Articles about Wonks

Critical remote code execution holes reported in Drupal modules

Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites. The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the …
Darren Pauli, 14 Jul 2016

Hacker bites Datadog, finds hard-to-chew bcrypt passwords

Software as a service monitoring platform Datadog, used by the likes of Facebook, Salesforce, and Citrix, has been breached and therefore suggested strongly that customers reset their passwords. The company says attackers hit multiple servers Friday including production servers, and a database of user credentials. Other …
Darren Pauli, 11 Jul 2016
Image by Anastasia Omelyanenko http://www.shutterstock.com/fr/pic-436311205/stock-photo-mashmellow-and-lollipop.html?src=EXWdanl3s89L0aXGAQTtcQ-1-62

Cafe killer remote code execution affects 140 million MIUI Androids

The most popular stock and third-party Android ROM – used by 170 million people – contains a dangerous since-patched remote code execution hole that could hand attackers total control of handsets. The flaw, found by IBM X-Force researcher David Kaplan (@depletionmode), now of Microsoft, exists in MIUI (pronounced Me, You, I) …
Darren Pauli, 07 Jul 2016

One in 200 enterprise handsets is infected

If your enterprise has 200 mobile devices at least one is infected, so says security firm Skycure The Palto Alto firm has uncovered previous nasty Apple bugs, including the No iOS Zone flaw reported by El Reg last year. All told about three percent of the locked-down vanilla Cupertino devices are infected, the company says in …
Darren Pauli, 04 Jul 2016

No watershed: China hacker groups in decline before Xi-Obama deal

The US-China pledge to put an end to state-backed intellectual property theft was made when Middle Kingdom hacking groups had been receding for more than a year, researchers say. Presidents Barack Obama and Xi Jinping agreed September to not "conduct or knowingly support cyber-enabled theft of intellectual property" in a move …
Darren Pauli, 21 Jun 2016

CryptXXX ransomware improves security, GUI, slurps Cisco creds

Net scum behind the ransomware upstart CryptXXX have parried white hat attacks and released a new and as-yet-uncracked malware variant that can encrypt network shares, and steal account logins. The changes CryptXXX, already the most widely-used ransomware, the most dangerous such tool. The modular malware menace uses StillerX …
Darren Pauli, 06 Jun 2016

'UnaPhone' promises Android privacy by binning Google Play

A custom Android phone is being pitched to security and privacy pundits promising to deliver by goring Google services, preventing app installation, and deploying end-to-end encryption. The US$540(£374, A$745) UnaPhone sports a custom Android Marshmallow operating system that has been stripped of "invasive" Google services to …
Darren Pauli, 03 Jun 2016

Is a $14,000 phone really the price of privacy?

A US$14,000 (£9,706, or A$19,352) Android phone has been launched pitching 'military-grade encryption' at privacy-conscious executives. Little information can be found on the Solarin handset's specific security chops other than it will use "chip-to-chip 256-bit AES encryption" for phone calls. That technology is built by …
Darren Pauli, 02 Jun 2016

DDOS-as-a-service offered for just five dollars

Freelancer-finding site Fiverr has booted out users offering distributed denial of service attack for-hire groups for as low as US$5. Fiverr is a service that connects buyers with professionals like designers and developers, many of whom offer their services for not much more than the price of a beer. Incapsula security wonks …
Darren Pauli, 26 May 2016

Google security man reveals Allo will encrypt chats - sometimes.

Security industry types and leaker Edward Snowden have rubbished new Google instant messenger app Allo after its lead product engineer revealed it would not run end-to-end encryption by default. The text-based messaging service launched at Google's I/O 2016 gabfest last week is linked to phone numbers and sports Chrome's porn …
Darren Pauli, 24 May 2016
Image by Dr Flash http://www.shutterstock.com/gallery-182053p1.html

Japan on Olympic hacking mission to test utilities, trains, telcos

Japan will from next year conduct mock hacking exercises with governments including the United States and private sector organisations ahead of the 2020 Olympic games. The effort will be run out of a new penetration testing arm to be created in 2017 charged with identifying vulnerabilities in physical control systems that …
Darren Pauli, 20 May 2016

Cryptxxx shipwrecked: Laughing white hats shred latest ransomware

Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace. The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware …
Darren Pauli, 18 May 2016
St Petersburg Russia

