The Register Columnists

Thomas Claburn

Contact Mail Follow RSS feed
Facebook's Mark Zuckerberg, speaking at the 2015 F8 conference

Facebook privacy audit by auditors finds everything is awesome!

The US Federal Trade Commission has released an audit of Facebook's privacy practices and it turns out there's nothing to worry about, at least as far as accounting firm PricewaterhouseCoopers (PwC) is concerned. Clearly, there's nothing to worry about. Go back to your homes, people. PwC, retained to check on how Facebook has …
Thomas Claburn, 21 Apr 2018
Person holding vape box

Amazon, LG Electronics turned my vape into an exploding bomb, says burned bloke in lawsuit

Amazon, LG Electronics and KMG-Imports are being sued by a man in the US State of Rhode Island for selling a vaping box and batteries that allegedly burst into flames and set him on fire. In a lawsuit filed last month in Rhode Island Superior Court in Providence County, and just shifted to US District Court for Rhode Island, …
Thomas Claburn, 20 Apr 2018
image of Apple and hard drive

Apple unleashes FoundationDB as an open source project

Apple has open-sourced FoundationDB, a distributed ACID-compliant NoSQL datastore, three years after acquiring the company that developed the technology. At the time, developers who used the database voiced resentment that Apple had taken a useful tool off the market and left companies using the software without support. For …
Thomas Claburn, 20 Apr 2018
Boy fixing computer with hammer

Google kills off domain fronting – and so secure comms just got tougher

Google has made technical changes to its cloud infrastructure that have caused collateral damage to an anti-censorship technique called domain fronting. The technique, more a workaround than a supported feature, has become popular on App Engine, Google's platform-as-a-service product, over the past year or so. And now makers …
Thomas Claburn, 19 Apr 2018

Millions of scraped public social net profiles left in open AWS S3 box

US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by. Security biz Upguard wandered by on February 18, and found the publicly accessible files in a …
Thomas Claburn, 19 Apr 2018
Ellison with watch photo by drserg via Shutterstock

Oracle demands dev tear down iOS app that has 'JavaScript' in its name

Oracle, claims developer Zhongmin Steven Guo, has demanded that Apple remove an app he created because it contains the trademarked term "JavaScript." The app in question, published by Guo's Tyanya Software LLC – which appears to be more a liability shield than a thriving software business – is titled "HTML5, CSS, JavaScript, …
Thomas Claburn, 18 Apr 2018

Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment. And because this particularly bit of kit resides amid sensitive gray matter – to treat conditions like Parkinson's – the potential consequences …
Thomas Claburn, 18 Apr 2018

Facebook faces foe formation in facial fingering fight

A US federal judge on Monday ruled that a lawsuit filed over Facebook's use of facial recognition technology can proceed as a class action, raising the possibility the social network could face billions in damages. The sueball was filed in May 2015 under Illinois' 2008 Biometric Information Privacy Act (BIPA) by three …
Thomas Claburn, 18 Apr 2018
Acting IRS Commissioner David J. Kautter

It's US Tax Day, so of course the IRS's servers have taken a swan dive

Updated US tax returns for 2017 must be filed by midnight tonight – but the nation's Internal Revenue Service is making that difficult. The revenue collection agency's e-file system has been having undisclosed technical difficulties, effectively falling offline and unable to accept tax form submissions. If only someone could have …
Thomas Claburn, 17 Apr 2018
PWX_image

Docker enterprise kit gets cozy with Kubernetes

Container popularizer Docker plans to roll out an update to its enterprise product on Tuesday that has more to do with box juggling than canned code. Where the Docker software – known as Moby in open source form – provides a way to stuff applications and the surrounding user space into containers that can be moved across …
Thomas Claburn, 17 Apr 2018

Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties

Updated Having weathered revelations in January that its chips can be attacked through a novel class of side-channel vulnerabilities – mostly addressed through microcode fixes – Intel is adding broader silicon-level security improvements to its processors. In conjunction with the RSA Security conference in San Francisco this week, …
Thomas Claburn, 17 Apr 2018
President Vladimir Putin surrounded by aides and soldiers

US, UK cyber cops warn Russians are rooting around in your routers

American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world's network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security …
Thomas Claburn, 16 Apr 2018

Security? We've heard of it, say web-app devs. 31 in 33 codebases have at least one big bad vuln

Automated source code analysis of 33 web applications has found that 94 per cent of them have at least one high-severity vulnerability, according to security biz Positive Technologies. "Web applications practically have a target painted on their back," said Leigh-Anne Galloway, cyber security resilience lead at the company in …
Thomas Claburn, 16 Apr 2018
Microsoft, Apple, Google OS logos

