Articles about Wonks

SuperTim's bacon bounty sarnie

MIT launches campus lunch bug bounty

The Massachusetts Institute of Technology has joined the growing number of large organisations and agencies to offer a bug bounty. The program is in an experimental phase and is open to current MIT students and affiliates, and includes a limited number of domains. Those submitting severe bugs will have money dropped into MIT …
Darren Pauli, 26 Apr 2016
Toilet roll printed with fake US $100 bills

Hacked-corporate-email-as-a-service costs just US$500 a seat!

Want to read a business rival's email? Dell wonks say hacked-corporate-email-as-a-service operators can deliver for just US$500. That low, low, price is offered by one accomplished hacker on a popular cyber crime forum and detailed in a Secure Works report on the cost of hacking services. The hacker charges less for raiding …
Darren Pauli, 06 Apr 2016

UK Home Office seeks secret settlements over unlawful DNA retention

Exclusive The UK Home Office is trying to keep secret three out-of-court settlements with claimants who allege the police unlawfully retained their biometric details. Problems affecting Blighty's ageing Police National Computer (PNC) are an open secret. Yet the Home Office's reaction to allegations of impropriety – to treat them as …

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 04 Apr 2016
Hyper Media Shop by https://www.flickr.com/photos/rka/ CC 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Disaggregated hyper-convergence thinks storage outside the box

If you thought hyper-convergence is all about putting everything in one box, think again: some users are now asking for disaggregated hyper-convergence that sees the storage put back out on the network. So says Michael Hay, Hitachi Data Systems' (HDS') veep and chief engineer, who tells The Register he's seeing customers who …
Simon Sharwood, 24 Mar 2016
Array in a rack. Image via Shutterstock

Lenovo's enterprise power-up could be powering you down

The question Lenovo's asked most often is how to address heating, cooling and power requirements in the data centre and the company is thinking about how to get better at managing these concerns. So says John Donovan, Lenovo's executive director for enterprise product management, who today artfully avoided telling The Register …
Simon Sharwood, 18 Mar 2016

Blah Blah blah ... I don't care! To hell with your tech marketing bull

Sysadmin blog Last week was the hardest time in recent memory for me. My best friend of over a decade, a feline companion by the name of Prometheus, has just passed away. While such a personal event might not seem relevant to things technological, it has served as something of a focusing effect for me. Trying to think through the haze of …
Trevor Pott, 07 Mar 2016

Cisco stitches default root creds for switches

Cisco has slung patches at its Nexus 3000 and 3500 switches to shutter a default remotely-accessible administrative account. The critical bug (CVE-2016-1329) grant attackers root access, according to Cisco security wonks. Admins can shut off Telnet as a workaround in place of the patch. "[The vulnerability] could allow an …
Darren Pauli, 03 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016

Hackers use Microsoft security tool to pwn Microsoft security tool

FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defense gun 180 degrees and fired. Or in other words, they've found a way to disable Redmond's Enhanced Mitigation Experience Toolkit using the Enhanced Mitigation Experience Toolkit. EMET injects anti- …
Darren Pauli, 24 Feb 2016

Backdoors are bad, Euro security wonks ENISA tell governments

The European Agency for Network and Information Security (ENISA) has weighed into the cryptography debate, warning that crimping cryptography will “create vulnerabilities that can in turn be used by criminals and terrorists”. Its January-dated but just-released paper states boldly that “unprotected communication becomes a …

Facebook has paid $4.3m to bug-hunters since 2011

Facebook security engineer Reginaldo Silva says Menlo Park has paid out $4.3m (£3.8m, A$6m) for more than 2,400 vulnerability reports submitted since its bug bounty began in 2011. The payments made under one of the world's most popular bug bounty programmes were sent to more than 800 researchers who sent in a variety of cross- …
Darren Pauli, 15 Feb 2016

Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed

Microsoft's enhanced mitigation toolkit (EMET) has been updated with support for Windows 10, but the company says you don't really need to download it any more. The defence tool is Microsoft's way of re-enforcing Windows versions from Vista to 8.1. Available since 2009, the tool has introduced the latest mitigation techniques …
Darren Pauli, 04 Feb 2016

Cisco drops 11 clock-crashing patches for 46 things, probes 142 more

Cisco has patched 11 remote denial-of-service and network time protocol vulnerabilities spanning at least 46 products and is investigating a further 142 offerings which may be affected. The patch bomb is an ongoing effort to crush the medium-severity CVEs that can allow unauthenticated attackers to mess with NTP servers …
Darren Pauli, 29 Jan 2016

