On newer phones, the researchers say, the most dangerous vulnerability – that the attacker can get access to the Android userspace – has been plugged. An attacker can still, however, place calls and send text messages.On older devices (their example is an S4 mini), commands can be used to abuse some Android settings. For example, the AT+USBDEBUG command enables USB debugging, and AT+WIFIVALUE enables the device's Wi-Fi.ACSC 2016 Australians are having their retirement savings accounts drained as hackers move to breach broker platforms rather than the tougher target that is banking infrastructure.The Australian Federal Police AFP are investigating a spike in breaches against devices used by brokers who administer boutique, self-managed superannuation funds. Some brokers manage hundreds of such funds, a service that helps investors who think they can do better by picking their own retirement savings-boosters instead of relying on a larger fund.Self-managing a fund may be financially prudent. But the AFP warns that service providers are not as security-savvy as large superannuation funds.
“Some of these brokers are running Bittorrent, Counterstrike, and then logging into broker software and managing hundreds of accounts,” Australian Federal Police cybercrime team leader Scott Mellis told The Register.The easy target that is a poorly-managed PC means criminals have “tried their trojans and are now moving away from targeting banks,” Mellis added.Mellis says breached brokers have fixed their poor security postures after being notified by the Federal Police.Australians can withdraw superannuation funds before the age of 55 only under limited circumstances.The Australian Securities and Investments Commission says scammers exploit this allowance by using stolen identity credentials to set up self-managed super funds where balances and be transferred and then withdrawn.The free HTTPS certificate service says that not much will change, other than shedding the beta label.Since our beta began in September 2015 we've issued more than 1.7 million certificates for more than 3.8 million websites, the team said on Tuesday.
We've gained tremendous operational experience and confidence in our systems. The beta label is simply not necessary any more.Along with dropping its beta label, Let's Encrypt announced Tuesday that it had signed a fresh round of sponsorship deals, including one with Hewlett Packard Enterprise, which will be joining as a silver sponsor. Meanwhile, Cisco and Akamai renewed their platinum sponsor agreements and Gemalto said it would be backing Let's Encrypt as a gold sponsor. The snafu stemmed from a database crash. Problems first surfaced at 1000 UTC (1100 BST) on Monday and dragged on until lunchtime on Tuesday, as detailed in a series of updates to Symantec.cloud’s client portal (extract below) from Tuesday breakfasttime.Our engineers have advised that the database restoration process is nearing completion with error checking and analysis to follow. Our infrastructure team continue to investigate all possible options to bring the service to production as quickly as possible. Please accept our profuse apologies for any inconvenience caused.
The glitch affected access to the portal and therefore affected customers’ ability to manage their accounts. El Reg understands that the message filtering service offered by Symantec.cloud (formerly MessageLabs) nonetheless operated as normal.
Without this you cannot register/remove email addresses or perform any changes, Jon, one of two Reg readers who notified us about issues, commented. Apparently the $6bn company only has one copy of their Portal database.UK spy agency GCHQ tried to prevent a Harry Potter book from being leaked online, according to its publisher.Reminding people that the listening post doesn't use its extraordinary broad powers solely in the pursuit of terrorism, publisher Nigel Newton of Bloomsbury recalled how he was approached in 2005 by GCHQ after the snoops thought they discovered an early copy of The Half Blood-Prince online.Someone from GCHQ then read out a page from the book to an editor, who said it was actually fake, Newton told Australia's ABC radio. The Sunday Times asked GCHQ for a comment and it responded: We don't comment on our defense against the dark arts.Which is pretty funny if you choose to forget that the agency claims it scours the internet and stores vast databases of information on everyone solely in the pursuit of, er, serious crime and terrorism. IBM Watson Health has closed its $2.6bn acquisition of Truven Health Analytics. The deal is set to bring medical data into Big Blue's health-data business arm, specifically covering cost, claims, quality and outcomes information. El Reg has provided more information on the acquisition here.
Here we go, you’re thinking: yet another puerile SftWS column opening with cheap sexual innuendo. Well, not this time, young Bucky. It’s been four years almost to the day since I first began writing these weekly rantings, so it’s about time I put an end to such smut.Allow me to put things into their proper context. The woman ringing the doorbell is an engineer. She is carrying a metal toolcase in one hand and a ruggedised laptop in the other. See? Perfectly straightforward. No more innuendo from me.Not wanting to waste time, she demands that I show her my Things.OK, sorry, I couldn’t resist – old habits die hard and all that. Let me continue. The engineer has come over to investigate a problem with one of my Internet of Things devices. Things you see? I’m so funny, I could crap myself.My house is full of IoT devices, from stationary items such as my fridge-freezer to those that trundle around the house by themselves all day, such as my vacuum cleaner. One of them has broken down and refuses to self-reboot. The last thing it did before going offline was to send out a distress message to the manufacturer’s service agent, hence the engineer visit.