California needs to mandate mens public urinals to be water-free!

Ok, I just got done reading that California is facing even more pressure to save water. The best thing I think the state could do is mandate the replacement of all men’s urinals to the latest waterfree technologies. The stats that I have seen is that each one can save on average 40,000 gallons a year under normal office building use. I can’t imagine why this wouldn’t be something that gets mandated immediately, and NO grandfathering please!

http://news.yahoo.com/californias-catastrophic-drought-just-got-worse-lot-worse-181115468.html




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Garmin tackles ‘misinformation’ on hacking aircraft avionics

http://www.aopa.org/News-and-Video/All-News/2014/June/18/Garmin-tackles-misinformation-on-hacking-aircraft-avionics.aspx By AOPA ePublishing staff June 18, 2014 With much publicity the past several months focusing on hacking and security breaches—in the media, TV shows, and movies—Garmin is setting the record straight on the myths around one such possible breach: hacking aircraft avionics. Garmin, an industry leader in aviation avionics, said in a blog posted June 17 that avionics manufacturers take numerous measures to ensure that avionics are safe and secure for pilots to use. Garmin said that its software runs on proprietary operating systems “that would make it much more difficult to successfully accomplish an attack,” and that “proprietary protocols, data input validations, and other mitigations are in place to prevent viruses or malware from infecting, or affecting, our equipment.” In addition, avionics manufacturers perform safety assessments on what could happen in an aircraft if the avionics data were corrupted, deliberately or not, and then develop mitigations for those possibilities before they go through equipment certification. And, all avionics are able to be overridden by the pilot, if he or she determines the aircraft is not doing what was intended. In many cases, pilots also must validate that their flight plan information is uploaded correctly and accept it before using it for active navigation. These actions help prevent input mistakes by the pilot as well as enhance security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Microsoft: NSA security fallout ‘getting worse, ‘ ‘not blowing over’

http://www.theregister.co.uk/2014/06/19/microsoft_nsa_fallout/ By Jack Clark The Register 19 Jun 2014 Microsoft’s top lawyer says the fallout of the NSA spying scandal is “getting worse,” and carries grim implications for US tech companies. In a speech at the GigaOm Structure conference in San Francisco on Thursday, Microsoft general counsel Brad Smith warned attendees that unless the US political establishment figures out how to rein in its spy agencies, there could be heavy repercussions for tech companies “What we’ve seen since last June is a double-digit decline in people’s trust in American tech companies in key places like Brussels and Berlin and Brasilia. This has put trust at risk,” Smith said. “The longer we wait or the less we do the worse the problem becomes,” he explained. “We are seeing other governments consider new procurement rules – procurement rules that could effectively freeze out US-based companies.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] IRS, Hartford police conducting criminal investigation on Access Health data breach

http://ctmirror.org/irs-hartford-police-conducting-criminal-investigation-on-access-health-data-breach/ By Arielle Levin Becker The CT Mirror June 19, 2014 The Internal Revenue Service and Hartford police are conducting a criminal investigation of the data breach involving information on clients of Connecticut’s health insurance exchange. But an exchange official said Thursday that the cause was most likely a mistake by a call center worker. The breach occurred two weeks ago after a worker at the exchange’s call center put notepads containing callers’ names, birth dates and Social Security numbers into a backpack and left the call center. The backpack was later discovered outside a Hartford deli, where the worker had been waiting for a ride. He told officials with Maximus, the company that runs the call center, that he’d accidentally left without the bag. It was a policy violation for the worker to take personally identifiable information out of the office, said Virginia Lamb, general counsel of Access Health CT, the state’s exchange. “He did have his reasons,” she told members of the exchange’s board during a meeting Thursday. “He didn’t have at the time a place to lock up his data. He put it in his backpack.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] USENIX: Unstable code can lead to security vulnerabilities

http://www.computerworld.com/s/article/9249246/USENIX_Unstable_code_can_lead_to_security_vulnerabilities By Joab Jackson IDG News Service June 19, 2014 As if tracking down bugs in a complex application isn’t difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn’t understand, often without alerting the programmer of the missing functionality. The code that can lead to this behavior is called optimization-unstable code, or “unstable code,” though it is more of a problem with how compilers optimize code, rather than the code itself, said Xi Wang, a researcher at the Massachusetts Institute of Technology. Wang discussed his team’s work at the USENIX annual technical conference, being held this week in Philadelphia. With unstable code, programs can lose functionality or even critical safety checks without the programmer’s knowledge. That this problem is only now coming to the attention of researchers may mean that many programs considered as secure, especially those written in C or other low-level system languages, may have undiscovered vulnerabilities. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CircleCityCon: The missing update

