Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - SCADA "Selfies" A Big Give Away To Hackers (csmonitor.com)

chicksdaddy writes: The world’s governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month. (http://hardware.slashdot.org/story/16/01/11/150241/ukraine-power-station-outage----enabled-by-malware-but-not-caused-by-malware) But on the question of safeguarding utilities, operators of power plants, water treatment facilities, and other industrial operations might do well to worry more about Instagram than hackers, according to a report by Christian Science Monitor Passcode.

Speaking at a gathering of industrial control systems experts last week, Sean McBride of the firm iSight Partners said that social media oversharing is wellspring of information that could be useful to attackers interested in compromising critical infrastructure. Among the valuable information he's found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems. (http://www.csmonitor.com/World/Passcode/2016/0115/Worried-about-cyberattacks-on-US-power-grid-Stop-taking-selfies-at-work)

"No SCADA selfies!" said Mr. McBride at the S4 Conference in Miami Thursday. "Don’t make an adversary’s job easier."

iSight has found examples of SCADA selfies at sensitive facilities and warns that such photos may unwittingly reveal critical information that operators would prefer to keep secret. The firm's researchers have also discovered panoramic pictures of control rooms and video walk-throughs of facilities. Corporate websites can divulge valuable information to adversaries like organization charts or lists of employees — valuable sources of information for would-be attackers, says McBride.

That kind of slip-up have aided critical infrastructure attacks in the past. Photographs published in 2008 by former Iranian President Mahmoud Ahmadinejad's press office provided western nuclear analysts with detailed views of the insides of the Natanz facility and Iran’s uranium enrichment operation – what an expert once described as "intel to die for." (http://www.nytimes.com/2008/04/29/science/29nuke.html?_r=0)

Submission + - Why Electronic Health Records Aren't More Usable (cio.com)

itwbennett writes: There are plenty of things wrong with Electronic Health Records (EHRs), writes Ken Terry. Among them: 'The records are hard to read because they're full of irrelevant boilerplates..., [a]lerts frequently fire for inconsequential reasons..., and EHRs from different vendors are not interoperable with each other.' But those are all just symptoms of the underlying (and unsurprising) problem: '[T]hey are designed to support billing more than patient care.' A recent study (login required) found that, of 41 EHR vendors that released public reports, fewer than half used an industry-standard user-centered design process. This despite a requirement by The Office of the National Coordinator for Health IT that developers perform usability tests as part of a certification process that makes their EHRs eligible for the government's EHR incentive program.

Submission + - How To Convince a Team to Undertake UX Enhancements on a Large Codebase 1

unteer writes: I work at a enterprise software company that builds an ERP system for a niche industry (i.e. not Salesforce or SAP size). Our product has been continuously developed for 10 years, and incorporates code that is even older. Our userbase is constantly expanding, and many of these users expect modern conveniences like intuitive UI and documented processes. However, convincing the development teams that undertaking projects to clean up the UI or build more self-explanatory features are often met with, "It's too big an undertaking," or, "it's not worth it."

Slashdotters, help me out. What is your advice for how to quantify and qualify improving the user experience of an aging, fairly large,but also fairly niche, ERP product?

Submission + - Ask Slashdot: Any good tech towns that aren't huge clusterf*cks? 4

An anonymous reader writes: I've been working in tech as a software developer for about 15 years. As I've gotten older I'm starting to see the appeal of living in a city that's not crazily blown out and expensive like most established tech markets (think San Francisco, Austin, Seattle, Los Angeles, etc.). Are there are any good tech job markets that are normal, affordable, livable, American cities, or am I forever doomed to be subjected to the rat race found in these overheated and overcrowded markets?

Submission + - Test Pilot Admits the F-35 Can't Dogfight (medium.com)

schwit1 writes: A test pilot has some very, very bad news about the F-35 Joint Strike Fighter. The pricey new stealth jet can't turn or climb fast enough to hit an enemy plane during a dogfight or to dodge the enemy's own gunfire, the pilot reported following a day of mock air battles back in January.

