Feeds

Articles about Blunder

Target's database raided, 70 MILLION US shoppers at risk of ID theft

Hackers swiped the names, home and email addresses, phone numbers and other personal information of up to 70 million Target shoppers, the superstore giant admitted today. Evidence of the customer database raid was discovered during an investigation into the attack on Target's payment systems that leaked 40 million credit and …
Shaun Nichols, 10 Jan 2014

BT-owned ISP Plusnet fails to plug security hole on its customer signup page

Sheffield-based telco Plusnet isn't doing any of its new customers "proud" right now, after an anonymous source told The Register that the company was currently transmitting personal details over an unencrypted web page. The firm, which is owned by telecom giant BT, is asking interested subscribers to fill in a form online that …
Kelly Fiveash, 22 Jan 2014
Decaying red telephone boxes

BT 118 phone number fee howler lands telco giant with £225k fine

BT has been slapped with a £225,000 fine from Blighty's premium-rate phone line watchdog, after it failed to provide correct pricing details for its 118 500 directory enquiries number. Some of the 27 complainants, who took their gripes to PhonePayPlus (which previously rejoiced in the catchy name of “Independent Committee for …
Kelly Fiveash, 09 Jan 2014
BlackBerry logo

BlackBerry on the brink: Security kink sinks rinky-dink Link sync in a blink

Hapless BlackBerry has told users to update its software on their Mac OS X and Windows computers following the disclosure of a fairly serious security flaw. The Canadian handset maker said the vulnerability exists in selected versions of its freely available Link application – a program that allows you to transfer files between …
Shaun Nichols, 15 Nov 2013

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X. Apple's " …
John Leyden, 23 Apr 2014

Worried OpenSSL uses NSA-tainted crypto? This BUG has got your back

As fears grow that US and UK spies have deliberately hamstrung key components in today's encryption systems, users of OpenSSL can certainly relax about one thing. It has been revealed that the cryptography toolkit – used by reams of software from web browsers for HTTPS to SSH for secure terminals – is not using the discredited …
John Leyden, 20 Dec 2013

You. Netgear ReadyNAS owners. Have you closed your gaping holes today?

IT security biz Tripwire warns that a critical security vulnerability in some Netgear storage devices is going unnoticed by users, partly because the vendor has downplayed its importance. Writing on his company blog, Tripwire researcher Craig Young says although Netgear issued a patch for its RAIDiator firmware in July to squash …

Wot a COCKUP: Poorly NHS websites spawn SPAMMY VIAGRA ads

It seems that organisations using the nhs.uk domain need a generous gulp of medicine and plenty of bed rest after an investigation of the health service's online estate uncovered what appeared to be a worrying hacking epidemic. The Register was alerted by reader David to the fact that a number of NHS websites - including some …
Kelly Fiveash, 26 Feb 2014
Yahoo! CEO Marissa Mayer and CFO Ken Goldman

Yahoo! boss! Mayer! sez! soz! for! lengthy! mail! outage!

Yahoo! chief Marissa Mayer appeared to be furious with her company late on Friday when she took to the Purple Palace's official Tumblr blog to apologise to users of its email service, who were locked out of their accounts for several days. "This has been a very frustrating week" she said, before adding "we are very sorry." …
Team Register, 16 Dec 2013
money trap conceptual illustration

Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive

A basic rookie programming error has crippled an otherwise advanced piece of ransomware dubbed CryptoDefense – but the crap coders are still pulling in more than $30,000 a month from unwary punters. Symantec reports that the malware, once it infects a Windows PC, encrypts the victim's files using a 2,048-bit RSA public key, …
Iain Thomson, 03 Apr 2014

KC engineer 'exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS'

Hull's dominant telco, KC, is investigating revelations of what appears to be poor handling of the company's customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. The …
Kelly Fiveash, 17 Jan 2014
Microsoft Surface tablets

Microsoft's ARM blunder: 7 reasons why Windows RT was DOA

Industry doomsayers were circling Windows 8 like buzzards before it even launched, but they picked the wrong carcass. Microsoft's real 2012 roadkill was Win8's ARM-powered cousin, Windows RT. The chattering class's comparisons of Windows 8 and Windows Vista are premature – it will take several more quarters before we can gauge …
Neil McAllister, 18 Jan 2013
Apple stock price

EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?

