Subscribe: The Register - Security: Enterprise Security
Added By: Feedage Forager Feedage Grade B rated
Language: English
breach  bug  data  google  infosec  linus torvalds  new  open  reg  security  software  told  web  week …  week  world     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Enterprise Security

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2017, Situation Publishing

Seek 'passion' and tech skills will follow, say recruiting security chiefs

Fri, 24 Nov 2017 13:29:13 GMT

Infosec staffing needs a shot in the arm

Plugging the infosec skills gap with expensive consultants or by trying to hire already skilled people won't fix recruitment headaches, Thom Langford, CISO at Publicis Groupe, insisted at the #IRISSCERT conference in Dublin this week.…

UK emergency crews get 4G smartmobes as monkeys attempt to emerge from Reg's butt

Fri, 24 Nov 2017 12:33:06 GMT

Samsung inks deal to give crews up to 250k handsets

The British emergency services are to be equipped with 4G phones thanks to a new handheld device contract with Samsung worth up to £210m.…

EU's data protection bods join the party to investigate Uber breach

Fri, 24 Nov 2017 12:03:04 GMT told to sever ties with 'grubby, unethical' company

The massive Uber data breach will be discussed by the European Union's data protection authorities next week.…

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

Fri, 24 Nov 2017 11:04:11 GMT

We never learn from incidents, says Europol security adviser

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.…

Linus Torvalds on security: 'Do no harm, don't break users'

Fri, 24 Nov 2017 08:02:17 GMT

Fixing for the sake of security alone means 'all your work was just masturbation'

Linus Torvalds has offered a lengthy explanation of his thoughts on security, in which he explained a calmer and more detailed version of his expletive-laden thoughts on the topic earlier this week.…

Firefox to warn users who visit p0wned sites

Fri, 24 Nov 2017 00:55:40 GMT

Do you really want to go there? And does Mozilla, which hasn't figured out how to do this and preserve security, privacy

Mozilla developer Nihanth Subramanya has revealed the organisation's Firefox browser will soon warn users if they visit sites that have experienced data breaches that led to user credential leaks.…

Royal Navy destroyer leaves Middle East due to propeller problems

Thu, 23 Nov 2017 16:22:10 GMT

For once it's not an engine breakdown

A Type 45 destroyer has been recalled to Britain with propeller problems, leaving the Royal Navy's traditional "east of Suez" deployment without proper warship cover.…

'Data is the new oil': F-Secure man on cartels, disinformation and IoT

Thu, 23 Nov 2017 15:53:08 GMT

An unlikely trio? Not according to Mikko Hypponen

Questions about cyber influence continue to cloud last year's US presidential elections and recently similar allegations have been levelled against the Brexit vote.…

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

Thu, 23 Nov 2017 07:02:15 GMT

And cross your fingers: 'TBD' is the scheduled date for hundreds of PC fixes

The world's top PC-makers have started to ship fixes for the multiple flaws in Intel's CPUs, but plenty won't land until 2018.…

Samba needs two patches, unless you're happy for SMB servers to dance for evildoers

Thu, 23 Nov 2017 06:01:10 GMT

Big Linux distros have pushed their fixes, but let's not assume everything auto-patches, OK?

It’s time to patch Samba again - or turn off SAMBA 1, which is never as easy as it sounds.…

Devs working to stop Go math error bugging crypto software

Thu, 23 Nov 2017 03:42:21 GMT

Programming language makes some fuzzy big numbers

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries.…

Permissionless data slurping: Why Google's latest bombshell matters

Wed, 22 Nov 2017 16:09:10 GMT

Are you in control?

