HP Keeps Installing Secret Backdoors In Enterprise Storage 193

Nerval's Lobster writes "For the second time in a month, Hewlett-Packard has been forced to admit it built secret backdoors into its enterprise storage products. The admission, in a security bulletin posted July 9, confirms reports from the blogger Technion, who flagged the security issue in HP's StoreOnce systems in June, before finding more backdoors in other HP storage and SAN products. The most recent statement from HP, following another warning from Technion, admitted that 'all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer.' While HP describes the backdoors as being usable only with permission of the customer, that restriction is part of HP's own customer-service rules—not a limitation built in to limit use of backdoors. The entry points consist of a hidden administrator account with root access to StoreVirtual systems and software, and a separate copy of the LeftHand OS, the software that runs HP's StoreVirtual and HP P4000 products. Even with root access, the secret admin account does not give support techs or hackers access to data stored on the HP machines, according to the company. But it does provide enough access and control over the hardware in a storage cluster to reboot specific nodes, which would 'cripple the cluster,' according to information provided to The Register by an unnamed source. The account also provides access to a factory-reset control that would allow intruders to destroy much of the data and configurations of a network of HP storage products. And it's not hard to find: 'Open up your favourite SSH client, key in the IP of an HP D2D unit. Enter in yourself the username HPSupport, and the password which has a SHA1 of 78a7ecf065324604540ad3c41c3bb8fe1d084c50. Say hello to an administrative account you didn't know existed,' according to Technion, who claims to have attempted to notify HP for weeks with no result before deciding to go public."

Hands On With the Nokia Lumia 1020 227

adeelarshad82 writes "Nokia's new phone, Lumia 1020, feels very similar in the hand to Nokia's Lumia 900 and 920, with one exception: it has a camera bump. The 41-megapixel uber-camera projects out very slightly as a black disc on the back. In terms of functionality, though, the camera provides for smooth zooming only a pinch away. However, it takes a noticeable amount of time to lock focus and save images. At one point during hands-on testing, the camera app crashed so hard that it required a phone reboot, which is hopefully just a pre-release firmware issue. The phone itself carries a brightly colored polycarbonate body that rolls around the edges to cradle a 4.5-inch, 1,280-by-768 screen. Lumia 1020 is powered by a dual-core, 1.5-GHz Qualcomm MSM8960 processor which plows through apps well. Speaking of apps, there's a ton of bloatware on here, as you'd expect from any AT&T device. AT&T adds four apps right at the top of the app list. Nokia Lumia is set to hit AT&T shelves on July 26th for $299."
United States

What the Government Pays To Snoop On You 174

transporter_ii writes "So what does it cost the government to snoop on us? Paid for by U.S. tax dollars, and with little scrutiny, surveillance fees charged by phone companies can vary wildly. For example, AT&T, imposes a $325 'activation fee' for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Congressman Edward Markey."

Iris Scans Are the New School IDs 217

An anonymous reader writes "Winthrop University in South Carolina is testing out iris scanning technology during freshman orientation this summer. Students had their eyes scanned as they received their ID cards in June. 'Iris scanning has a very high level of accuracy, and you don't have to touch anything, said James Hammond, head of Winthrop University's Information Technology department. 'It can be hands free security.'" I wouldn't want to be locked out a building because of a scratched lens or a system outage, though.

Researchers Now Pulling Out of DEF CON In Response To Anti-Fed Position 204

darthcamaro writes "Earlier today it, Slashdot had a story about DEF CON's position on not allowing U.S. Federal agents to attend the annual hacking conference. We're now starting to see the backlash from the hacker community itself with at least two well respected hackers pulling out of the DEF CON speaking sessions so far: "'The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend,' security researcher Kevin Johnson wrote. 'We believe the exclusion of the "feds" this year does the exact opposite at a critical time.'" Meanwhile, Black Hat welcomes Federal attendees; this year's conference will feature as a speaker former NSA head Keith Alexander.

Math and Science Popular With Students Until They Realize They're Hard 580

First time accepted submitter HonorPoncaCityDotCom writes "Khadeeja Safdar reports in the WSJ that researchers who surveyed 655 incoming college students found that while math and science majors drew the most interest initially, not many students finished with degrees in those subjects. Students who dropped out didn't do so because they discovered an unexpected amount of the work and because they were dissatisfied with their grades. "Students knew science was hard to begin with, but for a lot of them it turned out to be much worse than what they expected," says Todd R. Stinebrickner, one of the paper's authors. "What they didn't expect is that even if they work hard, they still won't do well." The authors add that the substantial overoptimism about completing a degree in science can be attributed largely to students beginning school with misperceptions about their ability to perform well academically in science. ""If more science graduates are desired, the findings suggest the importance of policies at younger ages that lead students to enter college better prepared (PDF) to study science.""

