Lauri Love, the Brit who beat US attempts to extradite him over accusations of hacking, is suing Blighty's National Crime Agency (NCA) to get back computing gear seized in 2013 as part of the case against him. More than five years ago, Love was indicted across the pond over allegations he hacked thousands of PCs in America and …

London cops' use of facial recognition tech last week resulted in only one person being charged, while another was handed a £90 on-the-spot fine after trying to avoid the cams. Zero arrests, 2 correct matches, no criminals: London cops' facial recog tech slammed READ MORE The Metropolitan Police is in the midst of what it is …

AnalysisHunting for exploitable security bugs in software is not an easy way to make a living, and vulnerability researchers say vendors who don't pay out for reports are making life even harder while putting their own products at risk. Such was the case with João Figueiredo, a researcher in Brazil who tracked down and reported remote …

During its incessant web crawling, Google's search engine constantly encounters credentials dumped by hackers or left exposed by the careless. And because it can, the ad confectionery copies and encrypts these spilled usernames and passwords. Armed with this info, the Chocolate Factory directed its software engineers, in …

PromoAs cyber attackers evolve their techniques, businesses are exposed to a relentless stream of worrying data security breaches. The latest big one hit hotel group Marriott International in November 2018, and may have led to the personal information of up to 500 million guests being compromised. Marriott revealed that an …

Security biz Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux. The infosec outfit tasked its bug-hunters with a manual code audit on Microsoft mstsc as well as the FreeRDP and rdesktop remote desktop utilities, and what they turned up …

Bletchley Park's National Museum of Computing will be exhibiting original, freshly discovered decrypted WWII messages to coincide with the 75th anniversary of D-Day this June – messages that were broken by the Colossus machines based on the museum's site. The decrypts are due to be put on display in The National Museum of …

Rogelio Vasquez, the owner of California-based PRB Logics Corporation, has pleaded guilty to selling fake branded semiconductor chips from China, some of which made their way into US military systems. The 44-year-old resident of Orange County, Cali, accepted four charges in a thirty-count indictment: one count of trafficking …

UpdatedDating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission. The phone application, installed more than 110,000 times on Android devices and also available for iOS, lets primarily gay and bi …

A computer engineering professor has an interesting idea for how to handle the public disclosure of serious vulnerabilities: don't. Professor Gus Uht, engineering professor-in-residence at the University of Rhode Island, USA, argues that everyone would be safer if those who discover serious vulnerabilities refrain from …

A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable. Before attempting to guess which app has yet to be patched, consider that Apache OpenOffice for years has struggled attract more contributors. And though the number …

The European Commission has ordered the recall of a smartwatch aimed at kids that allows miscreants to pinpoint the wearer's location, posing a potentially "serious risk". The commission uses its Rapid Alert System for Non-Food products (Rapex) to send out alerts to other nations in the European Economic Area about dangerous …

RoundupThis was the week we saw GPS grumbles, shady speakers, and Yahoo! Losing! Again! While all that was happening, a few other bits of news that hit our screens... DuckDuck D'oh! Drama in search engine land this week as Google-alternative DuckDuckGo disclosed a potentially nasty flaw in its server-side software. Bug-hunter …

A manufacturer of child-tracking smartwatches was under fire this week following the discovery of a second major security lapse in its technology in as many years. Back in late 2017, Gator-branded wearables were among various kid-monitoring gizmos raked over the coals by Norwegian researchers who found the devices were trivial …

ExclusiveMobile operator Three UK's website was showing visitors other customers' names, postal addresses, phone numbers, email addresses and more – all without asking for a login. Alarmed Reg reader Chris immediately tweeted at Three to ask what on Earth was going on, querying why Three's site was displaying different people's data to …

Police employees who make typos in warrants to use Snooper’s Charter spy powers are still getting innocent people arrested, the Investigatory Powers Commissioner’s delayed annual report has revealed. Of the 18 “error investigations” carried out by the Investigatory Powers Commissioner’s Office (IPCO) into the misuse of legal …

Home improvement website Houzz has urged users to reset their passwords after an "unauthorised third party" made off with a file containing customer data. The Californian biz, founded in 2009 and valued at almost $4bn in 2017, is a bartering marketplace and, er, ideas platform for interior designers, architects, traders and …

Project Alias is a homebrew gizmo that aims to deafen Alexa and Google Home until a user is good and ready for the creepy little cylinders to pay attention. By following an Instructable from Amsterdam-based Bjørn Karmann and Tore Knudsen, those confident with a soldering iron can build their own kit using a Raspberry Pi A+ and …

