Articles about Blunder

Skull in an Apple by https://www.flickr.com/photos/walkn/ https://creativecommons.org/licenses/by/2.0/  CC 2.0 attribution generic

Shedload of security bugs squashed in iOS 9 – what the hell went wrong with iOS 8?

Apple's latest version of iOS – iOS 9 – is out today with new features and security fixes. A lot of security fixes: 101 potentially exploitable bugs, we count. If you've got a compatible device, you may well want to upgrade sooner rather than later – certainly before people start trying to exploit these security holes. The …
Team Register, 16 Sep 2015
Crop of doctor with pen and clipboard

ICO probes NHS clinic's data blunder that exposed HIV+ status of 800 patients

The ICO is looking into a data blunder at 56 Dean Street, a sexual health clinic operated as part of Chelsea and Westminster NHS Foundation Trust, after it emailed the HIV positive status of nearly 800 patients to the entire group. The data breach was committed through the email circulation of the clinic's "OptionE" newsletter …

OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

Updated British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list. The data protection howler has been flagged up on Twitter by plenty of angry customers who fear having their personal information plundered by wrongdoers. However, despite the …
Kelly Fiveash, 02 Sep 2015

Dropbox DROPS BOX as service GOES TITSUP worldwide

Dropbox suffered a major outage across the globe today – the company blamed "routine internal maintenance" for the significant wobble, which appears to be ongoing. At time of publication, Dropbox was claiming on its official status page that services were running normally again. However, a quick scan of "Dropbox down" tweets …
Kelly Fiveash, 30 Aug 2015
Small screen multitasking

Yet another Android app security bug: This time 'everything is affected'

Yet another potentially serious security flaw has been revealed in Android. This time the problem involves the mobile operating system's ability to run more than one app at once – as opposed to its handling of multimedia messages, which was the crux of a cyber* of vulnerabilities last month. The latest security blunder opens …
John Leyden, 20 Aug 2015

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

If you're using OS X Yosemite, watch out for malware exploiting a new way to take complete control of your Mac. A vulnerability has been found in Apple's operating system that allows ordinary software on the computer to gain all-powerful root privileges, allowing dodgy apps to install new programs, create users, delete users, …
Chris Williams, 18 Aug 2015
android logo

Google flubs patch for Stagefright security bug in 950 million Androids

Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text messages that contain video clips. By sending a vulnerable …
Iain Thomson, 13 Aug 2015
EE Power Bar

Exploding Power Bars: EE couldn't even get the CE safety mark right

Exclusive EE failed to label its "Power Bar" phone charging devices with the correct marking to show that the product complied with European safety directives, The Register has learned. The embarrassing cockup comes after we revealed that EE management had been warned about safety risks with its Power Bar, ahead of its launch in April …
Kelly Fiveash, 13 Aug 2015

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Black Hat In-Depth A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove. "It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, …
Iain Thomson, 11 Aug 2015
Parliament in the clouds

Cause of Parliamentary downtime on Microsoft Office 364½ revealed

A major Microsoft Office 365 outage in the Houses of Parliament that left up to 3,000 users without email was due to Microsoft failing to inform itself about a technical change, The Register can reveal. The outage occurred on 23 June and resulted in a total of 13 hours of downtime, the Parliamentary Digital Service said in …
Kat Hall, 06 Aug 2015

Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

Black Hat 2015 When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
Iain Thomson, 05 Aug 2015
Sad Android

Got an Android phone? SMASH IT with a hammer – and do it NOW

Android smartphones can be secretly infected by malware smuggled in via video text messages, allowing criminals to sneak inside as many as 950 million devices. You just need to know a victim's cellphone number to silently inject malicious software in their vulnerable gizmo. Once infected, your mobe's camera and mic can be used …
Iain Thomson, 27 Jul 2015
Steve Ballmer. Pic:  Aanjhan Ranganathan

Ballmer's billion-dollar blunders: When he gambled Microsoft's money and lost

Analysis Less than two years into Satya Nadella's tenure as CEO of Microsoft, he's already had to report a lossmaking quarter. It's only the second time that's happened in the software giant's three decades as a public company, and the $8.44bn write-off Redmond posted earlier this week is the largest in its history. Don't blame Nadella …
Neil McAllister, 27 Jul 2015

Microsoft to spoofed Skype users: Change your account passwords NOW

An unknown number of frustrated Skype customers have been pestered by spoof messages on the Microsoft service for weeks, but the company is yet to close what appears to be a gaping hole in its software. Instead, Redmond has advised Skype users to change their account passwords. But complaints are building up about the lack of …
Kelly Fiveash, 19 Jul 2015
Wagyu Bull

