Articles about Blunder

Outlook.com had classic security blunder in authentication engine

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked. The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction. The since …
Darren Pauli, 09 Oct 2015
TOR Logo

Fast, wireless access to Tor? Just maybe

Portable Tor routers have a serious image problem. But one of only two companies to have actually done it right plans to fix that.Should you believe the hype this time around? Quite possibly, yes. It was only a year ago that the tech community got excited about the idea of a small, lightweight router that would connect you …
Kieren McCarthy, 06 Oct 2015
Wall of Spam. Pic: freezelight

Virgin Media's SPAM-AGEDDON 'fix' silences mailboxes

Virgin Media customers who are Ntlworld.com account holders have been struggling – one way or another – to access their emails for days now. Subscribers affected by the ISP's migration from Google's Gmail service were first forced to wade through hundreds of SPAM messages to get to their emails, only to later find that over- …
Kelly Fiveash, 05 Oct 2015

iOS 9 security blooper lets you BYPASS PINs, eye up photos, contacts

Vid A security flaw in iOS 9 allows anyone who has a locked Apple iThing in their hand to view its contacts and photos without having to enter a passcode. A chap called Jose Rodriguez has posted a YouTube video demonstrating the design blunder, which exploits Siri to access information on the handset from the PIN unlock screen. …
Shaun Nichols, 23 Sep 2015
Amazon CEO Jeff Bezos

AWS outage knocks Amazon, Netflix, Tinder and IMDb in MEGA data collapse

Amazon's Web Services (AWS) have suffered a monster outage affecting the company's cloudy systems, bringing some sites down with it in the process. The service disruption hit AWS customers including Netflix, Tinder and IMDb, as well as Amazon's Instant Video and Books websites. The outage may also explain Airbnb's current …
Kelly Fiveash, 20 Sep 2015
Google Chrome 64-bit does not work in the latest WIndows 10 build

Crash Google Chrome with one tiny URL: We cram a probe in this bug

You can crash the latest version of Google Chrome with a simple tiny URL. Just rolling your mouse over it in a page, launching it from another app such as an email client, or pasting it into the address bar, will kill either that tab or the whole browser. It's perfect for pranking friends by sending it to them in emails and …
Chris Williams, 20 Sep 2015
Sad iPhone

Apple iPhones, iPads BRICKED by iOS 9's 'slide-to-upgrade' bug

Apple has published a workaround after some iPhone and iPad users were left stranded in the middle of the iOS 9 update process. The Cupertino giant has acknowledged multiple complaints that devices were unable to progress past the "Slide to Upgrade" screen when moving to the latest version of iOS. Apple's remedy: wipe your …
Shaun Nichols, 18 Sep 2015
SHUT UP!

Patch Bugzilla! Anyone can access your private bugs – including your security vulns

If you or your organization is running Bugzilla, and you're using email-based permissions, make sure you've updated to the latest version – namely 5.0.1, 4.4.10, or 4.2.15. That's because someone's found a way to easily access private bugs in your codebase – such as critical security holes you're still working on to fix. An …
Chris Williams, 17 Sep 2015
Skull in an Apple by https://www.flickr.com/photos/walkn/ https://creativecommons.org/licenses/by/2.0/  CC 2.0 attribution generic

Shedload of security bugs squashed in iOS 9 – what the hell went wrong with iOS 8?

Apple's latest version of iOS – iOS 9 – is out today with new features and security fixes. A lot of security fixes: 101 potentially exploitable bugs, we count. If you've got a compatible device, you may well want to upgrade sooner rather than later – certainly before people start trying to exploit these security holes. The …
Team Register, 16 Sep 2015
Crop of doctor with pen and clipboard

ICO probes NHS clinic's data blunder that exposed HIV+ status of 800 patients

The ICO is looking into a data blunder at 56 Dean Street, a sexual health clinic operated as part of Chelsea and Westminster NHS Foundation Trust, after it emailed the HIV positive status of nearly 800 patients to the entire group. The data breach was committed through the email circulation of the clinic's "OptionE" newsletter …

OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

Updated British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list. The data protection howler has been flagged up on Twitter by plenty of angry customers who fear having their personal information plundered by wrongdoers. However, despite the …
Kelly Fiveash, 02 Sep 2015

Dropbox DROPS BOX as service GOES TITSUP worldwide

Dropbox suffered a major outage across the globe today – the company blamed "routine internal maintenance" for the significant wobble, which appears to be ongoing. At time of publication, Dropbox was claiming on its official status page that services were running normally again. However, a quick scan of "Dropbox down" tweets …
Kelly Fiveash, 30 Aug 2015
Small screen multitasking

Yet another Android app security bug: This time 'everything is affected'

