Sofia Elizabella Wyciślik-Wilson

Just weeks after Juniper was found to be using insecure code in its products, a security issue has been found in Fortinet's FortiOS. It's a problem that affects the software in older NetScreen firewalls from Fortinet and could allow for remote access of unpatched system.

Buried in the firewall software is a hardcoded password (FGTAbc11*xy+Qqz27) that could be easily used to exploit servers running FortiOS. Ralf-Philipp Weinmann is one of the security researchers who unearthed the problem with Juniper hardware, and he has confirmed the problem which is being referred to as the FortiOS SSH Undocumented Interactive Login Vulnerability.

Continue reading →

People turn to security tools to, obviously, improve security. Antivirus tools take care of malware, firewalls manage network and internet traffic, encryption keep files private, and password managers keep passwords safe. At least that's the idea.

Google security engineer Tavis Ormandy discovered a vulnerability in Trend Micro Password Manager (part of Trend Micro Antivirus) which allowed for the remote execution of code and, opened up the possibility for passwords to be stolen. Ormandy posted details of the security problem to the Google Security Research newsgroup, and the clock started ticking on a 90-day full disclosure deadline.

Continue reading →

It has taken a while to sink in, but on 11 January the world became a sadder and duller place following the death of David Bowie. As fan around the world struggled to come to terms with the tragic and untimely loss, they turned to the one things they all have in common -- Bowie's music.

At turns an artist, actor, poet, digital pioneer, style icon, and cultural behemoth, Bowie was predominantly a musician. His (as it turned out) final album, Blackstar was released just days before his death, and the lyrics and video for the second single from the album -- Lazarus -- took on a new, beautiful and heart-wrenching meaning. Bowie meant a lot to people the world over, and the level of affection felt for the ever-inventive musical chameleon can be seen by the surge in digital downloads and streams of his albums on the likes of Spotify and iTunes.

Continue reading →

Law enforcement agencies are missing out on a vast amount of valuable data that could be used to convict criminals, or prove innocence. Dan Blackman from Edith Cowan University, Australia says that police are missing out on swathes of data that could be gathered from Wi-Fi devices.

For privacy advocates it's a suggestion that is likely to make the gag reflex kick in, but Blackman says that router data could be a valuable tool in fighting crime. Information such as device MAC addresses, coupled with data about connections to routers can be used to place individuals at the scene of a crime -- or away from it -- but timeliness is the key to success.

Continue reading →

The end of support for older versions of Internet Explorer has been known about for some time now. Despite the fact that there has been plenty of time to prepare for a move away from Internet Explorer 8, 9 and 10, many businesses are simply not ready and security experts warn that this could lead to a spate of attacks from hackers.

Microsoft has been encouraging people to move to Internet Explorer 11, or Edge in Windows 10 for a while, and the countdown comes to an end tomorrow -- 12 January. From this point forward, there will be no more patches or security fixes issued. Security analysts fear that with Internet Explorer 9 and 10 accounting for 36 percent of IE and Edge use, and with more than 160 vulnerabilities discovered in Internet Explorer in the last three years, there are risky times ahead.

Continue reading →

UK web users are coming round to the idea of online surveillance by the government, but harbor concerns about how personal data will be stored. These are the findings of a survey by Broadband Genie that suggests terror attacks have led to a swing in public opinion of the Snooper's Charter.

But while people may be coming round to the idea of internet surveillance, they remain concerned about how private data -- such as browsing history -- will be stored. 27 percent of those surveyed said their opinion had been swayed by recent terrorist attacks by the likes of ISIS.

Continue reading →

I've written recently about the dangers of online vigilantes infringing on the free speech of others. Anonymous is one of the biggest offenders in this department, but there are numerous hacking groups that -- under the banner of fighting one evil or another -- take the law of the web into their own hands without a thought for the consequences.

Online vigilantes stir up populist support by throwing around the keywords associated with the enemy of the moment -- terrorists, ISIS, racists, fascists, communists, socialists, pedophiles. All very emotive issues, but vigilantism can all too easily get out of hand. This has just been demonstrated perfectly by YouTube star Keemstar who took it upon himself to expose a 62-year-old pedophile online through his DramaAlert podcast. The only problem is that he and his team got the wrong man.

Continue reading →

If you have an online porn habit you like to indulge from time to time, you're probably well-acquainted with Chrome's Incognito mode. Like Microsoft Edge's InPrivate browsing, and Firefox's Private browsing, Google's browser includes a mode that can be used to keep your browsing secret. At least that's the idea...