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
Team Register, 14 Jan 2016

$30 webcam spun into persistent network backdoor

Vectra Networks security wonks have spun a cheap webcam into a backdoor to persistently p0wn PCs. The junk hacking expedition led Vectra's chief security chap Gunter Ollman into the internals of the D-Link DCS 930L, a network camera that can be had for US$30. The attacks are useful as an alternative backdoor for targeted …
Darren Pauli, 13 Jan 2016

Drupal uncrosses fingers, promises secured patching

Drupal is switching to secured channels for updating its content management system, after IOActive security bod Fernando Arnaboldi reported it sought patches in the clear. More than a million sites use the popular content management system, making it a significant target for hackers. The vulnerabilities are not earth- …
Darren Pauli, 12 Jan 2016

Call of Duty terror jabber just mindless banter

Video Eye-watering claims that video games are secure communications hubs for terrorists have been shot down in a demonstration by security wonks who tested claims nation-states could not intercept chatter and that messages can be written in bullet holes. Playstation 4 was last year fingered as a favourite communciations channel for …
Darren Pauli, 08 Jan 2016

Bash, smash, trash Flash – earn $100k cash

Hackers can score US$100,000 from exploit arbitrage outfit Zerodium if they bypass Adobe's latest Flash heap isolation defence. Hackers will have to craft an exploit that escapes the sandbox to hit the jackpot, because that's more complex than a non-sandbox break which attracts a $65,000 reward. It comes less than a month …
Darren Pauli, 06 Jan 2016
Onions

Tor launches invite-only exploit bug bounty

Tor will this year investigate an exploit bug bounty paying researchers cash for flaws, lead developer Mike Perry says. The HackerOne invite-only scheme is expected to be opened to the public after Tor finds its feet handling disclosures. Bug bounties are a booming initiative under which tens of thousands of dollars are being …
Darren Pauli, 05 Jan 2016

Let's shut down the internet: Republicans vacate their mind bowels

Ever since Senator Ted Stevens famously referred to the internet as a "series of tubes" in 2006, we have became sadly accustomed to the fact that legislators have little or no understanding of how the internet actually works. Despite the determined efforts of many internet policy wonks in the past decade, that dangerous level …
Kieren McCarthy, 16 Dec 2015

Mozilla looses Firefox 43, including Windows 64-bit variant

Mozilla has released version 43 of its Firefox web browser, introducing a 64-bit version for Windows and crushing four critical and seven serious vulnerabilities. The browser should now enjoy the security and performance boosts of 64-bit systems with fatter heap sizes to help fire up things like browser games and better …
Darren Pauli, 16 Dec 2015

Facebook arrives at commonsense 'real names' policy

Facebook has announced a revised, and some would say commonsense, version of its "real names" policy that introduces a little grey into its previous black-and-white efforts. Having taken six months to come up with a solution, the social media giant has outlined what most policy wonks would have written on a paper napkin within …
Kieren McCarthy, 15 Dec 2015

Cisco starts spewing vuln info everywhere, in a good way

Security folk will be able to suck down Cisco vulnerabilities notices in more ways than ever thanks to a new application programming interface launched today. The Cisco security team's (PSIRT) openvuln plug is a RESTful API supporting standards like Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and …
Darren Pauli, 15 Dec 2015

Sydney quantum computing wonks get $36M to build god box

Aussie physicists have scored AU$36 million to advance their work on the world's first silicon-based quantum computer. The University of New South Wales wonks scored $26 million over five years from the nation's Federal Government and an in-principle commitment of anotehr $10 million from the Commonwealth Bank to push ahead …
Darren Pauli, 08 Dec 2015
Emu by Kelly Sikkema on Flickr

ONOS Foundation takes SDN to carrier-scale with Emu release

With twelve months of version iterations behind it, the ONOS Foundation is now declaring itself ready for carrier-scale deployment, following the release of its Emu version. Speaking to The Register ahead of the launch, ON.Lab VP of engineering Bill Snow said features in Emu like Open Network Function Virtualisation (OPNFV) …

Thanks for playing: New Linux ransomware decrypted, pwns itself

Ransomware targeting Linux servers has been thwarted by hard working security boffins, with help from the software itself, mere days after its existence was made public. The Linux.Encoder.1 ransomware seeks Linux systems to encrypt and like others of its ilk demands owners pay BitCoins to have files decrypted. But the first …
Darren Pauli, 12 Nov 2015
Onions

Tor Messenger beta debuts, promises unlogged Jabber for all

The Tor Project has launched what some say is the easiest-to-use encrypted chat tool for the truely paranoid. The beta version of Tor Messenger, which routes conversations through the global Tor network, is the culmination of about two years work and follows the launch of an Alpha version last February. Tor Messenger is …
Darren Pauli, 30 Oct 2015
Collection of antique keys

Cyber cop: Snoopers' Charter tag is offensive. Maybe we need a 'yes to snooping' tickbox?

