Feeds

Richard Chirgwin

Contact Mail Follow Twitter RSS feed

Nasty holes found in Belkin's home automation kit

Insecure firmware handling, poor communications practises and API vulnerabilities are among a range of vulnerabilities security company IOActive has identified in Belkin's WeMo home automation systems. In its advisory, here, IOActive says it's discovered that the systems leak a hard-coded key and password that Belkin uses to …
Sochi opening

Walking in a WiFi wonderland

Olympics – summer or, in this case, winter – provide a great proving ground for telco technologies: a huge number of users of widely-varying technical literacy, lots of disparate device types, a fairly lumpy movement of users between indoor and outdoor venues, and of course, stringent security requirements. Vulture South spoke …

IBM, AT&T ink global Internet of Things tie-up

Big Blue and AT&T are moving to wrap up a chunk of the Internet of Things, announcing a global partnership that's as nebulous as the concept it's embracing. Starting with a focus on utilities and city administrations (the latter having long been in IBM's sights), the alliance is pitched as having “privacy in mind” as the two …

SA Plods plonk boots on privacy principles with fingerprint scanners

With a state election due in March, the government in the state of South Australian has set privacy advocates' teeth on edge over the proposed use of fingerprint scanners by SA Police. The state government has tested the NEC scanners, and has said it's going ahead with a deployment of 150 units, which will be linked to Android …

Zoom out for a view of malware, say boffins

One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …

Quantum comms can be made even more secure

Quantum mechanics can be used to create the “perfect” digital signature, but in practice, it's held back by the technical impossibility of retaining quantum states for more than a few seconds. Now, a group of researchers from the UK, Croatia and Greece is proposing a scheme they say would make quantum digital signatures (QDS) …
bug on keyboard

WordPress two-factor login plugin bug, er, bypasses 2-factor login

The maker of a popular plugin that provides two-factor authentication for WordPress bloggers is preparing an update – after finding a vulnerability in its system. It advises that anyone using two-factor plugins from any vendor need to check their security strength. Duo Security's duo_wordpress plugin is vulnerable in some …

FireEye enters crowded IPS market

Late last week, FireEye took something of a plunge, throwing its hat into the ring of the crowded intrusion prevention system (IPS) market, with a beta of software that adds IPS capability to its virtualised MVX environment. With the IPS to be made available as a license add-on for the company's NX network threat prevention …
Planetoid crashes into primordial Earth

SPACE VID: Watch JUMBO ASTEROID 2000 EM26 buzzing Earth

If there's nothing on TV tonight, or you're suffering from insomnia, readers of The Register can always tune in to an asteroid flyby, broadcast live online by the Slooh Observatory. Slooh's cameras will start streaming commentary and footage of near-Earth space rock 2000 EM26, here and in the player below, from 6pm Pacific …

Syrian Electronic Army slurps a MILLION reader passwords from Forbes

Forbes.com has become the latest media outlet to fall to an attack by the Syrian Electronic Army (SEA) with the account records of more than a million people swiped. A database containing email address and password combinations for 1,071,963 accounts was dumped online by the hacktivisits – including the records for Forbes …
Vulture South NBN Logo

Tasmanian Liberals fear NBN policy will kill their election hopes

Four weeks out from an election in the Australian state of Tasmania, the leader of the opposition Liberal party leader Will Hodgman has staged a “gaffe” by telling a colleague the issue of the National Broadband Network (NBN) could cost his party the election in front of TV cameras. While getting ready for a press conference …
Dunce

Free space optics gets shiny new snake-oil paint job

A technology more than 15 years old is getting a brand-new publicity brush-up because it's been discovered by the high-frequency trading community. Free space optics is older than The Register, even: it's been around so long that in the mid-1990s, it was even exciting in Australia, where a company called Davnet was founded to …
Eiffel Tower Shenzhen at night

New password system lets planet Earth do the hard work

Log-in credentials derived from geographical information could reduce the majority of data breaches by providing an almost uncrackable replacement for conventional passwords, according to security researchers. ZSS-Research of Ras Al Khaimah in the UAE has developed a system which requires users to choose a favourite place …
Shot of the D-Wave chip holder - a robotic looking contraption

