John Leyden

Contact Mail Follow Twitter RSS feed
L0pht back in the day [photo from Chris Wysopal]

'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

Interview It has been 20 years since Chris Wysopal (AKA Weld Pond) and his colleagues at the Boston-based L0pht* hacker collective famously testified before the US Senate that the internet was hopelessly insecure. Youtube Video Wysopal, now a successful entrepreneur and computer security luminary, recently went back to Capitol Hill, …
John Leyden, 18 Jun 2018
milk production line. Photo by SHutterstock

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week's BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes …
John Leyden, 18 Jun 2018

Former FBI boss Comey used private email for official business – DoJ

Former FBI director James Comey was using Gmail for FBI business while overseeing the controversial probe into Hillary Clinton's use of a private email server during her tenure as US Secretary of State. A report from the US Department of Justice found Comey was "insubordinate" in his handling of the investigation while …
John Leyden, 15 Jun 2018
Photon, image via Shutterstock

Quantum cryptography demo shows no need for ritzy new infrastructure

Telefónica and Huawei have carried out a successful field trial of quantum cryptography on commercial optical networks. Other teams, notably a Toshiba Research and Cambridge University Engineering Department, have made great strides in Quantum Key Distribution (QKD), a technology that promises unprecedented secrecy. While …
John Leyden, 14 Jun 2018
Currys PC World shop sign. Pic: Shutterstock

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records. In a statement (PDF), Dixons Carphone said that "unauthorised access" of data held by the company had prompted an investigation, the hiring of external security experts and efforts to shore up …
John Leyden, 13 Jun 2018
Apple

Hello, 'Apple' here, and this dodgy third-party code is A-OK with us

A recently discovered security vulnerability in how third party vendors are checking Apple's "code-signing" process potentially made it easier to trick macOS users into running malicious third-party code. Developers have been warned of the risk, but users still need to upgrade their software to guard against attacks exploiting …
John Leyden, 12 Jun 2018
OnePlus 6 product bottom up perspective

OnePlus 6 smartphone flash override demoed

The recently released ‪OnePlus 6‬ smartphone allows the booting of arbitrary images, security researchers at Edge Security have discovered. According to the researchers, the trick is possible using the fastboot boot image.img feature on the BBK Electronics phone – even when the bootloader is completely locked and in secure …
John Leyden, 12 Jun 2018

Hackers target payment transfer system at Chile's biggest bank, 'take $10m'

Banco de Chile has become the latest victim in a string of cyber attacks targeting the payment transfer systems of banks. The country's largest bank was hit on 24 May and thousands of workstations hobbled. The ransomware attack was well documented locally and the bank has apologised for disruptions, which ran into days. …
John Leyden, 11 Jun 2018
Dancers dressed as robots at rave

Deck the halls with HALs: AI steals the show at Infosec Europe

Artificial intelligence and machine learning - rather than Europe's General Data Protection Regulation – emerged as a key theme of the Infosecurity Europe Conference. Many security vendors - particularly in the field of endpoint security - have been talking up the potential for artificial intelligence for years. That’s the …
John Leyden, 8 Jun 2018
President Vladimir Putin surrounded by aides and soldiers

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

InfoSec Europe Former GCHQ chief Robert Hannigan has warned that the emergence of a commodity marketplace for hacking has changed and escalated the threat. Crooks have solved the skills shortage problem by creating a gig economy and creating "more impressive" and capable tools. Hannigan made the comments during a keynote speech Weaponising …
John Leyden, 8 Jun 2018
shutterstock_197065211

Dark web souks are so last year: Cybercrooks are switching to Telegram

Underground cybercrime marketplaces are in decline because cybercrooks have begun switching to chat channels to trade illegal goods, according to a new report. The climate of fear and mistrust following the AlphaBay and Hansa takedowns in July 2017 has resulted in crims switching tactics and using less convenient platforms, …
John Leyden, 7 Jun 2018
Businessman looking confused and doubtful

Tech giants! How do you know Jim in accounting isn't Putin moves on you

BSides London "I would be surprised if all major intel agencies didn't have people embedded in Google, Amazon, Apple, Facebook and major cloud provers," infosec guru Mikko Hyppönen told a packed audience at BSides conference in London on Wednesday. Hyppönen, chief research officer at security firm F-Secure, made the comment during a well- …
John Leyden, 6 Jun 2018
Wrecked cargo ship abandoned on sea bay

Crappy IoT on the high seas: Holes punched in hull of maritime security

Infosec Europe Years-old security issues mostly stamped out in enterprise technology remain in maritime environments, leaving ships vulnerable to hacking, tracking, and worse. A demo at the Infosecurity Europe conference in London by Ken Munro and Iian Lewis of Pen Test Partners (PTP) demonstrated multiple methods to interrupt and disrupt …
John Leyden, 6 Jun 2018
Abandoned house

