Articles about security

Sad-sack Anon calling himself 'Mr Cunnilingus' online is busted for DDoSing ex-bosses

An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon. From July 2015 through around March 2017, according to a plea agreement, John Kelsey Gammell, of New Mexico …
Thomas Claburn, 18 Jan 2018

Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter

Ethical hacking to find security flaws appears to pay better, albeit less regularly, than general software engineering. And while payment remains one of the top rationales for breaking code, hackers have begun citing more civic-minded reasons for their activities. A survey of 1,700 bug bounty hunters from more than 195 …
Thomas Claburn, 17 Jan 2018
enigma sedova

Wanna motivate staff to be more secure? Don't bother bribing 'em

Usenix Enigma It's frustrating getting users to keep information and systems secure on a daily basis. However, don't try any smart gimmicks – particularly offering wedges of cash or other prizes for good behavior. It doesn't work. Quite the opposite, it can make things worse. Paying out a bonus to those who make few or zero security …
Iain Thomson, 17 Jan 2018

Lenovo inherited a switch authentication bypass – from Nortel

Lenovo has patched an ancient vulnerability in switches that it acquired along with IBM's hardware businesses and which Big Blue itself acquired when it slurped parts of Nortel. The bug, which Lenovo refers to as “HP backdoor”, for reasons it has not explained, has been in present in ENOS (Enterprise network operating system) …

UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

The government has moved to allay fears over amendments to the Data Protection Bill that critics say could undermine both the law and the powers of the UK’s privacy watchdog. The changes, for a Framework for Data Processing for Government, were quietly inserted at the Bill’s final committee stage in November – but soon faced a …
Rebecca Hill, 15 Jan 2018

Intel puts security on the todo list, Tavis topples torrent tool, and more

Roundup The security world is still feeling the aftereffects of last week's CPU design flaw disclosures, which continued to dominate the news this week, even amid the noisy CES jamboree in Las Vegas. The Meltdown-slash-Spectre saga, broken by The Register last week, is still causing major headaches, not least for Intel. On Friday, …
Iain Thomson, 13 Jan 2018

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

Let's Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it's insecure in the context of many shared hosting providers. TLS-SNI is …
Thomas Claburn, 13 Jan 2018
malware_security_648

Feds may have to explain knowledge of security holes – if draft law comes into play

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities. The "Cyber Vulnerability Disclosure Reporting Act," sponsored by Rep Sheila Jackson Lee (D-TX), …
Thomas Claburn, 13 Jan 2018

Stop us if you've heard this one: Apple's password protection in macOS can be thwarted

It just works. For anyone. An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system's password protections. This time, a vulnerable dialog box was found in the System Preferences panel for the App Store settings. The bug …
Shaun Nichols, 10 Jan 2018
Wi-fi symbol made out of clouds. Photo by Shutterstock

With WPA3, Wi-Fi will be secure this time, really, wireless bods promise

Wi-Fi security should become a bit less laughable with the pending introduction of the WPA3 protocol this year. In conjunction with this week's commencement of CES – letters that once stood for Consumer Electronics Show and now come meaning-free – the Wi-Fi Alliance on Monday heralded the arrival of WPA3 as the successor to …

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

Analysis Having shot itself in the foot by prioritizing processor speed over security, the chip industry's fix involves doing the same to customers. The patches being put in place to address the Meltdown and Spectre bugs that affect most modern CPUs were supposed be airy little things of no consequence. Instead, for some unlucky people …

VTech hack fallout: What is a kid's privacy worth? About 22 cents – FTC

The US Federal Trade Commission (FTC) today agreed to a settlement deal with a children's electronic toymaker it had accused of collecting kids' personal information and then failing to properly secure that data. The government watchdog said VTech will pay $650,000 and agree to a set of privacy and security requirements in …
Shaun Nichols, 8 Jan 2018
Conservative Party Facebook

Your connection is not Brexit... we mean private: UK Tory party lets security cert expire

Another day, another embarrassing gaffe for the Tories. This time it seems someone forgot to renew the UK Conservative Party's website's security certificate. "Your connection is not private. Attackers might be trying to steal your information from www.conservatives.com (for example, passwords, messages or credit cards)," web …
Kat Hall, 8 Jan 2018
Drowning in a smartphone

Smartphones' security enhancements just make them more dangerous

Over the holidays I bought Apple’s newest, shiniest face scanner. For the first fortnight - and periodically since then, that constant lift-and-scan felt weird. As though my smartphone had suddenly become too intimate, too familiar. This is hardly the thin end of the wedge. It started with passcodes - which many people didn’t …
Mark Pesce, 8 Jan 2018
Charlie Chaplin Modern Times

Net boffins brew poison for BGP hijacks

The Border Gateway Protocol (BGP) is one of the Internet's basic pieces of plumbing technologies, but it's also so old it was designed before the security needs of a multi-billion-user network were understood. In particular, BGP is notorious for allowing sysadmins to “black-hole” huge swathes of traffic either by fat-fingering …
AMD bloodbath

Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches

Cfir Cohen, a security researcher from Google's cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD's Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets. This sounds bad. It's not as …
screenshot of coffee miner code

How to hack Wi-Fi for fun and imprisonment with crypto-mining inject

Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash. Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in …

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Analysis Intel has borne the brunt of the damage from the revelation of two novel attack techniques, dubbed Meltdown and Spectre, that affect the majority of modern CPUs in various ways. The chipmaker's stock price is down, and it's being eyed for possible securities litigation, following reports CEO Brian Krzanich sold the bulk of his …

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018