effort to encrypt user data at every possible point.
Mountain View had already announced that its Google Cloud Storage platform was adding server-side encryption to reassure users. User data uploaded to the service is now being …
Malware culprit fingered in mysterious Tor traffic spike
Security researchers believe they have identified the botnet responsible for a recent spike in traffic on the anonymizing Tor network, but the exact purpose of the malware remains unclear.
On Friday, security firm Fox-IT called out the culprit as a variant of a botnet sometimes known as "Mevade.A", which has been making the …
Sophos pulls out spade, fills in holes in Web Appliance
Sophos has pulled out the weeds in its web-scanning software after Core Security identified multiple holes in its Web Protection Appliance versions 3.8.0, 3.8.13 and 3.7.9 and earlier.
The Core Security advisory states that if a remote attacker can gain access to the appliance's web administrator interface, the attacker could …
Indian spooks snooping without ISP knowledge
India's authorities are carrying out wide-ranging and indiscriminate internet surveillance of their citizens thanks to secret intercept systems located at the international gateways of several large ISPs, according to The Hindu.
The Chennai-based paper claimed after an investigation that Lawful Intercept and Monitoring (LIM) …
Data broker Acxiom lifts skirt, reveals your private bits
One of the world's largest data brokers, Acxiom, has posted a project that either allows people to correct errors in their data, or turns individuals into mechanical turks working on an unpaid data quality project.
Acxiom collects data from a vast range of sources and on-sells in portfolio of products aimed at marketers. The low …
Android malware spotted hitching a ride on mobile botnet
Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed.
"For the first time malware is being distributed using botnets that were created using completely different mobile malware," …
American Fantasy Football app lets hackers change team rosters
Security researchers have discovery a vulnerability in mobile versions of the Yahoo! Fantasy [American] Football app that created a means for hackers to change team lineups and post imposter comments on message boards.
Yahoo! has plugged the security hole, but users who fail to update their mobile app to the most recent version …
That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?
Analysis Fresh revelations from whistleblower Edward Snowden suggest that the NSA can crack TLS/SSL connections, the widespread technology securing HTTPS websites and virtual private networks (VPNs).
Although reports from the New York Times and its allied publications held off on the specifics, it may all mean that US spooks can reliably …
