W T F,... This is so ADS CANT BE BLOCKED.. Right now you can DNS block ad sites. No longer with this tech. This tech is to make it impossible to block ads.. From the largest ad maker.... Why is that not in the story ?
36 posts • joined 2 Jul 2007
As one of the people who found these issues and has worked tirelessly on this issue I really appreciate El Reg doing such a good job covering this. It has helped put pressure on Intel/ISPs/Modem vendors to get this all resolved.. The real issue is that firmware can ONLY be updated by the ISP. This 1970's era rule needs to go away and CPE needs to be able to be updated by users as well, like cell phones can be updated. PLUS of course Intel needs to completly redesign its "connected home" modem chip from the ground up. I operate a web site with a list of the modems effected.. http://www.badmodems.com/
Im so happy its this judge :) We have put a lot of effort into this over the last 8 months at DSLReports. Ive worked hard for this. Whats scary is the DoS https://www.theregister.co.uk/2017/04/27/intel_puma6_chipset_trivial_to_dos/ its completely unpatched and the exploit code is so easy grandma could do it. https://github.com/nallar/Puma6Fail/releases and 2 months after Intel Product security acknolodged the issue we still dont have a CVE despite its agreed to HIGH rating. No alerts from anyone. Ive never seen a public 0-day that effects millions with public trival code published that has no alerts after 2 months. Also the ISP/MSO hardware cant mitigate / block the exploit because of its streaming nature. So once a attack is started the modem stays offline until the IP is changed.
I rewrote the Cisco press release..
Cisco strives to deliver technologies and services that work. However recently, Cisco became aware that Intel planted a timed obsolescence feature into its Atom 2000 that affects a large number of expensive Cisco products. In all units, we have seen the Intel Atom CPU degrade over time. Although the Cisco products with this Intel CPU are currently performing normally, we expect product failures to increase over the years as Intel built this in to sell more chips, beginning after the unit has been in operation for approximately 18 months. Once the Intel Atom has timed out, the system will become a brick, will not boot, and is not recoverable. This requires the end user to buy a new product. The Intel Atom is also used by a huge number of other vendors on a large number of products.
We have identified all Cisco products that have Intel Inside and tried to work with Intel to quickly get a chip that works however they keep asking us to provide examples of the failure. All products shipping currently do not have this issue as far as we know. To support our customers and partners, Cisco will flog Intel and recall all units under warranty or covered by any valid services contract dated as of November 16, 2016, which have Intel Inside and shove them up Intel's ass. Due to the age-based nature of the failure and the crap ton of replacements, not to mention the cost, we will be prioritizing orders based on the products’ time in operation.
Q: When did you become aware of this issue?
Cisco learned about the timed failure and potential customer impacts due to this feature in late November 2016. Cisco and Intel have been working as quickly as possible to hide the impact and scope of the issue, create and test PR releases, and put in place a plan to hide Intel from lawyers without causing undue panic or effect Intel's stock price.
Re: It happens
We dont know yet if it can be fixed with software. Im waiting on the firmware now. However at least one tester shows the issue is not fixed. Im the DSLReports guy Xymox1 who found the issue and the guy Chris mentions in the story. Those are my plots. So.. We dont know yet if it can be fixed in firmware. Its a stay tuned moment.
OMG Richard, Your my hero.. Keep these stories coming. Our only hope is the press making light of this Shit. I do want to point out tho that this same issue of poor coding, crappy foresight and asinine product planning is preset to some degree in almost every consumer device today. If its destined for a consumer, there is zero doubt its got serious security bugs that allow the device to be taken over. As just one example, BluRay players all have some old horribly outdated and never updated Java in them. https://en.wikipedia.org/wiki/BD-J
We need to not only address the IoS we need to address ALL of consumer electronics.
A UL for software needs to occur. We need to give software the same legal status as hardware and allow software companies to be sued. No more 50 page disclaimers. Software needs the same legal status as any hardware device, like a car.
You must write this crappy code all around us
I am a installer of super high end AV gear and automation. $10M single rooms and completely automated houses. Over the last 5 years firmware bugs and just terrible code has become my #1 issue and typically now costs me most of my profits trying to find work-a-rounds for embedded bugs a mfgr wont ever fix. EVERY device in ALL my clients homes now has a serious show stopping bug. 5 years ago there were none. Its epidemic and going logarithmic in its curve. In consumer electronics its completely out of control. Its costing people like me HUGE amounts of money. This latest DDoS mess is sure NO SURPRISE to me. The crap in consumer electronics is so horrid and 1/8 baked its damn near criminal. As far as poorly written software killing people look no further then Tesla. This DDoS cost the world how much in money ? Just this one single stupid software decision ? And its only the beginning. It used to be that SOME attempt was made to debug software before it shipped. Now its more like Alpha code. I ran into a company that makes $50,000 DAC's that was using MAC addresses for network communications and could not understand why it could not communicate thru a switch.
Software needs to be treated like a hardware product legally. Its that simple. Why we ever allowed them to escape this liability is just beyond me.
