Security

Most Read

1. Quality control, Soviet style: Here's another fine message you've gotten me into

2. Stuxnet sibling theory surges after Iran says nuke facility shut down by electrical fault

3. FCC urges Americans to run internet speed app to counter Big Cable's broadband data fudging

4. Nominet chooses civil war over compromise by rejecting ex-BBC Trust chairman

5. Bless you: Yep, it's IBM's new name for tech services spinoff and totally not a hayfever medicine

• NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

  114 fixes for the Windows world – with SAP and Adobe joining in as usual
  Thomas Claburn in San Francisco Tue 13 Apr 2021 // 19:47 UTC

  Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).

  Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical.

  "This month’s release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post.

  Continue reading

• What's Red and scale-y and shacked up with NEC? A new Red Hat network function virtualization solution, apparently

  Living on the Edge as SA networks roll out
  Matthew Hughes Tue 13 Apr 2021 // 19:01 UTC

  The move to 5G has allowed vendors and carriers to fundamentally rethink how their networks are structured. Once the norm, tightly integrated vendor-specific hardware is gradually being supplanted by virtualized alternatives that run happily on standards-agnostic kit. Jumping on the bandwagon is Japanese provider NEC, which today said it would use RedHat's OpenShift Kubernetes platform for its upcoming 5G hardware.

  The company said it plans to use OpenShift across its 5G Core and RAN products, intended for both public and private use, as well its Edge and AI platforms.

  On the edge, NEC sells a compact data processing device called the UPF mini. The hardware has already been selected for NTT DoCoMo's 5G SA (StandAlone) network, with the device positioned on existing base stations. The company also sells a software-based AI analysis platform for private and local networks, which NEC claimed can help mitigate performance slowdowns caused by congestion.

  Continue reading

• In the enterprise, Kubernetes has to play by the same rules as other platforms

  Shortcuts? What shortcuts!
  Timothy Prickett Morgan Tue 13 Apr 2021 // 18:00 UTC

  Sponsored Without a doubt, Kubernetes is the most important thing that has happened in enterprise computing in the past two decades, rivalling the transformation that swept over the datacenter with server virtualization, first in the early 2000s on RISC/Unix platforms and then during the Great Recession when commercial-grade server virtualization became available on X86 platforms at precisely the moment it was most needed.

  All things being equal, the industry would have probably preferred to go straight to containers, which are lighter weight than server virtualization and which are designed explicitly for service-oriented architectures – now called microservices – but it is the same idea of chopping code into smaller chunks so it can be maintained, extended, or replaced piecemeal.

  This is precisely why Google spent so much time in the middle 2000s creating what are now seen as relatively rudimentary Linux containers and the Borg cluster and container controllers. Seven years ago, as it was unclear what the future platform might look like; OpenStack, which came out of NASA and Rackspace Hosting, was a contender, and so was Mesos, which came out of Twitter, but Kubernetes, inspired by Borg and adopting a universal container format derived from Docker, has won.

  Continue reading

• Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins

  It's like the 2000s all over again, sighs Bitdefender
  Gareth Corfield Tue 13 Apr 2021 // 17:12 UTC

  Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.

  As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed. Often distributed through BitTorrent in the days of yore, cracked software (also known as warez) appeal mainly to freeloaders who are happy to use a particular suite without paying for a licence.

  With Microsoft Office and Adobe Photoshop being two of the most popular software suites in their niches, cracked versions were always going to be popular.

  Continue reading

• Microsoft's Surface Laptop 4 now includes AMD options for biz customers, boasts up to 19 hours of battery life

  Surface Headphones 2+ also available and a range of 'Modern' kit coming in the next few months
  Richard Speed Tue 13 Apr 2021 // 16:15 UTC

  Microsoft has opened the order books on the fourth generation of its Surface Laptop, replete with Intel-baiting AMD chippery in the line-up.

  Blessedly free of an overexcited Microsoft bigwig describing himself as "pumped" at the sight of some relatively pedestrian hardware, Microsoft's Surface Laptop 4 has arrived in 13.5 and 15-inch guise with a variety of Intel and AMD silicon to choose from.

  The new AMD chips are an important update; previously, consumers could select a Surface Laptop 3 not powered by Intel, but businesses were directed Chipzilla's way. This time around a range of updated Intel and AMD silicon is on offer to both customer types.

  Continue reading

• You know what? Fork this: AWS renames its take on Elasticsearch to OpenSearch following trademark fight

  Beta expected in a matter of weeks, production release planned for summer
  Tim Anderson Tue 13 Apr 2021 // 15:29 UTC

  AWS has introduced the OpenSearch project, the new name for its open-source fork of Elasticsearch and Kibana.

