Guardian newspaper columnist [Dawn Foster](https://twitter.com/DawnHFoster) posted images on Twitter this weekend showing how she was able to login to the official Conservative party conference app as Boris Johnson, until recently the UK Foreign Secretary. Not only was there no password required to login to the app, all that was required was an email address, but once in all the details of user registration were accessible. So, in the case of Alexander Boris de Pfeffel Johnson (yes, that is his real name) that meant contact details such as his mobile phone number. It also meant that the logged in user could …

Member Avatar
Member Avatar
+0 forum 6

I've been writing about various security risks in the health sector for many years now. Usually my articles cover patient privacy, data protection and health provider network insecurity issues. Occasionally, they spill over into darker territory where the cyber risk morphs into a very real one as far as the health of the patient is concerned. Take my story at SC Magazine a couple of years ago which reported how researchers at Rapid7 had uncovered vulnerabilities in an insulin pump that had the potential to change the dosage supplied. Sure, the actual risk of exploit was low given that an …

Member Avatar
Member Avatar
+1 forum 1

It has long since been argued that continued exposure to something over a length of time will reduce the shock value of whatever it happens to be, from violence in movies to swearing in public. Now according to a [URL="http://www.usatoday.com/news/health/2007-12-12-porn-study_N.htm"]report[/URL] researchers at the Brigham Young University have suggested that the availability of 'pocket porn' via the Internet and mobile phones has led to a sea change in how women react to pornography. The full study is to be published in the Journal of Adolescent Research in January, but enough detail has been leaked ahead of publication for us to know …

Member Avatar
Member Avatar
+0 forum 10

So you've lost access to your data through hardware failure or accidental erasure. What do you do? Like most cyber-warriors you naturally turn to the Internet, be that via a Google search or YouTube video, for help. That's a big mistake says [Kroll Ontrack](https://www.krollontrack.co.uk/blog/), a data recovery specialist, as self-inflicted permanent data loss is apparently on the up. Of course, there's going to be a certain amount of MRDA in this assertion. That's Mandy Rice-Davies Applies, or 'well he would say that, wouldn't he?' in case you wondered. As [Wikipedia says](https://en.wikipedia.org/wiki/MRDA), referencing an article of mine in the further reading …

Member Avatar
Member Avatar
+2 forum 8

Following the recent ransomware attacks that leveraged the WannaCrypt0r malware and NSA-developed EternalBlue vulnerability exploit, there was [plenty of advice](https://happygeek.com/?p=812) that backup, backup, backup was the best mitigation. Data backups are, of course, an important part of any business continuity strategy. However, what happens when your backups are also encrypted by ransomware? There are variants out there, in the wild, that will target shared network drives, that will use cloud backup desktop sync clients to encrypt that data as well. There are variants that will not declare themselves and post the ransom demands until they have been successfully encrypting backups …

Member Avatar
Member Avatar
+0 forum 7

Want to buy a Dell machine loaded with Linux? Shame, as it appears that Dell Europe would really rather you bought a Windows-powered one, despite having a website devoted entirely to selling Dell Ubuntu laptops. And, oh boy, does it use some strange arguments to dissuade you from becoming a Linux convert. [attach]15934[/attach]Three years ago Dell went Ubuntu bashing, making it really pretty hard to buy a Linux-loaded machine from the vendor. The Linux machines back then cost more than the Windows ones, there were warnings about it not being compatible with lots of software and to top it all …

Member Avatar
Member Avatar
+7 forum 35

It's hard for me to admit it but there are things, ten things to be exact, that I really hate about Linux. Sometimes I think it's just me but I do see other people stating a few of these in the forums so I'm at least not alone with some of these issues. These are in no particular order and they aren't just rants; they're legitimate problems and issues that I find annoying, destroying or cloying. Feel free to add your own to the list in the Comments section. [B]1. Too Many Good Distros[/B] - I hate the fact that …

