Richard Chirgwin

Contact Mail Follow Twitter RSS feed

Sorry 'strange physics' fans, IceCube finds the Standard Model stands

Video Thanks to work at the IceCube instrument in Antarctica, we have learned that Earth has an appetite for high-energy neutrinos: they're more likely to be “swallowed” by the planet in collisions with matter than those at lower energies. The bad news: sorry about “new physics” expectations. The result is in line with the boring …
Scary Skeleton Samba

Samba needs two patches, unless you're happy for SMB servers to dance for evildoers

It’s time to patch Samba again - or turn off SAMBA 1, which is never as easy as it sounds. The lid came off the issue a couple of days ago, when the big Linux distributions (Red Hat, Ubuntu, Debian and so on) rolled out fixes for a use-after-free error affecting all versions of SAMBA since 4.0 (published in 2012). The bug …

Devs working to stop Go math error bugging crypto software

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big …
Cartoon boom gate

Microsoft reprieves CodePlex users – you're doomed next week

Even a turkey can get a reprieve: Microsoft's CodePlex shut-down date has run late, but is still imminent. In March, Redmond announced it would put its collaborative software repository out of its misery. Its intent was to put the site into read-only mode during October, ahead of a December 15 shut-down. That timetable seems …
HBO: Game of Thrones

Iranian military hacker fingered for 'Game of p0wns' HBO leak

The United States' Department of Justice has identified a suspect in July's attack on Home Box Office, naming an Iranian national, Behzad Mesri, in an indictment unsealed Tuesday, November 21. Announcing the charges, acting Manhattan US attorney Joon Kim said Mesri is “had previously hacked computer systems for the Iranian …
No bugs sign

Microsoft says Win 8/10's weak randomisation is 'working as intended'

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited. Redmond's response, posted here, was that ASLR is working as intended, and that the lack of randomisation discovered by Will Dormann - with assistance from Matt Miller of Microsoft - was a feature, not a …

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Uber's CEO Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases and stole personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers. And the cyber-thieves made off with 600,000 US driver records that included their license numbers …
‘Oumuamua artist's concept

From Vega with love: Pegasus interstellar asteroid's next stop

It's official: the Asteroid 1I/2017 U1, aka "‘Oumuamua", which screamed through the solar system in October 2017 is an interstellar object. And a very strange one at that.* The 400 metre long asteroid is moving fast – 38.3 km/second is its current sun-relative velocity – and has already passed Mars' orbit after sling-shotting …
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Patch on way 'this week' for HP printer vulns

Updated Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers. News of the threat emerged from a Foxglove Security deep-dive into printer security that saw the researchers warn HP of problems in August. The …

More than half of GitHub is duplicate code, researchers find

Given that code sharing is a big part of the GitHub mission, it should come at no surprise that the platform stores a lot of duplicated code: 70 per cent, a study has found. An international team of eight researchers didn't set out to measure GitHub duplication. Their original aim was to try and define the “granularity” of …
Dice fail randomness

Microsoft's memory randomization security defense is a little busted in Windows 8, 10

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR) mechanism, designed to severely hamper hackers' attempts to exploit security bugs. The programming blunder is simple: as of Windows 8, a flaw in Microsoft's system-wide mandatory ASLR …
Angry man on laptop. Illustration via Shutterstock

It's 2017, and command injection is still the top threat to web apps

The Open Web Application Security Project will on Monday, US time, reveal its annual analysis of web application risks, but The Register has sniffed out the final draft of the report and can report that it has found familiar attacks top its charts, but exotic exploits are on the rise. A late pre-release version of the Project' …
Bell switchboard

DNS resolver 9.9.9.9 will check requests against IBM threat database

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features. The Quad9 DNS service, at 9.9.9.9, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks …
panic

F5 DROWNing, not waving, in crypto fail

If you're an F5 BIG-IP sysadmin, get patching: there's a bug in the company's RSA implementation that can give an attacker access to encrypted messages. As the CVE assignment stated: “a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) …
Privacy

