Staff at bases in North Dakota, Wyoming and Montana had to send the toolkit to each other via FedEx, the review found. Mr Hagel said that problem had now been rectified.
Inspectors reportedly ignored the fact that ageing blast doors at nuclear silos would no longer seal shut.
On staffing, the reviews found that a culture of micromanagement and extreme exam-testing distracted from major problems with equipment and nuclear readiness.
Here we look at what to expect from the next Fitbit tracker, when it will be available, and what it will cost. We're basing our report on the latest rumours and leaks, historical data, rival trackers, and recent Fitbit trademark applications for a Fitbit Surge, Fitbit Charge and PurePulse. In what may be no coincidence, just weeks after the razzmatazz unveiling of the Apple Watch, first Gizmodo then The Verge suddenly get leaked information each on one of the new trackers.
Gird your loins, sysadmins: The Register has learned that news of yet another major security vulnerability - this time in SSL 3.0 - is probably imminent.
Maintainers have kept quiet about the vulnerability in the lead-up to a patch release expected in in the late European evening, or not far from high noon Pacific Time.
Details of the problem are under wraps due to the severity of the vulnerability.
To that end it is unknown what platforms were impacted, but as SSL is very widely used any flaw will require plenty of urgent attention ... and probably be unwelcome news to a tech community already reeling from the recent Shellshock vulnerability in Bash and the Heartbleed flaw.
The SSL flaw won't be the only thing keeping security bods and system administrators busy. A dangerous worm has been discovered exploiting a zero-day flaw (CVE 2014-4114) in all versions of Microsoft Windows and Server 2008 and 2012.
From:
According to the rules of the contest, an entry wasn't considered valid unless the contestant also showed proof of disclosure to the manufacturer. Here's a full list of routers in which 0-days were reported in Track 0, along with our current understanding of the fix in progress:
For details please see the full contest results.
OMB added this new requirement for DHS to scan civilian agency networks in the aftermath of the Heartbleed vulnerability. During that time, DHS had to get permission from agencies to scan their networks, which delayed its mitigation strategy by a few days.
DHS made it clear in May during a House hearing that it needed Congress to give it more authorities to scan agency networks.
Andy Ozment, the assistant secretary of the Office of Cybersecurity and Communications in DHS, told Federal News Radio in an interview before OMB issued the FISMA guidance that when DHS doesn't have the explicit authorities that it needs and Congress wants them to have, it makes everything harder.
Until just a few weeks ago, executives at JPMorgan said they believed that only one million accounts were affected, according to several people with knowledge of the attacks.
As the severity of the intrusion — which began in June but was not discovered until July — became more clear in recent days, bank executives scrambled for the second time in three months to contain the fallout and to reassure skittish customers that no money had been taken and that their financial information remained secure.
The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan's computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank's systems, according to several people with knowledge of the results of the bank's forensics investigation, all of whom spoke on the condition of anonymity.
That's according to a new report by the Centers of Disease Control and Prevention, aimed to encourage Americans to get vaccinated now. The flu kills up to approximately 36,000 people each year, but less than half of the population gets an annual flu shot. That's something the CDC wants to change.
On Tuesday afternoon, Apple issued a statement calling the security debacle a "very targeted attack on user names, passwords and security questions." It added that "none of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone."
But the conversations on Anon-IB make clear the photo-stealing attacks aren't limited to a few celebrities. And Zdziarski argues that Apple may be defining a "breach" as not including a password-guessing attack like iBrute. Based on his analysis of the metadata from leaked photos of Kate Upton, he says he's determined that the photos came from a downloaded backup that would be consistent with the use of iBrute and EPPB. If a full device backup was accessed, he believes the rest of the backup's data may still be possessed by the hacker and could be used for blackmail or finding other targets. "You don't get the same level of access by logging into someone's [web] account as you can by emulating a phone that's doing a restore from an iCloud backup," says Zdziarski. "If we didn't have this law enforcement tool, we might not have the leaks we had."
The problem, according to the IG, is that the Army has failed to comply with a variety of federal laws that require agencies to standardize reporting and prepare auditable financial statements.
"This occurred because DOD and Army management did not have adequate controls, including procedures and annual reviews, in place to ensure GCSS-Army compliance with Treasury and DOD guidance," the IG report concludes.
"Although Army personnel have been responsive to correcting deficiencies identified during the audit, the Army has spent $725.7 million on a system that still has significant obstacles to overcome" to comply with federal financial reporting laws.
"What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases." says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? The point is: we don't really know whose they are."
Baseband attacks are considered extremely difficult – the details of the chips are closely guarded. "Interceptors" are costly devices – and hacking baseband chips is thought to be technically advanced beyond the reach of "ordinary" hackers, ESD says. The devices vary in form, and are sold to government agencies and others, but are computers with specialized software designed to defeat the encryption of cellphone networks. The towers target the "Baseband" operating system of cellphones – a secondary OS which sits "between" iOS or Android, for instance, and the cellular network.