Mozilla Launches Firefox OS Simulator 4.0 With Test Receipts 41

An anonymous reader writes "As promised, Mozilla today announced the release of Firefox OS Simulator 4.0 with a focus on developers who want to make money in the Firefox Marketplace. You can download the new version now for Windows, Mac, and Linux from Mozilla Add-Ons. First and foremost, the new simulator supports test receipts for paid apps: each app's dashboard features a drop-down menu where you can select a receipt type. Choosing one of these will have the simulator add-on downloading a test receipt from a Marketplace receipt service and reinstalling the app using it. This lets developers test receipt verification with whatever receipts types they may require (valid, invalid, and refunded)."

Video IT Analyst Dan Kusnetzky Talks about Cloud Computing and Cloud Hype (Video) 27

Dan Kusnetzky and I started out talking about cloud computing; what it is and isn't, how "cloud" is often more of a marketing term than a technical one, and then gradually drifted to the topic of how IT managers, CIOs, and their various bosses make decisions and how those decisions are not necessarily rational. What you have here is an 18-minute seminar about IT decision-making featuring one of the world's most experienced IT industry analysts, who also writes a blog, Virtually Speaking, for ZDnet.

MS Handed NSA Access To Encrypted Chat & Email 379

kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"

Can OpenStack Avoid Fragmentation In China? 42

itwbennett writes "More people visit the OpenStack Web site from Beijing than any other city in the world and developers in China account for the second largest number of code commits. But beyond a high level of interest, there's another reason that the OpenStack Foundation might do well to host its next summit in Hong Kong: Avoiding fragmentation. China has a history of going its own way in technology. 'I watched it develop its own 3G technology, much to the dismay of global network and phone makers who were shut out of the market. More recently, Chinese companies have gleefully gone on their own with Android,' writes ITworld's Nancy Gohring. It seems like a long shot, but maybe by holding the next summit in Hong Kong, OpenStack can draw contributors into the fold."

First Exoplanet To Be Seen In Color Is Blue 139

ananyo writes "A navy-blue world orbiting a faraway star is the first exoplanet to have its colour measured. Discovered in 2005, HD 189733 b is one of the best-studied planets outside the Solar System, orbiting a star about 19 parsecs away in the Vulpecula, or Fox, constellation. Previous efforts to observe the planet focused on the infrared light it emits — invisible to the human eye. Astronomers have now used the Hubble Space Telescope to observe the planet and its host star. Hubble's optical resolution is not high enough to actually 'see' the planet as a dot of light separate from its star, so instead, the telescope receives light from both objects that mix into a single point source. To isolate the light contribution of the planet, the researchers waited for the planet to move behind the star during its orbit, so that its light would be blocked, and looked for changes in light colour. During the eclipse, the amount of observed blue light decreased, whereas other colours remained unaffected. This indicated that the light reflected by the planet's atmosphere, blocked by the star in the eclipse, is blue."
The Media

PCWorld Magazine Is No More 164

harrymcc writes "After slightly more than 30 years, PCWorld — one of the most successful computer magazines of all time — is discontinuing print publication. It was the last general-interest magazine for PC users, so it really is the end of an era. Over at TIME, I paused to reflect upon the end of the once-booming category, in part as a former editor at PCWorld, but mostly as a guy who really, really loved to read computer magazines."

BlackBerry Helps Indian Gov't Spy On Users' Messages 56

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

Discovering NSA Code Names Via LinkedIn 201

Okian Warrior writes with this news as reported by TechDirt: "The Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles with codenames like MARINA and NUCLEON happens to turn up profiles like this one which appear to reveal more codenames: 'Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA.' TRAFFICTHIEF, eh? WEBCANDID? Hmm... Apparently, NSA employees don't realize that information they post online can be revealed."

Interviews: Ask James Gosling About Java and Ocean Exploring Robots 87

James Gosling is probably best known for creating the Java programming language while working at Sun Microsystems. Currently, he is the chief software architect at Liquid Robotics. Among other projects, Liquid Robotics makes the Wave Glider, an autonomous, environmentally powered marine robot. James has agreed to take a little time from the oceangoing robots and answer any questions you have. As usual, ask as many as you'd like, but please, one question per post.