turing0 writes "As a former bioinformatics researcher and CTO I have some sad news to start 2012 with. Though I am sure not a surprise to the Slashdot crowd, it appears we — or our demographic — made up more than 75% of the Google Health userbase. Today marks the end of Google Health. (Also see this post for the official Google announcement and lame excuse for the reasoning behind this myopic decision.) The decision of Google to end this excellent service is a fantastic example of what can represent the downside of cloud services for individuals and enterprises. The cloud is great when and while your desired application is present — assuming it's secure and robust — but you are at the mercy of the provider for longevity." (Read more, below.)
theshowmecanuck writes "Reuters reports that there is little or no security at one of the main factories in Russia responsible for military and Soyuz rocket manufacture. Blogger Lana Sator was able to walk right into the empty (off hours) facility through huge gaps in the fences that no-one bothered to repair, and there was no security to stop them aside from some dogs that didn't bother them either. In fact Lana even has one picture of herself posing next to an apparently non-functional security camera, another of her sitting on what looks like to be possibly a partially assembled rocket motor (someone who knows better can fill us in), and has about 100 photos of the escapade all told on her blog about this (it's in Russian... which I don't speak... any translators out there?). Russian officials are said to be deeply concerned. I wonder if this has any bearing on why Russian rockets haven't been making it into space successfully, or whether it and the launch failures are all part of some general industrial malaise that is taking place."
Orome1 writes "Many prisons and jails use SCADA systems with PLCs to open and close doors. Using original and publicly available exploits along with evaluating vulnerabilities in electronic and physical security designs, researchers discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to 'open' or 'locked closed' on cell doors and gates."
wiredmikey writes "New research from Kaspersky Labs has revealed that the platform dubbed 'tilded' (~d), which was used to develop Stuxnet and Duqu, has been around for years. The researchers say that same platform has been used to create similar Trojans which have yet to be discovered. Alexander Gostev and Igor Sumenkov have put together some interesting research, the key point being that the person(s) behind what the world knows as Stuxnet and Duqu have actually been using the same development platform for several years." An anonymous reader adds a link to this "surprisingly entertaining presentation" (video) by a Microsoft engineer, in which "he tells the story of how he and others analysed the exploits used by Stuxnet. Also surprising are the simplicity of the exploits which were still present in Win7." See also the report at Secureist from which the SecurityWeek story draws.
New submitter windcask asks "Every New Year's Day, I assemble and memorize a random collection of seven to ten mixed-case alphanumeric characters and proceed to change every password I have on the interwebs to these characters (plus a few extra characters unique to the site). The problem is I only change them on the sites I visit. Once in a while, I'll come across a site I haven't visited for a few years, and I may end up not being able to guess the password before the try-lockout takes effect. What are your password-changing rituals, and how do they deal with situations like mine? I do use Keepass for work, but it is sometimes impractical for times I'm at other computers."
New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"
Trailrunner7 writes "Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Tactical Network Solutions has released the tool as an open-source project on Google Code, but also is selling a more advanced commercial version."
OverTheGeicoE writes "It looks like Congress' recent jabs at TSA were just posturing after all. Last Friday, President Obama signed a spending act passed by both houses of Congress. The act gives TSA a $7.85 billion budget increase for 2012 and includes funding for 12 additional multi-modal Visible Intermodal Prevention and Response (VIPR) teams and 140 new behavior detection officers. It even includes funding for 250 shiny new body scanners, which was originally cut from the funding bill last May."
randomErr writes "Intel began shipping the new mobile Atom, formerly codenamed 'Cedar Trail', processors to manufacturers. As with most new chips it has more features and longer battery life. Intel said today 'Computing systems using new Atom processors will debut in early 2012 through leading original equipment manufacturers (OEMs) such as Acer, Asus, HP, Lenovo, Samsung, and Toshiba.'"
itwbennett writes "Yes, IPv4 addresses are running out, but a Y2K-style disaster/frenzy won't be coming in 2012. Instead, businesses are likely to spend the coming year preparing to upgrade to IPv6, experts say. Of course there's a chance that panic will ensue when Europe's RIPE hands out its last IPv4 addresses this summer, but 'most [businesses] understand that they can live without having to make any major investments immediately,' said IDC analyst Nav Chander. Plus, it won't be until 2013 that North America will run out of IPv4 addresses and there's no sense getting worked up before then."
First time accepted submitter aeturnus writes "A new attack on the GSM mobile communications protocol has been demonstrated by Karsten Nohl and Luca Melette of Security Research Labs, based off their previously published attacks around vulnerabilities in the GSM A5/1 encryption protocol. This new attack, which Nohl indicates already in use by criminals, allows an attacker to simulate a GSM mobile and use it to make calls and send text messages. Nohl also discussed protective measures users should take against these attacks, and others in use by intelligence communities around the world." This was just one of many presentations at the 28th Chaos Communications Congress.
wiredmikey writes "In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'"
dcblogs writes "IT managers see themselves as 'reigning supreme,' in an organization, and are seen by non-IT workers as difficult to get along with, says organizational psychologist Billie Blair. If IT managers changed their ways, they could have a major impact in an organization. 'So much of their life is hidden under a bushel because they don't discuss things, they don't divulge what they know, and the innovation that comes from that process doesn't happen, therefore, in the organization,' says Blair."
nbauman writes "In June 1903, Gugliemo Marconi and his partner Ambrose Flemming were about to give the first demonstration of long-range wireless communication at the Royal Institution in London, which, Marconi said, could be sent in complete confidentiality with no fear of the messages being hijacked. Suddenly, the silence was broken by a huge mysterious wireless pulse strong enough to take over the carbon-arc projector and make it sputter messages in Morse Code. First, it repeated the word 'Rats' over and over again (abusive at that time). Then it tapped out, 'There was a young fellow of Italy, who diddled the public quite prettily.' Further rude epithets followed. It was Nevil Maskelyne, a stage musician and inventor who was annoyed because Marconi's patents prevented him from using wireless. It was the first hacking, to demonstrate an insecure system."
First time accepted submitter porsche911 writes "It looks like the NYTimes have been hacked and a large number of subscribers spammed with messages about cancellation of their service. The phone system is overwhelmed as well. The Times is currently saying the email is a fake, but that raises other worries. They were one of the only 3rd parties that had the email in question so it appears either someone really screwed up or they've suffered a data breach." Update: 12/28 21:59 GMT by S : Looks like it was just a mistake by an employee.