  OpenSearch is "the new home for our previous distribution of Elasticsearch (Open Distro for Elasticsearch)," according to a post yesterday, and the code is licensed under Apache 2.0. The Kibana fork is called OpenSearch Dashboards.

  The projects are on GitHub, where they are described as "in alpha state." The contributors said: "We've been removing non-Apache 2.0 compliant code and doing a full rename of the project."

  Continue reading

• Northrop Grumman's MEV-2 gives Intelsat satellite a new lease on life until the next rescue in another five years

  After 17 years into a 13-year mission, that's not bad
  Richard Speed Tue 13 Apr 2021 // 14:12 UTC

  Northrop Grumman's second Mission Extension Vehicle (MEV) has docked with Intelsat's IS-10-02 satellite, potentially extending the life of the latter by five years.

  Launched in 2004, IS-10-02 delivers broadband and media services over Europe, the Middle East, Africa, and South America. Half of its Ku band payload is owned by Telenor Satellite, which contributed to the MEV mission.

  Dubbed MEV-2, the spacecraft's mission differed from last year's successful demonstration with Intelsat's IS-901 satellite. This time around the docking occurred directly in the satellite's operational GEO orbit location, a first for the MEV fleet.

  Continue reading

• Unity devs warned of breaking changes ahead in video game engine as team gets to grips with mutating face of .NET

  Support has fallen behind and fixing it is a challenge
  Tim Anderson Tue 13 Apr 2021 // 13:15 UTC

  Unity software developer Josh Peterson has spoken about the future of .NET support in the widely used game development engine.

  Use in game development is one of the bright spots for C# popularity, according to a survey late last year, but its use in Unity is somewhat messy.

  The C# scripting engine is based on Mono but developers may also use .NET Framework when running on Windows. Mono is the old open-source implementation of .NET, from before Microsoft itself came out with .NET Core. Microsoft acquired the stewardship of Mono with Xamarin in 2016, and Mono now shares substantial code with .NET Core, but it remains distinct and the runtime is still used in some scenarios.

  Continue reading

• Salesforce's get-back-to-work strategy starts with 'Volunteer Vaccinated Cohorts' on designated floors

  Sounds kind of like a vaccination passport for California offices
  Lindsay Clark Tue 13 Apr 2021 // 12:32 UTC

  Salesforce has waded into the heated debate over vaccine passports, suggesting they may be a means of getting employees back into the office. Just don't call them vaccine passports.

  According to the SaaSy CRM vendor, Volunteer Vaccinated Cohorts of protected employees will be able to join groups of 100 or fewer people to work on designated floors in certain offices, starting with San Francisco, Palo Alto, and Irvine from next month.

  In the US and Europe, debate rages about vaccine passports or any means of restricting access to events or services according to an individual's vaccination status. New York State created its own digital pass while Florida and Texas attempted to outlaw them, for example.

  Continue reading

• Key Perl Core developer quits, says he was bullied for daring to suggest programming language contained 'cruft'

  'After saying this, I immediately received hostile messages' says pumpking of version 5.x
  Thomas Claburn in San Francisco Tue 13 Apr 2021 // 11:48 UTC

  On Monday, the Perl Core developer known as Sawyer X announced his intention to leave the three-person Perl Steering Committee, or Council, and the Perl Core group because of what he described as community hostility.

  Sawyer X, who became "pumpking" – manager of the core Perl 5 language – in 2016 when he took over that role from Ricardo Signes, explained his rationale for departing in a post to a Perl discussion list.

  "Due to the continuous abusive behavior by prominent Perl community members and just about anyone else who also feels entitled to harass me (and unfortunately, other Core developers), I am stepping down from the Steering Council, from the Perl security list, and from the Perl Core," Sawyer said, adding that he is stepping down from the Perl Foundation's Grants Committee and that he will not be speaking at or attending the next Perl conference.

  Continue reading

• UK government opens vaccine floodgates to over-45s, NHS website predictably falls over

  Looks like classic case of failing to scale to meet inevitable demand
  Richard Speed Tue 13 Apr 2021 // 11:04 UTC

  The UK's National Health Service is now offering COVID-19 vaccines to those aged 45 and above however the volume of interest has made the appointment-booking website prone to wobbles.

  Despite an impressive take-up by the over-50s, it appears healthcare bigwigs did not anticipate the demand once the over-45s were permitted to join in. If only there was some record of just how many there are in that age group.

  The brakes were taken off last night as the vaccines became available to "all adults over 50, the clinically vulnerable and health and social care workers," although some might quibble with the definition of "clinically vulnerable."

  Continue reading