Al-Jazeera cracker charged
A US Web designer has been charged with breaking into DNS servers and rerouting surfers visiting the Web site of Al-Jazeera to a "Let Freedom Ring" patriotic Web site he created,
John William Racine II, of Norco, California, is also accused of intercepting Web email sent to the Arab satellite TV network, AP reports
The 24 year-old is out on bail pending a Monday court appearance when he will face charges of unlawful interception of an electronic communication and wire fraud.
Prosecutors allege that Racine obtained a password for Al-Jazeera's Web site
by posing as a representative of the station in forged requests faxed to Network Solutions, who handed over the vital information without verifying his identity.
This social engineering trick allowed Racine to reroute people visiting Al-Jazeera's site to a Web page containing an outline map of the US superimposed with the Stars and Stripes, and containing the slogan "Let Freedom Ring". Racine also intercepted 300 emails sent to Al-Jazeera between March 25 and 27, prosecutors allege.
A US attorney's spokesman told AP that he expected Racine to plead guilty to the charges. However Racine is yet to enter a plea in the case. His arraignment is due to take place next Monday, June 16. ®
Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping
BLACK HAT ASIA
Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.
Devonshire spent much of 2019 and 2020 in Hong Kong, working as a digital forensics and incident response specialist at Blackpanda and serving as assistant faculty at Hong Kong University.
“The climate on the University of Hong Kong campus in the fall of 2019 was a bit different that you are used to on a university campus," she said at the Black Hat Asia 2021 security conference yesterday.
China is upset India excluded Chinese equipment from 5G network trials
Why are you giving yourself a kick in the innovation economy?
China has protested India’s decision to prevent local carriers using made-in-China 5G kit in network trials.
India on Tuesday green-lit
5G tests provided local carriers use kit from Ericsson, Nokia, Samsung, C-Dot, or Indian conglomerate Reliance Jio. But not Chinese vendors.
quotes Wang Xiaojian, a counsellor at its Indian embassy, as saying: “Relevant Chinese companies have been operating in India for years, providing mass job opportunities and making contribution to India's infrastructure construction in telecommunications.”
Google Play to require privacy labels on apps in 2022, almost two years after Apple
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?
Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.
The data-harvesting ad giant on Thursday detailed
plans to create a “safety section in Google Play” that it says “will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security.”
A precise policy will be revealed in Q3 2021. For now, Google has said “among other things, we’ll ask developers to share:
Big right-to-repair win: FTC blasts tech giants for making it so difficult to mend devices
'There is scant evidence to support manufacturers’ justifications for restrictions'
America's consumer watchdog, the FTC, today scolded technology makers for their anti-repair practices, and signaled it will support new legislation that ensures people can mend their own stuff without penalty.
In short, the FTC said manufacturers were, among other things, regularly breaking or stretching warranty law, deliberately designing products that are hard to fix, keeping repair information secret, using patent and trademark law to thwart repair efforts, discouraging independent third-party repairs, and using software to lock out changes. This leads to a bad deal for buyers and the environment as stuff gets thrown away when it could have been mended and reused.
"We're glad to see the FTC acknowledge the scope of the problem, and the real harm to consumers,” Kerry Maeve Sheehan, head of US policy at repair biz iFixit, told The Register. “We're also happy to see the FTC's pledge to undertake enforcement and regulatory solutions to repair restrictions, and fully support them in doing so – these actions are long overdue."
Google will make you use two-step verification to login
World Password Day returns to remind us how much passwords suck
Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.
A mere eight years after Intel began
promoting World Password Day as a way to raise awareness about the importance of strong passwords, Google is ready to wipe them from memory.
At the 2004 RSA Conference, Microsoft co-founder Bill Gates predicted
passwords would become less important in the years ahead. The Windows biz has pushed to make that happen by supporting FIDO2 security keys
for authentication and switching to token-based authentication to approve git operations on GitHub
, among other initiatives. But the password, like email, has so far defied its death watch.
IBM says it's built the world's first 2nm semiconductor chips
Coming to a computer near you ... this decade ... maybe
IBM Research says it's made the world’s first 2nm process node chips, squeezing 50 billion transistors onto each of the fingernail-sized dies.
Big Blue today claimed
this is “a breakthrough in semiconductor design” using nanosheet technology
. That involves layering three sheets of material to form a stack containing an NMOS transistor on top of a PMOS transistor, rather than placing them side by side, commonly called a gate-all-around design. It's a step on from today's 3D FinFETs.
