Iain Thomson

Contact Mail Follow Twitter RSS feed
army

Massive US military social media spying archive left wide open in AWS S3 buckets

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. The archives were found by UpGuard's veteran security-breach …
Iain Thomson, 17 Nov 2017
Hacker

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on …
Iain Thomson, 16 Nov 2017
Rage

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it. Last week, netizens using Parity's multi-signature wallets – which each require more than one person …
Iain Thomson, 16 Nov 2017

How about that time Russian military used a video game pic as proof of US aiding ISIS?

Earlier this week, the official Facebook and Twitter accounts of the Russian Ministry of Defense said it had "irrefutable evidence" the US was aiding ISIS in Syria – and revealed four grainy photos apparently backing up its claims. The images, apparently taken last week, were captioned as showing the American forces letting …
Iain Thomson, 16 Nov 2017

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data. The remote access trojan (RAT), dubbed Fallchill, is the work of a North Korean hacking group called Hidden Cobra, which some at US-CERT believe was responsible for the WannaCry …
Iain Thomson, 15 Nov 2017
lab rat

Uncle Sam to strap body sensors to hackers in nuke lab security study

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws. The study is running this month and next at what's described as a high-security nuclear science …
Iain Thomson, 15 Nov 2017

What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants. The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people's PCs and handhelds – way more than …
Iain Thomson, 15 Nov 2017
Freedom

Think the US is alone? 18 countries had their elections hacked last year

While America explores quite how much its election was interfered with by outsiders, the news isn't good for the rest of us, according to independent watchdog Freedom House. In its annual Freedom of the Net [PDF] report on the state of the internet and democracy, the group surveyed 65 nation states comprising 87 per cent of …
Iain Thomson, 14 Nov 2017
mask

Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'

Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone. Bkav Corporation, an tech security biz with offices in the US and Singapore, specializes in bypassing facial-recognition systems, and set out to do the same …
Iain Thomson, 13 Nov 2017

Manic miners, hideous hackers, frightful flaws, vibrating mock cock app shock – and more

Roundup Phew, we made it to the weekend. Let's take a look at everything that went down in IT security beyond what we've already covered this week. The week started badly after an anonymous individual managed to bork the Parity Ethereum wallet and lock up $280m with of the crypto-currency – an act that may or may not have been …
Iain Thomson, 11 Nov 2017
currency

Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent." On Tuesday, Parity confessed all of its multi-signature Ethereum wallets – which each require multiple …
Iain Thomson, 10 Nov 2017

The NAKED truth: Why flashing us your nude pics is a good idea – by Facebook's safety boss

Poll Amid days of intense debate over about its controversial plan to block revenge porn on its social network, Facebook sought to calm fears about the program. Antigone Davis, Facebook's global head of safety, on Thursday attempted to clarify details about the system, which is being tested right now in Australia, and is heading to …
Iain Thomson, 10 Nov 2017
Judge

Judge bins sueball lobbed at Malwarebytes by rival antivirus maker for torpedoing its tool

Security software slinger Enigma has lost a key legal battle against antivirus maker Malwarebytes, which blocks and deletes Enigma's products from PCs. Florida-based Enigma Software Group, which touts tools Spyhunter and RegHunter that claim to remove software nasties from Windows computers, sued Malwarebytes in San Jose, …
Iain Thomson, 10 Nov 2017
Rosenstein

US government seizes Texas gun mass murder to demand backdoors

While US President Donald Trump thinks it's too early to discuss gun control in the wake of Sunday's Texas church massacre – America's latest mass shooting – his Deputy Attorney General Rod Rosenstein is just fine exploiting the murder-suicide of 26 people to push for backdoors. Specifically, a backdoor so investigators can …
Iain Thomson, 9 Nov 2017
fail_parking_meter_648

