Richard Chirgwin

Contact Mail Follow Twitter RSS feed

SpaceX gives free ride to replacement for Facebook's fried satellite

Spacecom and SpaceX have settled their differences over a burned satellite. The Israeli company has once again signed Elon Musk's company for launch services. Spacecom has told the Tel Aviv Stock Exchange it expects to use SpaceX for a launch in 2019, and possibly a further launch in 2020. Their relationship looked doomed …

US-CERT study predicts machine learning, transport systems to become security risks

The Carnegie-Mellon University's Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. That advice comes in the institute's third Emerging Technology Domains Risk Survey, a project it has handled for the US Department of …
shutterstock_300234617-signal

CableLabs, Cisco working on LTE-over-DOCSIS

+COMMENT Cisco and CableLabs have put their heads together in the hope they can convince mobile network operators that with a bit of unicorn-dust, DOCSIS networks can support the LTE small-cell rollout. Switchzilla's John Chapman blogs that “When small cells are deployed deep into the mobile network, DOCSIS will already be there. …
Shutterstock: insects in museum display

Be my guest, be my guest, at a hypervisor hacking fest

The Xen Project has posted advisories and patches for seven bugs, most of which let guests run denial-of-service (DoS) attacks on hosts. CVE-2017-15592 means “A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a DoS affecting the entire host, or cause hypervisor memory corruption.” Privilege escalation …
Detail of A10 cannon, Shutterstock

Oracle Hospitality apps rolled out the Big Red carpet to crims

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day! Oracle opens its bulletin with news that it "... continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes." "In some instances, it has …

IRS tax bods tell Americans to chill out about Equifax

The United States Internal Revenue Service has said that citizens affected by the Equifax breach need not panic, because it probably didn't reveal anything that hasn't already been stolen and the agency has tooled up to deal with fraudulent tax claims. Commissioner John Koskinen, discussing whether the breach would interfere …
Hipster pizza guy photo via Shutterstock

Domino's Pizza delivers user details to spammers

Domino's Pizza's Australian outpost has blamed a partner for a security breach, after angry customers went online complaining about finding themselves on spam lists. The company owned up to the breach after Redditor “Pinchie McPinch” complained about receiving e-mails from “Sarah” and “Jess”. What tipped Pinchie that the data …
Man peers into fridge with odd look on his face. Photo by shutterstock

Australia's IoT security rating might work, if done right

INTERVIEW As Vulture South reported Monday, Australia's government hopes to have consumer Internet of Things products given security “star ratings” of some kind, so consumers know what they're buying. The notion seems problematic: for example, what does a five-star security rating on a security camera mean, if it's attached to a router …
Money explosion photo via Shutterstock

Crypto-coin miners caught toiling away in hacked cloud boxes

Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining. Security outfit RedLock's security trends report [PDF], out this month, said developers and organizations are not securing their AWS, Azure and Google Cloud Platform systems, allowing miscreants to hijack them to steal …
Enceladus in Google Maps

Google adds planets and moons to Maps, but puts bits in the wrong places

Can't tell the difference between a photo of your partner and one of your pet? Good news, Google can now automatically sort photos of animals from pics of people. In this pun-peppered post (“oppawtunity”? “pawesome movie”? Save us) explains that instead of asking Google Photos for “dog” or “cat”, the software will now do the …

Australian senator Pauline Hanson wants devilish scam calls to flash '666'

An Australian senator has come up with a cunning plan to stop phone scammers: any call from an unregistered VoIP line should show the caller's number as “666”. Senator Pauline Hanson detailed the idea in a letter to communications minister Mitch Fifield, as part of a government review into dealing with scams. On Facebook, she …

Russia tweaks Telegram with tiny fine for decryption denial

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia's FSB's demand that it help decrypt user messages. The fine translates to just under US$14,000, making it less of a serious punishment and more a shot across the bows. However, it does seem to entrench the principle that the Federal Security …
finger pointing

Review pins blame for Medicare ID breach on you. All of you

Comment The Australian government's review of an incident that saw health care customer numbers offered for sale on a Tor “darknet” site has recommended retaining the numbers as acceptable proof of identity. Australian adults are all issued a "Medicare card" entitling them to government-funded healthcare. The cards bear the unique …
Eindhoven's winning solar Cruiser

Storms blow away 2017 Solar Challenge field

The Reg didn't physically follow this year's Solar Challenge, the biennial solar car race across Australia's dead, red heart. But we did observe this year's event, in which unfavourable weather meant this year's field didn't even get the chance to set speed records. Winning team Nuon Solar from the Netherlands managed an …
Car stolen - Shutterstock

'Open sesame'... Subaru key fobs vulnerable, says engineer

A Dutch electronics engineer reckons Japanese auto-maker Subaru isn't acting on a key-fob cloning vulnerability he discovered. Tom Wimmenhove claims to have discovered that Subaru's electronic keys don't use a random number. The “rolling code” instead merely increments codes. Wimmenhove says he's built a cloning device ( …

'Cyber kangaroo' ratings for IoT security? Jump to it, says Australia's cyber security minister

Australia's government hopes that somewhere in the world, a vendor of consumer-grade connected electronics is willing to admit it's rubbish at security by giving itself a low score in a proposed safety rating system. The idea of security ratings for internet things emerged during last year's 360° Cyber Security Game, co-hosted …
Smart oven

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections. The authors of the paper have everything ready except the details of their disclosure: acceptance …
Headphones too loud

Sounds painful: Audio code bug lets users, apps get root on Linux

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it …
Intel's 17-qubit quantum chip

Look! Over there! Intel's cooked a 17-qubit chip quantum package

Intel reckons it's stolen a base in the race to build quantum chippery, by shipping a cryogenically-cooled 17-qubit chip to Netherlands-based QuTech. QuTech is Chipzilla's quantum research partner – QuZilla, so to speak. Regular readers of spooky-action-stories will know a qubit is a fragile creature, losing data if there's …
Visualisation of Haumea's rings

Someone liked dwarf planet Haumea so much they put a ring on it

VIDEO Back in January, a Spanish-led group of astroboffins turned telescopes skywards to watch an occultation of dwarf planet Haumea, and got a surprise. With the analysis in, it turns out the space rock that circles the sun beyond Pluto has a ring – the first planet discovered beyond Neptune to sport such cosmic jewellery. The …
Shutterstock door knocker

Swiss banking software has Swiss cheese security, says Rapid7

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …
Don't be an idiot

Oz military megahack: When crappy defence contractor cybersecurity 'isn't uncommon', surely alarm bells ring?

While Australia's federal government scrambles to hose down a hacking incident, it's important to ask why a defence contractor of any size could run a network so insecure it exposed default administrative interfaces to the Internet. An Australian Signals Directorate (ASD) presentation to the Australian Information Security …
2012 TC4 - NASA impression

NASA readies its asteroid warning system for harmless flyby

With asteroid 2012 TC4 about to pass between Earth and the moon, NASA is gearing up for its much-anticipated live test of its warning system. Back in July, the approaching rock caused a brief flurry of speculation that an impact was imminent, before the European Space Agency issued a “calm down” statement. With error bars …
handshake_648

Qualcomm offers concessions to secure NXP Semi takeover

Qualcomm is hoping it can cut a deal with the European Union to get the go-ahead for its multi-billion NXP Semiconductors acquisition. The European Commission page tracking progress in the acquisition says the vendor filed commitments on October 5, but doesn't detail what the company is offering. The filing was enough to set …
FACEPALM

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution. In short, software writers and other nerds: the math behind modern cryptography is trumped by the Fourth …

Biting the hand that feeds IT © 1998–2017