...One site frequented by DeFoggi was PedoBook, hosted by Aaron McGrath—a Nebraska man who was convicted earlier for his role in the operations. The websites were only accessible to users who installed Tor on their browsers. DeFoggi used names such as "fuckchrist" and "PTasseater" to register on the sites, where he could view more than 100 videos and more than 17,000 child porn images.
The FBI seized McGrath's site in late 2012 after monitoring him for a year. Then they kept it up and running for several more weeks, gathering private communications from DeFoggi and other users. The FBI used "various investigative techniques… to defeat the anonymous browsing technology afforded by the Tor network."...
More:
George Zimmerman Arrested While Visiting Ferguson - National Report
Zimmerman is heard yelling something again, and finally the teens stop. One of the teens rather articulately asks Zimmerman to leave him, his friend, and his town, alone. "Sir, sir, we don't… we don't have an issue with you, sir. Please leave us alone," the younger teenager says in the video, while Zimmerman continues to rant about something in the background. "Mr. Zimmerman, I don't know why you're here in Ferguson, but It's pretty damn insensitive, you showing up here. This town's been through enough already, we don't need you here intensifying things, okay? And my friend and I didn't say anything to you."
"I have a right to be here. It's a free country, we're on a public street," Zimmerman angrily says to the teens. "Why were you following me? Why were you harassing me?"
"We did no such thing, Mr. Zimmerman. You were leaving the store and we saw you and crossed the street," the younger teen replies. "You followed us for a whole block. We said nothing to you and we were not following you."
Police in Ferguson, Missouri, once charged a man with destruction of property for bleeding on their uniforms while four of them allegedly beat him.
"On and/or about the 20th day of Sept. 20, 2009 at or near 222 S. Florissant within the corporate limits of Ferguson, Missouri, the above named defendant did then and there unlawfully commit the offense of 'property damage' to wit did transfer blood to the uniform," reads the charge sheet.
The Make-vs-Buy Question
The question every IT executive must answer is whether it's worth a $20+ million investment to build, own and operate a facility, which is probably still not state-of-the-art, but merely much sufficient for future needs and much better than existing facilities? Or would it be better to lease space in a veritable data center superstore that provides higher efficiency, better physical and perimeter network security, ample room for growth and far better network connections to major ISPs, wireless carriers and cloud services? I contend that for IT organizations both large and small, owning, operating, maintaining and upgrading data centers yields no significant business advantage and is a waste of IT capital and effort.
Why the changeover? Here's a crazy statistic: Almost half of the world's credit card fraud now happens in the United States—even though only a quarter of all credit card transactions happen here. The banks want to rein this in ASAP by moving away from magnetic-stripe cards, which are much easier to counterfeit. The recent Target and Neiman Marcus security breaches also added motivation.
Malware originally developed for government espionage is now in use by criminals, who are bolting it onto their rootkits and ransomware.
The malware, dubbed Gyges, was first discovered in March by Sentinel Labs, which just released an intelligence report outlining their findings. From the report: "Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime."
Run programs up to 100x faster than Hadoop MapReduce in memory, or 10x faster on disk.
Spark has an advanced DAG execution engine that supports cyclic data flow and in-memory computing.
The newly discovered exoplanet, labeled Gliese 832c, has an orbital period of 35.68 days, a mass 5.4 times that of Earth's and receives about the same average energy as Earth does from the Sun.
Gliese 832c might have Earth-like temperatures, albeit with large seasonal shifts, given a similar terrestrial atmosphere.
"If the planet has a similar atmosphere to Earth it may be possible for life to survive, although seasonal shifts would be extreme," Prof Tinney said.
Lorrie Cranor designed some fabric with the most common passwords, out of which she also made this dress! You can read more about it and her password quilt on her site. via @JuliaAngwin
People from all around the world come to snorkel with manatees in Crystal River. For just $45.00, all gear is included, mask, snorkel, fins and wetsuit. You will embark on one of our covered, U. S. Coast Guard inspected boats for the most amazing in water experience; to swim with the manatees. Our in water guides, all U.S. Coast Guard Licensed Captains, will take you into the Crystal River National Wildlife Refuge to the best locations for viewing and snorkeling with these friendly, curious and slow moving and gentle giants.
The Raspberry Pi has been the darling of the homebrew hacking and modding community since its launch more than two years ago.
Creative tinkerers have used the $35 Linux board tocook up talking mirrors, drones and automated book readers. The volume of creations has shown the appetite among the maker community for low-cost, energy sipping and versatile boards like the Pi.
While small board computers predate the Pi the market for boards and small form factor PCs is increasingly crowded with machines that bake-in features or performance not offered by the Pi.
Here are five alternatives that attempt to deliver something more than the Pi.
So what did I do?– I turned to the wonderful world of opensource software. FreeRDP is an awesome project started by Awake Coding aka Marc-André Moreau. It is still in development so bugs and missing documentation are to be expected. This tutorial will show you how to compile and use FreeRDP to connect through an RD Gateway to a terminal server from Ubuntu 13.10 32 bit.
