Iain Thomson

Contact Mail Follow Twitter RSS feed
hacking

US voting systems: Full of holes, loaded with pop music, and 'hacked' by an 11-year-old

DEF CON Hackers of all ages have been investigating America’s voting machine tech, and the results weren't great. For instance, one 11-year-old apparently managed to hack and alter a simulated Secretary of State election results webpage in 10 minutes. The Vote Hacking Village, one of the most packed-out locations at this year’s DEF …
Iain Thomson, 13 Aug 2018
panel

Criminal justice software code could send you to jail and there’s nothing you can do about it

DEF CON American police and the judiciary are increasingly relying on software to catch, prosecute and sentence criminal suspects, but the code is untested, unavailable to suspects' defense teams, and in some cases provably biased. In a presentation at the DEF CON hacking conference in Las Vegas, delegates were given the example of …
Iain Thomson, 13 Aug 2018
Rob Joyce

Former NSA top hacker names the filthy four of nation-state hacking

DEF CON Rob Joyce, the former head of the NSA’s Tailored Access Operations hacking team, has spilled the beans on which nations are getting up to mischief online. Joyce gave one of the first talks at the DEF CON hacking conference in Las Vegas and interest was intense - the lines to get in stretched around the hall. Joyce …
Iain Thomson, 13 Aug 2018
linton

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

Updated At midnight on Thursday, Matt Linton, a senior Google bod who was one of the key players in sorting out the Spectre CPU security hole mess, went to his hotel room in Caesars Palace, Las Vegas – and found his key no longer worked. When he went to reception to find out what the problem was, he was met by two security guards who …
Iain Thomson, 10 Aug 2018
Santamarta

Hackers can cook you alive using 'microwave oven' sat-comms – claim

Black Hat Four years ago, IOActive security researcher Ruben Santamarta came to Black Hat USA to warn about insecurities in aircraft satellite-communication (SATCOM) systems. Now he’s back with more doom and gloom. During a presentation at this year's hacking conference in Las Vegas this week, he claimed he has found a host of flaws in …
Iain Thomson, 10 Aug 2018
pwnie

Spec-exec CPU bugs sweep hacking Oscars – and John McAfee’s in there like a bullet

Black Hat The whizz kids who uncovered the Spectre and Meltdown data-leaking flaws in modern processors have scooped two Pwnie Awards – often referred to as the information security industry’s Oscars. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike …
Iain Thomson, 10 Aug 2018
Two execs in a server room. Has to have happened some time heh. Photo by Shutterstock

Can we talk about the little backdoors in data center servers, please?

Black Hat Data centers are vital in this cloudy world – yet little-understood management chips potentially give hackers easy access to their servers in ways sysadmins may not have imagined. The components in question are known as baseband management controllers (BMCs). They are discrete microcontrollers popped into boxes by the likes of …
Iain Thomson, 10 Aug 2018
hackers

Say what you will about self-driving cars – the security is looking 'OK'

Black Hat Car hacking wizards Charlie Miller and Chris Valasek have turned their attention to autonomous vehicles – and reckon the security is surprisingly good. The duo, who work for General Motors’ robo-automaker offshoot Cruise, told this year's Black Hat USA conference on Thursday while self-driving vehicles are much less hackable …
Iain Thomson, 10 Aug 2018
Thumbs up for Spectre-Meltdown protection

Revealed: El Reg blew lid off Meltdown CPU bug before Intel told US govt – and how bitter tech rivals teamed up

Black Hat Next time you leave things to the last minute, remember this well. Despite having known about the Meltdown and Spectre security vulnerabilities for roughly six months, Intel and other chip giants still hadn't warned the US government's cybersecurity nerve-center by the time The Register blew the lid off the design flaws. …
Iain Thomson, 9 Aug 2018
Skull and cross bones in binary

Microsoft to hackers: Finding Hyper-V bugs is hard. Change my mind. PS: Here's a head start...

Black Hat Not that many moons ago, Microsoft was seemingly reluctant to open a bug bounty program. It also once described Linux as a cancer. Now it claims to love Linux, and is offering bounties on bugs. How times change. On Wednesday, Redmond not only reiterated its offer of oodles of cash in exchange for details of exploitable …
Iain Thomson, 9 Aug 2018
Duo's Jamie Tomasello

Stress, bad workplace cultures are still driving security folk to drink

Black Hat In a personal and powerful presentation, a computer security veteran has warned that too many infosec bods are fighting a losing battle with the bottle. Jamie Tomasello, senior manager of security operations at Duo Security, has 17 years of experience in the industry, and has been sober for the past six. While the causes of …
Iain Thomson, 8 Aug 2018
Parisa Tabriz at Black Hat USA 2018

Google Project Zero boss: Blockchain won’t solve your security woes – but partying just might

Black Hat Parisa Tabriz, a director of engineering at Google and head of the web giant's Project Zero bug-hunting squad, today opened this year's Black Hat USA conference with a reminder that partying is key to securing software. There’s more to it than that, of course: clear goals and targets have to be set, management and staff have …
Iain Thomson, 8 Aug 2018
ATM money shot

IBM, ATMs – WTF? Big Blue to probe cash machines, IoT, vehicles, etc in new security labs

