Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Detail of A10 cannon, Shutterstock

Oracle Hospitality apps rolled out the Big Red carpet to crims

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has …

IRS tax bods tells Americans to chill out about Equifax

The United States Internal Revenue Service has said that citizens affected by the Equifax breach need not panic, because it probably didn't reveal anything that hasn't already been stolen and the agency has tooled up to deal with fraudulent tax claims. Commissioner John Koskinen, discussing whether the breach would interfere …
Hipster pizza guy photo via Shutterstock

Domino's Pizza delivers user details to spammers

Domino's Pizza's Australian outpost has blamed a partner for a security breach, after angry customers went online complaining about finding themselves on spam lists. The company owned up to the breach after Redditor “Pinchie McPinch” complained about receiving e-mails from “Sarah” and “Jess”. What tipped Pinchie that the data …
Man peers into fridge with odd look on his face. Photo by shutterstock

Australia's IoT security rating might work, if done right

INTERVIEW As Vulture South reported Monday, Australia's government hopes to have consumer Internet of Things products given security “star ratings” of some kind, so consumers know what they're buying. The notion seems problematic: for example, what does a five-star security rating on a security camera mean, if it's attached to a router …
Money explosion photo via Shutterstock

Crypto-coin miners caught toiling away in hacked cloud boxes

Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining. Security outfit RedLock's security trends report [PDF], out this month, said developers and organizations are not securing their AWS, Azure and Google Cloud Platform systems, allowing miscreants to hijack them to steal …
Enceladus in Google Maps

Google adds planets and moons to Maps, but puts bits in the wrong places

Can't tell the difference between a photo of your partner and one of your pet? Good news, Google can now automatically sort photos of animals from pics of people. In this pun-peppered post (“oppawtunity”? “pawesome movie”? Save us) explains that instead of asking Google Photos for “dog” or “cat”, the software will now do the …

Australian senator Pauline Hanson wants devilish scam calls to flash '666'

An Australian senator has come up with a cunning plan to stop phone scammers: any call from an unregistered VoIP line should show the caller's number as “666”. Senator Pauline Hanson detailed the idea in a letter to communications minister Mitch Fifield, as part of a government review into dealing with scams. On Facebook, she …

Russia tweaks Telegram with tiny fine for decryption denial

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia's FSB's demand that it help decrypt user messages. The fine translates to just under US$14,000, making it less of a serious punishment and more a shot across the bows. However, it does seem to entrench the principle that the Federal Security …
finger pointing

Review pins blame for Medicare ID breach on you. All of you

Comment The Australian government's review of an incident that saw health care customer numbers offered for sale on a Tor “darknet” site has recommended retaining the numbers as acceptable proof of identity. Australian adults are all issued a "Medicare card" entitling them to government-funded healthcare. The cards bear the unique …
Eindhoven's winning solar Cruiser

Storms blow away 2017 Solar Challenge field

The Reg didn't physically follow this year's Solar Challenge, the biennial solar car race across Australia's dead, red heart. But we did observe this year's event, in which unfavourable weather meant this year's field didn't even get the chance to set speed records. Winning team Nuon Solar from the Netherlands managed an …
Car stolen - Shutterstock

'Open sesame'... Subaru key fobs vulnerable, says engineer

A Dutch electronics engineer reckons Japanese auto-maker Subaru isn't acting on a key-fob cloning vulnerability he discovered. Tom Wimmenhove claims to have discovered that Subaru's electronic keys don't use a random number. The “rolling code” instead merely increments codes. Wimmenhove says he's built a cloning device ( …

'Cyber kangaroo' ratings for IoT security? Jump to it, says Australia's cyber security minister

Australia's government hopes that somewhere in the world, a vendor of consumer-grade connected electronics is willing to admit it's rubbish at security by giving itself a low score in a proposed safety rating system. The idea of security ratings for internet things emerged during last year's 360° Cyber Security Game, co-hosted …
Smart oven

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections. The authors of the paper have everything ready except the details of their disclosure: acceptance …
Headphones too loud

Sounds painful: Audio code bug lets users, apps get root on Linux

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it …
Intel's 17-qubit quantum chip

Look! Over there! Intel's cooked a 17-qubit chip quantum package

Intel reckons it's stolen a base in the race to build quantum chippery, by shipping a cryogenically-cooled 17-qubit chip to Netherlands-based QuTech. QuTech is Chipzilla's quantum research partner – QuZilla, so to speak. Regular readers of spooky-action-stories will know a qubit is a fragile creature, losing data if there's …
Visualisation of Haumea's rings

Someone liked dwarf planet Haumea so much they put a ring on it

VIDEO Back in January, a Spanish-led group of astroboffins turned telescopes skywards to watch an occultation of dwarf planet Haumea, and got a surprise. With the analysis in, it turns out the space rock that circles the sun beyond Pluto has a ring – the first planet discovered beyond Neptune to sport such cosmic jewellery. The …
Shutterstock door knocker

Swiss banking software has Swiss cheese security, says Rapid7

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …
Don't be an idiot

Oz military megahack: When crappy defence contractor cybersecurity 'isn't uncommon', surely alarm bells ring?

While Australia's federal government scrambles to hose down a hacking incident, it's important to ask why a defence contractor of any size could run a network so insecure it exposed default administrative interfaces to the Internet. An Australian Signals Directorate (ASD) presentation to the Australian Information Security …
2012 TC4 - NASA impression

NASA readies its asteroid warning system for harmless flyby

With asteroid 2012 TC4 about to pass between Earth and the moon, NASA is gearing up for its much-anticipated live test of its warning system. Back in July, the approaching rock caused a brief flurry of speculation that an impact was imminent, before the European Space Agency issued a “calm down” statement. With error bars …
handshake_648

Qualcomm offers concessions to secure NXP Semi takeover

Qualcomm is hoping it can cut a deal with the European Union to get the go-ahead for its multi-billion NXP Semiconductors acquisition. The European Commission page tracking progress in the acquisition says the vendor filed commitments on October 5, but doesn't detail what the company is offering. The filing was enough to set …
FACEPALM

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …
Pop art style illustration of man exclaiming "WHAT?" in shock/horror/bemusement. Illustration via Shutterstock

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Updated The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer's home PC took an explosive turn on Tuesday. Essentially, it is now claimed Israeli spies hacked into Kaspersky's backend systems only to find Russian snoops secretly and silently using the software as a global search engine. Kremlin …
Snow White waves goodbye. Photo copyright Disney

Outlook, Office 2007 slowly taken behind the shed, shots heard

A decade after their release, Microsoft Office 2007 and Outlook 2007 today fell out of extended support. Gaze teary-eyed at your installation discs. The software has entered the Long Dark Tea-Time of the Soul. The cutoff has been coming for some time, of course, but if you're of a nostalgic bent, the Outlook 2007 epitaph is …

Rattled toymaker VTech's data breach case exiting legal pram

VTech, the toy company pierced by attackers in late 2015, is hoping an Illinois court will toss out the resulting class action against it. The company's woes began on 27 November 2015, when it belatedly owned up to a breach. At the time, Troy Hunt believed the breach contained details of 4.8 million customers, and journalist …

Cortana, please finish my sentences in Skype texts for me

If you're really, really awkward in Skype text conversations, or you just want someone to think you're paying attention without all that pesky human interaction, you can now get help from Cortana. All you need do is add Cortana as a Skype contact – currently, only if you're in the USA, running Skype on Android and iOS – and …

Biting the hand that feeds IT © 1998–2017