
Internal Bug: Code Flaw May Lead to Wrong Dose From Infusion Pump 86

chicksdaddy writes "The steady drumbeat of disturbing news about vulnerable, IP enabled medical devices continues this week, after medical device maker Hospira said it has issued a voluntary recall of its Symbiq-brand drug infusion pumps after discovering a software error that may cause touch interfaces on the pumps to not respond to user touches or to display dosage information that is inaccurate. The problem was detected in around 1.5% of Symbiq One Channel and Two Channel Infusers (model numbers 16026 and 16027), but could potentially affect 'all Symbiq infusion systems currently in the field.' The software bug could result in 'a delayed response and or the screen registering a different value from the value selected by the user,' the company said in a statement."

Judge To Newspaper - Reveal Name of Commenter 307

First time accepted submitter Andy Prough writes "A Kansas judge has ordered a Topeka newspaper to release the name of a commenter on one of its stories about the trial of Anceo D. Stovall for the murder of Natalie Gibson. Using the name 'BePrepared,' the commenter posted the following in response to a story about the ongoing trial on July 21 at 1:45pm: 'Trust me that's all they got in their little world, as you know, I have been there. Remember the pukes names they will do it for ever.' The problem? The court is convinced that 'BePrepared' was a juror, and was not supposed to be accessing news about the trial before it ended on July 24th. The court wants BePrepared's name, address and IP address. The jury was ultimately unable to find Stovall guilty of 10 of the 11 charges against him — including murder. Both defense and prosecution lawyers appear to want a new trial, and if it turns out that BePrepared was a juror, they are more likely to get their wish."

Dutch DigiNotar Servers Were Fully Hacked 83

ChristW writes "The final report that was handed to the Dutch government today indicates that all 8 certificate servers of the Dutch company DigiNotar were fully hacked. (Report PDF in English.) Because the access log files were stored on the same servers, they cannot be used to find any evidence for or against intrusion. In fact, blatant falsification has been found in those log files. A series of so-far unused certificates has also been found. It is unknown if and where these certificates have been used."

More Drones Set To Use US Air Space 223

Dupple writes with a quote from the BBC about more testing of Predator drones in U.S. air space: "Tests have been carried out to see whether military drones can mix safely in the air with passenger planes. The tests involved a Predator B drone fitted with radio location systems found on domestic aircraft that help them spot and avoid other planes. The tests will help to pave the way for greater use of drones in America's domestic airspace."

Ask Slashdot: Is TSA's PreCheck System Easy To Game? 157

OverTheGeicoE writes "TSA has had a preferred traveler program, PreCheck, for a while now. Frequent fliers and other individuals with prior approval from DHS can avoid some minor annoyances of airport security, like removing shoes and light jackets, but not all of the time. TSA likes to be random and unpredictable, so PreCheck participants don't always get the full benefits of PreCheck. Apparently the decision about PreCheck is made when the boarding pass is printed, and a traveler's PreCheck authorization is encoded, unencrypted, on the boarding pass barcode. In theory, one could use a barcode-reading Web site (like this one, perhaps) to translate a barcode into text to determine your screening level before a flight. One might even be able to modify the boarding pass using PhotoShop or the GIMP to, for example, get the screening level of your choice. I haven't been able to verify this information, but I bet Slashdot can. Is TSA's PreCheck system really that easy to game? If you have an old boarding pass lying around, can you read the barcode and verify that the information in TFA is correct?"

Irked By Cyberspying, Georgia Outs Russia-based Hacker 95

coondoggie writes "In one of the photos, the dark-haired, bearded hacker is peering into his computer's screen, perhaps puzzled at what's happening. Minutes later, he cuts his computer's connection, realizing he has been discovered. In an unprecedented move, the country of Georgia — irritated by persistent cyber-spying attacks — has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs."
Data Storage

Intel 335 Series SSD Equipped With 20-nm NAND 135

crookedvulture writes "The next generation of NAND has arrived. Intel's latest 335 Series SSD sports 20-nm flash chips that are 29% smaller than the previous, 25-nm generation. The NAND features a new planar cell structure with a floating, high-k/metal gate stack, a first for the flash industry. This cell structure purportedly helps the 20-nm NAND overcome cell-to-cell interference, allowing it to offer the same performance and reliability characteristics of the 25-nm stuff. The performance numbers back up that assertion, with the 335 Series matching other drives based on the same SandForce controller silicon. The 335 Series may end up costing less than the competition, though; Intel has set the suggested retail price at an aggressive $184 for the 240GB drive, which works out to just 77 cents per gigabyte."

