Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Shocked couple scream and clutch their hair

Netgear 'fixes' router by adding phone-home features that record your IP and MAC address

Netgear NightHawk R7000 users who ran last week's firmware upgrade need to check their settings, because the company added a remote data collection feature to the units. A sharp-eyed user posted the T&Cs change to Slashdot. Netgear lumps the slurp as routine diagnostic data. “Such data may include information regarding the …
Dr Strangelove bomb

Nukes tests caused space weather, say NASA boffins

Space weather is usually driven by the Sun – but a bunch of data about Cold War nuclear tests has given NASA boffins the chance to measure whether humans can affect what goes on in Earth's neighbourhood. The once-classified data records high-altitude detonations that happened between 1958 and 1962, conducted both by America …
padlock

Azure users told they're not WannaCrypt-proof

Microsoft Windows users already know what to do to defeat WannaCrypt (unless they've been asleep for a week). Now the company's published its advice for its Azure customers. Since there aren't any surprises in Microsoft's note for Azure users, Vulture South suspects this is a prod for people who are slow to respond or …
Mickey Mouse

HP Inc wireless mouse can be spoofed

If you're using an HP Inc wireless keyboard/mouse combo and the cursor starts behaving badly, someone might be pranking you. That's because the wireless mouse in the ERK-321A bundle is unencrypted: anyone can sniff its signals, learn its protocol and commands, and inject their own signal in a spoofing attack. German …
A skull atop money

Cisco to fire another 1,100 after sixth straight revenue fall

Administrative chaos in America has put a dent in Cisco's financials, and the company has announced its intention to cut another 1,100 jobs. Its third-quarter earnings, announced today, Switchzilla reported a one per cent decline in revenue year-on-year to US$11.9 billion (its sixth consecutive quarter of decline), and …

Australian privacy commissioner flags new data mining rules for government agencies

Australia's Department of Human Services (DHS) might have given itself a clean bill of health over its notorious “Robodebt” data-matching program, but Privacy Commissioner Timothy Pilgrim wants to check it out for himself. Speaking to a Senate inquiry into the program today, Pilgrim said the inquiry will take place after the …
Copper wire

nbn™ needs copper to build FTTN: another 15,000 km of it

Remediating and backfilling copper networks for Australia's National Broadband Network (NBN) was always going to need new copper, and now Australians know how much: 15,000 kilometres. The supplier of that copper, Prysmian, will be happy: nbn™, the company building and operating the NBN has written to a senate committee naming …
shutterstock_282226826-Internet-of-things

IoT needs security, says Microsoft without even a small trace of irony

Still reeling from criticism over the WannaCrypt attack, Microsoft has stuck its hat on a stick and raised it out of the trench to see how its proposals for Internet of Things security might be received. Since IoT security is almost uniformly awful, it's probably a good thing that the creator of Windows XP Embedded wants to …
Screenshot of Chrome's "Aw, snap!" error message

Chrome on Windows has credential theft bug

Google's Chrome team is working to fix a credential theft bug that strikes if the browser is running on Microsoft Windows. The bug is exploited if a user is tricked into clicking a link that downloads a Windows .scf file (the ancient Shell Command File format, a shortcut to Show Desktop since Windows 98). This exploits two …

Cray dips toe in supercomputing-as-a-service

With AWS, Google, and IBM's Watson already camped in the high-performance cloud business, it's hardly surprising that Cray would tread carefully as a late entrant into the supercomputer-as-a-service business. The premium-level HPC vendor has decided to start small both in terms of target market and in geography: it's inked a …
Sherlock Holmes

Cisco warns: Some products might have WannaCrypt vuln

Here's why infosec needs to quit yelling “if you didn't patch it's your fault” about WannaCrypt: Cisco has announced it's investigating which of its products can't be patched against the ransomware. The Register congratulates Cisco for going public, because it's certain that an innumerable number of third-party systems embed …
 Moe answers a prank call from Bart and Lisa. (c) The Simpsons TM & Fox Pictures

German court set to rule on legality of IP address harvesting

Germany's federal court is set to hand down a ruling about the legality of storing IP addresses. It'll be the culmination of a long-running suit brought by Patrick Beyer, who wants to prevent German government Websites from storing his IP addresses. The government's argument is that storing visitors' IPs, along with a …