Work begins on Russian rival to Android

A Russian company called Open Mobile Platform (Открытая Мобильная Платформа) is developing its own mobile operating system to rival Android. Communications Minister Nikolai Nikiforov tweeted a link to job ads seeking developers, infrastructure architects, testers and security types. Российский центр разработки новой мобильной …
Darren Pauli, 16 May 2016
Image by Danomyte http://www.shutterstock.com/gallery-256714p1.html

Six-year-old patched Stuxnet hole still the web's biggest killer

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer …
Darren Pauli, 09 May 2016

Steelie Neelie Kroes joins Uber as competition advisor

Controversial taxi app biz Uber has appointed former EU competition and telecoms regulator "Steelie" Neelie Kroes to advise it on, er, competition and regulation. No doubt Kroes' wealth of knowledge of the EU's reams of red tape will help the biz navigate the very regulators Uber has repeatedly butted heads with in the …
Kat Hall, 05 May 2016
Man shouting the news from a rolled up newspaper

Locky locks down

Ransomware scum have deployed PGP to block researchers. Authors of the hugely prolific and as-yet unbroken Locky ransomware are using Pretty Good Privacy encryption to stop white hats peering into the communications traffic between victims and fleecers. It means statistics on the number of infections will be harder to clean …
Team Register, 04 May 2016
SuperTim's bacon bounty sarnie

MIT launches campus lunch bug bounty

The Massachusetts Institute of Technology has joined the growing number of large organisations and agencies to offer a bug bounty. The program is in an experimental phase and is open to current MIT students and affiliates, and includes a limited number of domains. Those submitting severe bugs will have money dropped into MIT …
Darren Pauli, 26 Apr 2016
Toilet roll printed with fake US $100 bills

Hacked-corporate-email-as-a-service costs just US$500 a seat!

Want to read a business rival's email? Dell wonks say hacked-corporate-email-as-a-service operators can deliver for just US$500. That low, low, price is offered by one accomplished hacker on a popular cyber crime forum and detailed in a Secure Works report on the cost of hacking services. The hacker charges less for raiding …
Darren Pauli, 06 Apr 2016
By Bob Bob - https://flic.kr/p/914kty

UK Home Office seeks secret settlements over unlawful DNA retention

Exclusive The UK Home Office is trying to keep secret three out-of-court settlements with claimants who allege the police unlawfully retained their biometric details. Problems affecting Blighty's ageing Police National Computer (PNC) are an open secret. Yet the Home Office's reaction to allegations of impropriety – to treat them as …

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 04 Apr 2016
Hyper Media Shop by https://www.flickr.com/photos/rka/ CC 2.0 attribution generic https://creativecommons.org/licenses/by/2.0/

Disaggregated hyper-convergence thinks storage outside the box

If you thought hyper-convergence is all about putting everything in one box, think again: some users are now asking for disaggregated hyper-convergence that sees the storage put back out on the network. So says Michael Hay, Hitachi Data Systems' (HDS') veep and chief engineer, who tells The Register he's seeing customers who …
Simon Sharwood, 24 Mar 2016
Array in a rack. Image via Shutterstock

Lenovo's enterprise power-up could be powering you down

The question Lenovo's asked most often is how to address heating, cooling and power requirements in the data centre and the company is thinking about how to get better at managing these concerns. So says John Donovan, Lenovo's executive director for enterprise product management, who today artfully avoided telling The Register …
Simon Sharwood, 18 Mar 2016

Blah Blah blah ... I don't care! To hell with your tech marketing bull

Sysadmin blog Last week was the hardest time in recent memory for me. My best friend of over a decade, a feline companion by the name of Prometheus, has just passed away. While such a personal event might not seem relevant to things technological, it has served as something of a focusing effect for me. Trying to think through the haze of …
Trevor Pott, 07 Mar 2016

Cisco stitches default root creds for switches

Cisco has slung patches at its Nexus 3000 and 3500 switches to shutter a default remotely-accessible administrative account. The critical bug (CVE-2016-1329) grant attackers root access, according to Cisco security wonks. Admins can shut off Telnet as a workaround in place of the patch. "[The vulnerability] could allow an …
Darren Pauli, 03 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016

Hackers use Microsoft security tool to pwn Microsoft security tool

FireEye security wonks Abdulellah Alsaheel and Raghav Pande have twisted the barrels of Microsoft's lauded EMET Windows defense gun 180 degrees and fired. Or in other words, they've found a way to disable Redmond's Enhanced Mitigation Experience Toolkit using the Enhanced Mitigation Experience Toolkit. EMET injects anti- …
Darren Pauli, 24 Feb 2016

