Security > More stories
That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?
Analysis Fresh revelations from whistleblower Edward Snowden suggest that the NSA can crack TLS/SSL connections, the widespread technology securing HTTPS websites and virtual private networks (VPNs).
Although reports from the New York Times and its allied publications held off on the specifics, it may all mean that US spooks can reliably …
Now we know why UK spooks simply shrugged at SSL encryption
Analysis In July 2012, Britain's top spook Charles Farr made a rare public appearance: sat across a table from MPs in Parliament, he was quizzed by backbenchers scrutinising Home Secretary Theresa May's widely criticised plan to snoop on Brits' internet connections.
At the time, the government was trying to get politicos to agree that …
Putting the security jigsaw together
Reg reader research Effective IT security is both important and hard to implement, and it isn’t getting any easier. Central systems are becoming more complex, and keeping up with the ever-changing threat landscape is an ongoing challenge.
Then there's the fact that end users are more mobile than ever and increasingly reckon they should be able to …
Clear next Tues: Incoming Outlook, IE, Windows critical security patches
Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week.
Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
'Unreliable, shambolic' ... a top CompSci prof slams Serco's UK crim tag tech
Updated The electronic tags used to keep tabs on criminals and suspects in the UK are "unreliable" - and the systems monitoring them are "shambolic". That's according to a dynamite report by Ross Anderson, a leading computer scientist.
The University of Cambridge professor said he compiled his findings after he was called in as an …
Facebook postpones privacy putsch: report
Facebook will wait a little while before adopting changes to its privacy policy flagged last month.
The Los Angeles Times reports that in response to hostile reaction from users The Social Network will hold off introducing new “features” that would have allowed it to use members' faces in advertisements.
Users greatly dislike …
Reports: NSA has compromised most internet encryption
The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports.
In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their job …
Tor traffic torrent: It ain't the Syrians, it's the BOTS
The recent spike in traffic on the Tor anonymizing relay network is probably due to botnet activity rather than any recent political developments, research by Tor Project members has concluded.
The overall number of clients accessing the Tor network on a daily basis has more than doubled since around mid-August, but so far …
FTC slaps TRENDnet with 20 years' probation over webcam spying flaw
The Federal Trade Commission has reached a settlement with US wireless webcam manufacturer TRENDnet that will commit the firm to third-party security audits for the next 20 years, plus two years of free technical support for its customers.
The FTC began its investigation last year after a list of the IP addresses of over 700 …
New online banking Trojan empties users' wallets, videos privates
Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned.
Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole
A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw.
NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …
Your nicked iPad now likelier than ever to show up in Mongolia
The number of laptops and tablets stolen in one country and recovered in another is on the rise.
Absolute Software's second annual Endpoint Security Report records that stolen kit that had not been nicked locally had been recovered in an additional eight countries as far afield as Mongolia, Gambia, Vietnam and Zimbabwe. In the …
myOpenID to close down for good in February 2014
MyOpenID, a major provider of open source authentication system OpenID, is set to close for good on February 1st 2014.
The free service, provided by self-styled “social login” firm Janrain, was first launched back in 2006 as a way for users to authenticate easily by using just one log-in across a range of sites.
However, the …
Citadel botnet resurges to storm Japanese PCs
Citadel, the aggressive botnet at the heart of a widely criticised takedown by Microsoft back in June, is back and stealing banking credentials from Japanese users, according to Trend Micro.
The security vendor claimed to have found “at least 9 IP addresses”, mostly located in Europe and the US, functioning as the botnet’s …
Researcher bags $12,500 after showing how to hack Zuck's pics
Indian security researcher Arul Kumar has netted himself $12,500 after spotting a critical flaw in Facebook's image handling code that allowed anyone to delete pictures from the site at will.
As he describes in a blog post, the crack requires two legitimate Facebook accounts to work, and is exploited by the way the Facebook …
Syrian Electronic Army hacks US Marines, asks 'bros' to fight on its side
A US marines recruitment website, www.marines.com, was hacked and defaced by hacktivists from the infamous Syrian Electronic Army over the weekend.
