Stories by Jeremy Kirk

Google+

Aloha point-of-sale terminal, sold on eBay, yields security surprises

Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal -- a brand of computerized cash register widely used in the hospitality industry -- on eBay for US$200.

The 'Rickmote' shows no mercy when it finds someone using Chromecast

Google's online media streaming tool, Chromecast, can be "Rickrolled" with a single click of entertainer Rick Astley's mug shot.

Mozilla's JPEG compression slims down file sizes

Mozilla has released an updated version of its JPEG compression tool that shaves down file sizes by 5 percent, a small figure but one that is significant for image-intensive Web services such as Facebook.

EA dismisses claim its Origin software spies on users

Gamemaker Electronic Arts dismissed a rumor on Tuesday that its download client called Origin secretly collects data from users' computers.

Critical design flaw in Active Directory could allow for a password change

Microsoft's widely used software for brokering network access has a critical design flaw, an Israeli security firm said, but Microsoft contends the issue has been long-known and defenses are in place.

LastPass discloses now-fixed vulnerabilities ahead of security conference

Popular password manager LastPass said it fixed two vulnerabilities that were found last year. The disclosure comes just ahead of a security conference where a research paper describing the problems is due to be presented.

Gmail users on iOS at risk of data interception

Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.

Source code for tiny 'Tinba' banking malware leaked

The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.

Google blocks bogus digital certificates issued in India

Google has blocked several digital certificates issued in India that could have been used to make bogus websites appear to be run by the Web giant.

Facebook kills Lecpetex botnet, which hit 250,000 computers

Facebook said police in Greece made two arrests last week in connection with a little-known spamming botnet called Lecpetex, which used hacked computers to mine the Litecoin virtual currency.

Spamhaus pushes for arrests of alleged DDoS participants

An antispam organization is pushing for quick law enforcement action against five people it alleges took part in one of the largest cyberattacks on record that caused Internet outages throughout Europe early last year.

Australian teen accepts police caution to avoid hacking charge

An Australian teenager has accepted a caution from police rather than face charges for discovering a vulnerability in the website of one of the country's public transport authorities late last year.

Encrypted instant messaging project seeks to obscure metadata

Security researchers have a working prototype of an instant messaging application that aims to thoroughly obscure and scrub evidence that two parties have been chatting.

Secret code indicates NSA tracks users of privacy tools, report says

A NSA spying tool is configured to snoop on an array of privacy programs used by journalists and dissidents, according to an analysis of never-before-seen code leaked by an unknown source.

Dimension Data to expand Earthwave security services worldwide

Dimension Data plans to expand worldwide a managed security service offering it brought under its wing with the acquisition of Sydney-based Earthwave last year.