User experience test tools: A privacy accident waiting to happen

Researchers working on browser fingerprinting found themselves distracted by a much more serious privacy breach: analytical scripts siphoning off masses of user interactions. Steven Englehardt (a PhD student at Princeton), Arvind Narayanan (a Princeton assistant professor) and Gunes Acar (postdoctoral researcher at Princeton …
Facebook-style hands shake

The Social Network™ releases its data networking code

Facebook has sent another shiver running up Cisco's spine, by releasing the code it uses for packet routing. Open/R, its now-open source routing platform, runs Facebook's backbone and data centre networks. The Social Network™ first promised to release the platform in May 2017. In the post that announced the release, Facebook …
NBN

nbn™ to ISPs: share your speeds or we'll share 'em for you

NBN Week Australia's National Broadband Network “speed scandal” was in the news again last week, as nbn™, the company building and operating the network, suggested it should publish its internal speed data to resolve the issue. Last week, Telstra 'fessed up that it can't always deliver the speeds it advertises, blaming nbn™ for …

Belgian court says Skype must provide interception facilities

Skype has failed in its appeal against a 2016 fine in Belgium for failing to help authorities tap calls in a criminal investigation, with the court saying it must comply with the country's telecommunications laws. Last year, a court in Mechelen imposed the €30,000 fine, because Skype was unable to hand over anything more than …
Walking Legs by Shutterstock

Q: Why are you running in the office? A: This is my password for El Reg

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users. Unlike the collaboration between American and Hong Kong researchers who want “who are you?” for ad-tracking, the National Institute of Technology, Karnataka boffins' …

US authorities swallow security-free script for pill that knows when you're off your meds

What could possibly go wrong when drug companies embed into a pill, so that after you swallow it connects to a smartphone app and then sends data over the internet? The question is urgent as the United States Food and Drug Administration (FDA) this week approved a thing-in-a-pill, in the form of an antipsychotic called …
Burning money, photo via Shutterstock

Hardware headwinds hurt Cisco as revenue dips two per cent in Q1

Cisco suffered a decline in revenue for Q1 2018, weighed down by ongoing weakness in its switch and router business. The company reported first quarter 2018 revenue of US$12.1 billion, which was two per cent down on the first quarter 2017. Total product revenue of $9.05 was down three per cent year-on-year, while services grew …

TensorFlow lightens up to land on smartmobes, then embed everywhere

Google's released an Android/iOS version of TensorFlow. The Chocolate Factory announced the developer preview of TensorFlow Lite in this Tuesday blog post. The post stated the release will initially target smartmobes, with later versions to target embedded devices. Google first revealed its desire for machine learning …
cloud

Euro telco standards wonks publish third iteration of open source orchestrator

The European Telecommunications Standards Institute (ETSI) has published the third release of OSM, its open source management and orchestration (MANO) stack for network function virtualisation. Key features in this release include a new admin user security model, shared projects, and expanded service assurance and monitoring …
ZTF at Palomar

576-megapixel 'Zwicky Transient Facility' telescope sees first light

A sky survey destined to add yet another firehose of data to astronomy saw first light in early November. The 576-megapixel monster, known as the Zwicky Transient Facility (ZTF) was installed on the 48-inch Samuel Oschin Telescope at Palomar, and captures 47 square degrees of sky in each image. As Caltech's announcement stated …
DHS assistant secretary Jeanette Manfra

US Homeland Security says hardly any Kaspersky software left on federal networks

Only 15 per cent of US federal agencies still have Kaspersky Lab software anywhere on their networks. So said the United States' Department of Homeland Security (DHS) assistant secretary for cyber security, Jeanette Manfra, at a Tuesday hearing of the House Committee on Science, Space, and Technology's oversight subcommittee …

Biting the hand that feeds IT © 1998–2017