Parliament & Internet Conf '15 A Scotland Yard cyber cop argued today that adding a tick box to online services could help the police respond faster to online crime and deal with the challenge of end-to-end encryption. DCI Andrew Gould, deputy head of the Met's cyber crime and fraud team (FALCON), reiterated the well-worn line about a loss of capabilities …
Kelly Fiveash, 29 Oct 2015
Point Break still of the ex-Presidents

Oi, ICANN! Get to the bottom of this bottom-up process, haul ass – ex-Prez advisor

Internet oversight body ICANN received a second kick to the buttocks on Saturday morning – this time from erstwhile US presidential advisor Ira Magaziner. Just a day after Assistant Commerce Secretary Larry Strickling told a room of internet policy wonks that they needed to get a move on or risk undermining the process to …
Kieren McCarthy, 26 Sep 2015
NASA's design guide from 1976

NASA reveals secret 1970s SPACE PANTS

NASA has released its graphics manual from 1976. The manual (PDF) explains how the agency's logo, typeface and other visual identifiers are to be used. NASA's administrator of the time, Richard H, Truly, writes in his introduction that the manual is no mere document for style wonks but ““a new tool to enhance and symbolize …
Simon Sharwood, 10 Sep 2015

Net neutrality: How to spot an arts graduate in a tech debate

Analysis Arts and humanities graduates are schooled for years in metaphor and analogy - and these are very useful skills for understanding the world. But what happens when an approach based on metaphor and analogy meets hard science and engineering reality? And what happens when the chosen metaphor doesn't fit? While you can choose …
Andrew Orlowski, 25 Aug 2015

Five-star Flash phish filched from Hacking Team targets bigwigs

The DarkHotel global advanced threat actor group is targeting suit-wearing types with an old-school HTML application stuffed with the Adobe Flash exploit borrowed from stolen Hacking Team data. The flaws were quickly patched after the Hacking Team goring in July, but DarkHotel appears to have started targeting the exploits …
Darren Pauli, 11 Aug 2015
Cell tower, view from below. Image by Shutterstock.com

Microsoft open-sources Sora software-defined radio

Microsoft has decided to open-source its six-year-old Sora software radio project. As Redmond's Jane Ma explained at Technet, Sora has been designed to replicate the behaviour of specialised ASICs on a PC. Its focus is on the PHY and MAC layers. ASIC design is expensive and inflexible, so software platforms are attractive to …
Cat 5 cable

North America down to its last ~130,000 IPv4 addresses

The American Registry for Internet Numbers (ARIN) can no longer satisfy requests for new IPv4 addresses and has started a waitlist for those who want more. ARIN warned, in early June, that “It is very likely that we are already processing a request that we will be unable to fulfill [sic].” On Monday this week it escalated the …
Simon Sharwood, 03 Jul 2015

Intel infosec folk TEE off open source app dev framework

A trio of Intel boffins have broken a vendor lock-down on trusted execution environments (TEEs) with the release of an open source framework that could help developers to build more secure apps. Intel wonks Brian McGillion, Tanel Dettenborn, and Thomas Nyman (plus N. Asokan of Aalto University and University of Helsinki) …
Darren Pauli, 30 Jun 2015

Unicode wonks are bringing home the BACON, as an emoji

Want a bacon, avocado and cucumber salad? Next year, you'll be able to order it with emoji. In among the po-faced work of setting standards, the Unicode Consortium is considering adding those three emoji to the character set – along with pregnancy, crossed fingers, a nauseated face, a clown and a cowboy, and a bunch of others. …
spy_eye_648

'The Google execs, the journalists, plus Brit and US spybosses in a cosy mansion confab'

A high-level private meeting between Silicon Valley execs, spies and others was held in the UK this month: on the agenda, the state of government surveillance, and what limits should be put on it. The attendee list is impressive. Key speakers apparently included former acting CIA boss John McLaughlin; former White House deputy …
Iain Thomson, 22 May 2015
willy wonka oompa loompa

More oompa loompas needed to push Google's EU agenda

Google and Facebook are throwing people and money at the EU in an effort to ensure more laws go their way. Both companies are recruiting new policy wonks to influence law-makers in Brussels. Google is after two public policy and government relations analysts – one to work on the European Commission and the Council, the other …
Jennifer Baker, 13 May 2015
Office Space