Romney tax return 'hacker' Dr Evil gets his sentence reviewed

Michael Mancil Brown, aka Dr Evil, who tried to extort a million dollars from PricewaterhouseCoopers on the basis that he'd nicked Mitt Romney's tax returns, has had a win on appeal and will be sentenced anew. Brown's original four-year sentence (and US$200,000-plus fine) came last year, punishment for pretending he'd hacked …
Businessman makes A-OK sign. Photo by Shutterstock

Good news, OpenVPN fans: Your software's only a little bit buggy

The venerable OpenVPN client has been given a mostly clean bill of health. Between December and February, a team led by Johns Hopkins University crypto-boffin Dr Matthew Green has been auditing OpenVPN 2.4's code. The review, paid for by Private Internet Access (which uses the software), has been published. While all …
Orange juice squeezing

Mimosa spiked! Wireless kit has multiple security holes

5G wireless vendor Mimosa Wireless has patched against a bunch of remote code execution, denial-of-service and file disclosure vulnerabilities. The bugs were reported by Ian Ling on Full Disclosure, and apply to firmware used in the company's access points, client products, and backhaul systems. The products' Web interface …

China staggering under WannaCrypt outbreak

If reports from China are accurate, the country's often-bootlegged and under-patched Windows installations are being hit hard by the WannaCrypt ransom-worm. While the rest of the world seems to be enjoying some respite from the attacks, after researchers found and activated a kill switch in the original code, Xinhua reported …
SLS cryo propulsion system in Marshall test stand

NASA nixes Trump's moonshot plan

NASA will miss its deadline for the first flight of the Orion capsule and the Space Launch System, with the launch moved from 2018 to 2019. The agency's Bill Gerstenmaier also told media in a briefing last Friday that as well as delaying the first flight (designated Exploration Mission One, EM-1), the EM-2 mission that will …

QNAP users: It's your turn to patch in a hurry

QNAP has issued a critical-rated warning for devices running its QTS operating system. According to the Friday advisory (second in this list, no direct link), malware has been discovered on devices that downloads and installs a vulnerable version of the firmware, QTS 4.2.5. The advisory doesn't identify the bugs the attack …
Toilet with smiling loo paper

Japanese researchers spin up toilet paper gyroscopes for science

Japanese boffins have measured the spin-speed of toilet rolls to work out who's on the loo. The idea, apparently, is that because a throne is a good place to collect health monitoring data, the researchers wanted a reasonably non-invasive ID technique. One that wouldn't get bogged down in the obvious privacy issues of trying …
Shutterstock - Giant bug destroys ciy

More UPNP woes: Crashable library bites routers and software

It's a patch for vendors and developers, but it could be nasty: there's a bug in a Universal Plug'N'Play (UPNP), used in a wide range of black-box devices. The bug, in miniupnpc, allows the lightweight UPNP library to be crashed by an attacker – and while the discoverer only confirmed its risk as a denial-of-service vector, …
ransomware

Microsoft to spooks: WannaCrypt was inevitable, quit hoarding

In the midst of the ongoing WannaCrypt attacks, Microsoft has issued an unusually strongly-worded warning to governments around the world to quit hoarding vulnerabilities. The bug exploited by the attack was hoarded by the United States national security agency (NSA), leaked earlier this year and since patched by Microsoft – …

Someone is sending propaganda texts to Ukrainian soldiers

An ongoing campaign of propaganda-texting Ukrainian solders has, unsurprisingly, been attributed to Russian forces equipped with cell site simulators (IMSI-catchers). The “fake texts” started lighting up the soldiers' mobes while a TV journalist, Julia Kirienko, was sheltering with them, according to Associated Press. Another …

Vanilla Forums has a plain-flavoured zero-day

Updated The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016. Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host …
Bug

Google's PHP API client has XSS vulnerability

Users of Google's PHP API client: watch out for phishing attacks while Google patches a cross-site scripting (XSS) vulnerability in the code. The bug, discovered by DefenseCode's Leon Juranic using the company's ThunderScan source code scanner, has been acknowledged by the Chocolate Factory (as a “nice catch”), and a fix is …
Child sized crash test dummies at the TRL

Strap yourself in, fasten your helmet, and try out FreeNAS 11.0-RC

The next FreeNAS release candidate landed last week, hopefully to a better reception than the disastrous Version 10 launch in March. As well as a host of bug-fixes, FreeNAS 11.0-RC proffers a couple of new goodies from the “loyal, dedicated, and attractive FreeNAS development team”: a first-look at a UI based on Angular; and …

Biting the hand that feeds IT © 1998–2017