Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Tommy Lee Jones delivers implied facepalm. From No Country for Old Men  Copyright Miramax Pictures. 2007.

Microsoft recommends you ignore Microsoft-recommended update

Earlier this month, Microsoft gave the world .NET Framework 4.7 and urged users to install it for the usual reasons: more fun bits to play with and a security improvements. But two days later the company urged Exchange users not to install it ASAP, because it hadn't validated it yet. Last Friday - 10 days after the launch of …
Exploding Kitten Goal Cartoon

Intel's Skylake and Kaby Lake CPUs have nasty microcode bug

During April and May, Intel started updating processor documentation with a new errata note, and over the weekend we learned why: Skylake and Kaby Lake silicon has a microcode bug. The errata is described in detail on the Debian mailing list, and affects Skylake and Kaby Lake Intel Core processors (in desktop, high-end desktop …

WannaCrypt blamed for speed camera re-boot frenzy, despite lack of ransom debands

A contractor in the Australian State of Victoria has managed to infect an unknown number of speed cameras with a virus, over sneakernet. Details aren't so much sketchy as they are confused: the virus has been identified as WannaCrypt, but the government's been told it infected both Linux and Windows-based cameras; there was no …
Cisco logo falling off Cisco building

Yes, this is our third Cisco story of the day. It's about 23 bugs you need to fix, stat

We all know the only thing more fun than a WebEx conference is a recorded WebEx conference, which is why WebEx Network Recording Player exists – and if you use it, you need to patch it. Switchzilla's 23-patch Wednesday Whack-a-Mole includes fixes for multiple buffer overrun WebEx vulnerabilities. The WebEx vulns can be …

Cisco's 'encrypted traffic fingerprinting' turned into a product

Cisco has turned research published nearly a year ago into a product it hopes will protect enterprises against malware hidden in encrypted traffic. As The Register reported in July 2016, a group of Cisco researchers have been working on how to spot dangers entering networks through TLS. Since you can't see inside encrypted …

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns

OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on the safe side. The four holes were found by Guido Vranken, who took a …
Judge gavel, photo via Shutterstock

Arista-cats nearly out of the bag as redesigned products okayed

Arista's long slog back to the shelves in America continues with an initial determination from the International Trade Commission okaying its product redesign. As part of the long-running legal slugfest between Arista and Cisco, the Trade Commission banned the import of Arista products it alleged infringed a Cisco patent. …

Oz senate committee says 'robo-debt' program was 'set up to fail'

Federal Government senators have rejected a Senate report that describes its “robo-debt” program as “set up to fail”. The inquiry was set up by the Labor opposition with the support of The Greens, and its report was tabled in the Senate last night. The government began to automate the process of determining overpayments last …
Black hole - spaghetti visualisation. Artist's impression.  NASA/JPL-Caltech, CC BY-SA

Melbourne Uni hoping to hoist tiny telescope to look at BIG explosions

A couple of years after it was first conceived, a Melbourne University-led infrared astronomy cubesat proposal called SkyHopper is gathering momentum. Vulture South found itself intrigued by a simple question, which we found time to put to one of the project's founders, astrophysicist Dr Katie Mack: what useful astronomy can …
Unlocked padlock

NSA had NFI about opsec: 2016 audit found laughably bad security

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws. It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector …
A Ransom Note

South Korean hosting co. pays $1m ransom to end eight-day outage

A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare. Nayana first announced the attack on June 10, saying customer video files and its database had been encrypted, and promising to work to recover the data. More than 150 servers were hit …
Bouncer icon

Juniper puts an Enforcer on the door and adds Cisco to the guest list

Juniper Networks has announced an upgrade to its Software Defined Secure Networks (SDSN) platform, and among other things it's added cross-platform capabilities. The Gin-fuelled networking company has decided that its sworn enemy and nemesis, Cisco Systems, might conceivably have kit in its customers' sites, so its policy …
Parliament House Canberra icon

Australian Dept Defence pulling kit out of China-owned Global Switch

Paranoia will set the Australian government back AU$200 million between now and 2020, with the country's defence department deciding Chinese part-ownership of data hotel Global Switch represents a security risk. Global Switch is one of many companies with a place on the Federal government's data centre panel, and has operated …
drawing of live cat and cat skeleton

