back to article VMware emits security alerts, Planet Hollywood chain hacked, SWAT death caller gets 20 years in clink, and more

Last week we saw someone admit hoarding NSA documents, a Huawei patch bungle, and an axe looming for DXC security employees. Now, here's some extra bits and bytes to start this week and month. VMware rings the klaxon over service provider vulnerability If you're running a server hosting VMware's Service Provider portal, you …

  1. Valerion

    On the other hand

    In case you needed yet another reason to lock down your machine, do it lest your roommates be allegedly secretly committing crimes.

    If you really are paedophillically-inclined* then not locking down your machine in any way seems a great way of ensuring plausible deniability.

    *Substitute for other criminal acts as required.

    1. Brangdon

      Re: On the other hand

      Although a greater chance of getting caught, if any random visitor can peek at your laptop. It's better not to be suspected than to be suspected and found non-guilty (whether innocent or not).

  2. steviebuk Silver badge

    Is that still going?

    Planet Hollywood. Was never very successful. I remember when it was founded in the early 90s. Did look cool and word on the street was (falsely) that you'd see the founders there (Arnie, Bruce etc). I always thought back then how was it ever going to be successful when you have McDonalds and Burger King offering the same but cheaper.

    Anyway. Then onto Apple

    "Prosecutors said Ford had posed as Apple support and sent emails to the targets asking them to reset their accounts. When the marks went to the phishing page and entered the information, Ford was then able to access their accounts and get their credit card numbers."

    Surely Apple is big enough they can implement the system where they only show the last 4 digits of your card number when you're in your account. So if your account is compromised no one can get the details. Even smaller companies do that. Can Apple get anymore incompetent.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is that still going?

      Planet Hollywood, along with Hard Rock Cafe and similar theme restaurants, are designed with the idea that people will pay for the unique ambience and proximity to major attractions. In plaintalk, they're tourist traps built near other, larger tourist traps, where the only competition they have are Vegas casino buffets or Disneyland's criminally overpriced in-park eateries.

      1. GrapeBunch Silver badge
        Coat

        Re: Is that still going?

        So the burghers (sic) of my city may boost its image by proclaiming "Is not and never was host to a Planet Hollywood." To replace the previous motto: "Thirty percent less rat than where you're at."

        Mine's the one with something cute in the pocket.

  3. Anonymous Coward
    Anonymous Coward

    SWAT Death

    More than enough blame to go round here, yet only the moron who faked the call is being punished.

    No charges being brought for negligence against the telecomms companies and police involved?

    Why not?

    This has happened so many times that no-one can claim to be unaware of it, and it could quite feasibly be stopped completely.

    What's that you say? It would cost a little money, and cut down on opportunities for state endorsed psycopaths to kill entirely innocent people?

    If that sounds harsh, then sorry but for the telecomms companies it's a small hit on bottom line, for police to go into a shoot first situation KNOWING that the alerting system is broken and that innocent parties will likely view it as a potentially lethal home invasion, with tragic consequences is criminally negligent at the very least, and at worst plain homicidal.

    1. Notas Badoff

      Re: SWAT Death

      Probably won't be noticed tacked onto this article's comments, but - hey - you saw it here first!

      Within 5 years, possibly only 2-3, people answering phones won't - they'll pick up and then listen. If a _familiar_ voice says 'hello' then the conversation will proceed. No recognized voice in the first 1.5 seconds and the phone gets hung up or put to the side.

      The phone companies, through decades of inaction on faked caller numbers, will cause a societal reversal - the caller must say 'hello' first.

      All the irritation, confusion, upset and anger resulting will have a single identified cause - phone companies. Let their roasting begin!

    2. doublelayer Silver badge

      Re: SWAT Death

      As for police, they should definitely be trained to deal with this. I'm curious, however, what the telecoms companies should do differently? Normally, the person making the fake call simply calls the police department and makes up a story involving a bunch of violence. They might have other reasons to call that police department, though, so the companies couldn't block connections between people and the police. Is there a mechanism to identify this type of call before it gets to the units?

      1. kain preacher Silver badge

        Re: SWAT Death

        doublelayer what the phone company can do is pas the ANI to 911 and police controlled numbers. That will stop spoofing.

        1. doublelayer Silver badge

          Re: SWAT Death

          Good point. While they're at it, let's just redesign caller ID so it can't be spoofed by anyone to anyone. If absolutely necessary, allow numbers to register themselves as allowing the caller ID to be a specific other number for call centers and the like, but I'm not that bothered if we don't do that.

        2. Michael Wojcik Silver badge

          Re: SWAT Death

          Irrelevant in this case.

      2. 2+2=5 Silver badge

        Re: SWAT Death

        > I'm curious, however, what the telecoms companies should do differently? Normally, the person making the fake call simply calls the police department and makes up a story involving a bunch of violence.

        Correct but the hoaxer fakes his number to appear to be calling from the property concerned i.e. appears to be the victim. So the suggestion is that phone companies could and should prevent number faking - at the very least to 911 call centres.

    3. Michael Wojcik Silver badge

      Re: SWAT Death

      Lord forbid you do any research.

      As it says right in the fucking article, trials are pending against Viner and Gaskill.

      The county DA declined to bring charges against the police officer who shot Finch. That's because like most prosecutors he's chickenshit.1 The close and symbiotic relationship between law enforcement and state prosecutors has a chilling effect on holding the police to account, except in cases of gross malfeasance, or when the US DOJ decides there's a civil rights case to be made (a decision which is largely political).

      The phone company is blameless in this case. Barriss called a non-police number at City Hall, and convinced someone there to transfer him to a non-emergency police number.

      All of this is well-documented.

      1This is a term of art for US prosecutors. It refers to at least two phenomena: prosecutors who are reluctant to bring cases to trial that might be unpopular or they have a good chance of losing (cf. The Chickenshit Club); and certain prosecutorial strategies which were once seen as unacceptable but are now widely used, such as prosecuting for lying to a Federal officer (cf. a post by Ken White on Popehat which I can't be bothered to search for).

  4. whitepines Silver badge
    Devil

    Oh really?

    It goes without saying that if you find your Asus computer (or a machine you administer) on the list you will want to get in touch with law enforcement as well as scrub the machine of the software nasty

    This is Intel and ASUS. I'd suggest scrubbing the machine in the bath, then setting fire to the remains in a remote location while wearing a hazmat suit. Scatter the ashes to the ocean.

    There's no telling how buggered up the firmware is with malware after something of this level was attempted. If they had ASUS's signing keys, they might very well have Intel's ME signing keys too, in which case you'd be totally screwed no matter how well you thought you "scrubbed" the machine of the malware.

    Though if you elected for the soap + rubber ducky submersed approach, it'd probably be pretty clean. Also a brick.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019