Forgot your password?
typodupeerror
Transportation

It's Easy To Hack Traffic Lights 144

Posted by Soulskill
from the looking-forward-to-the-mobile-app dept.
An anonymous reader notes coverage of research from the University of Michigan into the ease with which attackers can hack traffic lights. From the article: As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited. ... The 5.8GHz network has no password and uses no encryption; with a proper radio in hand, joining is trivial. ... The research team quickly discovered that the debug port was open on the live controllers and could directly "read and write arbitrary memory locations, kill tasks, and even reboot the device (PDF)." Debug access to the system also let the researchers look at how the controller communicates to its attached devices—the traffic lights and intersection cameras. They quickly discovered that the control system’s communication was totally non-obfuscated and easy to understand—and easy to subvert.
Microsoft

Ballmer Leaves Microsoft Board 142

Posted by Soulskill
from the retirement!-retirement!-retirement! dept.
jones_supa writes: After leaving his position as CEO of Microsoft a year ago, Steve Ballmer has still held a position as a member of the board of directors for the company. Now, he is leaving the board, explaining why in a letter to fresh Microsoft CEO Satya Nadella. "I have become very busy," Ballmer explains. "I see a combination of Clippers, civic contribution, teaching and study taking up a lot of time." Despite his departure, the former-CEO is still invested in the company's success, and he spent most of the letter encouraging Nadella and giving advice. Nadella shot back a supportive, equally optimistic response, promising that Microsoft will thrive in "the mobile-first, cloud-first world."
Canada

Canada Halts Online Tax Returns In Wake of Heartbleed 50

Posted by timothy
from the worse-than-a-syrup-heist dept.
alphadogg (971356) writes "Canada Revenue Agency has halted online filing of tax returns by the country's citizens following the disclosure of the Heartbleed security vulnerability that rocked the Internet this week. The country's Minister of National Revenue wrote in a Twitter message on Wednesday that interest and penalties will not be applied to those filing 2013 tax returns after April 30, the last date for filing the returns, for a period equal to the length of the service disruption. The agency has suspended public access to its online services as a preventive measure to protect the information it holds, while it investigates the potential impact on tax payer information, it said."
Security

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees? 572

Posted by Unknown Lamer
from the padlock-icon-says-I'm-good-right dept.
New submitter Matt.Battey writes "I was recently on-site with a client and in the execution of my duties there, I needed to access web sites like Google Maps and my company's VPN. The VPN connection was rejected (which tends to be common, even though it's an HTTPS based VPN service). However, when I went to Google Maps I received a certificate error. It turns out that the client is intercepting all HTTPS traffic on the way out the door and re-issuing an internally generated certificate for the site. My client's employees don't notice because their computers all have the internal CA pushed out via Windows Group Policy & log-on scripts.

In essence, my client performs a Man-In-The-Middle attack on all of their employees, interrupting HTTPS communications via a network coordinated reverse-proxy with false certificate generation. My assumption is that the client logs all HTTPS traffic this way, capturing banking records, passwords, and similar data on their employees.

My question: How common is it for employers to perform MITM attacks on their own employees?"
Security

NBC News Confuses the World About Cyber-Security 144

Posted by samzenpus
from the think-of-the-athletes dept.
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
Transportation

EU Secretly Plans To Put a Back Door In Every Car By 2020 364

Posted by timothy
from the don't-worry-we'll-only-track-you dept.
An anonymous reader writes "A secretive EU body has agreed to develop a device to be fitted to all cars allowing police to cut off any engine at will, it emerged today. The device, which could be imposed within a decade, would also allow police to track a vehicle's movements as well as immobilise it. According to The Daily Telegraph a group of senior EU officials, including several Home Office mandarins, have signed off the proposal at a secret meeting in Brussels."
Robotics

