Subscribe: The Register - Security
Added By: Feedage Forager Feedage Grade A rated
Language: English
bug  customers  data  hackers  investigatory powers  malware  patch  powers act  powers  security  state  vulnerability     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2016, Situation Publishing

Hackers actively stealing Wi-Fi keys from vulnerable routers

Tue, 06 Dec 2016 13:26:08 GMT

Still using the password from the back of the router? Oops!

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys.…

Own goal for Scottish Football Association as fans sent phishy emails

Tue, 06 Dec 2016 11:32:09 GMT

Body in lochdown after 'breach at third-party supplier'

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach.…

Sony kills off secret backdoor in 80 internet-connected CCTV models

Tue, 06 Dec 2016 11:00:12 GMT

Magic 'secret key' HTTP request opens up admin control

Sony has killed off what, charitably, looks like a debug backdoor in 80 of its web-connected surveillance cameras that can be exploited to hijack the devices.…

The Investigatory Powers Act allows the State to tell lies in court

Tue, 06 Dec 2016 09:00:07 GMT

Enshrining parallel construction in English law

Analysis The freshly passed Investigatory Powers Act, better known as the Snoopers' Charter, is a dog's dinner of a law. It gives virtually unrestricted powers not only to State spy organisations but also to the police and a host of other government agencies.…

Facebook, Microsoft, Twitter and YouTube team to ID terror content

Tue, 06 Dec 2016 08:29:14 GMT

Hash-sharing pact will help them ID violent extremism you see it

Facebook, Microsoft, Twitter and YouTube have teamed up to share their expertise spotting terrorism-related content, in order to crimp its spread.…

In the three years since IETF said pervasive monitoring is an attack, what's changed?

Tue, 06 Dec 2016 08:02:10 GMT

IETF Security director Stephen Farrell offers a report card on evolving defences

FEATURE After three years of work on making the Internet more secure, the Internet Engineering Task Force (IETF) still faces bottlenecks: ordinary peoples' perception of risk, sysadmins worried about how to manage encrypted networks, and – more even than state snooping – an advertising-heavy 'net business model that relies on collecting as much information as possible.…

Standards body warned SMS 2FA is insecure and nobody listened

Tue, 06 Dec 2016 07:02:07 GMT

Duo Security says NIST's advice to deprecate out-of-band passwords has been ignored

The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security.…

Printer security is so bad HP Inc will sell you services to fix it

Tue, 06 Dec 2016 05:00:08 GMT

Finally, FINALLY, someone is turning off Telnet and FTP

Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem.…

Arista CloudVision Portal bug revealed, plus evidence it's been used

Tue, 06 Dec 2016 03:56:10 GMT

You know the drill: face-palm, download, patch, grumble about state of security, relax

Arista customers: if you're running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned.…

1.4bn records from HaveIBeenPwned offered for your analytical pleasure

Tue, 06 Dec 2016 02:44:13 GMT

Troy Hunt's Christmas trove is a splendid gift for security and data nerds

Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his “HaveIBeenPwned” data set for other security researchers to analyse.…

CloudFlare warns of another massive botnet, er, flaring up

Mon, 05 Dec 2016 22:41:39 GMT

DDoS attacks on the horizon as White House cybersecurity report issues recommendations

CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast.…

Yorkshire cyber security biz ECSC Group to debut on AIM exchange

Mon, 05 Dec 2016 14:03:37 GMT

These breaches ain't bad for business...

Bradford-based cyber security consultancy ECSC Group is set to float on the AIM stock exchange on December 14.…

Guessing valid credit card numbers in six seconds? Priceless

Mon, 05 Dec 2016 08:02:06 GMT

Brit researchers find a way to figure out VISA card numbers just by going shopping

Fraudsters can guess credit card numbers in as little as six seconds per attempt thanks to security gaps in Visa's network, academics say.…

IoT camera crew Titathink tells Reg it'll patch GET bug in a week

Mon, 05 Dec 2016 05:03:11 GMT

Apologises for 'serious mistake' in older kit, says latest things are secure

Titathink has become the second vendor to respond to the modified firmware that exposed a variety of surveillance cameras to a malicious URL attack.…

'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Sat, 03 Dec 2016 01:27:23 GMT

Texas pastor and spouse sue automaker, sales boss cuffed

A Texas couple is suing Toyota and one of its car dealerships after one of its staff allegedly stole saucy snaps off their cellphone and emailed them to a swingers website.…

