Feeds

Richard Chirgwin

Contact Mail Follow Twitter RSS feed

Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat

While most of the buzz surrounding OpenSSL's Heartbleed vulnerability has focussed on websites and other servers, the SANS Institute reminds us that software running on PCs, tablets and more is just as potentially vulnerable. Institute analyst Jake Williams said the data-leaking bug “is much scarier” than the gotofail in Apple's …
Dell logo

Dell punts big fat switch into OpenStack clouds

Dell has tagged software-defined networking (SDN) and big data centre switching in its latest switch/controller release. The late-March launch of a high-capacity switch and a fabric controller are, according to networking sales director Vijay Valayatham, part of a “grander vision about scale-out fabrics and lease-buy …

Come to Oz for sun, surf, ratting on co-workers and surveillance

Australia's deserved reputation as a nation whose government likes to pry into almost everything online has "improved" thanks to two new incidents. The first event saw Australia's government promulgate and then retrospectively made secret new social media rules for Australian Government employees. The rules, allegedly published …
Bitcoin bloodbath

Mt Gox's 'transaction malleability' claim rubbished by researchers

By now, we all know the Magic the Gathering Online Exchange says it came undone because of a gap in the Bitcoin protocol called “transaction malleability”. Now, two ETH Zurich researchers have rubbished that claim. In this paper at Arxiv, Christian Decker and Roger Wattenhofer analyse a year's worth of Bitcoin activity to reach …

Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed

All over the world, systems administrators are scrambling to fix the OpenSSL “Heartbleed” bug. At the same time, certificate sellers are preparing rub currency all over their bodies as Web admins virtually swipe the corporate Amex to revoke and renew their certs. OpenSSL's history reaches back to Eric Young's SSLeay. While it …
Fujitsu SoC

New Fujitsu SoC designs shrink supers' power slurp

Fujitsu is pimping system-on-chip (SoC) designs for two new supers it says get 40 per cent more processing punch while slurping half as much power. The company also says its GS21 2400 and GS21 2600 need 70 per cent less data centre space. The SoC devices at the heart of the two servers consolidate 14 chipsets, Fujitsu says. …
management regulation2

Singapore decides 'three strikes' laws are too intrusive

Singapore's Ministry of Law has decided that a “three strikes” regime for online copyright infringement is too intrusive for Internet users, and has excluded such an approach from consultations over takedown mechanisms. The consultation, described in full here, is canvassing changes to that country's copyright act to deal with …
Half Life

Video games make you NASTY AND VIOLENT

Forget hyper-realistic blood and pointless mayhem: if you want to turn a nice person into a blood-gore-veins-in-the-teeth killer, give them a video game with unplayable controls. That's the hypothesis put forward by researchers from the University of Rochester (US) and University of Oxford (UK), who, intrigued by the phenomenon …
Skype iPad

Skype pimps pro-level broadcast service

TV journalists weary of trying to gather acceptable audio from Skype, your time to celebrate is now: Microsoft is rolling out a high-quality service designed for the broadcast market. If it does what it says on the box, Skype TX (transmitter, geddit?) will stick Microsoft's elbows in the ribs of the expensive platforms that the …
Evil Android

Google kills fake anti-virus app that hit No. 1 on Play charts

"Virus Shield", an app that briefly shot to the top of the charts on Google Play, has turned out to be a complete fake and has therefore been pulled by Google. The scam, turned up by Android Police, is as simple as a con-man could wish for: the app includes almost no functionality whatever, yet it was briefly a chart-topper on …

Running OpenSSL? Patch now to fix CRITICAL bug

Sysadmins using the OpenSSL cryptographic library have an urgent job: patching a memory leak vulnerability that could reveal user IDs and passwords. Dubbed “Heartbleed”, the vulnerability was discovered by Google Security's Neel Mehta and announced by CloudFlare. As the terse OpenSSL advisory states: “A missing bounds check in …

In Australia, protesting against Brendan Eich will be a CRIME

Come to Australia, Brendan Eich: our freedom-of-speech government wants to protect you against the pesky business of community outrage. The outcry that led to Eich's resignation today as CEO of Mozilla over his past support for an anti-gay-marriage bill in California is something that's exercising the mind of the Australian …
Galactic centre image by Fermilab

