Feeds

Security > More stories

Abbott and Costello dressed as policemen

Australian spookhaus busted for warrantless tap of own phones

Australia's Inspector-General of Intelligence and Security (AIGIS) has found that the nation's Australian Security and Intelligence Agency (ASIO) spied on itself in contravention of local laws. The Inspector-General's Annual Report [PDF] lists breaches of Australia's Telecommunications (Interception and Access) Act (TIA). The …
Simon Sharwood, 17 Oct 2014
Two teenage girls - one whispering in other's ear

Careless Whisper? Anonymous messaging app accused of stalking users, blabbing to Feds

The makers of Whisper have denied claims that the anonymous messaging app is secretly tracking the whereabouts of its privacy-conscious users. The startup hit back following reports that detailed location logs are shared with the US government. Whisper is a two-year-old phone app that allows people to publish text overlaid on …
Iain Thomson, 17 Oct 2014

FBI boss: We don't want a backdoor, we want the front door to phones

FBI director James Comey is continuing his charm offensive against phone encryption – by urging tech giants to do more to help the agency monitor people. In a speech to the Brookings Institute, Comey said the decision by Apple and Google to turn on file encryption by default in iOS and Android was seriously hampering the efforts …
Iain Thomson, 16 Oct 2014
android tongue

Bad news, fandroids: He who controls the IPC tool, controls the DROID

A security flaw in a core message-passing mechanism leaves every Android device potentially vulnerable to attack, security researchers warned on Thursday. The newly discovered flaw enables hackers to override in-app security features, leaving critical apps such as mobile banking susceptible to tampering. The same vulnerability …
John Leyden, 16 Oct 2014
Crime in Russia

Hacker-hunters finger 'Keyser Soze' of Russian underground card sales

A hacker based in Odessa, Ukraine has become the main provider of data stolen from compromised credit cards, a new study claims. According to Russian cyber-security consultancy Group-IB, a person or persons operating under the pseudonym “Rescator” (AKA Helkern and ikaikki) uploaded details of over five million cards onto the …
John Leyden, 16 Oct 2014

Drupal SQL injection nasty leaves sites 'wide open' to attack

A newly patched SQL injection flaw in Drupal leaves sites that rely on the widely used web development platform wide open to attack. Admins of sites that run Drupal 7 should upgrade to 7.32 to guard against possible attack. Patching needs to take place sooner rather than later because the easy-to-exploit vulnerability hands …
John Leyden, 16 Oct 2014

Securobods RAGE over $600k Kickstarter Tor box components

Updated The developer behind Tor privacy router Anonabox has defended the product — which has so far attracted $600,000 in crowd funding — following allegations it was little more than a commercial off-the-shelf circuit board. August Gemar asked for $7,500 via Kickstarter to build the open source router box commercially. Accusations …
Darren Pauli, 16 Oct 2014

FinFisher spyware used to snoop on Bahraini activists, police told

Allegations that three Bahraini activists resident in Britain were spied on by Bahraini authorities using British spyware have led to a criminal complaint. Privacy International is calling on the National Cyber Crime Unit of Britain's National Crime Agency to investigate the unlawful surveillance of three human rights …
John Leyden, 16 Oct 2014
Harry the Rottweiler - aka small poodle called Patsy

Man bites dog: HTTPS-menacing POODLE is 'hard to exploit' – unless you're on public Wi-Fi

Analysis Mozilla will ditch support for the insecure SSL 3.0 from Firefox next month, following the discovery of a design flaw in the protocol that allows hackers to hijack victims' online accounts. SSL v3 will be disabled by default in Firefox 34, due to be released on 25 November. Security experts are unanimous that sysadmins and …
John Leyden, 16 Oct 2014

Adobe CSO offers Oracle security lesson: Go click-to-play

Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button …
Darren Pauli, 16 Oct 2014

