To mark and track 3D printed objects, boffins propose injecting them with air. Air itself isn't as well suited for expression as ink, but imprisoned in a stable medium like plastic, it can be arranged to convey data. In a recently published research paper, "AirCode: Unobtrusive Physical Tags for Digital Fabrication," Columbia …

Oracle's emitted its quarterly patch dump. As usual it's a whopper, with 308 security fixes to consider. Oracle uses the ten-point Common Vulnerability Scoring System Version 3.0, on which critical bugs score 9.0 or above. The Register counts 30 such bugs in this release. Not all can be laid at Oracle's door. For example, a …

Stung by phishing attacks aimed at G Suite users earlier this year, Google has armored its cloud with extra security layers. Following recent defenses against the dark arts – security key enforcement, app name vetting, and OAuth whitelisting – the Chocolate Factory has designed some interface signage to warn G Suite users not …

The FBI issued a warning Monday advising parents to carefully check internet-connected toys for possible privacy and security concerns. In this startling alert, the Feds gave America's families the grim news: many toys sporting cloud-backed features such as speech recognition or online content hosting "could put the privacy …

Myspace's account recovery process is hopelessly flawed, according to a security researcher. Positive Technologies' Leigh-Anne Galloway stumbled on the issue in the process of attempting to gain access and delete her account back in April. "I discovered a business process so flawed it deserves its own place in history," she …

Dating site for cheaters Ashley Madison has thrown US$11.2 million on the bed to make its 2015 data leak go away. The site, which used the slogan “Life is short, have an affair”, was infamously hacked in 2015, lost millions of users' records, prompting a denial from Conservative MP listed in the trove and prompting face-palms- …

Border searches of US citizens' mobile devices do not extend to data stored solely on remote servers, according to Kevin McAleenan, Acting Commissioner of the US Customs and Border Protection Agency. McAleenan offered this clarification in a June 20, 2017 letter, obtained by NBC News this week, sent in response to an inquiry …

A vulnerability hidden in Kerberos code for more than 20 years met its end in patches issued this week by Microsoft and several Linux vendors. Having found the flaw three months ago in Heimdal, an open-source implementation of Kerberos, Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from Two …

More than 750 domain names were hijacked through the internet's own systems, registrar Gandi has admitted. Late last week, an unknown individual managed to get hold of the company's login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se …

The community-driven organization overseeing Bitcoin on Wednesday warned that any Bitcoins received after Monday, July 31, 2017 at GMT-0700 may vanish into thin air or be rejected as invalid. Bitcoin.org said that at the end of the month, Bitcoin confirmation scores – a number that represents the difficulty of altering the …

The phone sleuths at XDA-Developers have unearthed a handy undocumented feature in the latest version of Android. Phones running Nougat 7.1.1 are able to invoke a "panic button" by pressing the back key four times. It's in the AOSP source code for the Android Window Manager. Panic mode returns the user to the home screen, …

A vendor collective pushing Internet of Things standardisation for commercial buildings has published its first set of specifications, and wonder-of-wonders the specs include security. In evidence that the world's fast running out of tortured names that don't sound stupid in English or funny/obscene in other languages, the …

Juniper Networks has released 22 patches and security notices. To be fair on the Gin Palace, not all of them are self-inflicted: some are catch-ups on patches from open source libraries. These include patches for ISC BIND, the GD graphics library libgd, the NTP (network time protocol) daemon, RPD (the routing protocol daemon …

Kaspersky Lab is facing new restrictions from the US government to go along with a fresh round of accusations that the antivirus makers works closely with Russian intelligence. The US General Services Administration (GSA), the agency that handles government IT purchases and subscriptions, has removed the Russian software …

Computer security biz Preempt warned last October that Microsoft NT LAN Manager (NTLM) should be avoided. On Tuesday, it plans to support its assessment by going public with details of two vulnerabilities. NTLM is an old authentication protocol. Though it was replaced by Kerberos in Windows 2000, Microsoft has not removed the …

Concerns have been raised over a British judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information. The Register has seen evidence that the judge in question used two personal accounts to send out a draft ruling and final ruling: one using a domain …

Sir Tim Berners-Lee, inventor of the world wide web, director of the web standards trendsetter W3C, and Knight Commander, Order of the British Empire, has given his blessing to anti-piracy locks on web content. Traditionally, web technology has been open. HTML markup, CSS, and JavaScript code can be viewed (though not …

Let's Encrypt plans to begin offering free wildcard certificates in January 2018, a move likely to make web security easier and a bit less costly for many organizations. Announced in 2014 as an effort to enhance and accelerate online security, the public benefit certificate authority (CA) has been issuing free X.509 (TLS/SSL) …