Richard Chirgwin

Contact Mail Follow Twitter RSS feed
zombie_648

Gmail buries crypto zombies

Google's continuing its rolling deprecation of old crypto, this time for its SMTP in Gmail. The Chocolate Factory posted this announcement that Gmail SMTP will cease to support the deprecated SSLv3 and RC4 within 30 days. The notice says most organisations on Google Apps have long abandoned the two protocols, but if the …

US power grid still fragile in the face of EMP threat: GAO

America is still under dire threat of an electromagnetic pulse sending it back to the dark ages, according to Chris Currie of the US Government Accountability Office. In testimony given to the House of Representatives' Homeland Security Committee's subcommittee on oversight and management efficiency, Currie reckons there's not …

Cabcharge trip logs exposed by security-free database probe

Researchers from Risk Based Security have Shodanned up a Cabcharge database that was running without security. The taxi fee monopoly has lurched into damage control, telling the Sydney Morning Herald it's contacting the 3,400 Cabcharge Fastcard holders whose details were left lying around in public. RBS's post says the …
NASA's SPB with its tow balloon

NASA 'Kilo-Kitty' Super Pressure Balloon goes aloft at last

NASA's latest attempt to launch its Super Pressure Balloon (SPB) in New Zealand has gone off without a hitch. The launch of the kilo-kitty mission had suffered repeated weather delays. After deciding to go ahead today, the balloon was laid out and a tow balloon inflated to lift the tip of the SPB off the ground. That was …
Zombie rising from the grave

Zombie crypto still rules smart grids: OSGP vendors need to kill RC4

The Open Smart Grid Protocol's custom RC4 encryption has been cracked – again. OSGP was called out last year for rolling its own crypto, based on the deprecated RC4. At the time, the OSGP Alliance said it would implement better security, but the RC4 zombie is still shambling around, according to German researchers Linus …
Plastic_Logic

Mozilla gathers more MOSS

The Mozilla Open Source Support (MOSS) program has been expanded to give a hand to non-Mozilla projects. The Mozilla Foundation announced the change on May 11. As well as open source projects that Mozilla “uses or relies on”, the group has created a MOSS “Mission Partners” track that's “open to any open source project in the …
Prison

Insider trading hacker pleads guilty to p0wning press releases

A Ukrainian ne'er-do-well who broke into market computers for an insider trading scheme has entered a guilty plea in the US. The 28-year-old, Vadym Iermolovych, has put his hands up to three charges – conspiracy to commit wire fraud, conspiracy to commit computer hacking, and aggravated identity theft. The US Department of …

Symantec antivirus bug allows utter exploitation of memory

British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products”. Described here, the problem is in how the antivirus products …
Speedometer by Nathan E Photography, Flickr under CC2.0

Nokia offers up 10 Gbps HFC demo

Nokia Networks has applied the paddles to the chest of cable broadband, pumped in the volts, and sent it sprinting at 10 Gbps. While the company says the proof-of-concept work demonstrates the viability of CableLabs' DOCSIS 3.1 roadmap, it's not yet working directly with the group. The company showed off a demo of its XG- …
Computer mouse  connected to a rolled up newspaper with the headline Tech News

Cisco SIP slip spikes servers

Cisco has patched a bug in some of its video server SIP implementations that left them open to a remote denial-of-service attack. The Borg says the Cisco Video Communication Server can be crashed by a malformed SIP header message, adding that remote attackers can exploit this by manipulating the SIP URI. An attacker doesn't …
Dyson DC37 vacuum cleaners

Tabby's Star's twinkle probably the boring business of calibration

Put the boffins in a cage and break out the popcorn: a new analysis suggests the “long-term decline” in the light observed from the hotly-speculated-upon “Tabby's star” tells us more about calibrating Earth instruments than alien gigastructures. The fun began last year when Kepler images showed unusual flickers in the …
stack of newspapers view from the side

Ubuntu kernel patches land

Canonical has pushed a bunch of important kernel security updates. In the aging Ubuntu 12.04 LTS, the fixes are described here. Only one of the vulnerabilities is remotely exploitable – CVE-2015-8767, a race condition when handling heartbeat timeouts, and can be exploited to cause a system crash. There are three local crash …
Fibre below

NBN satellite rollout suspended in Tasmania for election

West coast residents of Tasmania, first promised fibre connection to the NBN only to have t replaced by satellite, have been told the network rollout in their electorate will go on hold until after the election. nbnTM has told the Australian Broadcasting Corporation's (ABC) The World Today radio program that it's holding off …
China

