Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In the never-ending saga of small furry animals and slithering snakes vs electric utilities, here is the latest and more horrifying incident. Martin Fackler, Fukushima Blackout Hints at Plant's Vulnerability, *The New York Times*, 19 Mar 2013 http://www.nytimes.com/2013/03/20/world/asia/blackout-halts-cooling-system-at-fukushima-plant.html Martin Fackler, Rat Body Linked to Blackout at Atomic Site, *The New York Times*, 20 Mar 2013 http://www.nytimes.com/2013/03/21/world/asia/rat-at-fukushima-plant.html A lot of Japanese must have gone through uncomfortable moments. Initially, when I learned that there was a re-wiring work was going on, I thought there was some type of human error. Now a rodent is implicated. In either case, TEPCO is losing public trust, well, at least from me. If an important piece for feeding electricity is not protected from a rodent, how can we tell the piece won't fall down or break down if another reasonably large earthquake hits the area (and this is no idle threat in Japan, the virtually the busiest center of earthquakes in the world.) I would not mind losing electricity for my home for a few hours or even half a day after a big earthquake. That is life in this corner of the world. Many households in Japan stock water/food/battery, etc. just in case. We can't argue with earthquakes as the saying goes here. (The other two, we can't argue in the saying are thunderbolts, and one's father.) But a crippled nuclear reactor site with many used fuel rods that requires continuous cooling needs better care than typical households. BTW, I found a few similar incidents in RISKS: RISKS-8.75 SRI attacked by kamikaze squirrels? RISKS-8.77 Re: Power outages (A raccoon hit U. of Utah and disturbed a room-temperature fusion experiment, and it was mentioned that JPL had seen similar attacks, er, incidents. ) RISKS-18.52 Rats take down Stanford power and Silicon Valley Internet service RISKS-19.88 Japanese snake vs. railroad electrical supply RISKS-23.39 Boa triggers blackout in Honduras (Nation-wide blackout for 15 minutes! Beat other animals to date in the scale of the incident.) I thought that utility companies would have learned from these off-angle attacks from the nature by now.
Reuters (Panama City), 22 Mar 2013 http://www.reuters.com/article/2013/03/23/us-panama-canal-idUSBRE92L19120130323 Thousands of containers have been stuck at Panamanian ports after a computer glitch hampered communication with the railway, causing significant delays, officials said on Friday. The Panama Canal Railway Co transports about 1,500 containers daily between the only port on the Pacific entrance to the Panama Canal and three ports on the Atlantic, said Thomas Kenna, director of operations for the railway. But a computer upgrade on Wednesday by Panama Ports Co, which manages two of those ports, caused severe lags, Kenna said. Since then, the railway has moved only about 350 containers a day. Traffic picked up on Friday, and the system should be operating normally by Monday, Kenna added.
Their server is offline due to malware infection. They probably clicked on an ad in an e-mail. The exploit used a vulnerability in Adobe's ColdFusion software. http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/
The following article by the Israel Institute for National Security Studies contains a detailed debunking of the arguments used by some of the researches which had produced these results. It seems to be a yet another case of "how to lie with statistics"... http://www.inss.org.il/publications.php?cat!&incat=&read166
http://j.mp/Z5d4TP (Google+ via NNSquad) http://j.mp/11n0qzS (Reuters / New York Times) "Under the program, critical infrastructure companies will pay the providers, which will use the classified information to block attacks before they reach the customers. The classified information involves suspect web addresses, strings of characters, e-mail sender names and the like." Here we go! It's out in the open at last. Encrypt deeply now, or forever hold your peace. CHARACTER STRINGS? EMAIL SENDER NAMES? Who do they think they're kidding?
