Richard Chirgwin

Contact Mail Follow Twitter RSS feed
two tired-looking American bald eagles - with hooded eyes

HPE flies low-energy Eagle into National Renewable Energy Lab's data centre

HPE has been named as supplier of the National Renewable Energy Laboratory's new low-energy supercomputer, Eagle, which will power up in January 2019. Eagle is planned to be 3.5 more powerful than the lab's 2.26 petaflop Peregrine system, and will spend its time simulating complex processes, systems and phenomena for energy …
Sorry Shutterstock image

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'

Interview In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Yuval Yarom about its impact. The main promise of SGX is that you can write code, and ship it to someone you do not fully trust. That person will run the …

Australia's Snooper's Charter: Experts react, and it ain't pretty

If the Australian government was hoping its encryption legislation would have a smooth run, it'll probably be disappointed. Not only has the exposure draft landed with a political storm, reactions from technologists range from guarded to sharply critical. On the political front, the Australian Greens came out most strongly …
Milos Prvulovic and Alenka Zajic at Georgia Tech

May the May update be with you: OpenSSL key sniffed from radio signal

If you missed the OpenSSL update released in May, go back and get it: a Georgia Tech team recovered a 2048-bit RSA key from OpenSSL using smartphone processor radio emissions, in a single pass. The good news is that their attack was on OpenSSL 1.1.0g, which was released last November, and the library has been updated since …
Penguins line up to dive into the icy water from the ice floe.

Dropbox plans to drop encrypted Linux filesystems in November

Updated Linux users are calling on Dropbox to reverse a decision to trim its filesystem support to unencrypted EXT4 only. The company's supported file system list, here, is missing some formats – including various encrypted Linux filesystems. Until that list was revised, Dropbox said it supported NTFS, HFS, EXT4, and APFS on Linux; …
spy_eye_648

When's a backdoor not a backdoor? When the Oz government says it isn't

Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one. The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia will be subject to police orders for access …
Enigma machine Shutterstock

Australia on the cusp of showing the world how to break encryption

The Australian government has scheduled its “not-a-backdoor” crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into …

Ethernet Alliance plugs and prays so you don't have to, and other networking morsels

Microsoft has said it'll be bringing more "software-defined" capabilities to Windows Server in 2019. It would have been easy to have missed it, though: Redmond didn't offer a product release, it buried the story at seventh place in a "top-10 networking features in Windows Server 2019" list, here. Greg Cusanza and Schumann Ge …
The Dr Seuss BookBench sculpture. Pic: shutterstock/ron ellis

Encryption doesn't stop him or her or you... from working out what Thing 1 is up to

You don't need to sniff clear-text Internet of Things traffic to comprehensively compromise a gadget-fan's home privacy: mere traffic profiles will do the job nicely, a group of researchers has found. Encrypted streams can be surprisingly revealing, after all: just ask Cisco, which learned how to identify malware crossing the …
bouncer

Need a facial recognition auto-doxxx tool? Social Mapper has you covered

Finding people's social media profiles can be a slow and manual business – so why not get facial recognition to help? That's the pitch coming from Trustwave's SpiderLabs, which wants to make life easier for penetration testers trying to infiltrate clients' networks and facilities using social engineering and targeted hackery …
kick me sign on man's back

How evil JavaScript helps attackers tag possible victims – and gives away their intent

A honeypot project operated by Japanese comms company NTT has turned up a bunch of new approaches to malware obfuscation. Yuta Takata of NTT's Secure Platform Laboratories has published an analysis at the Asia Pacific Network Information Centre (APNIC) here. In it, he wrote that since JavaScript can be used to identify …
WiFi outage

If for some reason you're still using TKIP crypto on your Wi-Fi, ditch it – Linux, Android world bug collides with it

It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems. The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a …
Amiga juggler

GitHub looses load-balancing open-source code on netops world

If you’ve got a big bare-metal data center, or if you’re just BM-curious, head on over to GitHub, where there’s a new load balancer on offer by, um, GitHub. Like anybody handling a lot of incoming requests, GitHub needs a way to spread web and git traffic around its server warehouses, and in this blog post on Wednesday by Theo …
Cisco logo on wall