Comment According to an old Chinese proverb: "When a wise man points at the Moon, an idiot looks at his finger." Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send location data to Google without you even knowing it.…

You're such a goober, Uber: UK regulators blast hushed breach

Wed, 22 Nov 2017 15:15:13 GMT

MP: Funny, you managed to contact customers when TfL put your licence on hold…

Brit regulators, security agencies and MPs have slammed Uber for covering up the massive data breach of 57 million customer and driver records.…

Possible cut to British F-35 order considered before Parliament

Wed, 22 Nov 2017 13:05:04 GMT

MoD claims it's still committed but warns of 'uncertainty'

Rising costs might force the UK to reduce its order of F-35 fighter jets, the House of Commons has been told.…

Loake Shoes admits: We've fallen victim to cybercrims

Wed, 22 Nov 2017 10:18:05 GMT

Hold on to your laces, email server was compromised

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers.…

Once more unto the breach: El Reg has a go at crisis management

Wed, 22 Nov 2017 09:43:11 GMT

And you can probably guess how that turned out

Hacks played representatives of a hacked company in an incident response exercise run by F-Secure this week.…

Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

Wed, 22 Nov 2017 08:01:14 GMT

Ad giant has malware detection in its script-hosting service... but Coin Hive isn't flagged

Crypto-jackers using Coin Hive code to secretly mine Monero via computing power supplied by the unsuspecting have found Google Tag Manager to be a convenient means of distribution.…

Apple: Sure, we banned VPN iOS apps in China, but, um, er, art!

Wed, 22 Nov 2017 06:02:13 GMT

iGiant didn't want to aid censorship, but $10bn in revenue is $10bn in revenue

Apple has told the US government it cooperated with China's demands to block VPN services so it could get other concessions from the Middle Kingdom on human rights.…

Iranian military hacker fingered for 'Game of p0wns' HBO leak

Wed, 22 Nov 2017 03:58:04 GMT

Dept. of Justice lamely says 'winter is coming' for Behzad Mesri, aka 'Skote Vahshat'

The United States' Department of Justice has identified a suspect in July's attack on Home Box Office, naming an Iranian national, Behzad Mesri, in an indictment unsealed Tuesday, November 21.…

Microsoft says Win 8/10's weak randomisation is 'working as intended'

Wed, 22 Nov 2017 01:57:04 GMT

This bug is a feature in 11 out of 12 scenarios

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited.…

Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android?

Wed, 22 Nov 2017 00:55:42 GMT

War over Java spills into mobile privacy world

Analysis Having evidently forgotten about that Street View Wi-Fi-harvesting debacle, Google has admitted constantly collecting the whereabouts of Android devices regardless of whether or not they have location tracking enabled.…

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Wed, 22 Nov 2017 00:04:30 GMT

And it happened a year ago, hoped you wouldn't find out

Uber's CEO Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases and stole personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers.…

National Cyber Security Centre boss: For the love of $DEITY, use 2FA on your emails, peeps

Tue, 21 Nov 2017 13:03:37 GMT

Brit biz bosses, improve your infosec. We'll handle Russia

The chief exec of the National Cyber Security Centre – a branch of the UK's spy nerve-centre GCHQ – has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web.…

Patch on way 'this week' for HP printer vulns

Tue, 21 Nov 2017 07:30:07 GMT

RCE? Check. Clear passwords? Check. Interfere with print jobs? Check

Updated Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers.…

Microsoft's memory randomization security defense is a little busted in Windows 8, 10

Tue, 21 Nov 2017 03:02:14 GMT

RIP ROP? Think again

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR) mechanism, designed to severely hamper hackers' attempts to exploit security bugs.…

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Mon, 20 Nov 2017 23:53:23 GMT

Bugs can be exploited to extract info, potentially insert rootkits

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts.…

Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files

Mon, 20 Nov 2017 23:30:44 GMT

Here we go again…

Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church.…

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Mon, 20 Nov 2017 20:06:47 GMT

Link to fake TSB site canned after we help raise alarm

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation.…

Germany slaps ban on kids' smartwatches for being 'secret spyware'

Mon, 20 Nov 2017 17:35:13 GMT

Hands up, whose parents are listening in on this class?

