Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

+ - Heartbleed Exposes Critical Infrastructure's Patch Problem->

Submitted by chicksdaddy
chicksdaddy writes: The good news about the Heartbleed vulnerability in OpenSSL is that most of the major sites that were found to be vulnerable to the flaw have been patched. (

The bad news: the vulnerability of high-profile web sites are just the tip of the iceberg or – more accurately – the head in front of a very long tail of vulnerable web sites and applications. Many of those applications and sites are among the systems that support critical infrastructure. For evidence of that, look no further than the alert issued Thursday by the Department of Homeland Security’s Industrial Control System (ICS) Computer Emergency Readiness Team (CERT). The alert – an update to one issued last month – includes a list of 43 ICS applications that are known to be vulnerable to Heartbleed. ( Just over half have patches available for the Heartbleed flaw, according to ICS CERT data. But that leaves twenty applications vulnerable, including industrial control products from major vendors like Siemens, Honeywell and Schneider Electric.

Even when patches are available, many affected organizations — including operators of critical infrastructure — may have a difficult time applying the patch. ICS environments are notoriously difficult to audit because ICS devices often respond poorly to any form of scanning. ICS-CERT notes that both active- and passive vulnerability scans are “dangerous when used in an ICS environment due to the sensitive nature of these devices.” Specifically: “when it is possible to scan the device, it is possible that device could be put into invalid state causing unexpected results and possible failure of safety safeguards,” ICS-CERT warned.

Link to Original Source

+ - Why I'm Sending Back Google Glass->

Submitted by Lucas123
Lucas123 writes: After using Google Glass for several weeks, Computerworld columnist Matt Lake had plenty of reasons to explain why he returned them, not the least of which was that they made him cross-eyed and avoid eye contact. Google Glass batteries also drain like a bath tub when using either audio or video apps and they run warm. And, as cool as being able to take videos and photos with the glasses may be, those shots are always at an angle. Of course, being able to do turn-by-turn directions is cool, but not something you can do without your smart phone's cellular data or a mobile hotspot. The list of reasons goes on... Bottom line, if Google Glass is in the vanguard of a future class of wearable computers, the future isn't the present.
Link to Original Source

Comment: Re:Do all schools even offer CS classes? (Score 2) 325

by JP205 (#46013327) Attached to: The Whole Story Behind Low AP CS Exam Stats
I took the exam around '99 and I'm sure it was around before that. Yes, not every high school offers classes in computer science. I think we only had it because our teacher was a big proponent of it and our school district was very well funded to say the least. There where only five or six students who actually took the AP course with me, two where female, and two where minorities.

+ - Internet Blackout delivers serious blow to SOPA an->

Submitted by Anonymous Coward
An anonymous reader writes: Following the highly successful "Internet Blackout" Lamar Smith has issued a statement on the indefinite postponement of PIPA, which comes just days after the shelving of SOPA earlier in the week.

With both of these controversial bills now in a holding pattern, the community needs to turn it's attention to supporting new legislation which combats Internet piracy while preserving Internet freedoms, like the "OPEN Act".

Link to Original Source

+ - College Campus Network Still Infected by a Compute->

Submitted by wjousts
wjousts writes: From IEEE Spectrum, computers at the City College of San Francisco (CCSF) may still be infected with several viruses, the oldest from 1999!

As of Friday, the viruses were still active. The Chronicle says that CCSF administrators are telling students and employees to "change computer passwords, avoid using school computers for banking or purchases, and to check home computers for viruses" since the viruses have, the college's Chief Technology Officer warned, infected servers and desktops "across administrative, instructional and wireless networks."

Link to Original Source

+ - Human Stomach Microbe Unlocks Seaweed Biofuel->

Submitted by Anonymous Coward
An anonymous reader writes: Researchers at the Bio Architecture Lab and the University of Washington in Seattle have genetically modified a microbe commonly found in the human stomach to enable it to break down the very exotic sugars found in seaweed. The development could signify a biofuel breakthrough, since seaweed doesn’t take up space that crops could use, it doesn’t contain the hard to break down substance lignin, and it needs absolutely no fertilizers to grow. The newly found process also doesn’t require high temperatures, which means that turning seaweed into biofuel would require very little electricity.
Link to Original Source

+ - The real reason Firefox lost to Chrome: Firefox 4->

Submitted by edxwelch
edxwelch writes: In November last year Chrome overtook Firefox in market share for the first time. What people don’t realise is that the release of Firefox 4 caused a large part of the decline.
Firefox 4 was a major new release and came with a brand new Javascript engine and HTML5 parser. Unfortunately, these new features came with major memory leaks and performance bugs. The result was that if you used Firefox 4 for an extended period of time the browser would eventually become unresponsive, making it virtually unusable.

