Security

In 2004, the Federal Bureau of Investigation issued a National Security Letter (NSL) to a New York Internet service provider called Calyx. It’s a type of governmental information request that became much more common as a result of the passing of the USA Patriot Act in 2001, just after September 11.

All this time, this specific NSL — and hundreds of thousands of others — has been under wraps thanks to a gag order. But today this document is publicly available for the first time, following U.S. District Judge Victor Marrero’s decision to lift the gag order in September.

The CryptoWall 4.0 ransomware is being spread via exploit kits, with the Nuclear exploit kit (EK) being the first major crimekit to infect machines with this type of malware, Rackspace security researcher Brad Duncan has discovered.

Microsoft has killed Dell's user-pwning root certificate and its self-reinstalling .dll with its antivirus Defender tool.

The certificate is a big blunder because it opens a universal means for attackers on public networks to hose new Dell laptops.

That's because bright minds planted a self-signed certificate and private key on new laptops which allows attackers on public WiFi to steal otherwise encrypted usernames, passwords, and other sensitive data.

"Let's play Global Thermonuclear War."

Thirty-two years ago, just months after the release of the movie WarGames, the world came the closest it ever has to nuclear Armageddon. In the movie version of a global near-death experience, a teenage hacker messing around with an artificial intelligence program that just happened to control the American nuclear missile force unleashes chaos. In reality, a very different computer program run by the Soviets fed growing paranoia about the intentions of the United States, very nearly triggering a nuclear war.

Node.js is facing two security vulnerabilities, including a potentially major denial-of-service issue, with patches for the problems not available for a week. Releases of Node.js ranging from 0.12 to version 5 are vulnerable to one or both issues.

It looks like a computer hacker who goes by the moniker “mr.grey” has made him or herself a wanted person by the FBI. The offence? “mr. grey” has made off with login information for more than 1.2 billion online accounts. Apparently, this particular hacker has been linked to numerous stolen logins via a Russian email address.

It's what we all assumed, but quietly hoped wasn't quite this bad.

Lazy makers of home routers and the Internet of Things are reusing the same small set of hardcoded security keys, leaving them open to hijacking en masse, researchers have warned.

DELL isn't having a good week. A second root certificate has been found on its PCs and laptops, that could leave users' personal information vulnerable to hackers.

The second certificate, called DSDTestProvider, is installed by an application called Dell System Detect (DSD), which users are prompted to download and install when they visit the Dell support website.

Just under a week after Starwood Hotels revealed that its payment system had been compromised by malware, American hospitality conglomerate, Hilton Worldwide, has confirmed that its system was hit by a similar attack.

Major U.S. computer company Dell Inc [DI.UL] said on Monday a security hole exists in some of its recently shipped laptops that could make it easy for hackers to access users’ private data.

A pre-installed program on some newly purchased Dell laptops that can only be removed manually by consumers makes them vulnerable to cyber intrusions that may allow hackers to read encrypted messages and redirect browser traffic to spoofs of real websites such as Google or those belonging to a bank, among other attacks.