Articles about Blunder

Patch now: VMware Tools for Windows root holes fixed in update

VMware sysadmins, get patching: the virtualisation outfit has released updates to its ESXi, Fusion, Player and Workstation software to block out a privilege-escalation vulnerability. The patch applies to VMware Windows Workstation versions before 11.1.2, Player and Fusion versions prior to 7.1.2, and various ESXi versions …
I would vote republican but I crave brains by  cc 2.0 attribution generic

Password-less database 'open-sources' 191m US voter records on the web

Updated A database with personal information on 191,337,174 US voters has apparently been found unprotected online by a security researcher in Texas. Austin-based Chris Vickery – who earlier this month found records on 3.3 million Hello Kitty users splashed online – says the wide-open system contains the full names, dates of birth, …
Iain Thomson, 28 Dec 2015
Shawshank Redemption

Software bug sets free thousands of US prisoners too early

Washington State Department of Corrections is facing an investigation after it released more than 3,200 prisoners too early due to a software bug. "These were serious errors with serious implications," Governor Jay Inslee said in a statement. "When I learned of this I ordered [the Department of Corrections] to fix this, fix it …
Iain Thomson, 23 Dec 2015
Xen logos

Xen Project blunder blows own embargo with premature bug report

The Xen Project has reported a new bug, XSA-169, that means “A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.” The fix is simple – running only paravirtualised guests – but the bug is a big blunder for another reason. Xen is very widely used by big cloud …
Simon Sharwood, 23 Dec 2015
The Register Roundtable Room at The Soho Hotel

CIOs, what does your nightmare before Christmas look like?

CIO Manifesto We gathered 14 of the UK’s finest IT leaders in a secure bunker (elegant room in the Soho Hotel -Ed.) for the last Register Round Table of 2015 to hear their tales of when good IT goes bad. The short version is the thing they fear most is you, dear reader, your screw-ups, your documentation, your thefts, your dodgy code, your …
Joe Fay, 22 Dec 2015

ICO slaps HIV support group with £250 fine following email blunder

An HIV support group responsible for inadvertently revealing patient identities via an email blunder has been slapped with a £250 fine by the Information Commissioner's Office. The Bloomsbury Patient Network sent out a newsletter to 200 patients via email using a list of addresses in the "to" field rather than the "bcc" field …
Kat Hall, 18 Dec 2015
Bagpiper in a kilt. Photo via Shutterstock

'Powerful blast' at Glasgow City Council data centre prompts IT meltdown

The catastrophic service outage at Glasgow City Council's data centre, caused after its IT systems servers were taken down by a fire suppressant accidentally going off, is continuing to cause widespread havoc for staff and the public. The embarrassing blunder was caused by a faulty air conditioning unit setting off its fire …
Kat Hall, 17 Dec 2015

Windows' authentication 'flaw' exposed in detail

Updated Security researcher "dfirblog" has forensically examined what he calls a "devastating" flaw in Windows' Kerberos authentication system. The vulnerability cannot be fixed, and the only solution is to use Microsoft's Credential Guard program to prevent passwords from being stored in memory, according to his extensive blog post …
Kieren McCarthy, 15 Dec 2015

Lenov-lol, a load of Tosh, and what the Dell? More bad holes found in PC makers' bloatware

Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told. If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer …
Chris Williams, 05 Dec 2015

VPN users menaced by port forwarding blunder

Virtual Private Network (VPN) protocols have a design flaw that can be potentially exploited by snoops to identify some users' real IP addresses. VPN provider Perfect Privacy, which discovered the security weakness, has dubbed it "port fail", and says it affects VPNs based on the IPSec (Internet Protocol security) or PPTP ( …
Darren Pauli, 30 Nov 2015

HTTPSohopeless: 26,000 Telstra Cisco boxen open to device hijacking

More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates. The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos. Cisco warns that …
Darren Pauli, 27 Nov 2015

Microsoft rides to Dell's rescue, wrecks rogue root certificate

Microsoft has killed Dell's user-pwning root certificate and its self-reinstalling .dll with its antivirus Defender tool. The certificate is a big blunder because it opens a universal means for attackers on public networks to hose new Dell laptops. That's because bright minds planted a self-signed root CA certificate and …
Darren Pauli, 26 Nov 2015

Why Microsoft yanked its latest Windows 10 update download: It hijacked privacy settings

Microsoft withdrew downloads for its latest official edition of Windows 10, version 1511, after it meddled with people's privacy settings. Earlier we reported how Redmond disappeared the update, which could be fetched via the official media creation tool (MCT). The download became available in mid-November after Microsoft …
Chris Williams, 25 Nov 2015
Dell Inspiron 15-7537

