Print this article
Rolling the dice with the internet's future
Analysis After being publicly outed issuing web credentials that were vulnerable to attacks that could allow criminals to spoof the encryption certificates of any website on the internet, VeriSign has issued assurances it has neutralized any real-world threat.…
Taking a leak
US organisations lost even more sensitive data in a greater number of information security screw-ups last year, according to a new survey.…
Website admins go AWOL
Once again, Major League Baseball's website has been caught serving ads designed to infect its considerable base of visitors with malware that trashes their machines.…
Ukrainian boards Midnight Express
A Ukrainian fraudster linked to the infamous TJX hack was sentenced to a 30 year prison sentence in Turkey on unrelated charges this week.…
Skin-flick codec scams follow MSN Spaces abuse
Internet scoundrels have begun abusing Google code hosting projects to distribute malware and promote smut. The assault follows a bout of the same kind of abuse against Microsoft's comparable MSN Spaces beta site dating back a year, net security firm McAfee reports.…
Death and taxes and crime
The Treasury has taken the unusual step of warning UK taxpayers of a phishing scam doing the rounds, which looks to ensnare frantic last-minute tax return filers.…
Wiping-tech confidence collapse insanity
Which? Computing has lost faith in wiping technology and advised punters to take a hammer to hard discs they intend to get rid of. Reg readers and experts have slammed the advice as misguided and irresponsible.…
The telltale cursor
A British IT admin was ordered to pay more than £3,000 and given a three-months jail sentence after being accused of hacking into his former employer's computer system so he could install spyware and delete emails.…
The pursuit of 'happiness'
Miscreants broke into Twitter's admin system on Sunday night using a simple password guessing hack, it has emerged.…
Survey highlights serious spoofability
One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks.…
Unlocked and loaded
A practical attack on Intel's trusted execution technology (TXT) is due to be demonstrated at a hacking conference next month.…
Blasphemy on Jobsian high holy day
As unfounded as they may be, reports of Steve Jobs's demise have spread to a live feed of Macworld Expo provided by Apple gossip site MacRumors after griefers managed to breach the website's security.…
Beyoncé's not your friend, you berk
Bogus profiles on social networking website LinkedIn are punting malware to the credulous and starstruck.…
Blogspot exploits and Gmail scams slammed
Google has leapfrogged Microsoft to reach third place in a blacklist of spam-friendly ISPs and hosting firms, compiled by anti-spam organisation Spamhaus.org.…
Cyberspace becomes battleground in Gaza conflict
Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda.…
Attack of the Tweats
Micro-blogging site Twitter had to temporarily suspend accounts belonging to Barack Obama, Britney Spears and other celebrities after they were hijacked by miscreants and used to spread scandalous and false information that appeared to come from their owners.…
Curse of the ROMmon
A researcher has discovered a way to reliably exploit a known security vulnerability in a wide class of Cisco System routers, a finding that for the first time allows attackers to hijack millions of devices with a single piece of code.…
Not a word, so far
Comment Did you have a quiet Christmas? What about New Year? While New Years Eve is the busiest time for text messages, maybe you didn’t get any. And if you're a Nokia user, there may be a reason for that.…
Old bug, new tricks
Mobile phone security vendors were rejoicing last night when it emerged that an obscure bug in an old version of the Symbian OS could allow an attacker to crash a target's mobile phone with a specially-formatted text message.…
Security bypass attack
Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected.…
The good, the bad and the ugly
Security pundits are fond are characterising personalties in information security with reference to Westerns - hence hackers wear either a "black hat" or a "white hat" like their cowboy counterparts.…
PS3 fleet spoofs SSL certs
Researchers have uncovered a weakness in the internet's digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure.…
Security pantomime
Researchers reckon a security bug in Windows Media Player creates a means for hackers to inject hostile code onto vulnerable systems. However Microsoft has denied this, saying that the bug only creates a means to crash the software without posing a more damaging security risk.…
Mark your diary
Fraudsters are using Google's Calendar service as a means to develop a new strain of phishing scam.…
