The cameras of more than 100 automated license plate readers have been streaming live on the web, “often with totally open Web pages accessible by anyone with a browser,” the Electronic Frontier Foundation (EFF) said in a new report released last week. The EFF says it learned about the lack of security around these cameras...

This week, the White House unveiled a new strategy for modernizing the US government’s cybersecurity, and there’s a lot of work to be done. Last year, a US Senate report found the government’s cybersecurity to be shockingly bad; even computer systems at the US Department of Homeland Security, an agency with significant cybersecurity responsibilities, were found to have...

A controversial hacking company recently ran a competition offering $3m for up to three click-to-own exploits against Apple’s iOS. The exploits would be sold on to “eligible customers” only. The competition is now closed, but one exploit apparently met the grade and will earn $1,000,000. We investigate: what “click-to-own” means, why exploits of this sort...

An extremely serious vulnerability lay undiscovered at the heart of much of The Cloud for seven years. The vulnerability (CVE-2015-7835), which affects the Xen hypervisor software used by Cloud hosting companies like Amazon Web Services, is so serious that it was widely patched under embargo before being disclosed on 29 October 2015. It was discovered by 栾尚聪 (好风) of Alibaba and affects Xen software from...

Anyone who is concerned about their privacy, or the potential impact of government surveillance on their lives, will be pleased to learn that The Onion Router (TOR) Project has released a new, easy-to-use, beta version of its Tor Messenger client. Based on Instantbird, a cross-platform instant messenger tool developed by the Mozilla community, it has been...

UK police are after cyber snooping powers equivalent to what, in an analog world, would be knowing what magazines you read but not which articles or page numbers. The Investigatory Power Bill, a draft of which had been due to be published this week, is being viewed by many as the latest twist on the...

A few readers have contacted us to say that they got going OK with the latest #sophospuzzle… …but then they got stuck and didn’t really know how to continue. We gave a number of hints via the #sophospuzzle hashtag on Twitter, which helped a few of you over the line. But Twitter isn’t really the...

Jealous lovers or suspicious spouses might be tempted to spy on their significant other’s smartphone – to snoop on texts or phone calls, peek at contacts, or scour the device for files such as photos. Some companies like mSpy and StealthGenie freely market spying apps that help snoopers to do all of those things, and more, without the device user’s...

When I was a youngster in the ’80s, a talking toy bear called Teddy Ruxpin was all the rage. Teddy was no Ted, the foul-mouthed stuffed bear who comes to life in the raunchy 2012 film (and its sequel): Teddy Ruxpin couldn’t interact with you; he was more of a furry cassette tape player with animatronic eyes and...

Timing attacks are an interesting part of computer security. As an extreme example, imagine that your computer took one second to verify each character in your login password. And now imagine that it stopped checking at the first wrong character, for reasons of efficiency. You could quickly figure out the right password by timing how...