Want a Security Pro? Get Politically Incorrect and Learn Geek Culture 314

coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."

FBI Says They're Now Working 24/7 To Investigate Hackers and Network Attacks 74

An anonymous reader writes "The Federal Bureau of Investigation (FBI) is finally stepping up its game when it comes to hackers. Maybe it was Anonymous that did it or maybe it was statements from the US Secretary of Defense two weeks ago, but either way, the FBI is now hunting hackers 24/7." I'm happy that the FBI no longer has an investigation schedule when it comes to online crime, but I have to think that I'm not the only one who assumed they were doing this before.

Showdown Set On Bid To Give UN Control of Internet 316

wiredmikey writes "When delegates gather in Dubai in December for an obscure UN agency meeting, the mother of all cyber diplomatic battles is expected, with an intense debate over proposals to rewrite global telecom rules to effectively give the United Nations control over the Internet. Russia, China and other countries back a move to place the Internet under the authority of the International Telecommunications Union (ITU), a UN agency that sets technical standards for global phone calls. While US officials have said placing the Internet under UN control would undermine the freewheeling nature of cyberspace, some have said there is a perception that the US owns and manages the Internet. The head of the ITU, Hamadoun Toure, claims his agency has 'the depth of experience that comes from being the world's longest established intergovernmental organization.' But Harold Feld of the US-based non-government group Public Knowledge said any new rules could have devastating consequences. Some are concerned over a proposal by European telecom operators seeking to shift the cost of communication from the receiving party to the sender. This could mean huge costs for US Internet giants like Facebook and Google."

US and Canada Launch Joint Cybersecurity Plan 42

wiredmikey writes "Canada and the United States announced Friday they were launching a joint cybsersecurity plan that aims to better protect critical digital infrastructure and improve the response to cyber incidents. Under the action plan, the US Department of Homeland Security and Public Safety Canada will cooperate to protect vital cyber systems and respond to and recover from any cyber disruptions, by improving collaboration on managing cyber incidents between their respective cyber security operation centers, enhancing information sharing and engagement with the private sector and pursuing US-Canadian collaboration to promote cyber security awareness to the public."

Cash-Strapped States Burdened By Expensive Data Security Breaches 58

CowboyRobot writes "As budgets are pinched by reduced tax collection, many U.S. states are facing a possibility of not being able to handle the ever-increasing number of data breaches. 70% of state chief information security officers (CISOs) reported a data breach this year, each of which can cost up to $5M in some states. 'Cybersecurity accounts for about 1 to 2 percent of the overall IT budget in state agencies. ... 82 percent of the state CISOs point to phishing and pharming as the top threats to their agencies, a threat they say will continue in 2013, followed by social engineering, increasingly sophisticated malware threats, and mobile devices.' The full 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study is available online (PDF)."

Industrial Control Software Easily Hackable 194

jfruh writes "CoDeSys, a piece of software running on industrial control systems from hundreds of vendors, has been revealed to be easily hackable by security researchers, giving rise to a scenario where computer hacking could cross the line into the physical world. Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."

Ask Slashdot: What To Do When Finding a Security Breach On Shared Hosting? 168

An anonymous reader writes "A few months ago I stumbled across an interesting security hole with my webhost. I was able to access any file on the server, including those of other users. When I called the company, they immediately contacted the server team and said they would fix the problem that day. Since all you need when calling them is your username, and I was able to list out all 500 usernames on the server, this was rather a large security breach. To their credit, they did patch the server. It wasn't a perfect fix, but close enough that moving to a new web host was moved down on my list of priorities. Jump a head to this week: they experienced server issues, and I asked to be moved to a different server. Once it was done, the first thing I did was run my test script, and I was able to list out everyone's files again. The hosting company only applied the patch to old server. I'm now moving off this web host all together. However, I do fear for the thousands of customers that have no clue about this security issue. With about 10 minutes of coding, someone could search for the SQL connection string and grab the username/password required to access their hosting account. What's the best way to handle this type of situation?"