Vulnerable utilities, telcos, top of new Aussie natsec centre's to-do list

The Australian Cyber Security Centre (ACSC) will increase its headcount from 90 to 150 as soon as possible, then grow to full capacity of 300 seats by year's end. The centre's opening was delayed to allow staff to move into the new Australian Security Intelligence Organisation (ASIO) ASIO building to avoid burning taxpayer dosh …
Darren Pauli, 16 Oct 2014

Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat

Poodle If you're using the popular OpenSSL open source cryptography library, you have more to worry about than the recently disclosed POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, project devs have warned. In addition to patching two POODLE-related bugs, new releases of OpenSSL issued on Wednesday also close a …
Neil McAllister, 15 Oct 2014

Twitter, Cloudflare kill SSL 3.0 ... and here's how YOU CAN TOO

Poodle Websites and web browser makers are moving quickly to ditch the outdated SSL 3.0 encryption protocol for HTTPS following the discovering of a worrying design flaw. On Tuesday, Google researchers published details about the shortcoming, dubbed POODLE, which allows eavesdroppers to crack encrypted web traffic. More specifically, …
Shaun Nichols, 15 Oct 2014
Remy from Ratatouille

FireEye, Microsoft, Cisco team up to take down RAT-flinging crew

Security vendors have teamed up to fight a prolific cyber-espionage group thought to be based in China. The hacking crew has been targeting finance, education, government, policy groups and think tanks for around four years since 2010. One of its main tools is Moudoor, a derivative of the infamous Gh0st RAT (remote access tool …
John Leyden, 15 Oct 2014
Bitcoin bloodbath

Roll your own Bitcoin client? Prepare to be raided

The engineer behind the Heartbleed checker has created a tool to hunt down wallets from poorly secured transactions that leak private keys. Filippo Valsorda released the Blockchainer tool to Github following a presentation at the Hack in the Box conference in Malaysia today. The CloudFlare engineer demonstrated how known flaws …
Darren Pauli, 15 Oct 2014

Forget passwords, let's use SELFIES, says Obama's cyber tsar

US cyber security tsar Michael Daniel wants passwords to die in a fire and be replaced by other mechanisms, including selfies. In an interview with the Christian Science Monitor Daniel said the death of passwords could signal a useful purpose for the much-beleaguered selfie. "Frankly I would really love to kill the password …
Darren Pauli, 15 Oct 2014
Oracle headquarters

Done with Microsoft and Adobe patches? Good, here's Oracle's load

Oracle is piling on this month's Patch Tuesday with a collection of security fixes for 16 of its enterprise software platforms. Among the massive wad of updates will be a package of 25 bug fixes for Java SE, 22 of which are remotely exploitable without authentication and 12 of which allow an attacker to take complete control of …
Shaun Nichols, 15 Oct 2014

Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE

Poodle As warned by The Register, researchers have discovered a security vulnerability in SSL 3.0 that allows attackers to decrypt encrypted website connections. Miscreants can exploit a weakness in the protocol's design to grab victims' secret session cookies. These can be used to log into online accounts, such as webmail, social …
Darren Pauli, 14 Oct 2014

It's 2014 and you can still own a Windows box using a Word file or font

Patch Tuesday Microsoft has today patched two dozen CVE-classified security vulnerabilities in its software. People are urged to install them as soon as possible. The US giant said the October edition of Patch Tuesday includes three critical fixes to address flaws in Internet Explorer, the .NET Framework and Windows kernel-mode driver. The …
Shaun Nichols, 14 Oct 2014

South Korea faces $1bn bill after hackers raid national ID database

The South Korean government is considering a complete overhaul of its national identity number computer system – after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 per cent of the population. Each South Korean citizen is issued with a lifetime unique ID number. This number is used in all …
Iain Thomson, 14 Oct 2014

Knives out for new EU rules forcing govts to reveal hacker attacks

Talks began on a new computer security law for Europe on Tuesday night. National ministers, the European Commission and MEPs got together for the first time in an attempt to nail down the wording in the proposed Network and Information Security (NIS) Directive. When it was proposed by the commission early last year, the draft …
Jennifer Baker, 14 Oct 2014