Yet another potentially serious security flaw has been revealed in Android. This time the problem involves the mobile operating system's ability to run more than one app at once – as opposed to its handling of multimedia messages, which was the crux of a cyber* of vulnerabilities last month. The latest security blunder opens …
John Leyden, 20 Aug 2015

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

If you're using OS X Yosemite, watch out for malware exploiting a new way to take complete control of your Mac. A vulnerability has been found in Apple's operating system that allows ordinary software on the computer to gain all-powerful root privileges, allowing dodgy apps to install new programs, create users, delete users, …
Chris Williams, 18 Aug 2015
android logo

Google flubs patch for Stagefright security bug in 950 million Androids

Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text messages that contain video clips. By sending a vulnerable …
Iain Thomson, 13 Aug 2015
EE Power Bar

Exploding Power Bars: EE couldn't even get the CE safety mark right

Exclusive EE failed to label its "Power Bar" phone charging devices with the correct marking to show that the product complied with European safety directives, The Register has learned. The embarrassing cockup comes after we revealed that EE management had been warned about safety risks with its Power Bar, ahead of its launch in April …
Kelly Fiveash, 13 Aug 2015

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Black Hat In-Depth A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove. "It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, …
Iain Thomson, 11 Aug 2015
Parliament in the clouds

Cause of Parliamentary downtime on Microsoft Office 364½ revealed

A major Microsoft Office 365 outage in the Houses of Parliament that left up to 3,000 users without email was due to Microsoft failing to inform itself about a technical change, The Register can reveal. The outage occurred on 23 June and resulted in a total of 13 hours of downtime, the Parliamentary Digital Service said in …
Kat Hall, 06 Aug 2015

Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

Black Hat 2015 When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
Iain Thomson, 05 Aug 2015
Sad Android

Got an Android phone? SMASH IT with a hammer – and do it NOW

Android smartphones can be secretly infected by malware smuggled in via video text messages, allowing criminals to sneak inside as many as 950 million devices. You just need to know a victim's cellphone number to silently inject malicious software in their vulnerable gizmo. Once infected, your mobe's camera and mic can be used …
Iain Thomson, 27 Jul 2015
Steve Ballmer. Pic:  Aanjhan Ranganathan

Ballmer's billion-dollar blunders: When he gambled Microsoft's money and lost

Analysis Less than two years into Satya Nadella's tenure as CEO of Microsoft, he's already had to report a lossmaking quarter. It's only the second time that's happened in the software giant's three decades as a public company, and the $8.44bn write-off Redmond posted earlier this week is the largest in its history. Don't blame Nadella …
Neil McAllister, 27 Jul 2015

Microsoft to spoofed Skype users: Change your account passwords NOW

An unknown number of frustrated Skype customers have been pestered by spoof messages on the Microsoft service for weeks, but the company is yet to close what appears to be a gaping hole in its software. Instead, Redmond has advised Skype users to change their account passwords. But complaints are building up about the lack of …
Kelly Fiveash, 19 Jul 2015
Wagyu Bull

Barracuda billings blunder: Blair bloke bullish

Barracuda boosted revenues 17.8 per cent on an annual basis to $78 million in its first fiscal 2016 quarter, but made a -$3.8 million loss. A year ago it made a $200K profit on its $66.2 million revenue, so why has it gone down the toilet profit-wise in this latest quarter? Prez and CEO BJ Jenkins didn’t say in his tinned …
Chris Mellor, 10 Jul 2015
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

Yank my blockchain: Bitcoin upgrade SNAFU borks hungry miners' currency

Bitcoin users have been urged to switch to pool mines that fully validate data blocks, after the virtual currency system hit a major snag during a planned upgrade. The open source P2P community warned on Saturday that "many wallets" were "currently vulnerable to double-spending of confirmed transactions." Anyone who received …
Kelly Fiveash, 05 Jul 2015
Pulling the plug

Vectone Mobile gone for the week, don't know when it'll be back

Updated MVNO Vectone Mobile's service has been down for days, with the company offering no indication as to when it might resume, or any public statement acknowledging the depth of the blunder. To the fury of customers who believe they have received inadequate support and information, the MVNO issued a "sincere" apology to those …

Silly Google's Photos app labelled BLACK PEOPLE as GORILLAS

Google's new Photos software automatically labelled images of black people as "gorillas". The ad giant has since apologised. Mountain View's hugely embarrassing blunder comes just one month after it launched its cloud-hosted photo storage service, and made a big deal out of its machine-learning features. Google also warned …
Kelly Fiveash, 01 Jul 2015
Spiceworks welcome to 7.4 banner