D-Wave wooing universities down under

While controversy continues over the nature of its machines, quantum computing company D-Wave is wearing out the shoe-leather talking to academic users – and The Register. In Australia to present to universities and the HPC community at large about D-Wave, the company's director of business development and strategic partnerships …

Malware-flinging Linksys vulnerability confirmed as a HNAP1 bug

The worm called “The Moon”, which began spreading between Linksys home broadband kit last week, has been confirmed as a problem with the devices' HNAP1 implementation, and an exploit has been made public. The exploit was posted to Exploit-db.com by user Rew, who said this Reddit discussion meant the “cat's out of the bag”. …
anonymous logo

Anons escape human sewer after billionaire bog roll blag

A denial-of-service attack that knocked a Koch-owned subsidiary offline in 2011 has earned its perpetrators probations and hefty fines. Twenty-four-year-old Iowan Jacob Wilkins was sentenced in a US federal court in Green Bay on February 14 for the attack, and will have to find $110,932 to pay restitution to Koch Industries. …
Cloud security

Who wants to start a Kickstarter for a more secure Kickstarter? Account data hacked

Crowd-funding site Kickstarter is the latest high-profile Internet property to call on users to reset their passwords, after announcing that an attacker had made off with their account records. However, the site is at pains to emphasise that attackers won't have access to credit card data. In this announcement, the company's …
LHCb Beauty particle collision graphics. Credit: CERN

No, pesky lawyers, particle colliders WON'T destroy the Earth

A couple of lawyers are calling for the US government not to fund any further research at one of its premier heavy-ion colliders, the RHIC, because of a discredited 15-year-old “doomsday scenario” debate. Alert readers will recall that back in 2008, botanist Walter L Wagner had a court case against the Large Hadron Collider …

Ganymede map helps reveal satellite's secrets

“Google Ganymede” can only be a matter of time: a group of scientists has produced the first geological map of Ganymede, the moon of Jupiter. Ganymede map joins Earth's moon, and other Jovian moons Io and Callisto, in the select group of planetary satellites for which such maps have been produced. The map is based on images from …

Fibre Channel Industry Association extends roadmap to 128G bps

It's all about speed: the industry association behind Fibre Channel has laid out its acceleration timeline, with 32G bps 128G bps now nailed to the calendar. The Fibre Channel Industry Association has set down its Gen 6 standard, and its timeline puts shipment of kit following the spec at 2016. The basic channel in the …

Magento bug left user credentials vulnerable: researcher

Security researchers have reported a cross-store vulnerability in the Magento commerce platform that lets attackers create administrative users on any store. Securatary says before it was patched, the bug would allow an attacker to access the account details of “any customer” on the 200,000 merchants that Magento claims to host …

Google to banish mobe-makers using old Androids: report

Google is reportedly embarking on a quixotic quest to unify the versions of Android circulating in the wild, by trying to bar access to Google Play if a device ships with a too-old revision. Android Police is claiming to have received a copy of a Google memo, stating that Google Mobile Services certification will no longer be …
Sony Ericsson C702

Tinfoil hats proven useless by eleven-year mobe radiation study

A long-term longitudinal study in the UK has concluded that mobile phones are safe, with the publication of a report finding “no evidence of biological or adverse health effects” from using mobiles. The second MTHR (Mobile Telecommunications and Health Report) study is a follow-up to a prior report published in 2007. The report …
HP

HP 'clarifies' firmware/support contract rules

A week after upsetting the user community with what looked like a “no patches without payment” policy, HP has moved to “clarify” its position. Rumours first emerged in December that ProLiant firmware would only be made available to customers with active support contracts, something confirmed in early February in a customer …

'Wind power causes climate change' shown to be so much hot air

The localised weather effects of wind-farms are just that – localised weather effects rather than climate-change engines in their own right, according to new research from Europe. When studies emerged in 2012 suggesting local wind-farm-warming effects, they raised speculation that the effects might not be purely local. Two …
Money FU

Cisco coughs up to patent troll, smacks down IP laws

Cisco has announced that its long-running battle with patent troll Innovatio is over, with the licensing outfit accepting $US2.7 million to settle the case. The deal includes Netgear and Motorola devices. As noted by Cisco's Mark Chandler in this blog post, the settlement amounts to 3.2 cents for each of 85 million WiFi device …
Tesla fire

