Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror

Submission + - Chernobyl's new sarcophagus now in place

Submitted by MrKaos
MrKaos writes: 30 years and seven months since the explosion that set all of this in motion the project known as the 'Shelter Implementation Plan' has been rolled into place sealing the crippled Chernobyl reactor. More than 10,000 people were involved in the project, which includes an advanced ventilation systems and remote controlled robotic cranes to dismantle the existing Soviet-built structure and reactor.

This sarcophagus – or New Safe Confinement (NSC) – is taller than the Statue of Liberty and larger than Wembley stadium.

Submission + - SCADA "Selfies" A Big Give Away To Hackers (csmonitor.com)

Submitted by chicksdaddy
chicksdaddy writes: The world’s governments are on notice that their critical infrastructure is vulnerable after an apparent cyberattack darkened 80,000 households in three regions of Ukraine last month. (http://hardware.slashdot.org/story/16/01/11/150241/ukraine-power-station-outage----enabled-by-malware-but-not-caused-by-malware) But on the question of safeguarding utilities, operators of power plants, water treatment facilities, and other industrial operations might do well to worry more about Instagram than hackers, according to a report by Christian Science Monitor Passcode.

Speaking at a gathering of industrial control systems experts last week, Sean McBride of the firm iSight Partners said that social media oversharing is wellspring of information that could be useful to attackers interested in compromising critical infrastructure. Among the valuable information he's found online: workplace selfies on Instagram and Facebook that reveal details of supervisory control and data acquisition, or SCADA, systems. (http://www.csmonitor.com/World/Passcode/2016/0115/Worried-about-cyberattacks-on-US-power-grid-Stop-taking-selfies-at-work)

"No SCADA selfies!" said Mr. McBride at the S4 Conference in Miami Thursday. "Don’t make an adversary’s job easier."

iSight has found examples of SCADA selfies at sensitive facilities and warns that such photos may unwittingly reveal critical information that operators would prefer to keep secret. The firm's researchers have also discovered panoramic pictures of control rooms and video walk-throughs of facilities. Corporate websites can divulge valuable information to adversaries like organization charts or lists of employees — valuable sources of information for would-be attackers, says McBride.

That kind of slip-up have aided critical infrastructure attacks in the past. Photographs published in 2008 by former Iranian President Mahmoud Ahmadinejad's press office provided western nuclear analysts with detailed views of the insides of the Natanz facility and Iran’s uranium enrichment operation – what an expert once described as "intel to die for." (http://www.nytimes.com/2008/04/29/science/29nuke.html?_r=0)

Submission + - Why Electronic Health Records Aren't More Usable (cio.com)

Submitted by itwbennett
itwbennett writes: There are plenty of things wrong with Electronic Health Records (EHRs), writes Ken Terry. Among them: 'The records are hard to read because they're full of irrelevant boilerplates..., [a]lerts frequently fire for inconsequential reasons..., and EHRs from different vendors are not interoperable with each other.' But those are all just symptoms of the underlying (and unsurprising) problem: '[T]hey are designed to support billing more than patient care.' A recent study (login required) found that, of 41 EHR vendors that released public reports, fewer than half used an industry-standard user-centered design process. This despite a requirement by The Office of the National Coordinator for Health IT that developers perform usability tests as part of a certification process that makes their EHRs eligible for the government's EHR incentive program.

Submission + - How To Convince a Team to Undertake UX Enhancements on a Large Codebase 1

Submitted by unteer
unteer writes: I work at a enterprise software company that builds an ERP system for a niche industry (i.e. not Salesforce or SAP size). Our product has been continuously developed for 10 years, and incorporates code that is even older. Our userbase is constantly expanding, and many of these users expect modern conveniences like intuitive UI and documented processes. However, convincing the development teams that undertaking projects to clean up the UI or build more self-explanatory features are often met with, "It's too big an undertaking," or, "it's not worth it."

Slashdotters, help me out. What is your advice for how to quantify and qualify improving the user experience of an aging, fairly large,but also fairly niche, ERP product?

Submission + - Ask Slashdot: Any good tech towns that aren't huge clusterf*cks? 4

Submitted by Anonymous Coward
An anonymous reader writes: I've been working in tech as a software developer for about 15 years. As I've gotten older I'm starting to see the appeal of living in a city that's not crazily blown out and expensive like most established tech markets (think San Francisco, Austin, Seattle, Los Angeles, etc.). Are there are any good tech job markets that are normal, affordable, livable, American cities, or am I forever doomed to be subjected to the rat race found in these overheated and overcrowded markets?

Submission + - Test Pilot Admits the F-35 Can't Dogfight (medium.com)

Submitted by schwit1
schwit1 writes: A test pilot has some very, very bad news about the F-35 Joint Strike Fighter. The pricey new stealth jet can't turn or climb fast enough to hit an enemy plane during a dogfight or to dodge the enemy's own gunfire, the pilot reported following a day of mock air battles back in January.

And to add insult to injury, the JSF flier discovered he couldn't even comfortably move his head inside the radar-evading jet's cramped cockpit. "The helmet was too large for the space inside the canopy to adequately see behind the aircraft." That allowed the F-16 to sneak up on him.

