Iain Thomson

Contact Mail Follow Twitter RSS feed
baratov

Canadian! fella! admits! hacking! Gmail! inboxes! amid! Yahoo! megahack!

A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts. Karim Baratov, 23, appeared in a federal district court in San Francisco on Tuesday after striking a plea deal with US prosecutors. He was …
Iain Thomson, 29 Nov 2017
Soyuz

Russian rocket snafu may have just violently dismantled 19 satellites

Updated A Russian weather satellite and 18 micro-satellites are right now thought to be at the bottom of the Atlantic ocean after a Soyuz rocket carrying the birds malfunctioned shortly after launch. The launch of the Soyuz 2-b rocket – the latest addition to Russia's venerable line of boosters – took place at the new Vostochny …
Iain Thomson, 28 Nov 2017
army

US intelligence blabs classified Linux VM to world via leaky S3 silo

Updated A classified toolkit for potentially accessing US military intelligence networks was left exposed to the public internet, for anyone to find, according to security researchers today. A Linux-based virtual machine designed to safely receive and handle secret material, and connect to protected Pentagon computers, was discovered …
Iain Thomson, 28 Nov 2017
china hacker

Chinese IT security bods accused of siphoning US GPS, biz blueprints

Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege. Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and …
Iain Thomson, 28 Nov 2017

iPhone X Face ID fooled again by 'evil twin' mask

Video Security researchers have once again claimed a simple mask can hoodwink Apple's Face ID authentication system, which graces the tech giant's $1,000 iPhone X. Earlier this month, bods at Bkav, based in Vietnam, demonstrated it was possible to bypass the face-recognizing login mechanism using a $150 3D-printed mask, effectively …
Iain Thomson, 28 Nov 2017

That $10,000 Facebook bug: Photos shafted, addicts screwed by polls

A security researcher found a way to delete any picture on Facebook, irrespective of whether it's public or private, by cunning use of polls. Pouya Daribi was digging around in the software used by Facebook users to set up quick opinion polls on their profile pages. When creating these informal surveys, the social media …
Iain Thomson, 27 Nov 2017
army

Massive US military social media spying archive left wide open in AWS S3 buckets

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest. The archives were found by UpGuard's veteran security-breach …
Iain Thomson, 17 Nov 2017
Hacker

Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on …
Iain Thomson, 16 Nov 2017
Rage

Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it. Last week, netizens using Parity's multi-signature wallets – which each require more than one person …
Iain Thomson, 16 Nov 2017

How about that time Russian military used a video game pic as proof of US aiding ISIS?

Earlier this week, the official Facebook and Twitter accounts of the Russian Ministry of Defense said it had "irrefutable evidence" the US was aiding ISIS in Syria – and revealed four grainy photos apparently backing up its claims. The images, apparently taken last week, were captioned as showing the American forces letting …
Iain Thomson, 16 Nov 2017

Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data. The remote access trojan (RAT), dubbed Fallchill, is the work of a North Korean hacking group called Hidden Cobra, which some at US-CERT believe was responsible for the WannaCry …
Iain Thomson, 15 Nov 2017
lab rat

Uncle Sam to strap body sensors to hackers in nuke lab security study

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws. The study is running this month and next at what's described as a high-security nuclear science …
Iain Thomson, 15 Nov 2017

What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants. The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people's PCs and handhelds – way more than …
Iain Thomson, 15 Nov 2017
Freedom

Think the US is alone? 18 countries had their elections hacked last year

While America explores quite how much its election was interfered with by outsiders, the news isn't good for the rest of us, according to independent watchdog Freedom House. In its annual Freedom of the Net [PDF] report on the state of the internet and democracy, the group surveyed 65 nation states comprising 87 per cent of …
Iain Thomson, 14 Nov 2017
mask

Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'

Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone. Bkav Corporation, an tech security biz with offices in the US and Singapore, specializes in bypassing facial-recognition systems, and set out to do the same …
Iain Thomson, 13 Nov 2017

Manic miners, hideous hackers, frightful flaws, vibrating mock cock app shock – and more

Roundup Phew, we made it to the weekend. Let's take a look at everything that went down in IT security beyond what we've already covered this week. The week started badly after an anonymous individual managed to bork the Parity Ethereum wallet and lock up $280m with of the crypto-currency – an act that may or may not have been …
Iain Thomson, 11 Nov 2017
currency

Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent." On Tuesday, Parity confessed all of its multi-signature Ethereum wallets – which each require multiple …
Iain Thomson, 10 Nov 2017

The NAKED truth: Why flashing us your nude pics is a good idea – by Facebook's safety boss

Poll Amid days of intense debate over about its controversial plan to block revenge porn on its social network, Facebook sought to calm fears about the program. Antigone Davis, Facebook's global head of safety, on Thursday attempted to clarify details about the system, which is being tested right now in Australia, and is heading to …
Iain Thomson, 10 Nov 2017
Judge

Judge bins sueball lobbed at Malwarebytes by rival antivirus maker for torpedoing its tool

Security software slinger Enigma has lost a key legal battle against antivirus maker Malwarebytes, which blocks and deletes Enigma's products from PCs. Florida-based Enigma Software Group, which touts tools Spyhunter and RegHunter that claim to remove software nasties from Windows computers, sued Malwarebytes in San Jose, …
Iain Thomson, 10 Nov 2017
Rosenstein

US government seizes Texas gun mass murder to demand backdoors

While US President Donald Trump thinks it's too early to discuss gun control in the wake of Sunday's Texas church massacre – America's latest mass shooting – his Deputy Attorney General Rod Rosenstein is just fine exploiting the murder-suicide of 26 people to push for backdoors. Specifically, a backdoor so investigators can …
Iain Thomson, 9 Nov 2017
fail_parking_meter_648

Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

A British teenager who tried to order a car bomb on the dark web and get it delivered to his address has been found guilty this week. Gurtej Randhawa Failure ... Gurtej Randhawa (Source: NCA) Gurtej Randhawa, 19, of Wightwick, in the West Midlands of England, was cuffed by cops in May after purchasing what he thought was …
Iain Thomson, 9 Nov 2017
Mayer

Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Poor Marissa Mayer. After selling off Yahoo! and floating away on her golden parachute, she must have been looking for a nice rest. But US Congress wanted her to explain how every single user account on the portal got hacked. On Wednesday, she testified before the Senate Committee on Commerce, Science, and Transportation on …
Iain Thomson, 8 Nov 2017
FBI

You know what's coming next: FBI is upset it can't get into Texas church gunman's smartphone

FBI agents investigating the murder-suicide of 26 people in a church in Sutherland Springs, Texas, on Sunday, have said they can't yet unlock the shooter's smartphone. In a press conference on Tuesday, special agent Chris Combs said that investigations into the motives and actions of the gunman was ongoing, but that his mobe …
Iain Thomson, 8 Nov 2017

Amazon's answer to all those leaky AWS S3 buckets: A dashboard warning light

Updated After watching customer after customer screw up their AWS S3 security and expose highly sensitive files publicly to the internet, Amazon has responded. With a dashboard warning indicator. Simple, and hopefully effective. For months now we have been reporting on researchers finding open S3 buckets packed full of confidential …
Iain Thomson, 7 Nov 2017
failure

Parity calamity! Wallet code bug destroys $280 MEEELLION in Ethereum

There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently. Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user …
Iain Thomson, 7 Nov 2017

Biting the hand that feeds IT ? 1998–2017