Boffins hose down fiery Li-ion batteries with industrial lubricant

As Boeing and Tesla both know, if you mistreat a lithium-ion battery, it can start a fire – which puts a premium on the search for non-flammable components. Now, US researchers say they've found a candidate electrolyte in an unexpected place. When they're overcharged or overheated, the electrolyte in lithium-ion batteries can …
DARPA logo

DARPA wants to out-Google-Google

The military, researchers, and spooks have long known of the value of public domain information, and now DARPA wants to create a search engine to out-Google-Google in the business of organising that information. The agency has put out a call for developers to work on “domain-specific indexing, domain-specific search, and DoD- …

Auditor rains on Bureau of Met's data warehousing parade

An ambitious project to create a single national water database is going to need a complete reboot, with the Australian National Audit Office saying complexity, non-standard approaches and supplier capture caused a multi-million-dollar blowout in the system. The Bureau of Meteorology was given the task of creating the database …
Spectrograph of SMSS J031300.36−670839.3

SkyMapper turns up oldest star ever found

It's a one-in-60-million search: a group of astronomers has turned up a “second-generation” star, the oldest yet discovered. The star, while given an age of 13.6-plus billion years (more on this later), is quite nearby at just 6,000 light years distant, and is in the Milky Way. What's special about SMSS (SkyMapper Southern …
Snapchat logo

Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE

A security consultant who works for Telefonica has turned up a bug in how Snapchat handles authentication tokens, which enables a denial-of-service attack against users' phones. It's a simple enough problem, as Jaime Sánchez explains here: the tokens should expire, but don't. As a result, one token can be re-used on many …
management regulation1

Juniper, Palo Alto to square off over firewall tech

A long-running legal battle between Juniper Networks and Palo Alto Networks is due to proceed to trial on 24 February, after a Delaware court declined a motion from Juniper for a summary judgement. The sue-ball battle has been going on since 2011, when lawyer's letters first began passing between the two companies. At the …
Thurber-esque cartoon of duck tapping typewriter

Getting documents all too easy for Snowden

Yet more evidence has emerged that the NSA, which has made much of its apparently god-like power to stroll into anybody's network, read anybody's data, and find any target it wants, is a neophyte when it comes to its own information security. If a report published in the New York Times is correct, all Edward Snowden did to …

RoR Paperclip infested by content type spoofing bug

Ruby on Rails developers using the Paperclip uploader to receive files need to update to a new version, after a developer turned up an XSS bug in the software that could possibly be extended to remote code execution. The new version, here, implements stricter incoming file typing to eliminate the bug. What Egor Homakov …

Think wearables are the next tech boom? Cisco's numbers beg to differ

Last year, according to IDC, world smartphone shipments passed the billion-unit mark, making up more than half of a global market of 1.8 billion mobile phones. By 2018 we'll be buying 2.3 billion phones a year. By now you probably also know that plenty of folks suggesting tech giants will find The Next Giant Market by dropping …
Cat yawning

Time to pack in your job: Someone FINALLY needs a cat vids curator

This is not the sound of your ship coming in, but if you're sick of your current job as a Ruby on Rails developer, Oracle sysadmin, HPC guru or security whipping-boy, why not try your hand at the arts? The Walker Art Centre in Minneapolis is looking for a coordinator for its “Internet Cat Video Festival”, which has been running …

Open MPI hits milestone with FORTRAN-ready 1.7.4 release

The decade-old Open MPI project, beloved of the HPC community, has shipped code for a major feature release that brings it close to a complete MPI 3 implementation. Speaking to The Register, Cisco's Jeff Squyres (who along with Richard Graham, then of Los Alamos and now with Mellanox, was one of the instigators of the Open MPI …
Troll in cross hairs

Cisco asks court to bin Rockstar patents

Cisco has thrown on the armour and couched the lance to defend itself and its customers from the zombie Nortel patent lawsuits. The Nortel patent portfolio, bought by the Rockstar Consortium and since partly spun out to subsidiaries Bockstar and Constellation (yes, these are the real names), has been the basis for an ongoing …