WIMPs wipe each other out in giant radiating spot at galaxy's centre

Weakly interacting massive particles – WIMPs, one of the candidate hypotheses to explain dark matter – are so hard to find on Earth that nobody's ever seen them. However, a just-released analysis of years of gamma ray data suggests they're at the centre of the Milky Way in enormous numbers. The zone they're talking about is huge …
bug on keyboard

Microsoft spells out new rules for exiling .EXEs

Microsoft has updated the methodology it uses to define adware, a move designed to make it clearer just what the company considers worthy for removal by its malware tools. Redmond's new rules are simple: an application is adware if any of the following criteria are met: It breaks the “unwanted behaviour” rules (in more detail …
balaclava_thief_burglar

Experian under investigation over data sale to criminal

Data-farmer Experian is under investigation for last year's data breach, in which around 200 million identity records were sold to criminals. The investigation arises from the discovery of the breach last October by researcher Brian Krebs, explained in greater detail at his blog. Part of that story reached a conclusion during …
The European flag

USA opposes 'Schengen cloud' Eurocentric routing plan

The US Trade Representative is warning Europe not to proceed with the idea of EU data network services that don't cross the Atlantic. The idea of a European “walled garden” emerged in February amid rising anger over revelations that the NSA wants to listen to the whole world – and that its sweeps included snooping on German …
Tesla connector

Tesla in 'Ethernet port carries data' SCANDAL

A Tesla enthusiast has sparked a thousand variations on headlines saying “Tesla hacked” by working out that in-car network traffic is visible on a port designed for service access to the network. The thread on the Tesla Motors Club forum begins in March, and reveals various traffic types that are visible on the network segment …
Bitcoin bloodbath

China's Bitcoin exchanges begin pulling down the shutters

The Chinese central bank's Bitcoin crackdown, first signalled in December 2013, is coming to fruition as the middle kingdom's Bitcoin exchanges begin halting withdrawals. The FXBTC exchange has posted a notice saying that it received the instruction by telephone as part of the central bank's “Bitcoin risk prevention work”, …
Festo's "mechanical roo"

Mechanical monster macropod LEAPS out of the lab

If you want evidence for the sad state of science in Australia, here it is: the world's first bionic kangaroo has been developed in Germany. Tool-maker turned industrial automation specialist Festo is responsible for the two-year project that's given the world the robot 'roo. Not only has the mechanical macropod a movement …

Qualcomm unveils MU-MIMO silicon

A hyped and highly-anticipated feature of the next generation of WiFi kit, MU-MIMO (multi-user multiple in, multiple out), has taken a step towards commercial reality, with chip vendor Qualcomm announcing its first silicon to support the feature. In today's MIMO, multiple spatial paths between transmitter and receiver are used …
Nest Labs' The Nest

Google's Nest halts sales of its fire alarm – because waving your hand switches it off

Google's Internet-of-Things wunderkind Nest is disabling a software feature called Nest Wave, citing safety concerns. In this letter to customers, Nest Labs CEO Tony Fadell writes: “During recent laboratory testing of the Nest Protect smoke alarm, we observed a unique combination of circumstances that caused us to question …
Shot of D-Wave's 16 qubit chip

Boffins make noise about D-Wave chip: it seems quantum

Researchers from University College, London, and the University of Southern California, have weighed into the ongoing “is it quantum?” D-Wave debate with an interesting approach, testing the device under a variety of noise conditions. As their paper at Arxiv explains, the thermal environment of a D-Wave chip isn't directly …

GCX targets small cloud players with new cable

Global Cloud Xchange – formerly Reliance Globalcomm – has announced plans for a new submarine cable joining Tokyo to Silicon Valley. Along the way, the outfit also says it hopes to create a new model for access to submarine assets, by attaching its own meet-me rooms to the cable, rather than restricting access to large players …

iiNet to Senate committee: metadata retention an expensive joke

iiNet has tried to swim against the tide of government agencies bent on turning ISPs and telcos into outsourced snoops, telling a Senate committee that proposals for mandatory data retention are intrusive, expensive and impractical. In this curt submission to the Senate committee inquiring into revisions of the …
A boat full of Fail

Indosat fat-thumbs route announcements (again)

Indosat has made an unknown number of networks – in the thousands according to BGPmon, but possibly more – unreachable by announcing itself as their route. The mis-announcement took place sometime close to midnight (UMT) on April 2, with this message kicking off an ongoing thread at Seclists complaining about their routes being …

