back to article LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Singapore sting Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in …

  1. Richard Jones 1
    Happy

    VLC

    I do not use VLC very often so thank you for the warning about that issue.

  2. AustinTX

    I use VLC a dozen times a day so thank you for the news. I was already using 3.0.3

    1. Wensleydale Cheese

      Prompted by the article, I just fired up VLC on my Mac, and the first thing it did was check the version number and offer to download 3.0.3.

  3. sanmigueelbeer
    FAIL

    make sure you regularly patch everything on your network regularly. Firmware updates for routers or printers can be an easy thing to forget, but if they get compromised things could get ugly very quickly.

    Hold on, this "rule" won't work for Huawei's HG532 (which is the centre of this bot using CVE-2017-17215).

    Read Huawei's "response" (https://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en). Nowhere in the security notice did it mention that there is a patch available. As far as Huawei is concern, the issue now lies with ISP.

    Frankly, Huawei can stick this where the sun doesn't shine. They're behaving like the rest about leaving the consumers out to dry when they can afford to re-write the code to close this vulnerability.

    And now they go on a PR expedition about letting people "trust" their gear. How can consumers "trust" their kit if they won't even fix this vulnerability?

    Pull the other leg, boy. Them got bells.

    1. esharpmajor

      I'd guess that statement means one of three things

      * We can't be bothered / it's too old (given the vague boilerplate threats about End of Life).

      * We've lost the source code so here are some workarounds.

      * Some of our ... errr... "customers" requested this "feature" and they won't be happy if we remove it.

    2. Mark 85

      Dark hole in home IT security.

      It's not just Huawei.. it's practically all of the printer and router makers for home use fall into this dark hole. Updates are not easy to find if you're Joe Average User and the manufacturer's stop support pretty damn quick. IMO, printers and routers need an automated way of updating much like Windows where it's pushed, notice given, and the consumer can make the choice. Most users I've met haven't a clue about how to update these devices or that updates might actually be available.

      1. sanmigueelbeer

        Re: Dark hole in home IT security.

        It's not just Huawei

        Anarchist/Wicked (the author of the exploit) is quite smart. He uses a vulnerability the manufacturer refuses to patch. He also mentions, and which has been verified, that his next target is Realtek routers.

        Does this sound familiar? Yes, this is the next "wave" of Mirai/brickerbot. But instead of using the default username/password combo, the author has targeted something more difficult to fix by the user of the router.

        One way of fixing this is to name-and-shame Huawei. With current environment where western nations are questioning the quality of Huawei's codes, throwing this into the mix might just get a reaction.

        1. elip

          Re: Dark hole in home IT security.

          Dude, Huawei is no different than Linksys, Netgear, Cisco, etc... they all have flaws that they won't fix, especially for consumer gear. Linksys, before they got purchased by Cisco, refused to release fw updates for my modem about 12 months after releasing the hardware, despite known exploit PoC code being publicly available. This was the straw that broke the camel's back for me - OpenBSD on a small embedded platform as a router since then on any network I operate.

          1. P. Lee

            Re: Dark hole in home IT security.

            I also went the BSD/Opnsense route (r), ditching the telstra thingy.

            The thing is, for most of these rubbish things, they aren't modified once installed, so why not put a separate admin port in which doesn't forward traffic? Then the attack surface and bad press is vastly reduced.

            1. onefang

              Re: Dark hole in home IT security.

              "why not put a separate admin port in which doesn't forward traffic?"

              Coz that would mean adding an extra dollar or three to the build cost, and many more dollars to the design cost. That'll eat into profits, and that's more important.

  4. Snorlax Silver badge
    Pirate

    Silk Road

    "Ross is condemned to die in prison, not for dealing drugs himself but for a website where others did. This is far harsher than the punishment for many murderers, pedophiles, rapists and other violent people," writes mother Ulbricht.

    Ma Ulbricht, let's not forget that time your little angel hired some Hells Angels to murder six people.

    1. JimC

      Re: Silk Road

      Not to mention that your darling facilitated many more of those crimes than any single individual would be able to commit.

    2. Anonymous Coward
      Anonymous Coward

      Re: Silk Road

      when will drug dealers learn that going around making people feel happy inside WILL NOT BE TOLERATED! There is no escaping the torment that is everyday life. Now, GET BACK TO WORK!

  5. RobThBay

    Silk Road

    Hmmm... the boss of Silk Road gets jail time for activities other people did using his website. Does that mean the bosses of Facebook and Twitter might be guests of a government facility some day as well?

    1. WolfFan Silver badge

      Re: Silk Road

      One can only dream.

    2. Snorlax Silver badge

      Re: Silk Road

      @RobThBay: "Hmmm... the boss of Silk Road gets jail time for activities other people did using his website."

      Whataboutery...

      Ulbricht was charged with drug trafficking, criminal enterprise, aiding and abetting the distribution of drugs over the internet, computer hacking and money laundering. Prosecutors are debating whether or not to dismiss the murder-for-hire charges, solely because he's spending the rest of his life behind bars anyway

      He's a big boy and he knew what he was doing. Time for him to take his medicine...

      1. Mark 65

        Re: Silk Road

        I'd imagine that, in the judiciary's eyes, his actions and position amount to that of an organised crime kingpin. Hence the sentence.

        1. Surreal
          WTF?

          Re: Silk Road

          Li'l Ross couldn't have been All That busy as a criminal kingpin or he'd have the bushels of cash to get a stern reprimand, rather than life in prison. The poor sod should have invested in campaign "free speech".

          1. Snorlax Silver badge

            Re: Silk Road

            @Surreal:"Li'l Ross couldn't have been All That busy as a criminal kingpin or he'd have the bushels of cash to get a stern reprimand, rather than life in prison."

            At the end of the day he's just another lowlife drug dealer, regardless of what his mum thinks.

            El Chapo's mum probably thinks he's misunderstood too...

  6. onefang
    Joke

    I wonder if the yanks will hire those wonderful people that did such a sterling job with the Aussie census to do theirs?

  7. chivo243 Silver badge
    Happy

    "to make the biggest baddest botnet in town"

    Ah, the Leroy Brown Botnet. Does Jim Croce get royalties?

  8. Rustbucket

    Australian My Health Record opt out.

    Australians who wish to opt out of the Government's My Health Record data base have only to October 15 to do it.

    See the latest news on the breach of the similar Singapore system for a possible reason for why you may wish to do so.

    http://theconversation.com/my-health-record-the-case-for-opting-out-99302 gives extra insight on why you may wish to opt out and also contains a link which argues the contrary view for opting in (the default if you do nothing).

    Page link to opt out: https://www.myhealthrecord.gov.au/for-you-your-family/opt-out-my-health-record

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like