Submission + - Means and motives for cyber attacks on US Navy Vessels (securityledger.com)

chicksdaddy writes: Could cyber attacks have played a role in recent collisions between commercial vessels and the USS McCain and USS Fitzgerald? The short answer is 'yes,' The Security Ledger writes (https://securityledger.com/2017/08/analysis-there-is-both-means-and-motive-for-cyber-attacks-on-navy-vessels/).

While human error is still the leading candidate for the two incidents, which resulted in multiple fatalities and severe damage to the two ships, the means and motive to use cyber attacks to disable the two vessels exist, the article notes, citing a large body of private and public sector research on the security of maritime systems, as well as more recent reports of "in the wild" GPS spoofing attacks on merchant vessels. Among the notable instances:

A 2013 report from a research team at the University of Texas successfully “spoofed” an $80 million private yacht using a GPS spoofing device to send misleading information to crew about the boat’s position and movements in the water. (https://news.utexas.edu/2013/07/30/spoofing-a-superyacht-at-sea)

What is believed to be the first “in the wild” GPS spoofing attack (https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/). In June, the U.S. Maritime Administration has issued a safety alert about an incident in the Black Sea described as “GPS interference” but elsewhere as “an apparent mass and blatant, GPS spoofing attack involving over 20 vessels.” GPS was displaying the vessels as located more than 25 nautical miles from their actual location, but crew could find no problem with the operation of the GPS devices.(http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea) The US Maritime Administration advised ships to “exercise caution when transiting this area.”

Proof of concept attacks to spoof AIS – the Automatic Identification System- technology that is installed on hundreds of thousands of ships globally and that is used for everything from ship-to-ship and ship to port communication to collision avoidance. Researchers at the 2014 Black Hat Briefings demonstrated how AIS spoofing and hijacking could be used to generate false alarms, or delay actual alerting (https://www.blackhat.com/docs/asia-14/materials/Balduzzi/Asia-14-Balduzzi-AIS-Exposed-Understanding-Vulnerabilities-And-Attacks.pdf). The technology, which was designed with pre-Internet security in mind, is insecure both in how it is implemented and in the design of the underlying protocol, researchers concluded.

Persistent reports about shoddy and outdated software and applications deployed on commercial and naval vessels — even those of recent vintage.(http://www.telegraph.co.uk/news/2017/06/27/hms-queen-elizabeth-running-outdated-windows-xp-software-raising/)
As for motive, the article considers the motivations of two likely actors, given the location of the collisions: North Korea and China. For the former, the article notes that all four ships involved in collisions since January have been equipped with Aegis anti-ballistic missile technology, which would be used to shoot down a missile test (or live attack) from the DPRK. In the case of China, the government recently complained bitterly about the USS McCain's sojourns into what China considers its territorial waters near Mischief Reef — an artificial island built by China. (http://www.news.com.au/world/china-protests-challenges-us-warship-near-its-artificial-islands/news-story/43784e65f8ab6461cbfad7d5a748775e)

Submission + - Sonos says users must accept new privacy policy or devices may cease to function (zdnet.com)

An anonymous reader writes: Sonos has confirmed that existing customers will not be given an option to opt out of its new privacy policy, leaving customers with sound systems that may eventually "cease to function".

It comes as the home sound system maker prepares to begin collecting audio settings, error data, and other account data before the launch of its smart speaker integration in the near future.

A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease."

"The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function," the spokesperson said.

Submission + - Science fiction author Brian Aldiss dies aged 92 (theguardian.com)

Freshly Exhumed writes: Acclaimed Science Fiction author Brian Aldiss, first published in the 1950s, has died at the age of 92. Aldiss wrote such science fiction classics as Non-Stop, Hothouse and Greybeard, as well as the Helliconia trilogy, winning the Hugo and Nebula prizes for science fiction and fantasy, an honorary doctorate from the University of Reading, the title of grand master from the Science Fiction and Fantasy Writers of America, and an OBE for services to literature. Tributes from contemporaries and younger authors have been plentiful.

