VMware emits security alerts, Planet Hollywood chain hacked, SWAT death caller gets 20 years in clink, and more Last week we saw someone admit hoarding NSA documents, a Huawei patch bungle, and an axe looming for DXC security employees. Now, here's some extra bits and bytes to start this week and month. VMware rings the klaxon over service provider vulnerability If you're running a server hosting VMware's Service Provider portal, you …
In case you needed yet another reason to lock down your machine, do it lest your roommates be allegedly secretly committing crimes.
If you really are paedophillically-inclined* then not locking down your machine in any way seems a great way of ensuring plausible deniability.
*Substitute for other criminal acts as required.
Planet Hollywood. Was never very successful. I remember when it was founded in the early 90s. Did look cool and word on the street was (falsely) that you'd see the founders there (Arnie, Bruce etc). I always thought back then how was it ever going to be successful when you have McDonalds and Burger King offering the same but cheaper.
Anyway. Then onto Apple
"Prosecutors said Ford had posed as Apple support and sent emails to the targets asking them to reset their accounts. When the marks went to the phishing page and entered the information, Ford was then able to access their accounts and get their credit card numbers."
Surely Apple is big enough they can implement the system where they only show the last 4 digits of your card number when you're in your account. So if your account is compromised no one can get the details. Even smaller companies do that. Can Apple get anymore incompetent.
Planet Hollywood, along with Hard Rock Cafe and similar theme restaurants, are designed with the idea that people will pay for the unique ambience and proximity to major attractions. In plaintalk, they're tourist traps built near other, larger tourist traps, where the only competition they have are Vegas casino buffets or Disneyland's criminally overpriced in-park eateries.
More than enough blame to go round here, yet only the moron who faked the call is being punished.
No charges being brought for negligence against the telecomms companies and police involved?
Why not?
This has happened so many times that no-one can claim to be unaware of it, and it could quite feasibly be stopped completely.
What's that you say? It would cost a little money, and cut down on opportunities for state endorsed psycopaths to kill entirely innocent people?
If that sounds harsh, then sorry but for the telecomms companies it's a small hit on bottom line, for police to go into a shoot first situation KNOWING that the alerting system is broken and that innocent parties will likely view it as a potentially lethal home invasion, with tragic consequences is criminally negligent at the very least, and at worst plain homicidal.
Probably won't be noticed tacked onto this article's comments, but - hey - you saw it here first!
Within 5 years, possibly only 2-3, people answering phones won't - they'll pick up and then listen. If a _familiar_ voice says 'hello' then the conversation will proceed. No recognized voice in the first 1.5 seconds and the phone gets hung up or put to the side.
The phone companies, through decades of inaction on faked caller numbers, will cause a societal reversal - the caller must say 'hello' first.
All the irritation, confusion, upset and anger resulting will have a single identified cause - phone companies. Let their roasting begin!
As for police, they should definitely be trained to deal with this. I'm curious, however, what the telecoms companies should do differently? Normally, the person making the fake call simply calls the police department and makes up a story involving a bunch of violence. They might have other reasons to call that police department, though, so the companies couldn't block connections between people and the police. Is there a mechanism to identify this type of call before it gets to the units?
Good point. While they're at it, let's just redesign caller ID so it can't be spoofed by anyone to anyone. If absolutely necessary, allow numbers to register themselves as allowing the caller ID to be a specific other number for call centers and the like, but I'm not that bothered if we don't do that.
> I'm curious, however, what the telecoms companies should do differently? Normally, the person making the fake call simply calls the police department and makes up a story involving a bunch of violence.
Correct but the hoaxer fakes his number to appear to be calling from the property concerned i.e. appears to be the victim. So the suggestion is that phone companies could and should prevent number faking - at the very least to 911 call centres.
Lord forbid you do any research.
As it says right in the fucking article, trials are pending against Viner and Gaskill.
The county DA declined to bring charges against the police officer who shot Finch. That's because like most prosecutors he's chickenshit.1 The close and symbiotic relationship between law enforcement and state prosecutors has a chilling effect on holding the police to account, except in cases of gross malfeasance, or when the US DOJ decides there's a civil rights case to be made (a decision which is largely political).
The phone company is blameless in this case. Barriss called a non-police number at City Hall, and convinced someone there to transfer him to a non-emergency police number.
All of this is well-documented.
1This is a term of art for US prosecutors. It refers to at least two phenomena: prosecutors who are reluctant to bring cases to trial that might be unpopular or they have a good chance of losing (cf. The Chickenshit Club); and certain prosecutorial strategies which were once seen as unacceptable but are now widely used, such as prosecuting for lying to a Federal officer (cf. a post by Ken White on Popehat which I can't be bothered to search for).
It goes without saying that if you find your Asus computer (or a machine you administer) on the list you will want to get in touch with law enforcement as well as scrub the machine of the software nasty
This is Intel and ASUS. I'd suggest scrubbing the machine in the bath, then setting fire to the remains in a remote location while wearing a hazmat suit. Scatter the ashes to the ocean.
There's no telling how buggered up the firmware is with malware after something of this level was attempted. If they had ASUS's signing keys, they might very well have Intel's ME signing keys too, in which case you'd be totally screwed no matter how well you thought you "scrubbed" the machine of the malware.
Though if you elected for the soap + rubber ducky submersed approach, it'd probably be pretty clean. Also a brick.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