Spiceworks in WTF-class social log-in SECURITY BLUNDER

A serious security flaw has been discovered in the Spiceworks network administration application. The issue, uncovered by Spicehead Darren K Smith, allows anyone with a Facebook or LinkedIn account to log in as an administrator. Spiceworks has responded by temporarily disabling social sign-in until the flaw can be addressed. …
Trevor Pott, 23 Jun 2015
4 arrows signs in arrow on wooden wall

ISP Level 3 goes TITSUP after giganto traffic routing blunder

ISP Level 3's customers have been left without internet access since this morning, after the provider seems to have leaked routes to a Tier 1 transit provider in Malaysia. An incident report from CloudFlare said that while "the Tier 1 transit provider of the ISP leaking routes appears to have stopped accepting these …
A400M Atlas - RIAT 2013 by https://www.flickr.com/photos/24874528@N04/ cc 2.0 attribution sharealike https://creativecommons.org/licenses/by-sa/2.0/

Config file wipe blunder caused deadly Airbus A400M crash – claim

A dodgy software installation that deleted vital files caused last month's Airbus 400M transport plane crash in which four people died, it is claimed. On May 9, a test flight of the A400M, intended to replace the aging Hercules as a mainstay of NATO's air mobility fleet, crashed in Spain, killing four of the six crew. According …
Iain Thomson, 10 Jun 2015

100s of Virgin Media customers hit by handset repair glitch, telco admits

Virgin Media has admitted to The Register that hundreds of its mobile customers were left without their handsets for weeks due to a "glitch" with its repair service. The company has also confessed to us that it was yet to process roughly 100 outstanding repairs for its frustrated subscribers, some of whom have been complaining …
Kelly Fiveash, 20 May 2015

Stubborn 'won't fix' Google U-turns on Chromecast vid judder twitching-eye blunder

Google has surprised European fans of its Chromecast TV dongle by suddenly acknowledging a screw-up with the vid-streaming device, after effectively stonewalling complaints late last year. As The Register reported at the time, users were griping about an annoying video quirk with the Chromecast, which caused some European …
Kelly Fiveash, 03 May 2015

MAYHEM in ORBIT: Russian cargo pod spins OUT OF CONTROL

Video Russian space boffins have lost control of a Progress cargo capsule which had been due to deliver 6,000lb of supplies to the International Space Station. The crazy podule is spinning and tumbling in orbit above the Earth as controllers try to establish contact with it. Youtube video The Progress 59 space-mule lifted off …
Iain Thomson, 28 Apr 2015
WordPress

Comments considered harmful: WordPress web hijack bug revealed

A frustrated Finnish security researcher has gone public with a vulnerability in WordPress that lets attackers hijack website admin accounts. The flaw was found by Jouko Pynnönen, and is a cross-site scripting (XSS) bug similar to one patched last week. It is buried within the widely used web publishing software's comments …
Iain Thomson, 27 Apr 2015

Win 95 code gaffe nearly made Stuxnet Suxnet, say infosec blokes

RSA 2015 [Please see the bootnote on this story, which we've added post-publication. The code shown at the conference does not appear to marry up with the claims made by the speakers. – ed.] Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, …
Darren Pauli, 24 Apr 2015
Samsung Galaxy S5

Got a Samsung Galaxy S5? Crooks can steal your fingerprint – claim

RSA 2015 Malware can snaffle fingerprints used to unlock Samsung Galaxy S5 smartphones thanks to a security blunder, researchers claim. The vulnerabilities, due to be discussed at the RSA security conference in San Francisco this week, may be present in non-Samsung Android mobiles, too. Today's smartphones recognize their owners' …
John Leyden, 23 Apr 2015
Still from the movie Zoolander: Derek and a fellow model try to get the 'files' out of the Mac by smashing it to pieces. copyright Paramount Pictures

It's not you, it's EE ... again! Mobe network hit by 'PDP authentication failure' snafu

Updated UK mobile carrier EE has been struck by yet another "PDP authentication failure" on its network. Customers have been complaining about the technical cockup on Twitter, where gripes are slowly trickling through to the company. Another @EE issue. PDP authorisation failure on my iPad Air so no internet. #biggestnetwork = # …
Kelly Fiveash, 12 Apr 2015
911

FCC taps CenturyLink on shoulder, mumbles about a fine for THAT six-hour 911 outage

US comms regulator the FCC has fined CenturyLink $16m (£10.8m) for a network outage that left 11 million Americans unable to make 911 calls. CenturyLink made a $772m (£520m) profit in 2014. Last month, the watchdog charged Verizon $3.4m for its part in the downtime – and this week has smacked down the ISP and telco CenturyLink. …
Iain Thomson, 08 Apr 2015
Met Police cockup