Superfish 2.0: Dell ships laptops, PCs with huge internet security hole

Dell ships computers with all the tools necessary for crooks to spy on the owners' online banking, shopping, webmail, and more. The US IT titan installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops. These can be abused by eavesdropping miscreants to silently decrypt encrypted …
Shaun Nichols, 23 Nov 2015
Valkyrie robot head

NASA palms off blunder-bot Valkyrie for top US universities to fix

It can put Man on the Moon, but NASA has turned to universities to get its clumsy humanoid robot Valkyrie up to scratch. The robot, now dubbed R5, competed two years ago in the DARPA robotic challenge, and tied with two other teams for last place after failing to complete any of the specified tasks. Now the agency has awarded …
Iain Thomson, 20 Nov 2015

Patch this braXen bug: Hypervisor hole lets guest VMs hijack hosts

The Xen hypervisor project today released nine security patches that should be applied ASAP – particularly the one that stops guest virtual machines seizing control of host servers. That vulnerability – XSA-148 – can be exploited by a paravirtualized guest to manipulate the memory layout of the underlying system, and …
Chris Williams, 29 Oct 2015

Cobweb 'fesses up to failure to renew SSL certificate

Cloudy service provider Cobweb Solutions has 'fessed up to failing to renew its SSL certificate, leaving a number of its customers potentially exposed. The lack of a protocol for secure communication only came to light after one of Cobweb's customers got in touch to report the issue. Adrian Smith, security consultant, …
Kat Hall, 23 Oct 2015
EE Power Bar

EE reports flat Q3 sales, keeps mum on Power Bar recall debacle

EE reported flat third-quarter revenues to the City this morning and tried to ease investors by promising – once again – that it would do a better job on customer service. During the three-month period ended 30 September, the mobile carrier was battling a major product recall. But it made no mention of the Power Bar blunder …
Kelly Fiveash, 21 Oct 2015

'10-second' theoretical hack could jog Fitbits into malware-spreading mode

Updated A vulnerability in FitBit fitness trackers first reported to the vendor in March could still be exploited by the person you sit next to on a park bench while catching your breath. The athletic-achievement-accumulating wearables are wide open on their Bluetooth ports, according to research by Fortinet. The attack is quick, and …
Darren Pauli, 21 Oct 2015
An angry mob

Microsoft now awfully pushy with Windows 10 on Win 7, 8 PCs – Reg readers hit back

Updated Have you noticed Microsoft being a little too eager in pushing its Windows 10 upgrade lately? You're not alone. The Reg news tip inbox has been awash the past few days with readers reporting that the newest version of Windows has been forcing itself onto computers amid other operating system updates, and sometimes even …
Shaun Nichols, 15 Oct 2015

UK's Lloyds Banking Group scrambles to patch account-snooping security hole

Lloyds Banking Group – a major financial outfit in the UK – has closed a security flaw that potentially exposed banking records on tens of thousands of Brits. The vulnerability would have allowed criminals to open an account using only a person's name, address, and date of birth, and then view other accounts that person had …
Shaun Nichols, 15 Oct 2015

Kill Flash: Adobe says patch to fix under-attack hole still days away

Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, …
Iain Thomson, 15 Oct 2015 had classic security blunder in authentication engine

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked. The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction. The since …
Darren Pauli, 09 Oct 2015
TOR Logo

Fast, wireless access to Tor? Just maybe

Portable Tor routers have a serious image problem. But one of only two companies to have actually done it right plans to fix that.Should you believe the hype this time around? Quite possibly, yes. It was only a year ago that the tech community got excited about the idea of a small, lightweight router that would connect you …
Kieren McCarthy, 06 Oct 2015
Wall of Spam. Pic: freezelight

Virgin Media's SPAM-AGEDDON 'fix' silences mailboxes

Virgin Media customers who are account holders have been struggling – one way or another – to access their emails for days now. Subscribers affected by the ISP's migration from Google's Gmail service were first forced to wade through hundreds of SPAM messages to get to their emails, only to later find that over- …
Kelly Fiveash, 05 Oct 2015

iOS 9 security blooper lets you BYPASS PINs, eye up photos, contacts

Vid A security flaw in iOS 9 allows anyone who has a locked Apple iThing in their hand to view its contacts and photos without having to enter a passcode. A chap called Jose Rodriguez has posted a YouTube video demonstrating the design blunder, which exploits Siri to access information on the handset from the PIN unlock screen. …
Shaun Nichols, 23 Sep 2015
Amazon CEO Jeff Bezos

