The Register Columnists

Team Register

Contact Mail Follow RSS feed
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Yahoo! Answers used to cloak command and control networks

Two malware instances have converted numbers to words in a novel attempt to cloak the IP addresses of command and control servers. Researchers within Palo Alto's "Unit 42" team say the malware points to location references within text written on certain public pages including Yahoo! Answers and Quora. The unusual initiative …
Team Register, 29 Sep 2016
Couple kissing - shirtless man with woman - "romance novel cover" style. Photo by shutterstock

Speaking in Tech: DevOps handbook is a romance novel

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week, Amy Lewis stalks the show again as she and Greg Knieriemen discuss Allo, Cisco love, Twitter suitors and a dive into DevOps. Our Podcast Idol this week is Josh Attwell of NetApp with special guest Gene Kim, author of “The Phoenix Project: A Novel about IT, …
Team Register, 28 Sep 2016
Image by hobbit http://www.shutterstock.com/gallery-1008401p1.html

152k cameras in 990Gbps record-breaking dual DDoS

The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the …
Team Register, 27 Sep 2016

Swiss vote for spy powers

Switzerland has decisively voted in new surveillance laws granting the country's law enforcement agencies powers closer to those in other western nations. The referendum vote passed with a 66.5 per cent majority on a low voter turnout, carried notably on the back of positive sentiment from the country's older voters. The laws …
Team Register, 27 Sep 2016

Patch AGAIN: OpenSSL security fixes now need their own security fixes

Sysadmins and devs, fresh from a weekend spoiled by last week's OpenSSL emergency patch, have another emergency patch to install. One of last week's fixes, for CVE-2016-6307, created CVE-2016-6309, a dangling pointer security vulnerability. As the fresh advisory states: “The patch applied to address CVE-2016-6307 resulted in …
Team Register, 26 Sep 2016
Trophy. Image via Shutterstock

Think you’re a Tech Trailblazer but still warming up?

We know some blazers take longer to warm up than others, so you’ll be pleased to know that the deadline for this year’s Tech Trailblazers Awards has been extended to October 6. These awards have been running for six years, recognising and rewarding real innovation in real world business tech. So you can use that extra time to …
Team Register, 23 Sep 2016
band_aid_patching_648

OpenSSL swats a dozen bugs, one notable nasty

A dozen flaws have been patched in OpenSSL, including one high severity hole that allows denial of service attacks. The OpenSSL Project pushed patches in versions 1.1.0a, 1.0.2i and 1.0.1u, with most of the flaws flagged as low severity risks. The nastiest vulnerability (CVE-2016-6304) results when attackers issue a massive …
Team Register, 23 Sep 2016
Quick fix - worker running while carrying a wrench

Drupal patches bad bugs

Drupal has patched two critical vulnerabilities in version 8 of the content management system. The bugs include a cross-site scripting flaw and another allowing non-admin but privileged users to download data configuration reports. Other flaws allowed some attackers to expose comments to different levels of visibility. …
Team Register, 23 Sep 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Valid logins to your workplace are on the net, right now

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware. The findings stem from two separate studies. Digital Shadows research [PDF] reveals 97 percent of the Fortune top 1000 largest companies face …
Team Register, 23 Sep 2016
Privacy image

EyePhones packing Iris-scanning authentication to go mainstream

ABI Research analyst Marina Lu has picked iris scanning as "one of the safest" means to secure user identities on smartphones. The Singapore-based researcher says the Samsung Galaxy Note 7 released last month will help spread the technology and increase adoption of mobile payments. Lu says the biometric authentication …
Team Register, 22 Sep 2016

Google automates Apps OAuth token revocation

Google has refined the security controls available to enterprise Gmail users by automatically killing OAuth 2.0 tokens for Apps when users change passwords. The changes will land on October 5th and will not affect users unless they change their password. It is a watered down version of planned security changes offered in …
Team Register, 22 Sep 2016

Speaking in Tech: Public cloud 'explodes'. Oh yeah? Show your sources

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week on our tech-cast, Greg Knieriemen hosts the podcast with serial podcaster co-host Amy Lewis. This week our Podcast Idol is Jack Poller of Enterprise Strategy Group. Our special guest this week is Leah Schoeb, Technology Business Development at Intel. This week we …
Team Register, 21 Sep 2016
A grey beard

Greybeards beware: Hair dye for blokes outfit Just For Men served trojan

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says. Attackers are using the RIG exploit kit, which recently dethroned Neutrino as the most popular of the off-the-shelf crime kits that make …
Team Register, 21 Sep 2016

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

University of Cambridge senior research associate Sergei Skorobogatov has laid waste to United States Federal Bureau of Intelligence (FBI) assertions about iPhone security by demonstrating password bypassing using a $100 NAND mirroring rig. FBI director James Comey made the claim during the agency's bid to defeat the password …
Team Register, 19 Sep 2016