Barracuda billings blunder: Blair bloke bullish

Barracuda boosted revenues 17.8 per cent on an annual basis to $78 million in its first fiscal 2016 quarter, but made a -$3.8 million loss. A year ago it made a $200K profit on its $66.2 million revenue, so why has it gone down the toilet profit-wise in this latest quarter? Prez and CEO BJ Jenkins didn’t say in his tinned …
Chris Mellor, 10 Jul 2015
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

Yank my blockchain: Bitcoin upgrade SNAFU borks hungry miners' currency

Bitcoin users have been urged to switch to pool mines that fully validate data blocks, after the virtual currency system hit a major snag during a planned upgrade. The open source P2P community warned on Saturday that "many wallets" were "currently vulnerable to double-spending of confirmed transactions." Anyone who received …
Kelly Fiveash, 05 Jul 2015
Pulling the plug

Vectone Mobile gone for the week, don't know when it'll be back

Updated MVNO Vectone Mobile's service has been down for days, with the company offering no indication as to when it might resume, or any public statement acknowledging the depth of the blunder. To the fury of customers who believe they have received inadequate support and information, the MVNO issued a "sincere" apology to those …

Silly Google's Photos app labelled BLACK PEOPLE as GORILLAS

Google's new Photos software automatically labelled images of black people as "gorillas". The ad giant has since apologised. Mountain View's hugely embarrassing blunder comes just one month after it launched its cloud-hosted photo storage service, and made a big deal out of its machine-learning features. Google also warned …
Kelly Fiveash, 01 Jul 2015
Spiceworks welcome to 7.4 banner

Spiceworks in WTF-class social log-in SECURITY BLUNDER

A serious security flaw has been discovered in the Spiceworks network administration application. The issue, uncovered by Spicehead Darren K Smith, allows anyone with a Facebook or LinkedIn account to log in as an administrator. Spiceworks has responded by temporarily disabling social sign-in until the flaw can be addressed. …
Trevor Pott, 23 Jun 2015
4 arrows signs in arrow on wooden wall

ISP Level 3 goes TITSUP after giganto traffic routing blunder

ISP Level 3's customers have been left without internet access since this morning, after the provider seems to have leaked routes to a Tier 1 transit provider in Malaysia. An incident report from CloudFlare said that while "the Tier 1 transit provider of the ISP leaking routes appears to have stopped accepting these …
A400M Atlas - RIAT 2013 by https://www.flickr.com/photos/24874528@N04/ cc 2.0 attribution sharealike https://creativecommons.org/licenses/by-sa/2.0/

Config file wipe blunder caused deadly Airbus A400M crash – claim

A dodgy software installation that deleted vital files caused last month's Airbus 400M transport plane crash in which four people died, it is claimed. On May 9, a test flight of the A400M, intended to replace the aging Hercules as a mainstay of NATO's air mobility fleet, crashed in Spain, killing four of the six crew. According …
Iain Thomson, 10 Jun 2015

100s of Virgin Media customers hit by handset repair glitch, telco admits

Virgin Media has admitted to The Register that hundreds of its mobile customers were left without their handsets for weeks due to a "glitch" with its repair service. The company has also confessed to us that it was yet to process roughly 100 outstanding repairs for its frustrated subscribers, some of whom have been complaining …
Kelly Fiveash, 20 May 2015

Stubborn 'won't fix' Google U-turns on Chromecast vid judder twitching-eye blunder

Google has surprised European fans of its Chromecast TV dongle by suddenly acknowledging a screw-up with the vid-streaming device, after effectively stonewalling complaints late last year. As The Register reported at the time, users were griping about an annoying video quirk with the Chromecast, which caused some European …
Kelly Fiveash, 03 May 2015

MAYHEM in ORBIT: Russian cargo pod spins OUT OF CONTROL

Video Russian space boffins have lost control of a Progress cargo capsule which had been due to deliver 6,000lb of supplies to the International Space Station. The crazy podule is spinning and tumbling in orbit above the Earth as controllers try to establish contact with it. Youtube video The Progress 59 space-mule lifted off …
Iain Thomson, 28 Apr 2015
WordPress

Comments considered harmful: WordPress web hijack bug revealed

A frustrated Finnish security researcher has gone public with a vulnerability in WordPress that lets attackers hijack website admin accounts. The flaw was found by Jouko Pynnönen, and is a cross-site scripting (XSS) bug similar to one patched last week. It is buried within the widely used web publishing software's comments …
Iain Thomson, 27 Apr 2015

Win 95 code gaffe nearly made Stuxnet Suxnet, say infosec blokes

RSA 2015 [Please see the bootnote on this story, which we've added post-publication. The code shown at the conference does not appear to marry up with the claims made by the speakers. – ed.] Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, …
Darren Pauli, 24 Apr 2015
Samsung Galaxy S5

