Shaun Nichols

Contact Mail Follow RSS feed

Dear America: Want secure elections? Stick to pen and paper for ballots, experts urge

The upcoming 2020 US presidential election should be conducted on paper, since there is no way currently to make electronic and internet voting secure. That's according to a dossier from the National Academies of Sciences, Engineering, and Medicine, which probed the fallout of alleged Russian meddling with America's 2016 …
Shaun Nichols, 7 Sep 2018
hacker

Supermicro wraps crypto-blanket around server firmware to hide it from malware injectors

Researchers claim to have discovered an exploitable flaw in the baseboard management controller (BMC) hardware used by Supermicro servers. Security biz Eclypsium today said a weakness in the mechanism for updating a BMC's firmware could be abused by an attacker to install and run malicious code that would be extremely …
Shaun Nichols, 7 Sep 2018
scissors

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Google Chrome has suddenly stopped displaying www. and m. in website addresses in its URL bar, confusing the heck out of some netizens. The move apparently cuts down on unneeded "trivial" characters that normies and techies alike shouldn't, according to the browser's developers, worry about in 2018. The more cynically minded …
Shaun Nichols, 7 Sep 2018
Tesla model S

Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free

Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its now-tweaked bug bounty program. The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in …
Shaun Nichols, 6 Sep 2018
A businessman in handcuffs

Uncle Sam wants tech toolkit to snoop social media stock scammers

The US Securities and Exchange Commission (SEC) has put out a call for proposals on a new system that would be able to identify possible stock scams posted on Twitter, Facebook, and other social networks. The SEC posted the call last week with a September 11 deadline for proposals from developers on an application that would …
Shaun Nichols, 5 Sep 2018

Mikrotik routers pwned en masse, send network data to mysterious box

More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server. This is according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data …
Shaun Nichols, 4 Sep 2018
Image of rock band AC/DC

Thunderstruck: Azure Back in Black(out) after High Voltage causes Flick of the Switch

Microsoft is blaming bad weather for the massive outage that knocked a number of Azure cloud and Visual Studio Teams services offline Tuesday. The Windows giant revealed its South Central US facility in Texas was crippled after severe storms and lightning strikes overloaded its cooling equipment, forcing its servers and other …
Shaun Nichols, 4 Sep 2018
Congress

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Another week has come and gone. This one included some Fortnite flaws, a nasty Intel bug, and a voting machine maker whining about hacking contests. Here’s a bit more of the recent news in security: Exciting new LinkedIn use case: Chinese spying Be careful the next time you get an invite to connect on LinkedIn: you might be …
Shaun Nichols, 1 Sep 2018

DraftKings rides to court, asks to unmask 10 DDoS suspects

A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month. DraftKings, based out of Boston, MA, has filed [PDF] with the Massachusetts US District Court for authorization to force ISPs around the US to turn over the identities linked to …
Shaun Nichols, 31 Aug 2018
California

Golden State passes gold-standard net neutrality bill by 58-17

Updated California’s net neutrality bill SB822 has cleared another hurdle on its way to becoming a state law. The bill received a 58-17 majority vote from the state assembly following a heated debate and amendment process. Because some provisions of the bill were changed by the Assembly, it will have to once again be voted on by the …
Shaun Nichols, 31 Aug 2018
Firefox logo

Mozilla changes Firefox policy from ‘do not track’ to ‘will not track’

Mozilla says it will soon be modifying its Firefox browser to block all user tracking on websites by default. “In the near future, Firefox will, by default, protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites,” said Mozilla VP …
Shaun Nichols, 30 Aug 2018
The Brooklyn Bridge

‘Very fine people’ rename New York as ‘Jewtropolis’ on Snapchat, Zillow

Update Mapping service Mapbox says that a breakdown in its filtering process was responsible for an incident that briefly saw the company’s map of New York City renamed to ‘Jewtropolis’ by vandals. The mapping site issued a statement Thursday morning to address the defacement of the maps it provides to many sites and apps, including …
Shaun Nichols, 30 Aug 2018
passport

Won’t patch systems? Never run malware scans? Welcome to the US State Department!

