Security

Most Read

1. You want a reboot? I'll give you a reboot! Happy now?

2. Linus Torvalds reluctantly issues one more release candidate for Linux kernel 5.12

3. Debian devs decide best response to Richard Stallman controversy is … nothing

4. Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge

5. On a dusty red planet almost 290 million km away... NASA's Ingenuity Mars Helicopter flies

• WordPress core contributor proposes treating Google FLoC as a security vulnerability

  Let's opt every WordPress site out of FLoC. Nice idea, but security update? Really?
  Tim Anderson Mon 19 Apr 2021 // 20:27 UTC

  A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology.

  FLoC (Federated Learning of Cohorts) is Google’s scheme to replace third-party cookies with an ad personalisation system based on groups of users. It has run into wide opposition from privacy advocates and browser makers, but Google has nonetheless pressed ahead with trials in the current version of Chrome.

  Now a WordPress Core contributor has proposed treating “FLoC as a security concern.”

  Continue reading

• Brit Salesforce exec Gavin Patterson becomes transfer target for controversial European Super League

  Ex-BT boss is familiar with the football lifestyle – being paid millions for doing very little
  Lindsay Clark Mon 19 Apr 2021 // 19:30 UTC

  Gavin Patterson, former boss of BT, is in the frame to lead a proposed European football league at the centre of a storm of criticism.

  According to Sky News, Patterson was approached informally several weeks ago about the role.

  Proposals for the European Super League – which UK football clubs Arsenal, Chelsea, Liverpool, Manchester City, Manchester United and Tottenham Hotspur have agreed to join – include a "new midweek competition" with teams continuing to "compete in their respective national leagues". AC Milan, Atletico Madrid, Barcelona, Inter Milan, Juventus and Real Madrid have also agreed to join the controversial league, which plans say will have 20 teams: the 12 founding members plus the three unnamed clubs they expect to join soon, and five teams who qualify annually according to their domestic achievements.

  Continue reading

• Won't somebody please think of the children!!! UK to mount fresh assault on end-to-end encryption in Facebook

  Change the record, nobody's fooled by this now
  Gareth Corfield Mon 19 Apr 2021 // 18:45 UTC

  UK Home Secretary Priti Patel will badmouth Facebook's use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on.

  The ever-popular politician will say at the National Society for the Prevention of Cruelty to Children (NSPCC) event: "Sadly, at a time when we need to be taking more action, Facebook are pursuing end-to-end encryption plans that place the good work and progress achieved so far [on fighting the issue of child abuse] in jeopardy."

  Patel's speech is intended to kickstart a fresh round of government campaigning against end-to-end encryption, as previewed by Wired a few weeks ago.

  Continue reading

• UK digital secretary Oliver Dowden starts national security probe into proposed Arm-Nvidia merger

  Share price immediately dips for GPU-maker
  Matthew Hughes Mon 19 Apr 2021 // 17:30 UTC

  The proposed sale of Arm to NVIDIA looks a bit more tenuous today after UK digital secretary Oliver Dowden issued a Public Interest Intervention Notice (PIIN) indicating he may intervene in the sale on national security grounds.

  The disptach of the PIIN has kicked-off a further degree of scrutiny, with the Competition and Markets Authority (CMA) instructed to include any potential national security concerns in its upcoming report on the merger. These would be obtained via consultation with relevant third parties, and come as an addition to its existing focus on jurisdictional and competition issues.

  Depending on the outcome of the review, Dowden can choose to clear the transaction, impose certain conditions, or refer the it to a more intensive “phase two” investigation.

  Continue reading

• Microsoft bows to the inevitable and takes Visual Studio 64-bit for 2022 version

  When 4GB is just not quite enough
  Richard Speed Mon 19 Apr 2021 // 17:01 UTC

  Microsoft is to drag veteran code wrangler Visual Studio kicking and screaming into the modern world with a 64-bit version.

  It has been a while coming. Visual Studio dates back to the last century and started out life as Visual Studio 97 (replete with the likes of J++) before version 6.0 turned up to round out the 1990s. Microsoft stuck with naming by year thereafter (aside from a brief dalliance with slapping everything with the .NET moniker at the start of this century).

  Which brings us to Visual Studio 2022 and one of the larger overhauls for the suite, not least of which is the long-awaited move to a 64-bit application.

  Continue reading

• Codecov dev tool warns of stolen credentials from compromised script, undiscovered for two months

  Environment variables full of secrets uploaded to attacker server
  Tim Anderson Mon 19 Apr 2021 // 16:03 UTC

  Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago.