http://www.csoonline.com/article/2365184/security-industry/circlecitycon-the-missing-update.html By Steve Ragan Salted Hash CSO June 19, 2014 Last weekend, 240 people attended CircleCityCon, Indianapolis’ first major security conference. It was an amazing time, offering a chance to lean form a wide range of professionals. There were more than thirty talks recorded at the event, thanks to Adrian Crenshaw (@irongeek_adc) and his team of volunteers. Salted Hash has included some of the videos below, but all of them are worth a look. In fact, Irongeek has recorded hundreds of talks over the years, and his archive of security footage is impressive. Today’s post serves as an update to my coverage of CircleCityCon, but it’s also the tale of how I learned an important lesson. This post, and the future articles based on the talks from this year’s CircleCityCon, almost didn’t happen. On Monday morning, my mobile office (a ThinkPad T430s) fizzled out. At first, it was determined that the video card had died, but once that was fixed, the system was still hosed. Ultimately, it was a RAM issue. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] At least 32, 000 servers broadcast admin passwords in the clear, advisory warns

http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/ By Dan Goodin Ars Technica June 19, 2014 An alarming number of servers containing motherboards manufactured by Supermicro continue to expose administrator passwords despite the release of an update that patches the critical vulnerability, an advisory published Thursday warned. The threat resides in the baseboard management controller (BMC), a motherboard component that allows administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. Unpatched BMCs in Supermicro motherboards contain a binary file that stores remote login passwords in clear text. Vulnerable systems can be detected by performing an Internet scan on port 49152. A recent query on the Shodan search engine indicated there are 31,964 machines still vulnerable, a number that may not include many virtual machines used in shared hosting environments. “This means at the point of this writing, there are 31,964 systems that have their passwords available on the open market,” wrote Zachary Wikholm, a senior security engineer with the CARInet Security Incident Response Team. “It gets a bit scarier when you review some of the password statistics. Out of those passwords, 3,296 are the default combination. Since I’m not comfortable providing too much password information, I will just say that there exists a subset of this data that either contains or just was ‘password.'” A separate blog post from security training institute Sans confirmed the contents of the advisory. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Cybercriminals Zero In on a Lucrative New Target: Hedge Funds

http://bits.blogs.nytimes.com/2014/06/19/cybercriminals-zero-in-on-a-lucrative-new-target-hedge-funds/ By Nicole Perlroth Bits The New York Times June 19, 2014 They say crime follows opportunity. Computer security experts say hedge funds, with their vast pools of money and opaque nature, have become perfect targets for sophisticated cybercriminals. Over the past two years, experts say, hedge funds have fallen victim to targeted attacks. What makes them such ripe targets is that even as hedge funds expend millions in moving their trading operations online, they have not made the same investment in security. The latest evidence comes in the form of a new report Wednesday from BAE Systems, a computer security firm, that an unnamed hedge fund lost millions of dollars after criminals installed malware on its trading systems late last year. The malware was designed to insert a lag time in the hedge fund’s trading system and record the details of orders, so the attackers could trade on the information themselves. According to BAE Systems, the attack began with a so-called spearphishing email, which contained links purporting to be about capital markets. Once they were clicked, an employee inadvertently downloaded malware onto a computer that gave criminals deeper access to the fund’s trading systems. The attack was noticed only after the fund’s analysts and tech staff discovered the lag times in its algorithmic trading strategy and abnormal file movement on its network. The breach, which was first reported by CNBC, cost the fund millions of dollars in recovery, according to BAE Systems, which did not name the fund. But security experts say the crime is hardly new. “Hedge funds have been victims of targeted cyberattack over the past two years,” said Tom Kellermann, the chief cybersecurity officer at TrendMicro. “Hedge funds are woefully undersecured. The lack of investment in their cybersecurity has placed them in the line of fire.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail