Hacking human gullibility at Defcon

Defcon A hacker competition that challenges contestants to trick employees of large companies into divulging potentially sensitive information aims to show how human gullibility is the biggest security vulnerability of all. During its first day at the Defcon hacker contest in Las Vegas, it had clearly achieved its goal.…

Attacks on rise

Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.…

Dust up over supposed evil particles

A futurologist has defended his controversial warning that "smart dust" is liable to become a future information stealing threat.…

What happens in Vegas...

Security shortcomings in Black Hat's newly established streaming media service allowed a security consultant to hack into the system and see presentations for free.…

Quickest crypto off the mark

The UK's Cyber Security Challenge has announced the winner of its prologue crypto puzzle, as well as the solution - for anyone still struggling to find an answer.…

Free On-Demand Webcast - Virtualizing the Hard Stuff

Stunned web developers die a little inside

Computers in Whitehall will largely continue to run Microsoft’s Internet Explorer 6, which will make web coders spit out their cheese‘n’pickle sarnies this lunchtime.…

Watch where you click

Online con artists have developed a strain of scareware that poses as a Firefox update.…

Expense accounts

Starcraft 2 was released this week and at the hefty RRP of £45. Many games sites are hopping mad at this, although typically retailers are selling Blizzard's strategy game at £10 less than RRP.…

Up to 4 million downloads

An Android wallpaper application that collected data from users' phones and uploaded it to a site in China was downloaded "millions of times", according to mobile security firm Lookout.…

Forever is a mighty long time

Underscoring the permanence of data published on the internet, a security researcher has compiled the names and URLs of more than 100 million Facebook users and made them available as a BitTorrent download.…

The Poland of international conflict

Black Hat Fighting wars that target computer networks is fraught with risks that don't exist in traditional warfare, raising the stakes for future conflicts, a retired US general told security professionals Thursday.…

Hackers feast on financial sector security mistakes

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data.…

The rudeness of crowds

Facebook's attempts to crowdsource translations have gone awry in Turkey.…

Get your GSM snooping tools here

Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world's most widely deployed mobile technology.…

'Saves your router's ass'

NoScript daddy Giorgio Maone has released version 2.0 of his popular Firefox add-on, a means of blocking JavaScript, Java, Flash, and other plug-in or script content from untrusted websites.…

'Game over' vulns spew cash on demand

Black Hat A startling percentage of the world's automated teller machines are vulnerable to physical and remote attacks that can steal administrative passwords and personal identification numbers to say nothing of huge amounts of cash, a security researcher said Wednesday.…

Free On-Demand Webcast - Virtualizing the Hard Stuff

Too embarrassed or too ignorant?

Victims of rogue anti-virus scams rarely attempt to claw back fraudulent credit card payments for worthless software packages, according to new research.…

Microsoft's advanced vuln notice

Black Hat Following a path first taken by Microsoft, Adobe Systems plans to provide security partners with information about upcoming security patches to give providers of antivirus products and intrusion prevention systems a head start in warding off attacks that target the flaws.…

Black Hat talk preempted

Black Hat Apple has fixed a flaw in Safari that exposed user names, email addresses, and other sensitive information when the browser visited booby-trapped websites.…

Who turned off the lights?

A leading computer scientist has warned of the security risks of using smart meters in controlling utility supplies.…

Seven keys to BIND them all

The Brit charged with holding one of seven digital keys necessary to re-establish a system of trust in the highly unlikely event of a collapse of the DNSSec (DNS Security Extensions) system has spoken of the practicalities of his responsibility.…

Cybercrime toolkit suspect cuffed

Investigators have released more details on the arrest of a Slovenian hacker suspected of creating the code behind the infamous Mariposa botnet.…

Old-school crime with 21st century twist

Black Hat A researcher has uncovered a sophisticated check counterfeiting ring that uses compromised computers to steal and print millions of dollars worth of bogus invoices and then recruit money mules to cash them.…

Et tu, WPA2?

