Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Sweet32 logo

Big data busts crypto: 'Sweet32' captures collisions in old ciphers

Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed. The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a …
Manchester BSOD

BSODs at scale: we laugh at your puny five storeys, here's our SIX storey #fail

It's an easy drive-by troll, isn't it? Last week, we asked readers to top the five-storey Blue Screen of Death spotted in Thailand, and examples big and small flooded the inbox. Manchester Piccadilly Station is either vying for the crown with last week's entry, or perhaps it's a display from the same maker. Thanks to James for …
Eye of Sauron with Mount Doom in the background. Still from the film version of JRR Tolkien's Lord of the Rings. Copyright New Line Cinema

Phoney bling ring pinged by Tolkien's kin

A Melbourne man has to hand over his entire stock of “The One Ring” knock-offs to the Tolkien Estate, after losing a copyright case. The Federal Court in Melbourne earlier this month awarded a summary judgement against one Alexander Saltalamacchia over a line of rings he sold on his own Website and on eBay Australia. …
Artist's impression of Juno overflying Jupiter. Pic: NASA / JPL-Caltech

Jovial NASA says Juno flyby a success

It was a hats-in-the-air weekend at NASA, with the agency announcing its Juno probe's first close-up Jupiter fly-by was a success. The probe has now started the agonisingly slow process of downloading the data collected on its Sunday swoop (closest approach was 13:44 UTC, August 28; adjust as your local timezone dictates). …
Bearded man sitting at desk reading from his tablet by hi laptop

Yakkety Yak beta lands

Ubuntu has announced the first beta of what will become Ubuntu 16.10. The Yakkety Yak Beta 1 has images for Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE and Ubuntu Studio. In the release announcement, Set Hallstrom notes that this isn't yet a prime time release: these images are for Ubuntu flavour developers and …
Australian $20 burning

NBN HFC scaled down to stave off financial disaster

DOCSIS 3.1 might one day give gigabit to HFC customers on the National Broadband Network, but not to as many customers as promised: nbnTM is scaling back the number of customers connecting on the former Telstra and Optus networks. With Canberra's equity contribution coming to an end this year, the company's decided the cable …
Venomous snake

Opera resets sync passwords

In case you're an Opera sync user who spent the weekend offline: check your e-mail for a password reset. The company has announced it detected an attack last week on its Opera sync servers, and that some user IDs were compromised. It explains that passwords should be safe: sync passwords are encrypted in storage, while …
NEMA 5 plug socket

Top facial recognition algo joins the dots and sees pretend people

How much like a face does an image have to be, to trick the standard Voila-Jones facial recognition algorithm? Not very much, it turns out. Two researchers from the University of California, Berkeley, have spoofed the algorithm into recognising a handful of dots, barely recognisable as an image, as a human face. Another image …
FACEPALM

NASA's free research trove may have broken arms trafficking rules

Last week, NASA announced that all of its published research would be aggregated into a single portal and published for free. Now, according to Space News, some NASA research has had to be pulled from the Web because the agency fears it might violate export controls. The research in question represented outputs from the NASA …
Linux holding up Windows

Microsoft drops OMI for Linux to GitHub

Microsoft has added another piece to its Open Management Infrastructure (OMI) jigsaw, publishing Unix/Linux code that implements the Distributed Management Task Force's (DMTF) models and standards. The project has been running for some years under the auspices of the DMTF here. OMI itself is already free and open source, a …
Trucker, image via Shutterstock

Breaker, breaker: LTE is coming to America's CB radio frequencies

Another industry alliance is gearing up to pitch mobile phone spectrum access to spectrum in the 3.5 GHz band – this time using frequencies formerly devoted to Citizens Band (CB) radio users. Following a decision by America's Federal Communications Commission (FCC) to free up 150 MHz of the “truckers' Internet” for unlicensed …
NIST's compact gyroscope

NIST spins atomic gyroscope to allow navigation without GPS

The United States' National Institute of Standards and Technology (NIST) thinks it can use a cloud of atoms as a gyroscope. The point is navigation: the agency reckons the little gyro is part of work on ultra-precise navigation for applications like space and submarines. It measures rotation by analysing patterns of “ …

