Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Root On 13K Devices: Misconfigured Serial Port Servers Expose Critical Systems (securityledger.com)

chicksdaddy writes: A survey conducted by the firm Rapid7 has found evidence that widespread vulnerabilities and insecure configuration of ubiquitous networking components known as serial port (or “terminal”) servers expose a wide range of critical assets to remote, unauthenticated access – including point of sale terminals, ATMs and industrial control systems. (https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers)

In the survey, over 114,000 unique IPs were identified, the vast majority manufactured by one company: Digi International (http://www.digi.com/).

The vulnerable devices uncovered include those connecting retail point-of-sale systems at a national chain of dry cleaners and providing direct access to employee terminals from which customer payment information could be accessed. Other exposed systems were used to monitor the location of cargo containers, train cargo as well as HVAC and industrial control systems, Rapid7 said.

“The results were pretty scary,” Moore wrote. “Authentication was rarely implemented and the types of devices exposed ranged from corporate VPN servers to traffic signal monitors.”

Moore’s analysis uncovered 13,000 serial port servers that, when accessed, provided unauthenticated access to root shells, system consoles, and administrative interfaces. Many of those had been hijacked by attackers using TCP or proprietary protocols after a valid user had authenticated to the device, then let the session fall idle. “These attacks a straight forward, but obscure,” Moore told The Security Ledger.

Science

Submission + - We Finally Know Why Oil and Water Don't Mix (motherboard.tv)

CoveredTrax writes: "Everyone knows oil and water don’t mix. It’s a simple concept, sure, but the hydrophobic interactions between fats and water are crucial to the mechanics of microbiology. The weird thing is, the base theories of chemistry suggest that there’s no reason oil and water shouldn’t mix, even though it’s obvious that’s not the case. Now there’s an explanation: a team of chemical engineers at the University of California, Santa Barbara have defined an equation that measures a compound’s hydrophobic character. It’s the first such equation of its kind."
Science

The Proton Just Got Smaller 289

inflame writes "A new paper published in Nature has said that the proton may be smaller than we previously thought. The article states 'The difference is so infinitesimal that it might defy belief that anyone, even physicists, would care. But the new measurements could mean that there is a gap in existing theories of quantum mechanics. "It's a very serious discrepancy," says Ingo Sick, a physicist at the University of Basel in Switzerland, who has tried to reconcile the finding with four decades of previous measurements. "There is really something seriously wrong someplace."' Would this indicate new physics if proven?"
The Almighty Buck

Activision Hit With $500m Suit From Modern Warfare 2 Devs 77

Dragoniz3r writes "Activision has been served a lawsuit from 38 plaintiffs, including present and former Infinity Ward employees, demanding up to half a billion dollars. The plaintiffs are seeking compensation for 'unpaid bonuses, royalties, profit-sharing, and future profits from games such as Modern Warfare 3, and punitive damages.'"
Space

Supermassive Black Holes Can Abort Star Formation 67

cremeglace writes "Astrophysicists have found that when a supermassive black hole quickly devours gas and dust, it can generate enough radiation to abort all the embryonic stars in the surrounding galaxy. It's not clear what this means for life's ability to take hold in such a bleak environment, but the research shows that the process might have determined the fates of many of the large galaxies in the universe."
Space

Geomagnetic Storm In Progress 110

shogun writes "The National Oceanic and Atmospheric Administration reports a strong geomagnetic storm is in progress. The shuttle, ISS and GPS systems may be affected." They think this storm was caused by a weak solar flare on April 3rd. As you may expect, this has caused some unusually impressive northern lights since it started. What you may not expect is a photograph from Japanese astronaut Soichi Noguchi aboard the International Space Station showing the aurora from orbit. He apparently tweets a lot of pictures from space. He and his crewmates have taken over 100,000 pictures since coming aboard the ISS.
Space

Planck Mission Releases Images of Galactic Dust 40

davecl writes "The Planck satellite has released its first new science images, showing the large scale filamentary structure of cold dust in our own galaxy. This release coincides with the completion of its first survey of the entire sky a couple of weeks ago. There's lots more work to be done, and more observations to be made, before results are ready on the Big Bang, but these images demonstrate Planck's performance and capability. More information is available on the Planck mission blog (which I maintain)."

Comment Re:What's the big deal? (Score 2, Insightful) 483

"You'll think outside the box in the way that WE tell you to, dammit".

I don't think I've ever heard another definition of the term "think outside the box". It's almost invariably used to mean, "I do not agree with what you are saying, therefore your worldview is too limited to comprehend the magnificence that is my idea. I am Ozymandias, king of thinkers! Look upon my thoughts, ye mighty, and despair!"

It is very rarely used to mean "innovate" or "be creative". After all, management asks it of people they pack like lemmings into dull beige-fabric boxes.

Communications

Earliest "Writing" On 60,000-Year-Old Eggshells 214

New Scientist reports on research published in PNAS (abstract here) about what may be the earliest writing yet discovered, on eggshells dated to 60,000 years ago. "Since 1999, Pierre-Jean Texier of the University of Bordeaux, France, and his colleagues have uncovered 270 fragments of shell at the Diepkloof Rock Shelter in the Western Cape, South Africa. They show the same symbols are used over and over again, and the team say there are signs that the symbols evolved over 5,000 years. This long-term repetition is a hallmark of symbolic communication and a sign of modern human thinking, say the team. [Another researcher is quoted:] 'Judging from what we know about the evolution of art all over the world, there may have been many [written language] traditions that were born, lasted for some time, and then vanished. This may be one of them, most probably not the first and certainly not the last.'"
Government

