In a blog post (http://blog.ioactive.com/2013/10/strike-two-for-emergency-alerting.html), Mike Davis of the firm IOActive said patches issued by Monroe Electronics, the Lyndonville, New York firm that is a leading supplier of EAS hardware, do not adequately address problems raised earlier this year, including the use of “bad and predictable” login credentials. Further inspection by Davis turned up other problems that were either missed in the initial code review or introduced by the patch. They include the use of “predictable and hard-coded keys and passwords,” as well as web-based backups that were publicly accessible and that contained valid user credentials.
Monroe’s R-189 CAP-EAS product was the target of a hack in February during which EAS equipment operated by broadcasters in Montana, Michigan and other states was compromised and used to issue an alert claiming that the “dead are rising from their graves,” and advising residents not to attempt to apprehend them. (http://www.reuters.com/article/2013/02/12/us-usa-zombie-montana-idUSBRE91B1IA20130212) CAP refers to the Common Alerting Protocol, a successor to EAS.
A recent search using the Shodan search engine by University of Florida graduate student Shawn Merdinger found more than 200 Monroe devices still accessible from the public Internet. 66% of those were running vulnerable versions of the Monroe firmware, The Security Ledger reports.
These two engineers wrote software to test for vulnerabilities in the control systems of electrical power grids which use a protocol called DNP3 to communicate with sub-stations. They first tested an open source implementation of the protocol and didn't find any problems. They were worried that their software test wasn't adequate so they started testing proprietary systems. The broke every single one of the 16 proprietary systems they tested initially and found a further 9 systems vulnerable in later testing. They were able to install malware and also found firewalls ineffective.
They reported this to the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, I.C.S.-C.E.R.T. and didn't get much of a response.
Scary that our electrical grid is so vulnerable and there doesn't seem to be much urgency to get it fixed. A few patches have been issued but who knows if the systems have been updated?
Pixels on LCD monitors do not need to wait for above lines of pixels to be drawn, but they do. G-Sync is a technology from NVIDIA to make monitor refresh rates variable. The monitor will time its draws to whenever the GPU is finished rendering. A scene which requires 40ms to draw will have a smooth "framerate" of 25FPS instead of trying to fit in some fraction of 60 FPS.
In a column on the Washington Post website, tech blogger Timothy Lee makes the case for how this is a prime example of copyrights hindering innovation and why copyright lengths should be shortened. Among his arguments: copyrights hinder innovation by game designers seeking to build upon such games, and shortening copyright would breathe new life into games who have long since passed into obsolescence.