Iain Thomson

Contact Mail Follow Twitter RSS feed
Boba Fett

Hack apps, attack code drawbacks for cash stacks, Google yaks

Google is offering cash to those who can find, exploit and report bugs in its Android apps, or similarly hack other programs in its Play Store. The goal is to get a large number of people and developers working together on improving security in the Android world. The advertising giant is very familiar with bug bounties, and …
Iain Thomson, 20 Oct 2017
Uranus

Hate to break it to you, but billions of people can see Uranus tonight

Attention, inhabitants of the northern hemisphere of our fragile home world. You're about to get one of the best peeks at Uranus in years – because the strange alien planet will reach opposition with the Sun and be at the closest point in its orbit to Earth. On Thursday and Friday, Earth will be directly in between the second- …
Iain Thomson, 19 Oct 2017

Stealth web crypto-cash miner Coin Hive back to the drawing board as blockers move in

Malwarebytes has had enough of Coin Hive's alt-currency-generating browser-side code, and is now automatically blocking it. The biz joins ad-block plugins in preventing Coin Hive's Monero-crafting JavaScript from running in webpages, using visitors' electricity and hardware to mine new money. Coin Hive is a legit outfit, and …
Iain Thomson, 19 Oct 2017
Satya Nadella

You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early

A few weeks ago, Google paid Microsoft $7,500 after Redmond's security gurus found, exploited and reported a vulnerability in the Chrome browser – a flaw that would allow malicious webpages to run malware on PCs. Now Microsoft isn't entirely happy with the way Google handled it, and having been schooled a few times on security …
Iain Thomson, 19 Oct 2017
NYPD

NYC cops say they can't reveal figures on cash seized from people – the database is too shoddy

Updated New York City cops claim they can't tell anyone how much cash they have seized from people under civil asset forfeiture laws – because its database is not up to snuff. The US city's police department is being sued for snubbing a Freedom of Information request from the Bronx Defenders advocacy group, which had asked for figures …
Iain Thomson, 18 Oct 2017
hacker

Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Europol has asked cellphone networks and other internet providers to stop using Carrier Grade Network Address Translation (CGNAT) – because it’s making life too difficult for cops trying to track cyber-villains across the web. CGNAT is used by telcos running short of public IPv4 addresses. By deploying CGNAT, a mobile network …
Iain Thomson, 18 Oct 2017
old

Watch out for Microsoft Word DDE nasties: Now Freddie Mac menaced

Updated Malware exploiting Microsoft Word's DDE features to infect computers has been lobbed at US government-backed mortgage biz Freddie Mac. Well-crafted phishing emails were sent to staff promising free tickets to a Halloween event at a nearby Six Flags amusement park. If employees click through a link in the message, they're …
Iain Thomson, 17 Oct 2017
A man in panic

Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama

WPA2 Wi-Fi users – ie, almost all of us – have had a troubling Monday with the arrival of research demonstrating a critical design flaw in the technology used to secure our wireless networks. A flaw so bad, it can be exploited by nearby miscreants to potentially snoop on people's internet connections over the air. However, don …
Iain Thomson, 17 Oct 2017
stars

Neutron stars shower gold on universe in big bang, felt on Earth as 100-second grav wave

Barely two years after it came online, the Laser Interferometer Gravitational-Wave Observatory (LIGO) has scored a double success. Last week, the instrument earned its creators a Nobel Prize – and this week we're told it helped spot the first neutron star collision from both its gravitational wave and radiation emissions. At …
Iain Thomson, 16 Oct 2017

Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware. The flaw, CVE-2017-11292, was discovered by Kaspersky Labs, and affects all current versions of Flash for Windows, macOS, Linux and Chrome OS. A programming cockup in …
Iain Thomson, 16 Oct 2017
Cyber

US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in …
Iain Thomson, 13 Oct 2017

Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers. The dot-com is run by the Tampa Bay Times, and already has its work cut out for it given the state of American politics. …
Iain Thomson, 13 Oct 2017
Hyatt

Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Hyatt has provided the perfect excuse for folks trying to explain to bosses or spouses why a film they watched in their hotel room for just seven minutes appeared on their company or personal credit card. Its computer systems were earlier this year hacked by miscreants, who infected payment terminals with malware that siphoned …
Iain Thomson, 12 Oct 2017

