Monthly Archives: October 2013

Lessons to learn from the MongoHQ database breach


Cloud-based database services company MongoHQ is in "we'd better fix things" mode this week, following a network intrusion that proves the old adage that once you've been breached, all security bets are off.

How to protect your critical infrastructure

How to protect your critical infrastructure

It’s easy to overlook the security of critical IT infrastructure - the low level things that you rely on and that "just work", that nobody wants to touch and that probably haven't been patched for years. Here are some things to consider when keeping your critical infrastructure secure.

Contactless payments - researcher intercepts card data from a metre away

Researcher intercepts contactless payment data from a metre away

A University of Surrey researcher created a cheap receiver from off-the-shelf electronics and was able to eavesdrop on contactless card payments at distances of 20-90 centimetres - collecting credit card numbers, expiry dates, and cardholder names. This despite the fact that one of the main security features of contactless cards is a requirement not to transfer payment data in excess of 10cm from a reader.

Anonymous threatens Singapore with hacking attacks, calls for November 5 protest... perhaps


An anonymous person, claiming to be Anonymous, recently fired off a hacking threat against Singapore's financial systems.

Should this threat be taken seriously?

"You can't have your privacy violated if you don't know your privacy is violated"

You can't have your privacy violated if you don't know your privacy is violated

House Intelligence Committee Chairman Mike Rogers suggested during a hearing at the US National Security Agency (NSA) on Tuesday that it’s impossible to have your privacy violated if you don’t know that your privacy is being violated.

Has Microsoft just PROVED why you should upgrade from XP?


Microsoft just published its January-to-June 2013 Security Intelligence Report.

The results seem to PROVE that you should get rid of Windows XP as soon as you can.

Paul Ducklin checks the strength of the "proof"...

Adobe breach THIRTEEN times worse than thought, 38 million users affected


Adobe originally estimated that the breach affected around 2.9 million users. As it turns out the number is actually 38 million, with the information taken including Adobe IDs, encrypted passwords, customer names, encrypted debit and credit card numbers, expiry dates and customer order details.

President Obama orders review of NSA spying

President Obama orders review of NSA spying

US President Barack Obama has initiated a review to make sure that the NSA is doing what it should be doing, as opposed to doing whatever it can do with its continues-to-amaze data-vacuuming capabilities.

Please don't spread the Facebook "giraffe picture" hoax!


A bizarre warning is circulating on Facebook urging you not to change your profile picture to a giraffe.

It's a hoax - so please don't spread it, even if you think it's amusing: false alarms just make us collectively less likely to react when there really is a problem.

Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems

A brief reminder for Firefox users: version 25 is out.

As usual, there are some new and tweaked features, plus a fair number of security fixes.

Paul Ducklin takes a quick look...

British man charged with hacking into US army and NASA network

British man charged with hacking into US army and NASA network

US prosecutors described Lauri Love as a "sophisticated and prolific computer hacker" who allegedly stole "massive quantities of sensitive data" which, they claim, resulted in "millions of dollars in losses." Love and his three accomplices allegedly stole data on more than 500 individuals, as well as information about government budgets and the "demolition and disposal of military facilities."

FBI hunt for seven fugitives involved in multimillion-dollar eBay car scam

FBI hunting seven Eastern Europeans for multimillion-dollar eBay car scam

The FBI has put out a wanted poster and Interpol has issued red notices looking for help in tracking down a gang of seven swindlers who allegedly ran a $3 million (£1.8m) scam, selling cars that were just figments of their very active imaginations.

Apple introduces "cloudless dictation", no longer demands your contact list to understand you


Not everyone was happy about Apple's terms and conditions when it introduced dictation to OS X: speech-to-text was done in the cloud, so Apple got to listen to what you were saying.

OS X Mavericks changes that - though apparently more for performance than privacy...

SSCC 121 - WordPress, OS X, iCloud, smartphone tracking and medical devices [PODCAST]


By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!

Listen to Chet and Duck in the latest episode...

2 years in federal prison for trash-searching student aid fraudster


A Florida man will go to prison for defrauding student aid accounts, while his two fellow-conspirators have been given probation and community sentences.

The group's techniques should serve as a reminder that it's not just the information stored on our computers that we need to keep secure.

Monday review - the hot 26 stories of the week


Missed anything last week?

Catch up with everything we talked about with our weekly roundup.

NSA: No we weren't hacked, we just broke our website


The official NSA website was offline for several hours on Friday, prompting immediate wild speculation that it had been taken down by a DDoS campaign.

Is that a GUN, or are you just upgrading the printer? - 60 Sec Security [VIDEO]


Is that a gun, or are you just upgrading the printer? What if your iPhone has a bug in the lock that locks the lock screen? Will Chrome's continuing support for XP make us safer, or merely lazier?

It'll only take 60 seconds to find out the answers!

12-year-old Canadian boy admits to hacking police and government sites for Anonymous

12-year-old Canadian boy admits to hacking police and government sites for Anonymous

The fifth grader from Montreal pleaded guilty to DDoS, website defacement and accessing databases by exploiting security holes. He wasn't politically motivated, his lawyer said, and swapped his ill-gotten information for video games.

WordPress 3.7 with automatic security updating is out now

Wordpress 3.7

Wordpress 3.7 isn't important because it fixes any particularly devilish vulnerabilities but because, for the first time, it will automatically update itself with the latest maintenance and security releases - something that could change the security of the whole Wordpress ecosystem.