The attack was used to post a propaganda message (full text here) claiming that the Syrian Army have been fighting Al Qaeda insurgents for three years and describing Obama as a " …
Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE
UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online.
The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer …
Boffins confirm quantum crypto can keep a secret
Over recent years, the gap between theoretical security of quantum crytography and practical implementation has provided plenty of fun for super-geniuses the world over.
Yes, quantum cryptography is supposed to be unbreakable. After all, if anybody even observes the state of a qubit that Alice has prepared, entangled with …
Taiwan bids to bolster security with free malware database
Taiwan’s National Centre for High-Performance Computing (NCHC) has launched what it claims to be the world’s first free malware database designed to help businesses, academics and researchers better identify and defend against criminally-coded attacks.
The centre, one of the 11 which comprise Taiwan’s National Applied Research …
'Anonymous' to Reg hack: We know SEA leaders' names
Following the Syrian Electronic Army's (SEA's) attack on a Melbourne IT reseller which resulted in the temporary compromise of domain name records for targets as diverse as The New York Times and Twitter, a group claiming association with Anonymous now says it has compromised SEA databases and servers.
As first reported here (in …
Boffins follow TOR breadcrumbs to identify users
It's easier to identify TOR users than they believe, according to research published by a group of researchers from Georgetown University and the US Naval Research Laboratory (USNRL).
Their paper, Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, is to be presented in November at November's Conference on …
Mother/daughter team jailed for million-dollar internet dating scam
A mother and daughter have been jailed for over a decade apiece after pleading guilty to money laundering for an internet dating scam that persuaded the gullible that they were helping US troops in search of love.
Vasseurs The mother and daughter team muled over a million to Nigerian scammers
Karen Vasseur, 63, and daughter …
NSA: NOBODY could stop Snowden – he was A SYSADMIN
The US National Security Agency may have some of the most sophisticated cyber-surveillance programs in the world, but it was trivial for former NSA contractor Edward Snowden to walk off with sensitive data, sources say, owing to the agency's antiquated internal security.
"The [Defense Department] and especially NSA are known for …
Facebook scammers raking in $200 MEEELLION in illicit profits
A pair of Italian security researchers investigating the practice of Facebook scamming estimates that the trade brings in around $200m a year.
Andrea Stroppa and Carlo De Micheli analyzed the pricing of Facebook spam on 20 black-market websites offering access to Facebook users for a price. The spammers set up fan sites and …
Quantum crypto nearly ready to go mobile
While the world is still waiting for a full-blown quantum communications setup, quantum key distribution – QKD – is already a contested product market. Now, an international collaboration has shown that QKD can be brought to the smartphone.
The project, carried out by the University of Bristol, Cambridge, Griffith University in …
Tor usage up by more than 100% in August
The privacy-enhancing Tor network has seen its total number of users per day more than double in the last month, reaching the highest levels since the project first began compiling usage statistics.
Graph of Tor users for August 2013 Tor traffic was up all over the globe in August 2013 – and we do mean up (Source: Tor Project …
Python regurgitates Dropbox secrets to boffins
A couple of security researchers have set spines shivering in the cloud world by demonstrating that Dropbox's obfuscated code can be reverse-engineered, along the way capturing SSL data from the service's cloud and bypassing the two-factor authentication used to secure user data.
However, as is clear from the Usenix research …
Supercomputer hacker coughs to flogging DoE logins to FBI agent
The US hacker caught after trying to sell Department of Energy supercomputer logins to an undercover FBI agent has pleaded guilty in a deal that could see him go to jail for up to 18 months.
The 24-year-old hacker, Pennsylvania man Andrew James Miller, pleaded guilty to charges of conspiracy and computer fraud to cut his …
IBM lands spook data-sharing standard at Oz airports
The Australian Customs and Border Protection Service (ACBPS) has gone live with IBM-delivered passenger analytics which it says will help identify risky passengers before they enter Australia.
In a rather coy canned statement, Big Blue says the system will check Passenger Name Records (PNRs) against “other relevant material” to …
New York Times, Twitter domain hijackers 'came in through front door'
Updated Hacktivist collective the Syrian Electronic Army (SEA) – or someone using its name – has claimed responsibility for hijacking the Twitter.co.uk, NYTimes.com and HuffingtonPost.co.uk web addresses.
