Latest Articles

Tor attack may have unmasked anonymous users

Freedom Hosting arrest and takedown linked to Tor privacy compromise

Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week's Black Hat security conference - a talk that was cancelled when the university's lawyers freaked out - about how easy it is to break Tor anonymity. They're innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack.

Google tips off cops after spotting child abuse images in email

Google tips off cops after spotting child abuse images in email

A 41-year-old resident of Houston, Texas has been arrested after Google tipped off police that they had spotted child abuse images in his emails.

Canada joins US in openly accusing China of state-sponsored hacking

China. Image courtesy of Shutterstock

The Canadian government has accused China of being behind a "cyber intrusion" at the National Research Council of Canada (NRC), the country's main science and technology research body. Few details of the intrusion have emerged so far, and given the Read more…

Beefed-up Senate bill takes a swing at the NSA

NSA spyglass. Image courtesy of Shutterstock

If it emerges unscathed from the chamber, it could mean an end to bulk metadata collection, an end to the secrecy the government's been operating under, and reform of the USA Patriot Act that's been used to grant it vast surveillance rights.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

3 security mistakes small companies make and how to avoid them

3 security mistakes small companies make

Dedicated IT staff are a luxury most very small businesses do without but those organisations still need to find a way to secure their computers against cyber ciminals who aren't looking to cut them a break just because they're small.

Free Wi-Fi - but it'll cost you your privacy

Citizens asked to trade their privacy for free WiFi

The UK city of York is planning to roll out citywide free Wi-Fi. Correction: it's only "free" if you don't count the privacy you stand to lose.

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

Guy brags about gift card tinkering at new job, gets house raided by feds

Gift cards. Image courtesy of Shutterstock

The new recruit showed off to a colleague, calling the gift-card tinkering "research". We'll see what Homeland Security thinks about it after they scour the electronics they seized from his house.

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Police slap warning banner ads on 'pirate' sites

Pirate warning. Image courtesy of Shutterstock

The City of London Police has started swapping out legitimate ads on websites believed to be serving up pirated content, instead plastering them with warning banner ads.

Hacker turns ATM into 'Doom' arcade game

ATM gets turned into 'Doom' arcade game

Its screen now eschews balances and transfers in favor of the familiar sight of a hand wrapped around a gun, going around dark corners and blasting stuff. Where did scrap metal hacker "Aussie50" pick this thing up? Do we have to worry about threats to our bank balances? And is he going to rig it with a coin mechanism so we can all play?

One hoax press release, one $300 million hole in mining company

One hoax press release, one $300 million hole in Australian mining company

The fake press release was pretty convincing: it was sent from a domain that riffed on the ANZ Bank name, used the bank's logo, and included the name of a PR person, along with his (NOT!) phone number. It's yet another example of how easy it is to scam people online.

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Panopticlick reveals the cookie you can't delete

Panopticlick reveals the cookie you can't delete

You know about cookies, and how to delete them, but what if there was a cookie you couldn't delete, and what if the steps you took to guard your privacy made you easier to track? The EFF's Panopticlick tool determines how easy you are to identify based on your web browser's 'fingerprint'.

How to break into people's homes with your mobile phone

How to break into people's homes with your mobile phone

Having a tough time breaking into your neighbor's house? Not terribly conversant with key gauges or making clay molds? Don't worry, there's an app for that!

Monday review - the hot 27 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

A Sysmas Carol - singing the praises of sysadmins everywhere!

sysmas-250

Ever felt as though there should be a song for system administrators?

Like a Sysmas Carol, perhaps, celebrating the 0x0C days of Sysmas?

Well, here it is!