Wednesday, April 30, 2014

Tankers carrying oil derail, catch fire in VA

Tankers carrying oil derail, catch fire in Va.


LYNCHBURG, Va. (AP) - Several CSX train cars carrying crude oil derailed and caught fire Wednesday along the James River, with three black tankers ending up in the water and leaking some of their contents, becoming the most recent crash involving oil trains that has safety experts pushing for better oversight.

Nearby buildings were evacuated for a time in downtown Lynchburg, but officials...

Read Full Story

Friday, April 11, 2014

LMI's OpenPolicy(tm) Wins Destination Innovation Competition

LMI’s OpenPolicy™ Wins NVTC Destination Innovation Competition - Semantic web search tool.

McLean, Va., April 10, 2014 — LMI, showcasing its OpenPolicy™ tool, won the most innovative technology award in the government category at Destination Innovation 2014. The event and award was the culmination of a months-long competition sponsored by the Northern Virginia Technology Council and The Washington Post. OpenPolicy is LMI’s solution to a growing problem—massive amounts of data and knowledge locked away within countless pages of unstructured written prose.

“We are thrilled to be recognized at Destination Innovation for OpenPolicy’s innovative, state-of-the-art use of semantic web standards, and are excited to continue making accessible the knowledge found within the millions of pages of government policy and regulation,” said project leader Gus Creedon, a program manager at LMI.
If today’s rudimentary search engines and file search tools are able to procure just 20 percent of the knowledge that’s out there, then extracting the remaining 80 percent is a critical requirement for those who need that information. OpenPolicy, with its groundbreaking use of existing Worldwide Web (W3C) semantic web standards, is that tool for revealing this hidden knowledge.
OpenPolicy is built by combining a blend of open source semantic software with a semantic triple-store database and custom application code. Instead of returning document names and their file locations, it innovates by returning complete paragraphs (semantic chunks) within documents. It searches hundreds of documents simultaneously. And the search uncovers synonyms, acronyms, and other concepts related to the search. You then expand the paragraph to view it in context within the document. Currently, OpenPolicy can index thousands of terms, phrases, and their variations, across tens of thousands of pages of text spread among scores of documents.


Pretty Cool.

The Internet Bug Bounty rewarded @neelmehta with a $15,000 bounty for the TSL heartbeat read oversrun, aka HeartBleed.

And then @neelmehta donated the reward to the Freedom of the Press Foundation.

Very Cool!


#6626 CVE-2014-0160

TLS heartbeat read overrun

Someone reported a bug to OpenSSL.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

Thursday, April 10, 2014

BrickFair LEGO Convention, August 2 - 3, 2014

BrickFair VA 2014 is 4 months away!
Join us Aug 2nd & Aug 3rd2014 at the Dulles Expo Center in Chantilly, VA.
Doors open 11:00am to 4:00pm.
Over 900 LEGO artists from across the country will exhibit LEGO models and games spread over 100,000 square feet.
$12 at the door. Visit

Wednesday, April 9, 2014

Emergency SSL/TLS Patching Under Way

Emergency SSL/TLS Patching Under Way

A "Heartbleed" flaw revealed in the OpenSSL library leaks the contents of memory, including passwords, source code, and keys.

The race is on to fix SSL-based websites and software in the wake of a newly revealed and dangerous flaw in the popular OpenSSL library for encrypting HTTP traffic, with nearly one-third of major websites potentially at risk.

OpenSSL released a patch yesterday for a read-overrun bug in its implementation of the Transport Layer Security protocol's "heartbeat" extension, an extension to the protocol that checks on the site to which it is connecting to ensure it's connected and can respond. If exploited, the bug leaks the contents of the memory from the server to the client and vice versa, potentially exposing passwords and other sensitive data and, most alarmingly, the SSL server's private key. OpenSSL Versions 1.0.1 and 1.0.2 beta are affected by the vulnerability, which was discovered by security researchersat Google and Codenomicon.