T-Mobile USA leaked free access to sites with '/speedtest' in the URL

American T-Mobile subscribers can score free internet access by running traffic through a proxy with "speedtest" in its URL. Seventeen-year-old high school student Jacob Ajit found the loophole , since taken down, which allowed cheapskates to access T-Mobile's data network without paying. Ajit realised speed testing sites and …
Team Register, 19 Sep 2016

Wanna prove you’re a Tech Trailblazer? Entries close in a week

You’ve got less than week to pull together your entry for the 2016 Tech Trailblazer awards There’s plenty of scope to put your big idea in the spotlight this year, with 11 categories spanning real enterprise innovation areas such as such as big data, cloud, IoT, virtualization, storage and security. Or you can really shoot …
Team Register, 16 Sep 2016
Image: Seinfield. Credit: NBC.

Alibaba fires gluttons

Four Alibaba staff have been sacked after they hacked their employer company to score free mooncakes. The weird act reported by the China Daily landed the hackers 496 of the much-loved red bean pastries consumed in China during the upcoming Mid-Autumn Festival. Alibaba's lauded security team took two hours to notice the …
Team Register, 16 Sep 2016
News room with blur motion effect

Speaking in Tech: Testing data center fire snuffer and... and pow! I just s$%t my pants

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week on our tech-cast, Ed and Greg are joined by Podcast Idol Gabe Chapman to discuss HP snagging Samsung printers, Dell layoffs and big bangs. Our special guest this week is Mike Dvorkin, Distinguished Engineer at Cisco - Co-founder and Chief Scientist for Insieme …
Team Register, 14 Sep 2016
Image by Nattika http://www.shutterstock.com/gallery-152950p1.html

Researcher reports XSS hole in Google France

Security researchers have disclosed an cross-site scripting vulnerability in Google France. The flaw is the third most common web application security hole on the internet, and is commonly exploited in mass defacements and automated attacks. Issam Rabhi (@issam_rabhi), researcher with French security outfit Sysdream, reported …
Team Register, 14 Sep 2016
The Register Roundtable Room at The Soho Hotel

The digital workplace: Just in reach or over the hill?

Reg Events What will be the biggest bugbear in your professional life over the next few months? Managing an across the board operating system or application upgrade to Microsoft’s latest offering? Or dealing with an array of end-user devices, running multiple operating systems, most of which rarely come through the doors of head office? …
Team Register, 12 Sep 2016
Giant Pikachu Pokemon balloon flown at the 89th Annual Macy's Thanksgiving Day Parade on Columbus Circle. EDITORIAL USE ONLY. Photo credit: Lev Radin / Shutterstock.com

Peccant pwners post 670,000 Pokémon punter MD5 passwords

Hackers have breached some 670,000 Pokémon gamer accounts on popular fan site Pokebip. The breach hit the French site on 28 July and includes compromised usernames, email and IP addresses, website activity, and weak MD5 passwords which can be broken in seconds. The site warns that other connected social media accounts …
Team Register, 12 Sep 2016
Gil C http://www.shutterstock.com/gallery-762415p1.html

Top smut site stops Flashing, adopts HTML5

Security sentient smut site Pornhub has decommissioned Flash and will swap to HTML5 in a bid to modernise and protect its estimated 60 million daily visitors. The site is famed for among other things offering a bug bounty to researchers who disclose security holes in the site upping payments and hiring staff to better compete …
Team Register, 09 Sep 2016
Man peers into fridge with odd look on his face. Photo by shutterstock

Speaking in Tech: Windows is coming to smart refrigerators

Podcast speaking_in_tech Greg Knieriemen podcast enterprise This week, our tech news podcast host, Ed Saipetch and Greg Knieriemen chat with Podcast Idol contestant Peter Smallbone, an IT architect in the UK. The trio discuss SpaceX, Galaxy Note, smart refrigerators and Apple’s tax problems in Ireland. The details…. (0:00) Follow …
Team Register, 07 Sep 2016
Linux on multiple devices

Linus Torvalds won't apply 'sh*t-for-brains stupid patch'

Add another Linus Torvalds swearing incident to his long list of linguistic indiscretions. The Linux lord has unloaded on proposed new code in typically robust language. “I call BS”, Torvalds' post opens. “Let me be very clear. I'm not applying that shit-for-brains stupid patch, and will not be pulling it unless somebody …
Team Register, 07 Sep 2016

Adobe ices ColdFusion server admin password, file hack hole

Adobe has patched a hole in ColdFusion that could have allowed hackers to gain access to files and passwords stored on servers. The applications platform is used by some 30 million websites. The XML external entities injection vulnerability triggers when XML word documents are processed, Legal Hackers security researcher …
Team Register, 02 Sep 2016