Articles about security research

Worker welds at manufacturing plant. Phto by Shutterstock

Industrial plant robots frequently connected to the 'net without authentication

Industrial robots are frequently exposed to the internet, creating a security risk in the process, according to new research from Trend Micro. Of the 83,000 robots researchers found exposed to the public internet, 5,000 had no authentication in place to guard against possible hack attacks. A report by security researchers at …
John Leyden, 4 May 2017

Super-secure Pi-stuffed nomx email server box given a good probing

Updated Security researchers claim to have uncovered a variety of serious security holes in a heavily touted secure email server technology. Nomx, the firm behind the device, strongly disputes the claims and has challenged researchers to a hacking challenge, involving the creation of an email account on a designated remotely hosted nomx …
John Leyden, 27 Apr 2017

Telepresence robot 'hackable' – security researchers

The IoT has thrown up a fresh set of vulnerabilities, this time in a telepresence robot from Double Robotics. Double Robotics Telepresence Robot offers a mobile conferencing device that allows the remote user to roam around an office for "face-to-face" conversations. Security researchers at Rapid7 disclosed multiple …
John Leyden, 13 Mar 2017
shelf filled with many sizes of pink panther dolls

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …
John Leyden, 27 May 2016

Half of UK financial institutions vulnerable to well-known crypto flaws

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research. An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found …
John Leyden, 5 Jan 2016

How to evade Apple's anti-malware Gatekeeper in OS X and really ruin a fanboy's week

The myth that Macs are inherently more secure than Windows PCs has taken another hit. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, has found a new route around Apple's defensive Gatekeeper technology. Apple's Gatekeeper utility is built into OS X, and is …
John Leyden, 1 Oct 2015

Row rumbles on over figures in Oracle CSO’s anti-security rant

Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there. Davidson's 3,000+ word diatribe against bug bounties, security researchers or customers hunting vulnerabilities in …
John Leyden, 18 Aug 2015
Tesla's big saloon out-performs sports cars

Popping the Tesla S bonnet – to reveal SIX NEW FLAWS

Security researchers have uncovered six fresh vulnerabilities with the Tesla S. Kevin Mahaffey, CTO of mobile security firm Lookout, and Cloudflare’s principal security researcher Marc Rogers, discovered the flaws after physically examining a vehicle before working with Elon Musk’s firm to resolve security bugs in the electric …
John Leyden, 6 Aug 2015

Remember Impero, the school software biz that went ape over a vuln? Someone's got revenge

Video Nottinghamshire-based software biz Impero has a lot of recycling to do – after hacker-turned-security-researcher Cal Leeming delivered over 9,000 paper copies of a vulnerability to the company's headquarters as a protest. Youtube Video A few weeks ago, Impero hit the headlines when it threatened to sue someone called …
Iain Thomson, 5 Aug 2015
You seen him? Hasidim

How to quietly slurp sensitive data wirelessly from an air-gapped PC

Israeli academics have demonstrated how feature-phones can use GSM radio frequencies to wirelessly siphon data from infected "air-gapped" computers. Air-gapped computers are those kept physically isolated from other networks as a safeguard against hacking. The work by researchers at the Ben-Gurion University of the Negev (BGU …
John Leyden, 29 Jul 2015
ganesha_648

Israeli firm gets legal on Indian techie over ISP ad injection spat

Update An Indian security blogger was hit with a gagging order by an Israeli firm after he linked its technology to a sneaky ad injection by his ISP. Thejesh GN, an activist and programmer, got into legal hot water after he alleged that Airtel 3G was injecting JavaScript and iFrames into mobile browsing sessions. This JavaScript …
John Leyden, 10 Jun 2015
USB tampon

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

The seriousness of a USB security weakness, which could potentially allow hackers to reprogram USB drives, has been ratcheted up a notch, with the release of prototype code. Researchers Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, demonstrated how it might be possible to reprogram the firmware within …
John Leyden, 3 Oct 2014
Printed key

New design flaw found in crypto's TLS: Pretend to be a victim online

Security researchers have developed a new man-in-the-middle attack against the cryptographic protocol TLS – a protocol that is used to encrypt online banking and shopping, and other sensitive connections, to thwart eavesdroppers. The so-called Triple Handshake attack can, in certain conditions, outwit vital checks carried out …
John Leyden, 5 Mar 2014
2001: A Space Odyssey

Macbook webcams CAN spy on you - and you simply CAN'T TELL

Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated. Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen …
John Leyden, 19 Dec 2013

Google to award bounties for fixing non-Google open source code

Google is expanding its bug bounty program to include awards for patches that make material security improvements to open source software - even when the software isn't directly maintained by Google itself. The Chocolate Factory has been rewarding developers for security fixes to its own software since 2010, when it kicked off …
Neil McAllister, 10 Oct 2013
The Register breaking news

MIT crypto pioneers scoop Turing Award

Two professors from MIT have won the Turing Award for their pioneering cryptography work. Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT and a professor at Israel's Weizmann Institute of Science, and Silvio Micali, the MIT Ford Professor of Engineering, secured the award for " …
John Leyden, 15 Mar 2013
The Register breaking news

Samsung's smart TVs 'wide open' to exploits

Samsung's Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers. Malta-based security start-up ReVuln claims to have discovered a zero-day vulnerability affecting Smart TV, in particularly a Samsung TV LED 3D. Smart TV can be used to browse the internet, use social …
John Leyden, 12 Dec 2012
The Register breaking news

Oracle slaps surprise patch over database server hole

Oracle has broken its regular quarterly patch update cycle with a fix for a security flaw publicised at last month's Black Hat conference. The vulnerability in Oracle's database server was demonstrated by David Litchfield, the celebrated white-hat hacker Brit. Oracle released a security update for server versions 11.2.x soon …
John Leyden, 15 Aug 2012

Create a news alert about security research, or find more stories about security research.

Biting the hand that feeds IT © 1998–2018