vanity-fair – Page 47

Cause of Super Bowl blackout was installed to prevent Super Bowl blackout

Entergy New Orleans, the utility that provides power to the Mercedes SuperDome in New Orleans, announced today that its technicians had determined the cause of the partial blackout during the Super Bowl last Sunday: an electrical relay the company had installed to prevent blackouts. The relay was supposed to trip switches to redirect power in the event of a line fault over one of the cables connecting Entergy’s switching gear to the stadium. In a statement , the company said that “the relay functioned without issue during a number of high-profile events—including the New Orleans Bowl, the New Orleans Saints-Carolina Panthers game, and the Sugar Bowl.” But on Super Bowl Sunday, the device instead triggered when there was no fault, signaling a switch to open shortly after the second half began. The relay has now been pulled, and Entergy is evaluating other equipment. “While some further analysis remains,” said Entergy New Orleans President and CEO Charles Rice in the prepared statement, “we believe we have identified and remedied the cause of the power outage and regret the interruption that occurred during what was a showcase event for the city and state.” Read 1 remaining paragraphs | Comments

See the original article here:
Cause of Super Bowl blackout was installed to prevent Super Bowl blackout

Adobe issues emergency Flash update for attacks on Windows, Mac users

Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform. While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible. The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory . Adobe credited members of the Shadowserver Foundation , Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug. Read 4 remaining paragraphs | Comments

Continue Reading:
Adobe issues emergency Flash update for attacks on Windows, Mac users

Data siphoned in Fed reserve hack a “bonanza” for spear phishers

Sensitive details on thousands of banking executives lifted from a hacking involving the Federal Reserve represent a potential “bonanza” for spear phishers looking to snare high-value targets in personalized scam e-mails, a security researcher said. The list is no longer readily available online, but according to Chris Wysopal, CTO of security firm Veracode, it contained details from a Federal Reserve-related database that Anonymous-affiliated hackers claimed to breach on Sunday. It included 31 fields, including home addresses, e-mail addresses, login IDs, and cryptographically hashed passwords. “As you can see, this is a spearphishing bonanza and even a password reuse bonanza for whoever can crack the password hashes,” he wrote in a blog post published on Wednesday. “It doesn’t look like any of these are internal Federal Reserve System accounts as those would have FRS AD UIDs associated with each account. Still, this is about the most valuable account dump by quality I have seen in a while.” Read 2 remaining paragraphs | Comments

View article:
Data siphoned in Fed reserve hack a “bonanza” for spear phishers

We’re going to blow up your boiler: Critical bug threatens hospital systems

A picture of a Tridium device running the Niagara AX framework. Tridium More than 21,000 Internet-connected devices sold by Honeywell are vulnerable to a hack that allows attackers to remotely seize control of building heating systems, elevators, and other industrial equipment and in some cases, causes them to malfunction. The hijacking vulnerability in Niagara AX-branded hardware and software sold by Honeywell’s Tridium division was demonstrated at this week’s Kaspersky Security Analyst Summit in San Juan, Puerto Rico. Billy Rios and Terry McCorkle, two security experts with a firm called Cylance , allowed an audience to watch as they executed a custom script that took about 25 seconds to take control of a default configuration of the industrial control software. When they were done they had unfettered control over the device, which is used to centralize control over alarm systems, garage doors, heating ventilation and cooling systems, and other equipment in large buildings. Taking advantage of the flaw would give attackers half a world away the same control on-site engineers have over connected systems. Extortionists, disgruntled or unstable employees, or even terrorists could potentially exploit vulnerabilities that allow them to bring about catastrophic effects, such as causing a large heating system to explode or catch fire or sabotaging large chillers used by hospitals and other facilities. Attackers could also exploit the bug to gain a toehold into networks, which could then be further penetrated using additional vulnerabilities that may be present. Read 12 remaining paragraphs | Comments

View the original here:
We’re going to blow up your boiler: Critical bug threatens hospital systems

How Yahoo allowed hackers to hijack my neighbor’s e-mail account

Reflected XSS vulnerabilities in action Aspect Security When my neighbor called early Wednesday morning, she sounded close to tears. Her Yahoo Mail account had been hijacked and used to send spam to addresses in her contact list. Restrictions had then been placed on her account that prevented her from e-mailing her friends to let them know what happened. In a blog post published hours before my neighbor’s call, researchers from security firm Bitdefender said that the hacking campaign that targeted my neighbor’s account had been active for about a month. Even more remarkable, the researchers said the underlying hack worked because Yahoo’s developer blog runs on a version of the WordPress content management system that contained a vulnerability developers addressed more than eight months ago . My neighbor’s only mistake, it seems, was clicking on a link while logged in to her Yahoo account. As someone who received one of the spam e-mails from her compromised account, I know how easy it is to click such links. The subject line of my neighbor’s e-mail mentioned me by name, even though my name isn’t in my address. Over the past few months, she and I regularly sent messages to each other that contained nothing more than a Web address, so I thought nothing of opening the link contained in Wednesday’s e-mail. The page that opened looked harmless enough. It appeared to be an advertorial post on MSNBC.com about working from home, which is something I do all the time. But behind the scenes, according to Bitdefender, something much more nefarious was at work. Read 9 remaining paragraphs | Comments