Member Avatar
Member Avatar
+4 forum 55

[ATTACH=RIGHT]16325[/ATTACH]Today, the [I]Entertainment Software Association[/I] released findings from two studies by Dr. Christopher Ferguson of Texas A&M University. In an interesting twist, Dr. Ferguson's findings suggest that not only are violent video games okay to give to children, they may actually be beneficial. Video games are often blamed for violent outbursts, as are movies, television and [I]Catcher in the Rye[/I]. I lived in the same neighborhood as Columbine High School when the massacre took place. This particular tragedy was the first time I had heard video games being blamed for someone's behavior. Harris and Klebold reportedly liked playing [I]Doom[/I] - …

Member Avatar
Member Avatar
+1 forum 22

The UK's National Crime Agency (NCA) has said that it has dealt a "major blow to dark web markets." In a [statement](http://www.nationalcrimeagency.gov.uk/news/news-listings/483-international-law-enforcement-deals-major-blow-to-dark-web-markets) issued on the 7th November the NCA says that a coordinated operation between law enforcement agencies in Europe and the US has "targeted market places for illegal commodities on the dark web" and as part of this six people in the UK were arrested. Amongst those arrested in strikes closely coordinated with international partners in the US were the suspected administrators of Silk Road 2.0, the Tor accessed drugs and firearms market place. The NCA statement also claims …

Member Avatar
Member Avatar
+1 forum 7

Although it took eBay itself an absolute age to disclose that a serious breach had taken place, and then [completely screwed up the process of ensuring users change their passwords](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/479152/more-ebay-security-stupidity-exposed), this should come as no real surprise. Happygeeks' Law states: the larger the corporate, the longer it takes to admit anything and the bigger the chance it will handle it badly. What is surprising is that it has taken so long for the stolen database of user credentials to go up for sale on the dark market. If you consider that the breach itself happened a couple of months ago, …

Member Avatar
Member Avatar
+1 forum 4

The news that JPMorgan Chase & Co, which is the largest of the US banks with a reach that extends to half of all American households, has been breached will surprise nobody. At least not in the sense that this is old news, with a disclosure of the event happening in August. The actual breach was discovered by the bank back in July, and is thought to have been active for at least a month prior to that. What is surprising, however, is that a financial organisation of such a size and reputation should fall victim to such a breach …

Member Avatar
Member Avatar
+1 forum 2

My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the …

Member Avatar
Member Avatar
+3 forum 5

Hitachi has now announced a 1-terabyte internal hard drive, claiming they're the first to unveil a 1 terabyte hard drive in the industry. It doesn't sound terribly impressive, given the fact that storage mediums are increasing faster than you can blink an eye. However, they have done quite a feat if you look more closely. For one, the pricing is [I]very[/I] attractive. This hard drive costs a mere $399, cheaper than a lot of smaller-capicitated portable hard drives. This makes it quite inexpensive to get the huge amounts of storage, which will especially attract server-storage people. Secondly, they have made …

Member Avatar
Member Avatar
+0 forum 6

According to research from data recovery specialists Kroll Ontrack, some three quarters of those workers that had lost data on a broken device didn't attempt to ensure that information was irretrievable before disposing of the hardware. ![dwebdatarip](/attachments/large/0/dwebdatarip.jpg "dwebdatarip") It doesn't matter whether the hardware itself is a PC or laptop, removable drive, tablet or smartphone, the ugly truth remains that most people simply assume that if the device is dead then the data has died along with it. Actually, data lost through software corruption or hardware failure is more often than not recoverable - at least partially. The study revealed …

Member Avatar
Member Avatar
+2 forum 48

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of [a zero day exploit kit by the name of Angler](http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html). The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release. There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player …

