Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Washington University sensor as a skin patch

Chirpy, chirpy, cheap, cheap: Printable IoT radios for 10 cents each

One of the favoured low-power radio techniques in Internet of Things research is “backscatter communications”: the transmitter sends a signal to a Thing, and the Thing modulates its data onto the reflection, and that's then decoded by a receiver. The problem with such a passive comms scheme is that its distance is limited to …
Suitcase full of money

DARPA lays out cash-splash to defibrillate Moore's Law

The United States' Defense Advanced Research Projects Agency (DARPA) wants to find the electronics industry's next iteration of Moore's Law and has loaded up a US$75 million defibrillator to jolt industry into making it happen. The moolah comes by way of an expansion of the blue-sky agency's Electronics Resurgence Initiative ( …
New Horizons mission control

New Horizons probe awakens to receive software upgrade

The New Horizons probe has successfully ended its five-month hibernation and resumed chats with its mission controllers. The Johns Hopkins Applied Physics Lab received the “I'm okay” message via NASA's Deep Space Network station in Madrid. Once the probe's back in “Active” state, it's got a busy schedule before a December 9 …
Worst-case scenario

Shoddily-set-up Elastisearch hosting point-of-sale malware

Lazily-configured software has again created a security incident, this time resulting in 4,000 instances of open source analytics and search tool Elasticsearch inadvertently running PoS-stealing malware. Kromtech's Bob Diachenko writes those servers are just 27 per cent of a total of 15,000 ill-secured Elasticsearch nodes the …
Privacy

Windows 10 Creators Update will add app-level privacy controls

Microsoft's taken another small step towards addressing those worried about Windows 10's impact on their privacy by adding more controls over what apps can do in the Creators Update of the OS. Users currently have a veto over apps sharing location data; in the Fall Creator's Update, that's going to be expanded to the camera, …
willy wonka oompa loompa

'Don't Google Google, Googling Google is wrong', says Google

If you want to write developer documentation like a Google hotshot, you'd better kill “kill”, junk “jank” and unlearn “learnings”. Those are just a few rules from the company's newly open-sourced (oops, two sins there, verbing and hyphenation) developer documentation guide. Even though any Linux user knows “kill” is a command …
Photo by UzFoto / Shutterstock

Samsung mobile launches bug bounty program

Samsung's mobile limb has become the latest major vendor to launch a bug bounty program, and within its tight rules, it offers a tasty maximum prize of US$200,000. The bounty is for newer devices only – 38 mobile devices launched since 2016, including Galaxies S, Note, A, J, and Tab, and the top-of-the-line the S8, S8+, and …
LED icon

Boffins' satcomms rig uses earthly LEDs to talk to orbiting PV panels

As low-cost satellites become more common, researchers are turning their attention to improving their communications capabilities without adding crushing costs. A laser might, as NASA demonstrated earlier this year, be able to hit a gigabit per second – but the kit's expensive. So a pair of researchers from Florida-based …
Joshua Brown's crashed Tesla Model S

Auto-makers told their autopilots need better safeguards

America's National Transport Safety Bureau (NTSB) has decided that late Tesla-driver Joshua Brown was responsible for the crash he died in, but that Tesla's Autopilot contributed by (at the time) allowing him to ignore the road for too long. As we reported in June, Brown's hands-off approach to driving was the big factor in …
frustration

SAP E-Recruiting bug could let you stop rivals poaching your people

SAP admins, there's an e-mail system bug that could give your HR department headaches, by blocking peoples from registering their e-mail with its E-Recruiting system. The problem is that a registration URL provided to job-seekers is predictable, meaning an attacker could put other peoples' e-mails into the system and guess the …
AAO's SAMI instrument

Astroboffins map 845 galaxies in glorious 3D, maybe dark matter too

A team led by Sydney University's Dr Caroline Foster has created three-dimensional images of 845 galaxies, claiming it is the biggest collection of of 3D galactic representations ever gathered. Created since 2013, when the Sydney Australian Astronomical Observatory Multi-object Integral Field Spectrograph (SAMI) saw first …

Another reason to hate Excel: its Macros can help pivot attacks

A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won't like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he's found loose default launch and access permissions, meaning a macro-based attack doesn't need …
Sorry Shutterstock image

