Articles about security

AirCode image

Boffins back bubbles for better bonding with beautiful belongings

To mark and track 3D printed objects, boffins propose injecting them with air. Air itself isn't as well suited for expression as ink, but imprisoned in a stable medium like plastic, it can be arranged to convey data. In a recently published research paper, "AirCode: Unobtrusive Physical Tags for Digital Fabrication," Columbia …
Thomas Claburn, 21 Jul 2017
Oracle logo, image by GongTo via Shutterstock

Solaris, Java have vulns that let users run riot

Oracle's emitted its quarterly patch dump. As usual it's a whopper, with 308 security fixes to consider. Oracle uses the ten-point Common Vulnerability Scoring System Version 3.0, on which critical bugs score 9.0 or above. The Register counts 30 such bugs in this release. Not all can be laid at Oracle's door. For example, a …
Simon Sharwood, 19 Jul 2017
Google G Suite interface

Google G-Suite spotted erecting stiff member vetting tool

Stung by phishing attacks aimed at G Suite users earlier this year, Google has armored its cloud with extra security layers. Following recent defenses against the dark arts – security key enforcement, app name vetting, and OAuth whitelisting – the Chocolate Factory has designed some interface signage to warn G Suite users not …
Thomas Claburn, 18 Jul 2017
My Friend Cayla and i-Que robot

2017: The FBI alerts parents to dangers of Internet of Sh*t toys

The FBI issued a warning Monday advising parents to carefully check internet-connected toys for possible privacy and security concerns. In this startling alert, the Feds gave America's families the grim news: many toys sporting cloud-backed features such as speech recognition or online content hosting "could put the privacy …
Shaun Nichols, 17 Jul 2017
Myspace screengrab.  Editorial credit: thelefty / Shutterstock.com

Forgotten your Myspace password? Just a name, username, DoB will get you in – and into anyone else's, too

Myspace's account recovery process is hopelessly flawed, according to a security researcher. Positive Technologies' Leigh-Anne Galloway stumbled on the issue in the process of attempting to gain access and delete her account back in April. "I discovered a business process so flawed it deserves its own place in history," she …
John Leyden, 17 Jul 2017

Ashley Madison throws US$11.2m on the bed to mop up leak affair

Dating site for cheaters Ashley Madison has thrown US$11.2 million on the bed to make its 2015 data leak go away. The site, which used the slogan “Life is short, have an affair”, was infamously hacked in 2015, lost millions of users' records, prompting a denial from Conservative MP listed in the trove and prompting face-palms- …
Simon Sharwood, 17 Jul 2017
TSA gloves

US border cops search cloud accounts? Ha ha, nope, negative, no way, siree – Homeland Sec

Border searches of US citizens' mobile devices do not extend to data stored solely on remote servers, according to Kevin McAleenan, Acting Commissioner of the US Customs and Border Protection Agency. McAleenan offered this clarification in a June 20, 2017 letter, obtained by NBC News this week, sent in response to an inquiry …
Thomas Claburn, 14 Jul 2017

Kerberos bypass, login theft bug slain by Microsoft, Linux slingers

A vulnerability hidden in Kerberos code for more than 20 years met its end in patches issued this week by Microsoft and several Linux vendors. Having found the flaw three months ago in Heimdal, an open-source implementation of Kerberos, Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from Two …
Thomas Claburn, 13 Jul 2017

Another day, another mass domain hijacking

More than 750 domain names were hijacked through the internet's own systems, registrar Gandi has admitted. Late last week, an unknown individual managed to get hold of the company's login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se …
Kieren McCarthy, 13 Jul 2017

Don't panic, but your Bitcoins may just vanish into the ether next month

The community-driven organization overseeing Bitcoin on Wednesday warned that any Bitcoins received after Monday, July 31, 2017 at GMT-0700 may vanish into thin air or be rejected as invalid. Bitcoin.org said that at the end of the month, Bitcoin confirmation scores – a number that represents the difficulty of altering the …
Thomas Claburn, 13 Jul 2017

Sleuths unearth 'Panic Mode' in Android, set off by mashing back button

The phone sleuths at XDA-Developers have unearthed a handy undocumented feature in the latest version of Android. Phones running Nougat 7.1.1 are able to invoke a "panic button" by pressing the back key four times. It's in the AOSP source code for the Android Window Manager. Panic mode returns the user to the home screen, …
Andrew Orlowski, 13 Jul 2017

YASA* looks at turning commercial buildings into Internet things

A vendor collective pushing Internet of Things standardisation for commercial buildings has published its first set of specifications, and wonder-of-wonders the specs include security. In evidence that the world's fast running out of tortured names that don't sound stupid in English or funny/obscene in other languages, the …
Spraying bugs with insecticide

Juniper admins: Grab your bug-zappers and load 22 rounds

Juniper Networks has released 22 patches and security notices. To be fair on the Gin Palace, not all of them are self-inflicted: some are catch-ups on patches from open source libraries. These include patches for ISC BIND, the GD graphics library libgd, the NTP (network time protocol) daemon, RPD (the routing protocol daemon …

Uncle Sam says 'nyet' to Kaspersky amid fresh claims of Russian ties

Kaspersky Lab is facing new restrictions from the US government to go along with a fresh round of accusations that the antivirus makers works closely with Russian intelligence. The US General Services Administration (GSA), the agency that handles government IT purchases and subscriptions, has removed the Russian software …
Shaun Nichols, 11 Jul 2017
GHOST vulnerability

Ghost of NTLM still haunts Microsoft: Aged protocol hole patched

Computer security biz Preempt warned last October that Microsoft NT LAN Manager (NTLM) should be avoided. On Tuesday, it plans to support its assessment by going public with details of two vulnerabilities. NTLM is an old authentication protocol. Though it was replaced by Kerberos in Windows 2000, Microsoft has not removed the …
Thomas Claburn, 11 Jul 2017

Judge used personal email to send out details of sensitive case

Concerns have been raised over a British judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information. The Register has seen evidence that the judge in question used two personal accounts to send out a draft ruling and final ruling: one using a domain …
Kat Hall, 10 Jul 2017
Web browsers 2015

Web inventor Sir Tim sizes up handcuffs for his creation – and world has 2 weeks to appeal

Sir Tim Berners-Lee, inventor of the world wide web, director of the web standards trendsetter W3C, and Knight Commander, Order of the British Empire, has given his blessing to anti-piracy locks on web content. Traditionally, web technology has been open. HTML markup, CSS, and JavaScript code can be viewed (though not …
Let's Encrypt browser certificate

FREE wildcard HTTPS certs from Let's Encrypt for every Reg reader*

Let's Encrypt plans to begin offering free wildcard certificates in January 2018, a move likely to make web security easier and a bit less costly for many organizations. Announced in 2014 as an effort to enhance and accelerate online security, the public benefit certificate authority (CA) has been issuing free X.509 (TLS/SSL) …

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2017