Got a Samsung Galaxy S5? Crooks can steal your fingerprint – claim

RSA 2015 Malware can snaffle fingerprints used to unlock Samsung Galaxy S5 smartphones thanks to a security blunder, researchers claim. The vulnerabilities, due to be discussed at the RSA security conference in San Francisco this week, may be present in non-Samsung Android mobiles, too. Today's smartphones recognize their owners' …
John Leyden, 23 Apr 2015
Still from the movie Zoolander: Derek and a fellow model try to get the 'files' out of the Mac by smashing it to pieces. copyright Paramount Pictures

It's not you, it's EE ... again! Mobe network hit by 'PDP authentication failure' snafu

Updated UK mobile carrier EE has been struck by yet another "PDP authentication failure" on its network. Customers have been complaining about the technical cockup on Twitter, where gripes are slowly trickling through to the company. Another @EE issue. PDP authorisation failure on my iPad Air so no internet. #biggestnetwork = # …
Kelly Fiveash, 12 Apr 2015
911

FCC taps CenturyLink on shoulder, mumbles about a fine for THAT six-hour 911 outage

US comms regulator the FCC has fined CenturyLink $16m (£10.8m) for a network outage that left 11 million Americans unable to make 911 calls. CenturyLink made a $772m (£520m) profit in 2014. Last month, the watchdog charged Verizon $3.4m for its part in the downtime – and this week has smacked down the ISP and telco CenturyLink. …
Iain Thomson, 08 Apr 2015
Met Police cockup

Met Police in egg/face blunder as shop-a-crim site's SSL cert expires

The Metropolitan Police has allowed its SSL certificate to expire, possibly exposing users of its website to criminal snooping – and leaving victims and witnesses of crime vulnerable to exploitation. With shocking disregard for the most basic standards of web security, the Met have allowed their SSL certificate for https:// …
Nuke blast

Nuclear waste spill: How a pro-organic push sparked $240m blunder

Worstall on Wednesday There's a rather dry but absolutely fascinating document out from the US Department of Energy, which you can download in all its couple of hundred page glory here [PDF]. It's about the Waste Isolation Pilot Plant (WIPP) near Carlsbad in New Mexico. This is where the Yanks send off all those barrels of radioactive nasties to …
Tim Worstall, 01 Apr 2015
Twilight Zone, 'Time Enough At Last'

Belgium to the rescue as UK consumers freeze after BST blunder

British consumers awoke to cold houses this morning as Nest “Learning” Thermostats failed to accommodate the switch to British Summer Time. Nest customers have not only been deprived of an hour's sleep, but also a warm house in which to struggle to wake up. According to complaints raised on the Nest community support forum …
Bates Motel

Hotel Wi-Fi not only hideously expensive – it's horribly insecure

Travelers are used to getting screwed over by hotel internet access. But it's not just the eye-watering Wi-Fi prices guests should be worried about. A major security flaw in a network gateway popular among hoteliers can be exploited by hackers to launch attacks against guests by injecting malware into their downloads over …
Iain Thomson, 27 Mar 2015

I helped Amazon.com find an XSS hole and all I got was this lousy t-shirt

Amazon has patched dangerous cross-site scripting (XSS) vulnerability in its website that exposed accounts to hijacking. A Brazilian hacker using the handle @BruteLogic published the then-zero-day flaw to XSSposed.org Saturday without tipping off the book giant. Amazon swatted the flaws two days later. The time between …
Darren Pauli, 26 Mar 2015

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Flaws in a BT Home Hub set-up are being blamed for helping facilitate a VoIP scam. El Reg reader Keith Harbridge, an independent IT consultant, said his client, a firm of solicitors, is just one of number of companies stung by the scam, which occurred in early March. Independent security consultants at Pen Test Partners …
John Leyden, 25 Mar 2015
Two vets, two farmers and one bull in a field

Another GDS cockup: Rural Payments Agency cans £154m IT system

The Rural Payments Agency has frozen part of its new "digital" £154m Common Agricultural Payments IT system to provide EU subsidies to farmers and told them to go back to pen and paper. The system was intended to allow farmers to confirm their fields were correctly allocated, using an online interface for the first time. The …
Kat Hall, 20 Mar 2015
Bank vault

Banks defend integrity of passcode-less TouchID login

Royal Bank of Scotland and NatWest have played down claims by a security researcher that their new Touch ID banking login feature might be circumvented, arguing the hack would only be possible with jail-broken iPhones — the use of which is not recommended. Last month, RBS and NatWest became the first UK-based banks to offer …
John Leyden, 19 Mar 2015
See No Evil Hear No Evil movie still

