Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Avaya logo atop Avaya stadium

They're baaaack: Avaya outlasts Chapter 11

Almost a year after filing for Chapter 11 bankruptcy protection, Avaya last Friday announced the process has completed. During the restructure, the company exited the networking business, selling that operation to Extreme Networks for $100 million. That left Avaya able to focus on its contact centre business (a good thing, …

Another AI attack, this time against 'black box' machine learning

Would you like to join the merry band of researchers breaking machine learning models? A trio of German researchers has published a tool designed to make it easier to craft adversarial models when you're attacking a “black box”. Unlike adversarial models that attack AIs “from the inside”, attacks developed for black boxes …

Windows 10 bundles a briefly-vulnerable password manager

Google Project Zero's Tavis Ormandy has turned up a howling blunder in a password manager bundled with Windows 10. On Friday, Ormandy dropped the bug, not in Windows but in the third-party Keeper password manager. He wrote: “I've heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI …
spy_eye_648

No hack needed: Anonymisation beaten with a dash of SQL

Governments should not release anonymised data that refers to individuals, because re-identification is inevitable. That's the conclusion from Melbourne University's Dr Chris Culnane, Dr Benjamin Rubinstein and Dr Vanessa Teague, who have shown that the Medicare data the government briefly published last year can be re- …
Face Palm D'oh from Shutterstock

IETF protects privacy and helps net neutrality with DNS over HTTPS

The Internet Engineering Task Force has taken the first steps towards a better way of protecting users' DNS queries and incidentally made a useful contribution to making neutrality part of the 'net's infrastructure instead of the plaything of ISPs. The Register first noticed the technology in this article by Mark Nottingham ( …
NBN logo

nbn™tries to ease peak hour crunch with cheaper bundles

nbn™ has announced new wholesale bundles it hopes will overcome the despised peak-hour crush: a 50 Mbps access product with 2 Mbps of CVC traffic in the bundle; and a 100 Mbps access product with 2.5 Mbps of CVC. The 50 Mbps product has a wholesale price of AU$45 per month, and the 100 Mbps product is $65 per month. nbn™ said …
shutterstock_282226826-Internet-of-things

FBI tells Jo(e) Sixpack to become an expert in IoT security

Internet of Things users need to become sysadmins, America's Federal Bureau of Investigation says. That's a summary of the Feds' blog post, published this week, in which the agency's Beth Anne Steele wrote that Things are best deployed on their own network, with an off-switch. Steele's post offered a checklist explaining how …
Photo by MediaGroupBestForYou / Shutterstock

'Suspicious' BGP event routed big traffic sites through Russia

A Border Gateway Protocol (BGP) routing incident saw a bunch of high-profile Internet destinations mis-routed through Russia on Tuesday, US time. In what BGPMon called a “suspicious” event, “Starting at 04:43 (UTC) 80 prefixes normally announced by organisations such Google, Apple, Facebook, Microsoft, Twitch, NTT …
One per cent

One per cent of all websites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …
Selection of Australian banknotes

NSW TAFE's IT FAIL was so bad, 100 staff were hired to clean up

New South Wales TAFE's failed IT project will be a millstone around the organisation's neck for years, the state's Auditor-General warned yesterday. Terminated last year, the Learning and Management and Business Reform (LMBR) project has nonetheless managed to reach out of the grave and grab the dollars. The Auditor-General's …
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Juniper squeezes vulns that allow total p0wnage

Juniper admins using the company's NorthStar WAN SDN Controller Application, hop to it: the company's just dropped fixes to 28 security vulnerabilities. The bugs apply to version 2.1.0 Service Pack 1 and newer versions of the application. With such a crop available, here are the most severe bugs, some of them internal to the …

Boffins show off speedy quantum CNOT gate - in silicon

German and American boffins have claimed a speed record for a quantum CNOT gate: 200 nanosecond operation, which would equate to 5 MHz clock speeds. Just as important, the researchers created the quantum CNOT* gate in silicon, in the form of electron spins controlled by microwave pulses. As this announcement from the …
Robot AI Woman

