×
Power

Communications Protocol Leaves Power Grid Vulnerable 68

Posted by Soulskill from the electricity-is-a-luxury dept.
mspohr writes "The NY Times has an interesting story about a pair of researchers who 'discovered that they could freeze, or crash, the software that monitors a [power] substation, thereby blinding control center operators from the power grid.' These two engineers wrote software to test for vulnerabilities in the control systems of electrical power grids which use a protocol called DNP3 to communicate with sub-stations. They first tested an open source implementation of the protocol and didn't find any problems. They were worried that their software test wasn't adequate so they started testing proprietary systems. The broke every single one of the 16 proprietary systems they tested initially and found nine more systems vulnerable in later testing. They were able to install malware and also found firewalls ineffective. The pair reported this to the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, I.C.S.-C.E.R.T. and didn't get much of a response. It's scary that our electrical grid is so vulnerable and there doesn't seem to be much urgency to get it fixed. A few patches have been issued, but who knows if the systems have been updated?"
GUI

Wireshark Switches To Qt 79

Posted by Soulskill from the changing-horses dept.
An anonymous reader writes "Beginning with version 1.11.0, open source packet analyzer Wireshark is switching its user interface library from GTK+ to Qt. 'Both libraries make it easy for developers [to] write applications that will run on different platforms without having to rewrite a lot of code. GTK+ has had a huge impact on the way Wireshark looks and feels and on its popularity but it doesn't cover our supported platforms as effectively as it should and the situation is getting worse as time goes on.'"
Facebook

Facebook 'Stalker' Tool Uses Graph Search For Data Mining 38

Posted by Soulskill from the at-least-somebody-finds-it-useful dept.
angry tapir writes "Mining small details from Facebook has become even easier with Graph Search, the site's new search engine that returns personalized results from natural-language queries. Graph Search granularly mines Facebook's vast user data: where people have visited, what they like and if they share those same preferences with their friends. 'FBStalker' is a Python script debuted at the Hack in the Box security conference in Kuala Lumpur. In its current form, FBStalker runs in the Chrome browser on OS X, entering queries into Facebook's Graph Search and pulling data. Even if a person's profile is locked down to strangers, their friends' open profiles can be examined, giving an indication, for example, who the person may be close with. FBStalker uses Graph Search to find photos in which two people are tagged in, comments on profiles and more."

Slashdot Top Deals