Dear America, best not share that password with your pals. Lots of love, the US Supremes

A California bloke fighting a computer hacking conviction has lost his final appeal after the US Supreme Court declined to hear his case. The ramifications of this decision could affect everyone in America who has ever shared a password with their friends and family. We'll explain. In 2004, David Nosal was a high-level …
Iain Thomson, 11 Oct 2017
Outlook

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached. You read that right: if you can intercept a network connection transferring an encrypted email, …
Iain Thomson, 11 Oct 2017
wire

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Updated Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist. On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to …
Iain Thomson, 11 Oct 2017
laugh

Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLION

Updated Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million. In true buck-passing fashion, at the time of writing, Equifax hadn't even released a public statement …
Iain Thomson, 10 Oct 2017
Leak

Et tu Accenture? Then fall S3er: Consultancy giant leaks private keys, emails and more online

Updated Yet another organization has been caught exposing sensitive data to the public internet: this time it is Accenture – consultants to the great and the good – with a misconfigured AWS S3 bucket leaking access keys and other private documents. On September 17, veteran cloud watchdog Chris Vickery at security shop Upguard found …
Iain Thomson, 10 Oct 2017

FBI iPhone hack lost forever, White House mobe compromised, SSH – and plenty more

Roundup Another week draws to a close so it's time to review the security news you may have missed in between the big hitters: the NSA contractor who leaked more exploits, Apple's encryption password blunder, and so on. This week we've seen bugs, hacking, and government silliness – take a look... Computerinsel PhotoLine full of bugs …
Iain Thomson, 6 Oct 2017

Blade Runner 2049 review: Scott's vision versus Villeneuve's skill

No spoilers Stepping into the cinema to watch Blade Runner 2049 was a nervous moment; after The Phantom Menace and Prometheus, was another studio about to take a steaming dump on a pivotal film of my youth? The omens were good. Director Denis Villeneuve gave us probably the best sci-fi film of last year in Arrival and his previous film, …
Iain Thomson, 6 Oct 2017
ThinkPad25

Lenovo spits out retro ThinkPads for iconic laptop's 25th birthday

After teasing techies for months, Lenovo has finally unveiled the ThinkPad 25: a laptop designed to mimic the look and feel of the legendary IBM ThinkPad but with all modern components. This 336.6 mm x 232.5 mm x 19.95 mm ThinkPad 25 has the seven-row keyboard beloved by ThinkPad devotees but which Lenovo dumped in 2011, the …
Iain Thomson, 5 Oct 2017

Russian spies used Kaspersky AV to hack NSA staffer, swipe exploit code – new claim

Russian government spies used Kaspersky Lab software to extract top-secret software exploits from an NSA staffer's home PC, anonymous sources have claimed. The clumsy snoop broke regulations by taking the classified code, documentation, and other materials home to work on using his personal computer, which was running …
Iain Thomson, 5 Oct 2017

Google touts Babel Fish-esque in-ear real-time translators. And the usual computer stuff

Google today showed off some new Android phones, a laptop, two Home assistants, and a genuine surprise: a set of earbuds that attempt to emulate Douglas Adams’ legendary Babel Fish – a real-time language translator. During the hardware unveiling, an event dubbed Made by Google, in San Francisco a few hours ago, CEO Sundar …
Iain Thomson, 5 Oct 2017

Nothing matters any more... Now hapless Equifax bags $7.5m IT contract with US taxmen

Shortly after we all learned of a massive security breach at Equifax in which the personal information of 143 million 145.5 million Americans and sundry Brits and Canadians was plundered by hackers, the US Internal Revenue Service awarded Equifax a no-bid contract – to provide identity verification services for the tax authority …
Iain Thomson, 3 Oct 2017
mayer

Oath-my-God: THREE! BILLION! Yahoo! accounts! hacked! in! 2013! – not! 'just!' 1bn!

With Equifax testifying in US Congress today about its own massive security failings, someone at Yahoo! presumably thought now would be a good time to bury bad news – but some things are too large to hide. In a filing on Tuesday to America's financial watchdogs, Yahoo!, now owned by Verizon under the Oath brand, admitted the …
Iain Thomson, 3 Oct 2017

Biting the hand that feeds IT © 1998–2017