Met Police in egg/face blunder as shop-a-crim site's SSL cert expires

The Metropolitan Police has allowed its SSL certificate to expire, possibly exposing users of its website to criminal snooping – and leaving victims and witnesses of crime vulnerable to exploitation. With shocking disregard for the most basic standards of web security, the Met have allowed their SSL certificate for https:// …
Nuke blast

Nuclear waste spill: How a pro-organic push sparked $240m blunder

Worstall on Wednesday There's a rather dry but absolutely fascinating document out from the US Department of Energy, which you can download in all its couple of hundred page glory here [PDF]. It's about the Waste Isolation Pilot Plant (WIPP) near Carlsbad in New Mexico. This is where the Yanks send off all those barrels of radioactive nasties to …
Tim Worstall, 01 Apr 2015
Twilight Zone, 'Time Enough At Last'

Belgium to the rescue as UK consumers freeze after BST blunder

British consumers awoke to cold houses this morning as Nest “Learning” Thermostats failed to accommodate the switch to British Summer Time. Nest customers have not only been deprived of an hour's sleep, but also a warm house in which to struggle to wake up. According to complaints raised on the Nest community support forum …
Bates Motel

Hotel Wi-Fi not only hideously expensive – it's horribly insecure

Travelers are used to getting screwed over by hotel internet access. But it's not just the eye-watering Wi-Fi prices guests should be worried about. A major security flaw in a network gateway popular among hoteliers can be exploited by hackers to launch attacks against guests by injecting malware into their downloads over …
Iain Thomson, 27 Mar 2015

I helped Amazon.com find an XSS hole and all I got was this lousy t-shirt

Amazon has patched dangerous cross-site scripting (XSS) vulnerability in its website that exposed accounts to hijacking. A Brazilian hacker using the handle @BruteLogic published the then-zero-day flaw to XSSposed.org Saturday without tipping off the book giant. Amazon swatted the flaws two days later. The time between …
Darren Pauli, 26 Mar 2015

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Flaws in a BT Home Hub set-up are being blamed for helping facilitate a VoIP scam. El Reg reader Keith Harbridge, an independent IT consultant, said his client, a firm of solicitors, is just one of number of companies stung by the scam, which occurred in early March. Independent security consultants at Pen Test Partners …
John Leyden, 25 Mar 2015
Two vets, two farmers and one bull in a field

Another GDS cockup: Rural Payments Agency cans £154m IT system

The Rural Payments Agency has frozen part of its new "digital" £154m Common Agricultural Payments IT system to provide EU subsidies to farmers and told them to go back to pen and paper. The system was intended to allow farmers to confirm their fields were correctly allocated, using an online interface for the first time. The …
Kat Hall, 20 Mar 2015
Bank vault

Banks defend integrity of passcode-less TouchID login

Royal Bank of Scotland and NatWest have played down claims by a security researcher that their new Touch ID banking login feature might be circumvented, arguing the hack would only be possible with jail-broken iPhones — the use of which is not recommended. Last month, RBS and NatWest became the first UK-based banks to offer …
John Leyden, 19 Mar 2015
See No Evil Hear No Evil movie still

BT fined £800k over lax emergency text relay delay blunder

Britain's communications watchdog has fined one-time national telco BT £800,000 for failing to provide a revamped text-to-voice service for customers who have hearing and speech impairments. Ofcom said this morning that the company missed the regulator-imposed deadline – 18 April 2014 – to improve its text relay service. BT's …
Kelly Fiveash, 17 Mar 2015

BBC websites GO TITSUP – Auntie blames 'internal system failure'

Updated The BBC is suffering a major outage, after its websites – including News and the public service broadcaster's iPlayer system – buckled in the past hour. It's unclear, at time of publication, what was behind the Beeb's technical woes. An unknown number of people attempting to visit various online BBC services were greeted with …
Kelly Fiveash, 14 Mar 2015

Siri, you're fired: Microsoft Cortana's elbows into iOS, Android

Microsoft is porting its personal-assistant software Cortana to Android and iOS to go head to head against Apple's Siri and Google Now. Cortana will be available as a standalone app available for download to phones and tablets running the Google and Apple operating systems, Reuters reports. Cortana will debut on Windows 10 …
Gavin Clarke, 13 Mar 2015
Sad Mac

iTunes snafu: DNS fail borked Apple's app & iTunes stores for 10 HOURS

Updated Apple has blamed a server configuration blunder for a 10-hour-long outage of its highly lucrative App Store, Mac App Store, iBooks Store, and iTunes Store yesterday. The iPhone giant said in a statement to the media that today's downtime was caused by problems with its DNS setup. Apple's system status page confirms various …
Shaun Nichols, 11 Mar 2015

Apple slips out security patches while world goes gaga over watches

While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last …
Shaun Nichols, 10 Mar 2015