-
Social-engineering contest reveals secret BP info
Hacking human gullibility at Defcon
Defcon A hacker competition that challenges contestants to trick employees of large companies into divulging potentially sensitive information aims to show how human gullibility is the biggest security vulnerability of all. During its first day at the Defcon hacker contest in Las Vegas, it had clearly achieved its goal.…
-
MS preps emergency patch for Windows shortcut peril
Attacks on rise
Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.…
-
Futurologist defends 'malevolent dust' warning
Dust up over supposed evil particles
A futurologist has defended his controversial warning that "smart dust" is liable to become a future information stealing threat.…
-
Delegate hacks into Black Hat streaming video
What happens in Vegas...
Security shortcomings in Black Hat's newly established streaming media service allowed a security consultant to hack into the system and see presentations for free.…
-
Cyber Security Challenge winner announced
Quickest crypto off the mark
The UK's Cyber Security Challenge has announced the winner of its prologue crypto puzzle, as well as the solution - for anyone still struggling to find an answer.…
Free On-Demand Webcast - Virtualizing the Hard Stuff
-
UK.gov sticks to IE 6 cos it's more 'cost effective', innit
Stunned web developers die a little inside
Computers in Whitehall will largely continue to run Microsoft’s Internet Explorer 6, which will make web coders spit out their cheese‘n’pickle sarnies this lunchtime.…
-
Fake Firefox update used to sling scareware
Watch where you click
Online con artists have developed a strain of scareware that poses as a Firefox update.…
-
Beware the blizzard of torrents of Starcraft 2
Expense accounts
Starcraft 2 was released this week and at the hefty RRP of £45. Many games sites are hopping mad at this, although typically retailers are selling Blizzard's strategy game at £10 less than RRP.…
-
'Suspicious' Android wallpaper app nabs user data
Up to 4 million downloads
An Android wallpaper application that collected data from users' phones and uploaded it to a site in China was downloaded "millions of times", according to mobile security firm Lookout.…
-
Data for 100m Facebook accounts published to BitTorrent
Forever is a mighty long time
Underscoring the permanence of data published on the internet, a security researcher has compiled the names and URLs of more than 100 million Facebook users and made them available as a BitTorrent download.…
-
Fog of cyberwar: internet always favors the offense
The Poland of international conflict
Black Hat Fighting wars that target computer networks is fraught with risks that don't exist in traditional warfare, raising the stakes for future conflicts, a retired US general told security professionals Thursday.…
-
Data breaches blamed on organised crime
Hackers feast on financial sector security mistakes
Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data.…
-
Turkish pranksters load Facebook Translate with swears
The rudeness of crowds
Facebook's attempts to crowdsource translations have gone awry in Turkey.…
-
Cell phone eavesdropping enters script-kiddie phase
Get your GSM snooping tools here
Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world's most widely deployed mobile technology.…
-
NoScript 2.0 beefs border patrol
'Saves your router's ass'
NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites.…
-
Armed with exploits, ATM hacker hits the jackpot
'Game over' vulns spew cash on demand
Black Hat A startling percentage of the world's automated teller machines are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers to say nothing of huge amounts of cash, a security researcher said Wednesday.…
Free On-Demand Webcast - Virtualizing the Hard Stuff
-
Scareware victims seldom fight back
Too embarrassed or too ignorant?
Victims of rogue anti-virus scams rarely attempt to claw back fraudulent credit card payments for worthless software packages, according to new research.…
-
Adobe fights exploits with MAPPs
Microsoft's advanced vuln notice
Black Hat Following a path first taken by Microsoft, Adobe Systems plans to provide security partners with information about upcoming security patches to give providers of antivirus products and intrusion prevention systems a head start in warding off attacks that target the flaws.…
-
Tight-lipped Apple fixes Safari autosnoop bug
Black Hat talk preempted
Black Hat Apple has fixed a flaw in Safari that exposed user names, email addresses, and other sensitive information when the browser visited booby-trapped websites.…
-
Smart meters pose hacker kill-switch risk, warn boffins
Who turned off the lights?
A leading computer scientist has warned of the security risks of using smart meters in controlling utility supplies.…
-
Reboot key Brit 'ready to save internet'
Seven keys to BIND them all
The Brit charged with holding one of seven digital keys necessary to re-establish a system of trust in the highly unlikely event of a collapse of the DNSSec (DNS Security Extensions) system has spoken of the practicalities of his responsibility.…
-
Mariposa mastermind arrested in Slovenia
Cybercrime toolkit suspect cuffed
Investigators have released more details on the arrest of a Slovenian hacker suspected of creating the code behind the infamous Mariposa botnet.…
-
Russian gang uses botnets to automate check counterfeiting
Old-school crime with 21st century twist
Black Hat A researcher has uncovered a sophisticated check counterfeiting ring that uses compromised computers to steal and print millions of dollars worth of bogus invoices and then recruit money mules to cash them.…
-
Wireless network security weakness to demo at DEFCON
Et tu, WPA2?
