Articles about Wonks

Boffins bake Crysis ransomware's keys into handy decryptor

Anti-malware outfit ESET has baked master decryption keys into a tool that lays waste to the Crysis ransomware. Crysis began to gain traction in June after being first noticed February circulating through malicious emails and leveraging the demise of now dead rival TeslaCrypt. The malware encrypts about 200 file types across …
Darren Pauli, 22 Nov 2016

Tech support scammers use denial of service bug to hang victims

Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams. The HTML5 bug allows sites to chew up a mountain of processor capacity, causing browsers to hang. Scammers deploy the few lines of code needed to trigger the bug, hang browsers and then display a …
Darren Pauli, 07 Nov 2016
Hillary Clinton

Coding will win you the election, narcissistic techies boasted to Hillary

Comment Can you remember where you were when the Berlin Wall came down, Mrs Thatcher resigned, or – um – David Cameron "learned" some HTML for an hour? Perhaps the first two, but maybe not the third. Yet in Silicon Valley's bubble, the latter signified a "Sputnik moment" for humanity. New disclosures from WikiLeaks highlight Big Tech' …
Andrew Orlowski, 01 Nov 2016
Millennials snap pics of their food with smartphones for Facebook/Twitter/instagram. Photo by shutterstock

Microsoft: Watch out millennials for evil Security Essentials

Microsoft is warning of fake copies of its Security Essentials that if executed will throw a fake blue screen of death, pwn machines, and lead users to technical support scams. Redmond regards the threat dubbed Hicurdismos as a severe threat which compromises PCs typically through bundled software installers and drive-by- …
Darren Pauli, 25 Oct 2016

FCC death vote looms for the Golden Age of American TV

Special report We’re living in a “Golden Age of TV”, and the United States makes the most envied popular TV drama in the world. Breaking Bad, The Sopranos and The Wire raised the bar for everyone in TV drama. More cash is invested in content: last year Netflix alone spent more on shows than either the BBC or HBO. It takes more risks and …
Andrew Orlowski, 29 Sep 2016
Image: Majivecka and Slobodan Djajic / Shutterstock

Google tries to cross out XSS attacks by releasing its own test tool

Google has spent more than US$1.2 million (£920,400, A$1.6 million) in the last two years paying researchers for reporting cross-site scripting (XSS) attacks and has kicked off an effort to help crush the threat. XSS attacks are one of the most pervasive and enduring web application security threats because they allow …
Darren Pauli, 27 Sep 2016
Banned

Mozilla wants woeful WoSign certs off the list

Mozilla wants to kick Chinese certificate authority (CA) WoSign out of its trust program. As well as being worried about the certs issued by WoSign, Mozilla accuses the company of buying another CA, StartCom, without telling anyone. In this lengthy analysis posted to Google Docs, Mozilla says its certificate wonks have "... …

ICANN latest: Will the internet be owned by Ted Cruz or Vladimir Putin in October?

Analysis The battle over the internet's critical IANA contract shows no sign of being resolved – with just two weeks to go until it is due to be handed over to internet oversight organization ICANN. Thursday 15 September would have been the day that the Department of Commerce formally informed ICANN by letter that it intended to extend …
Kieren McCarthy, 16 Sep 2016

New ISO standard kind-of explains how to ignore standards

The International Organization for Standardization this week signed off ISO 38504, new “Guidance for principles-based standards in the governance of information technology.” And ironically it is almost an anti-standard. To understand why, know that the opposite of principles-based governance is rules-based governance. In the …
Simon Sharwood, 16 Sep 2016

Regulators, take note: Tencent is now Asia's biggest company

WeChat maker Tencent became Asia's highest-valued company today; not bad going for an app that launched long after well-established instant-messenger brands moved to mobile. Tencent reached a valuation of $256bn on the Hong Kong stock exchange, surpassing the market valuation of China Mobile. Samsung Electronics is valued at $ …
Andrew Orlowski, 06 Sep 2016
Drones hover above a smart city. Photo by shutterstock

Beautiful, efficient, data-sucking Smart Cities: Why do you give us the creeps?

