Richard Chirgwin

Contact Mail Follow Twitter RSS feed
Black hole

'Suspicious' BGP event routed big traffic sites through Russia

A Border Gateway Protocol (BGP) routing incident saw a bunch of high-profile Internet destinations mis-routed through Russia on Tuesday, US time. In what BGPMon called a “suspicious” event, “Starting at 04:43 (UTC) 80 prefixes normally announced by organisations such Google, Apple, Facebook, Microsoft, Twitch, NTT …
One per cent

One per cent of all web sites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …
Selection of Australian banknotes

NSW TAFE's IT FAIL was so bad, 100 staff were hired to clean up

New South Wales TAFE's failed IT project will be a millstone around the organisation's neck for years, the state's Auditor-General warned yesterday. Terminated last year, the Learning and Management and Business Reform (LMBR) project has nonetheless managed to reach out of the grave and grab the dollars. The Auditor-General's …
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Juniper squeezes vulns that allow total p0wnage

Juniper admins using the company's NorthStar WAN SDN Controller Application, hop to it: the company's just dropped fixes to 28 security vulnerabilities. The bugs apply to version 2.1.0 Service Pack 1 and newer versions of the application. With such a crop available, here are the most severe bugs, some of them internal to the …

Boffins show off speedy quantum CNOT gate - in silicon

German and American boffins have claimed a speed record for a quantum CNOT gate: 200 nanosecond operation, which would equate to 5 MHz clock speeds. Just as important, the researchers created the quantum CNOT* gate in silicon, in the form of electron spins controlled by microwave pulses. As this announcement from the …
Robot AI Woman

Fruit of an acquisition: Apple AI software goes open

Apple's joined other juggernauts of the tech sector by releasing an open source AI framework. Turi Create 4.0, which landed at GitHub recently, is a fruit of its 2016 US$200 million acquisition of Turi. As the GitHub description explains, it targets app developers that want custom machine learning models but don't have the …
Juno

Juno's July fly-by gave NASA a close-up of the Great Red Spot

video It's at least 150 years old, one-and-a-half Earths wide, reaches 300 km (around 200 miles) into Jupiter's atmosphere – and now, thanks to data from the Juno probe, NASA's offering the chance to take a virtual dive into the famous Great Red Spot. When it made its first pass over the vast super-storm in July 2017, one of the …
Macbook 2015 keyboard. Pic: Apple

Google's Project Zero reveals Apple jailbreak exploit

Ian Beer of Google's Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability. Beer went public after Apple worked out a fix for the kernel memory corruption bug. He even launched a Twitter account for the occasion: If you're interested in bootstrapping iOS 11 kernel …
shutterstock_287971118--snake-hero

Language bugs infest downstream software, fuzzer finds

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use. That's the conclusion of research presented last week at Black Hat Europe by IOActive's Fernando Arnaboldi. As Arnaboldi wrote in his Black Hat Europe paper [PDF]: “software developers may unknowingly include …

Google pauses accessibility service crackdown

Google seems to be taking a softer stance on its “accessibility crackdown”, pausing the program for a review. In late November, the Chocolate Factory warned Android developers not to use accessibility features outside their intended use. The accessibility framework is useful to simulate text entry or screen taps, but ad …
FACEPALM

Leftover Synaptics debugger puts a keylogger on HP laptops

For the second time this year, HP Inc has had to patch its laptops after a security researcher found a driver-level keylogger – and this time, other laptop-makers might have to check their own products. The debug trace was in the Synaptics Touchpad driver used almost across-the-board in HP laptops, and while it is turned off …
Telstra copper in broken pit

Optus to refund NBN customers for slow connections

Optus has become the second Australian carrier to announce refunds for customers unable to get decent National Broadband Network connections. Under pressure from the Australian Competition and Consumer Commission (ACCC), Telstra in November 'fessed up that performance on the NBN didn't match its advertising and said it would …

Microsoft Dynamics 365 sandbox leaked TLS certificate's private parts

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle. Matthias Gliwka, a Stuttgart-based software developer, discovered the slip while working with the …
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

