Top 10 Stories

  The Register: The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the systems of a third-party registrar. This compromised access allowed the miscreants to circumvent security controls and get into...

  SC Magazine: The US-CERT agency has added its weight to the rising tide of warnings about Windows XP going EOL (End-of-Life) on April 8, noting that Windows XP and Internet Explorer is a bad mix. Interestingly, however, the US Computer Emergency Readiness Team has acknowledged the fact that some business - notably those that use embedded versions of XP - may have to remain with the ageing Windows operating system, saying that if you...

  TechWeekEurope: A whopping $400,000 has already been given out at the Pwn2Own hacking contest this week, with three of the world’s most popular browsers exploited by participants. France-based exploit merchant Vupen walked away with most of the day one prize money, winning $300,000 for showing off exploits of Adobe Flash, Reader, Internet Explorer and Mozilla Firefox.  

Infosecurity: Senator Dianne Feinstein, head of the Senate Intelligence Committee that oversees the US intelligence services, took to the floor Tuesday and denounced the CIA. Her actions are all the more stunning given her general support of the NSA's mass surveillance programs – but it immediately shows signs of the very fear she expressed: a battle for supremacy between Congress and the CIA. "I come to the Senate floor reluctantly," she said; but "the increasing amount...

Red Orbit: A Good Samaritan hacker has notified an app developer and the public of a vulnerability in the free messaging app WhatsApp that allows other app developers to access chat histories, rather than exploiting the flaw. Netherlands-based IT specialist Bas Bosschert offered details in a post on his blog, “Steal WhatsApp database (PoC).” Bosschert and his brother were determined to answer the question “Is it possible to upload and read the WhatsApp from another Android application?” The short answer,...

Softpedia: A shocking story from Romania. A man has committed suicide after his computer got infected with police ransomware. He took his own life because there was no way he could pay the massive fine. Police ransomware is a common threat. However, so far, the worst-case scenario has been that victims agreed to pay up the bogus fines. Police ransomware is a common threat. However, so far, the worst-case scenario has been that victims agreed to pay...

BBC News: Plans to teach children as young as 11 about careers in cyber-security have been announced. New learning materials would be offered to UK schools to publicise jobs in the sector, the Department for Business, Innovations and Skills said.  

Guardian: Access to the data of more than a million teenagers and students and thousands of their parents is being sold to advertisers such as mobile phone and energy drinks companies by Ucas, the university applications body. The Universities and Colleges Admissions Service received more than £12m last year in return for targeted advertising and sales of the emails and addresses of subscribers as young as 16.  

The Register: Amystery worm that burrowed into US military computers to steal secrets six years ago may have inspired the development of subsequent government-grade malwareRed October, Turla, Flame and Gauss. Researchers at Kaspersky Lab reached this conclusion after finding similarities between Agent.btz – the worm that attacked in 2008 – and Turla, a powerful computer espionage tool that was only discovered last month.  

  SC Magazine: Security consultant Bas Bosschert picked up on the flaw in a blog post on Tuesday, where he detailed how WhatsApp – which was acquired by Facebook for US$16 billion last month – saves private messages onto the phone or tablet's Secure Digital (SD) card, which could be intercepted if the developer of another Android application asks the user to permission to access the SD card when downloading the app. This is a common practice...