Hurrah! The European Union has decided to save us from the perils of automatic trading! Also known as High Frequency Trading (HFT) or algo trading, this is simply the practice of writing a piece of code to do the buying and selling faster than a human being can possibly do it. We've talked about the basics of it here before at …
Tim Worstall, 23 Apr 2014
Two teenage girls - one whispering in other's ear

Phone-blab plod breaks PRIVACY law after crash victim's 5hr ditch ordeal

A Norfolk police official broke a privacy law after blurting out "sensitive information" to the relative of a 54-year-old bloke – who had been seriously hurt in a car crash and left unnoticed in a ditch for five hours. The Independent Police Complaints Commission today said that one of the force's control room operators had …
Team Register, 06 Sep 2013
The Register breaking news

Texas Instruments to patch smart meter crypto blunder

Texas Instruments plans to patch a cryptography flaw in a widely used chip that could allow attackers to remotely tamper with electronic power meters and other devices that connect to smart electricity grids. The weakness resides in TI's Z-Stack software that runs on microcontrollers such as the CC2430. Encryption keys used to …
Dan Goodin, 15 Jan 2010
Shot of the new radiation sign

Mexican Cobalt-60 robbers are DEAD MEN, say authorities

Mexican troops have recovered a stolen shipment of radioactive Cobalt-60 isotope, abandoned by truck thieves who face the risk of a slow lingering death from radiation poisoning. A truck carrying a substantial quantity of the radioactive isotope Cobalt-60 from a hospital in Tijuana to a waste centre was robbed by armed bandits …
John Leyden, 06 Dec 2013
The Register breaking news

Google gets biennial privacy audit after Buzz blunder

Google has agreed with the US Federal Trade Commission (FTC) to undergo regular privacy audits for the next 20 years, after bolting its ill-conceived Buzz social network on to Gmail in early 2010 without first seeking the consent of its users. "When companies make privacy pledges, they need to honour them," said FTC chairman Jon …
Kelly Fiveash, 30 Mar 2011

Anatomy of a 22-year-old X Window bug: Get root with newly uncovered flaw

The X Window System, which today underpins Linux desktops the world over, has been around for more than two decades – and so have its bugs. Sysadmins have a few days to patch libXfont to remove a newly discovered, 22-year-old privilege-escalation bug in the code before any tiresome users whip out an exploit. The flaw allows …
Cat 5 cable

Finnish blog blunder: disaster, no recovery

A Finnish blogging portal, Bloggen.fi has lost users' data from October 2009 to June 2010 because of an outage last week. The word is that it had the main data and backup data on the same virtual server. That seems unnecessarily economical. The outage (In Swedish: sorry) is blamed on spam, which our correspondent thinks is odd …
Chris Mellor, 08 Jul 2010

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

The password-leaking OpenSSL bug dubbed Heartbleed is so bad, switching off the internet for a while sounds like a good plan. A tiny flaw in the widely used encryption library allows anyone to trivially and secretly dip into vulnerable systems, from your bank's HTTPS server to your private VPN, to steal passwords, login cookies …
Chris Williams, 09 Apr 2014
The Register breaking news

Orange overshares in bcc blunder

Orange accidentally shared the email addresses of more than 300 customers yesterday during a bid to find out what they think of the company. The email, passed on to us by several readers, suggests the recipient might like to reply with their thoughts about how customers keep in touch with the operator, along with any suggestions …
Bill Ray, 10 Feb 2010
The Register breaking news

Sat nav blunder places The Rock in Skegness

In an epic, multinational sat nav cock-up, a Syrian lorry driver aiming for Gibraltar left Turkey and ended up in Skegness. Only as Necdet Bakimci inched his 32-ton car transporter down a narrow Lincolnshire lane leading to Gibraltar Point nature reserve did he twig that he might have taken a wrong turn, but by this point the …
Robin Lettice, 22 Jul 2008
The Register breaking news

Cryptocat WIDE OPEN, new version a must

The encrypted online chat service Cryptocat is urging users to install a new version, following the revelation that its encryption could be cracked by brute force. Making the announcement here, Cryptocat says the vulnerability existed in the way key pairs were generated. It claims that the bug existed in any 2.0 version prior to …
The Register breaking news

Facebook sued for Beacon blunder

Facebook is being sued for breaking privacy and wire-tapping laws by introducing Facebook Beacon - the ad service which tracked what you did on other websites. If you bought something on a partner site working with Facebook then this fact would be displayed on your profile page for all your friends to see. Users were signed up …
John Oates, 15 Aug 2008
Ubisoft

Ubisoft forgets to ship activation codes for music game

Whoops. Ubisoft has shipped a number of European copies of Rocksmith for PC without activation codes. The omission was, of course, a blunder. However, gamers affected by the codes' absence have still been struck by Ubi's strict security and asked to provide a clear digital image of purchase receipts. Hordes of affected punters …
Caleb Cox, 23 Oct 2012