One gamer and unashamed porn consumer found that his X-rated browsing sessions were exposed by Diablo III. Running the game on his Mac, Evan Andersen found that cached images from his Incognito browsing sessions were displayed as the RPG title loaded. He managed to grab screenshots of the bug in action, and even went as far as writing a program to show what's happening.

Continue reading →

Microsoft has promised that Windows Insiders get Windows 10 builds faster in 2016, and it's Windows 10 Mobile users who get the first release of the new year. It's a few weeks since the release of build 10586.36 and now build 10586.63 is available for those on the Fast Ring.

You might expect from the relatively small jump in version numbers that this is something of a minor update -- and you'd be right. But despite the somewhat trifling nature of the changes, this release is noteworthy for a fluffed launch.

Continue reading →

Silicon Valley met with the US government on Friday to discuss how to tackle online terrorist propaganda from the likes of IS. At a closed-door meeting, Tim Cook and representative of Facebook, Twitter, Microsoft and other tech firms spoke with White House officials to try to find a way to combat terrorists on the web.

Joined by the likes of the NSA and FBI, the technology firms, and the Obama administration are seeking ways to stop terrorist propaganda being disseminated online. IS has already proved itself to be a masterful manipulator of the media, and has successfully used social networks such as Facebook and Twitter to get its message out.

Continue reading →

Yeah, I'm going to bang that drum again. We've talked endlessly about privacy and telemetry in Windows 10. Endlessly. It's brought up some interesting issues for debates, led to comparisons between Microsoft and Google, and lots and lots of lots of bile. A case in point is an article from dear, dear Mr Ed Bott over on ZDNet. Mr Bott refers, subtweet style, to my recent article about Microsoft recording how long people are using Windows 10.

He refers -- albeit indirectly -- to me (and writers like me who question Microsoft) as a "dedicated Microsoft hater" and a "clueless writer" peddling in clickbait. He suggests I'm not interested in facts; this despite the fact I have gone out of my way to garner such delights from Microsoft. Bott completely -- COMPLETELY -- misses the point. I can only hope he does so on purpose because otherwise he just sounds disingenuous and a bit stupid. The problem here is not that Microsoft is gathering data (as it is perfectly entitled to do so), but the lack of transparency surrounding it. Microsoft does nothing to help itself.

Continue reading →

The first week of the New Year is out of the way and Windows Insiders are eagerly awaiting the first Windows 10 build of 2016. The waiting may be over soon, as Microsoft says that it should be just "a few more days" before testers' patience is rewarded.

It's only a few weeks since the Redstone branch of Windows 10 became public, and Microsoft's Gabe Aul suggests that a new build could be on the way next week. The Windows 10 team just needs time to recover from Christmas and the New Year, and then we should also start to see more frequent build releases.

Continue reading →

The Investigatory Powers Bill may only be in draft form at the moment, but the UK government has already come in for criticism for its plans. Today, scores of pieces of written evidence, both for and against the proposals, have been published, including input from the Reform Government Surveillance (RGS) coalition.

Five key members of the coalition are Facebook, Google, Microsoft, Twitter and Yahoo. In their written evidence, the quintet of tech companies express their concerns about the draft bill, seek clarification from the UK government, and issue warnings about the implications of such a bill.

Continue reading →

The Windows Insider program was designed to help anyone test driving preview builds of Windows 10 to provide feedback and help shape the future direction of the operating system. But what happens with all of the feedback that's submitted?

Microsoft is starting to publish a new series of articles to the Insider Hub that seek to assure people that their feedback is not just disappearing into a black hole. The 'Made by you' sees Microsoft providing feedback on feedback, and helps to give Insiders some reassurance that their input is valued. The first article is about how Windows 10 handles display scaling.

Continue reading →

While I've been running Windows 10 for what seems like forever now, a desktop computer sitting in my office running Windows 8.1 has been crying out for an upgrade for some time. Having had a problem-free upgrade on three other machines, I expected nothing out of the ordinary with this computer. I was wrong.

Initially I left Windows Update to do its thing, but this failed on countless occasions. The error message suggested that a problem with my internet connection had interrupted the download, but this seemed unlikely. After numerous attempts, I decided to opt for a USB-driven installation. This also failed, this time with error 0xc0000017: "There isn't enough memory available to create a ramdisk device". Thankfully, the problem can be fixed -- here's what you need to do.

Continue reading →