What im discussing is the future. Its just a matter of time. As the story very clearly points out the industry cant regulate itself. It never has. Its been on a path of getting far far worse in the last 5 years. Its out of control for CE with profit the only thing that counts. Does it need to be NASA level ? no. But we are a LONG LONG way from where we need to be. I would argue its not THAT hard to make software NASA level reliable. We need to hire WAY MORE programmers. Whole industries need to appear that check code. YES it will be more expensive.
EVERY ONE OF YOU has beat your head in complete frustration, and may be right now, over some horribly obvious just terrible code. Lets all stand up and fix this. If we all just throw up our hands and say nothing and use lower case, NOTHING WILL GET DONE...
EVERY SINGLE SOFTWARE THING YOU OWN OR AROUND YOu NOW HAS _SERIOUS_ BUGS. Its NORMAL NOW.. *W * T * F *... Since no one seem able to write code that works, and its worse every day, its WELL PAST TIME TO REGULATE THE SOFTWARE INDUSTRY. BUGS ARE KILLING PEOPLE NOW. Its costing the world a trillion a year in lost productivity for crappy code and horrendous GUI's. Lets make it mandatory that software WORK. We have standards for things that plug into power, lets have standards for things that plug into network ports. FURTHER. Lets have standards for SOFTWARE. Lets >> REMOVE THEIR ESCAPE FROM LIABILITY WITH 50 PAGE DISCLAIMERS <<.. Lets simply allow lawsuits. That should do it. WRITE CODE THAT WORKS OR BE SUED.. Sounds perfect. ITS WAY PAST TIME FOR THIS..
You block this at the firewall. BUT you have to block all of microsoft and its other domains and never get updates again. I use Deep Freeze and a reboot cures all.
The NSA hackers wrote Win 10. And its naggy ware. Rest assured.. http://money.cnn.com/2015/02/17/technology/security/malware-nsa/
I have downloaded all the patches every issued for Win 7 up till the patches mentioned. I then install WIn 7 and use discs to update it. The reason is one day they will not support Win 7 anymore and I will want to still install and update it. So after a virgin install up to this point I Deep Freeze. Thats how im going to run for years to come. Im just never going to update or go to win 10. Ever. Even if i have to reinstall Wn 7 often. I will just make a image.
**ck Windows 10 and the NSA who are behind it.
Its not malware like, its the same guys who wrote
Apple is misleading
Apple is misleading people. While the OS might be not vulnerable to Heartbleed, the apps ARE vulnerable. This is confirmed by Crestron - a major home automation manufacturer. http://support.crestron.com/app/answers/detail/a_id/5471/kw/5471
So its VERY important to report that while the OS of things like iPads/iPhones/laptops and windows machines may not be a issue, the apps and programs might be.
For example, is Safari vulnerable ? So if a apple or windows browser visits a malicious web site can data be stolen from the machine visiting the server. Heartbleed works on clients too.
Its its irresponsible to mislead consumers that thier products are not vulnerable when in fact they most likely have apps or software that is running on the device.
People who are not professionals in this field should not do it.
The biggest problem with my high end AV industry is that about anybody ( or any company ) thinks they magically know what they are doing when in reality this gear at this price range is highly complex and each piece must be chosen carefully. This combo of gear is horrible. At least it would have been good to consult a professional when writing the story. This is like deciding to create a server farm and never asking a experienced pro how to do it or what hear to buy and just buying the most expensive boxes you can... F A I L.... While this system has been upgraded since I did this vid, its a good idea how to do this correctly http://www.youtube.com/watch?v=3HWSC2yVH-A
I am a bad movie expert. I own 3000+ movies. Worst movie of all time is a difficult decision as there are different genres of horrid.. But.. Birdemic: shock and terror might indeed be the worst movie ever made. Its best when watched with the director commantary turned on. http://www.youtube.com/watch?v=jE5dJDgZ644
This post has been deleted by a moderator
This TV has reached new heights of complete BS in the TV industry. Just when you thought it could not get any more ludicrous along comes this set. I mean come on 20:9 ?!? Its not even 2.35 its 2.33 ! Ambilight ?! That changes color with the picture ?!?! WTF.. Zoned LED backlighting, come on this is a horrid technology.
You can stretch a 4:3 to 20:9 ?!?? OMFG.. WHY ON EARTH... What moron would use this "feature"
Looking at the reviewers choices of TV's to review its clear that there is a pattern. I would expect more from El Reg then to get in bed with one manufacturer.
As I said before. REVIEW A PANASONIC PLASMA. Incredible value. Incredible picture. Here in the states you can buy a panasonic 42" 720P plasma for $499 at Walmart. or a 50" 1080P for $789.