Botched court doc outs Google as respondent in national security flap

An error by the US Department of Justice's document-redaction staff has inadvertently let slip a secret that the DoJ has spent months battling in the courts to protect – albeit one that will come as a surprise to no one. The DoJ has long maintained that the practice of using National Security Letters (NSLs) to obtain information …
Neil McAllister, 26 Aug 2013
credit: Alexandre Duret-Lutz licensed under Creative Commons Attribution-share alike http://creativecommons.org/licenses/by-sa/2.0/

Serious Farce Office: 32K secret BAE probe files spaffed to WRONG bod

The UK's top anti-fraud agency has admitted it sent tens of thousands of sensitive documents from an investigation into arms giant BAE Systems to the wrong person. The probe into multinational defence corporation BAE Systems ended after the aerospace firm paid a whopping $400m fine to the US relating to a violation of US rules …
Jasper Hamill, 09 Aug 2013
The Register breaking news

Brainscan boffins build blunder-warning hat

Brain brainboxes in America and the Netherlands have come up with two significant pieces of research this week. Doubt is cast on any hopes for an early recovery from the present global economic crisis: but then a ray of light appears from another direction. Magnetoencephalogram (MEG) scanner in action A clue as to why the …
Lewis Page, 24 Mar 2009

Nicked unencrypted PC with 6,000 bank details lands council fat fine

The Information Commissioner’s Office has fined Glasgow City Council £150,000 for losing two unencrypted laptops, one with the personal details of more than 20,000 people - just two years after a similar blunder. More than 6,000 bank account details were held on one of the stolen computers. “To find out that these poor …
toilet

Posh potty owners flushed by dodgy Bluetooth password

A high-tech toilet that takes care of everything except wiping its owner has been left wide open to attackers thanks to a basic security flaw. toilet Bluetooth blunder leaves bollocks prone to blasting The Satis toilet, a $5,686 (£3,821) appliance built by Japanese (of course) manufacturer Lixil, is designed to open itself …
Iain Thomson, 05 Aug 2013

Horrific moment curvy mum-of-none Mail Online spills everyone's data

Middle England will be shocked to discover that the Daily Mail's website, the world's most read online newspaper, has only gone and admitted to a shameful data security cock-up. The publication - which is known for displaying loads of pictures of tits and ass online normally alongside an equal amount of outrage about tits and …
Kelly Fiveash, 06 Aug 2013
The Register breaking news

Whoops! Tiny bug in NetBSD 6.0 code ruins SSH crypto keys

The brains behind NetBSD have warned a bug in the open-source OS creates weak cryptographic keys that can be cracked by attackers. Users attempting to secure sensitive communications, such as SSH terminal connections, using the dodgy keys could be easily snooped on and their data decrypted. The use of a cryptographically flawed …
John Leyden, 26 Mar 2013
Lego Lord of the Rings Demo

Warner recalls Xbox Lego Lord of the Rings 'demo' discs

Warner Bros is recalling Xbox 360 copies of Lego Lord of the Rings game after they were incorrectly labelled as demo discs before being shipped to retailers. The blunder appears to have only affected US shoppers, with Walmart, Target and Toys'R'Us the only outlets to receive the misprinted discs. According to Warner Bros - …
Caleb Cox, 14 Nov 2012
The Register breaking news

Apple iCloud collapse forces fanbois to shower, meet face-to-face

Apple's iCloud servers conked out for roughly five hours last night, knackering online chat services iMessage and FaceTime, and iCloud storage. Affected fanboys had little access to the Cupertino cloud from 1145 to 1630 PT on Sunday, or 1945 to 0030 GMT on this side of the Pond. The service is now working, although the loss of …
Anna Leach, 19 Nov 2012

New York Times, Twitter domain hijackers 'came in through front door'

Hacktivist collective the Syrian Electronic Army (SEA) – or someone using its name – has claimed responsibility for hijacking the Twitter.co.uk, NYTimes.com and HuffingtonPost.co.uk web addresses. At the time of writing, many of the domain names the SEA claimed to have seized were back under their owners' control. In some cases …

Software glitch WIPES OUT listings of 10,000 eBay sellers

eBay has confessed to The Register that a software bug destroyed the listings of 10,000 merchants in Britain, the US, Germany and Australia. The online tat bazaar said it was restoring the listings, but it was unable to tell us if traders would be able to recover their sales histories - an important component for eBay sellers, …
Kelly Fiveash, 22 Mar 2013
The Register breaking news

Rubbish IT means DEATH for UK Border Agency, announces May

The UK Border Agency's hopeless IT systems are among the reasons why the Home Secretary Theresa May, in an unscheduled statement to MPs yesterday afternoon, confirmed that the UKBA will be axed. She told the House of Commons that the agency would be replaced with two entities: an immigration and visa service and a separate law …
Kelly Fiveash, 27 Mar 2013
The Register breaking news

Yahoo! leaks! private! key! in! Axis! Chrome! debut!

Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software. Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook's tracking cookies, revealed the …
The Register breaking news

NASA 'nauts personal DATA at risk after laptop SNATCH BUNGLE

A NASA laptop containing personal records of thousands of employees and contractors was stolen two weeks ago. The computer, which contained a copy of workers' social security numbers among other information, was taken from a locked car near NASA HQ in Washington DC on 31 October, according to a leaked email. The laptop was …
Anna Leach, 15 Nov 2012
The Register breaking news

Silly gits upload private crypto keys to public GitHub projects

Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for …
John Leyden, 25 Jan 2013
The Register breaking news

Bloke jailed for being unable to use BlackBerry Messenger freed

A man jailed for 18 months after accidentally sending his BlackBerry Messenger contacts a filthy text intended for just his girlfriend has been freed on appeal. Craig Evans, 24, a swimming coach from Birmingham, was imprisoned after he sent everyone in his contacts book a note asking for "skin on skin" sex and querying whether …
Anna Leach, 01 Oct 2012
The Register breaking news

Vacuum cleaner set Swedish nuke plant on fire

A nuclear powerplant in Sweden was put out of action for seven months at a cost of 1.8 billion kronor (£170m) after a vacuum cleaner was mistakenly left inside its containment vessel during tests, according to reports. Swedish English-language journal The Local reports on the revelations which have followed the fire which broke …
Lewis Page, 14 Nov 2011
The Register breaking news

Google tools gaffe let ZOMBIE web admins feast on websites

Google potentially allowed former web admins to drive corporate websites off a cliff by resurrecting deleted accounts for its webmaster tools service. Google Webmaster Tools accounts can be used by anyone to manage their websites, from checking the indexing of pages to fine-tuning their visibility in the dominant search engine. …
John Leyden, 29 Nov 2012
The Register breaking news

Stephen Fry explains… Alan Turing's amazing computer

It's been almost two years* since Stephen Fry last put his foot in his mouth - but the boy has gone and done it again. The nation's most cherished TV advertisement voiceover artist is cherished here, too, at El Reg - for his technical wisdom. After his attempt to explain how the internet works (it needs atomic clocks), we hosted …
Andrew Orlowski, 22 Mar 2013
The Register breaking news

Google cyber-knight lances Microsoft for bug-hunter 'hostilities'

Top Google engineer Tavis Ormandy has slammed Microsoft for apparently treating security bug hunters with “great hostility”. He blasted Redmond's behaviour towards those who report vulnerabilities as he publicly revealed a new unpatched security hole in the Windows operating system - a bug that can be exploited to crash systems …
John Leyden, 28 May 2013
The Register breaking news

Virgin Media vid misery blamed on unnamed peering network

Virgin Media has blamed an unnamed peering network for crippling its broadband service, particularly at peak times, for some folk. The Register contacted the telco after a number of peeved VM punters complained of yet more problems when downloading data, leading to video streams and the like stuck on buffering. One reader told …
Kelly Fiveash, 13 Nov 2012
The Register breaking news

Privacy warriors win right to fight Google's itty-bitty FTC payout

Opposition to Google's $22.5m privacy blunder settlement with the US Federal Trade Commission is heating up: lobby group Consumer Watchdog confirmed today it has won the right to file a brief against the deal. The search-and-ads giant had agreed to pay out after it was caught tracking users of Apple's web browser Safari by …
Kelly Fiveash, 29 Aug 2012
The Register breaking news

CPS grovels after leaking IDs of hundreds arrested during student riots

A botched response to a Freedom Of Information Act request could be about to cost the Crown Prosecution Service (CPS) dear. Prosecutors have issued grovelling apologies after revealing the identities of over a hundred people who were arrested during the tuition-fee riots but subsequently released without charge. Back in June, a …
Jane Fae Ozimek, 27 Sep 2012
Samsung Galaxy S III

Samsung snafu grounds blue Galaxy S III

Samsung confirmed the Galaxy S III Pebble Blue version has been delayed as it has to meet the "highest internal quality standards", although factory-line sources claim a company blunder is to blame. While the Samsung Galaxy S III launched today across the globe, only the white version of the handset will be available, with the …
Caleb Cox, 29 May 2012
The Register breaking news

O2 billing blunder cuts off thousands

Thousands of O2 punters have been unable to use their mobile phones following a billing blunder by the mobilephoneco. More than 8,000 punters were cut off earlier this week after O2 barred access to the phones. A spokesman for the company explained that the phones had been "temporarily barred in error" following the migration …
Tim Richardson, 06 Aug 2004