Feeds

Security > More stories

Bitcoin bloodbath

Mt Gox staff tried to warn CEO of Bitcoin loss risks – reports

Staff at fallen Bitcoin exchange Mt Gox in Japan have claimed that they raised alarms about how the company was handling client funds as long ago as 2012, according to Reuters. In this report, the unnamed “current and former employees” of Mt Gox were concerned that “customer funds were diverted to cover operating costs” of the …

Google researcher says government hack attacks on journos on the rise

Most major news organisations are now the targets of state-sponsored attacks on their security, according to Google security researcher Shane Huntley. According to Reuters, Huntley told the Singapore Black Hat conference on March 28 that his research, conducted in partnership with Citizen Labs' Morgan Marquis-Boire, revealed …

Microsoft: Let's be clear, WE won't read your email – but the cops will

Microsoft has today performed a second volte-face in the Hotmail scanning scandal, and this time it looks serious. There was uproar after the software giant revealed it had rummaged through a blogger's Hotmail inbox to snare an employee who had allegedly leaked pre-release Windows 8 software. Microsoft runs Hotmail as part of …
Iain Thomson, 28 Mar 2014

FTC: Do SSL properly or we'll shove a microscope up you for decades

The US Federal Trade Commission (FTC) has forged settlement deals with a pair of companies accused of botching their SSL encryption and leaving people vulnerable to identity thieves. According to the watchdog, Fandango and Credit Karma failed to implement basic safeguards when sending highly sensitive personal information over …
Shaun Nichols, 28 Mar 2014
Picture by Afonso Lima

'I like big butts and I cannot lie, hackers take Pinterest on a joyride'

NSFWish Miscreants have made an ass out of users of bewildering photo-sharing website Pinterest – by hijacking their accounts to flood the boards with butt pics. The cheeky spammers gained control of the profile pages by tricking victims into clicking on “Pin This” widgets on websites or running dodgy apps, all of which had malicious …
John Leyden, 28 Mar 2014

ICO plugs XSS vuln in its website. Only took watchdog FIVE YEARS

The Information Commissioner's Office (ICO) has finally fixed a security bug on its website - five years after it was first notified to the data privacy watchdog. IT consultant Paul Moore first warned the ICO about a cross site scripting (XSS) problem on its website in 2009. The flaw meant it was possible to introduce arbitrary …
John Leyden, 28 Mar 2014
Dogecoin

Hackers force innocent mobes to join ALTCOIN MINING GANGS

Cybercrooks are turning smartphones into digital currency-mining bots using mobile malware. The cyber-menace, dubbed CoinKrypt by mobile security firm Lookout, is capable of hijacking the processor on smartphones to mine digital currency, enriching hackers in the process. CoinKrypt has been confined thus far to Spanish pirated …
John Leyden, 27 Mar 2014
balaclava_thief_burglar

SEC mulls how to save markets from hackers: How about a CRACK TEAM... of advisers?

The Securities and Exchange Commission (SEC) invited security and finance experts to Washington yesterday to discuss cybersecurity issues and whether companies and stock markets should be required to immediately disclose attacks and invest in protecting their systems. SEC commissioner Luis Aguilar said that the agency needed to …

When ZOMBIES attack: DDoS traffic triples as 20Gbps becomes the new normal

DDoS traffic has more than trebled since the start of 2013, according to a new study released on Thursday that fingers zombie networks as the primary source of junk traffic that can be used to flood websites. More than a quarter of all botnets are located in either India, China and Iran. The study, by DDoS mitigation firm …
John Leyden, 27 Mar 2014

Spooks vs boffins: MIT bods say they've created PRISM-proof encryption

The cleverest clogs of MIT have squared up to the NSA after claiming to have developed a PRISM-proof encryption system. Dubbed Mylar, the spook-bane allows devs to build web applications which are protected from attackers, even if they have access to the server that stores the software. Its creators were upset that anyone who …
Jasper Hamill, 27 Mar 2014

