Security

I’m old enough to remember a life in which you could confidently expect your skill for guessing passwords to be redundant by about the age of nine. That was when your mate down the road finally overcame his love of spy games and his obsessive desire not to allow you past his front door or into his garden shed without you first establishing his favourite crisp flavour. Unfortunately, however, it seems that mate, who subsequently spent his lunch hours in the school’s windowless computer room, up to his knees in punch cards, has long since taken over the world.

As the world rushes headlong into taking all manner of devices and systems online, there are few opportunities to sit back and consider the consequences of these decisions.

Australia had one such opportunity this week as a Senate inquiry heard testimony into how everything went wrong during Census night on August 9.

Google’s Pixel phones – and a number of Huawei devices – feature some pretty nifty shortcuts you can access using the fingerprint sensor. But these are no longer exclusive to those handsets, as someone at the XDA Developers forums has created an APK which brings the functionality to any phone with a fingerprint reader running Android 6.0 or above.

The Shadow Brokers have returned and are trying to spook the U.S. government this Halloween. The hackers, who’d previously claimed to have leaked a portion of the National Security Agency’s digital arsenal, today published files that experts believe show which foreign servers were compromised by the NSA to expand its espionage operations.

The Shadow Brokers hacking group has posted a fresh dump containing a list of servers compromised by an NSA-linked group.

The list contains historic targets of the Equation Group. Mail providers, universities and targets in China make up the bulk of the roster. Each were targets of INTONATION and PITCHIMPAIR, codenames for cyber-spy hacking programmes.

In the last few weeks, the internet has witnessed some of the worst cyberattacks ever.

All these attacks have been powered by a zombie army, or botnet, of easy-to-hack internet-connected devices such as cameras and DVRs, infected with an amateurish but extremely effective malware called Mirai.

Yeah, it probably seems a drag to have to keep updating your iPhone so frequently, and everyone gets lazy sometimes. Plus, if you've been keeping up with the news, you probably already updated it in August/ September to patch against a serious security flaw enabling the first ever remote attack to succeed in installing malware on the iPhone.

Attackers are abusing yet another widely used protocol in order to amplify distributed denial-of-service attacks: the Lightweight Directory Access Protocol (LDAP), which is used for directory services on corporate networks.

DDoS mitigation provider Corero Network Security recently observed an attack against its customers that was reflected and amplified through Connectionless LDAP (CLDAP), a variant of LDAP that uses the User Datagram Protocol (UDP) for transport.

If you kept trying to access Twitter, Reddit, Spotify or Netflix during Friday's massive internet outage, you were part of the problem.

Dyn, the company that manages traffic for those sites and that toppled under a huge cyberattack last week explained in a blog post Wednesday how it all went wrong.

Domain Name Service (DNS) provider Dyn today provided new details about the massive distributed denial-of-service (DDoS) attack on Oct. 21 it suffered that disrupted major websites including Okta, CNN, Pinterest, Reddit, and Twitter, and confirmed that the infamous Mirai botnet was the main culprit.

Scott Hilton, executive vice president of product for Dyn, in a blog post said the attackers employed masked TCP and UDP traffic via Port 53 in the attack as well as recursive DNS retry traffic, "further exacerbating its impact," he said.