At the time of writing, many of the domain names the SEA claimed to have seized were back under their owners' control. In some cases …
Tesla cars 'hackable' says Dell engineer
Slack authentication in Tesla's Model S REST API exposes the electric car to a variety of non-safety but non-trivial attacks, according to a Dell engineer and Tesla owner.
In this post over at O'Reilly, Dell senior distinguished engineer and executive director of cloud computing George Reese says the “flawed” authentication …
ISPs scramble to explain mouse-sniffing tool
Sky Broadband has been caught using JavaScript to track every click and shuffle on its support pages, but it's not alone: other ISPs have also admitted recording every frustrated wobble of the mouse on their support pages.
Readers at ISP Review spotted Sky using a JavaScript tool called SessionCam to record rodent tracks on its …
Poison Ivy RAT becoming the AK-47 of cyber-espionage attacks
The Poison Ivy Remote Access Tool (RAT) - often considered a tool for novice "script kiddies" - has become a ubiquitous feature of cyber-espionage campaigns, according to experts.
Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber attacks, including the …
Wall Street traders charged with stealing company code via email
Three men have been charged with pilfering trade secrets from a Wall Street firm after two of them emailed themselves computer code belonging to their former employer from their company email accounts.
Glen Cressman and Jason Vuu, both former employees of Wall Street firm Flow Traders, were each charged with unlawful duplication …
Cryptome suffers brief take-down over Japanese 'terror' files
Longstanding whistleblower site Cryptome.org is back online after a brief takedown, sparked by its hosting of a list of alleged Japanese terrorists.
The takedown by host Network Solutions came as a result of a complaint signed Sima Jiro, who complained that the 114 documents in a file identified as jp-terrorist-files.zip …
Chinese authorities say massive DDoS attack took down .cn domain
The China Internet Network Information Center (CINIC) has reported that on Sunday it suffered the largest ever DDoS attack it has ever experienced against the .cn domain, an assault that took ten hours to knock down.
In a statement, the CINIC said that attacks began around midnight Sunday on Chinese time and intensified a few …
Koobface worm-flinging gangster linked to pharma spam ops
What do you do after you've made millions through one of the most technically sophisticated strains of malware ever unleashed onto the internet? Make millions pushing penis-enhancing pills, according to more than one security researcher.
The findings suggest at least one of the crooks behind Koobface has branched out to become …
PayPal fixes critical account switcheroo bug after researcher tipoff
PayPal has fixed a critical flaw that allowed an attacker to delete any account at will and replace it with one of their own.
In April, security researcher Ionut Cernica discovered that US PayPal account holders could add an email address to someone else's account by visiting a PayPal webpage. This then allowed the account to be …
Russian spyboss brands Tor a crook's paradise, demands a total ban
Russia's spybosses are contemplating blocking access to the Tor network and similar privacy tools that try to prevent netizens from being traced online.
The proposal - pushed by Federal Security Service of the Russian Federation (the FSB) - sets out a clampdown on technologies top spooks branded tools for "weapon traffickers, …
Report: Secret British spy base in Middle East taps region's internet
Among the vast haul of information lifted from secret networks by former US intelligence sysadmin Edward Snowden are details of a top-secret British spy base placed in the Middle East to tap into undersea communications cables and eavesdrop on the region's internet, it has been reported.
According to the Independent, the …
Germany warns: You just CAN'T TRUST some Windows 8 PCs
Microsoft's new touchy Windows 8 operating system is so vulnerable to prying hackers that Germany's businesses and government should not use it, the country's authorities have warned in a series of leaked documents.
According to files published in German weekly Die Zeit, the Euro nation's officials fear Germans' data is not …
Boffins use HOT maths MODELS to predict spam of the future
Australian computer boffins reckon game theory can be applied to build better spam filters.
The new spam classifier, developed by Professor Sanjay Chawla, Fei Wang and Wei Liu of the University of Sydney, outsmarts would-be spammers by predicting the likely pattern of future spam runs by learning from past attacks.
The two …