AWS outage knocks Amazon, Netflix, Tinder and IMDb in MEGA data collapse

Amazon's Web Services (AWS) have suffered a monster outage affecting the company's cloudy systems, bringing some sites down with it in the process. The service disruption hit AWS customers including Netflix, Tinder and IMDb, as well as Amazon's Instant Video and Books websites. The outage may also explain Airbnb's current …
Kelly Fiveash, 20 Sep 2015
Google Chrome 64-bit does not work in the latest WIndows 10 build

Crash Google Chrome with one tiny URL: We cram a probe in this bug

You can crash the latest version of Google Chrome with a simple tiny URL. Just rolling your mouse over it in a page, launching it from another app such as an email client, or pasting it into the address bar, will kill either that tab or the whole browser. It's perfect for pranking friends by sending it to them in emails and …
Chris Williams, 20 Sep 2015
Sad iPhone

Apple iPhones, iPads BRICKED by iOS 9's 'slide-to-upgrade' bug

Apple has published a workaround after some iPhone and iPad users were left stranded in the middle of the iOS 9 update process. The Cupertino giant has acknowledged multiple complaints that devices were unable to progress past the "Slide to Upgrade" screen when moving to the latest version of iOS. Apple's remedy: wipe your …
Shaun Nichols, 18 Sep 2015

Patch Bugzilla! Anyone can access your private bugs – including your security vulns

If you or your organization is running Bugzilla, and you're using email-based permissions, make sure you've updated to the latest version – namely 5.0.1, 4.4.10, or 4.2.15. That's because someone's found a way to easily access private bugs in your codebase – such as critical security holes you're still working on to fix. An …
Chris Williams, 17 Sep 2015
Skull in an Apple by  CC 2.0 attribution generic

Shedload of security bugs squashed in iOS 9 – what the hell went wrong with iOS 8?

Apple's latest version of iOS – iOS 9 – is out today with new features and security fixes. A lot of security fixes: 101 potentially exploitable bugs, we count. If you've got a compatible device, you may well want to upgrade sooner rather than later – certainly before people start trying to exploit these security holes. The …
Team Register, 16 Sep 2015
Crop of doctor with pen and clipboard

ICO probes NHS clinic's data blunder that exposed HIV+ status of 800 patients

The ICO is looking into a data blunder at 56 Dean Street, a sexual health clinic operated as part of Chelsea and Westminster NHS Foundation Trust, after it emailed the HIV positive status of nearly 800 patients to the entire group. The data breach was committed through the email circulation of the clinic's "OptionE" newsletter …

OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

Updated British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list. The data protection howler has been flagged up on Twitter by plenty of angry customers who fear having their personal information plundered by wrongdoers. However, despite the …
Kelly Fiveash, 02 Sep 2015

Dropbox DROPS BOX as service GOES TITSUP worldwide

Dropbox suffered a major outage across the globe today – the company blamed "routine internal maintenance" for the significant wobble, which appears to be ongoing. At time of publication, Dropbox was claiming on its official status page that services were running normally again. However, a quick scan of "Dropbox down" tweets …
Kelly Fiveash, 30 Aug 2015
Small screen multitasking

Yet another Android app security bug: This time 'everything is affected'

Yet another potentially serious security flaw has been revealed in Android. This time the problem involves the mobile operating system's ability to run more than one app at once – as opposed to its handling of multimedia messages, which was the crux of a cyber* of vulnerabilities last month. The latest security blunder opens …
John Leyden, 20 Aug 2015

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

If you're using OS X Yosemite, watch out for malware exploiting a new way to take complete control of your Mac. A vulnerability has been found in Apple's operating system that allows ordinary software on the computer to gain all-powerful root privileges, allowing dodgy apps to install new programs, create users, delete users, …
Chris Williams, 18 Aug 2015
android logo

Google flubs patch for Stagefright security bug in 950 million Androids

Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text messages that contain video clips. By sending a vulnerable …
Iain Thomson, 13 Aug 2015
EE Power Bar

Exploding Power Bars: EE couldn't even get the CE safety mark right

Exclusive EE failed to label its "Power Bar" phone charging devices with the correct marking to show that the product complied with European safety directives, The Register has learned. The embarrassing cockup comes after we revealed that EE management had been warned about safety risks with its Power Bar, ahead of its launch in April …
Kelly Fiveash, 13 Aug 2015