BT fined £800k over lax emergency text relay delay blunder

Britain's communications watchdog has fined one-time national telco BT £800,000 for failing to provide a revamped text-to-voice service for customers who have hearing and speech impairments. Ofcom said this morning that the company missed the regulator-imposed deadline – 18 April 2014 – to improve its text relay service. BT's …
Kelly Fiveash, 17 Mar 2015

BBC websites GO TITSUP – Auntie blames 'internal system failure'

Updated The BBC is suffering a major outage, after its websites – including News and the public service broadcaster's iPlayer system – buckled in the past hour. It's unclear, at time of publication, what was behind the Beeb's technical woes. An unknown number of people attempting to visit various online BBC services were greeted with …
Kelly Fiveash, 14 Mar 2015

Siri, you're fired: Microsoft Cortana's elbows into iOS, Android

Microsoft is porting its personal-assistant software Cortana to Android and iOS to go head to head against Apple's Siri and Google Now. Cortana will be available as a standalone app available for download to phones and tablets running the Google and Apple operating systems, Reuters reports. Cortana will debut on Windows 10 …
Gavin Clarke, 13 Mar 2015
Sad Mac

iTunes snafu: DNS fail borked Apple's app & iTunes stores for 10 HOURS

Updated Apple has blamed a server configuration blunder for a 10-hour-long outage of its highly lucrative App Store, Mac App Store, iBooks Store, and iTunes Store yesterday. The iPhone giant said in a statement to the media that today's downtime was caused by problems with its DNS setup. Apple's system status page confirms various …
Shaun Nichols, 11 Mar 2015

Apple slips out security patches while world goes gaga over watches

While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last …
Shaun Nichols, 10 Mar 2015
Jeb's emails

Jeb Bush, the man who may lead the US in 2016, dumps Floridians' private data on the web

Former Florida governor, and likely US presidential candidate, Jeb Bush is taking heat after he published online a massive dump of email correspondence – which included highly personal records detailing the affairs of his constituents. JebEmails.com was set up by Team Bush to provide "transparency" into his eight-year stint at …
Shaun Nichols, 11 Feb 2015
Smilin' Marv

Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs

Another month, another Patch Tuesday, but this release has a special sting in the tail: a flaw in the fundamental design of Windows that's taken a year to correct, and is unfixable on Server 2003. The critical blunder allows miscreants to completely take over a domain-configured Windows system if it is connected to a malicious …
Iain Thomson, 10 Feb 2015
George Bush in Game of Thrones

'Tech City should not be relying on Game of Thrones ravens'

QuotW This week, we learned that sending a Game of Thrones-style raven was a quicker form of communication than connecting to the internet in Tech City – which is the beating heart of Blighty's Web2.0rhea community. Emily Thornberry, Labour MP for Islington South and Finsbury, told fellow politicos that she was "shocked and surprised …
Kat Hall, 08 Feb 2015
Executioner

Enough is ENOUGH: It's time to flush Flash back to where it came from – Hell

+Comment If you patched Adobe's screen door of the internet – its Flash plugin – last week, and thought you were safe, even for a few weeks, you were sadly mistaken. The Photoshop goliath is warning that yet another programming blunder in its code is being exploited in the wild, and says it won't have a patch ready to deploy until later …
Iain Thomson, 02 Feb 2015

Teen whiz exposes WhatsApp profile pic privacy blunder bug

A privacy hole in WhatsApp allowed anyone to view someone else's profile photo – even if a user had configured the mobile messenger app to only show their pic to their contacts. The privacy slip-up, which came with the debut of WhatsApp’s newly-introduced web interface at web.whatsapp.com, was discovered by 17-year-old security …
John Leyden, 30 Jan 2015
Google slurs gay people in translation fail. Pic credit: All Out

Google Translate MEAT GRINDER turns gay into 'faggot', 'poof', 'queen'

Google has apologised after its language-scraping service offered up offensive alternatives including "poof" and "faggot" as replacements for the word gay. Campaign group All Out spotted the blunder and complained about the slurs to Google. The ad giant then replaced the words with more neutral terms. The worst insults to …
Kelly Fiveash, 28 Jan 2015

'Super-secure' BlackPhone pwned by super-silly txt msg bug

Exclusive The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application. The impact …
Darren Pauli, 27 Jan 2015

Dev put AWS keys on Github. Then BAD THINGS happened

Bots are crawling all over GitHub seeking secret keys, a developer served with a $2,375 Bitcoin mining bill found. DevFactor founder Andrew Hoffman said he used Figaro to secure Rails apps which published his Amazon S3 keys to his GitHub account. He noticed the blunder and pulled the keys within five minutes, but that was …
Darren Pauli, 06 Jan 2015