Leak Shows US Lead Opponent of ACTA Transparency 164

An anonymous reader writes "Throughout the debate over ACTA transparency, the secret copyright treaty, many countries have taken public positions that they support release of the actual text, but that other countries do not. Since full transparency requires consensus of all the ACTA partners, the text simply can't be released until everyone is in agreement. A new leak from the Netherlands fingers who the chief opponents of transparency are: the United States, South Korea, Singapore, and Denmark lead the way, with Belgium, Germany, and Portugal not far behind as problem countries."
Bug

Woz Cites "Scary" Prius Acceleration Software Problem 749

theodp writes "Speaking at Discovery Forum 2010, Apple co-founder Steve Wozniak went off topic and spoke about a 'very scary' problem with his 2010 Toyota Prius. 'I don't get upset and teed off at things in life, except computers that don't work right,' said Woz, who went on to explain he'd been trying to get through to Toyota and the National Highway Transportation Safety Administration for three months, but could not get anyone to explore an alleged software-related acceleration problem. 'I have a new model that didn't get recalled,' Steve said. 'This new model has an accelerator that goes wild but only under certain conditions of cruise control. And I can repeat it over and over and over again — safely.' Toyota said it investigates all complaints. 'We're in the business of investigating complaints, assessing problems and finding remedies,' said Toyota's John Hanson. 'After man-years of exhaustive testing we have not found any evidence of an electronic [software] problem that would have led to unwanted acceleration.'" We recently discussed other problems Toyota has had with electronic acceleration systems.

Comment Re:Great, but... (Score 1) 309

Right -- an *open* beta, *weeks* before launch. Any other software than an MMO would be just about ready to go when the number of days till production can be counted on your fingers and toes.

The actual game client isn't all that bad. The real failure is their server infrastructure, which appears unable to handle the demand of the players.

Also, there are hundreds of instances of each area, yet some instances are so busy that it can take an hour just to gain access to it. They've apparently never heard of load balancing or ahead-of-time slot reservation, which leaves users in a potentially infinite loop like this:

1) Log into the game and wait a very long time to "Retrieve the list of characters".
2) Click the "Play" button on your character and wait a very long time for the game to load.
3) Get into your previous instance, which is only rarely a problem.
4) Click through all the mission dialogs that say you've completed the mission, because you have, and you're trying to leave, and it won't let you.
5) Try to warp out of the instance and into the "sector space".
6) Curse at the system when it announces that the map is full. Gee, if it was full, why couldn't you have told me that *before* all the long load times?

The instances seem to have a fairly small number of slots (about 40), and they are picked either at random or based on the least busy instance at any given time. But if a particular region is particularly popular (and sector space is very, VERY popular), the only available instances will have, say, 38/40 or 39/40 slots in use. So by the time you load, some other person has already taken all the slots, and you get kicked all the way back to the login screen. Chance to pick another instance? Forget it. All the way back to step 1.

It's this kind of simple-minded instance management that makes the game so bad, and improving it would require a major refactoring of the existing network protocol, impacting both the client and the server in a major way.

If this were a problem back in closed beta, it would make sense that such an ad-hoc system were in place -- after all, there's still months till release, and ample time to refactor this kind of stuff. But at this point they're practically printing the manuals and burning the CDs for the box sets, and from here on out it's just minor fixes to keep the thing running.

Or at least, that's how everything except MMOs work. But from past experience with MMOs, the *real* technical state of this game is actually closer to late-alpha than retail.

Comment Re:Physical Security Systems (Score 1) 112

Why do you believe you'll get better performance on the Mac?

I don't "believe" it, but I am hoping for a better client at some point, and I'd really like to dump the Windows requirements. I'd be grateful for a better client on Windows, even. I just prefer the Mac, Macs are what we use around here for most things. There's always Parallels, after all.

If you have VGA monitors and splitters something isn't designed correctly.

I'm sorry, what? Are you saying I should parallel the monitors somehow? I'm really not following you here. These monitors are located 50...100 feet from the DVR; I'm not at all sure how you'd do it otherwise. Please enlighten me.

If you use mostly direct monitor viewing, then you probably don't need a client system, unless you need to review stored video.

We do a mix; we use the VGA monitors to allow us to see a 16-camera multiplex (usually), the client lets us grab any one camera at a time on a Windows desktop or some combination if we like. Mostly we let the 16-camera VGA monitor setup serve until we have specific needs. It's a large building, and it isn't always convenient to get to the DVR.

If you have an IE client, use a normal workstation for the search functions only when you need it.

IE... Internet explorer, perhaps? The client is some kind of stand-alone app thingee. Doesn't run in a browser, if that's what you mean.

Most DVRs have a spot/alarm monitor output, which can often be programmed to sequence between camera views.

Yes, the VGA output does this (or can, anyway.) But that doesn't help us with remote playback, search etc., that requires the client. And the client is really pretty miserable.

Comment Re:Windows 7 is better than Linux (Score 2, Insightful) 349

Windows applications are pre-compiled 99.999% of the time - there is no need for a compiler for the vast majority of the users.
You trade "freedom" and "security" for ease of installation and setup. Any linux user who installs something without personally reading every line of source code gives up the "security" gained from FOSS. Any linux user who ends up grabbing a binary driver for their video card gives up "freedom".
--You should have trolled the registry and the lack of a competent equivalent to package managers.

Notepad is a great text editor. If you want something different/more robust, there are tons of free ones.
--You should have trolled nothing - just queue the vi/emacs debate.

Windows is closed-source, so no, they don't ship it with the source code.
--You should have trolled the ridiculous licensing scheme for different versions, volume licenses, upgrade/full, etc.

Slashdot Top Deals

Five is a sufficiently close approximation to infinity. -- Robert Firth "One, two, five." -- Monty Python and the Holy Grail

Working...