Techworld.com security

UK host 123-reg recovers after "massive" DDoS attack

John E Dunn — Fri, 25 May 2012 11:03:00 GMT

The UK’s largest domain registrar 123 Reg was hit this week by a “massive” DDoS attack that caused several hours of disruption to web traffic, third-party reports claim.

Researchers propose extending TLS to detect rogue SSL certificates

Lucian Constantin — Fri, 25 May 2012 10:21:00 GMT

A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.

Yahoo Axis private key leaked in Chrome extensions

Lucian Constantin — Fri, 25 May 2012 09:33:00 GMT

Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo's name.

95% o SAP systems vulnerable, security researcher warns

Loek Essers — Fri, 25 May 2012 08:53:00 GMT

More than 95% o over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.

Bredolab botnet author sentenced to 4 years in prison in Armenia

Lucian Constantin — Thu, 24 May 2012 14:30:00 GMT

The creator of the Bredolab malware received a four-year prison sentence in Armenia on Monday for using his botnet to launch DDoS (distributed denial-of-service) attacks that damaged multiple computer systems owned by private individuals and organizations.

Fake Angry Birds app cost UK Android users £28,000

John E Dunn — Thu, 24 May 2012 12:13:00 GMT

In the most serious mobile malware incident yet to be uncovered in the UK a firm has been fined £50,000 by the regulator for profiting from bogus apps that covertly sent SMS messages costing £5 a time to a premium rate number.

Pwnium Chrome hackers exploited 16 zero-day vulnerabilities

Gregg Keizer — Thu, 24 May 2012 10:37:00 GMT

Google Chrome hackers used a total of 16 zero-day vulnerabilities to crack the browser at the inaugural "Pwnium" hacking contest and win $120,000.

Google gives search users final DNSChanger warning

John E Dunn — Thu, 24 May 2012 10:10:00 GMT

Google has embarked on a final campaign to warn the remaining half million PCs it reckons could still be infected with the DNSChanger malware that they risk losing Internet connectivity on 9 July.

McAfee reports big spike in malware

Cameron Scott — Thu, 24 May 2012 08:57:00 GMT

PC malware had its "busiest quarter in recent history," according to McAfee's quarterly security report.

Bredolab botnet author Georgy Avanesov gets four years in jail

Lucian Constantin — Thu, 24 May 2012 00:10:00 GMT

Bredolab malware creator Georgy Avanesov has been handed a four-year prison sentence in Armenia for using his botnet to launch DDoS (distributed denial-of-service) attacks that damaged multiple computer systems owned by private individuals and organisations.

Is cloud-based security really cheaper?

Antone Gonsalves — Wed, 23 May 2012 11:48:00 GMT

Vendors hope subscription models - and removing the need to manage and update software and hardware - will be attractive

LulzSec MilitarySingles data breach caused by weak security

John E Dunn — Wed, 23 May 2012 11:10:00 GMT

The major LulzSec data raid on the MilitarySingles.com dating site in March was caused by a catalogue of security problems including poor web application design and the use of weak encryption, an analysis from Imperva has claimed.

Banking malware SpyEye steals info by hijacking webcams and mics

Lucian Constantin — Wed, 23 May 2012 10:41:00 GMT

SpyEye is a computer Trojan horse that specifically targets online banking users. Like its older cousin, Zeus, SpyEye is no longer being developed by its original author, but is still widely used by cybercriminals in their operations, according to Kaspersky Lab.

Anonymous claims it has hacked a DOJ site

John Ribeiro — Wed, 23 May 2012 09:20:00 GMT

The US Department of Justice said Tuesday it was looking into the unauthorized access of a website server in its statistics wing, after hacker group Anonymous claimed to have collected and released 1.7GB of data from it.

Cloudforce: News International trusts customer data to the cloud

Sophie Curtis — Wed, 23 May 2012 08:42:00 GMT

Newspaper publisher News International is using cloud-based solutions from Salesforce.com. CloudSense and Zuora to fulfil product orders, monitor customer preferences and process payments.

Are financial IT systems ready for a Greek euro exit?

Sophie Curtis — Tue, 22 May 2012 10:10:00 GMT

What impact would Greece's departure from the euro have on the technological infrastructure that runs our payment systems, and what can banks do to avoid a financial meltdown?

Facebook spreading cross-browser LilyJade worm, security experts warn

Lucian Constantin — Tue, 22 May 2012 09:23:00 GMT

Crossrider, a cross-browser extension development framework, is being used to malware writers to build a click-fraud worm called LilyJade that spreads on Facebook, security researchers from antivirus firm Kaspersky Lab warned.

Security vulnerability reporting framework upgraded for researchers

John E Dunn — Mon, 21 May 2012 18:00:00 GMT

The security industry’s Common Vulnerability Reporting Framework (CVRF) framework for reporting and sharing security vulnerabilities in a machine-readable format has been given a promised revamp to make it easier to use for third-party researchers.

Security vulnerability reporting framework upgraded for reserchers

John E Dunn — Mon, 21 May 2012 18:00:00 GMT

Windows 8 security - What's new in latest operating system

Eric Geier — Mon, 21 May 2012 16:48:00 GMT

Windows 8 will be released later this year, and the new Start screen and Metro-style apps will likely be the first changes you'll notice, but those aren't the only things that are new. Microsoft is also making some serious security enhancements to help keep your system safer and to improve Windows' ability to combat viruses and malware. It just may be the biggest improvement to Windows security yet.

Metropolitan Police gets rapid smartphone analysis system

John E Dunn — Fri, 18 May 2012 14:29:00 GMT

Metropolitan Police Service (MPS) investigators will get quicker access to data from the mobile phones of suspects after announcing the controversial deployment of the Radio Tactics ACESO data extraction system.

Java and Flash vulnerabilities being exploited by cyber spies

Antone Gonsalves — Fri, 18 May 2012 10:34:00 GMT

Cyber spies have planted Java- and Flash-exploiting malware on websites focused on human rights, defense and foreign policy.

Cybercriminals honing Android malware skills in Russia

Antone Gonsalves — Fri, 18 May 2012 10:23:00 GMT

Sophos says they're starting in Russia, but will expand with success

Hackers behind Flashback click fraud campaign haven't been paid

Gregg Keizer — Fri, 18 May 2012 09:55:00 GMT

The hackers in charge of the Flashback botnet managed to generate $14,000 from their Mac-based click fraud campaign, but have not been paid, Symantec said today.

Security services among top employers IT students want to work for

Antony Savvas — Fri, 18 May 2012 09:40:00 GMT

MI5 and GCHQ are among the top 10 employers that IT students would like to work for, although the likes of Google and Apple still lead in the work popularity stakes.