Forgot your password?
typodupeerror

Submission + - AI Data Centers Being Built Faster Than They Can Be Secured (securityweek.com)

wiredmikey writes: AI is reshaping data centers and introducing security risks traditional architectures weren't designed to handle. As AI data centers scale at breakneck speed, security isn't keeping up. Researchers outline the Top 10 AI infrastructure security risks, including hardware integrity, multi-tenant isolation, high-speed network fabrics, supply chain compromise, and patching failures.

Submission + - Physicists create first room-temperature quantum material (phys.org)

alternative_right writes: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magaña-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.

Comment Re:DST is Dumb (Score 1) 253

We can operate at night, but do we want to? Your comment is precisely why I'm an advocate for permanent DST I'm not a morning person, so fuck any light in the morning. Give me sunlight in the afternoon to sit outside and enjoy myself.

Also no we can't operate perpetually at night, at least not without medical issues. This is one of the reason vitamin D deficiency is a thing.

There is absolutely no reason that work and other mandatory things cannot be done at night, leaving the daytime free for you to do your own things. Wasting what limited daylight hours we have stuck in a cube farm with artificial lights anyway is ridiculous. There are very few jobs that actually require natural light these days.

Comment Re:They should do the same in The Netherlands (Score 5, Insightful) 253

The sun always rises later in the winter, that's the nature of winter... The only thing this changes is the arbitrary numbers that are displayed when the sun is rising.
Instead of fixating around those arbitrary numbers, plan your day around actual environment factors like when the sun rises etc.

Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)

joshuark writes: ProPublica Reporter Renee Dudley heard Microsoft was running tech support for the U.S. Defense Department through China, the country’s biggest cybersecurity adversary.

The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.

Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.

“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.

In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.

It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.

A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.

Comment Re:What's the Real Danger? (Score 1) 76

Assuming that CGNAT makes you immune is a huge error.
Once you compromise a single customer you're now inside the CGNAT pool, where you will see lots of very vulnerable devices because they were left vulnerable on the assumption that they were not reachable. In an ISP with thousands of customers, at least a handful will have some infected devices.

Modern Windows devices absolutely do not become compromised via inbound connections to open ports, they become compromised via vulnerable client software or user error (eg phishing, malware infected downloads etc), all of which only depends on being able to make outbound connections.

Comment Re:Shouldn't this be expected? (Score 1) 76

Many simply don't care.
A lot of ISPs especially in Asia use CGNAT and/or rapidly rotating IPv6 and then do nothing about abuse so the address space is widely blacklisted.

In other countries ISPs aren't forced to use CGNAT, and use at least sticky if not fully static addressing so if customers get themselves blacklisted the ISP generally doesn't need to care as it won't affect other users.

Slashdot Top Deals

OS/2 must die!

Working...