My van was built 15 years ago by Mazda in Japan as a multi-purpose 'people carrier' vehicle with the unlikely name of a Bongo. It has survived the years well, and I have now converted it into a camper van. Another 15 year old that travelled across the globe has not survived the passage time, and we can be thankful for that because I'm talking about the Love Bug. No, not Herbie the talking VW Beetle from those candy-sweet Disney films but rather a computer worm that spread like wildfire in May 2000. Also known as 'ILOVEYOU' thanks to the …

Member Avatar
Member Avatar
+3 forum 5

If you don't know who [Alan Turing](http://en.wikipedia.org/wiki/Alan_Turing) was, then shame on you. The British code breaker, mathematics genius and father of both computer science and artificial intelligence is rightly credited with helping to bring the second world war to an end. Turing was also gay, and that's where the shame has stuck firmly on the UK establishment for more than 60 years. Turing was convicted for 'homosexual activity' in 1952, and his punishment was to be chemically castrated. This shameful and appaling conviction meant that Turing was unable to continue his pioneering code-breaking work at Bletchley Park as he lost …

Member Avatar
Member Avatar
+8 forum 16

[ATTACH=RIGHT]22199[/ATTACH]Ever wondered just how many domain names there are on the Internet? DaniWeb has, and can reveal the answer as being an almost astonishing 215 million worldwide. According to global Internet infrastructure provider and domain registrar Verisign, more than five million domain names were added to the total during the second quarter of this year alone, which represents a growth rate of 2.5 percent above the previous three months. To put that into some perspective, that's a year on year growth in the number of Internet domains of 8.6 percent or some 16.9 million domains. If you were to look …

Member Avatar
Member Avatar
+3 forum 21

According to research from data recovery specialists Kroll Ontrack, some three quarters of those workers that had lost data on a broken device didn't attempt to ensure that information was irretrievable before disposing of the hardware. ![dwebdatarip](/attachments/large/0/dwebdatarip.jpg "dwebdatarip") It doesn't matter whether the hardware itself is a PC or laptop, removable drive, tablet or smartphone, the ugly truth remains that most people simply assume that if the device is dead then the data has died along with it. Actually, data lost through software corruption or hardware failure is more often than not recoverable - at least partially. The study revealed …

Member Avatar
Member Avatar
+2 forum 48

Adobe Flash users have been under attack from cybercriminals again, this time courtesy of [a zero day exploit kit by the name of Angler](http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html). The exploit kit has been readily available on the dark market, and hits vulnerabilities to be found in Flash Players up to 15.0.0.223, as well as the latest release. There is some uncertainty as to who is at risk from this kit, with some sources claiming Windows 8.1 and Google Chrome users are safe, while others tell me any version of Internet Explorer used with any version of Windows is at risk if Adobe Flash player …

Member Avatar
Member Avatar
+1 forum 8

News has broken this weekend that the personal data, including bank account details, of some 2.4 million customers of the Carphone Warehouse may have been compromised following a breach that the mobile phone retail giant is calling "a sophisticated cyber-attack." The company also warns that encrypted credit card data of up to 90,000 customers may have been accessed during the breach. Scotland Yard and the Information Commissioner's Office have both been notified, along with a security outfit specialising in forensic examination of such attacks. However, the statement from Carphone Warehouse, released on Saturday, and revealing that the compromised personal details …

Member Avatar
Member Avatar
+1 forum 7

Sanjib Mitra is a man who likes to be responsible and do the right thing. A year ago he discovered, quite by accident, that a little bit of URL tweaking could reveal personal data about people other than himself within a website database. He was completing a complicated application form himself when he was faced with a blank page and a browser back button that did nothing, so he tried changing numerical data at the end of the URL in an effort to salvage some of the information he had spent the previous hour entering. His reward was not time …

Member Avatar
Member Avatar
+0 forum 12

As [news breaks](http://www.usatoday.com/story/tech/2015/06/12/office-of-personnel-management-hack-china/71146452/) that a second breach at the federal Office of Personnel Management may have seen another set of data, potentially more valuable than that accessed during [the first](http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/), Philip Lieberman, President of privileged identity management specialists [Lieberman Software](http://www.liebsoft.com/), has been talking about what went wrong. Here's what he had to say on the matter: > The apparent US Government policy with regard to the protection of commercial enterprises attacked by nation states and others has been benign neglect (perhaps a shoulder to cry on). Current law and government policy forbid commercial enterprises to take any action against the …

Member Avatar
Member Avatar
+2 forum 5

Action video camera vendor GoPro has announced that it is riding into the Tour de France with a promotional [video](https://www.youtube.com/watch?v=X63m5r5jJlg) to celebrate being named the official camera of the world's largest annual sporting event with a worldwide television audience of some 4 billion people, but not before the BBC [reported](http://www.bbc.co.uk/news/technology-32934083) how GoPro cameras could be used to spy on their owners. According to security company Pen Test Partners, it is way too easy to take control of GoPro cameras and one of the partners at the outfit, Ken Munro, showed demonstrated how. He showed the BBC how a GoPro Hero4 …

Member Avatar
+1 forum 0

A couple of decades ago, in another life, I wrote a little script which would capture keystrokes and then store that data within the 'white space' of an image file. It was pretty crude, but it was also twenty years ago and to be honest nobody was really looking for stuff which was effectively hidden in plain sight that way. That way being the use of something called steganography, from the Greek steganos which means covered and graphie which means writing; so literally covered writing. I used it to good effect during my period as an explorer of networks belonging …

Member Avatar
Member Avatar
+3 forum 1

Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails including links to compromised sites serving up benign content if you are lucky and a malicious version of the Adobe Flash Player complete with the exploit code if you are not. Adobe has now [responded with a security update](https://helpx.adobe.com/security/products/flash-player/apsb15-14.html) with the following recommendations: Users of the Adobe Flash Player Desktop …

Member Avatar
Member Avatar
+2 forum 1

The Electronic Frontier Foundation (EFF) has released the latest version of its 'Who Has Your Back?' [report](https://www.eff.org/who-has-your-back-government-data-requests-2015) and accompanying infographic, and it makes for interesting reading. Once you appreciate that what the EFF is talking about here is how good, measured as a response to a handful of yes or no questions, a bunch of leading tech companies are at protecting our data from government snooping requests. It's not about privacy in the larger scheme of things, just from that particular angle. That said, let's look at how the EFF came to the conclusions that can be seen in the …

Member Avatar
+1 forum 0

[URL="http://www.pcadvisor.co.uk/poll/index.cfm?action=showresults&pid=3228421"]A new poll into Operating System popularity by a British computer magazine[/URL] has revealed that an incredible 37 percent of respondents are still using Windows XP. That's more than Windows 7 which managed to woo 30 percent of the folk taking part, and Vista could only garner a pretty poor 16 percent of support. This being a PC magazine it should come as no great surprise to see Linux being used by 8 percent of respondents and Mac OS by 7 percent. However, what was surprising was the sheer number of people who refuse to let Windows XP die. [attach]15712[/attach]Was …

Member Avatar
Member Avatar
+6 forum 760

Speaking to TrustedReviews this week, Alexander Moiseev, Kaspersky Europe's Managing Director, has warned that your car is at serious risk of being hacked. He is, however, wrong and I'm going to explain why. ![bongosmall.jpg](/attachments/large/0/a4cebc93cab0ce6d2a6e28f218a2de8d.jpg "align-center") Kaspersky Lab and Mr Moiseev may well insist that the threats to the automotive industry are very real, and very much here and now; and while I don't dispute that there are concerns I do think there is a very real element of [Mandy Rice-Davies Applies](https://en.wikipedia.org/wiki/MRDA_(slang)) about the entire debate. With the demise, albeit a long and drawn out death, of desktop AntiVirus as the …