Sino the times: MSN to pull Chinese portal

Microsoft's MSN China portal will farewell the Internet in June of this year, signalling a further withdrawal of the country's content presence in the Middle Kingdom. The decision was first reported in Chinese media, according to Nikkei, with Redmond to pay more attention to hosting, Windows 10, and its R&D operation. The …
Rani Borkar

Chipzilla veteran joins IBM's OpenPOWER

IBM has tapped former Intel product development veteran Rani Borkar as veep for development of its OpenPOWER project. Borkar left Chipzilla at the end of last year, after 27 years with the company. At Intel, she specialised in chips for PCs and data centres – for example, speaking for Intel when it first started pitching its …
Broken CD with wrench

Malware scan stalled misconfigured med software, mid-procedure

A user or reseller who couldn't be bothered configuring their antivirus properly has hit the headlines for interrupting doctors trying to insert a vascular catheter into a patient. As the FDA's Adverse Event Report says, an hourly malware scan stalled a Merge Healthcare Hemo unit, which collects patient vital signs, displays …
dumb_and_dumber_648

This is what a root debug backdoor in a Linux kernel looks like

A root backdoor for debugging ARM-powered Android gadgets managed to end up in shipped firmware – and we're surprised this sort of colossal blunder doesn't happen more often. The howler is the work of Chinese ARM SoC-maker Allwinner, which wrote its own kernel code underneath a custom Android build for its devices. Its Linux …
Telstra pit by https://www.flickr.com/photos/newtown_grafitti/ cc. 20 attribution generic https://creativecommons.org/licenses/by/2.0/

A modest proposal: dump the NBN mess on Telstra

Because Australia is now in an election campaign, various hopefuls are holding their breath in case (a) the NBN becomes A Serious Election Issue, and (b) the opposition Australian Labor Party (ALP) advances an alternative policy that brings fibre closer to the premises. The depressing truth is this: (a1) because of the …
Hydra's spectrograph

Icy Hydra outshines its dirty neighbour Charon

NASA's latest data release from its New Horizons probe has confirmed the reason that Pluto's moon Hydra is covered by ice. The agency says its analysis of the highly-reflective Hydra shows “the unmistakable signature of crystalline water ice: a broad absorption from 1.50 to 1.60 microns and a narrower water-ice spectral …

Don't split Openreach, says BT, and we'll splash BEELLIONS on broadband and 4G

British Telecom has offered the UK government a familiar devil's bargain: protect us from competition and we'll spend an extra £6 billion on our broadband networks. The carrier's Thursday announcement to the London Stock Exchange comes just after comparison site uSwitch published a damning analysis of UK broadband speeds. …
facebook_shock_648

Facebook image-tagging to be tested in Californian court

Facebook has lost the first round of a US class action lawsuit in Illinois, with a judge ruling it can proceed to trial. The first sueball in the action was lobbed last September, on the basis that the ZuckerBorg was breaking that state's 2008-era Biometric Information Privacy Act (BIPA). Plaintiffs Nimesh Patel, Adam Pezen …

Debian farewells Pentium

Debian is farewelling a bunch of legacy processors, including Pentium. While Linux may still be touted as the best way to keep an ancient PC on life support, there are limits, it seems. As kernel developer Ben Hutchings explains in this post, Debian is inheriting the change from gcc, which no longer supports pre-686 …
Mercury DEM

NASA, USGS publish topographical map of Mercury

NASA, the US Geological Survey and various university faculties have released a dream package for the imaginary hiker and geodata geek: a topographical model of Mercury. The release is based on data delivered by the Messenger spacecraft that slammed into the planet last year. Also taking part in the release are Arizona State …
Toothpaste image via Shutterstock

Linux Mint to go DIY for multimedia

The Linux Mint project has decided version 18, scheduled for June 2016, will end out-of-the-box installation of multimedia codecs. The reasoning is straightforward: shipping with codecs involves a lot of work that other mainstream distributions don't bother with, instead leaving users to choose what they want post-install. As …
A Handful of Giant Weta by Mike Locke

Aruba! Aruba! Patch now, patch fast!

Aruba Networks is slinging patches at a bunch of vulnerabilities in management platforms, its Aruba Instant Platform, and its proprietary ArubaOS PAPI management API. The company posted three advisories here after Google put it on a 90-day deadline, with the Chocolate Factory's Sven Blumenstein dropping a consolidated report …