Zucking 'ell! Facebook at Work bloke unfriends Facebook AT WORK

Lars Rasmussen has quit Facebook after nearly five years as director of engineering at the free content ad network. He defected from Google to the Mark Zuckerberg-run company in 2010 in the immediate aftermath of the failure of his wonky Wave project, which he described at the time as being a "little stressful" to try to get …
Kelly Fiveash, 27 Apr 2015
Dan Fredinburg on Mount Everest. Pic credit: Fredinburg's Instagram page

Google exec and avid climber dies on Mount Everest

One of Google's top privacy wonks was killed by an avalanche on Mount Everest on Saturday. The snowslide was triggered by a massive Nepal earthquake that has reportedly claimed the lives of more than 2,000 people in the region. Dan Fredinburg had worked at Google since 2007 as a product manager, software engineer and the ad …
Kelly Fiveash, 26 Apr 2015
Rows of washing machines in shop aisle

If hypervisor is commodity, why is VMware still on top?

The hypervisor is a commodity. VMware's ESXi, Microsoft's Hyper-V and the open-source community's Xen and KVM are all right and proper tools for virtualising workloads. Does that mean we should all stampede away from expensive proprietary hypervisors and dine on the open-source freebies? This being IT, the answer is "it depends …
Trevor Pott, 23 Apr 2015

Tale of 2 cyber-confabs: Govts, nerds on one side. Shock hotel room searches on the other

Analysis Last week, the fourth annual global conference on cybersecurity (GCCS) was held in The Hague in the Netherlands. The two-day conference is put on by a different government each year, starting with the first in London in 2011. It is billed as a place for "representatives from governments, private sector and civil society" to meet …
Kieren McCarthy, 20 Apr 2015
Pinocchio CC 2.0 Flickr https://www.flickr.com/photos/jepoirrier/

Microsoft proves Pinocchio's a real boy with proofs tool

Microsoft cloud wonks have developed a tool for developers capable of practical generation of proofs that an outsourced job has been crunched securely. The team of eight including Craig Costello; Cedric Fournet; Jon Howell; Markulf Kohlweiss ; Michael Naehrig, and Bryan Parno together with University of Virginia boffins Benjamin …
Darren Pauli, 20 Apr 2015
X-ray image showing vibrator in passenger's luggage

W3C turns BROWSERS into VIBRATORS

Web wonks at the W3C have issued a new Recommendation that gives browsers control of vibrators. Recommendations are the W3C's polite way of defining standards, so this week's notification that the Vibration API has attained this status means the world now has a standard way to make devices throb, buzz, jitter, oscillate or …
Simon Sharwood, 13 Feb 2015
Facebook privacy image

Hey kids! If you vote Facebook will give you EXTRA LIKES*

In an attempt to poke "da yoof" into voting, the Electoral Commission will run a registration campaign via Facebook tomorrow. Every person eligible to vote on Facebook in the UK will see a message in their newsfeed directing them to register online via the Gov.uk site. The body hopes it will prompt others to register, with …
Kat Hall, 04 Feb 2015
Tony Blair closes the RSA 2012 conference

Freedom of Info at 10: Tony Blair's WORST NIGHTMARE

Although the Freedom of Information Act was passed in 2000, it didn't come into force until 1 January 2005, meaning we've had just about 10 years of FoI – as the Information Commissioner's Office was keen to point out in a minor PR blizzard. That load of celebratory snippets* included such worthy-but-dull moments as the first …
Gareth Corfield, 28 Dec 2014
Windows 2.0

Stop coding and clean up your UI, devs, it's World Usability Day

November 13th is World Usability Day, the annual event that urges all and sundry “to ensure that the services and products important to life are easier to access and simpler to use.” The day's raison d'être is promoting good design, so that products and services are easy to use, rather than useless. Physical objects are the …
Simon Sharwood, 13 Nov 2014
Internet of Things

Greedy datagrabs, crap security will KILL the Internet of Thingies

Opinion Is the Internet of Things a nightmare, a glorious utopia, or might it just never happen? Last week I was asked to offer a few thoughts in a panel discussion for over 200 PriceWaterhouseCoopers staff, ranging from hackers to business geeks. I’ve only touched on IoT briefly, when David Cameron at CeBIT announced he was throwing a …
Andrew Orlowski, 13 Oct 2014

Labour outsources digital policy, Tories turn up to finish it

Do tax avoidance, monopolistic business practices or your right to determine your digital identity bother you? Well don’t look for help in the new "digital manifesto" that the Labour Party launched this week. The audience for the crowdsourced "mashup" policy document is VCs, the media, and nervous unions – not you. The People’s …
Andrew Orlowski, 28 Sep 2014