Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Thanks to John Rushby, who notes that this upgrade is a part of ERAM (En Route Automation Modernization). PGN] The ATC problems that grounded hundreds of flights on Saturday were caused by `a recent software upgrade' at the high-altitude radar facility in Leesburg, Virginia, the FAA said in a statement on Monday. The upgrade, which was installed by Lockheed Martin Corp., had a new function that allowed controllers to set up a customized window of frequently referenced data, the FAA said. But as controllers used the new function, deleted settings weren't deleted from the system memory, and the storage capacity was overloaded. “This consumed processing power needed for the successful operation of the overall system,'' the FAA said. The FAA said it has temporarily suspended the use of this function, and is working with Lockheed on a permanent solution. "The company is closely examining why the issue was not identified during testing," the FAA said. <http://www.avweb.com/avwebflash/news/ATC-Failure-Disrupts-Airline-Flights-224698-1.html> <http://www.faa.gov/news/press_releases/news_story.cfm?newsId354>
Andrea Peterson, *The Washington Post*, 18 Aug 2015 (via ACM TechNews) Researchers such as David Raymond, deputy director of Virginia Polytechnic Institute and State University's IT Security Lab, warn of the possibility of cyberattackers crippling a city because of urban centers' increasing reliance on technology and the frail, messy connections that bind those systems together. "The digital pathways between all of the entities and organizations in a city [are] often not well managed," Raymond cautions. "In many cases, there's no overarching security architecture or even understanding of holistically what the city looks like." Raymond, U.S. Military Academy at West Point professor Gregory Conti, and Drawbridge Networks' Tom Cross presented research at this month's Black Hat USA conference on cities' cyber-vulnerabilities. They speculate transportation systems are one area that may be susceptible to a targeted attack, given they are places where otherwise well-shielded technology may converge in ways that are not well protected, leading to a cascade effect that impacts the entire city. Other researchers presenting at Black Hat detailed how security vulnerabilities involving Ethernet switches could be exploited to cause a nuclear plant shutdown. Conti also notes cities concerned about hacking vulnerabilities often have difficulty drawing the right specialists and secure resources to offer a long-term solution. Cross argues cities should use the same types of risk management tactics they apply to traditional attacks to the digital domain. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-dfe2x2d26bx062548&
http://bits.blogs.nytimes.com/2015/08/18/hackers-say-they-have-released-ashley-madison-files/ Hackers said last month that they had breached the computer network of the adult dating site and stole passwords, email addresses and transaction information.
Michael Miller, *The Washington Post*, 19 Aug 2015 Up to 40 million members of infidelities-R-us Web site compromised? http://www.washingtonpost.com/news/morning-mix/wp/2015/08/19/dont-gloat-about-the-ashley-madison-leak-its-about-way-more-than-infidelity/?hpid=z8 Personal info of some 33 million users are now available for download. 15,000 people with U.S, .mil/.gov addresses, 133 UK folks with links to gov/local authorities. http://www.wired.co.uk/news/archive/2015-08/19/ashley-madison-have-i-been-hacked Welcome to the first day of the rest of your Internet! 35M e-addresses, 33M accounts, including every credit-card transaction from the last seven years. http://www.theawl.com/2015/08/notes-on-the-ashley-madison-hack Lots more. This is REALLY UGLY. ,.. seamy, see-me squirming, unseemly, ...
A family member received their online vote for the UK Labour leadership election - the party in opposition electing a new leader after they lost in May 2015. Politics aside, I was concerned by their approach to security and the risks. As the opposition party there are no fundamental constitutional issues, but poor practice, especially as it was run by a 3rd party (Electoral Reform Services Ltd) There seems little point in putting in place 2 part security" when they send both parts in the same email... Also of note—if you have technical issues you are supposed to send them part one of the code as part of the report -- a minor issue but still poor security. The email read: Dear ZZZZ, You can now vote for the next Leader and Deputy Leader of the Labour Party. You can vote online and your vote must be received by 12 noon on Thursday 10 September to count. To vote, go to http://www.labour.org.uk/ballot2015 and enter the following two-part security code to confirm your identity: Security Code Part One: <redacted, all 8 digits> Security Code Part Two: <redacted, 4 letters> Once you have entered your security code, the website will give clear instructions on how to cast your vote. It takes just a few moments to cast your vote online, and you can do so at any time until the ballot closes at 12 noon on Thursday 10 September.
Re: Wikipedia's loose control: 'LaurensRS' posted on "my" Ken Knowlton Wikipedia site a rant so crude that I think it's actually amusing. But, because I'm still a living person (14 years into my 70's), it was removed after three weeks of glory there. It is, however, still available in Wiki's edit history: http://en.wikipedia.org/w/index.php?title=Ken_Knowlton&diffa6405285&oldida3415154 [Ken, Does this imply that, similar to known cases of dead people having had votes cast in their names for years after their deaths, the deceased should actually be able to request false wikipages be removed? PGN]
FYI—The insane idiocy of this "feature" has left me speechless... Is that an Intel in your pocket, or are you just happy to hear me? Obviously, Intel wants to cozy up to the NSA/FBI/GCHQ even more than AT&T. Of course, (many?) previous Intel processors already have this feature, and Skylake is just the first one that has been publicly acknowledged. "Intel said voice activation was technically possible with last year's Core M chips." Nice knowing you, Intel! https://www.theverge.com/2015/8/18/9174887/microsoft-cortana-intel-voice-activation Intel's new processors let you wake your computer with your voice Ariha Setalvad, 18 Aug 2015 Intel's newest Skylake processors have a slightly [why only slightly?] creepy new feature—they're always listening to you. Shout "hey Cortana" or "Cortana, wake up" at a Windows 10 machine with one of the new chips, and your voice will be picked up by a digital signal processor secreted inside the chip that will rouse your PC from its low power state. Once it wakes up, Cortana takes over and you can use all the standard voice commands, including telling the digital assistant to play music or videos. The company announced the new feature at its Intel Developer Forum in San Francisco today. A similar option also appeared on Microsoft's Xbox One and Motorola's Moto X smartphone, but as with those devices, after the novelty wears off, you might find it easier to simply turn on your machine in the normal way instead of yelling at it from across the room. Intel didn't mention how much power the always-listening mode will drain or how much it will affect the standby power, nor whether users would need any extra hardware in order to boss their computer around with words. Although Intel said voice activation was technically possible with last year's Core M chips, it's only now with Windows 10 and its Cortana integration that PCs can take advantage of the feature.
http://www.nytimes.com/2015/08/20/technology/personaltech/ad-blockers-and-the-nuisance-at-the-heart-of-the-modern-web.html The adoption of ad-blocking technology is rising steeply. Some see an existential threat to online content as we know it, but others see a new business niche.
Wow! This First Amendment case is a real shot across the bow on a large number of fronts; I agree with Peter that the real implications will be significant for the Internet. Here are some quick thoughts: * "Right to be forgotten"/"ban the box": fuhgeddaboudit in the U.S. * Publishing 0-day vulnerabilities (no 2-year prior restraint by Volkswagen): http://www.bloomberg.com/news/articles/2015-08-14/vw-has-spent-two-years-trying-to-hide-a-big-security-flaw http://www.theguardian.com/technology/2013/jul/30/car-hacking-ignition-injunction http://www.theguardian.com/technology/2013/jul/26/scientist-banned-revealing-codes-cars * Non-"PC" speech can't be banned on public university campuses and online forums. * Is it too much to hope that parts of DMCA would now be considered unconstitutional due to First Amendment violations?
Please report problems with the web pages to the maintainer