Member Avatar
Member Avatar
+1 forum 8

News has broken this weekend that the personal data, including bank account details, of some 2.4 million customers of the Carphone Warehouse may have been compromised following a breach that the mobile phone retail giant is calling "a sophisticated cyber-attack." The company also warns that encrypted credit card data of up to 90,000 customers may have been accessed during the breach. Scotland Yard and the Information Commissioner's Office have both been notified, along with a security outfit specialising in forensic examination of such attacks. However, the statement from Carphone Warehouse, released on Saturday, and revealing that the compromised personal details …

Member Avatar
Member Avatar
+1 forum 7

Sanjib Mitra is a man who likes to be responsible and do the right thing. A year ago he discovered, quite by accident, that a little bit of URL tweaking could reveal personal data about people other than himself within a website database. He was completing a complicated application form himself when he was faced with a blank page and a browser back button that did nothing, so he tried changing numerical data at the end of the URL in an effort to salvage some of the information he had spent the previous hour entering. His reward was not time …

Member Avatar
Member Avatar
+0 forum 12

Action video camera vendor GoPro has announced that it is riding into the Tour de France with a promotional [video](https://www.youtube.com/watch?v=X63m5r5jJlg) to celebrate being named the official camera of the world's largest annual sporting event with a worldwide television audience of some 4 billion people, but not before the BBC [reported](http://www.bbc.co.uk/news/technology-32934083) how GoPro cameras could be used to spy on their owners. According to security company Pen Test Partners, it is way too easy to take control of GoPro cameras and one of the partners at the outfit, Ken Munro, showed demonstrated how. He showed the BBC how a GoPro Hero4 …

Member Avatar
+1 forum 0

A couple of decades ago, in another life, I wrote a little script which would capture keystrokes and then store that data within the 'white space' of an image file. It was pretty crude, but it was also twenty years ago and to be honest nobody was really looking for stuff which was effectively hidden in plain sight that way. That way being the use of something called steganography, from the Greek steganos which means covered and graphie which means writing; so literally covered writing. I used it to good effect during my period as an explorer of networks belonging …

Member Avatar
Member Avatar
+3 forum 1

[URL="http://www.pcadvisor.co.uk/poll/index.cfm?action=showresults&pid=3228421"]A new poll into Operating System popularity by a British computer magazine[/URL] has revealed that an incredible 37 percent of respondents are still using Windows XP. That's more than Windows 7 which managed to woo 30 percent of the folk taking part, and Vista could only garner a pretty poor 16 percent of support. This being a PC magazine it should come as no great surprise to see Linux being used by 8 percent of respondents and Mac OS by 7 percent. However, what was surprising was the sheer number of people who refuse to let Windows XP die. [attach]15712[/attach]Was …

Member Avatar
Member Avatar
+6 forum 760

Werner Vogel, Amazon Web Services (AWS) CTO, speaking at the AWS Summit in London yesterday has made the rather amazing claim that security in the cloud is "much stronger" than anything you can have on-premises. As someone who has been writing about information security for more than 20 years, and covering the cloud security beat for five, I can understand why he may say that. However, it doesn't mean that he was right; not for every customer, not for every implementation. If you are talking about the smaller end of the SME spectrum then, for the most part in my …

Member Avatar
Member Avatar
+1 forum 5

As any fan of the The Matrix trilogy of films will tell you, the Keymaker is a character in The Matrix Reloaded who has the keys to provide Neo access to the system mainframe and by so doing hopefully save Zion from the ongoing sentinel attack. In the movie, the Keymaker was a little old Chinese man who held the keys to every door, every escape route, everything. In Apple OS X the equivalent is the Gatekeeper, a key technology which prevents malware from running on machines using that operating system. It does this by effectively locking the doors to …

Member Avatar
Member Avatar
+0 forum 3

According to a [SecureList posting](https://securelist.com/blog/69462/darwin-nuke/) dated April 10th, researchers Anton Ivanov, Andrey Khudyakov, Maxim Zhuravlev and Andrey Rubin discovered a vulnerability in the Darwin kernel back in December 2014. Why is this of interest? Well, the Darwin kernel is an open source part of both the Apple operating systems. The vulnerability could allow remote attackers to launch a DDoS on a device running OS X 10.10 or iOS 8. More worryingly, it could allow the attackers to send just a single, solitary incorrect network packet in order to crash the target system and impact upon any corporate network it may …