Huawei Connect “Smart Cities” have been heavily promoted by tech giants like IBM, and the idea excites the pulse of fad-chasing technocrats and wonks. Huawei has also heavily promoted the vision, and the commercial logic to do so is sound. It is clearly hoping to shift its high end network management gear into a market where the customers …
Andrew Orlowski, 02 Sep 2016
disk head crash

Air gap breached by disk drive noise

Video Researchers from Israel's Ben-Gurion University of the Negev Cyber Security Research Center have found a way to exfiltrate information from a PC using the noise created by hard disk drives. In work detailed here (PDF) at ArXiv, the researchers explain how they've created malware that “can generate acoustic emissions at …
Simon Sharwood, 15 Aug 2016

Cyber-crime cost calculation studies are rubbish: ENISA

ENISA, the European Union Agency For Network And Information Security, has taken a look at “cost of cyber attack” studies and reckons they're not much good. The agency is far too polite to put it that way, but in this report, it says there's no consistent approach to trying to quantify the cost of attacks on what it calls …

Networking wonks say lousy planning, not DDOS, caused #Censusfail

The failure of the Australian census seems to be a failure of planning. The Federal Government is blaming a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing …
Darren Pauli, 10 Aug 2016
Puppy and bone, image via Shutterstock

Australia's privacy watchdog launches '#Censusfail' probe

Hard on the heels of endorsing the Australian Bureau of Statistics' (ABS') process for the 2016 Census, Australia's privacy commissioner Timothy Pilgrim has had second thoughts and launched an investigation into its failure. The investigation comes as a result of the collapse of the ABS's Census sites during August 9, and the …
spy_eye_648

Users of secure chat app Telegram popped after possible nation-state attack

Black Hat An attack group known for rudimentary phishing scams and having operational security so bad their servers were popped by Check Point has compromised a dozen Telegram accounts and gained phone numbers for a further 15 million, possibly with state assistance. Telegram is a well-regarded end-to-end encrypted chat client used by …
Darren Pauli, 04 Aug 2016
Stock market image via Shutterstock

French data wrangler Talend has done it: Voila, it's a tech IPO

Big data upstart Talend rang the bell to open the Nasdaq at 9.30am today in New York City – as the company makes one of the few initial public offerings (IPOs) this year. The data integration business was founded in France in 2005, and although its headquarters are in Redwood City, California, the company is listing on the …

Australian maps and GPS will align by 2020

Geo-boffins are getting ready to nudge Australia to the north, so its national map data agrees with the new world of GPS. The country's maps are currently based on a standard called the Geocentric Datum of Australia 1994 (GAD94), which is more than 20 years old and ties map references to locations fixed on the Australian …

Critical remote code execution holes reported in Drupal modules

Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites. The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the …
Darren Pauli, 14 Jul 2016

Hacker bites Datadog, finds hard-to-chew bcrypt passwords

Software as a service monitoring platform Datadog, used by the likes of Facebook, Salesforce, and Citrix, has been breached and therefore suggested strongly that customers reset their passwords. The company says attackers hit multiple servers Friday including production servers, and a database of user credentials. Other …
Darren Pauli, 11 Jul 2016
Image by Anastasia Omelyanenko http://www.shutterstock.com/fr/pic-436311205/stock-photo-mashmellow-and-lollipop.html?src=EXWdanl3s89L0aXGAQTtcQ-1-62

Cafe killer remote code execution affects 140 million MIUI Androids

The most popular stock and third-party Android ROM – used by 170 million people – contains a dangerous since-patched remote code execution hole that could hand attackers total control of handsets. The flaw, found by IBM X-Force researcher David Kaplan (@depletionmode), now of Microsoft, exists in MIUI (pronounced Me, You, I) …
Darren Pauli, 07 Jul 2016

One in 200 enterprise handsets is infected

If your enterprise has 200 mobile devices at least one is infected, so says security firm Skycure The Palto Alto firm has uncovered previous nasty Apple bugs, including the No iOS Zone flaw reported by El Reg last year. All told about three percent of the locked-down vanilla Cupertino devices are infected, the company says in …
Darren Pauli, 04 Jul 2016

No watershed: China hacker groups in decline before Xi-Obama deal

The US-China pledge to put an end to state-backed intellectual property theft was made when Middle Kingdom hacking groups had been receding for more than a year, researchers say. Presidents Barack Obama and Xi Jinping agreed September to not "conduct or knowingly support cyber-enabled theft of intellectual property" in a move …
Darren Pauli, 21 Jun 2016

