Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Government

The Cost of the US Government Shutdown To Science 355

An anonymous reader writes "Richard Schiffman writes in The Guardian that the Republican-led shutdown of the U.S. government caused significant damage to many scientific programs. For example: shortly before the shutdown started, over a hundred scientists had gathered to perform critical equipment tests on the James Webb Space Telescope — Hubble's successor — and that work was unable to continue without the government around. 'Not only did this delay cost the program an estimated $1M a day, but, given NASA's tight schedule, some tests may never get done now.' It doesn't stop there: 'This is only one of untold thousands of projects that were mothballed when Congress's failure to approve a budget defunded the US government at the start of the month. Federal websites were taken offline, scientists couldn't receive emails, attend meetings, or interact with their colleagues. Crucial environmental, food safety and climate monitoring programs were either suspended, or substantially scaled back.' Schiffman provides a few more examples, including one project that's losing a year's worth of work and equipment that will end up buried under snow in Antarctica. But it goes beyond even the basic funding issues; in many cases, scientific work is simply too intertwined with the government to continue without it. Andrew Rosenberg, the director of the Union of Concerned Scientists' center for science and democracy, said, 'It is all so interconnected now. Federal researchers collect data that is utilized by researchers in academia, by people working in industry, at state and local levels, so when you ask how dependent are we on the federal government in terms of science, it's a bit like asking: do you need your left leg?'"
Communications

No Zombie Uprising, But Problems Persist With Emergency Alert System 54

chicksdaddy writes "More than six months after hacked Emergency Alert System (EAS) hardware allowed a phony warning about a zombie uprising to air in several U.S. states, a security consulting company is warning that serious issues persist in software from Monroe Electronics, whose equipment was compromised in the earlier attack. In a blog post, Mike Davis of the firm IOActive said patches issued by Monroe Electronics, the Lyndonville, New York firm that is a leading supplier of EAS hardware, do not adequately address problems raised earlier this year, including the use of 'bad and predictable' login credentials. Further inspection by Davis turned up other problems that were either missed in the initial code review or introduced by the patch. They include the use of “predictable and hard-coded keys and passwords,” as well as web-based backups that were publicly accessible and that contained valid user credentials. Monroe’s R-189 CAP-EAS product was the target of a hack in February during which EAS equipment operated by broadcasters in Montana, Michigan and other states was compromised and used to issue an alert claiming that the 'dead are rising from their graves,' and advising residents not to attempt to apprehend them. CAP refers to the Common Alerting Protocol, a successor to EAS. A recent search using the Shodan search engine by University of Florida graduate student Shawn Merdinger found more than 200 Monroe devices still accessible from the public Internet. 66% of those were running vulnerable versions of the Monroe firmware."

Comment Re:Same as it ever was (Score 1) 219

Wikipedia is not a place to list every grievance anyone has on a particular topic.

Indeed, this is a common problem. Some people will post a litany of criticism (complete with sources) just to use Wikipedia as a soapbox. Many things that have fallen out of favor become targets on Wikipedia by zealous users just as PR companies are trying to do the opposite.

Security

Security Researchers Want To Fully Audit Truecrypt 233

Hugh Pickens DOT Com writes "TrueCrypt has been part of security-minded users' toolkits for nearly a decade — but there's one problem: no one has ever conducted a full security audit on it. Now Cyrus Farivar reports in Ars Technica that a fundraiser reached more than $16,000 in a public call to perform a full security audit on TrueCrypt. 'Lots of people use it to store very sensitive information,' writes Matthew Green, a well-known cryptography professor at Johns Hopkins University. 'That includes corporate secrets and private personal information. Bruce Schneier is even using it to store information on his personal air-gapped super-laptop, after he reviews leaked NSA documents. We should be sweating bullets about the security of a piece of software like this.' According to Green, Truecrypt 'does some damned funny things that should make any (correctly) paranoid person think twice.' The Ubuntu Privacy Group says the behavior of the Windows version [of Truecrypt 7.0] is problematic. 'As it can't be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in "TrueCrypt_7.0a_Source.zip" we however can't preclude that the binary Windows package uses the header bytes after the key for a back door.' Green is one of people leading the charge to setup the audit, and he helped create the website istruecryptauditedyet.com. 'We're now in a place where we have nearly, but not quite enough to get a serious audit done.'"
Government