Snapchat 'hack' pics mostly clothed user snaps, odd bits of legacy pr0n – report

Last week's SnapChat image leak has turned out to be a damp squib rather than the serious privacy breach anticipated by many in the wake of the "Fappening". As previously reported, 200,0000 private photos and videos sent using the SnapChat application and archived using the unofficial (and now defunct) SnapSaved.com site leaked …
John Leyden, 14 Oct 2014
pipes

NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)

Gird your loins, sysadmins: The Register has learned that news of yet another security vulnerability - this time in SSL 3.0 - is probably imminent. (And indeed so it turned out to be - the Poodle vuln. You heard it here first. - Ed) Maintainers have kept quiet about the vulnerability in the lead-up to a patch release, which is …
Darren Pauli, 14 Oct 2014
Smashed Apple Store window

Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'

Russians hackers have exploited a zero-day vulnerability in Microsoft Windows to hijack and snoop on PCs and servers used by NATO and the European Union, says security biz iSight. The software flaw is present in desktop and server flavors of the Redmond operating system, from Vista and Server 2008 to current versions. No patch …
Simon Sharwood, 14 Oct 2014

NSA Sentry Eagle placed spies in private companies

The National Security Agency (NSA) has since 2004 sent spies into private companies in a bid to compromise networks from within, according to documents leaked by Edward Snowden. Agents sent in by the NSA targeted global communications firms under a highly classified 'core secrets' program dubbed Sentry Eagle previously known …
Darren Pauli, 14 Oct 2014
A boat full of Fail

'Dropbox passwords' for sale are all EXPIRED: Bitcoin buyers beware

Yet another fraudster is struggling to relieve suckers of their Bitcoin after publicly posting what's purported to be a cache of no less than 7 meellion Dropbox login credentials. A guest poster on Pastebin posted three documents, all claiming to be a subset of "the massive hack of 7,000,000 accounts". The posts said there are " …
Darren Pauli, 14 Oct 2014

VMware's tool to harden virtual networks: a spreadsheet

VMware has released a guide to hardening its NSX virtual networking and product. The guide published online by VMware information security professional Pravin Goyal, covers management, control and data planes. It recommends including audit logs and system events in backups, enabling and securing remote logging for the NSX …
Darren Pauli, 14 Oct 2014
Internet of Things

Greedy datagrabs, crap security will KILL the Internet of Thingies

Opinion Is the Internet of Things a nightmare, a glorious utopia, or might it just never happen? Last week I was asked to offer a few thoughts in a panel discussion for over 200 PriceWaterhouseCoopers staff, ranging from hackers to business geeks. I’ve only touched on IoT briefly, when David Cameron at CeBIT announced he was throwing a …
Andrew Orlowski, 13 Oct 2014
Kindle Big Brother

Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen

IP Expo Law enforcement and intel agencies have no right to complain about the improved security of smartphones because they brought the problem on themselves, according to security guru Mikko Hyppönen. Policing and government officials on both sides of the Atlantic have been vociferous in their complaints about Apple and Google's …
John Leyden, 13 Oct 2014

Android's Cyanogenmod open to MitM attacks

More than 10 million users of the popular Cyanogen build of Android are exposed to man-in-the-middle (MitM) attacks thanks to reuse of vulnerable sample code. The zero day vulnerability makes it possible to target any browser used on the popular Android distribution. A security researcher who works for a top-tier vendor, but …
Darren Pauli, 13 Oct 2014

Heistmeisters crack cost of safecrackers with $150 widget

A pair of Melbourne security professionals have developed a $150 auto-dialer safe cracker that replicates a machine worth tens of thousands of dollars and sold only to military customers. The unit launches automatic brute force attacks against group two combination locks used in high-security environments like ATMs and gun safes …
Darren Pauli, 13 Oct 2014

