Forgot your password?
Close
typodupeerror
Network

Submission + - Private Key Found Embedded in Major SCADA Equipment (digitalbond.com)

Submitted by sl4shd0rk
sl4shd0rk writes: RuggedOS (A Siemens Subsidiary of Flame and Stuxnet fame), an Operating System used in mission-critical hardware such as routers and SCADA gear, has been found to contain an embedded private encryption key. Now that all affected RuggedCom devices are sharing the same key, a compromise on one device gets you the rest for free. If the claims are valid, systems in use which would be affected include US Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation. The SCADA gear which RuggedOS typically runs on are often connected to machinery controlling electrical substations, traffic control systems, and other critical infrastructure. This is the second security nightmare for RuggedCom this year, the first being the discovery of a backdoor containing a non-modifiable account.
Google

Submission + - Google Building Privacy Red Team (threatpost.com)

Submitted by Trailrunner7
Trailrunner7 writes: Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy "red team", a group of people charged with finding and resolving privacy risks in the company's products.

The concept of a red team is one that's been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area.

But Google's concept of building an internal team to look critically at engineering and other decisions in the company's products and services that could involve user privacy risks is perhaps a unique one. The company has been a frequent target for criticism from privacy advocates and government agencies regarding its privacy practices. The most recent incident was the settlement with the FTC earlier this month in a case that revolved around whether Google was circumventing the browser settings on Safari to place tracking cookies on users' machines. While not admitting any fault, Google agreed to pay the $22.5 million fine, the highest ever in such a case.
Cloud

Submission + - Review: Google Compute Engine (infoworld.com)

Submitted by
snydeq
snydeq writes: "InfoWorld's Peter Wayner takes an in-depth look at Google Compute Engine, the search giant's response to Amazon Web Services and Rackspace. 'If you want to build your own collection of Linux boxes, Google Compute Engine offers a nice, generic way to buy servers at what — depending on the size of compute instance you need — can be a great price. The most attractive feature will probably be the proximity to the other parts of the Google infrastructure,' Wayner writes, adding that Google Compute Engine is just one part of the Google APIs portal, a grand collection of 46 services. 'I suspect many developers will be most interested in using Google Compute Engine when they want to poll these Google databases fairly often. While I don't think you're guaranteed to be in the same zone as the service you want, you're still closer than when traveling across the generic Web.'"

Slashdot Top Deals

Man must shape his tools lest they shape him. -- Arthur R. Miller

Close