To prevent hacking, disable Universal Plug and Play now

Security experts are advising that a networking feature known as Universal Plug and Play be disabled on routers, printers, and cameras, after finding it makes tens of millions of Internet-connected devices vulnerable to serious attack. UPnP, as the feature is often abbreviated, is designed to make it easy for computers to connect to Internet gear by providing code that helps devices automatically discover each other over a local network. That often eliminates the hassle of figuring out how to configure devices the first time they’re connected. But UPnP can also make life easier for attackers half a world away who want to compromise a home computer or breach a business network, according to a white paper published Tuesday by researchers from security firm Rapid7. Over a five-and-a-half-month period last year, the researchers scanned every routable IPv4 address about once a week. They identified 81 million unique addresses that responded to standard UPnP discovery requests, even though the standard isn’t supposed to communicate with devices that are outside a local network. Further scans revealed 17 million addresses exposed UPnP services built on the open standard known as SOAP, short for simple object access protocol. By broadcasting the service to the Internet at large, the devices can make it possible for attackers to bypass firewall protections. Read 5 remaining paragraphs | Comments

Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Office 365 Home Premium Edition’s lineup of software, ready to stream to your PC today. Today, Microsoft releases Office 2013—the first full release of Microsoft’s latest-generation productivity suite for consumers. Office 2013 has already made a partial debut on Microsoft’s Windows RT tablets, though RT users will get a (slight) refresh with the full availability of the suite. The company gave consumers an open preview of Office last summer, which we reviewed in depth at the time of the suite’s announcement. So there aren’t any real surprises in the final versions of the applications being releasing today, at least as far as how they look and work. Today’s release, however, marks the first general availability of Microsoft’s new subscription model under the Office 365 brand the company has used for its hosted mail and collaboration services for businesses. While the applications in Office are being offered in a number of ways, Microsoft is trying hard to steer consumer customers to Office 365 Home Premium Edition, a service-based version of the suite that will sell for $100 a year. And just as Windows 8’s app store started to fill up as the operating system approached release, the same is true of Office’s own app store—an in-app accessible collection of Web-powered functionality add-ons for many of the core Office applications based on the same core technologies (JavaScript and HTML5) that power many of Windows 8’s interface-formerly-known-as-Metro apps. Now, the trick is getting consumers to buy into the idea of Office as a subscription service and embracing Microsoft’s Office “lifestyle,” instead of something they buy once and hold onto until their computers end up in the e-waste pile. Read 28 remaining paragraphs | Comments

Visit site:
Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Starved brains kill memory-making to survive

“Thanks for the memories, but I’d prefer a bite to eat.” UFL.edu As the organ responsible for maintaining equilibrium in the body and the most energy-demanding of all the organs, the brain takes a lot of the body’s energy allocation. So when food is in short supply, the brain is the organ that is fed first. But what happens when there isn’t enough food to fulfill the high-energy needs of the brain and survival is threatened? The brain does not simply self-allocate available resources on the fly; instead it “trims the fat” by turning off entire processes that are too costly. Researchers from CNRS in Paris created a true case of do-or-die, starving flies to the point where they must choose between switching off costly memory formation or dying. When flies are starved, their brains will block the formation of aversive long-term memories, which depend on costly protein synthesis and require repetitive learning. But that doesn’t mean all long-term memories are shut down. Appetitive long-term memories, which can be formed after a single training, are enhanced during a food shortage. Read 3 remaining paragraphs | Comments

More:
Starved brains kill memory-making to survive

Secret backdoors found in firewall, VPN gear from Barracuda Networks

A variety of firewall, VPN, and spam filtering gear sold by Barracuda Networks contains undocumented backdoor accounts that allow people to remotely log in and access sensitive information, researchers with an Austrian security firm have warned. The SSH, or secure shell, backdoor is hardcoded into “multiple Barracuda Networks products” and can be used to gain shell access to vulnerable appliances, according to an advisory published Thursday by SEC Consult Vulnerability Lab. “This functionality is entirely undocumented and can only be disabled via a hidden ‘expert options’ dialog,” the advisory states. The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username “product” with no Update: a “very weak” password to log in and gain access to the device’s MySQL database. While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda. Read 4 remaining paragraphs | Comments

More here:
Secret backdoors found in firewall, VPN gear from Barracuda Networks

MP3 files written as DNA with storage density of 2.2 petabytes per gram

The general approach to storing a binary file as DNA, described in detail below. Goldman et al., Nature It’s easy to get excited about the idea of encoding information in single molecules, which seems to be the ultimate end of the miniaturization that has been driving the electronics industry. But it’s also easy to forget that we’ve been beaten there—by a few billion years. The chemical information present in biomolecules was critical to the origin of life and probably dates back to whatever interesting chemical reactions preceded it. It’s only within the past few decades, however, that humans have learned to speak DNA. Even then, it took a while to develop the technology needed to synthesize and determine the sequence of large populations of molecules. But we’re there now, and people have started experimenting with putting binary data in biological form. Now, a new study has confirmed the flexibility of the approach by encoding everything from an MP3 to the decoding algorithm into fragments of DNA. The cost analysis done by the authors suggest that the technology may soon be suitable for decade-scale storage, provided current trends continue. Trinary encoding Computer data is in binary, while each location in a DNA molecule can hold any one of four bases (A, T, C, and G). Rather than using all that extra information capacity, however, the authors used it to avoid a technical problem. Stretches of a single type of base (say, TTTTT) are often not sequenced properly by current techniques—in fact, this was the biggest source of errors in the previous DNA data storage effort. So for this new encoding, they used one of the bases to break up long runs of any of the other three. Read 9 remaining paragraphs | Comments

Continued here:
MP3 files written as DNA with storage density of 2.2 petabytes per gram

Ken May

Tag: vanity-fair