Silicon Valley Stays Quiet As Washington Implodes 299

dcblogs writes "In a better time, circa 1998, Cypress Semiconductor founder and CEO T.J. Rodgers gave a provocative speech, titled 'Why Silicon Valley Should Not Normalize Relations with Washington D.C.' This speech is still important to understanding the conflict that tech leaders have with Congress, and their relative silence during the shutdown. 'The metric that differentiates Silicon Valley from Washington does not fall along conventional political lines: Republican versus Democrat, conservative versus liberal, right versus left,' Rogers said. 'It falls between freedom and control. It is a metric that separates individual freedom to speak from tap-ready telephones; local reinvestment of profit from taxes that go to Washington; encryption to protect privacy from government eavesdropping; success in the marketplace from government subsidies; and a free, untaxed Internet from a regulated, overtaxed Internet.'"
United Kingdom

British Police Foil Alleged Mall Massacre Copycat Plot 292

An anonymous reader writes "The Washington Post reports, "British law enforcement agencies averted a plot to orchestrate a large-scale terror attack similar to the assault on Kenya's Westgate mall, an official said Monday. Police were questioning four men in their 20s on suspicion of terrorism after they were detained Sunday in pre-planned, intelligence-led raids. A British security official said the men were planning a shooting spree akin to the Westgate attack in Nairobi, in which at least 67 people died. ... in a series of statements, the force said the men were all British nationals between the ages of 25 and 29, with roots in Turkey, Pakistan, Algeria and Azerbaijan. ... the London police firearms unit took part in the arrests. British police rarely carry weapons and their involvement suggested concern that men might have been armed." — The Sydney Morning Herald has video. Prime Minister Cameron recently expressed concern regarding such a possibility."

Comment Re:What evidence do you have that you're being DoS (Score 1) 319

Right, but have you gone into the game after changing IPs? Do you have a static/semi-static IP? Or dynamic?

Doesn't much matter *when* you are online --I'm saying as soon as you do go online it could be possible that if some component of the game, or even game/store client (I don't know if Steam or Origin do this) creates P2P connections. After changing IPs, as soon as that game/game client creates a new P2P connection, it's possible the attacker then knows your new IP.

Again, all depends on the game/client and I dont know which ones use P2P style networking to connect users.

Comment Re:What evidence do you have that you're being DoS (Score 1) 319

It's also possible, though maybe less likely that if the game they are playing creates P2P connections between the players for say chat, then they could be revealing their IP that way. Like Freshly Exhumed said above though, it all just guesses without some evidence.

But what do I know, I'm a packet who got lost on his way to 127.0.0.1

Comment Google Apps accounts are opted out (Score 1) 136

It seems Google Apps accounts are opted out by default, but Gmail and other regular Google accounts may be opted in by default.

Still, they have made it very clear how to turn it off, and you would still need to comment, +1, or follow something for "Sharing" to kick in. I can kinda see how it's a nuisance, but they are being very up-front about it and making sure all user are notified via several notification methods.

I'm more bothered by the half-assed attempt to tie my Google account and real name to things like YouTube. Those prompts are (still) down right infuriating (and buggy, a few times I thought it might have change my YouTube account name).

This however, is hardly a blip for me. (Although to be fair, I use an Apps account).

The Almighty Buck

The Ridiculous Tech Fees You're Still Paying 318

Esther Schindler writes "None of us like to spend money (except on shiny new toys). But even we curmudgeons can understand that companies need to charge for things that cost them money; and profit-making is at the heart of our economy. Still, several charges appear on our bills that can drive even the most complacent techie into a screaming fit. How did this advertised price turn into that much on the final bill? Why are they charging for it in the first place? Herewith, fees that make no sense at all — and yet we still fork over money for them. For example: 'While Internet access is free in coffee shops, some public transit, and even campsites, as of 2009 15% of hotels charged guests for the privilege of checking their e-mail and catching up on watching cat videos. Oddly, budget and midscale hotel chains are more likely to offer free Wi-Fi, while luxurious hotels — already costing the traveler more — regularly ding us.'"

Slashdot Top Deals

Mirrors should reflect a little before throwing back images. -- Jean Cocteau

Working...