Link to Original Source

+ - Building a Modern Web Stack for the Real-time Web->

Submitted by igrigorik
igrigorik writes: After a few years of iteration the WebSockets spec is finally here (RFC 6455), and as of late 2011 both Chrome and Firefox are SPDY capable. These additions are much more than just "enhancing AJAX", as we now have true real-time communication in the browser: stream multiplexing, flow control, framing, and significant latency and performance improvements. Now, we just need to drag our "back office" — our web frontends, app servers, and everything in between into this century to enable us to take advantage of these new capabilities.
Link to Original Source

+ - Mozilla Minefield The Fastest Browser on Earth->

Submitted by Anonymous Coward
An anonymous reader writes: Mozilla Minefield is the FASTEST BROWSER on the planet with JavaScript rendering speeds 10% faster than Google Chrome.Mozilla Minefield available for Mac OS X, Linux, and of course Windows. But given the extraordinary browser is still in alpha stage, the developer does not guarantee the stability of the browser. Maybe you will find the bugs are annoying during browsing on the internet. You can send feedback to the developers of browsers to improve performance and stability of this browser.
Link to Original Source

+ - Increase in Sales for Japanese Robot Manufacturers

Submitted by RobotWorx
RobotWorx writes: Despite the most devastating disaster in Japan since WWII, industrial robot manufacturers based in Japan saw their sales increase in the first three quarters of 2011.

Boosting the jump in industrial robot sales were the orders for semiconductors used in smartphones and computers. Robots in these industries typically perform different material handling and assembly tasks. Industrial robots used in automotive lines and vacuum environments to perform welding, painting, and material handling applications also added to the increase in orders and sales in these Japanese based industrial robot manufacturers.

Learn more about this story.

+ - Project Basecamp: A SCADA Security Bloodbath->

Submitted by chicksdaddy
chicksdaddy writes: A no-holds barred presentation at the S4 Conference in Miami on Thursday laid bare the woeful state of security for many SCADA and industrial control systems (ICS) that power the world's critical infrastructure.
The talk discussed "Project Basecamp," a volunteer-led security audit of leading programmable logic controllers (PLCs). Decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks, researchers found.
"It's a blood bath mostly," said Reid Wightman of the consulting firm Digital Bond. "Many of these devices lack basic security features."
In an effort to mimic the success of the FireSheep plugin in forcing better security for common Web applications, the organizers also worked with the security firms Rapid 7 and Tenable to integrate modules into the MetaSploit Framework and Nessus scanner to spot vulnerable PLCs. Threatpost has the story.

Link to Original Source
The Internet

+ - Is cutting-edge car tech befuddling US watchdogs? ->

Submitted by
coondoggie writes: "The often complex, interconnected electronics systems now proliferating across most cars and truck will require the US government that watches over auto safety — the National Highway Traffic Safety Administration (NHTSA) — to revamp the way it handles and researches problems."
Link to Original Source

+ - Researchers Find Slew of Flaws in SCADA Hardware, ->

Submitted by Trailrunner7
Trailrunner7 writes: At the S4 security conference this week, "Project Basecamp," a volunteer-led security audit of leading programmable logic controllers (PLCs), performed by a team of top researchers found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code.

"We were looking for a firesheep moment in PLC security," Peterson told the audience of ICS security experts.

They got one. "It's a blood bath mostly," said Wightman of Digital Bond. "Many of these devices lack basic security features."

While the results of analysis of the various PLCs varied, the researchers found significant security issues with every system they tested, with some PLCs too brittle and insecure to even tolerate security scans and probing.

Link to Original Source

The more I want to get something done, the less I call it work. -- Richard Bach, "Illusions"