Forgot your password?
Close
typodupeerror

Submission + - Cost to dismantle USS Enterprise set to top $1 billion (dailymail.co.uk) 1

Submitted by schwit1
schwit1 writes: The Navy’s first nuclear-powered aircraft carrier, the Enterprise was commissioned in 1961, and built at a cost of $3.9 billion, in current dollars.

The Enterprise was the first and only Enterprise-class carrier ever built, and the longest naval vessel ever constructed. The carrier sailed more than 1 million miles over 51 years of service.

Since she was decommissioned last year, the Enterprise has been awaiting strip-down and dismantling at Puget Sound Naval Shipyard in Washington state.

Now, the GAO warns that the ‘unprecedented’ undertaking of dismantling and disposing of the ship could cost between $1 billion and $1.55 billion.

Under the current plan, the work on the ship’s nuclear components, including the eight nuclear reactors that powered the carrier, is to be carried out by Navy workers at the Puget Sound Shipyard, with the non-nuclear components handled by a private contractor.

CVN 65 was the eighth ship to bear the name Enterprise and the name will live on, with CVN 80.

Submission + - Spy Plane Has Been Flying Circles Over Seattle For Days (thedrive.com)

Submitted by turkeydance
turkeydance writes: A very unique USAF surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now. Nobody at the DoD seems to know who the aircraft belongs to or what exactly it is doing flying so many missions over the Seattle area. But based on its visibly exotic configuration, and information collected by open source flight tracking websites, we can get a good idea of its capabilities and guess as to what it’s up to.

Submission + - Global network of labs will test security of medical devices (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. (https://securityledger.com/2017/07/exclusive-whistl-labs-will-be-cyber-range-for-medical-devices/)

The “World Health Information Security Testing Labs (or “WHISTL”) will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers “address the public health challenges” created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium (http://www.mdiss.org/).

“MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders,” said Dr. Nordenberg, MD, Executive Director of MDISS.

The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like “fuzzing,” static code analysis and penetration testing of devices.

Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC).

The group says it plans for 10 new device testing labs by the end of the year including in U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.

Submission + - NSA's EternalBlue Exploit Ported to Windows 10 (threatpost.com)

Submitted by msm1267
msm1267 writes: EternalBlue, the NSA-developed attack used criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers.

The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks.

These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable.

Submission + - Bill Simmons says ESPN blew it by not embracing tech (cnbc.com)

Submitted by Anonymous Coward
An anonymous reader writes: ESPN's problem isn't competition over content: They didn't position themselves for a future where cord cutting was a reality, according to former ESPN personality Bill Simmons.

"They didn't see a lot of this coming," said Simmons. "They didn't see cord cutting coming. They weren't ready for it. A lot of decisions were made based on subs staying at a certain level. They had to realize they were a technology company. The ones winning are now Facebook, Twitter, Amazon, Hulu. ESPN should have been in that mix, but they're in Bristol. They should have had a place in Silicon Valley. That was their biggest mistake."

ESPN is far from over, Simmons points out. Though it may make less money in the future, it has such strong cable deals, he said.

"Everybody in here was paying $7 for ESPN whether they watched or not," he said.

Simmons left ESPN in May 2015 after a public breakup, and signed a deal for an HBO series called "Any Given Wednesday" shortly after. The HBO show was cancelled in November 2016. Simmons also launched a new website called The Ringer in 2016, which now has an advertising sales partnership deal with Vox Media.

Submission + - Leaked NSA Exploit Spreading Ransomware Worldwide (threatpost.com)

Submitted by msm1267
msm1267 writes: A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent ShadowBrokers dump.

Researchers said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA.

Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they’ve recorded more than 45,000 infections so far on their sensors, and expect that number to climb.

Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems.

Submission + - SPAM: WikiLeaks Reveals The "Snowden Stopper": CIA Tool To Track Whistleblowers

Submitted by schwit1
schwit1 writes: As the latest installment of it's 'Vault 7' series, WikiLeaks has just dropped a user manual describing a CIA project known as ‘Scribbles’ (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of ‘web beacon’ tags into documents “likely to be stolen.” The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release

But, the "Scribbles" user guide notes there is just one small problem with the program...it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.
Link to Original Source

Submission + - Apple fails to remove 'deleted' Safari web browser histories from iCloud (betanews.com)

Submitted by BrianFagioli
BrianFagioli writes: Today, a bit of a failure was discovered on Apple's part regarding user privacy. You see, when an Apple user deleted their web browser history, they assumed it was gone forever — and rightfully so. While the data no longer appeared on Apple devices, it has been discovered by ElcomSoft that it persisted on iCloud. To make matters worse, this data is easily recoverable.

