Your daily round-up of some of the other stories in the news
How not to be a cybercrook
It’s not really the done thing to laugh at other people’s misfortunes, especially when they’re just kids…
…but what if the target is a precocious 13-year-old cybercriminal who was hoist by his own petard?
Bleeping Computer just reported the case of DaddyL33t, who seems to be an avid collector of malware who’s recently branched out into running his own IoT botnet.
(“L33t”, by the way, is hacker-speak for “leet”, which is hacker-speak for “elite”, which is hacker-speak for a top-grade hacker. L33t can be an adjective too, as in “leet skillz”.)
Unfortunately for DaddyL33t, it seems that the Skype ID he used when promoting his botnet services is the same Skype ID that he used to look for paid vacation work.
That’s the sort of ID mistake that you don’t want to make if you’re a crook, even a teenage crook.
Apparently, DaddyL33t has expressed the opinion that his identity doesn’t matter because he’s young enough to steer clear of prosecution – though the accuracy of that statement depends on his jurisdiction.
In England, for example, you can be charged with criminal offences once you’re 10 years old (it’s 12 in Scotland).
Evidence, of course, seems to lie around unforgivingly and unforgettingly on the internet, so DaddyL33t may have many years yet to wonder whether his past will catch up with him.
Hackers dig into voting software
The Chaos Computer Club (CCC) have been exercising their considerable hacking brawn in an effort to prise open German voting software. The alarming summary of their research into PC-Wahl, a program used to capture, aggregate and tabulate votes during elections, pulls no punches:
The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake … elementary principles of IT-security were not heeded to. The amount of vulnerabilities and their severity exceeded our worst expectations
And if that hasn’t got your attention, this might:
The broken software update mechanism of PC-Wahl allows for one-click compromise
And the Club’s beat down didn’t finish there.
Effective protective measures have been available for decades, there is no conceivable reason not to use them
The Club’s analysis shouldn’t put anyone off voting in Germany’s forthcoming elections, it says, but voters should be sure to watch vote tallying closely.
Twitter lists go missing
Twitter users have been finding their lists – the ones created to manage and sort accounts they follow into, for customised feeds – have been vanishing. Some users have also found their private lists now open to the public.
So is twitter going to kill lists or what? They currently just don't work. Why did they break?
How is this a decision that an adult made?
— harper 🤯 (@harper) August 31, 2017
https://twitter.com/wonshikuro/status/905637582503120898
A Twitter spokesperson confirmed that the disappearances are due to a bug on Twitter for iOS but, while the company works on a fix, lists ‘should’ be visible on twitter.com.
It’s not been a good few weeks for Twitter, this problem follows hot on the heels of the bug that ‘unblocks’ users.
Catch up with all of today’s stories on Naked Security