Security researchers have discovered security shortcomings in the WPA2 protocol that threaten the security of wireless networks, even if they are running up-to-date security software.…
-
Aussie hacker pleads guilty to banking Trojan scam
3,000 computers infected? Strewth
An Australian hacker has pleaded guilty to infecting 3,000 computers with an information-stealing Trojan.…
-
Zeus bot latches onto Windows shortcut security hole
bLNKing hell
Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.…
-
Opening UK cyber-security challenge cracked
Prelude puzzle unpicked
Enthusiasts claim to have already solved the first test in the Cyber Security Challenge UK hunt for would-be cyber-security experts.…
-
Battle joined for future of open source IPS
Snort bares teeth at DHS-backed project
Analysis The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF).…
-
Minister calls for more cyber security experts
'Holistic national response' needed
The minister for security has said the government has to do something about a shortage of emerging cyber security professionals.…
-
Citigroup says its iPhone app puts customers at risk
Warning: contents include account details
Citigroup is urging customers who use their iPhones for online banking to immediately upgrade to a new version of the application because a security weakness in the the old one puts them at risk.…
Free On-Demand Webcast - Virtualizing the Hard Stuff
-
EU climate exchange website hit by green-hat hacker
APB for Neil from The Young Ones
An EU Climate Exchange website was hacked as part of a political protest against carbon credits by a green-hat defacement crew.…
-
How effective is your security monitoring?
Can you police the policing?
Workshop Poll For many organisations, the litmus test for IT security effectiveness is whether or not security breaches are reduced as a result. Security monitoring should help, but modern environments are complex and multi-faceted, and it can be difficult to determine how much is down to the tools, and how much is down to other factors such as policy.…
-
Firefox update fixes plug-in snafu
Stabilising patch rushed out
Mozilla has responded to plugin stability issues with a new version of Firefox.…
-
Security world ill-equipped to solve digital whodunnits
'Unqualified and pedestrian'
When anthrax-laced letters killed five people and sickened 17 others shortly after the September 11 terrorist attacks in 2001, investigators were able to pin point the precise lab where the deadly spores were manufactured. And when Confederate General Stonewall Jackson was shot on the battle field some 150 years ago, forensics showed only one of his own forces could have pulled the trigger.…
-
vBulletin vuln gifts admin credentials to unwashed masses
Just type 'database'
Websites using software from vBulletin have been stung by a critical vulnerability that makes it trivial to steal credentials needed to administer site panels.…
-
Couple charged over hybrid car industrial espionage plot
GM secrets allegedly offered to Chinese rival
A Michigan couple faces charges of stealing industrial secrets on hybrid cars from GM before attempting to sell the data to a Chinese auto manufacturer.…
-
'Freeware' phishing kit dupes s'kiddies
Dishonour among thieves
Skilled malware authors have duped less skilled cybercrooks into doing their dirty work with a new phishing kit.…
-
Unpatched shortcut vuln exploited by mainstream malware
'Bottom feeders' latch onto zero-day bug
Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines.…
-
Dell blames staff for malware infection
Bloody humans
Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware.…
-
Removing SCADA worm could disrupt power plants
Security catch 22
Siemens has made a program available for detecting and disinfecting malware attacking its software used to control power grids, gas refineries, and factories but warned customers who use it could disrupt sensitive plant operations.…
-
Microsoft to banish 'responsible' from disclosure debate
Google, too
Microsoft has submitted a proposal aimed at quelling one of the oldest debates in security circles: retiring the use of the term “responsible disclosure”.…
-
The Hack in the Box ATM talk that never was...
No vendor threats, 'cos no talk, says researcher
A banking security researcher has stepped forward to deny reports that vendor threats forced him to cancel a presentation on ATM security at the Hack in the Box conference in Amsterdam earlier this month.…
-
4chan flings faeces at Gawker
News blog stumbles after hacker twattery
An attack by hackers at 4chan on Gawker left the news blog intermittently unavailable on Wednesday.…
-
Mariposa botnet suspects quizzed in Slovenia
Butterfly investigation spreads its wings
Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware.…
-
iPhone thief nabbed by GPS, cops say
Take note, crooks
iPhone thieves take note: Next time you strike, make sure the coveted device you pilfer isn't equipped with GPS software.…
-
38 states grill Google on three-year Wi-Fi slurp
More questions than answers, official says
A coalition of 38 US states has called on Google to explain in detail how Wi-Fi-sniffing software that surreptitiously collected data over wireless networks was included in its fleet of Street View cars.…
-
Microsoft issues stopgap fix for critical Windows flaw
'Fix It' for ailing shortcut vuln
Microsoft has published an automated workaround for the newly discovered Windows vulnerability that criminals are exploiting to seize control of computers, including some used to manage sensitive equipment at power plants and other industrial facilities.…
Free On-Demand Webcast - Virtualizing the Hard Stuff
-
YouGov tests the waters on internet snooping
Mind if we spy on you?
Participants in a regular YouGov survey were recently confronted with an odd request to download software that would track users' surfing habits.…
-
Firefox update guards hen house
It's browser update time. Again
Mozilla has pushed out a new version of Firefox that fixes numerous security holes, some critical.…
-
Cameron asks Obama for McKinnon compromise
Please sir
Supporters of Gary McKinnon have praised the Prime Minister for raising the Pentagon hacker's long-running extradition case during a meeting with President Barack Obama on Monday.…