Naver raver charged over 25 MEEELLION account breach palaver

A 31-year-old South Korean has been charged with using stolen personal information to hack the online accounts of 25 million users of the country’s popular Naver portal. The Asian nation’s National Police Agency said the suspect purchased the data – including names, addresses, internet IDs and passwords – back in August last …
Phil Muncaster, 27 Mar 2014

Cisco ships six fixes for DoS bugs

Sysadmins can get themselves ready for a busy Cisco “patch Thursday”, after the Borg lobbed six patches out the door to deal with a range of denial-of-service (DoS) vulnerabilities in IOS. The vulnerabilities – see here for a single list – are all scored a CVS base score better than 7 as being remotely exploitable without …

Full Disclosure redux: under new management

Seclists.org convenor Gordon Lyon (also author and maintainer of Nmap) has decided that the Full Disclosure list is too important a resource to let slide away into history, and has announced that he'll relaunch it. As http://www.theregister.co.uk/2014/03/19/full_disclosure_closes/ reported last week, Full Disclosure's John …
Russia

Did Russians frame Ukrainian hacktivists for alleged leak of 7 million credit, debit cards?

Self-styled Ukrainian hackers are bragging they dumped millions of stolen credit card numbers online – but the claims may simply be a political smear job amid tensions between Russia and the West. A group calling itself "Anonymous Ukraine" boasted this week that it is in possession of 800 million credit and debit card details. …
John Leyden, 27 Mar 2014
Three  UK Passports

Passport PIN tech could have SAVED MH370 ID fraudsters

A man who developed PIN code protection for credit cards is looking to extend the technology to passports as a way of making stolen credentials more difficult to use. Kenneth Cecil of International Security, who came up with PIN code protection in US patent 6,340,116), will present a white paper on extending the technology to …
John Leyden, 26 Mar 2014
Spam

Chinese cops cuff 1,500 in fake base station spam raid

China’s police have arrested over 1,500 people on suspicion of using fake base stations to send out mobile SMS spam. The current crackdown, began in February, according to Reuters. Citing a Ministry of Public Security missive, the newswire says a group operating in north-east Liaoning province, bordering North Korea, is …
Phil Muncaster, 26 Mar 2014
FBcoldstoragearray

Facebook flashes its One Tool To Rule Them All in security threat analysis

Facebook has bragged about a new internal tool that combines all sorts of live data on internet security threats – such as any new malware doing the rounds and known dodgy URLS. The social network's engineers said the utility, imaginatively dubbed ThreatData, collects software nasties shared by researchers and also throws in …
Iain Thomson, 26 Mar 2014

Banks lob sueball at Trustwave, Target over breach

A group of banks has filed a class action lawsuit against Target over its recent data breach, and has named security company Trustwave as a co-defendant. The late-2013 security breach resulted in at least 40 million customers' credit cards being compromised, after a Maryland contractor's systems provided a bridge into the retail …
Microsoft Cybercrime Center

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime. Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are …
John Leyden, 25 Mar 2014
Bruce Schneier

Bruce Schneier sneers at IBM's NSA denials

Ten days ago IBM issued ”A Letter to Our Clients About Government Access to Data” that, as we reported, swore on all that is good and holy that it did not hand over data to the NSA and would never do such a thing. But the letter did not satisfy security commentator Bruce Schneier who's penned an open letter of his own to Big …
Simon Sharwood, 25 Mar 2014

Forget black hats – the best hackers are going grey and getting legit

A report from the Rand Corporation suggests the increasing market for software vulnerabilities that can be sold legitimately is tempting the most 1337 hackers and crackers to go legit, rather than suffer the vagaries of the black market in code and credentials. "There's an economic seesaw in the market," Michael Callahan, VP of …
Iain Thomson, 25 Mar 2014
padlock

Palo Alto Networks splashes $US200 million on Cyvera

Palo Alto Networks has announced that it's buying Tel Aviv-based Cyvera for $US200 million, including $US88 million in cash. The attraction is the Israeli company's TRAPS (Targeted Remote Attack Prevention System), an endpoint protection system for Windows machines, which PAN will add to its existing firewall and cloud security …
blackmail

