back to article FBI extends voting security push, LA court hacker goes down, and more D-Link failures

Here's your Reg roundup of security news beyond all the bits and bytes we've already covered. FBI refreshes voting security push Last year, the FBI kicked off Protected Voices, a campaign to improve voting security at the state and local level. The effort was just expanded for the coming year with new resources and materials, …

  1. Anonymous Coward
    Anonymous Coward

    This is a threat that not only concerns every American, it involves every American.

    What also concerns and involves every American is this:

    "Surveillance Court found that the FBI may have violated the rights of potentially millions of Americans"

    https://theintercept.com/2019/10/10/fbi-nsa-mass-surveillance-abuse/

    And now the FBI wants to give advise on voting???

    1. Tom 35 Silver badge

      Re: This is a threat that not only concerns every American, it involves every American.

      Well the GOP is not going to do it.

      1. fishbone
        Meh

        Re: This is a threat that not only concerns every American, it involves every American.

        If you hadn't noticed they're in the minority and are concerned more about voter fraud than poll hacking, probably with good reason. They'll never win California, New York, Illinois, or Virginia. With population shifts from higher tax states toward western states that feature low taxes and population densities they are turning blue, see Arizona and Nevada. With socialistic attitudes on the rise in the upcoming elections amongst Democrats, it don't look too good.

    2. Mark 85 Silver badge
      Devil

      Re: This is a threat that not only concerns every American, it involves every American.

      Well, who else is better to advise us than someone who does such things?

  2. lglethal Silver badge
    Stop

    Funny, that D-Link can just get away with just saying, "Tough sh%t. Go buy a new router".

    If any of those routers are under 10 years old, then I would hope that there owners are going to demand that D-Link either replaces them free of charge or gets off its ar$e and fixes the gaping security hole in the router.

    Imagine the uproar if a car manufacture came out and said, "Oh yeah we've discovered a failure in the airbags, where they wont actually work, but because the cars involved are more then 5 years old, were not going to do anything about. Buy a new car instead."

    It's crazy what firms in the IT world can get away with...

    1. Charles 9 Silver badge

      At least airbag modules can be replaced on their own. A better analogy would be if the problem was with the transmission failing ahead of schedule but due to their age they're out of warranty. Fixing the transmission would cost more than the car is worth (I speak from experience), meaning you're dead-end ed because they have the money to influence the legislators.

    2. BBRush

      Remember Fight Club? IT companies can do this because the sums involved are small. How much is a consumer router? €100? €250 max? A car is €x0,000 and has a service life of many, may years whereas a router? Five tops before it will be replaced. Even Apple puts handsets into obsolescence after four years.

      I can't even remember what router I had 10 years ago, I certainly would not be still using it.

    3. Sandtitz Silver badge
      Thumb Down

      D-Link

      "If any of those routers are under 10 years old"

      Oh, some of those are ancient, over 10 years old, but DIR-866L - a fairly modern 802.1ac wireless router shamelessly modeled after the dustbin Mac Pro - was introduced in late 2014 and still available from resellers.

      Fast, Good, Cheap - pick two. In D-Link's case, just pick Cheap.

      1. Charles 9 Silver badge

        Re: D-Link

        How soon before we MUST insist on All or Nothing, physics be damned, just to maintain our sanity?

    4. Tom 35 Silver badge

      You should consider a new non-d-link router if yours is vulnerable.

    5. Halfmad Silver badge

      There's a couple of them still for same online from big retailers. Crazy.

    6. Frank Bitterlich
      Mushroom

      Correction

      Because D-Link is not providing updates to the devices listed above, it is important to replace any affected device with one that is currently supported by the vendor.

      Slight correction: "... it is important to replace D-Link on your list of suppliers with a company that actually takes security seriously."

  3. Bronek Kozicki Silver badge
    Trollface

    Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

    Well, for me an endorsement of a new technology does not get any better.

    1. LDS Silver badge
      Facepalm

      Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

      Sure, why should they let Google and Clouflare get all the DNS queries data?

      1. Anonymous Coward
        Anonymous Coward

        Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

        What's stopping you rolling your own?

        1. LDS Silver badge

          Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

          I already use my own DNS system (because I know how to make it work) - but DoH will put even more power in the hands of the same few companies that are getting a bigger and bigger control of the internet. The fact that Google will be able to collect and snoop over a bigger share of DNS queries doesn't make me feel better because my ISP can't.