Russia accuses hostile foreign powers of plot to undermine its banks

Fri, 02 Dec 2016 16:31:25 GMT

Let's get ready to rouble

Russia has accused unnamed foreign spies of launching a concerted effort to undermine its domestic banking system.…

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Fri, 02 Dec 2016 12:19:08 GMT

Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so.…

Microsoft's 'Samaritan' refuses help to hackers doing Win 10 recon

Fri, 02 Dec 2016 08:27:07 GMT

'SAMRi10' script hides the creds hackers crave, making box-to-box jumps harder

Microsoft hacker Itai Grady has created a tool to help prevent blackhat scouts from stealing Windows credentials, an effort the firm hopes will make network compromises harder to achieve.…

Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

Fri, 02 Dec 2016 04:58:13 GMT

What would happen if someone sticks this USBBQ into an airplane seat socket?

VIDS Hackers are destroying everything from the latest gaming systems, phones, and even cars with a dangerous circuit-frying USB device that could put critical systems at risk.…

Shamoon malware returns to again wipe Saudi-owned computers

Fri, 02 Dec 2016 01:58:12 GMT

Iran suspected as likely source of re-vamped nastyware

Thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations have been wiped by the Shamoon malware after it resurfaced some four years after wiping thousands of Saudi Aramco workstations.…

Online criminals iced as cops bury malware-spewing Avalanche

Thu, 01 Dec 2016 23:57:11 GMT

Four-year op by US and EU culminates in arrests, server seizures

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years.…

Europol cop took terror dossier home, flashed it to the web accidentally

Thu, 01 Dec 2016 19:37:34 GMT

Europe's FBI sheds light on security bungle

An investigator at Europe's FBI Europol took home a USB stick packed with terror probe documents and accidentally spilled the files on the internet.…

Hull surfers cut off by router attack

Thu, 01 Dec 2016 15:01:10 GMT

Routers scooted, says KCOM

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack.…

RAF Club members emailed fake invoices. Has it been hacked?

Thu, 01 Dec 2016 14:33:05 GMT

Military personnel's social centre scratches its head

The Royal Air Force Club appears to have been the victim of a hack, following members being sent fake invoices for staying at the club's London HQ.…

Clients say they'll take their money and run if service hacked – poll

Thu, 01 Dec 2016 10:57:11 GMT

Data breaches could cost firms business, Brits tell survey

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked.…

Fatal flaws in ten pacemakers make for Denial of Life attacks

Thu, 01 Dec 2016 06:02:14 GMT

Brit/Belgian research team decipher signals and devise wounding wireless attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.…

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Thu, 01 Dec 2016 05:00:01 GMT

Don't panic, because this one's a bit esoteric. Do feel free to face-palm anyway

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates.…

UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

Thu, 01 Dec 2016 03:01:06 GMT

IoT vendor in prompt, polite, sensible, security shocker

IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability.…

Google's Project Zero tweaking Microsoft, because it did fix a bug

Thu, 01 Dec 2016 02:03:04 GMT

Redmond said it wouldn't fix a flaw, then did it on the sly

For once, a Google Project Zero bug report to Microsoft has resulted in a fix without a public spat. Indeed, this fix happened without any public announcement at all.…

Wow. What a shock. The FBI will get its bonus hacking powers after all

Wed, 30 Nov 2016 23:04:55 GMT

Rule 41 makes life easier for Feds, cops to target Tor, VPN users, and malware victims

Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle.…

Android-rooting Gooligan malware infects 1 million devices

Wed, 30 Nov 2016 16:21:29 GMT

At an estimated rate of 13,000 smartphones a day

A new strain of Android malware is infecting an estimated 13,000 devices per day.…

UCL snags head of Europol for a seminar on privacy

Wed, 30 Nov 2016 12:39:21 GMT

Debates ahoy in late January

The head of Europol will be contributing to a seminar at UCL on "the state of the current privacy landscape", which will run in January.…

UK cops spot webcam 'sextortion' plots: How vics can hit stop

Wed, 30 Nov 2016 11:56:06 GMT

Don't panic, don't pay

The NCA has said that "at least four young men have taken their own lives" after being targeted by financially motivated webcam blackmailers, while UK police forces are sharing stats and tips in a campaign to combat the rising problem.…