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

A British teenager who tried to order a car bomb on the dark web and get it delivered to his address has been found guilty this week. Gurtej Randhawa Failure ... Gurtej Randhawa (Source: NCA) Gurtej Randhawa, 19, of Wightwick, in the West Midlands of England, was cuffed by cops in May after purchasing what he thought was …
Iain Thomson, 9 Nov 2017
Mayer

Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Poor Marissa Mayer. After selling off Yahoo! and floating away on her golden parachute, she must have been looking for a nice rest. But US Congress wanted her to explain how every single user account on the portal got hacked. On Wednesday, she testified before the Senate Committee on Commerce, Science, and Transportation on …
Iain Thomson, 8 Nov 2017
FBI

You know what's coming next: FBI is upset it can't get into Texas church gunman's smartphone

FBI agents investigating the murder-suicide of 26 people in a church in Sutherland Springs, Texas, on Sunday, have said they can't yet unlock the shooter's smartphone. In a press conference on Tuesday, special agent Chris Combs said that investigations into the motives and actions of the gunman was ongoing, but that his mobe …
Iain Thomson, 8 Nov 2017

Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light

Updated After watching customer after customer screw up their AWS S3 security and expose highly sensitive files publicly to the internet, Amazon has responded. With a dashboard warning indicator. Simple, and hopefully effective. For months now we have been reporting on researchers finding open S3 buckets packed full of confidential …
Iain Thomson, 7 Nov 2017
failure

Parity calamity! Wallet code bug destroys $280 MEEELLION in Ethereum

There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently. Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user …
Iain Thomson, 7 Nov 2017

Boffins tear into IEEE's tissue-thin anti-hacker chip blueprint crypto

Several large gaps have been found in the IEEE's P1735 cryptography standard that can be exploited to unlock or tamper with encrypted system-on-chip blueprints. The P1735 scheme was designed so that chip designers could, ideally, shield their intellectual property from prying eyes. When you're creating a system-on-chip …
Iain Thomson, 7 Nov 2017
UFC

Let's get ready to grumble! UFC secretly choke slams browsers with Monero miners

Yet another website has been caught secretly running Coin Hive's JavaScript that silently pressgangs visitors' computers into mining the Monero digital currency. On Monday, it was the turn of Ultimate Fighting Championship's pay-per-view ufc.tv site, which streams mixed martial arts battles in which men and women in tight …
Iain Thomson, 7 Nov 2017
prostitute

Silicon Valley giants tap escape on fight against web sex trafficking law

Just before the weekend, the Internet Association quietly dropped its objections to the proposed Stop Enabling Sex Traffickers Act (SESTA) which is making its way through US Congress – after fighting against the draft legislation for months. SESTA was introduced to the Senate in August, and amends section 230 of the …
Iain Thomson, 6 Nov 2017

OpenSSL patches, Apple bug fixes, Hilton's $700k hack bill, Kim Dotcom raid settlement, Signal desktop app, and more

Happy weekend, everyone, except those of you on call, of course. Let us catch you up on all the IT security bits and pieces besides what's been reported this week. Down in New Zealand, Kim Dotcom, the bête noire of Hollywood, reached a settlement with the New Zealand authorities over a rather dramatic raid in 2012 on his home …
Iain Thomson, 4 Nov 2017
Whatsapp running on an iPhone

Over a million Android users fooled by fake WhatsApp app in official Google Play Store

Once again Google's Play Store has proved less than excellent at tackling malicious apps, after netizens found a fake version of WhatsApp that was good enough to fool over a million people into downloading it. The rogue program was spotted by Redditors earlier today, and the software looks very much like the real deal. However …
Iain Thomson, 3 Nov 2017
all clear

Equifax execs sold shares before mega-hack reveal. All above board – Equifax probe

Senior Equifax executives sold their shares in the credit agency just before its stock price plunged when the world was told it had been thoroughly hacked. The US biz has since probed the transactions, and you'll all be extremely pleased to learn of that investigation's conclusion: there was no wrongdoing, nothing untoward, …
Iain Thomson, 3 Nov 2017

Biting the hand that feeds IT © 1998–2017