Extortion racket borks Basecamp servers with 20Gbps web bombing

Users of Basecamp's project management software experienced an outage this morning, with more possible in the future, after the company was blown off the internet in a distributed denial-of-service attack when it refused to pay off crooks. The attack hit at 0846 Central Time (1346 UTC) on Monday and knocked the company's servers …
Iain Thomson, 24 Mar 2014
Windows 9x BSOD

It's 2014 and you can pwn a PC by opening a .RTF in Word, Outlook

Microsoft has warned its Word software is vulnerable to a newly discovered dangerous bug – which is being exploited right now in "limited, targeted attacks" in the wild. There is no patch available at this time. The flaw is triggered by opening a maliciously crafted RTF document in the Microsoft Office word processor, or opening …
Jack Clark, 24 Mar 2014
Google Glass

Hey, Glasshole: That cool app? It has turned you into a SPY DRONE

Security researchers have created prototype Google Glass spyware that is capable of snooping on everything the user is looking at without tipping off victims that anything is amiss. Mike Lady and Kim Paterson – graduate researchers at California Polytechnic San Luis Obispo – created an app that takes a picture every 10 seconds a …
John Leyden, 24 Mar 2014
Cisco's Chris Young

Interview: Cisco's security supremo on the Internet of Everything

Among his many responsibilities, Chris Young is the Cisco executive charged with leading its security challenge. Last week at Cisco Live! Australia, Vulture South talked to Young about securing the Internet of Everything. El Reg:Cisco has put a $19 trillion value on the Internet of Things: how do we stop it becoming a $19 …

Boffins working on debris float models to track MH370 wreckage

UPDATE Scientists from Australia's Commonwealth Scientific and Industrial Research Organisation (CSIRO) have lent their talents to the search for missing airliner MH370, by developing models to predict where wreckage may have drifted. Objects held to be “credible” candidates for pieces of the plane were spotted by satellite on March …
Simon Sharwood, 23 Mar 2014
A fake tattoo on the leg of Canberra Raiders footballer Sandor Earl, sent by Huawei as an April Fool

US saves self from Huawei spying by spying on Huawei spying

Maybe this is why the US government is so certain Huawei is bad news: Snowdenistas at The New York Times and Der Spiegel have reported another communiqué from their source-in-exile – this time to the effect that the United States National Security Agency penetrated Chinese networking equipment vendor Huawei and monitored its …
Simon Sharwood, 23 Mar 2014
Evil Android

Android update process gives malware a leg-up to evil: Indiana U

Researchers from Indiana University Bloomington have tagged a vulnerability in the way Android handles updates, which they say puts practically every Android device at risk of malicious software. As ThreatPost explains, the vulnerability uses the update process to “ramp up the permissions given to malicious apps once Android is …
Syrian iPhone ban

Microsoft charges the FBI $50 for a copy of your private data, claim 'Redmond hackers'

Hacktivists apparently loyal to Syrian President Bashar al-Assad have bragged they hacked into Microsoft's internal system that bills US cops and feds for access to citizens' private data. And the hackers have apparently spilled the beans on how much Redmond is paid for servicing those American wiretap requests. The documents …
John Leyden, 21 Mar 2014
Photo of the White House at dusk

White House may ditch BlackBerry, adopt LG or Samsung, ignore Apple

Updated What BlackBerry and new CEO John Chen definitely don't need right now is bad publicity, but that's exactly what The Wall Street Journal has provided them, with a report that one of its remaining high-profile customers, the White House, is mulling over a switch from the formerly high-flying Canuckphone to devices from Samsung or …
Rik Myslewski, 21 Mar 2014
Resident Evil zombie takeover

ZOMBIE iPAD PERIL? Cyberbadness slinger touts tool for iOS

A Swiss Army knife-like piece of malware has been ported to Apple's iOS from Windows and Linux, a security research team has claimed. We're told Zorenium is a low-profile, cross-platform, remote-controllable bot with advanced features including the ability to empty victims' online bank accounts, contribute to distributed denial- …
John Leyden, 21 Mar 2014
BB_PLAYBOOK_RIM_DOWN_TOILET