UK National Lottery data breach: Fingers crossed – it might not be you

Wed, 30 Nov 2016 11:16:12 GMT

No card data but possibly other personal stuff

Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts.…

'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee

Wed, 30 Nov 2016 10:03:13 GMT

Links to supermarket's systems may have exposed vulnerability

A former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket.…

Speaking in Tech: The limitations of Android's crypto

Wed, 30 Nov 2016 09:24:12 GMT

Podcast Podcast Idol winners rap about Apple, Google DeepMind and more

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Wed, 30 Nov 2016 07:04:05 GMT

How far will it go? You'll have to ask the Home Secretary

Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.…

PayPal proffers patch for OAuth app hack hole

Wed, 30 Nov 2016 05:32:04 GMT

Payment giant takes second look at bad bugs.

Paypal has patched a phishing vulnerability that could allow attackers to steal any OAuth token for its payment apps and gain access to accounts.…

GET pwned: Web CCTV cams can be hijacked by single HTTP request

Wed, 30 Nov 2016 02:27:46 GMT

Server buffer overflow equals remote control

An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves devices wide open to hijacking, it is claimed.…

Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

Wed, 30 Nov 2016 01:33:19 GMT

JavaScript smuggles malicious payload into PCs

Updated Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.…

Another Canadian uni hit by ransomware, students told to keep Windows PCs away

Tue, 29 Nov 2016 23:31:58 GMT

Network crippled by extortion software nasty

Carleton University in Ontario, Canada, has confirmed it has been hit by a ransomware infection that crippled some of the Windows machines on its main campus.…

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Tue, 29 Nov 2016 13:27:09 GMT

Secunia report on treadmill of security software pain

Flaws in security products are among the most commonly encountered desktop software vulnerabilities, according to a new study.…

Investigatory Powers Act signed into UK law by Queen

Tue, 29 Nov 2016 12:45:11 GMT

Your homes may be your castles, but your browsing histories belong to

IPBill Queen Elizabeth II today signs off on Parliament's Investigatory Powers Act, officially making it law in the UK.…

Bletchley Park Trust vows to shore up insecure website

Tue, 29 Nov 2016 11:34:10 GMT

Security boffin blasts caretakers of Alan Turing's legacy

The Bletchley Park Trust has promised that a website revamp due in January will address security concerns highlighted by a security expert on Sunday.…

R3 four flew: What's driving banks to flee blockchain consortium?

Tue, 29 Nov 2016 10:39:12 GMT

Too big to fail or too big to work?

Analysis The value of distributed ledgers and blockchain tech to the financial sector has again come under the spotlight following the departure of several entities from prominent blockchain consortium R3: namely Goldman Sachs, Santander, Morgan Stanley and the National Australian Bank.…

A Rowhammer ban-hammer for all, and it's all in software

Tue, 29 Nov 2016 06:52:07 GMT

Sorry to go all MC Hammer on you, but boffins tell bit-flippers 'you can't touch this'

A group of German researchers reckon they've cracked a pretty hard nut indeed: how to protect all x86 architectures from the “Rowhammer” memory bug.…

Hackers crack Liechtenstein banks, demand ransoms

Tue, 29 Nov 2016 05:02:08 GMT

Tiny country creates yuuge problems as crims threaten to expose 'tax evasion'

Hackers have days ago breached a Liechtenstein bank and are allegedly blackmailing customers by threatening to release their account data if ransoms are not paid.…

Cisco stre...tches vulnerability disclosure timeline out to 90 days

Tue, 29 Nov 2016 02:57:04 GMT

Big vendors patch bugs nearly as quick as open source coders

Cisco's decided it's going to give 90 days' grace on vulnerability disclosures, to let (mostly) commercial vendors catch up with their bug-fixes.…

Netflix and spill: Web vid giant kills password masking in tests

Tue, 29 Nov 2016 01:58:06 GMT

Now your date will know your passphrase is hunter2

Netflix is testing a new feature that, for some subscribers, shows their passwords in plain text as they are typed in – and potentially when folks revisit the site.…

Inside Android's source code... // TODO – Finish file encryption later

Tue, 29 Nov 2016 01:28:04 GMT

Android 7.0's crypto sauce is 'half-baked' and Google promises to make it better, soon

Looking at the storage encryption Google has implemented in Android Nougat (7.0) through the metaphor of the glass that's either half full or half empty, cryptography expert Matthew Green sees Google's glass as all but drained.…