Equifax backtracks arbitrate-don't-litigate plan for punters

Equifax has decided it will no longer try and impose arbitration on any of the millions of Americans who try to find out if they've been stung in its massive data leak. Following its 143-million-record megaleak, the company posted a Website meant to let worried people sign up for a credit file monitoring product – if they …
Certified and rejected stamps

Google to kill Symantec certs in Chrome 66, due in early 2018

Google has detailed its plan to deprecate Symantec-issued certificates in Chrome. The decision to end-of-life its trust for Symantec certificates was the outcome of a long tussle over dodgy certificates, which came to a head when certs for example.com and various permutations of test.com escaped into the wild. The absolute …

42: The answer to life, the universe and how many Cisco products have Struts bugs

More than 42 Cisco products might inherit the Apache Struts bug that emerged last week. Last Tuesday, Semmle researchers revealed the bug, which lets an attacker send a crafted request to Struts' REST API to inject malicious code. Like many vendors, Cisco long ago adopted the open-source Apache for its Web interfaces, and …
In memoriam

Sci-Fi titan Jerry Pournelle passes,
aged 84

One of the giants of “New Wave” hard science fiction, Jerry Pournelle, has died aged 84. His son made the announcement in a simple post at Pournelle's Chaos Manor blog on September 8, saying: "I'm afraid that Jerry's passed away. We had a great time at DragonCon. He did not suffer." As collaborator with Larry Niven, …
'Broken Copyright' StockMonkeys.com

Scientists, free software bods still worried about EU copyright proposals

European digital rights groups and open science advocates are mobilising against proposed EU copyright changes they say would hamper information sharing. At issue is a proposal, which first landed last year, to stop people uploading copyrighted material by applying a YouTube-like filter against content fingerprints. That …
Downloading a patch

Everybody without Android Oreo vulnerable to overlay attack

Any unpatched Android phone running a version older than Oreo is going to need patching fairly soon, with researchers turning up a class of vulnerability that lets malware draw fake dialogs so users “okay” their own pwnage. The risk, according to Palo Alto Networks' researchers, comes from what's known as an overlay attack. …
Raised hands vote

Virginia scraps poke-to-vote machines hackers destroyed at DefCon

Virginia's State Board of Elections has decided its current generation of electronic voting machines is potentially vulnerable, and wants them replaced in time for the gubernatorial election due on November 7th, 2017. The decision was announced in the minutes of the Board's September 8th meeting: “The Department of Elections …
NASA New Horizons artist's impression

Close Encounters of the Kuiper Belt kind: New Horizons to come within just 3,500km of MU69

If we're not all too hungover when New Year's Day 2019 rolls around, NASA will hopefully have a fun set of photos to show us because on that day New Horizons probe has been told to go within just 3,500km of Kuiper Belt Object MU69. Having nominated MU69 as next on New Horizons' itinerary in 2015, it's already pointed the probe …
European commission photo via Shutterstock

EC puts Qualcomm-NXP investigation on hold, slowing merger approval

Qualcomm would like to spend around US$39 billion to acquire NXP Semiconductors, but the European Commission is taking its sweet time over its approval for the takeover. Dutch automotive and Internet of Things specialist NXP became a takeover target in June 2017. As we reported at the time, the US Department of Justice waved …

Microsoft won't patch Edge browser content security bypass

Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch? Thanks to Cisco Talos security bod Nicolai Grødum, who found the cross-site scripting bug that affects older Chrome and Safari plus current versions of Edge, we know the answer is "Microsoft". Grødum posted news of Microsoft' …

Google puts the last coat of polish on Chrome 61

Google has wrapped up coding the desktop version of Chrome 61, and will be rolling it out for Windows, Mac and Linux “over the coming days/weeks”. Chrome 61 extends the visibility of USB-connected devices to Web apps. First proposed last year, WebUSB was pitched as an easier way to set up USB devices, since (for example) a …
Patent files

Both HPs, Vizio join Arista's legal fight against Cisco

Upstart Arista has managed to gather some friends in its ongoing battle with Cisco: both HPs, Vizio, two automotive groups and others have filed an amicus brief with the Federal Circuit arguing that the International Trade Commission's (ITC's) ban on some Arista kit be permanently set aside. For most of its short life, Arista …
Boot print

Boffins hijack bootloaders for fun and games on Android

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they …

Biting the hand that feeds IT © 1998–2017