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Black Hat In-Depth A design flaw in Intel's processors can be exploited to install malware beneath operating systems and antivirus – making it tough to detect and remove. "It's a forgotten patch to a forgotten problem, but opens up an incredible vulnerability," said Christopher Domas, a security researcher with the Battelle Memorial Institute, …
Iain Thomson, 11 Aug 2015
Parliament in the clouds

Cause of Parliamentary downtime on Microsoft Office 364½ revealed

A major Microsoft Office 365 outage in the Houses of Parliament that left up to 3,000 users without email was due to Microsoft failing to inform itself about a technical change, The Register can reveal. The outage occurred on 23 June and resulted in a total of 13 hours of downtime, the Parliamentary Digital Service said in …
Kat Hall, 06 Aug 2015

Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

Black Hat 2015 When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
Iain Thomson, 05 Aug 2015
Sad Android

Got an Android phone? SMASH IT with a hammer – and do it NOW

Android smartphones can be secretly infected by malware smuggled in via video text messages, allowing criminals to sneak inside as many as 950 million devices. You just need to know a victim's cellphone number to silently inject malicious software in their vulnerable gizmo. Once infected, your mobe's camera and mic can be used …
Iain Thomson, 27 Jul 2015
Steve Ballmer. Pic:  Aanjhan Ranganathan

Ballmer's billion-dollar blunders: When he gambled Microsoft's money and lost

Analysis Less than two years into Satya Nadella's tenure as CEO of Microsoft, he's already had to report a lossmaking quarter. It's only the second time that's happened in the software giant's three decades as a public company, and the $8.44bn write-off Redmond posted earlier this week is the largest in its history. Don't blame Nadella …
Neil McAllister, 27 Jul 2015

Microsoft to spoofed Skype users: Change your account passwords NOW

An unknown number of frustrated Skype customers have been pestered by spoof messages on the Microsoft service for weeks, but the company is yet to close what appears to be a gaping hole in its software. Instead, Redmond has advised Skype users to change their account passwords. But complaints are building up about the lack of …
Kelly Fiveash, 19 Jul 2015
Wagyu Bull

Barracuda billings blunder: Blair bloke bullish

Barracuda boosted revenues 17.8 per cent on an annual basis to $78 million in its first fiscal 2016 quarter, but made a -$3.8 million loss. A year ago it made a $200K profit on its $66.2 million revenue, so why has it gone down the toilet profit-wise in this latest quarter? Prez and CEO BJ Jenkins didn’t say in his tinned …
Chris Mellor, 10 Jul 2015
Bitcoin is the future of money CC 2.0 by Jonathan Waller

Yank my blockchain: Bitcoin upgrade SNAFU borks hungry miners' currency

Bitcoin users have been urged to switch to pool mines that fully validate data blocks, after the virtual currency system hit a major snag during a planned upgrade. The open source P2P community warned on Saturday that "many wallets" were "currently vulnerable to double-spending of confirmed transactions." Anyone who received …
Kelly Fiveash, 05 Jul 2015
Pulling the plug

Vectone Mobile gone for the week, don't know when it'll be back

Updated MVNO Vectone Mobile's service has been down for days, with the company offering no indication as to when it might resume, or any public statement acknowledging the depth of the blunder. To the fury of customers who believe they have received inadequate support and information, the MVNO issued a "sincere" apology to those …

Silly Google's Photos app labelled BLACK PEOPLE as GORILLAS

Google's new Photos software automatically labelled images of black people as "gorillas". The ad giant has since apologised. Mountain View's hugely embarrassing blunder comes just one month after it launched its cloud-hosted photo storage service, and made a big deal out of its machine-learning features. Google also warned …
Kelly Fiveash, 01 Jul 2015
Spiceworks welcome to 7.4 banner

Spiceworks in WTF-class social log-in SECURITY BLUNDER

A serious security flaw has been discovered in the Spiceworks network administration application. The issue, uncovered by Spicehead Darren K Smith, allows anyone with a Facebook or LinkedIn account to log in as an administrator. Spiceworks has responded by temporarily disabling social sign-in until the flaw can be addressed. …
Trevor Pott, 23 Jun 2015
4 arrows signs in arrow on wooden wall

ISP Level 3 goes TITSUP after giganto traffic routing blunder

ISP Level 3's customers have been left without internet access since this morning, after the provider seems to have leaked routes to a Tier 1 transit provider in Malaysia. An incident report from CloudFlare said that while "the Tier 1 transit provider of the ISP leaking routes appears to have stopped accepting these …