The Changing Face of Robotics 49

Posted by samzenpus
from the why-did-you-program-me-to-feel-pain? dept.
An anonymous reader writes "Using sensors to interface socially, the next generation of robots may not fit the classic idea of what a robot should be. Glen Martin writes: 'Equipped with two articulated arms, it can perform a multitude of tasks. It requires no application code to start up, and no expensive software to function. No specialists are required to program it; workers with minimal technical background can "teach" the robot right on the production line through a graphical user interface and arm manipulation.'"
Classic Games (Games)

Ask Slashdot: Will You Start Your Kids On Classic Games Or Newer Games? 285

Posted by Soulskill
from the you-have-died-of-dysentery dept.
An anonymous reader writes "An article at The Verge got me thinking. Parents and those of you who plan to become parents: will you introduce your kids to the games you played when you were younger? Those of us who grew up playing Pong, Space Invaders, and Pac-Man have had a chance to see gaming software evolve into the enormously complex and graphically realistic beast it is today. I've begun to understand why my grandparents tried to get me to watch old movies. I'm also curious how you folks plan to teach your kids about computers and software in general. When teaching them Linux, do you just download the latest stable Mint or Ubuntu release and let them take it from there? Do you track down a 20-year-old version of Slackware and show them how things used to be? I can see how there would be value in that... the UIs we use every day have been abstracted so far away from their roots that we can't always expect new users to intuitively grasp the chain of logic. How do you think this should be handled?"
Earth

Enormous Tunneling Machine 'Bertha' Blocked By 'The Object' 339

Posted by Soulskill
from the new-television-series-already-under-development dept.
An anonymous reader sends word that 'Bertha,' the world's largest tunneling machine, which is currently boring a passage beneath Seattle's waterfront, has been forced stop. The 57.5ft diameter machine has encountered an unknown obstruction known as "the object." "The object’s composition and provenance remain unknown almost two weeks after first contact because in a state-of-the-art tunneling machine, as it turns out, you can’t exactly poke your head out the window and look. 'What we’re focusing on now is creating conditions that will allow us to enter the chamber behind the cutter head and see what the situation is,' [said project manager Chris Dixon]. Mr. Dixon said he felt pretty confident that the blockage will turn out to be nothing more or less romantic than a giant boulder, perhaps left over from the Ice Age glaciers that scoured and crushed this corner of the continent 17,000 years ago. But the unknown is a tantalizing subject. Some residents said they believe, or want to believe, that a piece of old Seattle, buried in the pell-mell rush of city-building in the 1800s, when a mucky waterfront wetland was filled in to make room for commerce, could be Bertha’s big trouble. That theory is bolstered by the fact that the blocked tunnel section is also in the shallowest portion of the route, with the top of the machine only around 45 feet below street grade."
Privacy

CBS 60 Minutes: NSA Speaks Out On Snowden, Spying 504

Posted by samzenpus
from the what-did-he-get? dept.
An anonymous reader writes "This week CBS New's 60 Minutes program had a broadcast segment devoted to the NSA, and additional online features. It revealed that the first secret Snowden stole was the test and answers for a technical examination to get a job at NSA. When working at home, Snowden covered his head and screen with a hood so that his girlfriend couldn't see what he was doing. NSA considered the possibility that Snowden left malicious software behind and removed every computer and cable that Snowden had access to from its classified network, costing tens of millions of dollars. Snowden took approximately 1.7 million classified documents. Snowden never approached any of multiple Inspectors General, supervisors, or Congressional oversight committee members about his concerns. Snowden's activity caught the notice of other System Administrators. There were also other interesting details, such as the NSA has a highly competitive intern program for High School students that are given a Top Secret clearance and a chance to break codes that have resisted the efforts of NSA's analysts — some succeed. The NSA is only targeting the communications, as opposed to metadata, of less than 60 Americans. Targeting the actual communications of Americans, rather than metadata, requires a probable cause finding and a specific court order. NSA analysts working with metadata don't have access to the name, and can't listen to the call. The NSA's work is driven by requests for information by other parts of the government, and there are about 31,000 requests. Snowden apparently managed to steal a copy of that document, the 'crown jewels' of the intelligence world. With that information, foreign nations would know what the US does and doesn't know, and how to exploit it."

