The defense representing accused Wikileaks leaker Bradley Manning reports that visits to Manning in army detention will be allowed by Congressman Dennis Kucinich, Juan Mendez (the United Nations Special Rapporteur on Torture), and a representative from Amnesty International—but they will be “subject to Brig monitoring.” (via Kevin Poulsen)
From the Sunlight Foundation: “Data.gov, USASpending.gov, the IT Dashboard and other federal data transparency and government accountability programs are facing a massive budget cut, despite only being a tiny fraction of the national budget. Help save the data and make sure that Congress doesn’t leave the American people in the dark.” (via Kevin Werbach)
The office of NASA’s Inspector General released a report this week titled “Inadequate Security Practices Expose Key NASA Network to Cyberattack,” which details pretty much what it says on the tin: the International Space Station, the Hubble telescope, the space shuttle, and other key assets were made vulnerable back in 2009 when hackers penetrated the NASA computer network that controls them.
The vulnerabilities have since been addressed, but NASA still lacks a recommended cybersecurity oversight progam to reduce future risks.
Also in 2009, hackers stole 22 gigabytes of export-controlled data from the Jet Propulsion Laboratory and opened links between the NASA network and 3,000 foreign IP addresses.
NASA has closed the worst holes in its system, according to the audit released Monday, but other risks will remain until NASA establishes IT safeguards for the entire agency. NASA says it will do that by the end of the fiscal year Sept. 30. NASA said in a statement Tuesday that its chief information officer will work with NASA centers, including Huntsville’s Marshall Space Flight Center, to make sure computers are secure.
And more about the past intrusions, directly from the NASA Inspector General’s report:
Oil giant BP reports that an employee lost a laptop containing personal data for 13,000 people seeking compensation for the 2010 Gulf oil spill. The data included SSNs, phone numbers, and other identifying info; it wasn’t encrypted, and the circumstances in which the device was lost aren’t clear. BBC, CNN, AP.
“Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet.”Interactive map here, article here, in Die Zeit (English). A related New York Times item is here.
“A Libyan woman burst into the hotel housing the foreign press in Tripoli Saturday morning and fought off security forces as she told journalists that she had been raped and beaten by members of the Qaddafi militia. After nearly an hour, she was dragged away from the hotel screaming.” (New York Times)
Her name is Eman al-Obeidy. CNN’s Nic Robertson was present, and his tweeted account is screengrabbed here. “CNN camera was violently snatched, systematically smashed to pieces and video footage stolen,” he wrote. “Some journalists were beaten in blatant display of regime thuggery.”
“Journalists are demanding to see her. David Kirkpatrick of the New York Times and I went to officials in charge who claimed they don’t know who took her, or where she was taken.”
Japan’s nuclear safety agency (NISA) today raised the level of the crisis at the Fukushima nuclear plant from level 4 (local consequences) to level 5 (wider consequences, same level as Three Mile Island), on the 7-point scale* created by the International Atomic Energy Agency (IAEA).
NISA’s assessment was declared retroactive to Tuesday.
* Okay, 8 levels if you include the “zero” default.
PHOTO: The damaged Fukushima Daiichi Power Plant in Fukushima is seen in this DigitalGlobe satellite image, taken March 18, 2011. About 300 workers are racing against time to restore power and cooling systems to the six reactors at Fukushima Daiichi and try to avert the biggest nuclear catastrophe since Chernobyl in 1986. Japan has entered its second week after a 9.0-magnitude earthquake and 10-metre (33-foot) tsunami flattened coastal cities and killed thousands of people.
Saudi Arabia will split its security forces, lately much occupied with suppressing protest at home, and will send them to Bahrain to help put down the popular uprising there.
Witnesses said security forces surrounded the protesters’ tent compound, shooting tear gas and rubber bullets at the activists in the largest effort to clear the square since a crackdown last month that left four dead after live ammunition was fired.
Activists tried to stand their ground yesterday and chanted “Peaceful, peaceful” as the crowd swelled into thousands, with protesters streaming to the square to reinforce the activists’ lines, forcing the police to pull back by the early afternoon.
At Bahrain University, Shia demonstrators and government supporters held competing protests that descended into violence when plainclothes pro-government backers and security forces forced students blocking the campus main gate to seek refuge in classrooms and lecture halls, the Associated Press reported.
- Glued to events in Libya, Yemen and Bahrain – Boing Boing
- Music download analysis reveals mood of Bahrain 'Triumphant …
- Bahrain: anti-government protests continue despite brutal …
- Bahrain: in protest crackdown, regime appears to have tightened …
- Bahraini army murders peaceful demonstrators – Boing Boing
Security researches at UCSD and UWash have been looking at advanced ways of making mischief with computerized automotive systems, from messing with Bluetooth to inserting malware into the diagnostic tools. The most baroque and interesting attack they’ve demonstrated, though, uses a malformed MP3 that exploits a bug in the sound system (I’m assuming some sort of buffer overflow). Once they’re in, the researchers have been able to control the car’s locks, speedometer, brakes and engine.
They found lots of ways to break in. In fact, attacks over Bluetooth, the cellular network, malicious music files and via the diagnostic tools used in dealerships were all possible, if difficult to pull off, Savage said. “The easiest way remains what we did in our first paper: Plug into the car and do it,” he said.
But the research shows how completely new types of automotive attacks could be on the horizon. For example, thieves could instruct cars to unlock their doors and report their GPS coordinates and Vehicle Identification Numbers to a central server. “An enterprising thief might stop stealing cars himself, and instead sell his capabilities as a service to other thieves,” Savage said. A thief looking for certain kinds of cars in a given area could ask to have them identified and unlocked, he said.
- Car immobilizers cracked due to crappy proprietary crypto – Boing …
- Ford demos car-to-car networking for traffic-shaping: can you …
- Burgers, Fries, 'n' WiFi: The first Los Angeles area Wardrive-in …
- Tales of a bike messenger / acid head – Boing Boing
- Prediction of the Automotive Future [UPDATE] [UPDATED] – Boing Boing
- Working Medeco high-security keys can be whittled out of plastic …
In Wired’s Threat Level blog, a three-part series on the technology and politics surrounding those “nude body scanners” introduced to a number of American airports last year. “Court Likely to Uphold Constitutionality of ‘Nude’ Airport Scanners,” and “‘Nude’ Airport Scanners: Are They Safe?,” and “Airport ‘Nude’ Body Scanners: Are They Effective?.”