Member Avatar
Member Avatar
+0 forum 1

Which 12 year old operating system which is still running on 11 million servers is about to die? Yep, that's the one: Microsoft Windows Server 2003 reaches 'end of life' status on July 14th. One of the longest running discussions on DaniWeb asks the question [Why does Windows XP refuse to die?](https://www.daniweb.com/hardware-and-software/microsoft-windows/windows-nt-2000-xp/news/294897/why-does-windows-xp-refuse-to-die) and I have my suspicions that we may be asking the same of Windows Server 2003 in the years to come. Which is fine as far as it goes, unfortunately that's not very far in terms of security as there will be no more security patches, updates or …

Member Avatar
Member Avatar
+2 forum 7

Security is, more often than not, a case of getting the basics right. This is certainly true of the cloud where the hyperbole surrounding insecurity far outweighs the actual risk in my opinion. Not that the cloud is an inherently secure place to store data, just that it poses similar risks to other data storage methodologies which need to be assessed and dealt with accordingly. So when I hear statistics being bandied about such as '68 per cent of employees use personal cloud storage services at work' as was thrown in my direction this last week, I cannot help but …

Member Avatar
Member Avatar
+2 forum 4

According to new research from Venafi, apparently some 74 percent of 'Forbes Global 2000 organizations' (or the big boys of business if you prefer) have yet to properly secure their public facing servers against the Heartbleed OpenSSL threat. That's a year after the thing broke for goodness sake! Venafi found that at least 580,000 hosts belonging to this elite group of enterprises were still vulnerable as full and proper threat remediation had not been applied. They were patched, yes, but did not bother with the equally important steps of replacing private keys and revoking the old certificates. Apparently, looking at …

Member Avatar
Member Avatar
+2 forum 4

The Google Glass wearable computing 'enhanced reality' project got off the ground this week at the Google I/O Developers Conference in San Francisco earlier this week. Around 6,000 developers were present to see a demonstration of the futuristic technology which integrates a small video-display suspended from the arm of the headset which is worn like a pair of spectacles. Complete with Internet connectivity, a battery in the arm and the ability to change the perspective of the video stream as you move your head, the Google Glass prototype is no heavier than a standard pair of sunglasses and just as …

Member Avatar
Member Avatar
+2 forum 26

It's that time of year again, and the latest [Secunia Vulnerability Review](http://secunia.com/vr2015/) has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised …

Member Avatar
+1 forum 0

Halifax is the town in West Yorkshire where I live, and it also happens to be the name of a well known UK Bank which started life there. Best known on the this side of the pond for TV adverts featuring a friendly chap called Howard Brown, a former customer services representative and sales ambassador for HBOS which owns the Halifax. If recent reports are correct, then before long the Halifax could also gain notoriety for replacing passwords and PIN codes with bio-metrics. Not just any old biometrics mind, none of this old-fashioned fingerprint scanning malarkey for Howard and co; …

Member Avatar
Member Avatar
+0 forum 3

In his essay '[A Few Thoughts on Cryptographic Engineering](http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html)' Matthew Green, a cryptographer and research professor at Johns Hopkins University, asks "how the hell is NSA breaking SSL?" If this is news to you, following the Edward Snowden revelations in The Guardian, then you obviously haven't read the New York Times piece about the NSA 'Bullrun' [briefing sheet](http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1&) which quite plainly states that the agency has been circumventing exactly the type of encryption protection of everyday Internet communications that we take for granted, such as SSL (Secure Sockets Layer). Of course, as Green has hinted at here, it's not the …

Member Avatar
Member Avatar
+3 forum 5

The End.