Security researchers have discovered security shortcomings in the WPA2 protocol that threaten the security of wireless networks, even if they are running up-to-date security software.…

3,000 computers infected? Strewth

An Australian hacker has pleaded guilty to infecting 3,000 computers with an information-stealing Trojan.…

bLNKing hell

Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.…

Prelude puzzle unpicked

Enthusiasts claim to have already solved the first test in the Cyber Security Challenge UK hunt for would-be cyber-security experts.…

Snort bares teeth at DHS-backed project

Analysis The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF).…

'Holistic national response' needed

The minister for security has said the government has to do something about a shortage of emerging cyber security professionals.…

Warning: contents include account details

Citigroup is urging customers who use their iPhones for online banking to immediately upgrade to a new version of the application because a security weakness in the the old one puts them at risk.…

Free On-Demand Webcast - Virtualizing the Hard Stuff

APB for Neil from The Young Ones

An EU Climate Exchange website was hacked as part of a political protest against carbon credits by a green-hat defacement crew.…

Can you police the policing?

Workshop Poll For many organisations, the litmus test for IT security effectiveness is whether or not security breaches are reduced as a result. Security monitoring should help, but modern environments are complex and multi-faceted, and it can be difficult to determine how much is down to the tools, and how much is down to other factors such as policy.…

Stabilising patch rushed out

Mozilla has responded to plugin stability issues with a new version of Firefox.…

'Unqualified and pedestrian'

When anthrax-laced letters killed five people and sickened 17 others shortly after the September 11 terrorist attacks in 2001, investigators were able to pin point the precise lab where the deadly spores were manufactured. And when Confederate General Stonewall Jackson was shot on the battle field some 150 years ago, forensics showed only one of his own forces could have pulled the trigger.…

Just type 'database'

Websites using software from vBulletin have been stung by a critical vulnerability that makes it trivial to steal credentials needed to administer site panels.…

GM secrets allegedly offered to Chinese rival

A Michigan couple faces charges of stealing industrial secrets on hybrid cars from GM before attempting to sell the data to a Chinese auto manufacturer.…

Dishonour among thieves

Skilled malware authors have duped less skilled cybercrooks into doing their dirty work with a new phishing kit.…

'Bottom feeders' latch onto zero-day bug

Virus writers have begun using the unpatched shortcut flaw in Windows first exploited by the Stuxnet worm, which targets power plant control systems, to create malware that infects the general population of vulnerable Windows machines.…

Bloody humans

Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware.…

Security catch 22

Siemens has made a program available for detecting and disinfecting malware attacking its software used to control power grids, gas refineries, and factories but warned customers who use it could disrupt sensitive plant operations.…

Google, too

Microsoft has submitted a proposal aimed at quelling one of the oldest debates in security circles: retiring the use of the term “responsible disclosure”.…

No vendor threats, 'cos no talk, says researcher

A banking security researcher has stepped forward to deny reports that vendor threats forced him to cancel a presentation on ATM security at the Hack in the Box conference in Amsterdam earlier this month.…

News blog stumbles after hacker twattery

An attack by hackers at 4chan on Gawker left the news blog intermittently unavailable on Wednesday.…

Butterfly investigation spreads its wings

Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware.…

Take note, crooks

iPhone thieves take note: Next time you strike, make sure the coveted device you pilfer isn't equipped with GPS software.…

More questions than answers, official says

A coalition of 38 US states has called on Google to explain in detail how Wi-Fi-sniffing software that surreptitiously collected data over wireless networks was included in its fleet of Street View cars.…

'Fix It' for ailing shortcut vuln

Microsoft has published an automated workaround for the newly discovered Windows vulnerability that criminals are exploiting to seize control of computers, including some used to manage sensitive equipment at power plants and other industrial facilities.…

Free On-Demand Webcast - Virtualizing the Hard Stuff

Mind if we spy on you?

Participants in a regular YouGov survey were recently confronted with an odd request to download software that would track users' surfing habits.…

It's browser update time. Again

Mozilla has pushed out a new version of Firefox that fixes numerous security holes, some critical.…

Please sir

Supporters of Gary McKinnon have praised the Prime Minister for raising the Pentagon hacker's long-running extradition case during a meeting with President Barack Obama on Monday.…