And to add insult to injury, the JSF flier discovered he couldn't even comfortably move his head inside the radar-evading jet's cramped cockpit. "The helmet was too large for the space inside the canopy to adequately see behind the aircraft." That allowed the F-16 to sneak up on him.

The test pilot's report is the latest evidence of fundamental problems with the design of the F-35 — which, at a total program cost of more than a trillion dollars, is history's most expensive weapon.

Your tax dollars at work.

Submission + - Report: Evidence of Healthcare Breaches Lurks on Infected Medical Devices (securityledger.com)

chicksdaddy writes: Evidence that serious and widespread breaches of hospital- and healthcare networks is likely to be hiding on compromised and infect medical devices in clinical settings, including medical imaging machines, blood gas analyzers and more, according to a report by the firm TrapX. (https://securityledger.com/2015/06/x-rays-behaving-badly-devices-give-malware-foothold-on-hospital-networks/)

In a report, which will be released this week, the company details incidents of medical devices and management stations infected with malicious software at three, separate customer engagements. According to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets.
Among the revelations contained in the report: malware at a TrapX customer site spread from a unmonitored PACS system to a key nurse’s workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL), resulting in the leak of an unknown number of patient records. In another incident documented by the company, a healthcare institution at which installed its technology was found to have the Zeus and Citadel malware operating from infected blood gas analyzers in the hospital’s laboratory, which were infected and provided a “backdoor” into the hospital’s network and were being used to harvest credentials from other systems on the network.

“The medical devices themselves create far broader exposure to the healthcare institutions than standard information technology assets,” the report concludes.

Radiologic and medical imaging systems such as the PACS were particularly useful because they are heavily used and critical to the operation of almost every department. Of the three systems that TrapX found infected at customer sites, one was a PACS, the second was a medical x-ray scanner and the third was a collection of blood gas analyzers in a healthcare institution’s laboratory department used by critical care and emergency services.

To help validate its findings, TrapX acquired and tested a NOVA CCX blood gas analyzer of the type it encountered in the customer environments. As with the deployed devices, TrapX chose the version of the CCX for Windows 2000, which was the model used in customer settings. And, in fact, Windows 2000 is the choice for “many medical devices.” The version that TrapX obtained “did not seem to have been updated or patched in a long time,” the company writes.

“Based upon our experience and understanding of MEDJACK, our scientists believe that a large majority of hospitals are currently infected with malware that has remained undetected for months and in many cases years. We expect additional data to support these assertions over time," the report says.

Submission + - How American Students Get A University Degree For Free In Germany

HughPickens.com writes: BBC reports that Germany has abandoned tuition fees altogether for German and international students alike and more than 4,600 US students are fully enrolled at Germany universities, an increase of 20% over three years. "When I found out that just like Germans I'm studying for free, it was sort of mind blowing," says Katherine Burlingame who decided to get her Master's degree at a university in the East German town of Cottbus. "I realised how easy the admission process was and how there was no tuition fee. This was a wow moment for me." When Katherine came to Germany in 2012 she spoke two words of German: 'hallo' and 'danke'. She arrived in an East German town which had, since the 1950s, taught the majority of its residents Russian rather than English. "At first I was just doing hand gestures and a lot of people had compassion because they saw that I was trying and that I cared." She did not need German, however, in her Master's program, which was filled with students from 50 different countries but taught entirely in English. In fact, German universities have drastically increased all-English classes to more than 1,150 programs across many fields.

So how can Germany afford to educate foreign students for free? Think about it this way: it’s a global game of collecting talent. All of these students are the trading cards, and the collectors are countries. If a country collects more talent, they'll have an influx of new ideas, new businesses and a better economy. For a society with a demographic problem — a growing retired population and fewer young people entering college and the workforce — qualified immigration is seen as a resolution to the problem as research shows that 50% of foreign students stay in Germany. "Keeping international students who have studied in the country is the ideal way of immigration," says Sebastian Fohrbeck."They have the needed certificates, they don't have a language problem at the end of their stay and they know the culture."