GST on online purchases: still 'probably not'

Online shoppers in Australia remain somewhat up in the air over the future of GST on their purchases. There has been some confusion over whether the current position, in which GST is only collected on international purchases worth more than $AU1,000, would change, following discussions between state treasurers earlier this week …
Our night-vision image of the average middle-aged sex session

Want to see at night? Here comes the infrared CONTACT LENS

University of Michigan boffins have created a tiny light detector that reaches into the infared, and is already small enough to be delivered as a contact lens. The key trick, the researchers say, is that they've created an infrared detector that doesn't need the cooling demanded by most devices that currently operate at the mid- …
NSW iVote logo

NSW to expand e-voting

New South Wales is set to expand the footprint of electronic voting in its state election, due in 2015, with Spanish vendor Scytl reportedly on the brink of signing a new contract with the state government. Scytl's Java-based electoral software already has a footprint in NSW, since it formed the basis of the state's iVote system …
Double Facepalm; when one facepalm is not enough.

SmartTV, dumb vuln: Philips hard-codes Miracast passwords

Demonstrating once again that consumer electronics companies don't understand security, ReVuln has turned up a hard-coded password in Philips “smart” televisions. Shown off in the video below, the vulnerability is simplicity itself: the WiFi Miracast feature is switched on by default, has a fixed password (“Miracast”, for heaven …
Illistration of single photon setup

Single chip photon source brings quantum comms closer

Down at the “basic research” level, there's a lot the labs can accomplish with quantum mechanics: entanglement, information teleportation, simple quantum computations and more. Now, an international collaboration believes it's brought exploitation of quantum effects closer to a commercial development. The researchers have …

Systems cock-up plagued new hospital in Melbourne

An Australian hospital is reportedly in chaos after a partnership with a cancer clinic resulted in the collapse of its booking system. According to The Age, the opening of the Olivia Newton-John Cancer and Wellness Centre, operated in conjunction with Austin Health, heralded the introduction of a new booking system in May 2013 …

Chinese patent app tries to own Wine on ARM

A group of coders from China is trying to patent the ability to operate the popular Wine environment on ARM processors. The patent application by Insigma Technology was turned up by Phoronix, http://www.phoronix.com/scan.php?page=news_item&px=MTY0ODI here. In the patent application, the inventors claim the following steps to …
Tesla Model S

Researcher lights fire under Tesla security

A security researcher is calling on Tesla to introduce two-factor authentication for access to the combination of services that make its Tesla S model one of the most “Internet of Things” vehicles in the world today. As noted by Threatpost, researcher Nitesh Dhanjani has found that the combination of a mere six-character …
Polymer heatsink

Georgia Tech touts polymer heatsink interface

Researchers at Georgia Tech say they've created a polymer that can improve the interface between silicon and heatsinks, and offers a long lifetime in terms of heating and cooling cycles. In this release, the group led by assistant professor Baratunde Cola says they've created a polymer that operates as a heat conductor (rather …
carving of kiwi

Dotcom wants NZ to have fiat-backed crypto-currency

Either New Zealand is leading the world in April 1 news stories, or Kim Dotcom's Internet Party is not only proposing a government-backed crypto-currency, but thinks it should operate in parallel to the country's fiat currency. Since the story starts on March 26, Vulture South is forced to at least accept the hypothesis that the …
Google 'Glass' patent application illustration

Australia proposes privacy tort

The Australian Law Reform Commission (ALRC) has released a discussion paper that canvasses the idea of a tort of privacy invasion for Australians. Available here, the discussion paper is seeking comment on whether or not Australia's privacy law needs to be changed to deal with invasions of privacy “committed intentionally or …
Beginners All-purpose Symbolic Instruction Code

Amazon is decompiling our apps in security gaffe hunt, says dev

Amazon's crackdown on mishandling AWS credentials has astonished one software developer, who says the cloud giant is reverse-engineering Android apps for inspection. In this blog post, Raj Bala admitted his app included his private "AWS credentials as simple strings within the app itself”, and as a result, he's received a notice …
Cellular antenna. Source: Vxla/Flickr