CryptXXX ransomware improves security, GUI, slurps Cisco creds

Net scum behind the ransomware upstart CryptXXX have parried white hat attacks and released a new and as-yet-uncracked malware variant that can encrypt network shares, and steal account logins. The changes CryptXXX, already the most widely-used ransomware, the most dangerous such tool. The modular malware menace uses StillerX …
Darren Pauli, 06 Jun 2016

'UnaPhone' promises Android privacy by binning Google Play

A custom Android phone is being pitched to security and privacy pundits promising to deliver by goring Google services, preventing app installation, and deploying end-to-end encryption. The US$540(£374, A$745) UnaPhone sports a custom Android Marshmallow operating system that has been stripped of "invasive" Google services to …
Darren Pauli, 03 Jun 2016

Is a $14,000 phone really the price of privacy?

A US$14,000 (£9,706, or A$19,352) Android phone has been launched pitching 'military-grade encryption' at privacy-conscious executives. Little information can be found on the Solarin handset's specific security chops other than it will use "chip-to-chip 256-bit AES encryption" for phone calls. That technology is built by …
Darren Pauli, 02 Jun 2016

DDOS-as-a-service offered for just five dollars

Freelancer-finding site Fiverr has booted out users offering distributed denial of service attack for-hire groups for as low as US$5. Fiverr is a service that connects buyers with professionals like designers and developers, many of whom offer their services for not much more than the price of a beer. Incapsula security wonks …
Darren Pauli, 26 May 2016

Google security man reveals Allo will encrypt chats - sometimes.

Security industry types and leaker Edward Snowden have rubbished new Google instant messenger app Allo after its lead product engineer revealed it would not run end-to-end encryption by default. The text-based messaging service launched at Google's I/O 2016 gabfest last week is linked to phone numbers and sports Chrome's porn …
Darren Pauli, 24 May 2016
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Japan on Olympic hacking mission to test utilities, trains, telcos

Japan will from next year conduct mock hacking exercises with governments including the United States and private sector organisations ahead of the 2020 Olympic games. The effort will be run out of a new penetration testing arm to be created in 2017 charged with identifying vulnerabilities in physical control systems that …
Darren Pauli, 20 May 2016

Cryptxxx shipwrecked: Laughing white hats shred latest ransomware

Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace. The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware …
Darren Pauli, 18 May 2016
St Petersburg Russia

Work begins on Russian rival to Android

A Russian company called Open Mobile Platform (Открытая Мобильная Платформа) is developing its own mobile operating system to rival Android. Communications Minister Nikolai Nikiforov tweeted a link to job ads seeking developers, infrastructure architects, testers and security types. Российский центр разработки новой мобильной …
Darren Pauli, 16 May 2016
Image by Danomyte http://www.shutterstock.com/gallery-256714p1.html

Six-year-old patched Stuxnet hole still the web's biggest killer

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer …
Darren Pauli, 09 May 2016

Steelie Neelie Kroes joins Uber as competition advisor

Controversial taxi app biz Uber has appointed former EU competition and telecoms regulator "Steelie" Neelie Kroes to advise it on, er, competition and regulation. No doubt Kroes' wealth of knowledge of the EU's reams of red tape will help the biz navigate the very regulators Uber has repeatedly butted heads with in the …
Kat Hall, 05 May 2016
Man shouting the news from a rolled up newspaper

Locky locks down

Ransomware scum have deployed PGP to block researchers. Authors of the hugely prolific and as-yet unbroken Locky ransomware are using Pretty Good Privacy encryption to stop white hats peering into the communications traffic between victims and fleecers. It means statistics on the number of infections will be harder to clean …
Team Register, 04 May 2016
SuperTim's bacon bounty sarnie

MIT launches campus lunch bug bounty

The Massachusetts Institute of Technology has joined the growing number of large organisations and agencies to offer a bug bounty. The program is in an experimental phase and is open to current MIT students and affiliates, and includes a limited number of domains. Those submitting severe bugs will have money dropped into MIT …
Darren Pauli, 26 Apr 2016
Toilet roll printed with fake US $100 bills

Hacked-corporate-email-as-a-service costs just US$500 a seat!

