Worried about the Tesco Bank attack? Here’s our advice NOV 7th 2016
Thousands of holders of current accounts with the UK’s Tesco Bank were unable to access online banking on Monday after some accounts were subjected to “online criminal activity” and money was stolen from some accounts.
Chief executive Benny Higgins said that “any financial loss as a result of this activity will be resolved fully by Tesco Bank”, and reassured users that any money stolen would be refunded “as soon as possible”.
Tesco Bank hasn’t said how the attack happened, nor who might have been behind it. So what should Tesco Bank customers do?
Glasses make facial recognition think you're a celebrity NOV 4th 2016
Good news for those who like to baffle facial recognition but need to do it on a tight budget: researchers have come up with glasses that effectively screw with the algorithms, yet don’t cost a fortune.
Not only that, but you can use them to impersonate celebrities - at least, as far as the systems’ artificial intelligence algorithms are concerned.
There’s no best way to handle disclosure of zero-day vulnerabilities NOV 4th 2016
Earlier this week, the headlines flashed with news that Google had disclosed a vulnerability to Microsoft that allows local privilege escalation in Windows 10. This vulnerability is a zero-day, meaning these vulnerabilities did not have an immediate fix, and by making these vulnerabilities public, theoretically an attacker could take advantage of this information and use the vulnerability to their own advantage.
Online crime leads to losses of £10.9 billion a year OCT 21st 2016
Just how much money are the UK’s people and small businesses losing to online crime? Depends on how you count, but according to new research from Get Safe Online and Action Fraud, the baseline figure is now a whopping £10.9 billion per year.
That estimate is based on criminal activity and losses reported to Action Fraud, the UK’s national fraud and cybercrime reporting center. That’s an average of £210 for every UK resident age 16 and up. But, as we all know, plenty of crime never gets reported.
Why you should be cautious of emails from friends or colleagues OCT 21st 2016
You’ve probably been warned about the risks of trusting emails from people you don’t know, and if you haven’t then our advice is to think twice before booking your dream holiday from an email claiming that you have won the lottery when you didn’t even buy a ticket!
But what about emails from your friends, colleagues, long-standing doctor or smart-suited solicitor?
Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know OCT 21st 2016
Here comes what we’re calling a bus-scenario BWAIN.
DirtyCOW, as it’s been satirically dubbed, is a kernel bug in Linux that’s been around for at least 11 years and as good as allows any existing user to turn themselves into the all-powerful system administrator known in the Linux world as root.
To explain: a bus scenario is where you don’t hear much about a particular security topic for a while, and then it comes up twice in quick succession, like those proverbial buses that keep you waiting for ages and then arrive in a bunch.
Netflix finds users’ passwords floating around online: change yours now!
OCT 17th 2016
Netflix is telling some password-reusing customers to reset those well-trodden logins after it spotted some of them in a batch of purloined credentials.
The news was first reported by AdWeek, where writer Steve Safran said on Friday that he’d received this email:
As part of our regular security monitoring, we discovered that credentials that match your Netflix email address and password were included in a release of email addresses and passwords from a breach at another company.
The email didn’t give details about how many accounts were affected.
$5 million dollars paid as Facebook’s bug bounty program turns 5 OCT 17th 2016
900 bugs. That’s a lot. $5,000,000. That’s a lot, too. That’s how many bugs Facebook’s pioneering bug bounty program has uncovered since it launched five years ago - and how much Facebook has paid for them.
The social network giant celebrated the program’s fifth anniversary with a blog post and self-assessment - and for anyone who’s either running or contemplating a bug bounty program, it’s quite instructive.
Is your router taking part in DDoS attacks right under your nose? OCT 14th 2016
We’ve written about BWAINs before.
A BWAIN is a Bug With An Impressive Name that has been given special marketing treatment in the hope of getting the right people to wake up and do something about it.
The more PR-savvy BWAINs even have their own logos, such as Heartbleed, HTTPoxy, Sweet32, Shellshock and ImageTragick.
Cyberbullies could be jailed in the UK for ruining people's lives OCT 10th 2016
Trolls who rally virtual mobs to attack others could face jail time, according to new guidelines published in the UK on Monday.
The social media guidelines make it crystal clear to prosecutors that those who encourage others to participate in online harassment campaigns can face charges of encouraging an offense under the Serious Crime Act 2007.
12-year-old gets €100,000 Google bill after confusing AdWords and AdSense
OCT 10th 2016
The kid had a plan: put up some music videos of his band on YouTube, plug into Google’s AdSense program to run ads alongside, make enough money to buy instruments, play music, get rich and go buy a mansion.
Is it really a good idea to scam the scammers? OCT 10th 2016
When scammers come calling, the temptation is to try and turn the tables on them. Some experts actually do, but is it a good idea for would-be vigilantes to follow suit?
Florian Lukavsky, director of application security services firm SEC Consult, is an expert at these things. He scammed a group of whalers by playing them at their own game.
Change your password! Yahoo confirms data breach of 500 million accounts SEPT 23rd 2016
Yahoo last night confirmed earlier reports that information pertaining to the unprecedented number of “at least” half a billion user accounts was stolen in a 2014 breach.
That may include names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with the password-hashing function bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
Twitter says government requests for data still climbing SEPT 23rd 2016
The growth in the number of government requests for user information that Twitter received over the past 6 months has slowed dramatically from its rapid increase over the past few years, according to its latest transparency report.
Government requests for account information were up only 2% more - and affected 8% more accounts - during the first half of 2016 than in the previous 6 months.
YouTube is cleaning up and it wants your help! SEPT 23rd 2016
Google is well aware that the hair-raising comments of YouTube users have turned the service into a fright fest.
It’s tried to drain the swamp. In February 2015, for example, it created a kid-safe app that would keep things like, oh, say, racist/anti-Semitic/homophobic comments or zombies from scaring the bejeezus out of young YouTubers.
Now, Google’s trying something new: it’s soliciting “YouTube Heroes” to don their mental hazmat suits and dive in to do some cleanup.
FBI Director James Comey wants you to cover your webcam SEPT 16th 2016
Director of the FBI (Federal Bureau of Investigation) James Comey puts tape over his webcam and he wants you to do it too.
Speaking at the recent Center for Strategic and International Studies conference on Wednesday, Comey likened covering your cam to locking your car and the door to your home.
Comey has spent 2016 generating headlines.
Google offers $200,000 for Android-busting exploit SEPT 15th 2016
Google has just announced a big-money bug-chasing competition for Android - and this one is a contest with an interesting twist.