Feeds

'I was like, yea!' 5-year-old found his Xbox so easy to use, he hacked it

Elsewhere: 'I cannot stand the attitude of these guys' ... who could that be?

Providing a secure and efficient Helpdesk

Quotw We haven't heard any expletive-laden smackdowns from Linux kernel chief Linus Torvalds in a while, so this week he obliged us all with a beaut. The head penguin railed on developer Kay Sievers, one of the key figures behind systemd, which isn't in the kernel but is one of the first essential programs to launch after Linux boots.

And what dread sin had poor Sievers committed? Another kernel developer Steven Rostedt discovered that when a Linux system is started with the "debug" option enabled, systemd can flood the logging services with so much information, the machine fails to boot. Torvalds was so incensed, he got Sievers' name wrong in his flame of the developer:

Key, [sic] I'm f*cking tired of the fact that you don't fix problems in the code *you* write, so that the kernel then has to work around the problems you cause.

Other devs had suggested there may be ways for the kernel to mitigate the flood, but Torvalds was having none of it:

I'm not willing to merge something where the maintainer is known to not care about bugs and regressions and then forces people in other projects to fix their project. Because I am *not* willing to take patches from people who don't clean up after their problems, and don't admit that it's their problem to fix.

It's really sad that things like this get elevated to this kind of situation, and I personally find it annoying that it's always the same f*cking prima donna involved.

Sievers took his public scolding well, reposting a statement from Lennart Poettering explaining that the systemd devs would be sorting the issue out with a software patch and posting a tongue-in-cheek status update on Google+:

Screenshot of Kay Sievers

Torvalds had threatened to reject his code from the Linux kernel, but Sievers said he didn't care, since he wasn't planning to submit any:

My last kernel patch is more than a year old, my last non-trivial kernel patch 2 years old. I stopped working on the upstream kernel "long ago" for reasons I cannot stand the attitude of these guys, I decided to work with grown up or funny people instead and I enjoy it a lot more. Not sure what this childish blackmail attempt relates to.

Speaking of fury, users of Western Digital's online storage service MyCloud reached the end of their patience with the firm this week as an outage dragged on. Quivering rage-infused customers filled 33 pages of the WD community web forum with complaints since MyCloud went titsup last week. The punters detailed their ongoing issues with accessing the file cloud.

User Prototyp_Gottes said:

If I use the desktop app, it works properly. I can see all folders and can also access them without any problems.

But I still have problems with my remote access. Using wd2go.com, I only can pass the login screen. After clicking on my My Cloud device, my browser keeps on loading and nothing happens. And by using my mobile apps it is almost the same. At least I can see all the public folders, when I try to access via mobile apps. But after opening the public folder my mobile app also keeps on loading and won't show me the folders within the public folder.

WD president Jim Murphy sent out a mass email at the start of the week to try to soothe the ruffled feathers, but since he failed to give out any useful information such as what the problem is or why it's taking so long to fix, it's unlikely to assuage the masses.

User Karimero said:

A few days ago I thought the problem was solved. Back at work now, trying to login. And there it is again: unable to access device. (0).

Fail. Fail. Fail.

Never again a WD product.

In Blighty, a High Court judge has decided that IBM was wrong to pull a quarter of its employees off Defined Benefit pensions – which would have given them a pension set as a portion of their final salary – and leave them with no choice but to sign non-pensionability agreements or get no pay rises in the future.

Employees sued the firm for breaches of its duties in implementing so-called "Project Waltz" changes, and Justice Nicholas Warren came down on their side:

In the light of all the evidence… it is my view that no reasonable employer in the position of [IBM] in 2009 would have adopted the Project Waltz proposals in the form which they took.

IBM said that it would be looking to appeal the decision:

IBM respectfully, but fundamentally, disagrees with the court's decision. The court's opinion acknowledges IBM's right to make changes in its UK pension programmes, but we believe the Court applied an incorrect legal standard in invalidating IBM's exercise of that right.

Those in search of, ahem, love on popular dating/hookup app Tinder could be running afoul of robot-voiced tricksters. Hackers are using the app to spread malware and survey scams by hoodwinking potential lovers into clicking on fraudulent links. The bots lure their prey in with tempting profiles and pictures, according to net security firm BitDefender. Chief security strategist Catalin Cosoi explained:

After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link. The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain.

The cybercrims have even tailored their scam for particular areas and countries: for example, enticing Brits with a bit of totty and an invitation to compete for ASDA and Tesco Vouchers, while Americans get a hottie and a challenge to play a Cattle Clash game. An example of the automated love chat goes like this:

Hey, how are you doing? I’m still recovering from last night :) Relaxing with a game on my phone, Castle Clash. Have you heard about it? http://tinderverified.com/castleclash[removed]. Play with me and you may get my phone number.

Both Cattle Clash developer IGG and an Arizona-based photo studio mined for suitable pics are also victims of the hack.

George Anderson, director of product marketing at Webroot, said:

The Tinder bot is a sophisticated attack - to be able to trick people into thinking they are chatting with real people, hackers must have invested a considerable amount of time and tested lots of reply and response scripts to get a high success rate.

And finally, a five-year-old boy has figured out how to hack his dad's Xbox Live account. The likely lad, Kristoffer Von Hassel of Ocean Beach, San Diego, California, managed to break into the account without the password, allowing him to play games outside his age group on his parents' Xbox, a fact his mum and dad noticed after Christmas.

The simple hack consisted of Kristoffer inputting the wrong password at the login prompt, going to the password verification screen and then filling the password box with space characters before hitting submit. Hey presto! He was in.

The cheeky chap summed up his fearsome tech abilities thusly to ABC News:

I was like, 'yea!'

His father, Robert Davies, who is a computer security specialist, said that it wasn't the first time Kristoffer had tried something like this on. Apparently, at the tender age of one, Kristoffer beat the toddler lock on his dad's phone by holding down the home key to disable the lockout. Far from being enraged with his prodigious offspring, however, Davies seemed quite chuffed:

How awesome is that! Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.

Microsoft said that it had fixed the issue as soon as it heard about it from Davies, allowing the family to go public. For finding the flaw, Kristoffer got four free games, a year's Xbox Live subscription and $50, which is really gonna discourage him from a life of questionable computer access. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.