Richard Chirgwin

Contact Mail Follow Twitter RSS feed

Microsoft open-sources UI Recorder tool for Windows 10 developers

Microsoft has given Windows developers a helping hand by releasing a new UI recorder. Fresh up on GitHub, "WinAppDriver UI Recorder" is described by Microsoft's Hassan Uraizee as helping users “easily create automated UI tests”. For developers using WinAppDriver, Microsoft already offers a tool called “Inspect”, which allows …
Fabric bolts photo via Shutterstock

Cisco passes around antidotes to noxious NX-OS code execution bugs

Get your ticket to the Cisco catwalk, sysadmins, and watch Switchzilla strut 24 FXOS and NX-OS software security advisories. Five advisories in the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection are dressed in a luscious, Critical-rated red, while the remaining 19 merely hit the High. Four of the …
Peace in our time?

Mellanox flushes three directors at behest of activist investor

Mellanox has come to terms with the activist investor that's been stalking the company since 2017. The battle began last November, when Starboard Value bought into Mellanox and agitated for change, claiming there was a “growing disparity between [Mellanox's] margins, growth, and stock price performance compared to its peer …
PayPal logo and credit cards

PayPal reminds users: TLS 1.2 and HTTP/1.1 are no longer optional

PayPal has reminded merchants that they must support TLS 1.2 and HTTP/1.1 by June 30. The reason? That's the date the PCI Council mandated for those standards to come into effect. In this notice, PayPal warns: “You will need to verify that your environment supports TLS 1.2 and HTTP/1.1 and if necessary make appropriate …

Telstra reveals radical restructure plan

Australia's dominant telco, Telstra, will cut 8,000 jobs, flatten its structure by slicing up to four layers of management, turn 1,800 consumer products into 20 (with a similar reduction in the number of enterprise products later), and put its infrastructure into a separate division that could be sold off in the future. …
Sigspoof logo by Marcus Brinkmann

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG's signature …
Burning 5G against dark background

And that is definitively that ... for now. 5G's carrier features frozen

Meta-standards group the 3rd Generation Partnership Project (3GPP) last week rubber-stamped the first "frozen" 5G standards. A plenary in the USA saw around 600 delegates approve 5G Release 15, which gives operators the first phase of standardisation for the mobile standard. The 3GPP working groups involved in completing …
Finland flag

♬ Finland, Finland, Finland, the country for new cloud DCs ♬

Suomeen sovellusten kehittämistä ... sorry, let's have that in English: Google has opened its sixteenth cloud region, taking the Google Cloud Platform to the Nordic region via a data centre in Finland. The company first promised the Finnish region in January 2018. From a connectivity point of view, the Land of the Thousand …

It's time for TLS 1.0 and 1.1 to die (die, die)

As TLS 1.3 inches towards publication into the Internet Engineering Task Force's RFC series, it's a surprise to realise that there are still lingering instances of TLS 1.0 and TLS 1.1. The now-ancient versions of Transport Layer Security (dating from 1999 and 2006 respectively) are nearly gone, but stubborn enough that Dell …
Door to the cloud.... (stairs leading up to it)

Google cuts price of cloudy interconnects from partners

Google has formally launched its Partner Interconnect product, priced for customers too small to afford 10 Gbps interconnect links. Google Cloud Partner Interconnect connects organisations who don't have access to a Google Cloud Platform peering location, or who have a service provider they want to use for connectivity. …
Rat sillhouettes - Shutterstock

US-CERT warns of more North Korean malware

The United States Department of Homeland Security's Computer Emergency Response Team (US-CERT) has warned against another malware campaign it says originates from North Korea. In its advisory, US-CERT said the “Typeframe” malware “includes malware descriptions related to HIDDEN COBRA”, the tag applied to a North Korean hacking …
Bomb on PC screen

FACE/OFF: Australian Criminal Intelligence Commission bins NEC-built biometrics project

The Australian Criminal Intelligence Commission (ACIC) has unplugged a biometric identification project. The ACIC cited project delays as the reason it's terminated its contract with NEC Australia. NEC won the contract in 2016 from the ACIC's predecessor organisation, CrimTrac, and it was supposed to be operational in 2017, …
Snacks