Vladimir Katalov, ElcomSoft says, "Safari history is synced across devices. Once you delete a record on one device, it will disappear on all other devices in a matter of seconds (or minutes), provided that those devices are connected to the Internet. While those records can be retained in SQLite database for technical reasons, a flush or cleanup will purge them sooner or later (on an actively used device, this can happen in a few days or up to 2-3 weeks). However, those same records will be kept in Apple iCloud for much longer. In fact, we were able to access records dated more than one year back. The user does not see those records and does not know they still exist on Apple servers."

Submission + - Mozilla Releases The Internet Health Report, An Open-Source Document

Submitted by Krystalo
Krystalo writes: Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources. The report, which will be improved and expanded throughout the year, covers five key topics: decentralization, digital inclusion, open innovation, privacy and security, and web literacy.

Submission + - Satellite spots massive object hidden under the frozen wastes of Antarctica (thesun.co.uk) 5

Submitted by schwit1
schwit1 writes: SCIENTISTS believe a massive object which could change our understanding of history is hidden beneath the Antarctic ice.

The huge and mysterious “anomaly” is thought to be lurking beneath the frozen wastes of an area called Wilkes Land. It stretches for a distance of 151 miles across and has a maximum depth of about 848 metres. This “Wilkes Land gravity anomaly” was first uncovered in 2006, when NASA satellites spotted gravitational changes which indicated the presence of a huge object sitting in the middle of a 300 mile wide impact crater.

Submission + - Voice Is the Next Big Platform, and Alexa Will Own It (backchannel.com) 1

Submitted by mirandakatz
mirandakatz writes: In 2017, voice-controlled products like Alexa are going to start going mainstream: more people will be purchasing devices like Echos, and the tech that controls them is only getting better. It's predicted that by the following year, more than 30% of our interactions with technology will happen in conversations with machines. At Backchannel, Jessi Hempel argues that "the Alexa-enabled Echo is a true unicorn, one of those rare products that arrives every few years and fundamentally changes the way we live...but if Amazon’s lead is secure in 2017, it shouldn’t count its competitors out for the future."

Submission + - Matt Taibbi: 'Washington Post' 'Blacklist' Story Is Shameful and Disgusting (rollingstone.com)

Submitted by MyFirstNameIsPaul
MyFirstNameIsPaul writes: From the article:

Most high school papers wouldn't touch sources like these. But in November 2016, both the president-elect of the United States and the Washington Post are equally at ease with this sort of sourcing.

Even worse, the Post apparently never contacted any of the outlets on the "list" before they ran their story. Yves Smith at Naked Capitalism says she was never contacted. Chris Hedges of Truthdig, who was part of a group that won the Pulitzer Prize for The New York Times once upon a time, said the same. "We were named," he tells me. "I was not contacted."

Hedges says the Post piece was an "updated form of Red-Baiting."

"This attack signals an open war on the independent press," he says. "Those who do not spew the official line will be increasingly demonized in corporate echo chambers such as the Post or CNN as useful idiots or fifth columnists."

Submission + - OAuth 2.0 Flaw Exposes 1 Billion Mobile Apps to Takeover (threatpost.com)

Submitted by msm1267
msm1267 writes: Third-party applications that allow single sign-on via Facebook and Google and support the OAuth 2.0 protocol, are exposed to account hijacking.

Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called “Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0.” The paper describes an attack that takes advantage of poor OAuth 2.0 implementations and puts more than one billion apps in jeopardy.

The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina—which operates Weibo in China—and support SSO for third-party apps. The researchers found that 41.2 percent of the apps they tested were vulnerable to their attack, including popular dating, travel, shopping, hotel booking, finance, chat, music and news apps. None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases.

Submission + - Vanity Fair Publishes Expose Article on Theranos

Submitted by PvtVoid
PvtVoid writes: In a new article, Vanity Fair examines the Theranos disaster, from origins to aftermath. It's a compelling story of hubris, glamour and secrecy about the unicorn Silicon Valley company that turned out to be founded on bullshit. While not the only unicorn company founded on bullshit, Theranos had the distinction of actually putting its customers' lives in danger: "[The Centers for Medicare and Medicaid Services] soon discovered that some of the tests Theranos was performing were so inaccurate that they could leave patients at risk of internal bleeding, or of stroke among those prone to blood clots. The agency found that Theranos appeared to ignore erratic results from its own quality-control checks during a six-month period last year and supplied 81 patients with questionable test results." At least Elizabeth Holmes is going to be played by Jennifer Lawrence in an upcoming movie.

Submission + - New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish (threatpost.com)

Submitted by msm1267
msm1267 writes: New attacks revealed today against 64-bit block ciphers push cryptographic ciphers such as Triple-DES (3DES) and Blowfish closer to extinction.

The attacks, known as SWEET32, allow for the recovery of authentication cookies from HTTPS traffic protected by 3DES, and BasicAUTH credentials from OpenVPN traffic protected by default by Blowfish.

In response, OpenSSL is expected tomorrow to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version this week as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks.

The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic--from a connection that is kept alive for a long period of time--to recover the session cookie.

Slashdot Top Deals

"Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."

Close