Skip to main content

Security

‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs

posted onDecember 5, 2017
by l33tdawg

Pretending to be someone you're not in an email has never been quite hard enough—hence phishing, that eternal scourge of internet security. But now one researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing, imperfect protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient.

PayPal's TIO data breach: 1.6 million customers' personal details stolen by hackers

posted onDecember 4, 2017
by l33tdawg

PayPal has revealed that its recently acquired company TIO Networks has suffered a data breach compromising the personal information of 1.6 million customers. PayPal bought the Canadian payment processing company, which has over 60,000 utility and bills payment kiosks across North America, for $238m (£177m) in cash in July.

On Friday, 1 December, PayPal said a review of TIO's network showed evidence of a breach that may have compromised the details of about 1.6 million users, including locations that stored personal data of TIO customers and customers of TIO billers.

Nadine Dorries under fire for lax attitude to cybersecurity

posted onDecember 3, 2017
by l33tdawg

Conservative MP Nadine Dorries has come under fire for having a lax attitude to cybersecurity after divulging on Twitter that she shares her login and passwords with staff, including temporary interns.

She was defending her colleague, Damian Green, who has been accused of having pornography on his Commons computer, when she made the admission.

Updating macOS can bring back the nasty “root” security bug

posted onDecember 3, 2017
by l33tdawg

The serious and surprising root security bug in macOS High Sierra is back for some users, shortly after Apple declared it fixed. Users who had not installed macOS 10.13.1 (and thus were running a prior version of the OS when they received the security update) found that installing 10.13.1 resurfaced the bug, according to a report from Wired.

Blockchains Are Poised to End the Password Era

posted onNovember 30, 2017
by l33tdawg

The massive password heists keeping coming, and one thing is certain: the way we prove our identities online is in need of a major upgrade. A growing chorus of technologists and entrepreneurs is convinced that the key to revolutionizing digital identity can be found in the same technology that runs cryptocurrencies.

HP Caught Installing Spyware on Windows 10 PCs Without Permission

posted onNovember 30, 2017
by l33tdawg

HP has been caught installing a new telemetry-gathering system on its Windows 10 PCs without informing users it was doing or so requesting permission to gather data. In a recent update (it’s not clear if HP or Microsoft pushed out the software), multiple HP owners have reported the “HP TouchPoint Analytics Client” is connecting on a daily basis to upload various information to HP’s servers.

Detlef Krentz contacted Borncity to report the software, writing:

New security update fixes macOS root bug

posted onNovember 30, 2017
by l33tdawg

Yesterday we learned that Apple had made a serious security error in macOS—a bug that, under certain conditions, allowed anyone to log in as a system administrator on a Mac running High Sierra by simply typing in "root" as the username and leaving the password field blank. Apple says that vulnerability has now been fixed with a security update that became available for download this morning on the Mac App Store. Further, the update will automatically be applied to Macs running High Sierra 10.13.1 later today.