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

Infosec Europe Baroness Dido Harding, former chief exec of Brit telco TalkTalk, warned other business leaders of the dangers posed by legacy tech in the opening keynote of the Infosecurity Europe conference in London. Harding stood by TalkTalk's decision to alert its customers to the company's notorious October 2015 breach the same day it …
John Leyden, 5 Jun 2018
Many people, expressions of fear

'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism

Privacy of medical data and the machinations of surveillance capitalism were under the spotlight at a Cambridge University symposium last week. Much of the day-long event, marking the 20th anniversary of think tank the Foundation for Information Policy Research (FIPR), was spent debating state-backed surveillance in its many …
John Leyden, 4 Jun 2018
botnet

OMG, that's downright Wicked: Botnet authors twist corpse of Mirai into new threats

Cybercrooks are using the infamous Mirai IoT botnet as a framework to quickly add in new exploits and functionalities, it has emerged. The tactic is dramatically decreasing the development time for new botnets, according to research from Netscout's Arbor Security Engineering and Response Team (ASERT). The work looks at four …
John Leyden, 1 Jun 2018

SpamCannibal blacklist service reanimated by squatters, claims every IP address is spammy

Updated SpamCannibal – a defunct service that issued blacklists of known spam servers – was hijacked early on Wednesday morning, spewing its own unwanted crap in the process. El Reg was tipped off by a reader who told us that SpamCannibal is "pumping out Blacklist notifications for some of our servers and then when you go to …
John Leyden, 30 May 2018
backdoor_648. Pic via Shutterstock

GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law

Privacy advocates, journalists and a representative from GCHQ squared off in a debate on surveillance in Cambridge today. The heavyweight exchange of ideas between Cambridge security engineering professor Ross Anderson and Ian Levy, technical director of the National Cyber Security Centre, the assurance arm of GCHQ, took place …
John Leyden, 29 May 2018
Doctors in a busy hospital

UK health service boss in the guts of WannaCry outbreak warns of more nasty code infections

The UK's National Health Service has learned from last year's WannaCry attack – and started putting in place disaster recovery measures that will allow it to maintain services in the face of an even fiercer assault. The worldwide spread of WannaCry last May hit hospital networks particularly hard and left doctors and nurses …
John Leyden, 13 Apr 2018
Woman accidentally kicks over bucket of popcorn in cinema

From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people's data

TrueMove H, the biggest 4G mobile operator in Thailand, has suffered a data breach. Personal data collected by the operator leaked into an Amazon Web Services S3 cloud storage bucket. The leaked data, which includes images of identity documents was accessible to world+dog before the mobile operator finally acted to restrict …
John Leyden, 13 Apr 2018
Smarter Wi-Fi kettle

'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer

IoT security regulations could stifle innovation without addressing the security problems at hand, a well-respected security researcher controversially argues. Compromised IoT devices were press ganged into the Mirai botnet and infamously used in a DDoS attack that left many of the world’s most famous sites unreachable back in …
John Leyden, 12 Apr 2018
illustration showing russian president vladimir putin winking

GCHQ boss calls out Russia for 'industrial scale disinformation'

GCHQ‬ boss Jeremy Fleming has hailed the success of a cyber-offensive against ISIS last year and warned of the growing threat posed by Russia. During a wide-ranging speech at the CyberUK conference in Manchester on Thursday morning, Fleming said a cyber operation last year had disrupted ISIS's [Daesh] communications. In 2017 …
John Leyden, 12 Apr 2018
Person hides face in shocked anticipation of something horrible. Photo via shutterstock

UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that

The UK government has launched a new cyber attack categorisation that is designed to improve response to incidents – sadly it doesn't go up to 11.* Categorisation into bands ranging from six down towards one (the most severe) will span the full range of incidents from localised attacks against individuals or SMEs up to " …
John Leyden, 12 Apr 2018
Amber Rudd

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

Britain's Home Secretary Amber Rudd has launched a crackdown on criminals who exploit the dark web. As part of a £9m fund, law enforcement’s response will be ramped up to tackle those who use the darker recesses of the web for illegal activities, such as the selling of firearms, drugs, malware and people. More than £5m will …
John Leyden, 11 Apr 2018

Company insiders behind 1 in 4 data breaches – study

The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation "insiders". And no, we don't mean they clicked on a dodgy link... The latest edition of Verizon's Data Breach Investigations Report (DBIR) …
John Leyden, 10 Apr 2018

Biting the hand that feeds IT © 1998–2018