Israel gets spooky with national quantum lab

Israel has entered the quantum communications arms race, announcing it's going to build a national demonstrator for “spooky” communications. Don't get too excited: the network isn't going to protect ordinary punters' communications yet. The NIS 7.5 million (US$2.13 million) project is an academic demonstrator to be built at …
A skull atop money

It's 2017, and UPnP is helping black-hats run banking malware

Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet. McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug'n'Play (UPnP) to open ports through home …
Man looking up spiral staircase inside deltalis mountain data centre

Internet boffins take aim at BGP route leaks

One of the most persistent bugs in internet infrastructure, route leaks in the border gateway protocol (BGP), is in the sights of a group of 'net boffins with their new Internet-Draft. BGP's one of the internet's persistent trouble-spots: ineradicable because it's ubiquitous, it's vulnerable because it's ancient, a relic of a …
OpenBSD logo

That's random: OpenBSD adds more kernel security

OpenBSD has a new security feature designed to harden it against kernel-level buffer overruns, the "KARL" (kernel address randomised link). The changes are described in this note to an OpenBSD developer list penned by founder and lead developer Theo de Raadt. The idea is to randomise how the kernel loads, so that kernel …

Backdoor backlash: European Parliament wants better privacy

A committee of the European Parliament is pushing back against the anti-encryption sentiment infesting governments around the world, with a report saying citizens need more protection, not less. In a draft report that landed last week, the parliament's Committee on Civil Liberties, Justice and Home Affairs says data protection …
A tortoise catches an orange frisbee. Photo by Shutterstock

Wanted: broadband crash-test dummies for ACCC's speed tests

Having beaten off opposition from carriers and ISPs, Australia's Competition and Consumer Commission has kicked off its broadband speed monitoring program. The project, which is supported by nbn™, needs household volunteers – 2,000 of them this year, to begin with. Those volunteers will have a hardware device installed to act …

RSA SecurID admin console can issue emergency access to decent social engineers

Stop us if you've heard this one: an emergency access feature offered by RSA for SecurID token customers isn't completely secure. That's the opinion of pentest outfit Netspi, whose Alexander Leary worked out how to abuse the SecurID Emergency Access Tokencodes (EAT). The use-once codes are intended to provide a temporary …

Small carriers aren't showing up to IPv6 standards chats, consultant warns

Smaller ISPs are dealing themselves out of discussions about the inevitable transition to IPv6, a Spanish consultant warns, and could find their future defined by large telcos. Frustrated at their indifference, Jordi Palet Martinez of Consulintel has appealed for just a bit more enthusiasm (and participation) from ISPs in IPv6 …

It's 2017 and someone's probably still using WINS naming. If so, stop

Sysadmins should already have purged WINS from their Microsoft Windows Server environments – but if they haven't, there's a new reason to take it for one last walk out behind the shed. Fortinet's Honggang Ren says a WINS Server remote memory corruption vulnerability in the MS-proprietary name server isn't going to get fixed, …
Oops icon

Researcher says fixes to Windows Defender's engine incomplete

In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done. James Lee, who has presented at conferences like Zer0con, has contacted The Register to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the …
Nokia's FP4 silicon

Nokia snatches clump of 16nm FinFETs, crafts 576 Tbps monster router

The router market might be in the doldrums, but that hasn't stopped Nokia spending big on drive silicon to drive its latest operator-scale router iron. At the heart of the company's just-announced 7950 Extensible Routing System XC is a packet processor, the FP4, that Nokia reckons can sail along at 2.4 Tbps. To get there, the …
Vulnerability

Buggy devices and lazy operators make VoLTE a security nightmare

Voice over LTE leaks like a sieve, because nobody's paying attention to the details. That's the conclusion in a paper (PDF) presented to the Symposium on Information and Communications Technology Security in Rennes, France last week. The researchers, from Priority 1 Security, warn the vulnerabilities could affect any of the …

Biting the hand that feeds IT © 1998–2017