Hacked hookup site Ashley Madison's security was laughable

Ruby Corp, the rebranded parent company of illicit-affair-arranging outfit Ashley Madison, has had to enter into court-enforceable orders with privacy authorities in Canada and Australia, following the findings of a joint investigation in the two countries. After the company was hacked by Impact Team, it was pretty clear that …
AFP Commissioner Andrew Colvin

Australian Federal Police resume NBN raids, this time in parliament

The Australian Federal Police (AFP) is resuming its hunt for documents associated with leaks about the financial position of the National Broadband Network. Senator Stephen Conroy – former communications minister and now shadow to the special minister of state – has told the Australian Broadcasting Corporation (ABC) that the …
Robot touches screen with finger. Photo via Shutterstock

Crims share vulns but vendors don't. This needs fixing

Interview Attackers like to re-use code, but vendors don't find out because they don't share, according to Centrify's David McNeely. In Sydney for Gartner's Security and Risk Management Summit, McNeely – the company's veep of product strategy – said that realisation was driven home to him during the recent Black Hat conference in Las …

Google to block web views from using its OAuth

Google's decided that web-views should no longer be able to use OAuth requests, and is deprecating them in Android, iOS, Windows and OS X as of October. What that means is that while (for example) Android's embedded browser will be able to handle OAuth requests, third party app logins won't be able to use web-views for OAuth …
man_from_uncle_648

Software-defined networking is dangerously sniffable

Software-defined networking (SDN) controllers respond to network conditions by pushing new flow rules to switches. And that, say Italian researchers, creates an unexpected security problem. The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, …

Your wget is broken and should DIE, dev tells Microsoft

Well, that didn't take long: within a week of applause for Microsoft's decision to open-source PowerShell, a comment-war has broken out over curl and wget. For those not familiar with these commands: they're open source command line tools for fetching internet content without a browser. Apart from obvious applications like …

Australia Post says use blockchain for voting. Expert: you're kidding

A prominent privacy consultant has criticised Australia Post's intervention in the Australian State of Victoria's inquiry into electronic voting. The state has been gathering submissions into the idea, and held its first public hearings yesterday. Among the submissions was Australia Post's, in which the organisation pitches …
Speedometer by Nathan E Photography, Flickr under CC2.0

HPE patches NonStop admin

HPE NonStop sysadmin? Using the Perl or PHP scripting languages for operating system services? Get patching: the company's just patched 45 vulnerabilities dating back as far as 2013. The list of potential impacts, according to HPE, includes local DoS, privilege escalation, remote DoS, arbitrary code execution, information …
Windows XP fail at Hong Kong airport

Five-storey Blue Screen Of Death spotted in Thailand

Windows crashing and producing the Blue Screen of Death (BSOD) is seldom pleasant, or convenient. It's also seldom as conspicuously displayed as in the image below, which The Register found on Facebook late last week. By your correspondent's reckoning, that there is a five-storey BSOD. If you can't see the pic below, click …
dumb_and_dumber_648

I got the power – over your IoT power-point

The latest “your IoT security is rubbish” takes the world one step closer to “burn it all and try again”: a “smart” electrical outlet that's actually a whole-of-network attack vector. Edimax power points One of these things is a bit like the other. The Edimax SP-1101W with and without Bitdefender's obfuscation Bitdefender …

IOActive turns up the most SOHOpeless router so far

It could be the worst router in the world: a cheapie from China that IOActive reckons is completely pwnable all ways from Sunday. Bought by a travelling staffer, Tao Sauvage, the BHU Wi-Fi router looks almost indistinguishable to a surveillance box. As Sauvage writes: “An unauthenticated attacker could bypass authentication, …

Systemd adds filesystem mount tool

The developers behind Systemd, the alternative to sysvinit, have added a mount tool to their user space bootstrapper. The mount tool landed during the weekend in this merge. It gives Systemd users a systemd-mount command, letting the mount command pull in dependencies and use auto-mounting logic. Developer Lennart Poettering …
darpa cyber grand challenge

Mechanical Phish auto-exploit auto-patch kit lands on GitHub

One of the top-three in DARPA's recent cyber-challenge, Mechanical Phish, has been open sourced at GitHub. The Cyber Grand Challenge posed a hellish problem indeed: write software that could expose bugs (a la Metasploit) and patch them, without human intervention. In that competition, team (led by UC Santa Barbara's Giovanni …