Magic million: That's how many Cisco routers can now run SD-WAN

Cisco has made the next move in its integration of 2017 acquisition Viptela, prepping an SD-WAN upgrade it is going to ship to a million routers. Readers may recall that Viptela was founded by ex-Cisco executives, and was acquired by Switchzilla in May 2017 for $610m (somewhat under its peak valuation at $900m). Cisco is now …
Dad with sleeping baby on laptop. Pic Shutterstock

Researcher found Homebrew GitHub token hidden in plain sight

The popular Homebrew macOS package installer has moved to plug a serious vulnerability – it accidentally left a GitHub token visible to the public. Luckily, a team member on paternity leave had a moment while their child napped to fix it. Homebrew does for macOS what apt-get does for Debian: it's a handy installer for stuff …
Shutterstock Firehose

FreeBSD has its own TCP-queue-of-death bug, easier to hose than Linux's SegmentSmack

Hard on the heels of the Linux kernel's packets-of-death attack dubbed SegmentSmack, a similar vulnerability has been disclosed and fixed in FreeBSD. Attributed to SegmentSmack discoverer Juha-Matti Tilli of Aalto University in Finland, the FreeBSD TCP issue is related to how the operating system's networking stack reassembles …
NBN

Better late than never: nbn™ DOCSIS 3.1 upgrade starts

DOCSIS 3.1 has finally landed in Australia, courtesy of a currently-limited rollout to HFC-connected National Broadband Network (NBN) customers. Network-builder nbn™ hasn't announced where the service is being enabled, but said the deployment will reduce its reliance on node-splitting to meet its performance targets, and said …

Be your own YouTube: Cloudflare Stream flies out of beta, emits vids

Does the world need another streaming platform? Cloudflare thinks so, and today it set its Cloudflare Stream beta (running for nearly a year) to general availability. The idea, as CEO Matthew Prince said to The Register, is to take what customers now buy as three products and turn them into one. Outside the safe embrace of …
Finding bugs in code

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary …
Woman says oops after data breach... or spome other mistake, possibly. Illustration by Shutterstock/sergey sobin

Cisco let an SSL cert expire in its VPN kit – and broke network provisioning brokers

If your inter-office Cisco-powered VPN suddenly isn't working properly, there's an upcoming update you may need to install. The issue is specific to Switchzilla's Application Policy Infrastructure Controller Enterprise Module (APIC-EM), which is its software-defined networking controller for enterprise networks. It relies on …
Cat attacking

Arista cats cough up $400m furball to satisfy Cisco in legal war truce

Arista has cut a deal with Cisco that leaves the former US$400m lighter, and ends nearly all of the long-running legal battles between the two networking vendors. The settlement was announced on what would have been the first day of a jury trial in the US brought against Cisco by Arista, which accused Switchzilla of allegedly …
Woman with red roses and coffin at funeral in church

NSA's crummy crypto crop Suite B binned, and other network nuggets

Over at the Internet Engineering Task Force, a notorious piece of history is being consigned to... well, history. This Request for Comment, RFC 8423, reassigns a bunch of specs that were authored or co-authored by American intel bods at the National Security Agency (NSA) to "Historic Status". The RFCs in question are the NSA' …
Shutterstock - ration book

Arris CPE revenue hit by component shortages

Another network vendor has had its financials dented by component shortages: this time, it's Arris. Shortages in memory and multilayer ceramic capacitors (MLCCs) slowed delivery of customer-premises equipment (CPE) products. As a result, CEO Bruce McLelland told today's earnings call, some production will be shifted from Q2 to …
Burning copyright symbol. Photo by SHUTTERSTOCK

Here we go again: Monopoly case another round in Arista vs Cisco

Settle in and take you seats, Rocky Nine is about to begin filming, in the form of another round of litigation between Arista and Cisco. This time around, the upstart is on the front foot. In a case filed in 2016, Arista accused Cisco of abusing its monopoly position to control who could use its networking gear's famous and …
shutterstock_clockwork

CableLabs sends its time lords to help small-cell mobile nets

When you need parts-per-billion frequency accuracy, “Let's synchronise our watches” doesn't cut it. Take LTE and 5G for example: they need tight synchronisation, both in frequency and phase, and that makes time-signalling an important part of the network. CableLabs, the US cable industry's research arm, is proposing a …

Biting the hand that feeds IT © 1998–2018