Black Hat IBM has promised to open four research centers that will hunt for security vulnerabilities in technology – including a team dedicated to probing cash machines for flaws. It has been eight years since the late, great hacker Barnaby Jack took to the stage at the Black Hat USA conference in Las Vegas, and showed attendees how in …
Iain Thomson, 6 Aug 2018
ransomware

BlackBerry claims it can do to ransomware what Apple did to its phones

Black Hat While ransomware continues to extort factories, hospitals, schools, businesses, and ordinary netizens, BlackBerry reckons it can quickly rescue peeps from malware infections. The Canadian biz's days as the smartphone king long gone, with Apple making quick work of its hardware. And although it still licenses its name to a few …
Iain Thomson, 6 Aug 2018
A black hat hacker

Security world to hit Las Vegas for a week of hacking, cracking, fun

About a quarter of a century ago, a handful of hackers decided to have a party in a cheap hotel, and had a whale of a time. Fast forward to 2018, and that get-together has grown into events that will see an estimated 30,000 people converge on Las Vegas for the biggest security shindig in the world – the combination of Black …
Iain Thomson, 4 Aug 2018
defcon

Dear alt-right morons and other miscreants: Disrupt DEF CON, and the goons will 'ave you

DEF CON The organizers of the DEF CON hacking conference, due to be held in Las Vegas, USA, next week, have put those who intend to spoil the event on warning: such tactics will not be tolerated. At last month's Hackers on Planet Earth (HOPE) event in New York City, several sessions were wrecked by white nationalist attendees spouting …
Iain Thomson, 2 Aug 2018
child

DEF CON plans to show US election hacking is so easy kids can do it

DEF CON Last year, the hackers at DEF CON showed how shockingly easy it was to crack into voting machine software and hardware. Next week, the 2018 conference's Vote Hacking Village will let kids have a shot at subverting democracy. Beginning on Friday, August 10, teams in three age ranges, 8-11, 12-14 and 15-16, will be let loose on …
Iain Thomson, 2 Aug 2018
Reddit

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages

In a Wednesday mea culpa, Reddit – the online chat board that got a little out of hand and became the sixth most-visited website on the internet – has admitted it was raided by hackers unknown. For four days, specifically June 14 to June 18, miscreants managed to break into the website's cloud hosting and source-code …
Iain Thomson, 1 Aug 2018
Juggling apple image via Shutterstock

Apple laughing all the way to the bank – with profits of $5.3m per hour

Apple continues to display all the characteristics of a money-making machine, with record results for the third quarter of the year. This was the iGiant's strongest fiscal third-quarter results in its history, according to Apple, and its fourth straight quarter of double-digit revenue growth. In a conference call with analysts …
Iain Thomson, 1 Aug 2018
military

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code

The US military is drawing up a list of overseas organizations – primarily in Russia and China, funnily enough – that the Pentagon and its contractors shouldn't buy software from, citing security concerns. In a briefing with journalists on Friday, Ellen Lord, US defense undersecretary for acquisition and sustainment, said …
Iain Thomson, 30 Jul 2018
Scott on the surface of the Moon during Apollo 15. Pic: NASA

FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week

Roundup There has been a bumper crop of security news this week, including another shipping giant getting taken down by ransomware, Russian hackers apparently completely pwning US power grids and a sane request from Senator Wyden (D-OR) for the US government to dump Flash. But there has been other news bubbling under. Useless action …
Iain Thomson, 28 Jul 2018
Bob Swan

Swan dive: Intel shares dip under interim CEO Bob as 10nm processor woes worry Wall Street

Despite record-breaking earnings, Intel's shares took a modest dip on Thursday when the semiconductor behemoth reveal its financial results for the second quarter of this year. Revenues for the three months to June 30 rose strongly, year on year, and profits were up 78 per cent. However, it's clear that the markets are …
Iain Thomson, 27 Jul 2018
Trust

Your 60-second guide to security stuff Google touted today at Next '18

It's day two of Google's Cloud Next 2018 conference in San Francisco – and the Chocolate Factory has been unveiling its defenses to thwart hackers and malware. Top of the list is the Titan two-factor authentication widgets Google is going to start shipping later in the year, consisting of a pair of USB and Bluetooth key fobs. …
Iain Thomson, 25 Jul 2018
Amazon CEO Jeff Bezos

Sub-Prime: Amazon's big day marred by server crashes, staff strikes

Amazon's 36-hour "Prime Day" marketing jamboree has kicked off with more than a few hiccups. Almost as soon as it started, Amazon customers eager to indulge in an orgy of consumption found their purchasing plans paralyzed – because Amazon's servers refused to accept payment details. Wannabe buyers grew increasingly frustrated …
Iain Thomson, 16 Jul 2018

Mastercard goes TITSUP in US, UK: There are some things money can't buy – like uptime

Updated Register readers, and quite a few other people, have been left with dead credit cards after Mastercard's payment system took a dive on Thursday. "Mastercard went down this evening," one Reg reader, based in Britain, told us privately. "Couldn’t pay for petrol. It’s a disgrace you can’t trust cards to pay when you need them to …
Iain Thomson, 12 Jul 2018

Biting the hand that feeds IT © 1998–2018