New submitter joshtops shares a report from Scientific American: As NASA makes plans to one day send humans to Mars, one of the key technical gaps the agency is working to fill is how to provide enough power on the Red Planet’s surface for fuel production, habitats and other equipment. One option: small nuclear fission reactors, which work by splitting uranium atoms to generate heat, which is then converted into electric power. NASA’s technology development branch has been funding a project called Kilopower for three years, with the aim of demonstrating the system at the Nevada National Security Site near Las Vegas. Testing is due to start in September and end in January 2018. The last time NASA tested a fission reactor was during the 1960s’ Systems for Nuclear Auxiliary Power, or SNAP, which developed two types of nuclear power systems. The first system — radioisotope thermoelectric generators, or RTGs — taps heat released from the natural decay of a radioactive element, such as plutonium. RTGs have powered dozens of space probes over the years, including the Curiosity rover currently exploring Mars. The second technology developed under SNAP was an atom-splitting fission reactor. SNAP-10A was the first — and so far, only — U.S. nuclear power plant to operate in space. Launched on April 3, 1965, SNAP-10A operated for 43 days, producing 500 watts of electrical power, before an unrelated equipment failure ended the demonstration. The spacecraft remains in Earth orbit. Read more of this story at Slashdot.
Tag: deals
‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years
ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. “A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it, ” is how Coulson put it. Affected Linux vendors have pushed out patches — but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root. Read more of this story at Slashdot.
More:
‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years
With a Single Wiretap Order, US Authorities Listened In on 3.3 Million Phone Calls
US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation, ZDNet’s Zack Whittaker reports. From the article: The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015. The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania. The wiretap cost the authorities $335, 000 to conduct and led to a dozen arrests. But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted. Read more of this story at Slashdot.
Excerpt from:
With a Single Wiretap Order, US Authorities Listened In on 3.3 Million Phone Calls
London Metropolitan Police’s 18,000 Windows XP PCs Is a Disaster Waiting To Happen
According to MSPoweruser, the London Metropolitan Police are still using around 18, 000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What’s more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the “most secure version of Windows right now.” From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: “The Met is working towards upgrading its software, but in its current state it’s like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications.” Read more of this story at Slashdot.
Original post:
London Metropolitan Police’s 18,000 Windows XP PCs Is a Disaster Waiting To Happen
Seattle’s $15 Minimum Wage May Be Hurting Workers, Report Finds
As companies look for ways to cut costs, Seattle’s $15 minimum wage law may be hurting hourly workers instead of helping them, according to a new report. From a USA Today article: A report (PDF) from the University of Washington (UW), found that when wages increased to $13 in 2016, some companies may have responded by cutting low-wage workers’ hours. The study, which was funded in part by the city of Seattle, found that workers clocked 9 percent fewer hours on average, and earned $125 less each month after the most recent increase. “If you’re a low-skilled worker with one of those jobs, $125 a month is a sizable amount of money, ” Mark Long, a UW public-policy professor and an author of the report told the Seattle Times. “It can be the difference between being able to pay your rent and not being able to pay your rent.” Read more of this story at Slashdot.
More:
Seattle’s $15 Minimum Wage May Be Hurting Workers, Report Finds
Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update
Celarent Darii writes: There is a vulnerability in the latest ubuntu distributions due to the DNS resolver included in systemd. The inclusion of the dns resolver was lamented by many on the mailing list, not without cause. All are advised to update their distribution. Read more of this story at Slashdot.
View article:
Vulnerability Discovered In Latest Ubuntu Distributions, Users Advised To Update
Britain’s Newest Warship Runs Windows XP, Raising Cyber Attack Fears
Chrisq shares a report from The Telegraph: Fears have been raised that Britain’s largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-boar hardware and software “would have been good in 2004” when the carrier was designed, “but now seems rather antiquated.” However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks. Read more of this story at Slashdot.
Read the original post:
Britain’s Newest Warship Runs Windows XP, Raising Cyber Attack Fears
Hacker Behind Massive Ransomware Outbreak Can’t Get Emails From Victims Who Paid
Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker’s account, leaving victims with no obvious way to unlock their files. The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their “personal installation key.” This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. “Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact, ” Posteo, the German email provider the hacker had an account with, wrote in a blog post. “Our anti-abuse team checked this immediately — and blocked the account straight away. Read more of this story at Slashdot.
Originally posted here:
Hacker Behind Massive Ransomware Outbreak Can’t Get Emails From Victims Who Paid
Ethereum Exchange Reimburses Customer Losses After ‘Flash Crash’
An anonymous reader writes: “The price of ethereum crashed as low as 10 cents from around $319 in about a second on the GDAX cryptocurrency exchange on Wednesday, ” reports CNBC, calling it “a move that is being blamed on a ‘multimillion dollar market sell’ order… As the price continued to fall, another 800 stop loss orders and margin funding liquidations caused ethereum to trade as low as 10 cents.” An executive for the exchange said “Our matching engine operated as intended throughout this event and trading with advanced features like margin always carries inherent risk.” Though some users complained they lost money, the price rebounded to $325 — and according to a report on one trading site, “one person had an order in for just over 3, 800 ethereum if the price fell to 10 cents on the GDAX exchange, ” reports CNBC. “Theoretically this person would have spent $380 to buy these coins, and when the price shot up above $300 again, the trader would be sitting on over $1 million.” Yet the currency exchange announced Friday that they’re honoring everyone’s gains, while also reimbursing customers who suffered losses. “We view this as an opportunity to demonstrate our long-term commitment to our customers and belief in the future of this industry.” Read more of this story at Slashdot.
Continue Reading:
Ethereum Exchange Reimburses Customer Losses After ‘Flash Crash’
Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever
An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn’t immediately respond to a request for confirmation and comment, isn’t admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement. But if approved, it would be the largest data breach settlement in history, according to the plaintiffs’ lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for “information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls, ” the plaintiff attorneys said. The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected. Read more of this story at Slashdot.
Read more here:
Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever