British Prime Minister David Cameron has been warned that telecoms equipment made by Chinse firm Huawei should be tested by security services to protect against cyber attacks.
Here's a diagnostic window that your shouldn't panic over, certainly if some cold-calling scammer directs you to it by persuading you to run a diagnostic on your own system. But I'm getting ahead of myself. You might think I've blogged more than enough about support scams already – you know, where someone calls you out
…on the Twitter account owned by LulzSec that they had turned their attention to the NHS. Curiously enough, they seem to have been restrained and even responsible: while there’s an image out there of a message they claim to have sent to an administrator at an unidentified NHS site, they blacked out the details.
* Sorry, but I couldn't resist a Crosby reference. I was more than a little irritated over the weekend – see Faith, Hope, Charity and Manipulation - by Microsoft's use of the Japanese disaster to give the Bing search engine a little extra exposure using a chaintweet technique: How you can #SupportJapan – http://binged.it/fEh7iT. For every retweet,
…many scams work by panicking victims into taking some unwise action, whether it’s parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites…
While most of the recent media interest in Stuxnet has centred on the New York Times story, there’s been some thoughtful research published that considers it as just one aspect of larger issues: cyberwarfare, cyberespionage, cybersabotage and so on.
…there are a number of other potential risks from offers like this (as I’ve pointed out before) … Paying for software that’s actually free and for services that aren’t worth the money … Paying for software that turns out to be malicious … Parting with credit card and other data that might be misused…
Spoof or SPOF? IT Security reportage veteran John Markoff reports in the New York Times that the attack on Google's intellectual property reported in January was even more interesting (and disquieting) than most of us realized. According to an unnamed source, some of the information stolen related to the company's password system, Gaia. Gaia is a
Further to Pierre-Marc's blog yesterday about in-the-wild exploitation of the Java Development Kit vulnerability publicised by Tavis Ormandy, David Kennedy has brought to our attention a comprehensive article on the same topic published yesterday by FireEye's Atif Mushtaq. You may remember that Atif exchanged thoughts and info with us a while ago in relation to
I see that Bill Ray of the Register has also picked up on the iPad jailbreaking issue I blogged on yesterday. (No, I don't suppose he read it there.) Interestingly, though, he talks much less about the security implications than about the slow take-up of newspaper subscriptions among early adopters. Andy Greenberg, on the other hand,
This time last year I was on my way to Cambridge to deliver a presentation, having stayed up till the early hours of the morning to post a blog reporting that Conficker, although it had changed its behaviour, as we already knew it would, had not initiated the heat death of the Internet. What's really
Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in
Wearing my vendor-independent Apple/smartphone commentary hat, I've just posted a couple of blogs on the Mac Virus site that some of you might find of interest. OK, suit yourselves. ;-) "Touching (or Bumping) Base" addresses a mixed bag of issues: Charlie Miller's presentation on fuzzing for "20 zero-day holes … in closed source Apple products"
Security researchers work together and share information in many ways and in many contexts that aren't constrained by company boundaries, but it's unusual for security researchers working for different vendors to join forces in a company blog. However, John Leyden of The Register contacted us both when he was writing an article on the controversy following