Security > More stories

Bitcoins

Canuck Bitcoin exchange gives up after security SNAFU

Canadian Bitcoin exchange Cavirtex, said to be the country's largest, will shut its doors after its two factor authentication credentials were probably compromised. The breach, spotted last Sunday, affected two factor secrets and hashed passwords stored in an older database and did not match log in details to identification …
Darren Pauli, 19 Feb 2015

Rap for fap stack in hack trap flap: This XXX site caught an STI (Script Transmitted Infection)

Blue movie website RedTube was stiffed over the weekend by a hacker who gave the site a rather nasty infection. The porno purveyor inadvertently spread the seed of malware after a hacker compromised its servers and tweaked its homepage – exposing visitors to malicious code that attempted to exploit a security vulnerability in …
Shaun Nichols, 19 Feb 2015

Lenovo shipped lappies with man-in-the-middle ad/mal/bloatware

Lenovo is in hot water after being caught intentionally shipping laptops with software that steals web traffic using man-in-the-middle attacks. The "Superfish" software was present on laptops sold until late last month and stole all manner of web traffic using fake, self-signed, root certificates to inject advertisements into …
Darren Pauli, 19 Feb 2015

This one weird script continually crashes Android email

The email application of Samsung Galaxy 4 Minis can be made to repeatedly crash with a simple email that need not even be opened, according to researcher Hector Marco. A crafted email gobbled up by the native email client running on Android 4.2.2.0400, a superseded operating system that was the latest stock offering for the S4 …
Darren Pauli, 19 Feb 2015

After Brit spies 'snoop' on families' lawyers, UK govt admits: We flouted human rights laws

The British government has admitted that its practice of spying on confidential communications between lawyers and their clients was a breach of the European Convention on Human Rights (ECHR). Details of the controversial snooping emerged in November: lawyers suing Blighty over its rendition of two Libyan families to be tortured …
Iain Thomson, 19 Feb 2015

Microsoft updates Outlook app security, but haters still gunna hate

Microsoft has upgraded the security controls of its mobile Outlook app to allow credentials to be kept on its servers rather than Amazon's. Security upgrades detailed in a Redmond blog include PIN lock enforcement and faster remote wiping of application data, some of which will be deployed in coming months, along with …
Darren Pauli, 19 Feb 2015
Jim Zemlin, speaking at Linux Foundation Collaboration Summit 2015

Critical 0-days in open source? The problem isn't code, it's CASH

Linux Foundation Executive Director Jim Zemlin thinks the information security world needs fewer surgeons and more personal trainers, and he's putting his organization's money where his mouth is. Speaking at this year's Linux Foundation Collaboration Summit, an invite-only event taking place this week in Santa Rosa, California, …
Neil McAllister, 18 Feb 2015
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
Barack Obama in the Oval Office

Obama turns back on spooks: 'I'm on the side of strong encryption'

+Vid US President Barack Obama has come out forcefully in favour of strong encryption despite the opposition of his intelligence establishment. Encryption has been a hot topic over recent weeks with Western law enforcement and intelligence agencies complaining about encryption-by-default in modern communication tools such as …
John Leyden, 18 Feb 2015

Jamie Oliver serves up steaming pile of malware

Tousle-haired celebrity chef Jamie Oliver has served up a stomach-churning exploit kit to those who visit his web site. His eponymous .com site, ranked 519 in the UK and drawing some 10 million visitors a month was compromised to plate-up the foul-tasting Fiesta exploit kit to compromise user machines. Malwarebytes senior …
Darren Pauli, 18 Feb 2015
cookies_eyes_privacy evercookies flash cookies

A cookie with a 7,984-year lifespan. Blimey, Roy Batty only got 4!

