×
Security

Supermicro Fails At IPMI, Leaks Admin Passwords 102

Posted by Soulskill from the bet-they-fix-it-now dept.
drinkypoo writes: Zachary Wikholm of Security Incident Response Team (CARISIRT) has publicly announced a serious failure in IPMI BMC (management controller) security on at least 31,964 public-facing systems with motherboards made by SuperMicro: "Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152." These BMCs are running Linux 2.6.17 on a Nuvoton WPCM450 chip. An exploit will be rolled into metasploit shortly. There is already a patch available for the affected hardware.
Google

Judge: $324M Settlement In Silicon Valley Tech Worker Case Not Enough 150

Posted by Soulskill from the good-news-for-the-lawyers dept.
itwbennett writes: "A proposed $324.5 million settlement of claims that Silicon Valley companies (Adobe, Apple, Google, and Intel) suppressed worker wages by agreeing not to hire each others' employees may not be high enough, a judge signaled on Thursday. Judge Lucy Koh didn't say whether she would approve the settlement, but she did say in court that she was worried about whether that amount was fair to the roughly 64,000 technology workers represented in the case. Throughout Thursday's hearing, she questioned not just the amount but the logic behind the settlement as presented by lawyers for both the plaintiffs and the defendants."
United States

German Intel Agency Helped NSA Tap Fiber Optic Cables In Germany 103

Posted by samzenpus from the no-i-in-team dept.
An anonymous reader writes Der Spiegel has written a piece on the extent of collaboration between Germany's intelligence agency, Bundesnachrichtendienst (BND), and the U.S.'s National Security Agency (NSA). The sources cited in the piece do reveal BND's enthusiastic collusion in enabling the NSA to tap fiber optic cables in Germany, but they seem inconclusive as to how much information from the NSA's collection activity in the country is actually shared between the NSA and BND. Of note is evidence that the NSA's collection methods do not automatically exclude German companies and organizations from their data sweep; intelligence personnel have to rectro-actively do so on an individual basis when they realize that they are surveilling German targets. Germany's constitution protects against un-warranted surveillance of correspondence, either by post or telecommunications, of German citizens in Germany or abroad and foreigners on German soil.

Slashdot Top Deals