News

Chrome add-on warns netizens when they use a leaked password. Sometimes, they even bother to change it

The Register - Fri, 16/08/2019 - 21:57
Alerted to exposed credentials, users do something about it roughly a quarter of the time

Between February and March this year, after Google released a Chrome extension called Password Checkup to check whether people's username and password combinations had been stolen and leaked from website databases, computer scientists at the biz and Stanford University gathered anonymous telemetry from 670,000 people who installed the add-on.…

Categories: News

NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down

The Register - Fri, 16/08/2019 - 21:09
You never know, we might figure out how not to screw up in future

Analysis  In the clearest possible sign that the US intelligence services live within their own political bubble, the director of national intelligence has asked Congress to reauthorize a spying program that the NSA itself decided to shut down after it repeatedly – and illegally – gathered the call records of millions of innocent Americans.…

Categories: News

Top tip: Don't upload your confidential biz files to free malware-scanning websites – everything is public

The Register - Fri, 16/08/2019 - 19:45
Sandbox services are bursting with sensitive info from unwitting companies

Companies are inadvertently leaving confidential files on the internet for anyone to download – after uploading the documents to malware-scanning websites that make everything public.…

Categories: News

And you thought the cops were bad... Civil rights group warns of facial recog 'epidemic' across UK private sites

The Register - Fri, 16/08/2019 - 16:30
Shopping centres, museums and conference centres among all found to be using tech

Facial recognition is being extensively deployed on privately owned sites across the UK, according to an investigation by civil liberties group Big Brother Watch.…

Categories: News

Police costs for Gatwick drone fiasco double to nearly £900k – and still no one's been charged

The Register - Fri, 16/08/2019 - 09:03
Omnishambles just keeps on rolling and you're paying for it

Sussex Police's probe of the infamous London Gatwick airport drone fiasco of Christmas 2018 has doubled in cost to nearly £900,000 – and the bungling force still hasn't arrested the person or persons responsible.…

Categories: News

Security? We've heard of it! But why be a party pooper when there's printing to be done

The Register - Fri, 16/08/2019 - 08:04
The boss that went rogue and cocked a snook at the corporate policy he wrote

On Call  With the gateway to the weekend upon us, it is time to crack open the On Call files once again to enjoy a tale from one of those brave engineers at the front line of the tech world.…

Categories: News

Bomb-hoaxing DoSer who targeted police in revenge was caught after Twitter taunts

The Register - Thu, 15/08/2019 - 13:23
Mostly the public adversely affected

A young man who DoSed two British police forces' websites has been sentenced to 16 months in a young offenders' institution.…

Categories: News

How dodgy browser plugins, web scripts can silently rewrite that URL you were about to hit – and throw you into an internet wormhole

The Register - Thu, 15/08/2019 - 08:08
Clickjacking code found on sites with 43 million daily visits total

Analysis  Clickjacking, which came to the attention of security types more than a decade ago, continues to thrive, despite defenses deployed since then by browser makers.…

Categories: News

World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts

The Register - Thu, 15/08/2019 - 07:29
Thinking US again? You'd be wrong

Comment  In a report that has left lawmakers across the globe reeling, the Wall Street Journal on Wednesday claimed a smartphone maker helped government officials in Uganda access encrypted texts on a handset used by one of its own citizens, and track the device's whereabouts.…

Categories: News

Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix

The Register - Wed, 14/08/2019 - 22:59
Chipzilla patches firmware, drivers, SDKs

Hot on the heels of Patch Tuesday fixes from Microsoft, Apple, Adobe, and SAP, Intel has dropped its monthly security bundle to address a series of seven CVE-listed vulnerabilities in its firmware and software.…

Categories: News

Chin up, CapitalOne: You may not have been the suspected hacker's only victim. Feds fear 30-plus organizations hit

The Register - Wed, 14/08/2019 - 22:06
Prosecutors file papers to keep Paige Thompson behind bars while awaiting trial

The ex-Amazon software engineer accused of stealing the personal information of 106 million people from Capital One's cloud-hosted databases may have hacked dozens of other organizations.…

Categories: News

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

The Register - Wed, 14/08/2019 - 13:34
Biostar 2 goes supernova after Israeli duo's probings

Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.…

Categories: News

HTTP/2, Brute! Then fall, server. Admin! Ops! The server is dead

The Register - Wed, 14/08/2019 - 10:02
Beware the denials of service: Netflix warns of eight networking bugs

On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services.…

Categories: News

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

The Register - Tue, 13/08/2019 - 22:51
Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday  Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.…

Categories: News

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

The Register - Tue, 13/08/2019 - 21:40
Google guru shows how WinXP-era text code grants total control

Patch Tuesday  Software buried in Windows since the days of WinXP can be abused to take complete control of a PC with the help of good ol' Notepad and some crafty code.…

Categories: News

An Army Watchkeeper drone tried to land. Then meatbags took over from the computers

The Register - Tue, 13/08/2019 - 17:54
Operators cut throttle during go-around. Aircraft crashed

A British Army Watchkeeper drone that crashed near its home base of Aberporth in north Wales did so after its crew overrode its autopilot, causing the unmanned aircraft to hit a tree.…

Categories: News

US insurers face SEC probe over web-access bungle that exposed 'up to 885 million' files

The Register - Tue, 13/08/2019 - 12:57
But it claims just 32 people had 'non-public' info disclosed. Eh?

The American Securities and Exchange Commission is said to be investigating a US insurance company that allegedly left 885 million personal records accessible "without authentication to anyone with a web browser".…

Categories: News

Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes

The Register - Tue, 13/08/2019 - 11:11
Alternative Services spec bungled by browser makers

The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT '19 security conference on Tuesday.…

Categories: News

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

The Register - Tue, 13/08/2019 - 02:43
Expensive renewals once a year... or free certificates any time? Tough choice

CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is considering slashing the lifetime of HTTPS certs from 27 months to 13 months.…

Categories: News

Tor pedos torpedoed again, this time Feds torpedo four Tor pedos – and keep how they unmasked dark-web scumbags under wraps

The Register - Mon, 12/08/2019 - 23:33
Child abuse swap-shop admins to spend decades behind bars

The FBI is keeping quiet how exactly it brought down a Tor-hidden pedophile haven, having secured decades-long prison sentences for four of the website's administrators.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News