back to article LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Singapore sting Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in …

Happy

VLC

I do not use VLC very often so thank you for the warning about that issue.

7
0

I use VLC a dozen times a day so thank you for the news. I was already using 3.0.3

7
0
Silver badge

Prompted by the article, I just fired up VLC on my Mac, and the first thing it did was check the version number and offer to download 3.0.3.

5
0
Bronze badge
FAIL

make sure you regularly patch everything on your network regularly. Firmware updates for routers or printers can be an easy thing to forget, but if they get compromised things could get ugly very quickly.

Hold on, this "rule" won't work for Huawei's HG532 (which is the centre of this bot using CVE-2017-17215).

Read Huawei's "response" (https://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en). Nowhere in the security notice did it mention that there is a patch available. As far as Huawei is concern, the issue now lies with ISP.

Frankly, Huawei can stick this where the sun doesn't shine. They're behaving like the rest about leaving the consumers out to dry when they can afford to re-write the code to close this vulnerability.

And now they go on a PR expedition about letting people "trust" their gear. How can consumers "trust" their kit if they won't even fix this vulnerability?

Pull the other leg, boy. Them got bells.

12
1

I'd guess that statement means one of three things

* We can't be bothered / it's too old (given the vague boilerplate threats about End of Life).

* We've lost the source code so here are some workarounds.

* Some of our ... errr... "customers" requested this "feature" and they won't be happy if we remove it.

11
1
Silver badge

Dark hole in home IT security.

It's not just Huawei.. it's practically all of the printer and router makers for home use fall into this dark hole. Updates are not easy to find if you're Joe Average User and the manufacturer's stop support pretty damn quick. IMO, printers and routers need an automated way of updating much like Windows where it's pushed, notice given, and the consumer can make the choice. Most users I've met haven't a clue about how to update these devices or that updates might actually be available.

5
0
Bronze badge

Re: Dark hole in home IT security.

It's not just Huawei

Anarchist/Wicked (the author of the exploit) is quite smart. He uses a vulnerability the manufacturer refuses to patch. He also mentions, and which has been verified, that his next target is Realtek routers.

Does this sound familiar? Yes, this is the next "wave" of Mirai/brickerbot. But instead of using the default username/password combo, the author has targeted something more difficult to fix by the user of the router.

One way of fixing this is to name-and-shame Huawei. With current environment where western nations are questioning the quality of Huawei's codes, throwing this into the mix might just get a reaction.

9
0

Re: Dark hole in home IT security.

Dude, Huawei is no different than Linksys, Netgear, Cisco, etc... they all have flaws that they won't fix, especially for consumer gear. Linksys, before they got purchased by Cisco, refused to release fw updates for my modem about 12 months after releasing the hardware, despite known exploit PoC code being publicly available. This was the straw that broke the camel's back for me - OpenBSD on a small embedded platform as a router since then on any network I operate.

2
0
Silver badge

Re: Dark hole in home IT security.

I also went the BSD/Opnsense route (r), ditching the telstra thingy.

The thing is, for most of these rubbish things, they aren't modified once installed, so why not put a separate admin port in which doesn't forward traffic? Then the attack surface and bad press is vastly reduced.

1
0

Re: Dark hole in home IT security.

"why not put a separate admin port in which doesn't forward traffic?"

Coz that would mean adding an extra dollar or three to the build cost, and many more dollars to the design cost. That'll eat into profits, and that's more important.

0
0
Silver badge
Pirate

Silk Road

"Ross is condemned to die in prison, not for dealing drugs himself but for a website where others did. This is far harsher than the punishment for many murderers, pedophiles, rapists and other violent people," writes mother Ulbricht.

Ma Ulbricht, let's not forget that time your little angel hired some Hells Angels to murder six people.

18
1
Silver badge

Re: Silk Road

Not to mention that your darling facilitated many more of those crimes than any single individual would be able to commit.

10
1
Anonymous Coward

Re: Silk Road

when will drug dealers learn that going around making people feel happy inside WILL NOT BE TOLERATED! There is no escaping the torment that is everyday life. Now, GET BACK TO WORK!

3
2

Silk Road

Hmmm... the boss of Silk Road gets jail time for activities other people did using his website. Does that mean the bosses of Facebook and Twitter might be guests of a government facility some day as well?

15
1
Silver badge

Re: Silk Road

One can only dream.

16
0
Silver badge

Re: Silk Road

@RobThBay: "Hmmm... the boss of Silk Road gets jail time for activities other people did using his website."

Whataboutery...

Ulbricht was charged with drug trafficking, criminal enterprise, aiding and abetting the distribution of drugs over the internet, computer hacking and money laundering. Prosecutors are debating whether or not to dismiss the murder-for-hire charges, solely because he's spending the rest of his life behind bars anyway

He's a big boy and he knew what he was doing. Time for him to take his medicine...

1
0
Silver badge

Re: Silk Road

I'd imagine that, in the judiciary's eyes, his actions and position amount to that of an organised crime kingpin. Hence the sentence.

2
0
WTF?

Re: Silk Road

Li'l Ross couldn't have been All That busy as a criminal kingpin or he'd have the bushels of cash to get a stern reprimand, rather than life in prison. The poor sod should have invested in campaign "free speech".

1
0
Silver badge

Re: Silk Road

@Surreal:"Li'l Ross couldn't have been All That busy as a criminal kingpin or he'd have the bushels of cash to get a stern reprimand, rather than life in prison."

At the end of the day he's just another lowlife drug dealer, regardless of what his mum thinks.

El Chapo's mum probably thinks he's misunderstood too...

0
0
Joke

I wonder if the yanks will hire those wonderful people that did such a sterling job with the Aussie census to do theirs?

2
0
Silver badge
Happy

"to make the biggest baddest botnet in town"

Ah, the Leroy Brown Botnet. Does Jim Croce get royalties?

3
0

Australian My Health Record opt out.

Australians who wish to opt out of the Government's My Health Record data base have only to October 15 to do it.

See the latest news on the breach of the similar Singapore system for a possible reason for why you may wish to do so.

http://theconversation.com/my-health-record-the-case-for-opting-out-99302 gives extra insight on why you may wish to opt out and also contains a link which argues the contrary view for opting in (the default if you do nothing).

Page link to opt out: https://www.myhealthrecord.gov.au/for-you-your-family/opt-out-my-health-record

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018