AnalysisAfter briefly punishing Facebook and Google for violating the rules of its enterprise developer program, Apple has relented. Cupertino is in the process of restoring the digital certificates used by Facebook and Google to sign and distribute in-house iOS apps internally to employees, after revoking them within the past 24 hours …

Car servicing chain Kwik-Fit has suffered a malware attack that has caused delays in customers' car repairs. The company initially would only confess to El Reg that it had been infected by an unspecified "virus" in its "IT network" over the weekend, and the BBC later reported "malware" was to blame. Kwik-Fit told us: "We …

A Texas lawyer is suing Apple over its FaceTime eavesdropping bug, claiming it allowed someone to overhear a meeting with a client. Larry Williams II filed the case in Harris County, Houston, following revelations that it was possible for callers to listen in to the mic on a person's phone or Mac before that person accepted or …

CommentAirbus has admitted that a "cyber incident" resulted in unidentified people getting their hands on "professional contact and IT identification details" of some Europe-based employees. The company said in a brief statement published late last night that the breach is "being thoroughly investigated by Airbus' experts". The …

A newly uncovered spyware-slinging operation appears to have been targeting foreign diplomats in Iran for more than three years. Researchers at Kaspersky Lab said this week that a new build of the Remexi software nasty, first seen in 2015, has been spotted lurking on multiple machines within Iran, mostly those located within …

Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in …

AnalysisUncle Sam has infiltrated and somewhat knackered what it claims is a North Korea-operated botnet of hijacked Microsoft Windows computers. US prosecutors reckon Park Jin Hyok – a suspected Sony Pictures and WannaCry hacker living in Kim Jong Un's hermit nation – built and managed the Joanap botnet, a globe-spanning network of …

Facebook has yet again vowed to "do better" after it was caught secretly bypassing Apple's privacy rules to pay adults and teenagers to install a data-slurping iOS app on their phones. The increasingly worthless promises of the social media giant have fallen on deaf ears however: on Wednesday, Apple revoked the company's …

Attacks intended to sway the outcome of the 2020 US Presidential election are probably already underway, according to the nation's head of intelligence. Daniel Coats, Director of National Intelligence, told the the US Senate Intelligence Committee on Tuesday that China, Russia, and Iran are most likely already well into their …

A US judge has given the go-ahead for a set of consolidated lawsuits against credit agency Equifax regarding its 2017 mega-hack. In a series of orders handed down in a Georgia federal district court on Monday, the evocatively named Judge Thomas Thrash Jr said that legal challenges from payment card issuers and ordinary …

A US court has nixed Yahoo!'s attempt to settle a class-action lawsuit over the 2013 megahack, saying it's fatally flawed. Judge Lucy Koh of the California Northern District in San Jose ruled [PDF] that a settlement proposed in October of 2018 was not acceptable, particularly in regards to the share of attorney fees and the …

Academics and grey-hat bug-hunters are a lot more alike than they care to admit. This is according to Anita Nikolich, a computer science fellow with the Illinois Institute of Technology and former cybersecurity head at the National Science Foundation in the US. The problem, he said, is a gulf between the academic world of …

The government of Singapore is once again apologising for a serious breach of citizens' privacy: this time, the personal details of 14,200 individuals who tested positive for HIV, and 2,400 of their contacts, have been published online. The country's Ministry of Health (MoH) said it had been aware since 2016 that one Mikhy …

The Mozilla Foundation has announced its intent to reduce the ability of websites and other online services to track users of its Firefox browser around the internet. At this stage, Moz's actions are baby steps. In support of its decision in late 2018 to reduce the amount of tracking it permits, the organisation has now …

Long read“How do you eat an elephant? Nibble at it, nibble at it, a lot of little bites.” That was how Special Agent Jared Der-Yeghiayan infiltrated notorious dark web market the Silk Road and helped unmask site operator Dread Pirate Roberts, aka Ross Ulbricht. Der-Yeghiayan told an enthralled audience at France's FIC2019 infosec …

Monday, January 28, was Data Privacy Day and you won't get another for a year. If you missed it, you didn't miss much. It was a day like any other day, without meaningful privacy except for those offline and unobserved by the global surveillance panopticon. The non-profit National Cybersecurity Alliance marked the occasion, …

Usenix EngimaProtecting students' privacy – from securing their personal information to safeguarding their schoolwork – is a challenge for schools and software developers, apparently. Alex Smolen, engineering manager for infrastructure and security at school management software maker Clever, told the 2019 Usenix Enigma conference in San …

UpdatedYou might want to disable FaceTime on your iPhone, iPad, or Mac until Apple patches this bonkers bug. Folks have confirmed it is possible to call someone via FaceTime, and secretly listen in on their iThing or Mac's microphone before they accept or reject a call. It's a handy, creepy way to find out what someone's up to before …