A branch of the US State Department charged with detecting visa fraud was found to be ignoring basic information security practices. As pointed out by NextGov, a recent audit conducted by the Office of the Inspector General for the State Department found that its Bureau of Consular Affairs Office of Fraud Prevention was …
Shaun Nichols, 30 Aug 2018
Man opens hotel room with key card

Chinese hotel chain warns of massive customer data theft

China’s largest hotel chain is investigating an apparent data theft that is said to involve as many as half a billion pieces of information. The Xinhua state news agency says Shanghai Police are investigating what looks to be a credible post on a darknet site advertising the sale of nearly 500 million pieces of data reportedly …
Shaun Nichols, 29 Aug 2018
An Air Canada plane from Shutterstock

Error Canada: Airline tells customers to reset mobile app after attack

Air Canada is advising customers to reset the passwords on their mobile app after the airline detected a potential network break-in. “We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect …
Shaun Nichols, 29 Aug 2018
HPE building from Shutterstock

HPE ekes out teeny-tiny sales bump as top beancounter hits eject

HPE's chief financial officer is quitting the corp, which just revealed its edge compute business is faring better than other more ho-hum divisions. The enterprise giant was able to keep its revenues growing, though barely, in Q3 FY2018, according to figures released on Thursday: Revenues of $7.8bn during the three months to …
Shaun Nichols, 29 Aug 2018
hacking

Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers

Voting machine maker ES&S says it did not cooperate with the Voting Village at hacking conference DEF CON because it worried the event posed a national security risk. This is according to a letter the biz sent to four US senators in response to inquiries about why the manufacturer was dismissive of the show's village and its …
Shaun Nichols, 28 Aug 2018
android

No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling. The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate …
Shaun Nichols, 28 Aug 2018
Oculus Rift

Boffins bork motion control gear with the power of applied sound

A group of university researchers have developed a way to remotely control motion-sensing devices using only sound waves. The study [PDF], authored by Yazhou Tu and Xiali Hei of University of Louisiana Lafayette, Zhiqiang Lin of Ohio State University, and Insup Lee of University of Pennsylvania, found that embedded sensors and …
Shaun Nichols, 28 Aug 2018

GlobalFoundries scuttles 7nm chip plans claiming no demand

GlobalFoundries is putting its pursuit of 7nm chips on hold indefinitely. CEO Tom Caulfield said the chip fab will shift resources (including an R&D restructure) to the 14 and 12nm FinFET efforts where, he says, most of GlobalFoundries chip customers are focusing. In announcing the move, Caulfield said companies seem to have …
Shaun Nichols, 27 Aug 2018
Illustration of someone taking off a mask

Lawyers sued for impersonating rival firm online to steal clients

An Illinois law firm is suing a rival it says was impersonating it online in a bid to steal clients. Motta & Motta LLC said in a filing [PDF] to the Northern Illinois US District Court that rival legal firm Dolci and Weiland had set up both a website and phone line designed to redirect Mota’s criminal and family law clients to …
Shaun Nichols, 27 Aug 2018
Vote button

Voting machine maker vows to step up security, Fortnite bribes players to do 2FA – and more

Roundup Summer rolls on, Reg vultures are making the most of their hols before the September rush hits, and in the past week, we saw Lazarus malware targeting Macs, Adobe scrambling to get an emergency patch out, and Democrats losing their minds over a simple training exercise. Here's what else went down... SOLEO mission Researchers …
Shaun Nichols, 27 Aug 2018
Pixellated Facebook thumb

Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers

Facebook has patched a remote-code execution flaw discovered in one of its servers. Researcher Daniel 'Blaklis' Le Gall, of SCRT Information Security, said on Friday he bagged a $5,000 bug bounty from the social network for reporting a flaw that could be exploited to execute arbitrary commands using malicious cookies. Though …
Shaun Nichols, 24 Aug 2018
BSOD in Glasgow

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …
Shaun Nichols, 24 Aug 2018
A woman cringing- from shutterstock

Southport: Come for a round of golf, stay for the flesh-eating STIs

The first British case of a rare flesh-eating sexually transmitted infection has been diagnosed in Southport – England's golf capital and home of The Register's financial and HR office. The Lancashire Evening Post reports that a woman between the age of 15 and 25 was found in the Merseyside town to be suffering from …
Shaun Nichols, 24 Aug 2018

Biting the hand that feeds IT © 1998–2018