Member Avatar
Member Avatar
+3 forum 7

It's been a year now since the Dyre malware family was first profiled, and there is no sign of infection rates slowing down. In fact, [reports](http://www.scmagazine.com/trend-micro-documents-new-malware-infections/article/418266/) would seem to suggest just the opposite with infections up from 4,000 at the end of last year to 9,000 at the start of this. The lion's share being split pretty evenly between European and North American users. So I was interested to spot this Tweet from Ronnie T [@iHeartMalware](https://twitter.com/iheartmalware) who is actually Ronnie Tokazowski, a senior researcher at PhishMe, which declares: "I'm tired of dumping #Dyre configurations by hand. So I wrote a …

Member Avatar
Member Avatar
+1 forum 4

Werner Vogel, Amazon Web Services (AWS) CTO, speaking at the AWS Summit in London yesterday has made the rather amazing claim that security in the cloud is "much stronger" than anything you can have on-premises. As someone who has been writing about information security for more than 20 years, and covering the cloud security beat for five, I can understand why he may say that. However, it doesn't mean that he was right; not for every customer, not for every implementation. If you are talking about the smaller end of the SME spectrum then, for the most part in my …

Member Avatar
Member Avatar
+1 forum 5

Researchers at security company AppRiver have issued a [warning](http://blog.appriver.com/2015/06/amazon-based-malware-targets-crypto-currency/) regarding a variant of the Fareit malware family which is using fake Amazon purchase confirmation emails to inject itself and steal any type of crypto currency that can be found on the target machine. ![amazonmalware.jpg](/attachments/large/0/4ed9d9dbe506fcd950aef08620e1e144.jpg "align-center") Troy Gill, manager of security research at AppRiver, details how his team have been monitoring, and blocking, what he describes as a stream of malicious emails during the last week. All posing as legitimate Amazon purchase confirmations, all stating that 'your order has been confirmed’ and all directing the reader to the attached, and infected, …

Member Avatar
+1 forum 0

Another month, another flaw related to the historical US export restrictions on cryptography; this time in the form of LogJam. It hits SSL 3.0 and TLS 1.0 which supported reduced-strength DHE_EXPORT ciphersuites, restricted to primes no longer than 512 bits, meaning that a man-in-the-middle attack is possible to force the usage of the lower export strength cipher without the user being aware and which impacts something like eight per cent of the top one million web domains and all the major web browser clients. Well almost, because Internet Explorer has already been patched (nice one Microsoft) with Firefox expected to …

Member Avatar
+2 forum 0

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html) that [a well established China-based hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected …

Member Avatar
+1 forum 0

As any fan of the The Matrix trilogy of films will tell you, the Keymaker is a character in The Matrix Reloaded who has the keys to provide Neo access to the system mainframe and by so doing hopefully save Zion from the ongoing sentinel attack. In the movie, the Keymaker was a little old Chinese man who held the keys to every door, every escape route, everything. In Apple OS X the equivalent is the Gatekeeper, a key technology which prevents malware from running on machines using that operating system. It does this by effectively locking the doors to …

Member Avatar
Member Avatar
+0 forum 3

One of the great things about social media is the way that it utilises the wisdom of crowds. This concept is perhaps best known through Wikipedia, where user editing can often create some wildly inaccurate entries in the short term but over time these get corrected by the larger volume of editors who truly care about the product they are using. Somewhere else that the wisdom of crowds has made an impact is the consumer review market. Most of my family, friends and work colleagues pretty much turn to the Internet for a quick and unbiased opinion before splashing the …

Member Avatar
Member Avatar
+1 forum 4

According to a [SecureList posting](https://securelist.com/blog/69462/darwin-nuke/) dated April 10th, researchers Anton Ivanov, Andrey Khudyakov, Maxim Zhuravlev and Andrey Rubin discovered a vulnerability in the Darwin kernel back in December 2014. Why is this of interest? Well, the Darwin kernel is an open source part of both the Apple operating systems. The vulnerability could allow remote attackers to launch a DDoS on a device running OS X 10.10 or iOS 8. More worryingly, it could allow the attackers to send just a single, solitary incorrect network packet in order to crash the target system and impact upon any corporate network it may …