FACEPALM! HP cert used to sign malware

HP accidentally signed some malware, according to Krebs on Security. Krebs reports that the certificate was “used to cryptographically sign software components that ship with many of its older products”, mostly for PC software, but that back in 2010 it was also used to sign some malware. HP will therefore revoke the certificate …
Simon Sharwood, 12 Oct 2014
Disney's Beagle Boys

Kmart apologizes to customers after month-long security breach

Discount store Kmart admitted some customers’ payment cards have likely been “compromised” as it became the latest mega retailer to fall victim to cyber-crims. The parent of the chain, Sears Holding Corp, said the IT team discovered late Thursday that its payment systems had been breached, and further investigations indicate …
Paul Kunert, 12 Oct 2014
Photo taken by Conny Liegl

To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow

If you've been worrying that NSA leaker Edward Snowden has been living a wretched existence in some horrible Moscow flat, shunned and alone, fear not. A new documentary on him claims that, on the contrary, he's happy and healthy – as is his live-in girlfriend. According to the film Citizenfour by documentarian Laura Poitras, …
Neil McAllister, 11 Oct 2014
Dairy Queen

Dairy Queen cuts the waffle, says bank cards creamed in 395 eateries

Dairy Queen has admitted to being hacked, six weeks after reports first surfaced that the US fast-food chain's tills were compromised. "We discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country …
Iain Thomson, 10 Oct 2014
Muscular man stripping off his shirt

Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped

Tens of thousands of stolen private SnapChat photos and vids are being plastered across the internet for perverts to download and ogle, it's claimed. SnapChat says it isn't to blame. When word spread on 4chan's notorious /b/ board that someone had allegedly swiped as many as 200,000 SnapChat files from strangers, it was feared …
Shaun Nichols, 10 Oct 2014

Selfmite on STEROIDS: Pumped-up SMS worm is BACK...

The SMS worm Selfmite is back: bigger, badder and now global. The worm, which first surfaced in June and affects Android smartphones and tablets, has spawned a new version. Selfmite-B infects many more users, uses several money-making techniques and is generally more dangerous and difficult to stop, warns mobile security firm …
John Leyden, 10 Oct 2014
IE8 patch

Internet Explorer stars in monster October Patch Tuesday

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical. Cloud security firm Qualys estimates two of the lesser "important" bulletins are just as bad however, as they would also allow malicious code injection onto vulnerable systems. Top of the critical list is …
John Leyden, 10 Oct 2014
emma watson

Facebook scammers punt fake 'sexy vid' of Emma Watson

Scammers are taking advantage of Emma Watson’s growing popularity by using the Harry Potter star as bait to spread malware on Facebook. The supposed “sexy videos” of the British actress – who has recently stood up against sexism in her new role as Goodwill Ambassador for Women – drop Trojans rather than the promised salacious …
John Leyden, 10 Oct 2014
BrickArms' Toy taliban figure

EU, Google, Facebook, Twitter, Microsoft: We'll fight terrorists... with WORKSHOPS

The EU, and several of the world's biggest and most powerful tech companies, made little progress in finding ways to combat terrorists' use of online media, following a meeting and dinner on Wednesday night. EU government ministers met Google, Facebook, Twitter, and Microsoft representatives. Although terrorist groups (most …
Jennifer Baker, 10 Oct 2014

Put down that shotgun: Wi-Fi's the way to beat Zombies

When the zombie apocalypse strikes, your saviour will be 802.11x, not Rick Grimes, hacker Tim Fowler says. While holed-up in an apartment block, survivors could locate nearby smart phones detected by their wireless mesh network of CreepyDOL sensors fortuitously purchased before the outbreak. The sensors would reveal MAC address …
Darren Pauli, 10 Oct 2014

Crims zapped mobes, slabs we collared for evidence, wail cops

You know that nifty remote wipe function that takes all the photos off your phone when it gets lost? Turns out criminals know about it too, and they're using it to wipe phones taken by police as evidence. The BBC has heard from a few UK forces that report some of the mobes and tablets they've taken in as evidence have been …
Shaun Nichols, 10 Oct 2014