Print this article
Hotmail, Gmail and kitchen-based checks all neutered
Spammers have reportedly defeated revised CAPTCHAs from both Google and Microsoft.…
Lost in transliteration
Mozilla has published an update to its popular Firefox web browser designed to fix a password saving glitch.…
Carder crooks say they can
Updated Cybercrooks are targeting self-service checkout systems in UK supermarkets to cash-out compromised US credit and debit card accounts.…
8 million records? Huh, more like 10
Hotel chain Best Western has denied falling victim to a large-scale hacking attack.…
And a few more gone AWOL
A computer hard disc containing one million sets of bank details was bought on eBay for just £35.…
Address harvesting all too easy
Apple has inadvertently made it easy for spammers to create a database of MobileMe email addresses.…
Portsmouth Asda links to credit card hack
Analysis The organised tampering of PIN entry devices to commit credit card fraud, which led to arrests in Birmingham last week, has been linked to a breach in an Asda store on the outskirts of Portsmouth.…
'We're sorry about that. We're sorry about that'
A printing mix-up resulted in thousands of Goldfish credit card customers receiving other people's bills.…
Internet bouncer snooze leads to 'small earthquake'
Slipshod cryptographic housekeeping left some OpenID services far less secure than they ought to be.…
Clone me, please
Black Hat The annual Black Hat conference in Las Vegas has become one of the premier venues for exposing lax security practices that put the unwashed masses at risk. In an interesting twist, a researcher is calling out conference organizers for supplying 4,500 attendees with an RFID-enabled badge that has widely known security weaknesses.…
Claims they'll fool e-readers. Uh huh huh
The 'fraud-proof' e-passport can be copied and altered, a Dutch security researcher has demonstrated. In tests conducted for the Times, Jeroen van Beek of the University of Amsterdam changed the chip data in a normal UK e-passport to contain a picture of Osama bin Laden. The paper also reports that van Beek has contrived to have a passport in the name of Elvis Presley accepted by a public e-reader in a Dutch town hall.…
Game on for the passport fraudsters?
A consignment of 3,000 "useless" blank biometric passports has been stolen on its way to British embassies throughout the world. Or at least, the Identity & Passport Service says they're useless.…
Airport workers join their bosses
Unions representing airline and airport staff are to tell Home Secretary Jacqui Smith that her plan to force staff to carry ID cards will add nothing to airport security.…
Freedom of speech trumps all
Dutch researchers will be able to publish their controversial report on the Mifare Classic (Oyster) RFID chip in October, a Dutch judge ruled today.…
Computer fault buggers barriers
Updated London commuters are suffering more problems than usual this morning, thanks to the weekend failure of the Oyster card readers at tube stations and on buses.…
New CRB regs produce a nation of suspects
Analysis If we had suggested, ten years ago, that one day soon, the government would draw up a list of prescribed occupations: that they would build a database of millions of people who would need to register for those occupations; and that a committee of Public Safety would be set up with power of absolute veto over every individual on the database; it is just possible that you would have decided that even El Reg had taken leave of its oh-so-cynical senses.…
Promises 'dramatic reduction' in scam emails
eBay and PayPal have linked up with Gmail to roll out technology designed to block fraudulent emails and phishing attacks.…
Still embedding passport, address and email though
RFID technology won't feature on every ticket for the forthcoming Beijing Olympics - but those that do have it will contain an embedded chip with the holder's home address, passport details and email address.…
Report publication 'irresponsible'
Chipmaker NXP, formerly Philips Semiconductors, is taking Dutch Radboud University to court on Thursday to prevent researchers publishing their controversial report on the Mifare Classic chip.…
Names, addresses, bank accounts and sort codes
Northcliffe Media, owner of the Daily Mail, is the latest company to lose a laptop load of sensitive staff information.…
IANA and ICANN succumb to NetDevilz
The websites of two of the net's most critical oversight organizations were hijacked by Turkish hackers who sent visitors to rogue pages that challenged the overseers' authority.…
Don’t kill the messenger
The publication of a scientific paper by Radboud University that discusses design flaws of the MIFARE chip in cards such as the Oyster travelcard may be in jeopardy. Dutch secretary of state Tineke Huizinga has urged the university not to publish any secrets that may lead to abuse.…
Buddy hacker account compromise risk plugged
Yahoo! has fixed a vulnerability that left users of its popular webmail service at risk of having their login credentials stolen.…
Fakeale redux
Malware authors have created a strain of scareware packages that lifts the name of an infected user from the registry of an infected PC in order to create more convincing scams.…
Post code lottery fix
Credit card conmen have developed a technique for making fraudulent purchases in the UK appear more legitimate.…
Two gangs blamed for attacks on credulous high-rollers
Targeted phishing attacks against high-rollers reached new heights over the last two months, according to a study by iDefense.…
IT finally hits the fan months after tapes go AWOL
Couriers lost magnetic tapes containing the personal details of 4.5 million people who had dealt with the Bank of New York Mellon, it has emerged. The incident happened three months ago, but has only surfaced after legal papers were filed in the state of Connecticut.…
Soaraway losses
Identity fraud grew alarmingly in the UK last year, with affluent Londoners particularly at risk, according to figures from credit reference agency Experian.…
Social spamming
Updated Facebook has fixed a cross site scripting flaw that left its users at risk from scripting attacks.…
Home Office chucks in the cards?
