Monthly Archives: October 2013
Cloud-based database services company MongoHQ is in "we'd better fix things" mode this week, following a network intrusion that proves the old adage that once you've been breached, all security bets are off.
It’s easy to overlook the security of critical IT infrastructure - the low level things that you rely on and that "just work", that nobody wants to touch and that probably haven't been patched for years. Here are some things to consider when keeping your critical infrastructure secure.
A University of Surrey researcher created a cheap receiver from off-the-shelf electronics and was able to eavesdrop on contactless card payments at distances of 20-90 centimetres - collecting credit card numbers, expiry dates, and cardholder names. This despite the fact that one of the main security features of contactless cards is a requirement not to transfer payment data in excess of 10cm from a reader.
An anonymous person, claiming to be Anonymous, recently fired off a hacking threat against Singapore's financial systems.
Should this threat be taken seriously?
House Intelligence Committee Chairman Mike Rogers suggested during a hearing at the US National Security Agency (NSA) on Tuesday that it’s impossible to have your privacy violated if you don’t know that your privacy is being violated.
Microsoft just published its January-to-June 2013 Security Intelligence Report.
The results seem to PROVE that you should get rid of Windows XP as soon as you can.
Paul Ducklin checks the strength of the "proof"...
Adobe originally estimated that the breach affected around 2.9 million users. As it turns out the number is actually 38 million, with the information taken including Adobe IDs, encrypted passwords, customer names, encrypted debit and credit card numbers, expiry dates and customer order details.
US President Barack Obama has initiated a review to make sure that the NSA is doing what it should be doing, as opposed to doing whatever it can do with its continues-to-amaze data-vacuuming capabilities.
A bizarre warning is circulating on Facebook urging you not to change your profile picture to a giraffe.
It's a hoax - so please don't spread it, even if you think it's amusing: false alarms just make us collectively less likely to react when there really is a problem.
A brief reminder for Firefox users: version 25 is out.
As usual, there are some new and tweaked features, plus a fair number of security fixes.
Paul Ducklin takes a quick look...
US prosecutors described Lauri Love as a "sophisticated and prolific computer hacker" who allegedly stole "massive quantities of sensitive data" which, they claim, resulted in "millions of dollars in losses." Love and his three accomplices allegedly stole data on more than 500 individuals, as well as information about government budgets and the "demolition and disposal of military facilities."
The FBI has put out a wanted poster and Interpol has issued red notices looking for help in tracking down a gang of seven swindlers who allegedly ran a $3 million (£1.8m) scam, selling cars that were just figments of their very active imaginations.
Not everyone was happy about Apple's terms and conditions when it introduced dictation to OS X: speech-to-text was done in the cloud, so Apple got to listen to what you were saying.
OS X Mavericks changes that - though apparently more for performance than privacy...
By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!
Listen to Chet and Duck in the latest episode...
A Florida man will go to prison for defrauding student aid accounts, while his two fellow-conspirators have been given probation and community sentences.
The group's techniques should serve as a reminder that it's not just the information stored on our computers that we need to keep secure.
The official NSA website NSA.gov was offline for several hours on Friday, prompting immediate wild speculation that it had been taken down by a DDoS campaign.
Is that a gun, or are you just upgrading the printer? What if your iPhone has a bug in the lock that locks the lock screen? Will Chrome's continuing support for XP make us safer, or merely lazier?
It'll only take 60 seconds to find out the answers!
The fifth grader from Montreal pleaded guilty to DDoS, website defacement and accessing databases by exploiting security holes. He wasn't politically motivated, his lawyer said, and swapped his ill-gotten information for video games.
Wordpress 3.7 isn't important because it fixes any particularly devilish vulnerabilities but because, for the first time, it will automatically update itself with the latest maintenance and security releases - something that could change the security of the whole Wordpress ecosystem.