Do NetAdmins like snacks? Asking cos here's a dish of tasty network news nibbles

Roundup Be nimble, be QUIC: Google's added secured load balancing support to its QUIC protocol. The Chocolate Factory created QUIC as a way to speed up Web connections by reducing the number of round trips for connection setup and using UDP instead of TCP, but it's seen only limited adoption outside Google's own infrastructure. In …
CSIRO's Australia Telescope Compact Array

Astroboffins 'sprinkle iron filings' over remnant supernova

How to measure a magnetic field that's very long way away, and is very, very weak. An international group of boffins have announced that they figured out how. The magnetic field in question belongs to a distant supernova remnant, Supernova 1987A, 168,000 light years from Earth. While the supernova exploded in 1987, its …
Oracle OpenWorld/JavaOne

Oracle launches its very own 'net threat map

Eighteen months after acquiring Internet infrastructure outfit Dyn, Oracle has unveiled some of the smarts it bought in the form of an "Internet Intelligence Map". Explaining the launch, Oracle's Director of Internet Analysis Doug Madory wrote “a self-serve capability for some of the insights we produce is a great way to move …
Drag racer wheelspin

Trump's ZTE deal challenged by Senate

United States senators have mobilised against president Trump's plan to allow ZTE to resume dealings with American companies. The ban that brought the Chinese vendor to its knees was reversed by US president Donald Trump as a favour to Chinese president Xi Jinping. Left out of that equation, however, is the position of US …

Kepler finds three Earth-sized exoplanets, but they're too hot to handle

Astro-boffins poring over data from Kepler's K2 mission have spotted two new solar systems, one of them sporting three planets roughly the same size as Earth. The bad news is that all the latest discoveries are likely too hot for us, with temperatures between 100°C and 327°C. Announcing the results in a paper in the Monthly …
China keyboard, image via Shutterstock

Australia, Solomon Islands to ink Huawei-free cable contract today

Australia and the Solomon Islands will today ink a contract blocking Huawei from building the island nation's new submarine cable. The 4,000 km cable will connect the Solomon Islands to Papua New Guinea and then to Australia. Huawei won a contract to build the cable in 2016, which so irritated Australia that its Department of …
Cisco Live keynote 2018 Chuck Robbins screengrab

Cisco CEO Chuck Robbins preaches the cloud, but nothing new

Cisco Live CEO keynotes at big vendors' annual gabfests are evangelical events, and Cisco's Chuck Robbins didn't disappoint on that score as he opened this year's Cisco Live. But if customers expected a big reveal of new products or strategies, they would have come away disappointed. Sure, Robbins name-checked the stars of the Cisco …

GnuPG patched to thwart 'fake filename'

If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mainproc.c mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs. “For example, the OpenPGP data might represent an …
Devuan logo

Devuan ships second stable cut of its systemd-free Linux

Systemd-free Linux distro Devuan has released its stable Version 2.0. The project's last release candidate was released in May, and as you'd hope, not much has changed between then and full release. Because it's written by purists, we should include the full name of the release: it's Devuan GNU+Linux 2.0 ASCII Stable. The …
router

Worst. Birthday. Ever. IPv6's party falls flat

Roundup Last week saw celebration in the IPv6 community this week – not because adoption is finally really taking off, but because, umm, look, something must have happened, right? Well, yes, kind of: in spite of first being authored in 1999, IPv6 lay fallow for more than a decade, even though we all knew the world would run out of …
Gnome two fingers, photo via Shutterstock

GNOMEs beat Microsoft: Git Virtual File System to get a new name

Microsoft is going to rename the Git Virtual File System to eliminate its clash with GNOMErs. The purpose of the Git Virtual File System was laudable: Redmond's developers were sick of taking the afternoon off after typing “git clone” (even “git checkout” could take hours), so they gave GitHub users a workaround. At the time …
VPNFilter logo by Talos

VPNFilter router malware is a lot worse than everyone thought

Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly named by Cisco's Talos Intelligence whose products are being exploited by the VPNFilter malware. As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and sports a “poison pill” to …

Tor-forker Joshua Yabut cuffed for armoured personnel carrier joyride

A cryptocurrency developer, occasional infosec researcher, and National Guardsman has been arrested after joyriding an armoured personnel carrier in what some US news sites are calling a “drug-fuelled rampage”. Joshua Yabut, a Virginian National Guard commander, was arrested after allegedly taking an M577 APC for a ride from …

Biting the hand that feeds IT © 1998–2018