Fruit of an acquisition: Apple AI software goes open

Apple's joined other juggernauts of the tech sector by releasing an open source AI framework. Turi Create 4.0, which landed at GitHub recently, is a fruit of its 2016 US$200 million acquisition of Turi. As the GitHub description explains, it targets app developers that want custom machine learning models but don't have the …
Juno

Juno's July fly-by gave NASA a close-up of the Great Red Spot

video It's at least 150 years old, one-and-a-half Earths wide, reaches 300 km (around 200 miles) into Jupiter's atmosphere – and now, thanks to data from the Juno probe, NASA's offering the chance to take a virtual dive into the famous Great Red Spot. When it made its first pass over the vast super-storm in July 2017, one of the …
Macbook 2015 keyboard. Pic: Apple

Google's Project Zero reveals Apple jailbreak exploit

Ian Beer of Google's Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. Beer went public after Apple worked out a fix for the kernel memory corruption bug. He even launched a Twitter account for the occasion: If you're interested in bootstrapping iOS 11 kernel …
shutterstock_287971118--snake-hero

Language bugs infest downstream software, fuzzer finds

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi. As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include …

Google pauses accessibility service crackdown

Google seems to be taking a softer stance on its “accessibility crackdown”, pausing the program for a review. In late November, the Chocolate Factory warned Android developers not to use accessibility features outside their intended use. The accessibility framework is useful to simulate text entry or screen taps, but ad …
FACEPALM

Leftover Synaptics debugger puts a keylogger on HP laptops

For the second time this year, HP Inc has had to patch its laptops after a security researcher found a driver-level keylogger – and this time, other laptop-makers might have to check their own products. The debug trace was in the Synaptics Touchpad driver used almost across-the-board in HP laptops, and while it is turned off …
Telstra copper in broken pit

Optus to refund NBN customers for slow connections

Optus has become the second Australian carrier to announce refunds for customers unable to get decent National Broadband Network connections. Under pressure from the Australian Competition and Consumer Commission (ACCC), Telstra in November 'fessed up that performance on the NBN didn't match its advertising and said it would …

Microsoft Dynamics 365 sandbox leaked TLS certificate's private parts

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle. Matthias Gliwka, a Stuttgart-based software developer, discovered the slip while working with the …
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

Brandis' infrastructure security bill off to committee

Australia's attorney-general George Brandis won't get his critical infrastructure register kicked off this year: the legislation was introduced late last week, but immediately sent off to the Parliamentary Joint Committee on Intelligence and Security. The committee has been asked to provide its report into the bill in the …
An angry man gesticulates at his laptop screen. Photo by Shutterstock

Google pushed update that broke managed Chromebooks' Wi-Fi

A Google slip-up left educators scratching their heads after schools' Chromebooks developed mass wireless network SSID amnesia. The issue came to light in four rather cross Reddit threads (here, here, here and here). What happened was an apparent update slip-up resulting in devices forgetting Wi-Fi settings managed through …

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client. What he's found is that more than 30 mail …
mAN SMILES INTO CAMERA, pHOTO BY sHUTTERSTOCK

Google learns to smile, because AI's bad at it

Google's taken a small step towards addressing the persistent problem of bias in artificial intelligence, setting its boffins to work on equal-opportunity smile detection. In a paper published at arXiv December 1, Mountain View trio Hee Jung Ryu, Margaret Mitchell and Hartwig Adam laid out the results of research designed to …
Eclipse photo via Shutterstock

Beware the IDEs of Android: three biggies have vulnerabilities

Developers using the Android Studio, Eclipse, and IntelliJ IDEA have been advised to update their IDEs against serious and easily-exploitable vulnerabilities. Check Point Software Technologies went public with the bugs on December 4, but said it made its discoveries in May 2017. Initially, Check point's four researchers (Eran …

Biting the hand that feeds IT © 1998–2017