They want me to install CCTV to see what YOU did in the TOILET

Something For The Weekend, Sir? I have just come out of a boardroom presentation in which a fibre network installer bored us all shitless speaking in initials and acronyms for an hour and a half. The one time we woke up was when he used the expression “SLA”, being the only abbreviation that everyone in the room was familiar with – including the accountant. …
Alistair Dabbs, 21 Mar 2014
Targeted Spam

ICO decides against probe of Santander email spam scammers

Santander customers say they are continuing to be deluged with Trojans and other junk to email addresses exclusively used with the bank months after the problem first surfaced back in November. At least two Reg readers have put in complaints to the Information Commissioner's Office. But the data privacy watchdog told us that it …
John Leyden, 21 Mar 2014
Charlie Rose (L) and Larry Page (R) at TED 2014 in Vancouver

'It is disappointing that the government secretly did this stuff'

Quotw This was the week when legendary security mailing list Full Disclosure closed down after 12 years when admin John Cartwright threw in the towel in utter exasperation. The service where security researchers could post details of exploits and vulnerabilities is closing after Cartwright reached the end of his tether with running …

MtGox finds 200,000 Bitcoin in old wallets

Failed Bitcoin exchange MtGox has revealed a further, but fortuitous failure. In a newly-released (PDF) statement, the outfit says it “... had certain old format wallets which were used in the past and which, MtGox thought, no longer held any bitcoins.” Once it prised open one of those wallets it was found to hold 200,000 …
Simon Sharwood, 21 Mar 2014
snowden SXSW

NSA 'hunted sysadmins' to find CAT PHOTOS, high-level passwords

Staff at the United States' National Security Agency reportedly “hunted” system administrators because they felt doing so would yield passwords that enabled easier surveillance. So says The Intercept, which claims this document came its way thanks to one E. Snowden, late of Moscow. The document is apparently a lift from an …
Simon Sharwood, 21 Mar 2014
Great Wall of China

India's outsourcers look east with eyes on Asian tigers

Indian IT services group Nasscom is turning its attention eastwards with a focus on China, Japan and other previously untapped markets in an attempt to maintain the industry’s double-digit growth. The country’s outsourcers have historically focused their efforts on customers in the UK and US, but president R Chandrasekhar said …
Phil Muncaster, 21 Mar 2014

Tor Project claims 'fake' Tor Browser sat in iOS App Store for months

Following months of protests, Apple has apparently removed from its App Store software that claimed to be a Tor-friendly web browser yet was allegedly loaded with adware and spyware. For the uninitiated, the official Tor Browser is a package containing Firefox that uses the Tor network to bounce connections to websites around …
Shaun Nichols, 21 Mar 2014

Google grabs Gmail-using HTTPS refuseniks and coats them with SSL

Google has announced that from Thursday all connections to its Gmail website will be encrypted in transit using HTTPS – and messages will be encrypted when being moved around the web giant's data centers. "Every single email message you send or receive - 100 per cent of them - is encrypted while moving internally," wrote Nicolas …
Iain Thomson, 21 Mar 2014
Sergy Brin meets Snowden

'Arrogant' Snowden putting lives at risk, says NSA's deputy spyboss

TED 2014 Two days after NSA leaker Edward Snowden addressed the latest TED technology jamboree in robot form, the US intelligence agency has also made an appearance – with deputy director Richard Ledgett dialing in by video link. Ledgett said the NSA's core problem was that it was lousy at PR, rather than that it was invading innocent …
Iain Thomson, 20 Mar 2014
Dunce

Symantec fires CEO Steve Bennett: To lose 1 chief is unfortunate, to lose 2 is OK, apparently

Symantec has fired its second CEO in two years: the company's chief exec, president and former board chairman Steve Bennett was today shown the door after less than 18 months on the job. "We recognize Steve's contributions to Symantec, including developing and leading a series of successful initiatives focused on organizational …
Iain Thomson, 20 Mar 2014