Member Avatar
Member Avatar
+0 forum 1

Advert blocking software is thought to be used by something in the region of just five per cent of online users, or 150 million people of you prefer. It is, however, on the up; research conducted by Adobe and anti-adblocking campaigners PageFair suggests that ad blocking use rose by 70 per cent last year. Of the various options out there, Adblock Plus is one of the best known and most used. Which is why the company behind it, Eyeo GmbH, recently found itself on the sharp end of a court case in Germany seeking an injunction to prevent it from …

Member Avatar
+1 forum 0

Which 12 year old operating system which is still running on 11 million servers is about to die? Yep, that's the one: Microsoft Windows Server 2003 reaches 'end of life' status on July 14th. One of the longest running discussions on DaniWeb asks the question [Why does Windows XP refuse to die?](https://www.daniweb.com/hardware-and-software/microsoft-windows/windows-nt-2000-xp/news/294897/why-does-windows-xp-refuse-to-die) and I have my suspicions that we may be asking the same of Windows Server 2003 in the years to come. Which is fine as far as it goes, unfortunately that's not very far in terms of security as there will be no more security patches, updates or …

Member Avatar
Member Avatar
+2 forum 7

In what has quite possibly been one of the longest periods between security problems being revealed and action being taken, the Virginia Board of Elections voted on Tuesday to remove the certification of more than 300 AVS WINVote touchscreen voting machines. The Virginia Information Technology Agency, and consultancy Pro V&V, uncovered multiple flaws in the voting technology which had also been used in other states including Mississippi and Pennsylvania. The scandal here is that there have been concerted efforts to remove these machines from the electoral system since 2008 when experts investigating irregularities first flagged their concerns. They have consistently …

Member Avatar
Member Avatar
+2 forum 3

According to the latest [Verizon 2015 Data Breach Investigations Report](http://www.verizonenterprise.com/DBIR/) all but four per cent of the security incidents analyzed by researchers could be accounted for by just nine basic attack types. That's pretty useful information for enterprise looking to prioritize their approach to security in terms of establishing a stronger security posture. So, as far as the nearly 80,000 incidents that were analyzed to form the basis of the report, what were these nine basic patterns then? Verizon states that the nine threat patterns are: 1. Miscellaneous errors (such as sending an email to the wrong person for example) …

Member Avatar
+1 forum 0

It all started pretty well, with the announcement by Mozilla at the end of last month that the Firefox web browser would make the Internet a safer place by encrypting everything. That's everything, even those connections where the servers don't even support the HTTPS protocol. Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support HTTPS. The 'Opportunistic Encryption' (OE) feature essentially acts as a bridge between non-compliant plaintext HTTP connections and fully compliant and secure HTTPS …

Member Avatar
+1 forum 0

According to new research from Venafi, apparently some 74 percent of 'Forbes Global 2000 organizations' (or the big boys of business if you prefer) have yet to properly secure their public facing servers against the Heartbleed OpenSSL threat. That's a year after the thing broke for goodness sake! Venafi found that at least 580,000 hosts belonging to this elite group of enterprises were still vulnerable as full and proper threat remediation had not been applied. They were patched, yes, but did not bother with the equally important steps of replacing private keys and revoking the old certificates. Apparently, looking at …

Member Avatar
Member Avatar
+2 forum 4

The Google Glass wearable computing 'enhanced reality' project got off the ground this week at the Google I/O Developers Conference in San Francisco earlier this week. Around 6,000 developers were present to see a demonstration of the futuristic technology which integrates a small video-display suspended from the arm of the headset which is worn like a pair of spectacles. Complete with Internet connectivity, a battery in the arm and the ability to change the perspective of the video stream as you move your head, the Google Glass prototype is no heavier than a standard pair of sunglasses and just as …

Member Avatar
Member Avatar
+2 forum 26

It's that time of year again, and the latest [Secunia Vulnerability Review](http://secunia.com/vr2015/) has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised …

Member Avatar
+1 forum 0

The End.