Maybe review one of these
"Panasonic's proprietary IPTV functionality is expanded and enhanced for 2011, with a new identifying name, VIERA Connect, reflecting the transition from the walled garden approach of VIERA Cast to the interactive and inter-connected philosophy behind the new Internet enabled platform. VIERA Cast's popular sites, including Netflix, Amazon VOD, YouTube, Pandora, Twitter, Bloomberg News, a weather channel and Skype) continue on VIERA Connect and are joined by a host of exciting features and apps, all optimized for the best possible user experience. Incorporated in VIERA Connect are such apps as CinemaNow, Hulu Plus, Napster, Facebook and popular sports sites including MLB.TV, MLS Matchday Live, NBA Game Time, and NHL Game Center. "
Thats a TV... And these things are very reasonably priced.
All all humanites knowdge on one system
I can put 14 Hard discs in my computer the way its configured now. So I could have 56,000 GB..
Lets see... Thats ruffly 12,400 movies.. Its only 14 million MP3 songs..
Maybe its possible to have every piece of music ever written on one computer ?
I could buy a small rack enclosure about the size of a night stand and get 32 drives into it PLUS whats in my computer.
At that point I believe I could store the entire worlds total produced movies and music pretty easy with more then enough room for every printed book/magazine/paper..
Thats all with technology available right now.
You know soon it might be possible to get every bit of humanities total produced, everything, on one system pretty easy...
Wow all of mans knowledge collected in one place... Easily... Thats where the future is going. Looks like one day we will have EVERYTHING on a hand held device.
Kinda makes the value of the content pretty minimal when you can just buy EVERYTHING KNOWN TO MAN on one device. I could see that happening.
F A I L
"Netbooks aside"... Well wait a minute, Netbooks are really popular. So your saying just disregard this segment of the market and never mind that your software product causes their machine to page swap with disc like crazy when running your program slowing down the entire machine ?
A LOT of laptops just just a few years ago are not gonna do 4GB of ram ever. So count them out of the picture for your product too ?
And then there is the whole world of zillions of older machines that have 1GB of ram or even older ones at 512MB. The entire world of used machines.. Many people have no idea how to upgrade ram and will never do that.
And let me make sure I understand here.. Its all for search ? Well guess what, I use search once every 3-6 months.
I have 16,000 emails going back to 1991 in my thunderbird 2.0 running on a 1Ghz 512MB laptop and it searches them all just fine. In fact it searches them WAY FASTER on my machine rather then installing 3.X because 3.X starts page swapping and slows the computer way down...
SO... Like most software these days older is better.
AND what works quicker on a resource challenged machine will work faster and better on a high performance machine.
On my 3Ghz overclocked, 4GB ram, adaptec raid 0 with WD raptors machine, 2.0 is still quicker and faster at searching then 3.X .
So there are no new features I need in 2.X and 2.X performs better on both my old school laptop and high performance workstation.
So this newer software, like most new software, FAILS in many ways because the new generation coders have no clue how to write efficient code or are to lazy to do so. This is a epidemic that effects almost all current software companies not just this product. Yea Firefox is also a perfect example of just a complete resource hog.
1 GB of ram !?!?! And for what exactly ? I dont see anything better for me.
WHy is it that new software uses just more and more ram and resources to do the same thing ?
I use computers that are slightly older. Limited in ram. Why do software makers never want to make nice thin clients ? If 2.0 could do everything important that 3.0 does why does 3.0 need 7 TIMES more ram ?
I disagree with 64MB being what 2.0 uses. I have used it forever and it AT MOST uses 38MB. Mostly it sits at 19MB..
Now what will happen is they will stop supporting 2.0 and force me to use a insecure 2.0 because if I use 3.0 the 250MB of ram usage will push me into disc mem swapping and slow my computer down a whole lot..
So... Screw 3.0 and come on software developers, are you so skillless you cant write efficient code ?
THANK GOD !
At least SOMEONE in the news world actually cares about language..
Reading popular web site news like CNN is just horrible. It seems there is no proof reading at all. Sentences slapped together wrongly, misspellings, horrible grammer and a complete lack style.
They edit stories as a story progresses rather then writing a new story on a new development. This leads to a story with facts that are days old and now incorrect. Usally the top of the story has the current facts but by the end of the story its left overs from days previous.
This has spread to many news outlets.
El Reg however is just awesome. Well written, awesome style... It shines above most news outlets..
RE: Mozilla site 100% SSL
I personally think all web sites should just adopt SSL as how they work default for as much of the site as possible and practical,,, unlike now where its used for the smallest amount of time possible.
Lets not even discuss email being so non-secure while there are complete solutions already in place in all the client and server products currently in use.
The use of encryption and real authentication is WAY OVERDUE.
The tools for complete end to end encryption are available now. From a completely encrypted hard disc to SSL browsing & SSL email transmission. These require almost zero client awareness. Server to server SSL is available in Sendmail and Microsoft products.
If bandwidth is such a huge issue then use a low grade. Its still better then none at all. Change to a high grade on critical items.
Come on IT professionals, protect the clients and users.
AMX hardware has become self aware
The company mentioned makes corporate automation hardware with powerful computing engines which run a dedicated OS with god knows what in them.
They obviously all linked up and became self aware.
In fact this a important fact for the ROTM guru's i feel.