A cookie can last 7,984 years, according to new international privacy study, far out-lasting the operational usefulness of the device (or human user presumably). The idea that some of the small files stored on a device when it is used to visit a website are programmed, to last at least as long (if not far longer) than the …
John Leyden, 18 Feb 2015

Security hawker gives the bird to mid-east hack group

A team of attackers tagged by Kaspersky as the first "advanced Arab hackers" has passed around malware targeting Middle East governments, the military and others. So far 100 malware samples attributed to the group have been tagged, the hacker branding consultancy claims. Kaspersky Labs researchers revealed the attacks at the …
Darren Pauli, 18 Feb 2015
Blade Runner screenshot

Samsung's spying smart TVs don't encrypt voice recordings sent over the internet – new claim

Updated Not only is your Samsung smart TV snooping on what you say, it sends recordings of your voice over the internet unencrypted – leaving it open to eavesdropping and mischief – security researchers say. Samsung insisted last week that its TV voice-control technology isn't half as creepy as its terms and conditions suggested. But …
John Leyden, 17 Feb 2015

Fight back against illegal GCHQ spying with PAPERWORK!

Privacy International (PI) is calling on people to sign up to be part of a mass request for confirmation they have been spied on by Five Eyes spy agencies and to demand the removal of captured information. Would-be signatories are being asked to submit their name and email address to the organisation, which will then pass them …
Darren Pauli, 17 Feb 2015
What Linus Torvalds thinks of NVIDIA

Windows 10 to give passwords the finger and dangle dongles

Microsoft will add biometric authentication support to Windows 10. Redmond revealed its intention to do so at the White House Cybersecurity and Consumer Protection, where group program manager for Windows security and identity Dustin Ingalls announced the company has “contributed design inputs to the Fast IDentity Online (FIDO) …
Simon Sharwood, 17 Feb 2015

Your hard drives were RIDDLED with NSA SPYWARE for YEARS

The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …
Darren Pauli, 17 Feb 2015
Flash Gordon

Mozilla's Flash-killer 'Shumway' appears in Firefox nightlies

In November 2012 the Mozilla Foundation announced “Project Shumway”, an effort to create a “web-native runtime implementation of the SWF file format.” Two-and-a-bit years, and a colossal number of Flash bugs later, Shumway has achieved an important milestone by appearing in a Firefox nightly, a step that suggests it's getting …
Simon Sharwood, 16 Feb 2015
Australian Prime Minister Tony Abbott

Australian government's 'cyber-security' review delayed

One day after Australia's prime minister Tony Abbott promised a more hard-line approach to national security, the government has delayed a cyber-security review. Over the weekend, the PM's YouTube channel carried a statement (video at the end of this story) in which he complained that Australia's treatment of immigrants-turned- …

Israeli gov & boffins targeted by pr0ntastic malware from Gaza

Hackers from Gaza and Egypt appear to have teamed up in order to attack Israeli government, research, infrastructure and military networks. Security researchers at Trend Micro have traced ongoing malware-based attacks against Israeli organisations back to Gaza. Trend have uncovered two separate, but interconnected campaigns. …
John Leyden, 16 Feb 2015
Angry woman on mobile

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws

A newly discovered security flaw in WhatsApp allows anyone to track a user’s status, regardless of their privacy settings, a student claims. The same bug also lifts the kimono on profile picture and privacy settings - in default settings only - and status messages regardless of privacy settings. Maikel Zweerink, a Dutch …
John Leyden, 16 Feb 2015

Hackers fear arms control pact makes exporting flaws illegal

Export regulations that threaten to hinder vulnerability research and exploit development have put hackers on edge ahead of the annual Pwn2Own contest. Operators of the hack-fest have reportedly issued an email warning to researchers to obtain legal advice about how the Wassenaar Arrangement, a 42-nation effort aimed at " …
Darren Pauli, 16 Feb 2015

Hacker catches Apple's Lightning in a jailbroken bottle

Apple's Lightning connector protocols have been pried open in what could be a boon for the jailbreaking community. The hack opens access to Apple's serial kernel debugger, previously available on older iDevices, and reportedly gives jailbreak engineers an improved ability to debug kernel issues and iBoot exploits. Apple …
Darren Pauli, 16 Feb 2015

