Security

Reports that 3 million "smart" toothbrushes were hacked and weaponized turn out to be misleading at best. It appears to have been a mistranslation or misunderstanding. The reports first surfaced last week in Switzerland and involved toothbrushes ... supposedly running the Java computer language. They were said to have been hacked and used for a distributed denial of service (DDoS) attack that caused huge disruption and financial costs to a targeted business. Not every element of the story is as completely ridiculous as it might seem. "Smart" toothbrushes do exist, with connections to smartphone ... (view more)

If you still have the skills for Windows 3.11, you may have been a candidate for a recent job ad in Germany. It appears the role, using the 30-year-old system, has been filled. The vacancy was advertised by national railway company Deutsche Bahn. ... The successful candidate would be assigned to Siemens, which is responsible for the rail tech division for the train control system. The role would involve keeping old systems operational so that train drivers could get real time information about equipment. The Register notes that although Windows 3.11's release in November 1993 is almost ... (view more)

Windows 10 devices are set to become insecure next year unless users pay an extra fee. But with warnings of 240 million devices "going to landfill", it remains possible Microsoft will blink at the last moment. That Windows 10 reaches the end of its ... support period on October 14, 2025 is no secret: it's long been on Microsoft's support calendar and is in line with the company's policy of 10 years support. From that date, Microsoft will no longer issue free security updates. As happened with Windows 7, Microsoft will offer a paid update service for people in "circumstances that could prevent you ... (view more)

A leak of around 26 billion user records has been labeled "the mother of all breaches." It's a major reminder of the downsides of reusing the same passwords on multiple sites. The collection of records is not a single stolen database. Instead, it ... appears to be a massive compilation of databases that have either been leaked before or sold on the black market. The database was spotted online by security researchers, likely a sign that whoever compiled it screwed up somewhere by mistakenly making it accessible. The researchers noted the database was extremely well indexed and organized. The ... (view more)

DNA and ancestry site 23andMe has told victims of a major hack that it's their fault for not using unique passwords. The claim came in a letter aimed deterring victims from proceeding with a class action case. The site admitted last month that ... almost 7 million customers have been affected by a data breach. Hackers directly accessed personal data including DNA information of about 14,000 people. However, they were able to get some personal data of another 6.9 million people that enabled a feature to share information with potential relatives. Unsurprisingly, this led to legal action from ... (view more)

Apple is beefing up security measures to reduce the damage caused by iPhone thefts. The new "Stolen Device Protection" feature is opt-in, possibly because it comes at the expense of convenience. The feature is designed for cases when somebody steals ... a device and successfully enters the passcode. That could happen when a thief spots somebody typing in the passcode before they steal the handset. It could also happen if the thief knows some details about the victim and they have a predictable passcode such as a birth date. Anyone who unlocks a phone will still be able to use it and access apps ... (view more)

Tougher rules mean digital device and software manufacturers will have to report security breaches more quickly. They'll also have to offer security patches for at least five years. The rules come from the European Union. They technically only cover ... products sold in EU member countries, though in many such cases manufacturers change their behavior worldwide to comply with the rules. The financial penalties for breaking the rules take into account global turnover. The rules, which will become the Cyber Resilience Act, cover "products with digital elements." These include smart and connected ... (view more)

Mac users have been warned to watch out for bogus updates to the Safari and Chrome browsers. It's a scam to spread data-stealing malware. The AMOS malware, also called Atomic Stealer, is particularly nasty as it targets data stored or transmitted by ... web browsers. This includes login details, passwords, and credit card numbers. It also looks for cryptocurrency wallets, which give access to Bitcoin and other cryptocurrencies that can be stolen and turned into cash. (Source: malwarebytes.com ) The malware has been around since the spring when the scammers targeted people searching for popular ... (view more)

Around one in a million computer encryption keys are faulty and could be compromised according to researchers. While it sounds like an obscure issue, it could be exploited by security agencies at both friendly and hostile governments. The problem is ... with the RSA encryption that's widely used for online security. It works by users having two security keys (lengthy codes), one public and one private. The public key is used for encrypting data, while the private key is needed to decrypt it. The system also allows users to "sign" encrypted messages so that recipients know the supposed sender is ... (view more)

One of the world's largest libraries has been hit by a major ransomware attack. It's an example of an increasingly common "double-dip" attack. The attackers have not simply encrypted the British Library's files until they receive a payment, which is ... the usual core ransomware goal. Instead, they are threatening to auction off sensitive employee data seized in the attack. The library has an estimated collection of up to 200 million items, including a copy of every book published in the United Kingdom. It's also a key research facility for historians. Among other systems, the library has an ... (view more)