The test pilot's report is the latest evidence of fundamental problems with the design of the F-35 — which, at a total program cost of more than a trillion dollars, is history's most expensive weapon.

Your tax dollars at work.

Submission + - Report: Evidence of Healthcare Breaches Lurks on Infected Medical Devices (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: Evidence that serious and widespread breaches of hospital- and healthcare networks is likely to be hiding on compromised and infect medical devices in clinical settings, including medical imaging machines, blood gas analyzers and more, according to a report by the firm TrapX. (https://securityledger.com/2015/06/x-rays-behaving-badly-devices-give-malware-foothold-on-hospital-networks/)

In a report, which will be released this week, the company details incidents of medical devices and management stations infected with malicious software at three, separate customer engagements. According to the report, medical devices – in particular so-called picture archive and communications systems (PACS) radiologic imaging systems – are all but invisible to security monitoring systems and provide a ready platform for malware infections to lurk on hospital networks, and for malicious actors to launch attacks on other, high value IT assets.
Among the revelations contained in the report: malware at a TrapX customer site spread from a unmonitored PACS system to a key nurse’s workstation. The result: confidential hospital data was secreted off the network to a server hosted in Guiyang, China. Communications went out encrypted using port 443 (SSL), resulting in the leak of an unknown number of patient records. In another incident documented by the company, a healthcare institution at which installed its technology was found to have the Zeus and Citadel malware operating from infected blood gas analyzers in the hospital’s laboratory, which were infected and provided a “backdoor” into the hospital’s network and were being used to harvest credentials from other systems on the network.

“The medical devices themselves create far broader exposure to the healthcare institutions than standard information technology assets,” the report concludes.

Radiologic and medical imaging systems such as the PACS were particularly useful because they are heavily used and critical to the operation of almost every department. Of the three systems that TrapX found infected at customer sites, one was a PACS, the second was a medical x-ray scanner and the third was a collection of blood gas analyzers in a healthcare institution’s laboratory department used by critical care and emergency services.

To help validate its findings, TrapX acquired and tested a NOVA CCX blood gas analyzer of the type it encountered in the customer environments. As with the deployed devices, TrapX chose the version of the CCX for Windows 2000, which was the model used in customer settings. And, in fact, Windows 2000 is the choice for “many medical devices.” The version that TrapX obtained “did not seem to have been updated or patched in a long time,” the company writes.

“Based upon our experience and understanding of MEDJACK, our scientists believe that a large majority of hospitals are currently infected with malware that has remained undetected for months and in many cases years. We expect additional data to support these assertions over time," the report says.

Submission + - How American Students Get A University Degree For Free In Germany

Submitted by HughPickens.com
HughPickens.com writes: BBC reports that Germany has abandoned tuition fees altogether for German and international students alike and more than 4,600 US students are fully enrolled at Germany universities, an increase of 20% over three years. "When I found out that just like Germans I'm studying for free, it was sort of mind blowing," says Katherine Burlingame who decided to get her Master's degree at a university in the East German town of Cottbus. "I realised how easy the admission process was and how there was no tuition fee. This was a wow moment for me." When Katherine came to Germany in 2012 she spoke two words of German: 'hallo' and 'danke'. She arrived in an East German town which had, since the 1950s, taught the majority of its residents Russian rather than English. "At first I was just doing hand gestures and a lot of people had compassion because they saw that I was trying and that I cared." She did not need German, however, in her Master's program, which was filled with students from 50 different countries but taught entirely in English. In fact, German universities have drastically increased all-English classes to more than 1,150 programs across many fields.

So how can Germany afford to educate foreign students for free? Think about it this way: it’s a global game of collecting talent. All of these students are the trading cards, and the collectors are countries. If a country collects more talent, they'll have an influx of new ideas, new businesses and a better economy. For a society with a demographic problem — a growing retired population and fewer young people entering college and the workforce — qualified immigration is seen as a resolution to the problem as research shows that 50% of foreign students stay in Germany. "Keeping international students who have studied in the country is the ideal way of immigration," says Sebastian Fohrbeck."They have the needed certificates, they don't have a language problem at the end of their stay and they know the culture."

Submission + - United Airlines invites hackers to find security vulnerabilities (thestack.com)

Submitted by Anonymous Coward
An anonymous reader writes: Following a recent spike of interest regarding the potential to hack planes [http://news.slashdot.org/story/15/04/17/1439242/fbi-accuses-researcher-of-hacking-plane-seizes-equipment] United Airlines has created the first rewards-for-exploits scheme in the aviation industry. The 'Bug-Bounty' program [http://www.united.com/web/en-US/content/contact/bugbounty.aspx] offers up to a million air miles for submitters who find a specific range of exploits in the company's websites and digital infrastructure. The scheme not only bans participants from probing on-board flight systems but threatens criminal prosecution for any such attempt.

Submission + - Sony Employees Receive Email Threat From GOP, 'Your Family Will Be In Danger' (hothardware.com)

Submitted by MojoKid
MojoKid writes: It appears that things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Sony experienced a security breach last month and the fallout from the attack continues to mount. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."

Slashdot Top Deals

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Close