  Code coverage measures how much of an application’s code is the subject of unit tests, the idea being that the higher the percentage, the more reliable the application is likely to be. It is a useful but imperfect metric, since it does not take into account the quality of the tests.

  Codecov is a cloud-based tool which integrates with GitHub, GitLab, Atlassian Bitbucket, or any Git-based repository. Developers run tests using their own CI (Continuous Integration) tool and then upload the results to Codecov using a tool called Bash Uploader. Codecov then generates a report which is accessed on its site. Source code itself is not stored on Codecov’s site, but the tool does require read access to a repository in order to display code alongside reports on demand.

  Continue reading

• More Linux love for Windows Insiders with a kernel update

  Rounded corners are nice, but what you really want is Linux 5.10, right?
  Richard Speed Mon 19 Apr 2021 // 15:02 UTC

  Windows Insiders have been given a bit of Linux love with the arrival of a freshly updated kernel and an all-important clock fix.

  Having yanked the Windows Subsystem for Linux (WSL) 2 out of the usual Windows servicing cadence, Microsoft's engineers have been able to update WSL 2 without requiring a full-on OS patch.

  The original 4.19 branch was updated to 5.4.72 in February. The kernel has now been brought considerably more up to date with the 5.10.16.3 version.

  Continue reading

• Sysadmin for FIN7 criminal cracking group gets 10 years in US prison for managing card slurping malware scam

  Plus Pwn2Own faces fire and update Chrome immediately
  Iain Thomson in San Francisco Mon 19 Apr 2021 // 14:15 UTC

  In Brief The former systems administrator for the FIN7 card-slurping gang has been sentenced to 10 years in a US prison.

  Fedir Hladyr, 35, pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking last year, and on Friday was sentenced for his role in the theft and resale of over than 20 million customer card records from over 6,500 point-of-sale terminals across the US using the malware dubbed Carbanak.

  Hladyr set up a front company, Combi Security, to cover his actions as he funneled the purloined data around the criminal underworld. He managed the encrypted comms network the gang used, ran the server farms used to spread and exploit malware, and coordinated individual attacks.

  Continue reading

• Japanese auto chipmaker Renesas expects to resume full production next month following fab blaze

  Glimmer of hope on the semiconductor front – for the car industry anyway
  Matthew Hughes Mon 19 Apr 2021 // 13:31 UTC

  Japanese chipmaker Renesas has said it will restore full production capacity at its N3 Naka plant by the middle of next month following a blaze in March that destroyed equipment and contaminated the clean room.

  Renesas, which accounts for a third of all automotive semiconductor sales globally, said it expects to be at half-capacity by the end of April. CEO Hidetoshi Shibata confirmed in a press conference the company plans to install new fire suppression equipment to prevent any future fires.

  Operations at the Naka N3 clean room resumed on 9 April. According to a notice from Renesas, the company had to rely on over 1,600 workers each day (both internal and from third parties) to rebuild and decontaminate the clean room, illustrating both the scale of destruction and difficulty in restoration.

  Continue reading

• Huawei could have snooped on the Dutch prime minister's phone calls thanks to KPN network core access

  Nobody caught – er, held us responsible, says Chinese firm
  Gareth Corfield Mon 19 Apr 2021 // 12:45 UTC

  Huawei was able to snoop on the Dutch prime minister's phone calls and track down Chinese dissidents because it was included in the core of the Netherlands' mobile networks, an explosive news report has claimed.

  Dutch national daily Volkskrant (behind a pay wall) reported over the weekend that mobile operator KPN, which used Huawei-supplied equipment in the core of its network, discovered the full extent of the Chinese company's doings in 2010 after it commissioned Capgemini to write an outsourcing risk analysis report .

  Not only could the prime minister be eavesdropped on by Huawei, along with millions of other customers, said KPN as it quoted the report, but it could also identify people being snooped on by the Dutch state as well.

  Continue reading

• On a dusty red planet almost 290 million km away... NASA's Ingenuity Mars Helicopter flies

  NASA’s JPL lab speaks to The Reg
  Katyanna Quach and Richard Speed Mon 19 Apr 2021 // 11:59 UTC

  NASA's Ingenuity today hovered in the skies of Mars making the equipment the first human-made helicopter to take flight on another planet.

  Amid cheers in the control room, engineers confirmed the diminutive helicopter had spun up its rotors, taken off, landed, and spun everything down, leaving the stage set for further tests. An image from the helicopter's onboard navigation camera showing its shadow on the surface of Mars was swiftly followed by another sequence from the Perseverance rover showing the helicopter hovering.

  Continue reading