Cisco puts elastic in the fabric

Cisco has announced the next piece of its software-defined networking strategy: a long-distance interconnect designed to simplify workload mobility between data centres. The “stretched fabric” release of its Application Centric Policy Controller (APIC) allows each of the leaf and spine switches that form a fabric to be located …

Hackers break the bank to the tune of $300 MEEELLION

A series of bank hacker heists have hit more than 100 financial institutions, say Kaspersky researchers, and more than US$300 million appears to have walked as a result. The attacks targeted employees at as-yet-unnamed banks with malware dubbed Carbanak that gave access to corporate networks, giving criminals access for more …
Darren Pauli, 16 Feb 2015
Parking meter FAIL from Ryan Stele's Flickr account  https://www.flickr.com/photos/tweek/139509551/in/photolist-dk2k6-8VcmSf-5w27pU-7RdimR-7RdiiK-7RdifK-7Rgz8f-7Rdiai-czUVBh-9Ls61i-5cY5jG-9bGK2Y-6VH3Xz-5YVGNT-abaRJ9-6PjTC5-6opqMB-jitAoe-5Yvee7-65tNZD-5xf3hB-a9Zegh-845DZg-ocfXQT-bfZB5z-aWWvax-bVe3vu-6yra6f-6yra4A-8nudtt-6WhDiL-6qNQyT-7YYReC-6yra5N-6yra3w-6yra2Y-6yn2HX-a6MPYs-6yn2Qx-6yn2Pv-6yra49-6yra2q-6yn2Hx-6yra57-6qT1yb-55rYVK-6yra75-6yr9ZQ-6odx71-68EVsF

Microsoft's patchwork falls apart … AGAIN!

One of the patches Microsoft released this month, KB2920732, has been withdrawn because it breaks PowerPoint. The patch was billed as improving the stability of PowerPoint 2013 in a handful of ways, most pertaining to video playback. But once installed, the patch improved nothing, at least for the many users who reported that …
Simon Sharwood, 15 Feb 2015
Contact lens telescope

Wink if you want to see more of me, say Swiss boffins

Two years ago scientists from the École polytechnique fédérale de Lausanne (EPFL) demoed a contact lens with a telescope built in, and they've now refined the prototype to allow the user to control its functions with the wink of an eye. "We think these lenses hold a lot of promise for low vision and age-related macular …
Iain Thomson, 14 Feb 2015
Paul Winchell and dummy

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops

Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge. Among the changes, Google says it will no longer disclose bugs on weekends and public …
Neil McAllister, 14 Feb 2015
Obama

An NSA spy, a Fed and a sysadmin walk into a bar – that's Prez Obama's new cyber-security order

President Barack Obama has signed an executive order that will attempt to protect America's crucial computer networks by sharing knowhow between g-men and techies. The new order instructs federal agencies to set up a clearing house of real-time, up-to-the-minute information on what's menacing US infrastructure. Companies running …
Iain Thomson, 13 Feb 2015
FBI badge and gun

Accused Goldman Sachs code pilferer sues FBI for 'wrongful arrest'

A former programmer for banking firm Goldman Sachs who has been accused of stealing company secrets has filed suit against the FBI agents who arrested him for allegedly violating his constitutional rights. Sergey Aleynikov, 45, has been battling it out in the courts ever since his 2009 arrest on charges that he absconded with …
Neil McAllister, 13 Feb 2015
Samuel L Jackson locates late passengers with RFID

Euro ministers trade data for data protection – yes, your passenger records

After weeks of mounting pressure from national governments for increased access to personal data following the Charlie Hebdo attack, the European Parliament has pulled a switch that aims to simultaneously increase citizens’ privacy rights while also giving law enforcement agencies more ability to track travellers. As they twist …
Jennifer Baker, 13 Feb 2015

