The Register

Syndicate content
Biting the hand that feeds IT — sci/tech news and views for the world
Updated: 3 hours 35 min ago

Massive US military social media spying archive left wide open in AWS S3 buckets

Fri, 2017-11-17 14:08
Dozens of terabytes exposed, your tax dollars at work

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.…

Categories: Security Articles

Shamed TLS/SSL cert authority StartCom to shut up shop

Fri, 2017-11-17 11:29
Chairman tells El Reg nobody will even notice its passing

Controversial certificate authority StartCom is going out of business.…

Categories: Security Articles

For goodness sake, stop the plod using facial recog, London mayor told

Fri, 2017-11-17 10:03
At least until there's some sort of strategy. Jeez – GLA

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.…

Categories: Security Articles

Lloyds' Avios Reward credit cardholders report fraudulent activity

Fri, 2017-11-17 09:03
Concerns raised over data breach

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.…

Categories: Security Articles

Fake news ‘as a service’ booming among cybercrooks

Fri, 2017-11-17 01:57
Fake sites spread fake stories to fuel pump and dump or other foul ends

Criminals are exploiting “fake news” for commercial gain, according to new research.…

Categories: Security Articles

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Thu, 2017-11-16 17:59
Lab suspects Chinese spyware was on home computer

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets.…

Categories: Security Articles

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Thu, 2017-11-16 17:06
Just didn't get round to fixing it – our bad

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.…

Categories: Security Articles

Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Thu, 2017-11-16 14:34
Nothing like unauth'd hijacking, Heartbleed-style bugs to patch ASAP

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.…

Categories: Security Articles

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Thu, 2017-11-16 13:42
Plus AWS creds, S3 silos filled with sensitive customer info

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.…

Categories: Security Articles

Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Thu, 2017-11-16 09:31
Details from decommissioned UK webshop scoured

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.…

Categories: Security Articles

New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Thu, 2017-11-16 08:56
You've grown so much, you piece of @£$

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.…

Categories: Security Articles

DJI bug bounty NDA is 'not signable', say irate infosec researchers

Thu, 2017-11-16 06:24
Non-disclosure agreement prompts uproar

Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".…

Categories: Security Articles

Does UK high street banks' crappy crypto actually matter?

Thu, 2017-11-16 03:33
Commentards didn't hold back and some experts disagreed

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts.…

Categories: Security Articles

Q: Why are you running in the office? A: This is my password for <i>El Reg</i>

Wed, 2017-11-15 22:52
Boffins find smartmobe accelerometers can turn your gait into a biometric

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users.…

Categories: Security Articles

The four problems with the US government's latest rulebook on security bug disclosures

Wed, 2017-11-15 16:59
But it's still better than nothing

Analysis  The United States government has published its new policy for publicly disclosing vulnerabilities and security holes.…

Categories: Security Articles

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Wed, 2017-11-15 15:50
Fallchill file-stealing malware raids American networks

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data.…

Categories: Security Articles

US govt's 'foreign' spy program that can snoop on Americans at home. Sure, let's reauth that...

Wed, 2017-11-15 14:20
What's Russian for "section 702 s***show"?

Analysis  The reauthorization of a controversial US government spying program has made further progress with the Senate's intelligence committee putting forward its recommendations to the whole Senate.…

Categories: Security Articles

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

Wed, 2017-11-15 10:38
Certs revoked, but where are the updates?

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.…

Categories: Security Articles

Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Wed, 2017-11-15 10:00
The BlueBorne ultimatum

Updated  Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities.…

Categories: Security Articles

Coming live to a warzone near you: Army Truck Driver for Xbox!

Wed, 2017-11-15 08:02
Shh, ignore senior Brit officers saying armed forces on brink of collapse

As recently retired senior officers told UK Parliament that the armed forces are at risk of "institutional failure", the Ministry of Defence told the world's press that soldiers are playing with Xbox controllers.…

Categories: Security Articles