Ezra Klein, *The Washington Post*, 21 Mar 2013 http://www.washingtonpost.com/blogs/wonkblog/wp/2013/03/21/googles-trust-problem/ James Fallows likes software meant to help him organize and simplify his life. So, naturally, he moved immediately to download Google Keep, the search giant's “new app for collecting notes, photos, and info.'' The problem, Fallows quickly realized, is that he wasn't sure he could trust it. Google now has a clear enough track record of trying out, and then canceling, `interesting' new software that I have no idea how long Keep will be around. When Google launched its Google Health service five years ago, it had an allure like Keep's: here is the one place you could store your prescription info, test readings, immunizations, and so on and know that you could get at them. That's how I used it—until Google canceled this `experiment' last year. Same with Google Reader, and all the other products in the Google Graveyard that Slate produced last week. And if there's even a 25 percent chance that Google Keep will be canceled in two years, do you really want to be the sucker who spent endless hours organizing your life around it? Now, most people don't use Google Reader, or even know it's being canceled. Same for Google Wave, Google Buzz, Google Health and Picnik, and all the rest of the beloved little apps that have been sent to that cloud above the cloud, where data is stored forever and servers never overload. This is a pained whine emanating almost exclusively from Google power users. Most people, however, also aren't the sort of early adopters who will rush to download Google Keep. But Fallows is that kind of early adopter. So am I. And Google needs early adopters. They need weirdos to rush to download their new apps, try them out, offer feedback, and, ultimately, proselytize to their friends. And I do all that! For instance, have you ever tried using Sleep Cycle? This isn't an early adopter thing—the app has been around for awhile—but I just started using it and am now annoying everyone I know badgering them to try waking up to Sleep Cycle. It'll change your life. But I'm not sure I want to be a Google early adopter anymore. I love Google Reader. And I used to use Picnik all the time. I'm tired of losing my services. In fact, I'm starting to worry a bit about Gmail, which is at the core of pretty much my entire life. I know, I know—Gmail is safe. The data it feeds into the Google mainframe is extremely valuable to the search giant. They won't let anything happen to it. But I'm a heavy user of Gmail. And so I've been buying more space on Google's servers. Recently, I hit 30 gigs—and learned Google won't let me purchase any more room. The service which once swore I'd never have to delete a message now tells me my only option is to delete gigabyte after gigabyte of past e-mails. That's their right, of course. But it was a reminder that Google's core business isn't running an e-mail system or selling data storage. The thing I wanted to pay them to do wasn't something they make much money off. So now I'm a bit nervous: I freed up a good number of gigabytes, but now I've run through much of the low-hanging fruit, and the bar measuring how far I am from my storage unit is beginning to tick up again. The problem, I'm beginning to think, is simply mismatch. The core services of Google's business are often not the Google services I rely on most. And even when their core products and my needs do meet, the business connection is indirect. ... Dewayne-Net RSS Feed: <http://www.warpspeed.com/wordpress>
Caroline Craig, InfoWorld, 15 Mar 2013 Google Glass's style points are debatable, but one thing's for sure: Data collection and user privacy will never be the same http://www.infoworld.com/t/internet-privacy/smile-youre-google-glass-whether-you-it-or-not-214568
Ted Samson, InfoWorld, 18 Mar 2013 The 26-year-old security researcher sentenced to 41 months in prison for pulling e-mail address from public-facing server http://www.infoworld.com/t/hacking/andrew-auernheimer-joins-growing-list-of-so-called-hackers-facing-harsh-justice-214742
Chris Welch, 22 Mar 2013 @chriswelch "Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven't yet enabled the new feature. It allows anyone with your e-mail address and date of birth to reset your password -- using Apple's own tools. We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand." http://www.theverge.com/2013/3/22/4136242/major-security-hole-allows-apple-id-passwords-reset-with-email-date-of-birth
Actually you just need to use a screen name and something that looks like a valid e-mail address. It accepts and posts your comment; but yes it is a bit odd to request an e-mail address.
Since when did NASA stop using 3 computers for deep space exploration? They always used to have every critical system in 3's for this very reason.
It is amazing that the system would be vulnerable to this attack, especially since the vulnerability has been suggested long before such systems have even existed. In his movie Sleeper, released in 1973, Woody Allen employs exactly this method to subvert a fingerprint scanning system; I'm quite sure he was not the first to suggest it either.
It's interesting to see how other jurisdictions handle this. There's been a recent case in the UK where the prosecutor did this (quote a maximum sentence). And on appeal this was all the justification the appeal court needed to throw a guilty plea out of the window and overturn the entire court-martial. The message is clear. In the UK this is totally unacceptable practice.
The IEEE 802.11 committee that developed the Wi-Fi specification conducted an extensive investigation into the interference potential of microwave ovens. A typical microwave oven uses a self-oscillating vacuum power tube called a magnetron and a high voltage power supply with a half-wave rectifier (often with voltage doubling) and no DC filtering. This produces an RF pulse train with a duty cycle below 50% as the tube is completely off for half of every AC mains cycle: 8.33 ms in 60 Hz countries and 10 ms in 50 Hz countries. This property gave rise to a Wi-Fi "microwave oven interference robustness" mode that segments larger data frames into fragments each small enough to fit into the oven's "off" periods. http://en.wikipedia.org/wiki/Electromagnetic_interference_at_2.4_GHz#Microwave_oven
Please report problems with the web pages to the maintainer