Vint Cerf: Everything we do will be ERASED! You can't even find last 2 times I said this

Webpioneer Vint Cerf has warned – once again – that our digital lives are in danger of being wiped from human history. Cerf, who was speaking at the American Association for the Advancement of Science annual meeting, reiterated calls for a "digital vellum" – referring to the ancient parchment made from calf skin and known for …
Kat Hall, 13 Feb 2015

Hey, NUDE CELEBS! Apple adds SWEET 2FA to iMessage, Facetime

Apple has activated a two-factor authentication (2FA) system for Facetime and iMessage, extending the service to beyond iCloud accounts in a move that it hopes will help secure its communications platforms. The feature has become effective immediately, meaning any attempt to activate the services on a new device would first need …
Team Register, 13 Feb 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction already …
John Leyden, 13 Feb 2015

Biter bitten as hacker leaks source code for popular exploit kit

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators …
Darren Pauli, 13 Feb 2015
Facebook privacy image

Facebook bug could have ERASED the ENTIRE WORLD

Software engineer Laxman Muthiyah has reported a dangerous vulnerability capable of deleting any photo from Facebook, prompting The Social NetworkTM to patch the hole within two hours and issue one of its biggest bug-spotting cheques ever. The flaw potentially allowed mass deletion of photos using the identification number of a …
Darren Pauli, 13 Feb 2015
Taxi Driver

Uber: Sorry we're really awesome and all that (oh yeah, and for leaking your personal info)

Taxi cab app maker Uber left its list of customers' lost belongings wide open to the internet – exposing phone numbers and other personal info in the process. The privacy snafu, revealed and corrected this week, marks the latest controversy for the San Francisco-headquartered upstart. Vice reports the internal Uber document was …
John Leyden, 13 Feb 2015

CommBank app leaks 2FA tokens says Sydney dev

Sydney programmer Stuart Ryan has chipped Australia's dominant retail bank, the Commonwealth Bank, for allowing two factor authentication codes to be viewable on locked iPhones. The bank sends authentication tokens over push notifications on iOS devices, rather than SMS for users who had activated the second factor account log …
Darren Pauli, 12 Feb 2015
Clog dancers. image via shutterstock http://www.shutterstock.com/pic-138156878/

Dutch government websites KO'd by 10-hour DDoS

The Netherlands government’s websites were taken offline for around 10 hours on Wednesday following a DDoS attack. The motive for the sustained packet-flinging assault – directed against the Dutch government website's hosting provider, Prolocation – remains unclear. A brief statement (Google translation here) by the Dutch …
John Leyden, 12 Feb 2015
The European flag

EU parliament bans Outlook app over cloudy security: report

The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports. The Parliament's IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate …
Darren Pauli, 12 Feb 2015

Hacker kicks one bit XP to 10 Windows scroll goal

Windows operating systems from XP to version 10 can be popped with a single bit, researcher Udi Yavo says. The hacker, formerly chief of the electronic warfare unit for Israeli defence contractor Rafael, detailed how the local privilege escalation vulnerability (CVE-2015-0057) fixed in this week's Patch Tuesday update could …
Darren Pauli, 12 Feb 2015
Close-up of the flu virus (artist's impression) - Shutterstock

VirusTotal wants YOU (but not you) to join its epic AV whitelist

Google-owned VirusTotal wants large software houses to send in their software catalogues so it can build what could well end up being one of the world's biggest anti-virus whitelists. The whitelist would clarify to users that software being checked for cleanliness came from a recognised developer, and warn vendors and anti-virus …
Darren Pauli, 12 Feb 2015

IBM says dating apps can give you a nasty infection DOWN THERE!

Valentine's Day is just around the corner – and, purely coincidentally, IBM is warning techies about the risks of dating apps and websites. Big Blue has published a report outlining the potential security risks associated with users running sex scheduling software on their smartphones and tablets. Big Blue says it studied 41 …
Shaun Nichols, 12 Feb 2015