Submission + - SourceForge hijacks Win-Gimp, wraps installer in adware (arstechnica.com) 1

slashdice writes: Ars Technica (and, well, everybody other than slashdot) is reporting on the reprehensible behavior by SourceForge, Slashdot sister sister site. "SourceForge, the code repository site owned by Slashdot Media, has apparently seized control of the account hosting GIMP for Windows on the service, according to e-mails and discussions amongst members of the GIMP community—locking out GIMP's lead Windows developer. And now anyone downloading the Windows version of the open source image editing tool from SourceForge gets the software wrapped in an installer replete with advertisements."

Submission + - United Airlines invites hackers to find security vulnerabilities (thestack.com)

An anonymous reader writes: Following a recent spike of interest regarding the potential to hack planes [http://news.slashdot.org/story/15/04/17/1439242/fbi-accuses-researcher-of-hacking-plane-seizes-equipment] United Airlines has created the first rewards-for-exploits scheme in the aviation industry. The 'Bug-Bounty' program [http://www.united.com/web/en-US/content/contact/bugbounty.aspx] offers up to a million air miles for submitters who find a specific range of exploits in the company's websites and digital infrastructure. The scheme not only bans participants from probing on-board flight systems but threatens criminal prosecution for any such attempt.

Submission + - Good seating options for the intellectually engaged?

symes writes: Being someone who spends most of his life sat in front of a computer screen I have become conscious that what I sit on might have lasting effects on posture and so forth. What, in Slashdot's opinion, is the latest and greatest derrière tech out there?

Submission + - Bacteria discovered that both eats and excretes pure electrons

Presto Vivace writes: Biologists discover electric bacteria that eat pure electrons rather than sugar, redefining the tenacity of life

Some intrepid biologists at the University of Southern California (USC) have discovered bacteria that survives on nothing but electricity — rather than food, they eat and excrete pure electrons. These bacteria yet again prove the almost miraculous tenacity of life — but, from a technology standpoint, they might also prove to be useful in enabling the creation of self-powered nanoscale devices that clean up pollution. Some of these bacteria also have the curious ability to form into ‘biocables,’ microbial nanowires that are centimeters long and conduct electricity as well as copper wires — a capability that might one day be tapped to build long, self-assembling subsurface networks for human use.

Submission + - Peer-reviewed Study: MS Word is Superior to LaTeX

An anonymous reader writes: A study recently published in PLOS ONE has compared MS Word to LaTeX and demonstrated that "...LaTeX users were slower than Word users, wrote less text in the same amount of time, and produced more typesetting, orthographical, grammatical, and formatting errors. On most measures, expert LaTeX users performed even worse than novice Word users... We conclude that even experienced LaTeX users may suffer a loss in productivity when LaTeX is used, relative to other document preparation systems. Individuals, institutions, and journals should carefully consider the ramifications of this finding when choosing document preparation strategies, or requiring them of authors."
http://www.plosone.org/article...

Slashdot readers may also be interested in reading post-publication responses to the paper on PubPeer:
https://pubpeer.com/publicatio...

Submission + - Hewlett-Packard Is Working On A Revolutionary Computer and OS

jones_supa writes: Hewlett-Packard is planning to take an extremely ambitious step toward giving a refresh to the architecture of a traditional computer and its operating system. The company's research division is working to create a computer which HP calls The Machine. A key idea is that HP's design shall use memristors for both temporary and long-term data storage. There would also be other novel features such as using optical fiber instead of copper wiring for data buses. Next summer the team aims to complete an operating system designed for The Machine, called Linux++, bundled with emulation tools to run existing applications. Linux++ is intended to ultimately be replaced by an operating system called Carbon, which is designed from scratch for The Machine. The chief architect of the project is Kirk Bresniker and a working prototype of The Machine is expected to be ready by 2016.

Slashdot Top Deals

When we write programs that "learn", it turns out we do and they don't.

Working...