+ - Brand new Bombardier CSeries airplane lifts off on maiden flight->

Submitted by JavaScrybe
JavaScrybe (662349) writes "Hey, a new type of bird. Bombardier's CSeries has taken its maiden flight. They boast a significant reduction in noise, which they hope will help them target urban airports, and lower fuel consumption for the eco-friendly. The canadian airplane maker hopes to challenge a significant dent in the 100-160 seats market for commercial aircrafts. At time of writing, no word yet if it landed safely, but they're hopeful."
Link to Original Source
Businesses

Survey: Most IT Staff Don't Communicate Security Risks 227

Posted by Soulskill
from the most-execs-don't-listen-anyway dept.
CowboyRobot writes "A Tripwire survey of 1,320 IT personnel from the U.S. and U.K. showed that most staff 'don't communicate security risk with senior executives or only communicate when a serious security risk is revealed.' The reason is that staff have resigned themselves to staying mum due to an environment in which 'collaboration between security risk management and business is poor, nonexistent or adversarial,' or at best, just isn't effective at getting risk concerns up to senior management."
Crime

Bradley Manning Says He's Sorry 496

Posted by timothy
from the may-I-have-another dept.
Hugh Pickens DOT Com writes "The Washington Post reports that Pfc. Bradley Manning told a military judge during his sentencing hearing that he is sorry he hurt the United States by leaking hundreds of thousands of sensitive military and diplomatic documents to the anti-secrecy group WikiLeaks and he asked for leniency as he spoke for less than five minutes, often in a quavering voice "I'm sorry I hurt people. I'm sorry that I hurt the United States," said Manning, who was convicted last month of multiple crimes, including violations of the Espionage Act, for turning over the classified material. "I'm apologizing for the unintended consequences of my actions. I believed I was going to help people, not hurt people." Speaking publicly for only the third time since he was arrested in Iraq in June 2010, Manning said he had been naive. "I look back at my decisions and wonder, 'How on earth could I, a junior analyst, possibly believe I could change the world for the better over the decisions of those with the proper authority?'""
Cellphones

Samsung Ups Ante In Smartphone Size Wars: 6.3 Inches 221

Posted by timothy
from the don't-mean-to-brag-but dept.
New submitter jarold writes to note that Samsung has launched two extra-large cellphones: a 6.3 inch LTE ready version, and a 5.8 inch version. "Branded as Galaxy Mega, one would struggle to fit [either in a] pocket or use it with just one hand. The good thing, it is only 8mm thin and weighs under 200 grams. More portable than a tablet, it comes with a durable polycarbonate body. Unlike most of Samsung's latest smartphones, it does not have a super AMOLED panel. Instead, it has an HD super clear LCD display, which is bright enough to please most users. It features split screen and multitasking between video and other apps." For a phone that big, users might need to brush up on their side-talking skills.
AMD

AMD Overhauls Open-Source Linux Driver 126

Posted by Soulskill
from the added-support-for-individual-tree-leaf-motion-and-rump-physics dept.
An anonymous reader writes "AMD's open-source developer has posted an incredible set of 165 patches against the Linux kernel that provide support for a few major features to their Linux graphics driver. Namely, the open-source Radeon Linux driver now supports dynamic power management on hardware going back to the Radeon HD 2000 (R600) generation. The inability to re-clock the GPU frequencies and voltages dynamically based upon load has been a major limiting factor for open-source AMD users where laptops have been warm and there is diminished battery power. The patches also provide basic support for the AMD Radeon HD 8000 'Sea Islands' graphics processors on their open-source Linux driver."

"There is hopeful symbolism in the fact that flags do not wave in a vacuum." --Arthur C. Clarke

Working...