Submission + - Statistics professor with no political agenda banned by Google (zerohedge.com)

walterbyrd writes: Statistics professor Salil Mehta, adjunct professor at Columbia and Georgetown who teaches probability and data science and whose work has appeared on this website on numerous prior occasions, was banned by Google on Friday.

What did Salil do to provoke Google? It is not entirely clear, however what is clear is that his repeated attempts at restoring his email, blog and other Google-linked accounts have so far been rejected with a blanket and uniform statement from the search giant.

Submission + - Trump Administration Dissolves Climate Change Advisory Panel (washingtonpost.com)

An anonymous reader writes: The Trump administration has decided to disband the federal advisory panel for the National Climate Assessment, a group aimed at helping policymakers and private-sector officials incorporate the government’s climate analysis into long-term planning. The charter for the 15-person Advisory Committee for the Sustained National Climate Assessment — which includes academics as well as local officials and corporate representatives — expires Sunday. On Friday, the National Oceanic and Atmospheric Administration’s acting administrator, Ben Friedman, informed the committee’s chair that the agency would not renew the panel. The National Climate Assessment is supposed to be issued every four years but has come out only three times since passage of the 1990 law calling for such analysis. The next one, due for release in 2018, already has become a contentious issue for the Trump administration. The committee was established to help translate findings from the National Climate Assessment into concrete guidance for both public and private-sector officials. Its members have been writing a report to inform federal officials on the data sets and approaches that would best be included, and chair Richard Moss said in an interview Saturday that ending the group’s work was shortsighted.

Submission + - Update DJI Spark or be grounded (suasnews.com)

garymortimer writes: News has arrived of a mandatory firmware update from DJI. Owners of DJI’s latest and smallest quadcopter must update their firmware by September the 1st or their machines will automatically ground themselves.

The Firmware update apparently is to stop in flight shutdowns that have been occurring. So no bad thing to fix, a safety issue.

Submission + - Microsoft Outlines the Upgrade Procedures For Xbox One X (arstechnica.com)

An anonymous reader writes: The easiest way to get all your games to the new system, as outlined by Microsoft Vice President Mike Ybarra, will be to just put them on an external USB hard drive and then plug that drive into the new console. "All your games are ready to play" immediately after this external hard drive move, he said, and user-specific settings can also be copied via external hard drive in the same way. If you don't have an external drive handy, "we're going to let you copy games and apps off your home network instead of having to manually move them or redownload them off the Internet," Ybarra said. It's unclear right now if Microsoft will mirror the PS4 Pro and allow this kind of system-to-system transfer using an Ethernet cable plugged directly into both consoles. For those who want to see as many pixels as possible as quickly as possible when they get their Xbox One X, Ybarra says you'll be able to download 4K updates for supported games before the Xbox One X is even available, then use those updates immediately after the system transfer. Microsoft also released a list of 118 current and upcoming games that will be optimized for the Xbox One X via updates, a big increase from the few dozens announced back at E3.

Submission + - Censoring of Statistic Professor raises the question: Has Google become Evil? (zerohedge.com)

brennz writes: "Freedom is not free unless corporations who exert a large influence in our lives believe in our well-being. I am a statistics professor and understand that there needs to be reasonable standards to control a large social network and make sure everyone is able to enjoy it freely. Invariably people disagree (we all see this), but some principles, such as simply showing probability and statistics with the sole hope of educating others, should be acceptable and in the middle of the distribution. I am for a higher standard, and a higher purpose. There is great care that I have taken to make sure that people treat one other well, admit faults, and present math and probability education to a wide audience. On Friday afternoon East Coast Time by surprise, I was completely shut down in all my Google accounts (all of my gmail accounts, blog, all of my university pages that were on google sites, etc.) for no reason and no warning. A number of us were stunned and unsure, but clearly we know at this point it wasn’t an accident. Here are some examples commented from best-selling author Nassim Taleb, and they have been retweeted by government officials, and the NYT and WSJ journalists" — Salil Mehta

Submission + - Intel Launches 8th Generation Core CPUs (anandtech.com)

joshtops writes: Today Intel is launching its new 8th Generation family of processors, starting with four CPUs for the 15W mobile family. There are two elements that make the launch of these 8th Gen processors different. First is that the 8th Gen is at a high enough level, running basically the same microarchitecture as the 7th Gen. But the key element is that, at the same price and power where a user would get a dual core i5-U or i7-U in their laptop, Intel will now be bumping those product lines up to quad-cores with hyperthreading. This gives a 100% gain in cores and 100% gain in threads. Obviously nothing is for free, so despite Intel stating that they've made minor tweaks to the microarchitecture and manufacturing to get better performing silicon, the base frequencies are down slightly. Turbo modes are still high, ensuring a similar user experience in most computing tasks. Memory support is similar — DDR4 and LPDDR3 are supported, but not LPDDR4 — although DDR4 moves up to DDR4-2400 from DDR4-2133. Another change from 7th Gen to 8th Gen will be in the graphics. Intel is upgrading the nomenclature of the integrated graphics from HD 620 to UHD 620, indicating that the silicon is suited for 4K playback and processing.

Submission + - Leading Chinese Bitcoin Miner Wants to Cashing in on AI (qz.com)

hackingbear writes: Bitmain, the most influential company in the bitcoin economy by the sheer amount of processing power, or hash rate, that it controls, plans to unleash its bitcoin mining ASIC technology to AI applications. The company designed a new deep learning processor Sophon, named after a alien-made proton-sized supercomputer in China’s seminal science-fiction novel,The Three-Body Problem. The idea is to etch in silicon some of the most common deep learning algorithms, thus greatly boosting efficiency. Users will be able to apply their own datasets and build their own models on these ASICs, allowing the resulting neural networks to generate results and learn from those results at a far quicker pace. The company hopes that thousands of Bitmain Sophon units soon could be training neural networks in vast data centers around the world.

Submission + - French Scientists Sue State of Delaware for Selling Their Sock (wsj.com) 4

cdreimer writes: According to a report in The Wall Street Journal (possibly paywalled, alternative source), French scientists are suing the state of Delaware for using the unclaimed assets law to seize and sell stocks belonging to foreigners to fill state coffers. If owners don't show "interest" in the stock, either voting in the annual shareholder meetings or logging into a brokerage account during a three year period, the state can seize and sell the stock. Foreign stockholders are most likely to lose their stocks this way.

A lawsuit before Delaware’s Chancery Court could have broad implications for state finances around the country and for foreign shareholders who hold more than $6 trillion of stock in U.S. corporations. Two French scientists are suing the state of Delaware for seizing and selling their stock without their knowledge, depriving them of millions of dollars in gains. French scientists Dr. Gilles Gosselin and Dr. Jean Louis Imbach allege that Delaware officials wrongfully seized their shares in Idenix Pharmaceuticals Inc. and sold the stock for $1.7 million to pad the state budget in 2009. After Merck & Co. acquired Idenix in 2014, the scientists learned they no longer had stock in the company and couldn’t collect on a $13.7 million windfall from the deal because Delaware officials had sold their shares five years earlier. Unable to return the stock, officials only reimbursed the money the state received, leaving the two investors out some $12 million.


Submission + - The IoT security risk: it is too easy to connect devices to the internet (networkworld.com)

An anonymous reader writes: It is much too easy to connect devices and industrial equipment to the internet. IoT product makers do not need a deeply skilled team because component makers have made it so easy to connect anything to the internet. Maybe the responsibility for strong security should rest with chip makers like Intel, Freescale and Qualcomm.

Submission + - Sonos increases data collection without any possibility to opt-out (sonos.com)

dutt writes: A few days ago Sonos owners received emails updating them on the new privacy and data collection policy that will be coming into effect next week. The terms state that Sonos will now be collecting more data that owners of Sonos products won't be able to opt-out from. In addition to already collected data now Sonos will begin to collect information about your Sonos system, error information and audio settings.

In their blog they state: "When it comes to using your information, our principles are simple. We will be transparent about what data we’re collecting and why. We will protect your data as though it is sacred."

At the same time they admit to sharing data: "Because Sonos is a platform that partners with streaming services and other home devices, we do share some data with our partners that is necessary for making the partner service work on Sonos and providing a quality experience."

Slashdot Top Deals