"One of the breakthroughs in the 2nm technology is using EUV patterning to define variable sheet widths [between] 15-70nm to meet requirements for both low-power mobile application and high-performance computing for hybrid cloud data center application," Mukesh Khare, veep of Hybrid Cloud Research at IBM, told The Register. "We are among the first organizations introducing EUV into the Front End Of Line integration."
Telcos crammed 8.5m fake comments against net neutrality into FCC's inbox
While some teen generated 7.7m bogus pro-NN notes to US broadband regulator
Broadband companies in 2017 launched an $8.2m campaign to repeal America's net neutrality rules that spent $4.2m to sway policymakers with millions of fake comments
. But only their hired guns are being held accountable.
Net neutrality, the proposition that broadband service providers should handle internet traffic without bias, has been bitterly opposed by broadband service providers because utility pricing tends to be less profitable than the premium charges gatekeepers can impose. Supporters of net neutrality argue that broadband companies should not be able to distort the competitive market to favor firms that pay them fees.
After the Trump administration appointed Ajit Pai to be chairman of the Federal Communications Commission in 2017, Pai set about to repeal net neutrality policies and the broadband industry proved keen to see that happen. His repeal went through but has been complicated by a 2019 appeals court decision that affirms the ability of states to implement their own net neutrality rules, which three states have passed into law
and others have done through Executive Orders or have proposed new laws.
UK vaccine booking website had unexpected side effect: It leaked people's jab status
Wanna find out if Jane Brit has had a shot? Just lob her postcode and DoB into this NHS site
An NHS Digital-run vaccine-booking website exposed just how many vaccines individual people had received – and did so with no authentication, according to the Guardian.
The booking page, aimed at English NHS patients wanting to book first and second coronavirus jabs, would tell anyone at all whether a named person had had zero, one or two vaccination doses, the newspaper reported
All you need, it says, are the date of birth and postcode of the person whose vaccination status you wanted to check up on. These details are not difficult to find online with some obvious search terms.
The quest for faster Python: Pyston returns to open source, Facebook releases Cinder, or should devs just use PyPy?
Official CPython is slow, but there are many ways to get better performance
Facebook has released Cinder, used internally in Instagram to improve Python performance, while another faster Python, called Pyston, has released version 2.2 and made the project open source (again).
; but it is by no means the fastest. A glance at benchmarks
One reason is that the official implementation of Python, called CPython, is an interpreted, dynamic language, and its creator Guido Van Rossum has resisted optimising it for performance, saying in 2014
that "Python is about having the simplest, dumbest compiler imaginable, and the official runtime semantics actively discourage cleverness in the compiler like parallelizing loops or turning recursion into loops."
Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping
Good thing researchers spotted it, no evidence of exploit in the wild
A heap overflow vulnerability in Qualcomm's Snapdragon 855 system-on-chip modem firmware, used in Android devices, could be exploited by baddies to run arbitrary code on unsuspecting users' devices, according to Check Point.
The software bug, tracked as CVE-2020-11292
, can be abused to trigger a heap overflow in devices that use a Qualcomm Mobile Station Modem (MSM) chip, thanks to some in-depth jiggery-pokery in the Qualcomm MSM Interface (QMI) voice service API.
"If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations," said some not-at-all-excitable researchers from Israeli security firm Check Point in a blog post
Just one in 5 Googlers plan to swerve the office permanently after COVID-19
Free breakfast, lunch and dinner? Listening to Ryan Reynolds talk shit? Massages for gratis? Why the hell wouldn't they return
One in five Googlers will be permanently working from home once the pandemic abates but for the majority it seems free meals in staff canteens
, guest celebrity speaker appearances, resident gyms and massage therapy are irresistible lures.
A pre-Christmas directive
from the Chocolate Factory was for the majority of employees to work from home until September, with a hybrid model being tested that involves a mix of office-based and remote working.
Now Sundar Pichai, CEO at Google and parent company Alphabet, has provided a written update
to explain how he thinks the set-up will work, saying that in areas where the organisation has opened up offices on a “voluntary capacity”, around 60 per cent of staff has chosen to “come back”.
The Register - Independent news and views for the tech community. Part of Situation Publishing
SIGN UP TO OUR DAILY NEWSLETTER
Biting the hand that feeds IT © 1998–2021