‘I was like, yea!’ 5-year-old found his Xbox so easy to use, he hacked it
Quotw We haven’t heard any expletive-laden smackdowns from Linux kernel chief Linus Torvalds in a while, so this week he obliged us all with a beaut. The head penguin railed on developer Kay Sievers, one of the key figures behind systemd, which isn’t in the kernel but is one of the first essential programs to launch after Linux boots.
And what dread sin had poor Sievers committed? Another kernel developer Steven Rostedt discovered that when a Linux system is started with the “debug” option enabled, systemd can flood the logging services with so much information, the machine fails to boot. Torvalds was so incensed, he got Sievers’ name wrong in his flame of the developer:
Key, [sic] I’m f*cking tired of the fact that you don’t fix problems in the code *you* write, so that the kernel then has to work around the problems you cause.
Other devs had suggested there may be ways for the kernel to mitigate the flood, but Torvalds was having none of it:
I’m not willing to merge something where the maintainer is known to not care about bugs and regressions and then forces people in other projects to fix their project. Because I am *not* willing to take patches from people who don’t clean up after their problems, and don’t admit that it’s their problem to fix.
It’s really sad that things like this get elevated to this kind of situation, and I personally find it annoying that it’s always the same f*cking prima donna involved.
Sievers took his public scolding well, reposting a statement from Lennart Poettering explaining that the systemd devs would be sorting the issue out with a software patch and posting a tongue-in-cheek status update on Google+:
Torvalds had threatened to reject his code from the Linux kernel, but Sievers said he didn’t care, since he wasn’t planning to submit any:
My last kernel patch is more than a year old, my last non-trivial kernel patch 2 years old. I stopped working on the upstream kernel “long ago” for reasons I cannot stand the attitude of these guys, I decided to work with grown up or funny people instead and I enjoy it a lot more. Not sure what this childish blackmail attempt relates to.
Speaking of fury, users of Western Digital’s online storage service MyCloud reached the end of their patience with the firm this week as an outage dragged on. Quivering rage-infused customers filled 33 pages of the WD community web forum with complaints since MyCloud went titsup last week. The punters detailed their ongoing issues with accessing the file cloud.
User Prototyp_Gottes said:
If I use the desktop app, it works properly. I can see all folders and can also access them without any problems.
But I still have problems with my remote access. Using wd2go.com, I only can pass the login screen. After clicking on my My Cloud device, my browser keeps on loading and nothing happens. And by using my mobile apps it is almost the same. At least I can see all the public folders, when I try to access via mobile apps. But after opening the public folder my mobile app also keeps on loading and won’t show me the folders within the public folder.
WD president Jim Murphy sent out a mass email at the start of the week to try to soothe the ruffled feathers, but since he failed to give out any useful information such as what the problem is or why it’s taking so long to fix, it’s unlikely to assuage the masses.
User Karimero said:
A few days ago I thought the problem was solved. Back at work now, trying to login. And there it is again: unable to access device. (0).
Fail. Fail. Fail.
Never again a WD product.
In Blighty, a High Court judge has decided that IBM was wrong to pull a quarter of its employees off Defined Benefit pensions – which would have given them a pension set as a portion of their final salary – and leave them with no choice but to sign non-pensionability agreements or get no pay rises in the future.
Employees sued the firm for breaches of its duties in implementing so-called “Project Waltz” changes, and Justice Nicholas Warren came down on their side:
In the light of all the evidence… it is my view that no reasonable employer in the position of [IBM] in 2009 would have adopted the Project Waltz proposals in the form which they took.
IBM said that it would be looking to appeal the decision:
IBM respectfully, but fundamentally, disagrees with the court’s decision. The court’s opinion acknowledges IBM’s right to make changes in its UK pension programmes, but we believe the Court applied an incorrect legal standard in invalidating IBM’s exercise of that right.
Those in search of, ahem, love on popular dating/hookup app Tinder could be running afoul of robot-voiced tricksters. Hackers are using the app to spread malware and survey scams by hoodwinking potential lovers into clicking on fraudulent links. The bots lure their prey in with tempting profiles and pictures, according to net security firm BitDefender. Chief security strategist Catalin Cosoi explained:
After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link. The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain.
The cybercrims have even tailored their scam for particular areas and countries: for example, enticing Brits with a bit of totty and an invitation to compete for ASDA and Tesco Vouchers, while Americans get a hottie and a challenge to play a Cattle Clash game. An example of the automated love chat goes like this:
Hey, how are you doing? I’m still recovering from last night :) Relaxing with a game on my phone, Castle Clash. Have you heard about it? http://tinderverified.com/castleclash[removed]. Play with me and you may get my phone number.
Both Cattle Clash developer IGG and an Arizona-based photo studio mined for suitable pics are also victims of the hack.
George Anderson, director of product marketing at Webroot, said:
The Tinder bot is a sophisticated attack – to be able to trick people into thinking they are chatting with real people, hackers must have invested a considerable amount of time and tested lots of reply and response scripts to get a high success rate.
And finally, a five-year-old boy has figured out how to hack his dad’s Xbox Live account. The likely lad, Kristoffer Von Hassel of Ocean Beach, San Diego, California, managed to break into the account without the password, allowing him to play games outside his age group on his parents’ Xbox, a fact his mum and dad noticed after Christmas.
The simple hack consisted of Kristoffer inputting the wrong password at the login prompt, going to the password verification screen and then filling the password box with space characters before hitting submit. Hey presto! He was in.
The cheeky chap summed up his fearsome tech abilities thusly to ABC News:
I was like, ‘yea!’
His father, Robert Davies, who is a computer security specialist, said that it wasn’t the first time Kristoffer had tried something like this on. Apparently, at the tender age of one, Kristoffer beat the toddler lock on his dad’s phone by holding down the home key to disable the lockout. Far from being enraged with his prodigious offspring, however, Davies seemed quite chuffed:
How awesome is that! Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.
Microsoft said that it had fixed the issue as soon as it heard about it from Davies, allowing the family to go public. For finding the flaw, Kristoffer got four free games, a year’s Xbox Live subscription and $50, which is really gonna discourage him from a life of questionable computer access. ®