Range Networks unleashes rewritten OpenBTS

A doubling of its engineering team has let Range Networks launch a substantial re-write of its open source mobile network code base as it targets the service provider market. Former Red Hat and Cisco exec Ed Kozel, who took the reins as CEO in January, told Vulture South the new release is a substantial rewrite of the OpenBTS …

Hardwired crypto certificate FAIL bricks Juniper router kit

Sysadmins with older Juniper Networks kit have been left scrambling to keep their networks running after a security certificate expiration bricked their boxen. The issue has been keeping mailing lists like AusNOG and J-NSP busy as users tried to work out whether it was a deliberate strategy to force people off the EOL gear – and …
Bitcoin bloodbath

Mt Gox staff tried to warn CEO of Bitcoin loss risks – reports

Staff at fallen Bitcoin exchange Mt Gox in Japan have claimed that they raised alarms about how the company was handling client funds as long ago as 2012, according to Reuters. In this report, the unnamed “current and former employees” of Mt Gox were concerned that “customer funds were diverted to cover operating costs” of the …

Google researcher says government hack attacks on journos on the rise

Most major news organisations are now the targets of state-sponsored attacks on their security, according to Google security researcher Shane Huntley. According to Reuters, Huntley told the Singapore Black Hat conference on March 28 that his research, conducted in partnership with Citizen Labs' Morgan Marquis-Boire, revealed …

Australia's opposition backs warrantless metadata collection

Australia's opposition Labor Party has signalled that it intends to link arms with the intelligence community. In a television interview with Sky News, the party's deputy leader Tanya Plibersek said she wants to give “agencies the maximum ability to do their job well, within the bounds that people would expect.” According to …
management regulation2

Silicon Valley wage collusion case will go to court

Silicon Valley companies will be lining up in front of Judge Lucy Koh to defend themselves over their notorious anti-poaching agreements at the end of May, after the judge denied their attempt to have the case tossed out. Judge Koh has slapped down the attempt by Apple, Google, Intel and Adobe seeking summary judgement in the …
Bohr atomic model

Boffins power wearable tech with body static

A group of Chinese researchers reckon they're close to a practical method of harvesting the static electricity you generate when tapping and swiping the screen of your smartphone as backup power for the phone itself. As anyone who's jumped back swearing at their hand when all they wanted to do was open a door in the office can …

Cisco ships six fixes for DoS bugs

Sysadmins can get themselves ready for a busy Cisco “patch Thursday”, after the Borg lobbed six patches out the door to deal with a range of denial-of-service (DoS) vulnerabilities in IOS. The vulnerabilities – see here for a single list – are all scored a CVS base score better than 7 as being remotely exploitable without …
FAIL

Twitter sneaks in Facebook-ish photo-tagging – how to switch it off

Without much fuss, Twitter has taken another step to be more like Facebook – and added a photo-tagging feature. And in the best traditions of social networks, the privacy-diminisher is switched on by default. The tagging feature means anyone can identify someone in a photograph they post, unless you realise it's happening, log …

Full Disclosure redux: under new management

Seclists.org convenor Gordon Lyon (also author and maintainer of Nmap) has decided that the Full Disclosure list is too important a resource to let slide away into history, and has announced that he'll relaunch it. As http://www.theregister.co.uk/2014/03/19/full_disclosure_closes/ reported last week, Full Disclosure's John …
Zombie cloud

Zombie Nortel grabs Cisco by the neck, again

Cisco must by now be getting sick of acting as defender-by-proxy of the entire computer networking industry, with yet another pile of ex-Nortel patents being wrapped up in a lawsuit delivered to San Jose. Spherix, once a biotech and now a patent toll-collector, picked more than 100 former Nortel patents from troll-in-chief …
troll

Carolla seeks funds to fight off Personal Audio

Podcaster Adam Carolla has launched a crowd-funding effort to try and defend himself against patent troll Personal Audio. While most of Personal Audio's lawsuits have targeted vendors – Apple had a partial loss in being ordered to sling $US8 million to the company, for example – it's also followed the time-dishonoured practice …
Lego Minecraft

No Notch niche: Minecraft man in rift with Oculus after Facebook gobble

Minecraft creator Markus "Notch" Persson has used the occasion of Mark Zuckerberg's acquisition of Oculus VR to unload on the boy wonder's Facebook – and bid farewell to the Rift virtual-reality headset team. Perhaps at least a little miffed that Zuck's personal shoppers arrived a few weeks into an investigation about whether a …