"It's hard for tech people--even middle manager on up to senior managers--to think the way that the business thinks," she points out. "They tend to explain things from their own perspective."
These days, the ideal IT manager is seen as someone deeply technical yet business savvy, wonderfully communicative and, of course, a strategic thinker. In other words, as mythic a creature as a unicorn. "This talent issue is hardly new," writes Stephanie Overby in our cover story ("CIOs Struggle with the Great Talent Hunt"). "IT leaders have preached the importance of the blended IT professional for years. But after a decade, it's clear that help is not on the way."
One emerging technology that can reinforce Bring Your Own Device (BYOD) security is mobile identity management. Some vendors refer to it as mobile identity management and authentication. I've even seen some analysts go as far as calling it Bring Your Own Identity.
Mobile identity management creates a digital identity for mobile users that can function as a focal point for mobile security. It's a great addition to your existing BYOD security stack of:
Here are three ways mobile identity management can improve your BYOD security.
To clean up the mess, Schumer proposed a seven-point makeover of the agency, which would include:
"crossystem dev_boot_usb=1" Target CEO Gregg Steinhafel's departure from the retailer following a massive data breach that damaged the company's reputation could be a watershed moment for information technology and business alignment.
Simply put, IT is your business and massive failures even cost the big dogs their jobs. Technology execs have worried about business alignment forever. Stop worrying because business and IT are aligned. If IT blows up---or 110 million customer accounts are breached---so does the business.
Virginia – A research center complete with a huge 3D wall and full conference center.
Architect: Gensler
LYNCHBURG, Va. (AP) - Several CSX train cars carrying crude oil derailed and caught fire Wednesday along the James River, with three black tankers ending up in the water and leaking some of their contents, becoming the most recent crash involving oil trains that has safety experts pushing for better oversight.
Nearby buildings were evacuated for a time in downtown Lynchburg, but officials...
McLean, Va., April 10, 2014 — LMI, showcasing its OpenPolicy™ tool, won the most innovative technology award in the government category at Destination Innovation 2014. The event and award was the culmination of a months-long competition sponsored by the Northern Virginia Technology Council and The Washington Post. OpenPolicy is LMI’s solution to a growing problem—massive amounts of data and knowledge locked away within countless pages of unstructured written prose.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
 | |
| BrickFair VA 2014 is 4 months away! Join us Aug 2nd & Aug 3rd, 2014 at the Dulles Expo Center in Chantilly, VA. Doors open 11:00am to 4:00pm. Over 900 LEGO artists from across the country will exhibit LEGO models and games spread over 100,000 square feet. $12 at the door. Visit www.BrickFair.com/VA. | |
The race is on to fix SSL-based websites and software in the wake of a newly revealed and dangerous flaw in the popular OpenSSL library for encrypting HTTP traffic, with nearly one-third of major websites potentially at risk.
OpenSSL released a patch yesterday for a read-overrun bug in its implementation of the Transport Layer Security protocol's "heartbeat" extension, an extension to the protocol that checks on the site to which it is connecting to ensure it's connected and can respond. If exploited, the bug leaks the contents of the memory from the server to the client and vice versa, potentially exposing passwords and other sensitive data and, most alarmingly, the SSL server's private key. OpenSSL Versions 1.0.1 and 1.0.2 beta are affected by the vulnerability, which was discovered by security researchersat Google and Codenomicon.
http://www.darkreading.com/vulnerabilities---threats/emergency-ssl-tls-patching-under-way/d/d-id/1204282
NASA Mars Science Laboratory Curiosity Rover
"Then go talk to them. Make it your goal to make that one person feel more comfortable. Then you'll feel more comfortable too."
Try it. If it's painful to mingle, if it's awkward to make small talk, use those feelings in a positive way. Turn sympathy for yourself into empathy for another. Go rescue someone.
Just introduce yourself to people and ask a basic question: what they do, where they're from, why they're attending. You don't need to be a conversational genius. The people you rescue won't notice. They'll be too busy feeling less like wallflowers and more like people who belong--and they will always remember that it was you who made them feel that way.
More:This collaborative relationship seeks to educate the public and private sectors on the increasing risk posed by counterfeits, and encourage the development and fielding of preventive measures.
LMI has deep supply chain consulting and inventory management experience for the military and across the federal government. APDN invests in industry-leading research and provides a variety of authentication solutions to both commercial and government clients.
"Supply chains critical for commerce and security are under attack. In the electronics arena, remarking, cloning, and manufacture from salvaged die are creating increasingly sophisticated counterfeits. Industry and public sector users alike are struggling to ensure authentic components in this flood of fakes," said Joe Doyle, senior consultant for LMI. A cutting edge technology company in this space working with a leading supply chain consultancy is just the sort of collaboration that can make a difference, Doyle added.
[–]the_skys_kidRHODESIA WAS SUPER! 2284 points agox7