Want to read a business rival's email? Dell wonks say hacked-corporate-email-as-a-service operators can deliver for just US$500. That low, low, price is offered by one accomplished hacker on a popular cyber crime forum and detailed in a Secure Works report on the cost of hacking services. The hacker charges less for raiding …
Darren Pauli, 06 Apr 2016
By Bob Bob - https://flic.kr/p/914kty

UK Home Office seeks secret settlements over unlawful DNA retention

Exclusive The UK Home Office is trying to keep secret three out-of-court settlements with claimants who allege the police unlawfully retained their biometric details. Problems affecting Blighty's ageing Police National Computer (PNC) are an open secret. Yet the Home Office's reaction to allegations of impropriety – to treat them as …

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 04 Apr 2016
Hyper Media Shop by https://www.flickr.com/photos/rka/ CC 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Disaggregated hyper-convergence thinks storage outside the box

If you thought hyper-convergence is all about putting everything in one box, think again: some users are now asking for disaggregated hyper-convergence that sees the storage put back out on the network. So says Michael Hay, Hitachi Data Systems' (HDS') veep and chief engineer, who tells The Register he's seeing customers who …
Simon Sharwood, 24 Mar 2016
Array in a rack. Image via Shutterstock

Lenovo's enterprise power-up could be powering you down

The question Lenovo's asked most often is how to address heating, cooling and power requirements in the data centre and the company is thinking about how to get better at managing these concerns. So says John Donovan, Lenovo's executive director for enterprise product management, who today artfully avoided telling The Register …
Simon Sharwood, 18 Mar 2016

Blah Blah blah ... I don't care! To hell with your tech marketing bull

Sysadmin blog Last week was the hardest time in recent memory for me. My best friend of over a decade, a feline companion by the name of Prometheus, has just passed away. While such a personal event might not seem relevant to things technological, it has served as something of a focusing effect for me. Trying to think through the haze of …
Trevor Pott, 07 Mar 2016

Cisco stitches default root creds for switches

Cisco has slung patches at its Nexus 3000 and 3500 switches to shutter a default remotely-accessible administrative account. The critical bug (CVE-2016-1329) grant attackers root access, according to Cisco security wonks. Admins can shut off Telnet as a workaround in place of the patch. "[The vulnerability] could allow an …
Darren Pauli, 03 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016

Hackers use Microsoft security tool to pwn Microsoft security tool

FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defense gun 180 degrees and fired. Or in other words, they've found a way to disable Redmond's Enhanced Mitigation Experience Toolkit using the Enhanced Mitigation Experience Toolkit. EMET injects anti- …
Darren Pauli, 24 Feb 2016

Backdoors are bad, Euro security wonks ENISA tell governments

The European Agency for Network and Information Security (ENISA) has weighed into the cryptography debate, warning that crimping cryptography will “create vulnerabilities that can in turn be used by criminals and terrorists”. Its January-dated but just-released paper states boldly that “unprotected communication becomes a …

Facebook has paid $4.3m to bug-hunters since 2011

Facebook security engineer Reginaldo Silva says Menlo Park has paid out $4.3m (£3.8m, A$6m) for more than 2,400 vulnerability reports submitted since its bug bounty began in 2011. The payments made under one of the world's most popular bug bounty programmes were sent to more than 800 researchers who sent in a variety of cross- …
Darren Pauli, 15 Feb 2016

Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed

Microsoft's enhanced mitigation toolkit (EMET) has been updated with support for Windows 10, but the company says you don't really need to download it any more. The defence tool is Microsoft's way of re-enforcing Windows versions from Vista to 8.1. Available since 2009, the tool has introduced the latest mitigation techniques …
Darren Pauli, 04 Feb 2016

Cisco drops 11 clock-crashing patches for 46 things, probes 142 more

Cisco has patched 11 remote denial-of-service and network time protocol vulnerabilities spanning at least 46 products and is investigating a further 142 offerings which may be affected. The patch bomb is an ongoing effort to crush the medium-severity CVEs that can allow unauthenticated attackers to mess with NTP servers …
Darren Pauli, 29 Jan 2016

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
Team Register, 14 Jan 2016

$30 webcam spun into persistent network backdoor

Vectra Networks security wonks have spun a cheap webcam into a backdoor to persistently p0wn PCs. The junk hacking expedition led Vectra's chief security chap Gunter Ollman into the internals of the D-Link DCS 930L, a network camera that can be had for US$30. The attacks are useful as an alternative backdoor for targeted …
Darren Pauli, 13 Jan 2016