Google's tax returns are trop petite says Hollande

France has had enough of the tax shenanigans of American Internet giants, and President Francois Hollande is going to … talk to Barack Obama about the issue. Well, it's a start of sorts: specifically, Hollande says he's going to ask the US to get moving on tax law harmonisation, to deal with the notorious practise of making sure …
Crater on Mars

Mars Orbiter spots FRESH IMPACT CRATER

NASA has announced the discovery of a fresh impact crater on Mars, and has released eye-popping pictures of the new hole taken by the Mars Orbiter's High Resolution Imaging Science Experiment (HiRISE). The orbiter can't provide certainty about when the crater first appeared, as HiRISE was only pressed into service after the less …
Basecamp logo

Goodbye 37signals, hello Basecamp

After a six-month review of its operations, Jason Fried's 37signals has decided on a wholesale liposuction of its business: it plans to offload all of its products but one, and assume the name of that product, Basecamp. The decade-old Basecamp is the staple of collaborative project management for 285,000 companies (and sparked a …
Hadoop Elephant

Cloudera lights Spark under Hadoop

Cloudera has announced commercial support services for the Apache Spark machine learning and stream processing environment. Spark claims to outperform its big-data sibling, MapReduce, either on memory or on disk. As Cloudera notes, while MapReduce is good for complex batch operations – log sifting, ETL (extract, transform, load …
troll

Apple in patent cross-hairs AGAIN

A German patent cash-in outfit called IPCom is claiming $2 billion from Cupertino over the iPhone's ability to give priority to communications such as emergency calls. The Munich-based patent licensing company has received permission from the Mannheim regional court to sue Apple over this patent, applied for in 2000, and granted …
VNI forecast by country

Fixed networks to sag under weight of mobile data: Cisco VNI

Cisco's latest Visual Networking Index (VNI), its annual analysis of current and future bit flows, has hit the wires and it confirms what most people already consider a given: mobile access is continuing to grow, both in terms of volume and in terms of users. The VNI states that mobile connection speeds are also on the rise, …
HP

HP execs Bradley and Donatelli ready to walk: reports

HP's troubles at the top continue, with formerly high-level executives getting ready to jump ship. Reuters reports that Todd Bradley and Dave Donatelli are both working on their exit strategies after being “sidelined by CEO Meg Whitman”. Bradley was head of the merged PC and printer business until June 2013, when he was shunted …

OpenDaylight beams down a little Hydrogen

The Linux foundation's hat-in-the-SDN-ring, the OpenDaylight project, has pushed its first major build out the door: Hydrogen, a combo software-defined networking (SDN) and network function virtualisation (NFV) platform. With code now hitting the ground, OpenDaylight has also gone some way towards one of its original aims: to be …
Securus iFrame attack payload

iFrame attack injects code via PNGs

Security vendor Sucuri is warning that it's spotted an attack in the wild that embeds malicious code in PNG files. The iFrame injection attack loaded a valid jquery.js file with very little to alert even the researcher that something else was going on. As the company writes in this blog post, the only red flag in the code was a …
Nanowire electroluminescence

Optical computing a step closer with SINGLE-MOLECULE LED

Researchers at IPCMS in Strasbourg, working with a team from the Institut Parisien de Chimie Moléculaire (CNRS/UPMC), have produced an LED that consists of a single molecule. While it's unlikely ever to serve as a display, the molecular LED is an important step forward in miniaturising components to provide optical …
Evil Android

China targeted by new Android Trojan

Russian security researchers are warning about an Android Trojan called Oldboot that has infected 350,000 devices worldwide. According to this post at Dr Web, Oldboot has a characteristic that makes it hard to deal with: some of the Trojan's components are loaded into the boot partition of the Android file system. By acting as a …
OCP Storage VAult

OCP gets Ethernet silicon interface

HPC interconnect specialist Mellanox has added an Ethernet switch SDK to its contribution to the Facebook-led Open Compute Project. The SDK follows contributions dating back to 2013 to the OCP's networking sub-project, an effort which also attracted participants like Broadcom, Cumulus Networks, and Intel. For that project, …