Payment processor buries bad news
RBS WorldPay belatedly admitted last week that hackers broke into its systems.…
Sad demise of volunteer security community
Updated CastleCops, the volunteer security community, has called it a day.…
Snafu highlights wider trust problem
Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks.…
You've been iframed
Christmas gifts of Samsung Digital Picture frames could come with the unwelcome gift of malware, Amazon has warned.…
Fined $8,000 a day
A federal judge has fined a Belize-based company $8,000 for each day it continues to flout his order to halt a major internet operation alleged to have duped more than 1 million computer users into buying bogus malware protection.…
Attack of the open redirects
Miscreants are exploiting weaknesses in more than one million webpages operated by the federal government, media companies, and even Microsoft to trick unwitting visitors into installing harmful software that takes over their computers.…
Unauthorised drilling in a protected area
A top manager at a US software developer has avoided jail after pleading guilty to lifting password-protected files from the website of a business rival.…
Exploit code for 0day fails to ping on Redmond's radar
Microsoft came clean and admitted its SQL Server database software is vulnerable to code injection attacks. It's not a new flaw but the same bug in the database software that emerged around the time of Microsoft's monthly Patch Tuesday update earlier this month.…
If I offered you twenty thousand pounds £3.25m...
Payment service provider Datacash has offered £3.25m to buy UK-based credit card fraud experts the 3rd Man. The offer, announced Monday, represents 30p per share, a 18 per cent premium of 3rd Man's trading price on 22 November.…
I impersonate dead people
The Home Office today said its new weekly register of deaths mailout is "hastening the demise of a cruel type of identity fraud" by catching pension cheats who impersonate dead people.…
Billions served
A New Zealand man said to be at the helm of one of the world's most prolific spam enterprises has agreed to pay fines totalling $92,715 (about US $63,400) after admitting his role in an operation that spewed billions of junk messages in recent years.…
First gagged, now recruited
A New England transit agency has vowed to work with three Massachusetts Institute of Technology undergraduates whom it had previously sued when they discovered serious flaws in the agency's electronic payment systems.…
Pants meet ankles
Critical US electronic systems have failed to withstand a simulated cyberattack.…
ActiveX control gives online scanner man flu
Users of Trend Micro's HouseCall antivirus scanner need to upgrade following the discovery of a potentially serious security bug.…
Bloomin' MessageLabs
A florist is complaining that MessageLabs wrongly identified emails it was sending as infected with a computer virus.…
Gets six years for ill-advised operation
A London policeman who attempted to blackmail sex offenders and drug dealers has been jailed for six years.…
Card accounts still naked
The website for American Express has once again been bitten by security bugs that could expose its considerable base of customers to attacks that steal their login credentials.…
Bulgarian phreaker phones home
A Winnipeg businessman has received a telephone bill for more than $52,000 (Canadian) after unknown miscreants breached his voicemail system and made hundreds of calls to Bulgaria.…
Not the best grow up plan ever conceived
A New York man on Thursday admitted he repeatedly posted videos of himself on YouTube claiming he caused millions of jars of baby food to be poisoned.…
Huawei's alleged ties to PLA under fire again
Possible involvement of the Chinese networking firm Huawei Technologies in building Australia's national broadband network has security agencies fearing red espionage.…
Fergie fails on password security
Security experts said it would be child's play for thieves to access sensitive data on the Duchess of York's stolen laptop, despite the use of password protection.…
Snafu with a side of spam
ecademy - the business-orientated social networking site - left supposedly private support emails sent through the site publicly viewable as the result of a programming snafu earlier this week.…
Versions 2 and 3 get even patchier
Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser.…
Party's over
An internet tycoon who made billions of dollars building an online gambling empire has agreed to forfeit $300m after pleading guilty to violating the US Wire Act.…
Zero-day exploit fix arrives Wednesday
Microsoft will push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.…
XSS: Entrenched since November 2008
Updated A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.…