China Telco Replaces Cisco Devices Over Security Concerns 180

hackingbear writes "China Unicom, the country's second largest telecom operator, has replaced Cisco Systems routers in one of the country's most important backbone networks, citing security reasons [due to bugs and vulnerability.) The move came after a congressional report branded Huawei Technologies Co. Ltd. and ZTE Corp. security threats in the United States, citing bugs and vulnerability (rather than actual evidence of spying.) Surprising to us, up to now, Cisco occupies a large market share in China. It accounts for over a 70 percent share of China Telecom's 163 backbone network and over an 80 percent share of China Unicom's 169 backbone network. Let's wait to see who's the winner in this trade war disguised as national security."

Slashdot Asks: Are You Preparing For Hurricane Sandy? 232

Forecasters are tossing around words like "unprecedented" and "bizarre" (see this Washington Post blog entry) for the intensity and timing of Hurricane Sandy, which is threatening to hit the east coast of the U.S. early next week. Several people I know in the mid-Atlantic region have been ordering generators and stocking up on flashlight batteries and easy-to-prepare foods. Are you in the projected path of the storm? If so, have you taken any steps to prepare for it? (Are you doing off-site backup? Taking yourself off-site?)

Green Grid Argues That Data Centers Can Lose the Chillers 56

Nerval's Lobster writes "The Green Grid, a nonprofit organization dedicated to making IT infrastructures and data centers more energy-efficient, is making the case that data center operators are operating their facilities in too conservative a fashion. Rather than rely on mechanical chillers, it argues in a new white paper (PDF), data centers can reduce power consumption via a higher inlet temperature of 20 degrees C. Green Grid originally recommended that data center operators build to the ASHRAE A2 specifications: 10 to 35 degrees C (dry-bulb temperature) and between 20 to 80 percent humidity. But the paper also presented data that a range of between 20 and 35 degrees C was acceptable. Data centers have traditionally included chillers, mechanical cooling devices designed to lower the inlet temperature. Cooling the air, according to what the paper originally called anecdotal evidence, lowered the number of server failures that a data center experienced each year. But chilling the air also added additional costs, and PUE numbers would go up as a result."

Cringley: H-1B Visa Abuse Limits Wages and Steals US Jobs 795

walterbyrd sends this snippet from an article by Robert X. Cringely: "Big tech employers are constantly lobbying for increases in H-1B quotas citing their inability to find qualified US job applicants. Microsoft cofounder Bill Gates and other leaders from the IT industry have testified about this before Congress. Both major political parties embrace the H-1B program with varying levels of enthusiasm. Bill Gates is wrong. What he said to Congress may have been right for Microsoft but was wrong for America and can only lead to lower wages, lower employment, and a lower standard of living. This is a bigger deal than people understand: it's the rebirth of industrial labor relations circa 1920. Our ignorance about the H-1B visa program is being used to unfairly limit wages and steal — yes, steal — jobs from U.S. citizens."

New Trusted HW Standard For Windows 8 To Support Chinese Crypto 87

An anonymous reader writes "A new version of the Trusted Platform Module, called TPM2 or TPM 2.0 by Microsoft, has apparently been designed specifically for the release of Windows 8 this week. The details of this new standard have been kept secret. But a major update to the original TPM standard, which came out 10 years ago, seems to have been very quietly released on the Trusted Computing web site (FAQ) earlier this month. Following in the footsteps of the original, this version is quite a challenging read (security through incomprehensibility?). But this new version also seems to support some controversial crypto algorithms that were made public by the 'State Encryption Management Bureau' of China for the first time about 2 years ago. This is roughly the time that Microsoft seems to have begun working in earnest on TPM2, Windows 8, and probably even Surface. But that's probably just a coincidence. This crypto is controversial because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China."

SSL Holes Found In Critical Non-Browser Software 84

Gunkerty Jeb writes "The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages. Serious security vulnerabilities were found in programs such as Amazon's EC2 Java library, Amazon's and PayPal's merchant SDKs, Trillian and AIM instant messaging software, popular integrated shopping cart software packages, Chase mobile banking software, and several Android applications and libraries. SSL connections from these programs and many others are vulnerable to a man in the middle attack."

Slashdot Top Deals