Backdoors are bad, Euro security wonks ENISA tell governments

The European Agency for Network and Information Security (ENISA) has weighed into the cryptography debate, warning that crimping cryptography will “create vulnerabilities that can in turn be used by criminals and terrorists”. Its January-dated but just-released paper states boldly that “unprotected communication becomes a …

Facebook has paid $4.3m to bug-hunters since 2011

Facebook security engineer Reginaldo Silva says Menlo Park has paid out $4.3m (£3.8m, A$6m) for more than 2,400 vulnerability reports submitted since its bug bounty began in 2011. The payments made under one of the world's most popular bug bounty programmes were sent to more than 800 researchers who sent in a variety of cross- …
Darren Pauli, 15 Feb 2016

Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed

Microsoft's enhanced mitigation toolkit (EMET) has been updated with support for Windows 10, but the company says you don't really need to download it any more. The defence tool is Microsoft's way of re-enforcing Windows versions from Vista to 8.1. Available since 2009, the tool has introduced the latest mitigation techniques …
Darren Pauli, 04 Feb 2016

Cisco drops 11 clock-crashing patches for 46 things, probes 142 more

Cisco has patched 11 remote denial-of-service and network time protocol vulnerabilities spanning at least 46 products and is investigating a further 142 offerings which may be affected. The patch bomb is an ongoing effort to crush the medium-severity CVEs that can allow unauthenticated attackers to mess with NTP servers …
Darren Pauli, 29 Jan 2016

Cloud Security Alliance says infosec wonks would pay $1m ransoms

Some companies will pay hackers up to US$1 million in ransoms to claw back stolen data according to a poll by the Cloud Security Alliance. The survey garnered 209 respondents of which half were in IT security and a third from tech with most hailing from companies with up to 1000 staff and a quarter from large enterprises with …
Team Register, 14 Jan 2016

$30 webcam spun into persistent network backdoor

Vectra Networks security wonks have spun a cheap webcam into a backdoor to persistently p0wn PCs. The junk hacking expedition led Vectra's chief security chap Gunter Ollman into the internals of the D-Link DCS 930L, a network camera that can be had for US$30. The attacks are useful as an alternative backdoor for targeted …
Darren Pauli, 13 Jan 2016

Drupal uncrosses fingers, promises secured patching

Drupal is switching to secured channels for updating its content management system, after IOActive security bod Fernando Arnaboldi reported it sought patches in the clear. More than a million sites use the popular content management system, making it a significant target for hackers. The vulnerabilities are not earth- …
Darren Pauli, 12 Jan 2016

Call of Duty terror jabber just mindless banter

Video Eye-watering claims that video games are secure communications hubs for terrorists have been shot down in a demonstration by security wonks who tested claims nation-states could not intercept chatter and that messages can be written in bullet holes. Playstation 4 was last year fingered as a favourite communciations channel for …
Darren Pauli, 08 Jan 2016

Bash, smash, trash Flash – earn $100k cash

Hackers can score US$100,000 from exploit arbitrage outfit Zerodium if they bypass Adobe's latest Flash heap isolation defence. Hackers will have to craft an exploit that escapes the sandbox to hit the jackpot, because that's more complex than a non-sandbox break which attracts a $65,000 reward. It comes less than a month …
Darren Pauli, 06 Jan 2016
Onions

Tor launches invite-only exploit bug bounty

Tor will this year investigate an exploit bug bounty paying researchers cash for flaws, lead developer Mike Perry says. The HackerOne invite-only scheme is expected to be opened to the public after Tor finds its feet handling disclosures. Bug bounties are a booming initiative under which tens of thousands of dollars are being …
Darren Pauli, 05 Jan 2016

Let's shut down the internet: Republicans vacate their mind bowels

Ever since Senator Ted Stevens famously referred to the internet as a "series of tubes" in 2006, we have became sadly accustomed to the fact that legislators have little or no understanding of how the internet actually works. Despite the determined efforts of many internet policy wonks in the past decade, that dangerous level …
Kieren McCarthy, 16 Dec 2015

Mozilla looses Firefox 43, including Windows 64-bit variant

Mozilla has released version 43 of its Firefox web browser, introducing a 64-bit version for Windows and crushing four critical and seven serious vulnerabilities. The browser should now enjoy the security and performance boosts of 64-bit systems with fatter heap sizes to help fire up things like browser games and better …
Darren Pauli, 16 Dec 2015

Facebook arrives at commonsense 'real names' policy

Facebook has announced a revised, and some would say commonsense, version of its "real names" policy that introduces a little grey into its previous black-and-white efforts. Having taken six months to come up with a solution, the social media giant has outlined what most policy wonks would have written on a paper napkin within …
Kieren McCarthy, 15 Dec 2015