          1. Charles 9 Silver badge

            Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

            "I already use my own DNS system (because I know how to make it work) - but DoH will put even more power in the hands of the same few companies that are getting a bigger and bigger control of the internet."

            Again, what's stopping you rolling your own? If what you say were true, there is NOTHING stopping the likes of Google from doing it already by simply bypassing DNS the way Windows 10 bypasses DNS for its telemetry.

            1. Michael Wojcik Silver badge

              Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

              Again, what's stopping you rolling your own?

              Hard-coded DoH server addresses in the browsers?

              I haven't looked at Google's or Mozilla's DoH implementation, because I already use DoH-free browsers for most purposes. But I can certainly foresee a day when it will be necessary to use a non-mainstream fork to avoid the Google+Cloudflare DoH duopoly. That may not come to pass, but it would be trivial for Google to implement it in Chrome.

              1. Charles 9 Silver badge

                Re: Comcast ... using their lobbying might to push back against DNS-over-HTTPS (DoH)

                "Hard-coded DoH server addresses in the browsers?"

                Instant non-viability in enterprises and other large-scale deployments where internal resolvers are the norm?

                Like I said, if something can get away with not using DNS (and the blockers tied to DNS), they're doing it already (like Windows 10).

  4. KarMann
    Headmaster

    Weary of the typos

    'Weary of the threat posed by quadcopter drones flying into unwanted areas….'

    Just this once, I'm not entirely sure that that 'weary' wasn't supposed to be 'wary'. Either one could apply here.

  5. LDS Silver badge

    "tell platforms what content to remove, platforms just do self censorship"

    Which means companies are so scared of the government they willfully and fully cooperate - and that's exactly what every authoritarian regime wants to achieve - a system which works on its own to crush any dissent, where every "citizen" (now a slave) controls and is ready to report every other else.

    1. Anonymous Coward
      Anonymous Coward

      Re: "tell platforms what content to remove, platforms just do self censorship"

      You mean, a non-mob version of Politically Correct would not be correct?

  6. David Pearce

    The DIR-615 was the standard router supplied by Telekom Malaysia for many years.

    While the router is theoretically the customers problem and many have upgraded, there must be an enormous number still in use

    1. Charles 9 Silver badge

      "While the router is theoretically the customers problem and many have upgraded, there must be an enormous number still in use"

      I was going to say the DIR-615 is hopelessly outdated, but what I see these days on Amazon is nothing like the boxy gray DIR-615 I used before I switched to a Netgear Nighthawk AC1900. And I switched because it chugged like no end when using encrypted WiFi, and its IPv6 support was inadequate.

  7. pavel.petrman Bronze badge

    I'm torn

    On one hand, the typical impact security tools and parental controls, as well as make it harder for law enforcement to catch criminals sets of all the usual important bells in the heads of all sane netizens, but Google being behind the lamented technology offsets any lingo-based gains.

    The bottom line is that every corporation will be MITMing all employee generated traffic in no time unless they are already doing so. At home the situation is different - virtually everyone is neck deep in Google already, so there is nothing to fear there. The remaining half percent will carry on being called tinfoil hats and everyone will be happy again.

    1. Claptrap314 Silver badge

      Re: I'm torn

      Corporations are already MITMing most traffic if they are competent.

      This is a fight between Google/Cloudflare and the ISPs for the DNS lookup tracking data. The cagey can opt out. But 99.999% of the data is better than nothing.

  8. Barrie Shepherd

    Kaspersky anti-drone toolkit

    "Weary of the threat posed by quadcopter drones flying into unwanted areas, developers with Kaspersky says it is working on a software platform ...................."

    Unless Kaspersky have some of Nigel Farage's Brexit dust no quantity of software will stop a drone without the associated radio transmission equipment.

    The likelihood of Joe public, or any non government business, successfully being granted permissions to transmit GPS and similar jamming signals is (I sincerely hope) a little lower than the square root of naff all.

    So who are Kaspersky aiming this product at? I suspect that the security and police services have access to appropriate equipment already.

  9. Mark 85 Silver badge

    "And perhaps most importantly, he compromised the integrity of the LASC, which is a court system that thousands of people rely on to administer justice."

    Are the "thousands of people" just crims? Seems to me that there's several million citizens in that area so aren't they relying on this system?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019