gManZboy writes "A key component of the FAA's emerging 'Next Gen' air traffic control system is fundamentally insecure and ripe for manipulation and attack, security researcher Andrei Costin said in a presentation Wednesday at Black Hat 2012. Costin outlined a series of issues related to the Automatic Dependent Surveillance-Broadcast (ADS-B) system, a replacement to the decades-old ground radar system used to guide airplanes through the sky and on the ground at airports. Among the threats to ADS-B: The system lacks a capability for message authentication. 'Any attacker can pretend to be an aircraft' by injecting a message into the system, Costin said. There's also no mechanism in ADS-B for encrypting messages. One example problem related to the lack of encryption: Costin showed a screen capture showing the location of Air Force One — or that someone had spoofed the system."
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
An anonymous reader writes "Anonymous is releasing some of the 40GB of data it claims to have stolen from Australian internet service provider AAPT. The hack is reportedly in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years."
alphadogg writes "At the Black Hat Conference in Las Vegas Wednesday, Accuvant Labs researcher Charlie Miller showed how he figured out a way to break into both the Google/Samsung Nexus S and Nokia N9 by means of the Near Field Communication (NFC) capability in the smartphones. NFC is still new but it's starting to become adopted for use in smartphone-based purchasing in particular. The experimentation that Miller did, which he demonstrated at the event, showed it's possible to set up NFC-based radio communication to share content with the smartphones to play tricks, such as writing an exploit to crash phones and even in certain circumstances read files on the phone and more."
Nerval's Lobster writes "Europe's most powerful supercomputer — and the fourth most powerful in the world — has been officially inaugurated. The SuperMUC, ranked fourth in the June TOP500 supercomputing listing, contains 147,456 cores using Intel Xeon 2.7-GHz, 8-core E5-2680 chips. IBM, which built the supercomputer, stated in a recent press release that the supercomputer actually includes more than 155,000 processor cores. It is located at the Leibniz-Rechenzentrum (Leibniz Supercomputing Centre) in Garching, Germany, near Munich. According to the TOP500 list, the SuperMUC is the world's most powerful X86-based supercomputer. The Department of Energy's 'Sequoia' supercomputer at the Lawrence Livermore National Laboratory in Livermore, Calif., the world's [overall] most powerful, relies on 16-core, 1.6-GHz POWER BQC chips."
zwei2stein writes "My team of about 10 men (IT guys) is expecting a new colleague: a female one. It is guaranteed that there will be remarks, double entendres and innuendos with huge potential of getting worse. We already have women in teams who can somehow handle this (and deliver apropriate verbal slaps). How would you deal with this? We talked about some simple, fun ways — anyone who [acts inappropriately] will have to wear an embarassing tie, etc. — instead of swear jar, having a sexual innuendo jar and even fairly harsh punishments (like people losing their bonuses for the month or their extra vaccation days). I'd like to figure out a solution that would be effective, not call much attention to itself, and not be quickly abandoned." What has your workplace done to create a good culture on this front? And what hasn't worked?
alphadogg writes "Google Talk, a desktop and mobile text and voice chat service used by many Google Gmail customers, suffered a widespread outage Thursday morning that the company said was affecting 'a majority of users.' The outage, first reported by Google a little before 7am eastern time, was being restored about 4 hours later, according to Google. Meanwhile, users of the downed cloud service took to Twitter and other avenues to voice their displeasure." Update: 07/26 16:24 GMT by T : wiedzmin writes "It looks like Twitter is experiencing an outage. leaving users unable to access the site on Thursday morning. I wonder if it's related to the Google Talk outage at all, but one thing is for sure — this has stopped a slew of complaints about Google Talk on Twitter. If Twitter is down, where do you tweet about that?"
An anonymous reader writes "A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. The backdoor component calls home to the IP address 126.96.36.199 every five minutes, awaiting instructions. The threat was created in a way that is intended to make reverse engineering more difficult, an added extra that is more common with Windows malware than it is with Mac malware."
jfruh writes "Comcast customers who dream of superfast download speeds drooled when they heard the company would be offering 305 Mbps service. There's only one catch: the high speeds are only available in markets where the cable giant is going head-to-head with Verizon's FiOS service. It seems that competition really does improve service quality when it comes to ISPs."
theodp writes "IBM CEO Virginia M. Rometty's Big Blue bio boasts that she led the development of IBM Global Delivery Centers in India. In his latest column, Robert X. Cringely wonders if customers of those centers know what they're getting for their outsourcing buck. 'Right now,' writes Cringely, 'IBM is preparing to launch an internal program with the goal of increasing in 2013 the percentage of university graduates working at its Indian Global Delivery Centers (GDCs) to 50 percent. This means that right now most of IBM's Indian staffers are not college graduates. Did you know that? I didn't. I would be very surprised if IBM customers knew they were being supported mainly by graduates of Indian high schools.'"
Sherloqq sends this quote from a Bloomberg report: "FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke. For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution. In December, anti-secrecy website WikiLeaks published Gamma promotional videos showing how police could plant FinFisher on a target's computer. ... Researchers believe they’ve identified copies of FinFisher, based on an examination of malicious software e-mailed to Bahraini activists, they say. ... The findings illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed."
Maximum Prophet writes "If you've ever had your eyes scanned, be sure to install new ones every 90 days. Wired reports on research being released at Black Hat: 'The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems. The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.'"
alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"
MrSeb writes with an excerpt from Extreme Tech about a presentation at Black Hat: "Bad news: With an Arduino microcontroller and a little bit of programming, it's possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms. This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who didn't disclose the hack to Onity before going public, there is no easy fix: There isn't a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed. I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth — as always, it seems — is far more depressing. 'With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments,' says Brocious. 'An intern at the NSA could find this in five minutes.'"
mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."
An anonymous reader writes "Like most web users these days, I have enough accounts on enough websites – most of which have *inconsistent* password syntax restrictions — that when I need to log into a site I don't visit very often, I now basically just hit the "Forgot Password" button immediately. Microsoft's "Passport" gave us the promise of a single web sign-on. What happened to that idea? Why hasn't some bright spark (or ubiquitous web corporation) already made a fortune standardizing on one? I can now buy my coffee with my phone. Why do I have to still scratch my passwords on the underside of my desk?"