Cisco starts spewing vuln info everywhere, in a good way

Security folk will be able to suck down Cisco vulnerabilities notices in more ways than ever thanks to a new application programming interface launched today. The Cisco security team's (PSIRT) openvuln plug is a RESTful API supporting standards like Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and …
Darren Pauli, 15 Dec 2015

Sydney quantum computing wonks get $36M to build god box

Aussie physicists have scored AU$36 million to advance their work on the world's first silicon-based quantum computer. The University of New South Wales wonks scored $26 million over five years from the nation's Federal Government and an in-principle commitment of anotehr $10 million from the Commonwealth Bank to push ahead …
Darren Pauli, 08 Dec 2015
Emu by Kelly Sikkema on Flickr

ONOS Foundation takes SDN to carrier-scale with Emu release

With twelve months of version iterations behind it, the ONOS Foundation is now declaring itself ready for carrier-scale deployment, following the release of its Emu version. Speaking to The Register ahead of the launch, ON.Lab VP of engineering Bill Snow said features in Emu like Open Network Function Virtualisation (OPNFV) …

Thanks for playing: New Linux ransomware decrypted, pwns itself

Ransomware targeting Linux servers has been thwarted by hard working security boffins, with help from the software itself, mere days after its existence was made public. The Linux.Encoder.1 ransomware seeks Linux systems to encrypt and like others of its ilk demands owners pay BitCoins to have files decrypted. But the first …
Darren Pauli, 12 Nov 2015
Onions

Tor Messenger beta debuts, promises unlogged Jabber for all

The Tor Project has launched what some say is the easiest-to-use encrypted chat tool for the truely paranoid. The beta version of Tor Messenger, which routes conversations through the global Tor network, is the culmination of about two years work and follows the launch of an Alpha version last February. Tor Messenger is …
Darren Pauli, 30 Oct 2015
Collection of antique keys

Cyber cop: Snoopers' Charter tag is offensive. Maybe we need a 'yes to snooping' tickbox?

Parliament & Internet Conf '15 A Scotland Yard cyber cop argued today that adding a tick box to online services could help the police respond faster to online crime and deal with the challenge of end-to-end encryption. DCI Andrew Gould, deputy head of the Met's cyber crime and fraud team (FALCON), reiterated the well-worn line about a loss of capabilities …
Kelly Fiveash, 29 Oct 2015
Point Break still of the ex-Presidents

Oi, ICANN! Get to the bottom of this bottom-up process, haul ass – ex-Prez advisor

Internet oversight body ICANN received a second kick to the buttocks on Saturday morning – this time from erstwhile US presidential advisor Ira Magaziner. Just a day after Assistant Commerce Secretary Larry Strickling told a room of internet policy wonks that they needed to get a move on or risk undermining the process to …
Kieren McCarthy, 26 Sep 2015
NASA's design guide from 1976

NASA reveals secret 1970s SPACE PANTS

NASA has released its graphics manual from 1976. The manual (PDF) explains how the agency's logo, typeface and other visual identifiers are to be used. NASA's administrator of the time, Richard H, Truly, writes in his introduction that the manual is no mere document for style wonks but ““a new tool to enhance and symbolize …
Simon Sharwood, 10 Sep 2015

Net neutrality: How to spot an arts graduate in a tech debate

Analysis Arts and humanities graduates are schooled for years in metaphor and analogy - and these are very useful skills for understanding the world. But what happens when an approach based on metaphor and analogy meets hard science and engineering reality? And what happens when the chosen metaphor doesn't fit? While you can choose …
Andrew Orlowski, 25 Aug 2015

Five-star Flash phish filched from Hacking Team targets bigwigs

The DarkHotel global advanced threat actor group is targeting suit-wearing types with an old-school HTML application stuffed with the Adobe Flash exploit borrowed from stolen Hacking Team data. The flaws were quickly patched after the Hacking Team goring in July, but DarkHotel appears to have started targeting the exploits …
Darren Pauli, 11 Aug 2015
Cell tower, view from below. Image by Shutterstock.com

Microsoft open-sources Sora software-defined radio

Microsoft has decided to open-source its six-year-old Sora software radio project. As Redmond's Jane Ma explained at Technet, Sora has been designed to replicate the behaviour of specialised ASICs on a PC. Its focus is on the PHY and MAC layers. ASIC design is expensive and inflexible, so software platforms are attractive to …