Plans for the widespread introduction of fingerprint passports and ID cards, already delayed until 2012, have receded further into the distance with the publication of the latest Identity & Passport Service cost report for the ID scheme. This effectively pulls the plugs on the network of IPS-run interview centres, and lobs future responsibility for these and for biometric enrolment over to private sector companies.…
Sweet temptation
Women are four times more likely than men to give out "passwords" in exchange for chocolate bars.…
Skyhook, line and sinker
Punters using Wi-Fi based positioning systems on their mobile devices would do well to look before they leap. Security vulnerabilities have discovered location spoofing flaws in the Skyhook positioning system that might be used to lead users astray.…
So who hacked Hansard?
At the end of February Home Office minister Meg Hillier explained the UK ID scheme security system to the Home Affairs Committee. "The National Identity Register, essentially," she said, "will be a secure database; ...hack-proof, not connected to the Internet... not be accessible online; any links with any other agency will be down encrypted links."…
Who did you text last night?
One in five married UK couples admit to electronic snooping on their spouses, says a report from Oxford University. The report found that many married partners spy on their partner's emails and text messages. One in eight (13 per cent) confessed to checking on internet history files to monitor sites visited by their better halves.…
Brands and Cameron pitch the fix for government's Big ID problem
Early last month Jacqui Smith unveiled the latest revision of the ID card roadmap. On the same day, by happy coincidence, Microsoft bought Credentica's U-Prove assets and hired Dr Stefan Brands. On the one hand, a discredited and failing strategy staggers on under its fourth Home Secretary, while on the other...?…
Customers liable for losses
The banking industry has re-affirmed a policy that makes online banking customers responsible for losses if they have out of date anti-virus or anti-phishing protection. New Banking Codes for consumers and businesses took effect on Monday.…
Pressganged into submission
An Australian high school has stopped fingerprinting its children, on receiving a caning from the country’s press.…
Software that knows if you're mad - or a loner
When the president of a prestigious patent and trademarking firm began receiving emails threatening to bring down its operations unless he paid a $17m ransom, he knew he had to take action. He reported the incident to the Federal Bureau of Investigation, but agents were unable to identify the culprit.…
No fakes detected - terrorists all move to Belgium
Interviews for first time passport applicants have been massively successful - because, er, no fraudulent applications at all have been detected since the government introduced the system last May. In answer to a Freedom of Information request, the Home Office said last week that 38,391 interviews had been held to date, 222 applications were currently under investigation, but that so far no application had been rejected.…
National security now wholly funded by shopping
The government, the British Airports Authority and the Information Commissioner's Office are arguing over fingerprinting at Heathrow's new Terminal 5, which is due to open on Thursday. T5 is to use a 'count them all in, count them all out' biometric system to log entry and exit to the departure lounge, but the ICO thinks the move may breach the Data Protection Act, and has demanded an explanation from BAA.…
Supermarket identity sweep
A New England-based supermarket chain has warned of an information security breach that exposed an estimated 4.2 million credit card records.…
Lands security lab on Singapore
IBM today snapped up privately-held security software firm Encentuate for an undisclosed sum.…
The keys to London Underground, and plenty more
Security researchers say they've found a way to crack the encryption used to protect a widely-used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares.…
Smith offers series of compelling propositions
The latest stage in the long slow death of the UK ID scheme became official this morning, as Home Secretary Jacqui Smith unveiled a two-pronged revised delivery plan, aimed first at selected groups of workers and teenagers. This effectively confirms the strategy proposed by the leaked ID scheme Options Analysis earlier this year, and kicks back the widespread issuing of the cards until 2012.…
Smokescreen for a retreat?
Airport workers could be the first to be issued with compulsory ID cards, claimed Tory shadow home secretary David Davis today, citing government documents leaked to his party. Home Secretary Jacqui Smith is due to make a speech on the future of ID cards tomorrow, and Davis suggests that she is likely to announce a postponement until 2012, while making them compulsory for selected groups of victims.…
Will put privacy at risk for no added security
Europe's top privacy watchdog has condemned planned European border controls as weak and based on inconclusive evidence, claiming they will put Europeans' privacy at risk with no guarantee of increased security.…
Beefs up data responsibility
HM Revenue and Customs has appointed 37 staff to protect information, since it lost personal records on 25 million people last November.…
Breaking up with Facebook is (less) hard to do
It was a long time coming but the web's favourite has-been-in-the-making, Facebook, has finally agreed to let users who are bored with it wrest their personal information from its advertising salesmens' clutches.…
Sanity check please
Credit checking giant Equifax left Reg reader Thomas flummoxed when it told him to send copies of the front and back of his debit card when he asked for a credit report.…
Slippery slope
A senior US Department of Homeland Security official has floated the idea of requiring citizens to produce federally compliant identification before purchasing some over-the-counter medicines.…