The German telecoms regulator has banned the sale of children's smartwatches that allow users to secretly listen in on nearby conversations.…

Container ship loading plans are 'easily hackable'

Mon, 20 Nov 2017 10:12:09 GMT

Look! A pic that's not a metaphor

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan".…

It's 2017, and command injection is still the top threat to web apps

Mon, 20 Nov 2017 08:02:07 GMT

Open Web Application Security Project updated 'top-ten risks' lands on Monday, but we found a late, late draft

The Open Web Application Security Project will on Monday, US time, reveal its annual analysis of web application risks, but The Register has sniffed out the final draft of the report and can report that it has found familiar attacks top its charts, but exotic exploits are on the rise.…

DNS resolver will check requests against IBM threat database

Mon, 20 Nov 2017 06:58:12 GMT

Group Co-founded by City of London Police promises 'no snooping on your requests'

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.…

F5 DROWNing, not waving, in crypto fail

Mon, 20 Nov 2017 06:02:10 GMT

Bleichenbacher, the name that always chills cryptographers' blood

If you're an F5 BIG-IP sysadmin, get patching: there's a bug in the company's RSA implementation that can give an attacker access to encrypted messages.…

User experience test tools: A privacy accident waiting to happen

Mon, 20 Nov 2017 03:58:12 GMT

Researchers watch publishers watching you, ignore privacy settings, run over mere HTTP

Researchers working on browser fingerprinting found themselves distracted by a much more serious privacy breach: analytical scripts siphoning off masses of user interactions.…

Some 'security people are f*cking morons' says Linus Torvalds

Mon, 20 Nov 2017 02:04:21 GMT

Linux Lord fires up over proposal to secure Linux by shutting down wonky processes

Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel.…

Massive US military social media spying archive left wide open in AWS S3 buckets

Fri, 17 Nov 2017 20:08:18 GMT

Dozens of terabytes exposed, your tax dollars at work

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.…

Shamed TLS/SSL cert authority StartCom to shut up shop

Fri, 17 Nov 2017 17:29:05 GMT

Chairman tells El Reg nobody will even notice its passing

Controversial certificate authority StartCom is going out of business.…

For goodness sake, stop the plod using facial recog, London mayor told

Fri, 17 Nov 2017 16:03:09 GMT

At least until there's some sort of strategy. Jeez – GLA

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.…

Lloyds' Avios Reward credit cardholders report fraudulent activity

Fri, 17 Nov 2017 15:03:09 GMT

Concerns raised over data breach

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.…

Fake news ‘as a service’ booming among cybercrooks

Fri, 17 Nov 2017 07:57:13 GMT

Fake sites spread fake stories to fuel pump and dump or other foul ends

Criminals are exploiting “fake news” for commercial gain, according to new research.…

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Thu, 16 Nov 2017 23:59:05 GMT

Lab suspects Chinese spyware was on home computer

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets.…

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Thu, 16 Nov 2017 23:06:33 GMT

Just didn't get round to fixing it – our bad

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.…

Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Thu, 16 Nov 2017 20:34:12 GMT

Nothing like unauth'd hijacking, Heartbleed-style bugs to patch ASAP

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.…

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Thu, 16 Nov 2017 19:42:47 GMT

Plus AWS creds, S3 silos filled with sensitive customer info

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.…

Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Thu, 16 Nov 2017 15:31:11 GMT

Details from decommissioned UK webshop scoured

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.…

New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Thu, 16 Nov 2017 14:56:13 GMT

You've grown so much, you piece of @£$

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.…

DJI bug bounty NDA is 'not signable', say irate infosec researchers

Thu, 16 Nov 2017 12:24:13 GMT

Non-disclosure agreement prompts uproar

Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".…

Does UK high street banks' crappy crypto actually matter?

Thu, 16 Nov 2017 09:33:10 GMT

Commentards didn't hold back and some experts disagreed

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts.…

Q: Why are you running in the office? A: This is my password for El Reg

Thu, 16 Nov 2017 04:52:54 GMT

Boffins find smartmobe accelerometers can turn your gait into a biometric

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users.…

The four problems with the US government's latest rulebook on security bug disclosures

Wed, 15 Nov 2017 22:59:12 GMT

But it's still better than nothing

Analysis The United States government has published its new policy for publicly disclosing vulnerabilities and security holes.…