Ikea Patched for Shellshock by Methodically Upgrading All Servers

Posted on by

Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.”

It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.

Source: Ikea Patched for Shellshock by Methodically Upgrading All Servers

Scientists Have Broken One of the Biggest Limits in Fibre Optic Networks

Posted on by

Essentially what the UC San Diego researchers did was to develop a system (frequency comb) that acts a bit like a concert conductor, which is the person responsible for tuning multiple instruments in an orchestra to the same pitch at the beginning of a concert.

The engineers then used this comb to synchronize the frequency variations of the different streams of optical information (optical carriers), which can compensate in advance for the crosstalk interference (this will be familiar to those who have been reading about FTTC / VDSL2 Vectoring technology on copper cables) that can occur between multiple communication channels within the fibre optic cable. The frequency comb also ensures that the crosstalk interference is reversible.

Source: Scientists Have Broken One of the Biggest Limits in Fibre Optic Networks – ISPreview UK

Major internet providers slowing traffic speeds for thousands across US

Posted on by

In Atlanta, for example, Comcast provided hourly median download speeds over a CDN called GTT of 21.4 megabits per second at 7pm throughout the month of May. AT&T provided speeds over the same network of ⅕ of a megabit per second. When a network sends more than twice the traffic it receives, that network is required by AT&T to pay for the privilege. When quizzed about slow speeds on GTT, AT&T told Ars Technica earlier this year that it wouldn’t upgrade capacity to a CDN that saw that much outgoing traffic until it saw some money from that network (as distinct from the money it sees from consumers).

Source: Major internet providers slowing traffic speeds for thousands across US | Technology | The Guardian

Help, I’m Trapped in Facebook’s Absurd Pseudonym Purgatory

Posted on by

omeone reported my account as pseudonymous, and Facebook kicked me out. To get back in, I must provide various forms of identification proving the authenticity of my username. I’m not going to.

I am one of many casualties of Facebook’s recently rejiggered “authentic name” policy, wherein anonymous users can report a name as fake and trigger a verification process.

Source: Help, I’m Trapped in Facebook’s Absurd Pseudonym Purgatory | WIRED

You get what you pay for.

Encryption “would not have helped” at OPM, says DHS official

Posted on by

But when pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, she said, “It is not feasible to implement on networks that are too old.” She added that the agency is now working to encrypt data within its networks.

Source: Encryption “would not have helped” at OPM, says DHS official | Ars Technica

A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root.

Rosetta’s lander Philae wakes up from hibernation

Posted on by

For 85 seconds Philae “spoke” with its team on ground, via Rosetta, in the first contact since going into hibernation in November.

Source: Rosetta’s lander Philae wakes up from hibernation | Rosetta – ESA’s comet chaser

Now the scientists are waiting for the next contact.  There are still more than 8000 data packets in Philae’s mass memory which will give the DLR team information on what happened to the lander in the past few days on Comet 67P/Churyumov-Gerasimenko.

Short recap:  Philae is the craft that landed on the comet and Rosetta is circling about being the direct link to the lander kind of like how Apollo missions operated for manned moon landings.  Both Philae and Rosetta travelled to the comet together and then 211 days ago Rosetta launched Philae onto the surface of the comet where it bounced funny landing next to a cliff that blocked sunlight to its solar panels.  Apparently it now has gathered enough juice to be somewhat operational.  This is quite an amazing feat involving every STEM discipline from mathematics to rocket science.

I wonder if they’ll reconsider shutting down this program as mentioned here.

xkcd has been all over this story from the landing;  From: http://xkcd.com/1446/

Chinese hack compromised security-clearance database

Posted on by

Last week, the OPM announced that a database containing the personal information of about 4 million current and former federal employees was hacked. Privately, U.S. officials said the Chinese government was behind the breach. The administration has not publicly pointed a finger at Beijing.

Source: Chinese hack compromised security-clearance database – The Washington Post

I’m surprised the Washington Post continues with this Chinese narrative as there has been no official condemnation of China over this and determining the true source of an intrusion is extremely difficult if not impossible in many cases.  They still haven’t caught the culprits in the Target and Home Depot data breaches.  The list of suspects with motive to obtain this kind of data is probably quite long so it’s irresponsible to assume a guilty party before any evidence has been leaked.  No doubt consultants are working furiously tracing log records but at least wait until there is something concrete.  The Washington Post is an institution with top notch journalists so they should know better.

And here’s the blurb that made me laugh.

Offensive actions might include directing a U.S. agency to locate the servers holding the stolen data and deleting or altering the data, the former official said.

Haha.  Like whoever did this wouldn’t have backups 6 ways to Sunday of every bit gathered.  There’s no way to delete anything digital once it’s out in the ether.  Why would anyone publish a statement like that?  The only thing an offensive cyber attack can accomplish is making the US government behave like the criminals who they denounce.

A400M probe focuses on impact of accidental data wipe

Posted on by

Computers operating each engine cannot work if this data, which is unique to each of the turboprops, is missing.

Source: Exclusive: A400M probe focuses on impact of accidental data wipe | Reuters

Under the A400M’s design, the first warning pilots would receive of the engine data problem would be when the plane was 400 feet (120 meters) in the air, according to a safety document seen by Reuters. On the ground, there is no cockpit alert.

Sounds like these data files became a single point of failure.