Brandis' infrastructure security bill off to committee

Australia's attorney-general George Brandis won't get his critical infrastructure register kicked off this year: the legislation was introduced late last week, but immediately sent off to the Parliamentary Joint Committee on Intelligence and Security. The committee has been asked to provide its report into the bill in the …
An angry man gesticulates at his laptop screen. Photo by Shutterstock

Google pushed update that broke managed Chromebooks' Wi-Fi

A Google slip-up left educators scratching their heads after schools' Chromebooks developed mass wireless network SSID amnesia. The issue came to light in four rather cross Reddit threads (here, here, here and here). What happened was an apparent update slip-up resulting in devices forgetting Wi-Fi settings managed through …

Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client. What he's found is that more than 30 mail …
mAN SMILES INTO CAMERA, pHOTO BY sHUTTERSTOCK

Google learns to smile, because AI's bad at it

Google's taken a small step towards addressing the persistent problem of bias in artificial intelligence, setting its boffins to work on equal-opportunity smile detection. In a paper published at arXiv December 1, Mountain View trio Hee Jung Ryu, Margaret Mitchell and Hartwig Adam laid out the results of research designed to …
Eclipse photo via Shutterstock

Beware the IDEs of Android: three biggies have vulnerabilities

Developers using the Android Studio, Eclipse, and IntelliJ IDEA have been advised to update their IDEs against serious and easily-exploitable vulnerabilities. Check Point Software Technologies went public with the bugs on December 4, but said it made its discoveries in May 2017. Initially, Check point's four researchers (Eran …
CAT TELLS OWNER THEY'RE LATE. PHOTO BY SHUTTERSTOCK

nbn™ chair Ziggy Switkowski says HFC remediation mess is business as usual

nbn™ chairman Ziggy Switkowski last night told a Senate Estimates hearing that problems with the hybrid fibre-coax (HFC) network it bought from Telstra first emerged in July. In November, nbn™, the company building and operating Australia's national broadband network (NBN), put the HFC rollout on hold. nbn™ has stated that it …

Turns out Leakbase can keep a secret: It has shut down with zero info

Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned. Since it's published only three tweets relating to the shutdown, Leakbase left plenty of room for speculation about the reason for its disappearance. We understand many of you may have lost some time, so in an effort to …
Flyswat

Google prepares 47 Android bug fixes, ten of them rated Critical

Google has teased 47 Android patches for Nexus and Pixel devices. Among the critical bugs in the Android Security Bulletin, five concern the media framework, one is system-level, four hit Qualcomm components. The worst, Google said, is one of the media framework bugs, not yet fully disclosed, but it “could enable a remote …
bucket

Good news: unsecured S3 bucket discovery just got easier

If you thought the business of discovering unsecured Amazon Web Services S3 buckets was for the pros, think again: like all things, the process can be automated, and the code to automate it posted to GitHub. It's not a new discipline – quickly Googling GitHub for S3 bucket enumeration turns up more than 1,000 results, but the …
A dentist examining teeth

Dentist-turned bug-biter given a taste of freedom

Justin Shafer, who last year sparked a complaint to the FBI for discovering a dental software vendor's unprotected FTP server, will walk free until his trial begins. Although his vulnerability work upset some of his targets, Shafer's detention wasn't directly about hacking: he took exception to repeated FBI raids, went public …
danger

Google to crack down on apps that snoop

Google has warned Android developers to give users better warnings about their apps' data collection behaviours, or it will flag their failings. Last Friday, the company announced revisions to Safe Browsing rules and "expanded enforcement of Google's Unwanted Software Policy". If developers don't comply within 60 days, Google …
Protest banners

French activists storm Paris Apple Store over EU tax dispute

French activists on Saturday occupied a Paris Apple Store as part of a campaign to try and shame Cupertino into paying local taxes. According to local reports, around 100 members of an anti-globalisation group called Attac occupied the store, near the Paris Opera, for “several hours”. Agence France Presse quoted Attac's …

Biting the hand that feeds IT © 1998–2017