Go away, kid, you bother me: Apple, Google, Microsoft, Mozilla kick W3C nerds to the curb

The organization that tries to advance web technology standards – the World Wide Web Consortium or W3C – has run into a roadblock: Apple, Google, Microsoft, and Mozilla. Earlier this week, the four major browser makers expressed dissatisfaction with the W3C's DOM 4.1 specification, which defines a variety of new capabilities …
Thomas Claburn, 13 Apr 2018
Cloudflare Spectrum graphic

Cloudflare promises to tend not two, but 65,535 ports in a storm

Cloudflare made its name proxying traffic for web servers, on network ports 80 (HTTP) and 443 (HTTPS), as a defense against denial of service attacks and their ilk. On Thursday, the online security biz broadened its ambitions by extending its watch over the remaining possible TCP/IP network ports under IPv4. Cloudflare …
Thomas Claburn, 13 Apr 2018
Bitcoin, photo via Shutterstock

When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week. David Gerard, a UK-based Unix admin and blockchain technology watcher, raised concerns in a blog post on Thursday. "The popular JavaScript SecureRandom() library … isn’t securely random …
Thomas Claburn, 12 Apr 2018
Magic cloud castle

A code injection to stop code injection could solve serverless security

Serverless computing is not quite carefree computing. Those using it don't have to worry about servers, apart from the cloud service provider's bill. But they would be well advised to give some thought to application security. Under the serverless model – which isn't actually serverless... think platform-as-a-service but …
Thomas Claburn, 12 Apr 2018
studio

Aw, all grown up: Mozilla moves WebAssembly into sparsely furnished Studio apartment

Mozilla has released a preview version of WebAssembly Studio, its browser-based integrated development environment (IDE) for creating code touted to be the future of internet software. WebAssembly is a low-level assembly language that can be written as text (.wat) and converted to binary (.wasm) or can be a compilation target …
Thomas Claburn, 11 Apr 2018
Facebook CEO Mark Zuckerberg

Nervous Facebook CEO Mark Zuckerberg passes Turing Test in Congress

A few hours after the introduction of Facebook's newly launched Data Abuse Bounty program – an admission the social ad network has no idea what's become of its illicitly harvested data – CEO Mark Zuckerberg reprised his long-running mea culpa show before America's lawmakers. His appearance in Washington DC on Tuesday follows …
Thomas Claburn, 11 Apr 2018
a hostile drone

White House: Is it OK to hijack, shoot down, or snoop on drones? Er ... asking for a friend

The Trump administration wants US Congress to extend the military's drone-downing powers to the Department of Homeland Security and the Department of Justice, even as it backs broader commercial deployment for unmanned aircraft. The proposed rules, obtained by the Washington Post, would give civilian agencies powers similar to …
virus_1_648

Patch or ditch Adobe Flash: Exploit on sale, booby-trapped Office docs spotted in the wild

In case you needed another reason not to open Adobe Flash or Microsoft Office files from untrusted sources: ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. This means less-than-expert hackers can use ThreadKit to craft booby- …
Screengrab of the Backpage takedown notice

Hookup classifieds ad sheet Backpage.com seized in Feds shutdown

Updated Before a controversial law bill making websites liable for supporting sex trafficking has even been signed into law by President Trump, US authorities have taken the sort of legal action the pending legislation is intended to enable. On Friday, the US Department of Justice, the Federal Bureau of Investigation, the Postal …
Guy pointing at a shirt reading 'Follow me'

Twitter API overhaul threatens to seriously shaft apps... again

Updated Twitter's planned discontinuation of its streaming APIs in June has third-party developers worried that a replacement service won't be available in time to prevent their Twitter apps from breaking. The makers of Talon, Tweetbot, Tweetings, and Twitterrific have joined together to create a webpage expressing their concerns and …
Facebook founder Mark Zuckerberg at Samsung's Galaxy S7 launch

Facebook dynamites its own APIs amid data slurp scandals, wrecks data slurp applications

In response to widespread concern about the misuse of Facebook user data, the social ad network on Wednesday hobbled its Graph API and Instagram API, breaking apps sustained by that data in the process. Mike Schroepfer, Facebook's CTO, outlined the changes in a blog post, some of which took effect immediately. The Graph API, …
Bane from Batman

Holy helmets, Batman! Bane-like mask lets you 'talk' to computers without making a sound

Pic At long last, the war against privacy-invading lip readers and Alexa eavesdroppers may finally be won. Boffins at MIT have developed a silent speech interface called AlterEgo that allows wearers to communicate via text translated from neuromuscular signals – tiny face twitches – without a visible tell. It's a mechanism for …

Biting the hand that feeds IT © 1998–2018